How to get started and early bird guide

What is Cyber Security?

  • “Protecting digital assets from bad guys/criminals in any possible form”
  • It is not limited to technical capabilities but also critical thinking, strategy planning and problem-solving abilities.
  • Process of securing might involve both offensive and defensive tactics and not limited to one of them.
  • A field which will require rapid transformation with increase of technology usage and development.

Why Cyber Security?

  • The global worth of the Cyber Security industry is 173 Billion.
  • Plenty of opportunities and lot of different sub-skills to explore (digital forensics, incident response, malware reverse engineering, devsecops, pentesting, security engineering, and etc..).
  • Very interesting field that requires you to learn new things with time.
  • Not the path is taken by a lot of people but extremely rewarding.
  • Requires a compound skillset, so someone could fall back to any related job role to take a break or to upskill.
  • With extensive usage and development of gadgets and technologies, Cyber Security for Beginners becomes a matter of paramount importance.

How to approach Cyber Security as a teen?

  • Start by playing CTFs at various platforms like root-me, overthewire, tryhackme, etc..
  • Try to understand the solution if you cannot solve the challenges, move to newer ones until you get stuck.

“If you can understand the solution practice more. If you can’t understand the solution, learn more.”

  • Read more blogs and set up a local VM to try out different things. Familiarise yourself with Linux and how it operates.
  • Do NOT keep reading more content if you can’t try them out.
  • Feel free to take a break and get back in again to avoid burnouts.

How to NOT approach Cyber Security (after staying in it for a while)?

  • Always using tools and not trying to understand what happens behind the screen.
  • Totally ignoring programming as it is hard/boring/tiresome.
  • Restricting to one specific specialization at the beginning, for instance: learning only web application security ONLY.
  • Constantly comparing with others ranks and skillset instead of being inspired and learning from them.
  • Only reading various theories and techniques, but not applying them.
  • NOT thinking out of box and NOT being esoteric in terms of approaching a problem.
  • Thinking Cyber Security is “hacking” ONLY and nothing else.
  • Only learning offense or defense, not realizing both go hand in hand.
  • Believing only in certifications/degree and not one’s experience and thinking.
  • Not being open to new ways and restricting yourself to what you know.
  • Expecting quick results and the ability to hack google 😀

Popular roles/branches in Cyber Security

  1. SOC Analyst
  2. Security researcher
  3. Cyber Security consultant
  4. Red teamer

SOC Analyst  v/s  Red teamer

An SOC Analyst:

  • Monitors system and network activity.
  • Reports/escalates any possible incident or ongoing activity to higher authorities.
  • Collaborates with the IT team to protect the organization.
  • Skills: Log analysis, attention to detail, SIEM knowledge.

whereas, Read teamer

  • Tries to break into an organizations infra using digital and physical means (Ex: tailgating into server room).
  • Uses offensive and stealth techniques to steal sensitive data and exit silently.
  • Skills: Penetration testing, malware/exploit writing, evading defenses and detection.

Security Researcher and Cyber Security Consultant

Security Researcher,

  • Finds zero days(exploits for new vulnerabilities).
  • Assists SOC with new threats that are emerging.
  • Could also analyze malware and keep others updated about its anatomy.
  • Skills: reverse engineering, exploit development, patience.

whereas Cyber Security Consultant,

  • Assists client with how to implement Cyber Security in a specific context.
  • Could also test the client’s infrastructure for security vulnerabilities.
  • Skills: Cyber Security for Beginners, management, attack and defense.

Certifications to try

  • CompTIA Security +: A beginner level certification emphasizing knowledge and basic how-tos of Cyber Security.
  • eJPT: A hands-on certification to test your basic pen-testing skills.
  • Pentesteracademy courses: Topic-specific courses with hands-on exam to improve your skills.

Recommended programming/scripting languages

  • Python is great to automate things and write exploits
  • Bash and Powershell to handle linux and windows machines well.
  • Learning C/C++ is useful when you jump into reverse engineering.
  • .NET could also be handy as modern applications use this framework.
  • Understanding of HTML and JS and how they work together. Reading level proficiency is sufficient.