How to Start Your Journey into Cybersecurity in 2024 (or how I did)

I’ll start at the very beginning of my journey, a narrative that unfolds from a place of almost complete ignorance. Like many, my understanding of computers was superficial, limited to the generic interactions and knowledge possessed by the average plebian like me. It was during one particularly stagnant period of my life, amidst a sweltering summer and ensnared in the drudgery of yet another uninspiring, dead-end job, that I found solace and escape in books. That year, I voraciously consumed around 40 books, but it was two specific volumes that ignited something deep within me, altering the course of my path. These books introduced me to the art of lock picking, a curiosity that led me to discover Deviant Ollam. His engaging videos not only captivated me but also served as a beacon, guiding me toward a community and a craft that resonated with my newfound interest. I highly recommend his content for anyone intrigued by the intricacies of lock manipulation.

This exploration into lock picking was my gateway into a previously unimaginable world where individuals were compensated to ethically break into buildings. I delved into the practice, rapidly advancing my skills, and soon realized the importance of possessing a robust set of computer skills to truly excel in this field. Despite my lack of knowledge in computing and hacking (literally zero), my circumstances soon changed in a way that afforded me an invaluable opportunity. Following a layoff, I was propelled by both necessity and a relentless drive to better myself into dedicating my time to mastering these skills. Beginning on Halloween of the previous year, my journey into the world of cybersecurity officially began.

I initiated this venture with the Google Cybersecurity Certificate through Coursera. Although it mainly consisted of video content and culminated in certification, it provided a comprehensive overview and prepared me for the challenging journey ahead. Undeterred by my limitations, I progressed to TryHackMe, where I systematically completed several learning paths, including the Complete Beginner, Pre-Security, Intro to Cybersecurity, Jr. Penetration Tester, and CompTIA Pentest+. This intense period of study catapulted me into the top 2% of users on TryHackMe within just two months.

Eager to push my boundaries further, I transitioned to HackTheBox (HTB). My previous experience with CTF challenges on THM prepared me for this new arena, where I initially engaged with the Certified Penetration Tester Course before pivoting to the Certified Bug Bounty Hunter course, following the advice of a mentor. Completing this course, I am now in the process of saving for the exam, all the while actively engaging in challenges on HTB, aiming to achieve a similar standing to my top 2% on TryHackMe.

Parallel to my adventures on HackTheBox and TryHackMe, I embarked on courses offered by TCM-Sec Academy, including the Practical Junior Web Tester and Practical Network Penetration Tester courses, among others. I completed the Practical Bug Bounty and Practical Phishing Campaigns courses. This broadened my knowledge base and sharpened my skills in specific areas of cybersecurity.

In addition to these informal educational endeavors, I took on the challenge of creating my own website, https://j0hnc0nn0r.com. This project is my first exploration into web development, and while it required substantial assistance from online communities like Discord, Stack Overflow, Google, and AI, it represents a significant personal achievement. The current challenge I’m tackling is the development of an AI chatbot for my website, a task that, despite its difficulties, I believe will be quite rewarding. If anyone has any suggestions on how to improve the site or implement a chatbot, please reach out to me on Twitter, J0hn_c0nn0R.

Reflecting on the past five months, my journey has been one of intense self-education, marked by both significant achievements and formidable challenges. My background in physical disciplines such as weightlifting and jiu-jitsu has instilled in me a resilience and work ethic that have been indispensable in this endeavor. The discipline required for 8–14 hours of daily study is reminiscent of the dedication I applied to my physical training, proving that the principles of growth and improvement are universally applicable.

As I transitioned back to work in March, I had accumulated four months of concentrated self-study, transitioning from a metaphorical walk to a jog in my cybersecurity journey. While I may not be sprinting yet, the progress I’ve made is palpable, a stark contrast to the ignorance that once characterized my relationship with this field.

For those considering a similar path into cybersecurity, hacking, penetration testing, or bug bounty hunting, my advice is grounded in patience and a foundational understanding of the concepts. Build your own applications, networks, or any project that sparks your interest. Use videos for inspiration but prioritize hands-on practice. Avoid the trap of passive consumption; actively engage with the material. Understanding the concepts first facilitates a deeper comprehension of the more advanced techniques and strategies. While I initially focused on learning hacks, I’ve found that building a solid foundation in the basics is crucial for long-term success. The journey is challenging, filled with complex concepts and invisible processes, all mediated through the simplistic interface of a mouse and keyboard. Yet, it’s important to remember that the field is vast, and no one can know everything. Pursue your interests, stay curious, and never give up. The path to mastery is a marathon, not a sprint, paved with persistence, curiosity, and a relentless drive to learn and improve. So just do that :)