Getting Started in cyber security

TL;DR

Start with free online courses to build a foundation. Practice on platforms like TryHackMe and Hack The Box. Network with others, read blogs, and consider certifications later.

1. Build Your Foundation (Free Learning)

You don’t need a degree to start! There are tons of free resources:

• Cybrary: Offers introductory courses on various cyber security topics.
• Khan Academy: Good for brushing up on computer science basics if needed.
• Professor Messer: Excellent CompTIA A+ and Network+ videos (helpful background).
• freeCodeCamp: Has a growing cyber security curriculum.

Focus on these core areas:

• Networking fundamentals (TCP/IP, DNS, HTTP)
• Operating systems (Linux is very important – see step 2)
• Basic scripting (Python is popular)

2. Get Hands-On with Linux

Linux is the operating system used in most cyber security tools and environments. Learn it!

• VirtualBox: Download and install VirtualBox to run Linux without changing your main OS. https://www.virtualbox.org/
• Kali Linux: A popular distribution specifically designed for penetration testing. Download it from https://www.kali.org/
• Basic commands: Learn essential commands like ls (list files), cd (change directory), pwd (present working directory), apt update && apt upgrade (update the system).

sudo apt update && sudo apt upgrade

3. Practice with CTFs and Labs

Capture The Flag (CTF) competitions and online labs are the best way to learn by doing.

• TryHackMe: Beginner-friendly, guided learning paths. https://tryhackme.com/
• Hack The Box: More challenging, but excellent for developing skills. https://www.hackthebox.com/ (start with the easy machines)
• OverTheWire Bandit: A series of wargames to learn Linux commands and basic security concepts. https://overthewire.org/wargames/bandit/

Don’t be afraid to get stuck! Search for write-ups online (but try to solve it yourself first).

4. Network and Stay Informed

• Reddit: Subreddits like r/cyber security, r/netsec, and r/AskNetSec are great communities.
• Blogs & News: Follow cyber security blogs (KrebsOnSecurity, Dark Reading) and news sites to stay up-to-date on the latest threats and vulnerabilities.
• Twitter: Many cyber security professionals share information on Twitter.
• Meetups/Conferences: Attend local meetups or virtual conferences when possible (BSides is a good starting point).

5. Consider Certifications (Later)

Certifications can be helpful for job applications, but they aren’t essential at the beginning.

• CompTIA Security+: A good foundational certification.
• eJPT: Entry-level penetration testing certification from eLearnSecurity (practical exam).
• CEH: Controversial, but widely recognized (more theoretical).

Focus on building skills first; certifications will be more valuable once you have a solid understanding of the fundamentals.