.png)
2 months ago
49 BOOK THIS SPACE FOR AD
ARTICLE AD
I always wanted to put together a write-up for people who are new to this whole process and might need some guidance and help.
I think it could really help those who are just starting out and might feel a bit overwhelmed.
It is important to me to share what I’ve learned and make things easier for others.
Which laptop should I buy?
If I had to recommend a model, I would suggest the Dell XPS or the Lenovo Legion. In general, you should opt for a laptop with at least 16GB of RAM, though 32GB is even better, especially if you need to support multiple virtual machines.VMWare or VirtualBox?
In short: VMWare
You can try both of them and see how you like them but most people I know use VMWare or UTM (for you Mac M1/2/3 users)Kali or Parrot?
If you are new to cybersecurity, I recommend starting with Kali Linux. It is the most popular OS for pentesting, and there are plenty of guides and resources available to help you if you get stuck.Do I need Kali?
While you do not need Kali Linux, it is recommended for its collection of pre-installed tools. However, many professionals also use Windows or Ubuntu for their penetration testing needs.Why do I need a VM?
Virtual machines are essential for safely practicing hacking in an isolated environment. Always run Kali Linux in a VM to avoid potential instability and ensure that your main system remains secure.How to download hacking tools?
Always download tools from official sources or trusted repositories to prevent malware and other security issues.
Many tools are available on GitHub, where you can also find setup guides to help you get started.
If I had to recommend a model, I would suggest the Dell XPS or the Lenovo Legion. In general, you should opt for a laptop with at least 16GB of RAM, though 32GB is even better, especially if you need to support multiple virtual machines.VMWare or VirtualBox?
In short: VMWare
You can try both of them and see how you like them but most people I know use VMWare or UTM (for you Mac M1/2/3 users)Kali or Parrot?
If you are new to cybersecurity, I recommend starting with Kali Linux. It is the most popular OS for pentesting, and there are plenty of guides and resources available to help you if you get stuck.Do I need Kali?
While you do not need Kali Linux, it is recommended for its collection of pre-installed tools. However, many professionals also use Windows or Ubuntu for their penetration testing needs.Why do I need a VM?
Virtual machines are essential for safely practicing hacking in an isolated environment. Always run Kali Linux in a VM to avoid potential instability and ensure that your main system remains secure.How to download hacking tools?
Always download tools from official sources or trusted repositories to prevent malware and other security issues.
Many tools are available on GitHub, where you can also find setup guides to help you get started.
What is the best note taking app?
I recommend either Notion or Obsidian.
The choice ultimately depends on your personal preferences and needs. If you are interested in exploring these options further, I have included a link under the next question that provides a detailed comparison.How to take notes?
The most important thing to do when you start learning anything is to take good notes. That is why I have created a detailed write-up to help anyone who might struggle with note-taking or just needs some examples to guide them.
Link: How to Take Good NotesDo I need to learn programming?
Basic programming skills will help you understand exploits and automate tasks, which is particularly useful if you want to focus on areas like web application security.
If you are unsure where to start, I recommend beginning with Python.Do I need to learn networking?
Yes, mastering the fundamentals is the most important thing in cybersecurity, and networking is a huge part of it.
I recommend starting with Professor Messer’s Network+ videos on YouTube.How to decide which specialization to go with?
Cybersecurity is such a big field, and exploring different areas can help you find what excites you the most.
I recommend looking at various job roles to see what interests you and then trying them out.
TryHackMe has a helpful article that can guide you in this process.
I recommend either Notion or Obsidian.
The choice ultimately depends on your personal preferences and needs. If you are interested in exploring these options further, I have included a link under the next question that provides a detailed comparison.How to take notes?
The most important thing to do when you start learning anything is to take good notes. That is why I have created a detailed write-up to help anyone who might struggle with note-taking or just needs some examples to guide them.
Link: How to Take Good NotesDo I need to learn programming?
Basic programming skills will help you understand exploits and automate tasks, which is particularly useful if you want to focus on areas like web application security.
If you are unsure where to start, I recommend beginning with Python.Do I need to learn networking?
Yes, mastering the fundamentals is the most important thing in cybersecurity, and networking is a huge part of it.
I recommend starting with Professor Messer’s Network+ videos on YouTube.How to decide which specialization to go with?
Cybersecurity is such a big field, and exploring different areas can help you find what excites you the most.
I recommend looking at various job roles to see what interests you and then trying them out.
TryHackMe has a helpful article that can guide you in this process.
TryHackMe or HackTheBox?
If you are new to cybersecurity and are learning the basics, go with TryHackMe.
They have a lot of free rooms and their subscription is worth it.
After that, I would switch to HackTheBox.
They got everything from CTFs, Certificates and much more.
Link: List of FREE RoomsHow to start with Capture The Flags (CTFs)?
CTFs are incredibly popular and highly recommended for newcomers because they provide hands-on experience in a fun, challenging way. My most viewed write-up, “Beginner’s Guide to CTFs” for a reason — it is designed to help you get started and build your skills step by step.Report Writing
There are plenty of report templates available online that you can use as a base. Start by customizing these templates for the labs, rooms, or CTF challenges you are practicing.
Good report writing is essential for clearly sharing your findings with both technical and non-technical people.
If you are new to cybersecurity and are learning the basics, go with TryHackMe.
They have a lot of free rooms and their subscription is worth it.
After that, I would switch to HackTheBox.
They got everything from CTFs, Certificates and much more.
Link: List of FREE RoomsHow to start with Capture The Flags (CTFs)?
CTFs are incredibly popular and highly recommended for newcomers because they provide hands-on experience in a fun, challenging way. My most viewed write-up, “Beginner’s Guide to CTFs” for a reason — it is designed to help you get started and build your skills step by step.Report Writing
There are plenty of report templates available online that you can use as a base. Start by customizing these templates for the labs, rooms, or CTF challenges you are practicing.
Good report writing is essential for clearly sharing your findings with both technical and non-technical people.
Which certifications should I get?
Depending on the job you are aiming for, the certifications you need can vary. The best approach is to search for your desired job title on job portals and see which certifications are most commonly required in your country.
I have created a write-up called “Certifications for Aspiring Pentesters” that covers the most valuable certifications to help you reach your goal of becoming a pentester.How to get a job?
Build a strong portfolio, create a blog or website to showcase your work, and actively network within the community.
Apply for entry-level positions like helpdesk and support roles.
Perhaps the most important thing is to create a strong resume.
For help on crafting an awesome resume, check out my friend Hiro’s guide.
Link: Hiro Resume Guide
Depending on the job you are aiming for, the certifications you need can vary. The best approach is to search for your desired job title on job portals and see which certifications are most commonly required in your country.
I have created a write-up called “Certifications for Aspiring Pentesters” that covers the most valuable certifications to help you reach your goal of becoming a pentester.How to get a job?
Build a strong portfolio, create a blog or website to showcase your work, and actively network within the community.
Apply for entry-level positions like helpdesk and support roles.
Perhaps the most important thing is to create a strong resume.
For help on crafting an awesome resume, check out my friend Hiro’s guide.
Link: Hiro Resume Guide
Bug bounty how to start?
To get ready for bug bounty hunting, start with these resources that will teach you the essentials and prepare you for the field:
PortSwigger’s Web Security Academy is a key resource with labs and tutorials covering everything about Burp Suite and web app penetration testing.
TryHackMe offers a beginner-friendly platform with guided learning paths and challenges that help build your cybersecurity skills, including web application penetration testing. You can gain a lot from their Web Fundamentals Pathway, even without a subscription.
OWASP Juice Shop is an intentionally vulnerable web app designed to practice finding and exploiting common security flaws in modern web applications.
The Practical Bug Bounty (PBB) Course teaches you everything needed for web application penetration testing and bug bounty hunting.
I completed it myself and highly recommend it. It covers topics from XSS to SQL injections, and the first half of the course is available for free on YouTube if you want to give it a try.Does BB count as work experience?
Bug bounty hunting is great experience and shows you have real skills in finding vulnerabilities. However, it may not count as formal work experience.
It is a cool addition to your resume but might be best combined with other types of experience.Bug bounty platform?
HackerOne, Bugcrowd and Intigriti are the most popular platforms.When can I expect making money doing BB?
How soon you start earning from bug bounty hunting can vary a lot based on your skills and how much time you put in. It often takes some time and practice to see steady rewards.
I’d suggest giving it a try on the side first and seeing how it goes before thinking about quitting your job to dive in full-time.
To get ready for bug bounty hunting, start with these resources that will teach you the essentials and prepare you for the field:
PortSwigger’s Web Security Academy is a key resource with labs and tutorials covering everything about Burp Suite and web app penetration testing.
TryHackMe offers a beginner-friendly platform with guided learning paths and challenges that help build your cybersecurity skills, including web application penetration testing. You can gain a lot from their Web Fundamentals Pathway, even without a subscription.
OWASP Juice Shop is an intentionally vulnerable web app designed to practice finding and exploiting common security flaws in modern web applications.
The Practical Bug Bounty (PBB) Course teaches you everything needed for web application penetration testing and bug bounty hunting.
I completed it myself and highly recommend it. It covers topics from XSS to SQL injections, and the first half of the course is available for free on YouTube if you want to give it a try.Does BB count as work experience?
Bug bounty hunting is great experience and shows you have real skills in finding vulnerabilities. However, it may not count as formal work experience.
It is a cool addition to your resume but might be best combined with other types of experience.Bug bounty platform?
HackerOne, Bugcrowd and Intigriti are the most popular platforms.When can I expect making money doing BB?
How soon you start earning from bug bounty hunting can vary a lot based on your skills and how much time you put in. It often takes some time and practice to see steady rewards.
I’d suggest giving it a try on the side first and seeing how it goes before thinking about quitting your job to dive in full-time.
Burnout
Take breaks from learning, set clear goals for yourself, and stay connected with the community for support. There’s no point in burning yourself out by chasing certifications and pushing yourself too hard. Remember, your health is the most important thing in your life.Joining Online Communities
There are many reasons to join online communities, like those on Discord. Some people join to learn from others with more experience, share their own materials, make friends, or build professional connections. Whatever your reason, engaging in these communities can provide valuable support, keep you updated on the latest trends, and help you expand your network. Just remember to be respectful, contribute positively, and take breaks to avoid feeling overwhelmed.
Link: How to Be a Valuable Part of a Community (Cybersecurity Edition)Stress Management
Working in cybersecurity can be stressful, so it is important to work on managing your stress effectively.
Finding healthy ways to cope with stress will help you stay focused and maintain your overall well-being.
Take breaks from learning, set clear goals for yourself, and stay connected with the community for support. There’s no point in burning yourself out by chasing certifications and pushing yourself too hard. Remember, your health is the most important thing in your life.Joining Online Communities
There are many reasons to join online communities, like those on Discord. Some people join to learn from others with more experience, share their own materials, make friends, or build professional connections. Whatever your reason, engaging in these communities can provide valuable support, keep you updated on the latest trends, and help you expand your network. Just remember to be respectful, contribute positively, and take breaks to avoid feeling overwhelmed.
Link: How to Be a Valuable Part of a Community (Cybersecurity Edition)Stress Management
Working in cybersecurity can be stressful, so it is important to work on managing your stress effectively.
Finding healthy ways to cope with stress will help you stay focused and maintain your overall well-being.
Hope this write-up helps some of you, and best of luck on your cybersecurity journey! :)
Bengali (Bangladesh) · 
English (United States) ·