Mom here. My sons a Junior in HS and wants to be an ETHICAL HACKER??

FlyOnTheWall

GabusDeux wrote: »

Hello, I am Mom2G's son. I already know a little bit of this path. I have been doing things involved in learning online for about 2 years now so i asure you its not a phase. I am already learning python and will be moving to C soon. I also already know what an operating system is, what dual bootnig is etc.

I'll throw in a suggestion for CS50: Introduction to Computer Science from Harvard. They start off teaching C, and move to Python/JavaScript later on in the course. The lectures are fantastic as are the extras they provide. It does a really good job of teaching CS fundamentals, which will be helpful no matter what you do in IT. Personally, I didn't know how to code going into the course, and the problem sets were brutal for me because of that, so I spent a LOT of hours trying to figure this stuff out and I had to lean on the Reddit subforum a few times to get me pointed in the right direction. It is difficult, but still the best online course I've ever taken.

Good luck, as you can see from all the responses, there are plenty of excellent resources/classes for you to take online. If you're willing to work hard and be persistent, you will have a VERY bright future. Good luck.

Mom2G

DAYS before school starts I found out our children have the option of going to a STEM high school in 11th and 12th grade. They will be bussed to their school like normal, take a few classes and then are bussed to a different building. In that building they have all types of programs, but one that I think might be good for him is called computer technology and repair. At least it will help him learn more about computer and he can probably then get a beginner job at Best Buy geek squad after he graduates and is continuing his schooling. Please keep your fingers crossed for us as it is hard to get the school to change your schedule once they are made. It might be a real fight. http://www.academyli.org/page/574

let me know what you think please.

Mom2G

Testing. Wrote a reply with update and I don't see it anywhere.

Mom2G

Take 2 - BIG UPDATE - After reading all your posts I started looking fo Local programs. Turns out my son is able to go to a local STEM high school which i didn't even know existed! They bus him there and everything. He can still get a diploma but would also finish with an A+ certification in computer technology and repair? No cost as it's covered by the school and chances of scholarships to RIT are much greater. I found a video made by a woman who's son went through the program when it first began 2 years ago - and I friend requested her on Facebook. She called me and gave me so much information and is on my very own board of education! I believe it may be a fight to get my son In this year because they already did schedules and start Thursday but she said if they give you trouble come to me. I will help you! Please keep your fingers crossed! This would be absolutely amazing. My son no longer seems to enjoy school. Just going through the motions. I'm sure if it was something he was passionate about, and something that would actually help him in the future that he would enjoy it much more. Fingers crossed. Fingers crossed. Fingers crossed.

yoba222

Ethical hacking is a marketing term used to sell people training and certification in "ethical hacking." It means penetration testing. Unfortunately the most successful training company has focused far more effort at selling the training rather than producing it with high quality. This has been going on for years and now the Internet is polluted with articles that have made the term become entrenched. It means penetration testing.

jibtech

Mom2G wrote: »

Testing. Wrote a reply with update and I don't see it anywhere.

Test successful.

xxxkaliboyxxx

Another vote for getting your son on the Cyber Patriot club at the local high school.

[Deleted User]

GabusDeux

If you are serious about getting into pen testing and wanting to make this a full time gig, like others here have said, IT knowledge is self taught either through a home lab or certifications. College just gives you a well rounded education with some IT classes. In today's society though, a bachelors degree is a necessary evil unless you are the next Bill Gates. There is someone here who I gave solid advice to about getting into this field and I will provide you the same. Since I work as a penetration tester, it was not easy to get into this straight out of college for me. However, with hard work while in school/determination, I did it. Here are my recommendations:

1. Do Security+ to gain Basic 101 security knowledge
2. Pursue CCENT/CCNA ICND1 and 2 to have an understanding of now networks works. Trust me you will need this in pen testing. Being able to know subnetting and if a host is in a particular subnet is important.

3. Learn Python,Powershell and C. You are on the right track learning Python and C. However, learning Powershell from a Windows environment and knowing that Powershell is the future of Windows automation is crucial you know how it works. One thing you will learn in pentesting is using built in tools in the operating system to not draw attention to yourself when doing a test. Ex: grab active directory user account info instead of using an metasploit aux module that has a known signature. It may not make sense now but it will once you learn the concepts.

4. Learn Linux and Windows command line well!! If you don't know a command line, you can't pen test! sad reality but true!

5. Consider certifications once you are older/out of college or in college. Main reason is because most cert vendors won't let you take the exam unless you are 18 or older or have parent permission/training center approval and taking a 3k bootcamp: Ex: requirements for CEH from EC-Council website: https://cert.eccouncil.org/certified-ethical-hacker.html Other vendors such as GIAC are around 6k and OffSec is very advanced and not for noobs to pen testing.

Best of luck in your adventures to becoming a penetration tester.

xxxkaliboyxxx

https://youtu.be/Uv-AfK7PkxU

Check out that video by John Strand (well known pentester). Mirrors what other people are saying.

Edit: Summery of the video

Successful path to infosec
Year One: Windows, Linux, Networking, Python
Year Two: Projects, PowerShell, Meetups
Year Three: Web Apps, PHP, ASP.NET
Year Four: Hack, IDA & Immunity Debugger, Metasploit
Year Five: Present at Cons

[Deleted User]

Great video!! I couldn't summarize this thread up better myself!

TechGuru80

Mom2G wrote: »

1) anything he can do now to prepare as a 16 year old?
2) We live in NY. Are there any schools you would recommend?
3) I've seen people recommend a bachelors degree. Which one exactly?

1. There are a few things that can be done at this stage. One would be to try get some type of part time job in technology if at all possible (the job shouldn't be considered more important than school). Anything from PC repair or if a small company will let him help do anything (this will open doors later). The second thing would be to try and learn more about computers and programming languages. I would try to go with something like Python or Bash/Powershell, because they will be fundamental languages and not very difficult to learn. Sometimes schools will offer classes, other times you might have to look in your area.

2. I am assuming you are referring to colleges? Honestly most schools will be fine, but given he will be a traditional age student, I would steer clear of schools like University of Phoenix and go with more traditional schools.

3. Computer Science / Computer Information Systems (CIS) / Management Information Systems (MIS)...each one is a different flavor or curriculum so it will vary by degree and by school but I would make sure he chooses one he likes so he will stay driven to actually get through school. Computer Science is heavy in programming compared to the others so it might be more difficult...not always a good thing.

I would say a major point to make is that trends in jobs and certain areas....especially in technology...change over the years. That is why a lot of the advice will be broad and generic, because a specific certification today might not be around later....and he is unlikely to be able to use anything he would learn now from certifications for a while since going to school puts him around 6-7 years from being a full time employee. InfoSec and Ethical Hacking within a company are positions that require a lot of trust and putting in the work prior not only builds that trust but also helps with foundational knowledge.

A caveat that your son can get involved in at some point is bug bounty programs. I don't believe companies will allow participation until he is at least 18 but an understanding in web languages and how they work would be helpful too.

Mom2G

I looked up the Cyber Patriot program and there is nothing near me. Not even close. I did mention it to the women on the Board of Education and she said she thinks it's something we should bring up.

EnderWiggin

The STEM high school program definitely sounds like a great way to go. It won't have anhything to do with penetration testing, but in order to be successful as a pen tester, you need to have an outstanding understanding of how computers work. Going through a program like that is the perfect starting point. After high school, I would then suggest getting a bachelors degree (computer science, information security, etc, lots of choices for a major, and it will vary by college). A lot of people in the cyber security field say that degrees aren't necessary, that certifications are all that is needed, but a degree stays with you for life. And it is far easier to get a degree completed in your late teens/early twenties, rather than waiting ten to twenty years, and having a spouse, kids, etc to balance with everything else. While in college, maybe work a part time job with a help desk somewhere, Geek Squad, school internship, etc. And during summer break, he could work on obtaining a certification to add to his skillset.

instant000

@GabusDeux

One thing that has been lightly touched upon in this thread is communications skills. This is actually one of the most important skills for for you to develop.

Focus on developing skills like presentations, persuasive talking, sales techniques, debating, giving speeches, writing, reading body language, human psychology, etc.

Make sure to get into some kind of meetups in your area, especially ones that give you the opportunity to network with your peers.

Penetration testing is about offensive security, and then doing reports that detail what you did. The Offensive Security certifications cover exactly this.

As @NOC-Ninja pointed out, the best security people know the systems and networking well. Few security types know systems well. Even fewer know networks well. If you want to stand out in your field, make sure to learn systems and networking. It will make your work much easier.

As far as the high school program, I am of the "take it or leave it" mindset. It won't be a dealbreaker, either way. What will determine your sucess would be how well you can "independently" study, beyond that which will be covered in any school program. For instance, if you can knock out OSCP before you graduate, I think that says a lot more about your future potential than if you knock out A+.

If that's what you're about, you have come to the right website. Make sure to check out the security certs forum.

As far as college versus tech school, others here have echoed that it is more about what skills you have, than what degree you have, but if you are going to pursue a STEM degree, I would recommend a computer science degree.

As far as which schools to attend, I know that Rochester Institute of Technology has pipelines into the tech industry, as a few years back when I attended an interview program at a certain company in NC, there was an RIT mafia walking through the halls.

As far as challenges, I had severe social anxiety growing up, and even quite a few years into adulthood (this affected school, dating, work, etc.) This issue wasn't really conquered until I realized there was nothing to be afraid of. This doesn't mean I take license to leap from heights, but I am now completely comfortable talking to perfect strangers I meet on the street!

As far as warning about legal implications, I had a friend get in trouble with the FBI for something he and some of his buddies were doing. Basically, this means that you should look to hone your pen-testing skills in dedicated practice environments or home labs that you build yourself.

Feel free to direct message me here (less frequent response) or LinkedIn (more frequent response).

Hope this helps!

[Deleted User]

@instant000

Offsec won't let anyone under the age of 16 sign up for their courses from my understanding. Not only that, but for a kid to go from nothing to OSCP is gonna be very very demanding when he is in HS. I wouldn't recommend OSCP until he graduates HS or even college should he decide to go. You can't expect someone to do something that advanced without a foundation.

Nerkle

I think if he can go to the STEM highschool, that would be an excellent way of learning and networking with teachers who may know more.

I also suggest this for him. Get him to make a github, start writing down some CaptureTheFlag and WarGames.( https://www.hackthissite.org/info/about and OverTheWire: Wargames or whole index: http://captf.com/practice-ctf/ ) Those will help him learn Linux and Windows commands in the terminal really fast and if he is able to write down the code in notepad/leaf pad and screenshots with those, he will be able to show his work to the pros and jobs that will hire him in the future. Also do some labs, I highly suggest doing some of the virtualbox Kali Linux labs and following some Udemy classes or Cybrary on how to set up the labs and how to run some attacks on a home made networks on metasploit so he will not have to hack someone else to get the experience he needs.


Also for networking/meeting others in the industry, I suggest he joins the reddit /HowToHack IRC or the hackthissite IRC to chat with some folks there, as well as going to the hacking / cybersecurity conventions, may need to google what is nearest for you. 2nd thing he needs to do is set up a LinkedIn and a Twitter account. With the LinkedIn account he can either add friends he meets at the conventions or he can start reaching out to some of the professionals and ask advice from them, they may know someone to introduce him to for the next steps of breaking into the industry or a possible position available. Also his linkedin can have his github added to the main page as a portfolio to show his work that he has done which could interest future employers. If he has a twitter account, he can post his latest projects and talk with those in the industry there and hashtag his work so that more people searching the tags will find it, which means they will find him and make more connections and find out the latest tips and tricks he can improve on.

I wish you and your son luck! I'm a student in college for Cybersecurity and still clonking around figuring things out so totally understand wanting to know the next steps.