$ ~/how_i_got_into_cyber.txt

Ted

4 min read
$ ~/how_i_got_into_cyber.txt

My journey into cyber security started in Jan 2021, when after failing my CCNA for my current role as a Network Administrator and generally feeling a loss of motivation and drive, I decided that a new path was what I needed.

I have many ex-colleagues that have moved into cyber security already and have a few years of experience to give me a no filtered view of what life in cyber would be really like.

These ex-colleagues also started a podcast during the pandemic in 2020, which gave me some insight into their world. Hackable You

Next was researching some of the many aspects of cyber security and information security. As part of my network admin role, I’m already familiar with some aspects but wanted to understand them better.

Colleagues suggested that I would benefit from looking at the CompTIA Security+ course and taking the certification exam, which would give me a base-level understanding of cybersecurity and the terminology used.

I found a Udemy course that would prep me through the CompTIA Sec+ content and prep me for the exam, which cost me £14/$20. Jason Dion who tutors the course is great at breaking it down to help you understand the different concepts in the study material. Still, I am more of a practical learner, so I was looking for a way to see and possibly do some of these things, such as buffer overflow and cross-site scripting, to help me further understand.

My next port of call was YouTube to clarify some of the terminology and concepts mentioned in the Udemy course. I stumbled upon John Hammond, a threat hunter for an MSP Security provider, Huntress via another YouTuber I learned a lot from for my CCNA, Network Chuck. Both of these content creators lead me to TryHackMe, which is an online platform that provides users with an introduction to cyber security in the form of tutorials and Capture The Flag (CTF) game-style challenges.

I watched a large number of John’s content to understand how the platform worked and how to get started with the CTF challenges. From there, I started down one of the “paths” that Try Hack Me created to guide you through various aspects of penetration testing, enumeration, Open Source Intelligence (OSINT), Web attacks, etc.

I started with the “Complete Beginner Path” aimed at just a person like myself who has pretty much no knowledge of cyber security and the tools used, including the Linux operating system, which runs most of the devices when working in the cyber security world.

The “Complete Beginner Path” has now been superseded by the “Pre-Security” & “Junior Penetration Tester” paths with updated content.

Being in infrastructure for many years and having a home lab with Linux servers, I already understood some of the subjects covered in the first few modules of the path. Still, there was always something that added to my skills and knowledge.

As you work through the Rooms/Modules of the path, you earn badges shared on social media such as LinkedIn, Facebook and Twitter.

Again adds to the game-style “achievements” that you would share from things like Xbox or PlayStation games.

Most of the content is free, including the “paths” but if you want to take on things like the complete Domain labs such as “Holo” or “Wreath” then you need to pay for a subscription, which I did pay for as I one of the other benefits is that you can use a virtual private network (VPN) connection provided by THM to connect your own instance of Kali/Parrot Linux which I have found to be my personal preference as I can install tools and get used to them for other platforms such as Hack The Box.

One of the great features for beginners on the THM platform is that you can use your browser from any PC running any OS. You are provided with a web-based Linux or Windows virtual machine to learn right within the browsers.

So for anyone who wants to start and try the platform, it is all provided for you for free.

Hack The Box Have been the first and go-to platform to learn ethical hacking and penetration testing methods. Still, with the arrival of THM on the scene and the popularity of the format, they released their own Hack the Box Academy again offering a free level of learning with a web browser-based VM. However, this is only for a limited time per day (1 or 2 hours). If you want unlimited, then you can subscribe. The unique thing with Hack the Box Academy is that you earn “cubes” which allow you to open up different modules to complete.

Like THM, HTB Academy has paths with various modules to complete, which you use and gain “cubes“. These break down into three main areas: Offensive, Defensive, and General.

I have found that doing both THM and HTB Academy has given me a great baseline to work from and feel more confident in trying more challenging boxes.

Hack the Box also offers some easy training boxes, with less guidance and more in the style of the main HTB platform where you would test your learned skills. It is called “Starting Point” and was a great intro if you have not tried HTB Academy or THM.

I did have great fun doing the starting point challenges, and it was nice to try and get through the box with very little help from write-ups or YouTube.

If you are looking to get started in Cyber Security I would recommend the following:

  1. Create an account on TryHackMe or Hack the Box Academy
  2. Start getting used to taking lots of notes. I can recommend Obsidian or Notion
  3. Once you have you feel more confident and start to look at taking on a CTF or Hack the box starting point.

These are my opinions, from my experience there is no right and wrong way to get into cyber it just depends on which part you would like to get into.

Thanks,

Ted.