Please help! I do not have experience and do not know where to start.
Have you tried Lab 0?
Not yet! How can I get to it?
Here’s the pinned topic in the Cyber Security parent board that contains all of the Lab 0 content:
It’s also on the INE YouTube Channel in its own Playlist!
When done with Lab 0, you’ll be ready to tackle the Penetration Testing Student (PTS) Learning Path in prep for the eJPT practical cert exam.
Also, don’t hesitate to pop in here. We have some amazing experts who will not only help you get started in our environment but will help you with all of your cyber-security questions.
Have you checked out the VOD from Neal Bridges and Lily Clark… Its pretty awesome here is the link Can you Pass the eJPT Exam? - YouTube
I also suggest this. When she was on the stream it definitely helped answer a ton of questions I had before taking my eJPT.
I would like to recommend Cyber Insecurity stream/community ! Consider joining the live stream and the community Discord server for all kinds of resources to aid you into breaking in the industry and just be around a LOT of great and like minded people!
It looks like your on the right track! If you already have OS fundamentals you can start trying to contact companies to interview them on what they are looking for. Then build on those skills. Or ask people here in this community that are in security and are part of the hiring process about what they are looking for and interview questions. Are you looking for something on the blue team or the red team?
Start your cyber security career? That’s a big question.
- I would suggest you to learn about basic networks
- Later, go on learning fundamentals of Windows
- Understand Linux and CLI - Practice basic commands
For Penetration Testing:
4. Later, learn eJPT - IT covers all the basic Penetration testing and move on to your favorite topic either PTP or EWPT
5. After the above course move further
For Blue Team:
6. Learn various protocol using analyzer (Like Wireshark) and develop your own lab (Useful for both penetration testing and Blue team)
7. Actually understand how the system/architecture works
8. Think how will hacker attack them and later think how to defend.
(Imagine if SQL injection is used, learn how to detect and mitigate)
9. But understand the events
10. Using free ELK SIEM try creating an own attack and defend simulation lab for better idea of logs
11. Try learning INE - Defender courses and understand them
12. Based on understanding learn to go ahead with Incident Response/Forensic/Malware analysis based on your interest.
Out all these, curiosity is the biggest weapon in any cyber security domain.
Just don’t think to start and how, just go ahead an start it
Hi seclilc, notice your profile says part of the INE Team, so not sure quite how to approach responding to this so will give some general ideas on getting into a CyberSecurity career.
As others have said, one of the most important things is to have a curiosity and passion to learn and spend time on doing so.
Again it is difficult to give more specific advice without some background. For example if someone is a student doing an IT or CyberSecurity degree or even in an existing general IT support job, then showing initiative as well as that passion for the subject will go a long way to landing an entry level position or gaining a work placement. Lots of companies will take students on placements over the summer which can give some excellent work experience. Go along to conferences such as BSides (employers often also attend on recruitment drives) and participate in capture the flags events. Build your own labs at home and experiment. All these things go a long way to differentiating you from the competition during an interview.
If you were starting from scratch then I’d say you need to have some foundational knowledge on the operating systems (Windows and Linux) and networking. Get a book on each and download, install and experiment with each operating system. It been a while since I started out so I am not necessarily the best person to recommend books anymore but I always really like the Dummies series of books as I just found them easy and engaging to read (and they are not for dummies, you learn a lot).
Build labs using virtualisation software such as VirtualBox which is free and very capable.
For those that can afford an INE membership then there is a ton of fantastic content on INE allowing you to start from the beginning and build from there. When I first started my career I had a job on a help desk. I actually took out a loan and then used this to buy access to training for 12 months. I then did 13 courses over 12 months and passed a bunch of exams. That really made a huge difference for me and I managed to move into second and then 3rd line support in a couple of years. Whilst they were not cyber security roles at the time I do think you can really drive your own career progress though studying and improving your knowledge and skills. With the likes of INE you can also do this at a much lower cost these days.
For inspiration and interest try listening to podcasts when you are taking your lovely dog for a walk. Here are a few I’d recommend.
- Risky Business (risky.biz)
- Defensive Security Podcast
- Paul’s Security Weekly (They’ve had episodes on getting into Security in the past and others on how to build a good lab environment)
I think Security+ is a pretty good initial exam to study for to get a good foundation in the technical aspects of security. The INE Penetration Testing Student course is also very good though some of the labs may be hard going to achieve without additional knowledge. The walkthroughs are there to keep you on track.
In some countries there are government funded apprenticeship programs. In the UK at least, pre-covid, there were also lots of pretty cheap evening classes where you can learn along with others. I’m not sure if these have gone virtual or not.
There are tons of great resources online. Most importantly do not give up and try to keep learning all the time. There is a great community within CyberSecurity to support you.
Best of luck.