Cybersecurity like any other discipline can be self taught. Now that we have the internet and so many online resources, you can learn almost anything without the need to go through traditional forms of education e.g. College/University. Now, that being said there is still value in post-secondary education, especially since many employers still require a bachelor’s degree as a minimum requirement for most positions. However, if you’re looking to learn specific skills, maybe you want to pivot into cybersecurity from another field or you want to learn a specific niche within cybersecurity then being self taught is probably the best option for you. You don’t need to go back to university for every small career change. Here I’m going to go over some of the best self taught resources that will help you learn cybersecurity from the ground up.
Pick a Focus
Before you start trying to learn cybersecurity, the first thing I would suggest is picking a focus. This may seem counter productive, “how can I pick a focus if I don’t know anything about it?”. You pick a focus by focusing on two things, what you’re interested in or what your current skillset is. For example if you got introduced to cybersecurity because your website got hacked, then you could focus on website security, how to keep people’s websites from being hacked. If you’re a sales person and you’re interested in cybersecurity, focus on becoming a Cybersecurity Sales Engineer and learning the popular platforms that are being sold B2B in the industry. Cybersecurity is far too broad to learn everything, so you want to pick an area that has good potential for you and just learn that. It will give you a much better chance to be proficient in that area and it will help you stand out from the crowd because you have specialized knowledge. Some common areas would be:
Hacking Computers
Website Security
Cybersecurity Law
Sales Engineer
Cloud Security
Programming
Places to learn cybersecurity
Hackthebox.eu and Vulnhub: Hacking into computers is the whole focal point of Cybersecurity. A hack occurs every 39 seconds and the amount of money caused by computer hacks is over $445 billion annually. Hackthebox and vulnhub are platforms that give you web servers that are purposely configured to be hacked. It has servers with different levels of difficulty that you can use to practice hacking, once a challenge is no longer public many people create write ups and youtube tutorials showing you how to hack into that web server, that way even a beginner can get started right away.
Udemy: Udemy is an online learning platform with over 130,000 courses. It has several courses on cybersecurity including courses on computer hacking, writing malware, programming, information technology, malware analysis and more.
Youtube Tutorials: Youtube is one of the best places for free online tech tutorials. I’ve already mentioned it in the previous sections, but many security researchers make video tutorials showing how they hack into certain computers as well as other proof of concepts relating to software. The good thing about working in tech is that it’s easy to prove that something works because you can run the code on a machine and test it yourself to see it’s validity, which makes youtube tutorials more trustworthy then in other career fields. Some good youtube channels to start with are Hackersploit, zSecurity and IppSec.
Codewars and Topcoder: These platforms teach you coding through practical online challenges. Rather than just teaching theory or syntax through simple exercises, these websites give challenges where you have to build simple programs using a programming language of your choice. Topcoder also adds a competitive element where you compete with other people to build programs faster or better and try to find bugs in the other person’s programs. In my opinion practical challenges like this are the fastest and easiest way to learn and build a portfolio of code that demonstrates your understanding.
Codewars sample exercise
Linux Academy: Linux academy is an online platform that helps people learn about different areas of technology. They offer a huge set of online courses relating to security and technology platforms in general such as Amazon Web Services(AWS), Microsoft Azure and Google Cloud. It’s a good way to learn about cloud security and with membership you have up to 3 servers in the cloud to use for practice. Additionally, you can login to instances of AWS, Azure or Google Cloud to get familiar with the interface.
Tryhackme: This website is dedicated to teaching cybersecurity to beginners. It currently has 3 learning paths: complete beginners, web application security and pen testing and comptia pentest+. It also has a competitive online game centered around hacking into different computers and trying to maintain control longer than the other players in the lobby.
Certifications: Cybersecurity certifications are a good way to a structured and industry recognized education. Certification programs can be general in nature like Security+ or CISSP or focused on one area of cybersecurity such as the OSCP that focuses just on hacking computers. The main benefit here is the structure that you get from following an outlined syllabus and the fact that many are recognized by companies as reputable. If you decide to do one of the certifications, you can choose to self study or pay for classroom instruction. In my experience self study has a much better ROI as even if you pay for classroom instruction, you will still have to spend a lot of time studying yourself. I find the best way to prepare, is to get the self study materials, watch youtube series on the topic and then do as many practice questions as you can. I also like to use reddit to find out what resources other people used to pass the certification.
Final Thoughts
With the amount of resources we have online, you can learn almost anything you want. The problem you may run into when you learn on your own is lack of structure, it can be hard to figure out where you should focus your time and how to measure when you know enough. That is why I suggest you pick a focus, a specific niche that you want to target and then you can focus on finding the resources that will help you understand that area. This is important in making sure you stay focused and don’t get distracted.
Additionally, if you don’t have a tech background but you want to get into the field, these resources are a good way to get knowledge you need and demonstrate that to companies. To do that, it’s important to make a portfolio of what you have done, whether that’s writing code, taking a certification course or hacking into servers on any of these platforms. The best way to know if you have a solid understanding of a topic is to put it into practice.