Learning Cybersecurity

  1. Understand the BasicsStart with CompTIA Network+
    • Computer Networks: Start with the OSI model which gives you a conceptual understanding of how different protocols interact to provide network services. Learn about network devices such as routers, switches, and firewalls, and how they operate. Understand the principles of TCP/IP, including the roles of TCP, UDP, IP, and ICMP protocols. Know the difference between public and private IP addresses, what DNS does, and how VPNs work. Familiarize yourself with network troubleshooting tools like ping, traceroute, and Wireshark.
    • Operating Systems: Understand the core components of an operating system, including the kernel, system calls, and file systems. Learn how processes, memory, and storage are managed. Understand the basics of user and group permissions. Familiarize yourself with command-line interfaces, particularly Bash for Unix-based systems and PowerShell for Windows. Know how to install and configure software and security updates.
    • Computer Programming: Learn a scripting language like Python, which is widely used in cybersecurity for automation tasks, analyzing data, and creating simple servers. Get a basic understanding of a lower-level language like C, as it gives you a better understanding of how software interacts with the operating system. Understand HTML and JavaScript, as they are fundamental to web-based attacks.
  2. Learn About Cybersecurity FundamentalsStart with CompTIA Security+
    • Cryptography: Understand the principles of encryption and decryption. Learn about symmetric (e.g., AES) and asymmetric (e.g., RSA) encryption algorithms, cryptographic hash functions (e.g., SHA-256), digital signatures, and public key infrastructure (PKI). Familiarize yourself with secure communications protocols like SSL/TLS and SSH.
    • Identity and Access Management (IAM): Learn about the concepts of authentication (verifying who you are), authorization (determining what you can do), and accounting (tracking what you did). Understand different authentication methods, from passwords to biometrics. Know about role-based access control (RBAC), least privilege, and separation of duties.
    • Network Security: Learn about firewalls, intrusion detection and prevention systems (IDS/IPS), VPNs, and wireless security. Understand different network attacks, such as DDoS, man-in-the-middle, and DNS spoofing, and how to mitigate them.
    • Application Security: Understand the common vulnerabilities listed in the OWASP Top Ten, such as injection attacks, broken authentication, and cross-site scripting (XSS). Learn how to conduct a vulnerability assessment and a penetration test. Understand secure coding practices and how to use a web security scanner.
  3. Get Hands-On Experience:
    • Simulations: Use platforms like, LetsDefend, ThreatGEN, Hack The Box or TryHackMe, which offer a range of machines to exploit, from beginner to advanced. They also offer paths, like “Web Fundamentals”, “Active Directory”, etc., that guide you through a range of related machines and teach you a particular topic.
    • Capture the Flag (CTF) Competitions: Participate in CTFs, where you solve security-related puzzles ranging from cryptography to reverse engineering to exploit development. CTFTime is a good resource to find upcoming CTFs.
  4. Cybersecurity Resources: