top of page

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Another getting started with CyberSecurity and Ethical Hacking Jan 2025

I’m often asked by folks just getting started in cybersecurity about the best way to begin their journey. Honestly, I sometimes feel like I’m not great at answering this question because it depends on factors like current industry trends, what motivates the individual, and even the state of the job market. Plus, the "best" answer can change over time!


That said, I wanted to share some advice I gave to someone who emailed me earlier today. One thing I always recommend is to seek out multiple perspectives. Don’t fear differing opinions—sometimes disagreement can be the most valuable learning opportunity!

 

1. Gain Hands-On Experience


Practical, hands-on experience is the cornerstone of a successful career in cybersecurity. It’s challenging to get started, but there are many accessible platforms and tools to help you build these skills.

Here’s how you can start:


  • Build Your Own Lab: Download vulnerable systems from VulnHub and practice hacking and securing them. Start with something like DVWA (Damn Vulnerable Web Application) for a beginner-friendly introduction.

  • Hack The Box (HTB) and TryHackMe: Complete as many scenarios and badges as possible to understand real-world attack and defense techniques better. I have met people who have been diligent about using HackTheBox, and after a few months, they seem to have a better understanding of how to do a PenTest than people I have seen with years of experience.


    Gaining Experience (not sure how well it works in your area).


    I'm not sure if it would work today, but when I started off, I was calling small businesses such as car dealerships, large furniture and home improvement showrooms (with multiple locations), and construction companies, and offering pen testing, security assessments, and network assessments. Sometimes, I offered it for free (with them being referenced).


    It helped me gain some experience very fast. When I offered these services for free, I wasn’t taken seriously, so just being cheap (but not too cheap) turned out better. I still had to do some leg work like registering an LLC, developing a decent website, and getting business and liability insurance. When I proposed these services and backed them up with my paperwork, I found a good path to success.






2. Certifications


Certifications can help you land entry-level positions and build foundational knowledge. While they won’t guarantee a job, they demonstrate commitment and give you a framework for learning. Do not get into the grind of never getting these certs. It’s important to understand that none of these certifications will help you get a job. However, if you go through all these certs and truly understand them and can lab these scenarios up, your knowledge, I think, will come through in interviews. You are not flexing your certs, but flexing your hunger and excitement about the topics.


Recommended Beginner Certifications:


  • Network+

  • Security+

  • PenTest+

  • Fortinet Certified Fundamentals and Associates (Free and practical training available online)

  • eJPT (INE): A great entry-level certification with hands-on labs.

  • Certified Ethical Hacker (CEH): It can benefit beginners, and I like their recent updates.

  • CCNA (Cisco Certified Network Associate): Essential for understanding networking fundamentals.

  • CASP+ - I feel like I see them being valued more in Europe and Asia.


Of course, some certifications are extremely valuable when looking for jobs. Some of them include SANS GIAC certs and OSCP. If you are interested in management, CISSP is also recognizable (although you should have leadership experience to make it valuable to employers).  I don't think these certifications are for beginners, and I would warn people that they are generally not cheap to achieve. Maybe use this as a year 2 or year 3 goal to achieve.

 

3. Blogs, Podcasts, and YouTube Channels


Stay updated with industry trends and gain new insights through these resources:


Blogs and Podcasts:


  • BleepingComputer

  • Fortinet Threat Intelligence Blog

  • Palo Alto Networks Blog

  • Darknet Diaries (Podcast): Engaging, real-world stories about cybersecurity incidents.

  • Krebs on Security

  • Verizon DBIR report

  • ThreatPost

  • CyberWire Daily (Podcast)

  • Malicious Life


YouTube Channels:


  • LiveOverflow: Deep dives into exploit development and reverse engineering.

  • Hak5: Practical tips on cybersecurity tools and gadgets.

  • PwnFunction: Clear explanations of hacking concepts.

  • PwnCollege: Excellent for hands-on CTF-style learning.

  • Seytonic: Beginner-friendly hacking tutorials.

  • NetworkChuck: Covers networking and cybersecurity basics in an engaging way.

 

4. Join the Community


Networking with other professionals is crucial. Start by:


  • Local Cybersecurity Groups: Many cities have active communities you can join through LinkedIn, Discord, or Meetup.

  • BSides Conferences: These local and affordable cybersecurity conferences offer invaluable learning and networking opportunities.

  • DEF CON and OWASP Events: Larger-scale conferences with workshops, talks, and hacking villages.

  • Vendor events - Many vendors have events and lunch and learns. Most of the time, they target sales opportunities, but often, they open events. I try not to waste their time and let them know I am just interested in learning.

 

5. Explore Bug Bounty Programs


I know you are new and may not get far on these, but you should explore them often. Bug bounty platforms are a fantastic way to gain hands-on experience and earn rewards for finding vulnerabilities:


  • Bugcrowd

  • HackerOne

  • Intigriti


Quick Overview of Bug Bounties: Bug bounty programs allow ethical hackers to identify security vulnerabilities in organizations’ systems. As you improve your skills, these platforms can offer real-world experience, financial incentives, and a strong portfolio to showcase to employers.


6. Training Resources


  • Udemy: Wait for sales, as excellent courses can drop to $10 USD or less.

  • Hack The Box and TryHackMe: Both offer free and affordable plans for practical, hands-on learning.

  • YouTube: Use the channels listed above for free, high-quality training.


7. Set a Structured Timeline


If you dedicate yourself, you can achieve significant progress in 6 months or less. Create a schedule that balances certifications, labs, and community engagement. Consistency is key.


Cybersecurity is an ever-evolving field. The more curious and persistent you are, the more you’ll grow. Immerse yourself in the culture, ask questions, and embrace challenges—it’s all part of the journey.

 

I wish I had time to guide many people asking me for advice one-on-one, but it’s a bit difficult. I would highly utilize cybersecurity and AskNetSec on Reddit, find some top cybersecurity people on X.Com, and follow them and their followers. 


Remember that I am writing for people trying to break into cybersecurity and ethical hacking. My advice would be pretty different if you already have experience and are trying to go from entry-level to mid-level or expert.

 

1 comment

1 Comment


Ceci Tabares
Ceci Tabares
5 days ago

Hi Aamir,

I've just finished your course, "Practical Blockchain," and I have to say that you are truly generous with your knowledge and engagement.

You're the best teacher I've had in a long time!

I am very grateful. Thank you so much!

Like

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

SOCIALS 

SUBSCRIBE 

Keeping you informed | Latest News

© 2018 Dr. Chaos 

bottom of page