Cyber security.. need help, where to start?

Hello everyone!
I am a 16 years old student in high school who is very interested in cyber security, who's also very confused at the same time. I would like to have a great knowledge of cyber security, but I don't know where to start.. what are the basics that I need to know? What are the certificates for? What are the certs I can get and the certs I need to get? Are there any free ones? Also I'd like to know how to be special enough to be hired in the future. Should I go to college and get a degree or not? If so, should I get a Bachelor's degree in Information Security? Or get a Bachelor's degree in Computer Science and after that get a Master's degree in Information Security?
You can consider me a newbie that only knows how to use a keyboard.. I need a solid ground of knowledge of cyber security.. it's just that I don't want to waste time being confused. And sorry for my bad English.

Thanks in advance

Find more posts tagged with

Comments

mikey88

Very interested eh? Prove it. I assume you already installed Kali Linux and started playing around with metasploit? How about the basics of security+ and pentest+ certifications?

When I was 10 years old, I was trying to figure out how to make PC games run on my underpowered Pentium 4 machine while hanging out in IRC chat rooms and downloading from Kazaa and napster.

If you really have a passion for cyber then go out and learn, explore and gain those skills.

Infosec_Sam

Oh boy, here comes a wall of text. Sorry 'bout that.

So you're in a special position right now, where you have every option available for you. The first decision you have to make is between a formal education (College/University degree) and a more informal education (certifications). Let's first explore the formal education path.

If you choose to pursue a college degree, you have to choose which degree you'd like to earn. You could get a bachelor's degree in cybersecurity, information technology, computer science, information security, and many more. To answer your question about a master's degree, I don't think you should worry about that until after you earn your undergraduate degree first. It will be much easier for you to decide if it will be worth the extra time and money once you have a bachelor's degree. If 4+ years of college doesn't sound like your jam, then maybe a 2-year associate's degree would be better. These degrees would be more along the lines of system administration, networking, and network security. An associate's degree can get you into the workforce 2 years earlier, but by itself, your ceiling might be lower than if you had gotten a bachelor's degree. People who earn an associate's degree are generally more likely to pair it with certifications to climb the corporate ladder.

Speaking of certifications, certifications! They're generally used to prove your knowledge in a very narrow subject. For instance, the CCNA certification signifies that you know how to configure a corporate network with routing and switching. For this reason, certifications on their own are not as useful as a degree. They're an excellent supplement to a few years of work experience or a college degree, but they don't hold a ton of weight on their own. Most of these certifications cost between a couple hundred and a couple thousand dollars, so it's pretty common to get a job in IT and then have your employer pay for your certs.

Now we get to the question of what you should do. That's entirely subjective, and I don't think anyone is going to have the right answer for you, but I can tell you what I wish I would have done. I would go straight for a bachelor's degree in computer science. Reason being, this leaves your options wide open in case you decide cyber-security isn't what you thought it would be. It's perfectly okay to change your mind! After getting your degree, you could probably land a job as a service desk specialist or a system administrator. From there, you could start studying for certs that you're interested in. CompTIA offers a couple of excellent entry-level certs. These are the A+, the Network+, and the Security+. These would give you a good base of knowledge to transfer over into a networking or security role. After that, you could look into Cisco's line of certs (CCENT, CCNA, CCNP, CCIE) if you prefer networking, or (ISC)²'s line of certs (SSCP, CISSP) if you're still digging security.

Or, you could do what I did: Get a job as a support specialist, spend a year in college for engineering and change your mind, then spend two years in college getting a network security associate's degree, then get promoted to security specialist, then go back to school for a bachelor's degree in Information Science and Technology, and wind up in a marketing job and love it! Morale of the story is: you don't need to have everything figured out from the very start.

ClickClack

mikey88 said:

Very interested eh? Prove it. I assume you already installed Kali Linux and started playing around with metasploit?...

When I was 10 years old... downloading from Kazaa and napster.

This is good advice from mikey88. However, do not explore things that are illegal. It is very difficult to get any job today with a criminal conviction on your record. I think the post was intended to inspire you just don't read the wrong things into it.

ClickClack

In addition to the good advice you have received, I would talk to your High School guidance office. In some states, you can take college classes in High School, usually from a local Community College. This can save you money compared to paying for the same classes later. Other schools have Career Centers that teach CCNA (Cisco's networking certification) or other tech skills.

Also, look at the thread here called "Free/Reduced Certifications - Free/Reduced Training". Some of the information is out of date, but there is still tons of good information in that thread.

Kurashi

wow that's very cool! thanks a lot

I gathered so much information and I found that I need certs, but since I'm young and the certs have an expiration so I don't know but I think I will start learning the fundamentals of cyber security or the things I need to understand from the internet like courses of teaching OS, Networks and some Programming languages, and then start learning to pentest networks and apps, webs till I go to college and get a Bachelor's Degree in Computer Science then a Master's Degree in Cyber Security, or just get a Bachelor's Degree in Cyber Security. What do you think about plan?

Infosec_Sam

That sounds like a great way to start! You've got a lot of time to figure everything out, and it sounds like you have the right mindset. For now, learning some programming will give you a pretty good head start once you reach college. Just make sure you're still putting the work in at school!

Once you do get into a college program, they will usually have career counselors who can be very helpful in mapping out how to get to where you want to be in your career. Another nifty tool for you to check out is the career pathway app on cyberseek's website. With this, you can get a general idea of which roles feed into others.

If you have any other questions, feel free to ask!

Basic85

Check out your local community college, as some have high school special programs for cyber security.