Getting Into Cybersecurity: A Roadmap

Hello everyone! Typically, I share content about bugs and findings from my pentests. However, after accumulating some knowledge in this industry over the past few years, I’d like to offer some tips on how to break into cybersecurity and secure your first job.

1. Learn the Basics

Programming Languages: Python is highly recommended.Operating Systems: Gain proficiency in Linux, its shell, and scripting.Networking Protocols: Understand how basic protocols like HTTP work.

Building a strong foundation in these areas will set you up for future success. Engage in personal projects and familiarize yourself with basic cybersecurity concepts.

Additionally, never delete any projects you've created! Even if they didn't turn out as expected, archive them on GitHub. Demonstrating your learning process to others later on is an excellent way to showcase what you've learned.

2. Start Learning Hacking

Training Platforms: Utilize resources such as HTB Academy or TryHackMe to gain knowledge in various areas.Reading Materials: Follow blogs and read publicly disclosed bug reports.

Many people find cybersecurity overwhelming due to its vast scope. It is indeed an infinite sea of information. Even the most experienced professionals constantly learn new things as technology evolves. Begin somewhere, and your skills will improve over time. I highly recommend picking a learning path in either of those online academy’s. For absolute beginners, I recommend starting with TryHackMe as it offers more guidance. For those with more experience, I definitely suggest exploring the Job Paths at HTB Academy.

3. Pick a Topic and Specialize

It is more beneficial to excel in one specific area than to be average or probably even worse in many. Choose a topic you are passionate about and deepen your knowledge in that field. For example:

If you enjoy web exploitation, consider following the senior web pentester path at HTB Academy (CWEE).If infrastructure interests you, try the Active Directory modules.

There is often an overwhelming amount of information about a single topic, even if you initially think it’s not that significant.

4. Obtain Certificates.. or not?

Certificates play a significant role in this industry. While I don’t recommend beginners or those new to cybersecurity to immediately pursue certifications like OSCP or OSWE, they are often required by certain companies. Start with simpler, yet valuable certifications such as:

HTB’s CWEE/CPTS

For more a bit more advanced peopleWell known and respected online learning platformBecoming an industrie standard in the next yearsTraining is extreamly good but time consumingCost: 1 Voucher incl. 1 free retry 357€

CRTO

Extreamy good cert for active directorieWell known and a industrie standardCost: 413,69€ incl. lifetime access to the course

Burp’s BSCP certification

Well known companyCertificate is good for beginnersNot an industrie standardCost: 89€

To be completly honest I do not think that certificates are that important. I got myself a good job without any prior certificates. I highly depends on the company you are getting into. If it is still a bit smaller, and you can show of your skills by recent projects, HTB accounts etc, the need of certificates is rather low. However, if you are competing in a huge company you will not get around of aquiring one. And here, the bigger the cert the bigger the chances are you will be selected for the next rounds of recruting, sadly.

5. Enhance your portfolio

To enhance your portfolio, consider participating in bug bounty programs, writing blog articles, tackling HTB machines (CTF’s), or even hunting for CVEs. Having a BSc or MSc in IT or IT security is always an advantage as well.