Beginner's Guide to Cyber: Intro
Not sure where to start? Check this out.
How do I get into Cyber?
As a mentor in Cyber, I have been asked by a lot of people how to actually break into the industry. The truth is, it's hard right now. The general perception is that a 6-month bootcamp will get you a job making 6 figures. That wasn't the case then and isn't the case now.
The job market is tough right now. Take a moment and just contemplate that.
There was a lot of hiring in the 2019/2020 and many companies are conducting layoffs or just aren't hiring right now. I originally thought websites like https://cyberisfull.com were just being dramatic, but there is some truth to it.
This is a hard field to get into and stay in. If you want to get into it, you need to make sure of two things:
A. You have a background or know how IT devices work.
B. You can dedicate yourself to constantly improving yourself and learning more.
If you don't know A, you won't last your first day. If you don't do B, you won't last your first month.
If you're still reading this and still want to jump into Cybersecurity, look at the flowchart below. I'll have some text below it to explain what some one the more meaningful bubbles mean.
Is it overwhelming? Maybe, but start at the top and work your way down.
Learning IT on your own
Why bother right? "We signed up to do cybersecurity to hack and stop hackers" is a sentiment I hear often. It is often forgotten that what we do is advanced IT. No matter how big or small your security shop (read: team) is, you'll be working on IT (or OT) assets. You need an understanding of how switching and routing works, what ports are, and how Windows devices talk to each other. It's highly recommended to switch into cybersecurity after you have had a bit of an IT career. If you don't want to wait or just have that can-do spirit, be ready to do a lot of learning.
Traditional Learning
Learning IT in a traditional setting like a college or university is what most professionals do. Learn, take notes, and set yourself up for success in the future.
IT Certs
IT Certifications can help show a foundational knowledge of IT skills without spending a lot of time in school, but there is arguably less of an impact with them, on both your learning and the employer. It isn't as flashy as a four-year degree and you don't learn as much, but you don't need to invest as much time or money either.
Homelab
Taking a few old laptops or computers your family isn't using (or check online for used deals) is a great way to learn how computers and networks work. Set up a domain with a couple of computers or virtual machines and start adding the basics to it. Throw in an Active Directory server, a webserver, and maybe even an NTP server, and voila! This just gets your feet wet and helps you learn. Practically free, but requires a lot of discipline and understanding of where to look and how to learn. Platforms online like HackTheBox Academy are starting to have Windows and Linux Fundamentals courses to help beginners start from the ground up.
Getting Cyber Skills
This is similar to learning IT skills. You know what computers do, the basics of how they talk to each other, and can navigate the OSI model. Now let's focus on what we came here to learn: Security.
Cyber Platforms
Platforms like Hack The Box and Try Hack Me have been popping up over the past 10 years. These platforms can teach different red team and blue team skills through instruction or a CTF-style game, and for a price can have pretty robust learning paths. There is great amounts of information in them, but don't expect every employer to know each learning platform. Some good examples are: TryHackMe, HackTheBox, and OverTheWire. TCM Security, while expensive, also has great content and will often have deals on their founder's LinkedIn or other social media.
Certifications
Certifications are a great way to prove your knowledge and learn a lot in the meantime. A great place to start would be CompTIA's Security+ and Network+. If you have an employer that is willing to pay for a lot, look at SANS' beginner courses and associated GIAC certifications. Either way, use youtube to look up guides for the certifications, because there are a lot of good courses that are absolutely free. A good name in the industry is Professor Messer.
Traditional Learning
Traditional learning for cyber is still a very valid option. More and more colleges are offering Cybersecurity degrees. In my experience, they are mainly Computer Science degrees with a veil of cybersecurity, but some professors understand security well and can teach it incredibly well. Dr. Bryson Payne is one of those professors.
Notes for Military Personnel
If you're military, use your benefits. If CA/TA is still around, use that to pay for college or credentials. The deal gets sweeter if you're transitioning from Active Duty. Skillbridge programs are like a free ticket into cybersecurity. Talk to your chain of command and ensure you're in the proper program. It will set you up for success.
Notes for College Students
If you want to get into cybersecurity with minimal fuss, do everything in your power to set yourself apart. Be a part of a cybersecurity club (or make one if your school doesn't have one.) Participate in CTF's. Start a home lab. Show potential employers you WANT TO BE HERE. In the first stage of your career, that will do a lot to set yourself apart. Find local companies and see if they have cyber internships on their job boards. Still, remember the points above. Know how routers work and that you know an inkling of IT and are willing to learn the more advanced stuff.
Conclusion
All in all, there isn't one right move to get into cybersecurity. This is just based on what I have seen from my own journey and out of new analysts that join my teams. Some lack IT fundamentals, and some don't care enough to try to learn it. Do everything in your power to show your team you care and you want to be there. That will help you get interviews and get your foot in the door.