Monday 15 July 2019

Where do I start in learning about hacking and cyber-security?

One of the fastest growing fields in Computer Science is that of Cybersecurity. The world is digitizing and today, we have more computers and smartphones than ever before. Large corporates have a lot of digital information and so, the security of this data becomes critical. As a result, they are investing heavily in data security.
This opens up a lot of job opportunities in the market for Engineers who are looking for jobs in a cutting-edge, fast-growing field.
Cybersecurity is a broad domain and it can be classified into the following 5 subdomains:
  • Web Application Security
  • Network Security
  • Android/iOS Security (Mobile Security)
  • Forensics
  • Cybersecurity Training
For a beginner who has recently graduated from college and is looking to build a career in cybersecurity, the first 3 (Web Application Security, Network Security, and Mobile Security) are great starting points. In fact, for those who have some prior experience of Cybersecurity in college, even Cybersecurity Training is a great opportunity. All 3 of them have common starting steps:
  • Learn the basics of the Security domain as a whole to get a high-level understanding of all the concepts.
  • For the Network domain, you should consider brushing up with the fundamental concepts of Computer Networks (TCP, UDP, IP, DNS, etc.)
  • For Web domain, you should be aware of the related terminology like Web Browser, HTML, JavaScript, HTTPS Request and Response, etc.
  • For Android/iOS, it is recommended that you have some prior experience (or a project) of mobile application development so that you have a better understanding of what’s happening under the hood.
Note that the above concepts have nothing to do with Cybersecurity. The above are all rather domain-related concepts where you are trying to first understand what is Web and how does it work before getting into the security of the Web.
Once you have a brief understanding of the domains, you can take an introductory Cybersecurity course on Cybrary. Cybrary offers some great courses on Cybersecurity in various domains and it is a great starting point for beginners. Aim to complete the most basic Pentesting course on Cybrary. As you get to know about various domains, you should try and see which one interests you and accordingly, you can choose to develop skills in that domain in order to get a job.
Among all the above 5 domains, the most demanded one is the Web. For the web, once you’ve completed the above Cybrary course, you can start practicing on various vulnerable machines that are available on Vulnhub. Another great resource is to Hack The Box. Both are one of the finest resources available to practice your skills. A few of the machines available on Vulnhub from the beginner's perspective would be DVWA, Metasploitable 2.0, Necromancer, and Kiotrix series. All about CTF (Capture The Flag) is another great platform, although Vulnhub and Hack The Box are recommended.

No comments:

Post a Comment