Cybersecurity: Where to start?

acevicacevic Registered Users Posts: 1 ■□□□□□□□□□

I am a security enthusiast interested in pursuing a career in the field of IT Security. However, I am very new to all of this with a little bit of knowledge here and there (i.e. very basic computer networking, some HTML, CSS, Javascript Basics, Python Basics and Ruby Basics and have been developing Wordpress sites.). I do not have any certifications so far and am not even sure whether any are necessary. My objective is to get started in ethical hacking and build my career around it.

After performing some online research, I came to the conclusion that there are no predefined courses or roadmaps for pursuing this field other than the typical vague learn programming, learn linux, etc etc, other than the ones defined by the certification authorities. And hence I got into the idea of following a predefined course structure from a certification authority and decided to follow it (CEH). However, I find that there are plenty of things that I keep failing to grasp and that there are no detailed courses on the subject that are beginner friendly, i.e something that one new to the IT industry as a whole can follow. What I am looking for is a syllabus that would guide me from scratch to get started as an ethical hacker in practice, preferably something that wont tie me up for months with heavy details on how things work and then go into the details and cover the advanced topics. I do understand that this cannot be achieved overnight and that I do have to understand certain topics such as SQL for SQL injections which are inevitable but I do believe in getting my hands dirty and working hard enough to make most of the time in hand and start getting involved with the subject.

The popular courses keep mentioning that they are for system administrators, etc but they do not have specifics on what prerequisites are required in terms of knowledge and skills. Hence, I would like to know what I would need in order to start my journey into this field and how I would get my hands dirty with ethical hacking as soon as possible, as well as what courses should interest me at the moment (if any) and what my roadmap would be in terms of courses if I were to target a career in this field.

I thank you all for taking your time to read this.


  • xaxxax Member Posts: 41 ■■□□□□□□□□
    Hello. I can speak for my (small) experience, and location. I'm interested in infosec field as you. I've started studying networking arguments (getting Cisco CCNA cert), Linux, security issues and different programming languages. After 2 years of this I managed to get an interview into infosec field. However "security" is a very broad term.

    (this forum is a good resources container, also)
  • broli720broli720 Member Posts: 394 ■■■■□□□□□□
    Many threads like this on here already. Do a quick search and I'm sure you'll find some useful information.
  • QordQord Senior Member Member Posts: 632 ■■■■□□□□□□
    That discussion might be fairly old, but it's still relevant. As you said, there are things you're falling to grasp, so you need to start lower. Get the basics of IT and then learn about securing them.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    There is two ways to get into IT Security Field.
    The first way is to grab as many IT Security Certs as you can while your young or new to your job. While interviewing for IT Security position, hopefully you can get into the 'secondary consideration' range because the budget for primary consideration is not enough.

    The second way is work at a network department, still try to grab some IT Security Certs and then ask for an internal transfer.

    For a start, you would need to feel how is getting an IT Security Certification would be like. This can train you in taking test and capable to grab more IT Security Ceritification. CEH is a good start and easy to pass, but for a starter its actually quite difficult. But once you get pass the hurdles and get a build a good foundation, its easy to build a great amount of knowledge from this foundation.

    Bear in mind however, the problem with CEH is however

    1) Crappy Study Guides that just want to make quick buck from people
    2) 2 Years requirements unless you go for the course
    3) Not really consider hacking, most serious hackers look down on the course
    4) Market ruin by plenty of so call Certified Ethical Hacker who had never booted a linux system before.
    5) I got a friend who took both CCNA and CEH and said CEH is easier than CCNA

    Don't start off a CEH with a CEH Study Guide, as most want to make a quick buck instead of taking their time to explain good concepts within the book. Take a book known as Counter Hack Reloaded by Ed Skoudis from Amazon, the book is very solid is terms of every foundation knowledge you need to branch into many path.

    After completing the book, take the CEH if you can, if you can't, then top it up with Hacker Techniques, Tools and Handling with lots of notes found online and grab GCIH. Once you grab GCIH (and CEH hopefully), you can bargain for easily for a junior IT Security position.

    From there you can start to plan your advancement. Something like the following
    General Compliance - CEH, GCIH, GISP, CISSP, CRISC
    Incident Handler - CEH, GCIH, GCED, GSEC
    Auditor - CEH, GCIH, GSNA, CISA
    Forensic Analyst - GCIH, GCFE, GCFA
    Intrusion Analyst - CEH, GCIH, GCIA, GCFW
    Malware Researcher - GREM + Forensic Analyst Path
    Penetration Tester - CEH, GCIH, GPEN, GWAPT, OSCP
    Expoit Researcher - Penestrator Tester + GXPN, OCSE, OSEE
    Mental Hospital Patient - GSE, OCSE, OSEE

    You would had notice I put CEH and GCIH in almost every list, because they are really a good foundation to build any further IT Security knowledge on. The reason why CEH get pair with GCIH is because CEH is so much like GCIH except without the Incident Handling portion, so if you could take on CEH via self studying, GCIH would be a possible to break into it.

    Of course you don't have to get everything. For salary start, IT Security is a lower than networking in general. As low as 30k PA as compare to 36k PA. But you can easily hit 70+ PA in about 4 years if you are really hardworking. icon_cool.gif
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Just grab some Virtualbox or VMware software and start having fun. Break stuff...then find out how to secure it. Then break it again. Be careful...this stuff can become addictive.
  • BreadfanBreadfan Member Posts: 282 ■■■□□□□□□□

    Here is my .02. The FIRST thing you need to do is gain the necessary knowledge of the things you want to secure. I cannot remember who said it on here a few years ago, but he was dead-on. You cannot secure anything you dont know much about.

    Once you have a good solid foundation under your belt, and some experience to go with it, THEN look to securing it. We all (or most of us) started from the bottom and worked our way to the security level. I believe building the foundational and troubleshooting skills is a MUST when it comes to security and there arent many shortcuts.

    The member on here said this: How can you secure something you know nothing about? If you dont know how to configure and install Windows, etc. properly then how can you properly know how to secure it?

    Build a good foundation of skills, get the A+ & Network+ then progress into a next level that interests you whether that be Cisco or Windows/Linux. and then keep building the skills as you go and complementing them with hands on. You cannot learn everything in a book or a screen. Touch it, break it and learn how to fix it. THEN you will start to know how to secure it.

    Find an area that interests you (virtualization, Windows, Linux, Networking, etc.) and go for it. This forum has been a vital part of my knowledge and growth. Just ask for help and share what you can.

    Good luck.

    Mark Twain

    “If I cannot drink Bourbon and smoke cigars in Heaven than I shall not go.

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,260 Admin
    If you are looking for what you need to launch into a career in cybersecurity then you need to start with job postings from employers that actually use terms that begin with the prefix "cyber." Five+ years ago cyber-terms were used almost exclusively by the DoD (and especially the AF), but cyber has since been adopted by private industry too.

    Find job postings describing duties that interest you. Don't worry about the geographical location of the jobs yet. Right now you are just collecting reconnaissance information to form a career plan based on what qualities the hiring managers in the "cyber" fields want in their workers. Check what education, certification, and experience these cyber-managers are looking for in job candidates. Talk to people that are actually hiring for cyber-positions and value their opinions and advice the most. Use this informaiton to decide on how to start your career in cybersecurity.
  • chopstickschopsticks Member Posts: 389
    The discussion and advice given is excellent!
Sign In or Register to comment.