Cybersecurity is a vast field, but I already work in tech, so, where do I start? This article aims to detail my plan for ramping up my knowledge and skills in cybersecurity - finding ways to bridge the gap between my current expertise and the nuances of cyber attack and defense. From the foundational concepts through to niche technologies, I’m setting out to transform my curiosity into professional competence.
From Movie Myths to Real-World Skills:
Like many, my initial brush with cybersecurity and “hacking” was through Hollywood’s dramatic portrayal. Where the good guys (or, mostly, the bad guys) are just a few key-strokes away from saving or dooming the world. I remember a young John Connor hacking ATMs in “Terminator 2”, and have watched Elliot Alderson’s intense coding sessions in Mr Robot (well, Series 1 at least).
While thrilling, I’m incredibly aware that real-world cybersecurity is less about furious typing in a dark room, and more about patience, problem solving, monitoring/alerting, and a knack for continuous learning.
Though, let’s be honest, calling myself a “hacker” would be kinda cool.
Starting Small, Thinking Big
The advice I’ve received, as someone with an existing career in technology (and prevent potential boredom) is to jump right in and tackle a few different things at once: Do some “actual hacking” alongside educating myself on the foundational knowledge side of things.
So, I’ve done some research and come up with a few practical projects / activities I can dive right in to, alongside education/certification.
Practical
Penetration Testing
There are online platforms like “Hack The Box” that offer safe, legal environments to test penetration testing skills, and this is where I’ll be starting. My career/professional-experience means I’ve got some familiarity with VMs/Networks, so I’d also like to set up a home-lab security playground at some point, too!
Home Network Security
With a whole host of devices at home, from PCs and tablets to smart devices, there’s no doubt some tightening-up to do in my home network. It’s a perfect real-world applicaiton of what I’ll be learning.
Gadgets and Gizmos
And yes, I couldn’t resist getting my hands on a Flipper Zero. Seasoned professionals might raise an eyebrow, but it’s a fin start and I hope it’ll keep the learning engaging.
Education:
When I went to University, I applied for two different degree courses; “Computer Science”, and “Ethical Hacking”. I couldn’t make my mind up at the time, so ultimately went with Computer Science because I saw it as a bit more broad and versatile. That said, this did get me a job in a Fortune-50 company where I’ve worked as Release Engineer, Java Developer, and now a Cloud DevOps Engineer. So I think it’s safe to say I know something about computers.
Despite already having a career in tech (and there being a fair amount of knowledge overlap between my job and cybersecurity) there are definitely areas that I’ll need to re-visit to consider myself cyber-competent.
CompTIA Network+… Or Not?
I was all set to start with CompTIA’s Network+ and other foundational courses. However, some cybersecurity pros in my circle have steered me towards starting directly with Security+. They reckon it’s a more targeted entry point given my background. I do still plan to brush up on Network+ materials though, just to solidify my networking fundamentals so I don’t get ahead of myself.
CompTIA Security+
So, the new plan is to leap into CompTIA Security+. It’s a bit of a pivot from where I thought I’d start, but hey, adaptability is key in tech, right? This should give me a solid grounding in cybersecurity essentials before I look towards more advanced studies and certifications later on.
Certified Ethical Hacker
This might not be the certification I take immediately after Security+, but it’s on my radar. Half of my interest in this field is for the “fun” side of things, so I can’t wait to get my hands dirty and have a go at some actual “hacking”. There’s no timeline for this one, as it really depends how everything else goes. But I think it’s a good long-term goal.
OSCP and CISSP.
One day. Far, far in the future (though hopefully not too far) I’d like to have an OSCP (Offensive Security Certified Professional) badge next to my name - this is a fairly comprehensive course followed by an intense 24hr exam that sees the applicant hacking into various systems to get “points”. It’s pretty advanced, though, so this is likely years away.
Similar to the OSCP, CISSP (Certified Information Systems Security Professional) is one of the big ones. CISSP focuses on the process and planning of securing networks (where OSCP focuses on how to break into them). OSCP and CISSP are worthy adversaries in terms of certification, but companies do seem to prefer CISSP (presumably becuase they have more of a focus on defending their network than attacking it).
The Practical Path Forward
This journey is about exploration, growth, and keeping it fun - not just certifications and ticking boxes. I’m eager to share my experiences on Chivers.dev as I go, keeping it lighthearted and hopefuly providing some insights (or at least some memorable moments) for anyone else on a similar path. Whether you’re deep into tech and cyber, or just casually interested, I hope to make this journey engaging and informative for us all!