Dedicate time for learning, researching, study and self development
Our journeys into our fields all start one way or another. The most important fact about the stories that are similar is that everyone had some sort of beginning, an intro, maybe it was a friend, a teacher, a mentor, a parent, maybe you just decided to - but we all have a beginning and the fact that we took the first step is the most important part of every journey.
Do not let fear of the unknown cause an irrational fear of beginning down a wonderful path.
Do not let fear of the unknown cause an irrational fear of beginning down a wonderful path.
When one is motivated and goal orientated, no limitations are too solid to break through. Lack of money, education, time. Yes these are important. Yes it gets harder when you add each resistance factor but at the end of the day, if you create a process for learning - setting a time and place and just dedicating yourself to your goal, then there are no bounds to what you can achieve.
In the beginning, generalize then specialize.
If you want to do offensive security but can barely set up a mouse and keyboard and have never touched python or inspected the html of a webpage? Then you should definitely do an intro to computer science course or something.
Just know that there is always hope and a means to an end. You just need to decide on where you want to go.
Level 0 - Zero Comp00tr Knowledge
If I was starting from scratch, just leaving high school with no former computer experience.
A+ for computer knowledge
Try answering the following questions: comptia A+ quiz
Look at what the Network plus exam covers and familiarize yourself with networking
Use these questions to go to wikipedia and read up on the sections that the questions relate to.
Level - 1 Haz Sum Comp00tr Knowledge and likes the memes
we know how to browse the internet and do basics of surfing the web but have never coded a web page or inspected HTML.
we dont know the specifics of what we are doing but we are tech savvy enough to install a mouse,keyboard and monitor. We can
Have taken some coding classes and know math but cannot really use our terminal efficiently
Here we want to start looking at the CSA CSSK
Its openbook, it teaches you about risk and other general security concepts. Its a pretty great introduction to security. The important take away here is both the Security and Risk Knowledge but awareness of the Cloud Controls Matrix. ( CCM )
Start reading things like https://en.wikipedia.org/wiki/Computer_science
The 2 bootcamps that you will get the most practical experience from are
Level 2 - I can computer
You are a developer or have worked the computing field, you've developed code, worked as a web dev but never really backend stuff.
Cover the content of Level 1 - do the bootcamps and familiarize yourself with the Reddit NETSEC startpage
BE CURIOUS
look at code, read code - what is it doing, why is it doing that?
Look at what it looks like when its running
things like strace can show you the system traces.
What does a network request look like? How can i see this? Use wireshark,tcpdump or tshark.
Level 2 . 0 - Goal Gap Analysis
try figure out where you need to put some more time into learning based on your goals.
If you want to go down the network defensive route, what's your network knowledge like, what types of attacks exist that need to be defended against, where do you want to put up your defenses - the onion of security, the layered defense, every type of defense can be specialized in. So if you picked your path - figure out where you are weak
If you worked in a windows only type environment most of your life - install linux on a vm. Learn bash and if you havent done so already, learn to use wireshark
It comes down to picking a rough path towards a fuzzy goal and defining it and giving it definition through continuous alignment with what we want out of it.
Make a list of things you want to be able to do - high level goals - unbound by vendor specific products etc. and map out your study items. 5 min of research per item to create a map at most. This list can be modified as needs or priorities change.
Think about what you find easy, think about what you find difficult - where is your understanding fuzzy - let your ignorance guide you - let it be the compass to direct you to the information that you need educate yourself on
always validate & verify your information & sources
just because something is on the internet - does not make it true. Ease and access to resources which gives people the power that was once only in the hands of publishers + editors who were held accountable for their words.