With all the hype around cyber security and the high salaries it brings to the table, of course, you are taking this carrier path under consideration. so did I not long ago, let me tell you the road to getting my first job was a mess. I was all over the place with no real good answer for how to learn cybersecurity on your own.
so hopefully you will find this mega post helpful and it will allow you to understand the field in a way you can make the right decisions for you and not go along a path you have no understanding of where it will end.
Remember to add this post bookmarks so you can use it later again 😀
How to learn
This is probably to most important information in this article so make sure you read it, and take it to heart. I divided the learning process to 3 main ideas so you can understand how to build your own syllabus if one of my preset paths doesn’t fit you.
The mindset is fairly simple to understand but it is very hard for some to accept, You are alone. this might be scary at first but it is essential to becoming successful in this field. there is no one teacher that can teach you cybersecurity and there is no one school that can because there is too much information. most schools and courses that teach cybersecurity will teach you the fundamentals and let you build on it yourself and learn the nuances of each subject. because if not, the course will literally be never-ending.
So you need to learn to learn by yourself and become an autodidact and if you believe you cant do it, you might as well not try. you need to believe that you can learn by yourself, and understand that nothing can stop you no matter how complicated because you are going to run into things that are so mind-bending that you might want to burst into tears or smash your screen in. but that is just the mindset you need to learn this field.
I paid 8,000 $ for a course to understand that I will need to buy another 500$ worth of courses that go into the specific subjects. and it didn’t stop there these courses for 500$ made me work even more to understand that I need to learn the nuances of the sub-subjects as well.
A nice metaphor for learning cybersecurity is like trying to chase a rabbit down its hole but once you think you get to the end of the hole there are another 17 holes to go down.
To summarize you need to learn to learn alone, and understand the topic is never ending so learn what you need for that moment and time and move on. if going down the rabbit hole is needed to gain further understanding do it.
If you want to learn how to learn I would tell you to go and buy the book ultra learning by Scott H. Young, it’s just an amazing book, it will help you so much in learning this subject and other subjects in life.
Proactive practice and CTFs
Behold the pyramid of learning
this pyramid shows the percent of the information that will stick to your long-term memory in different forms of learning. as you can see proactive methods will help you keep most of the information that you learned. so try to keep yourself at the “practice by doing” layer and “teaching others” layers. ill explain how to do both.
if you are learning or going to start after this post you will hear about this alllllloooott.
CTF stands for capture the flag, there are many websites that allow you to do this in order to learn by doing. there are a variety of different methods but generally, you get an objective for example to hack a windows computer that is hosted by the website, and by asking you leading questions, and you trying to figure out how to solve them, you learn. and boy is this effective. I will cover this in more depth further down the post.
Learning by teaching
Most of you won’t have a partner to learn with unless you are in a course or school together, so if you have one that’s great try and teach each other but if you don’t you can do the following.
Do writeups, all you need to do is open your notebook or a note-taking software, I would recommend software since you will probably what to re-read all the stuff you wrote sometime in the future. and when you solve a CTF just write according to the following framework:
- summarize what you did to solve it
- list all the sources you used to get the answers
- go in-depth and tell the story of exactly what was your thinking process and how you solved the problem
- list topics that you would like to learn further
- explain and give examples of all the software/scripts you used
create your own syllabus
later in this thread, I will discuss the different pathways you can take in cybersecurity; so you can use that to help you understand how to build your syllabus. when creating your syllabus you will need to think goal-oriented, find the end job in cybersecurity you want to learn, then ask yourself what do I need to know? and write that down, that will take a bit of research, or just go to a Udemy course and check a random high rated course’s syllabus and build on top of that.
keep in mind that aside from fundamentals, you will need to create a syllabus that is based on a need-to-know basis, meaning that you shouldn’t spend your time learning around a certain subject because you will get lost very quickly.
Understanding what is cyber security & its prerequisites
the most important thing for you to first understand is that cybersecurity is not a
job it’s a field! a very very VERY broad field with many sub-niches. I will try and cover the main ones and some outliers as best as I can.
Cybersecurity is built on everything! let that sink in.
The job of a cybersecurity worker of any sub-niche is to protect the intellectual property and digital assets of any organization or company, governmental and private. Therefore you need a deep understanding of how technology works, how it was built, the thought process behind it, and the rules and protocols put in place so all this thing we call technology will work and won’t crumble down on us(which it does ALL THE TIME). and where things crumble down is exactly where you will be protecting, so hackers won’t be able to exploit these vulnerabilities and take advantage of them while the developers fix the issues.
the most natural path to learning cybersecurity is learning the foundation of how technology works. this upcoming list will be a path for you to follow in case you want to learn cybersecurity but don’t yet have the right foundation to start. so start from the top and if you feel that you know a subject well enough just go to the next one. If the main topic is a Link then it goes to a free course that is recommended.
- Operating system Fundamentals
The list above should provide a solid foundation to start your journey in cyber security. it might look intimidating, but it would take you right around a month. the way i would split it would be the following:
- Week 1: Hardware & Operating system Fundamentals
- Week 2: Windows
- Week 3: Linux
- Week 4: Networking
note that this is a recommendation but you can always change it up.
Choose Your Team
There are many niches in cybersecurity and I try and give you a general understanding of what each one does and how it really feels to be each one, and the best way in my point of view is to gamify it.
There are 2 main teams Red and Blue. but don’t look at them as two completely different subjects but rather 2 sides of the same coin.
- Red Team – The Red Team are the attackers who hunt for vulnerabilities in a system and exploit them, once they have breached a system they report back to the blue team so they can fix the issue to make sure that an external attacker does not use it.
- Blue Team – The Blue Team are the defenders they put defenses in place to protect the system, and when there is a breach they block the attacker, understand what happened, and put more defenses up. they also hunt for vulnerabilities but in a different manner than the red team.
Now I know the Red Team sounds cooler and shinier but you will probably not start on that side.
“but but but I want to be on the RED TEAMMM…”
Don’t worry your time will come, you first need to be a good defender and understand how defenders work, think, operate, and interact in order to attack properly. the goal of an attacker is to manage to go under the radar of 10 – 15 systems that cost hundreds of thousands if not millions of dollars and on top of that a team of 5-10 very skilled defenders that are monitoring 24/7 every single action taken on every single computer in a company.
But with all that said there are thousands of successful attacks a week. (out of millions that are blocked)
with all that in mind if you like the Red Team place it as a goal because after a year of working as a Blue Team, you will probably get there. unless you have a prior experience in programming or something like that.
Choose you role
The Penetration tester
The Penetration tester is what you think of when you think of a hacker this character focuses on infiltrating vulnerable systems with the end goal of taking over the entire network of a company or organization.
if you fit the following description you probably fit right into this role:
- You enjoy puzzles that make you want to bang your head on the wall because they are so hard.
- You are a criminal at heart but you don’t act on it even though you always think of ways you can fuck the system. ( if you do act on it you should probably look into Cybercrime and not Cybersecurity )
- You are good at basically everything, the best way to put it is “Jack of all trades master of none”.
- You are a very fast learner.
- Not impulsive.
- Good at planning.
The analyst is a Defender’, what he does is use all the defense systems
to protect the company he works for. when there is an attack he is the one
that is tasked with stopping it and then investigating how it started.
- You are good at thinking 3 steps ahead.
- If you are a person that likes to go down rabbit holes this role was.
literally made for you.
- Know how attackers think.
- Good at multitasking.
Security operations are a group of people that set up all the defenses in a company
and make sure to make the work environment (software-wise) comfortable and stable for the analyst team. they also implement all the logic to stop attacks. usually, they are on the IT side of things.
- Good with technology.
- if you like big DIY projects and building stuff this role is for you.
- if you have a programming background this can help you allot.
- good at logic problems.
- like to understand how stuff works from start to finish.
Cybersecurity researchers basically keep an eye out for malware and figure out what it’s capable of doing. They document any security breaches that happen (IOCs) and come up with ways to stop the threat.
- if you like science you will probably like this role.
- you like to document everything.
- you are good at understanding how stuff works.
- really good at programming at low-level languages. (c++, c, assembly)
- understand how computers work.
- like to fiddle with stuff until they break.
- you are good at thinking out of the box.
all the roles I have listed are the general roles in the industry and can give you a realistic baseline to jobs you can get into fairly quickly. of course there are exceptions and many more sub niches but these are the main ones you will encounter. personally, I am a combination of penetration tester and researcher but at the time of writing this, I am an analyst which gives you a lot of insight into how everything works and is a really good start. plus it’s really fun, every single one of the roles I listed is fun and really challenging. so don’t be afraid to get out of your comfort zone.
Capture The Flag (CTF’s)
this is the final chapter and the most exciting one since after this I am sending you on your journey to explore, test, and find what YOU LIKE. this will take some time but with this simple method (after completing the foundation learning) you will learn and learn the skills needed to tackle all the basic/intermediate challenges cyber security can throw at you.
CTF’s are bite-sized challenges that make you think and learn on your own the skills needed to solve them. every challenge nudges you in the direction of the solution by asking you questions that make you search the internet for their answer and then apply them immediately.
here is a list of the best CTF services that are free and paid.
- tryhackme – Try hack me is a website that takes a hand-by-hand approach and teaches you from the most basic concepts all the way to the intermediate level. it is paid and there are some courses that are free. but I would recommend at least paying for 1 or 2 months and doing the junior Penetration tester course it will give you all the information you need to understand the basic concepts of hacking and apply them. this website is a must
- hack the box – hack the box is more of a traditional CTF that lets you learn on your own by searching the web when you hit the boundaries of your knowledge, hack the box focuses more on Linux and windows exploration and less on website penetration testing. it will give you allot of knowledge when combining it with try hack me
- Hacker101 CTF – hacker 101 is a great CTF that focuses more on the website and web application hacking it is really great but I would recommend not starting here because there is absolutely 0 guidance it will throw you into deep waters without helping you.
- hack this website – old but gold, same as hacker101 but easier to finish wouldn’t start here as well
- Pico CTF – is a great place to test the skills that you have learned and expand your knowledge. not very challenging but really fun.
- Google CTF – same as pico is a great place to test the skills that you have learned and expand your knowledge. very challenging.
- Vulnhub – this is the place for community made machines that allow you to really challenge yourself the only thing is that sometimes machines downloaded from this website don’t work and it is annoying, btw the best machines from this website are on try hack me but you will need to pay
Fuck off and explore
hope I helped understand How to learn cyber security on your own now spread your fucking wings stop procrastinating on where to start and go do something with your life.