Getting into business
Alright, after becoming familiar with some fundamental concepts, now it’s time to get into business: dive into cybersecurity and make a career out of it! Let’s see how we can accomplish that:
LEARN HACKING!
Like learning any other skill, you can learn hacking by simply looking on google for “how to be a hacker” and a lot of free resources and articles (like this one) will show up that you can learn a lot from, below are some of the free resources that you can make use of:
Port Swigger academy: If you are interested in web exploitation, then this resource is totally for you, port swigger academy offers an in-depth learning material in which you can learn about a variety of web vulnerabilities as well as how to exploit them, you can also practice what you learn throughout the labs they offer for each section and guess what? All of this is free of cost!
Wonder how to-Null Byte: this website offers a lot of free how-to articles that you can access at any time and learn a variety of skills in hacking such as network hacking and web exploitation (and many more) as well as you can learn about a variety of tools that will help you automate your attacks.
Pentester Lab: like PortSwigger, this is another cool resource for web exploitation, signing up for a free account allows you to explore a variety of web security concepts, from basic to very advanced. If affordable, we would advise you to get the Pro version, but you can still discover a lot with the free content already!
Youtube: Like programming/photography etc, there is a good number of Youtube channels that offer quality content you can use to learn to hack and enhance your arsenal of skills, and it’s free! we would recommend following JSON SEC/LiveOverflow/HackerSploit/MadrasaTech (for Arabic speakers)/Null Byte.
And of course, besides these resources make sure that you build the habit of Googling everything you wonder about!
Alright, now that we explored different resources and learned a lot of hacking techniques, it’s time to
Practice what you learn, and keep on learning:
Like any other skill, it’s important that you continuously practice everything you learn, so that you can be capable of applying all the theory you know in real-life scenarios because what’s in the outside world is different than what’s in the books!
Also, practicing enables you to sharpen your skills, and even learn about other concepts that you didn’t know about!
To practice your skills in Cybersecurity, you can:
Practice with vulnerable systems: Luckily, there exists a variety of intentionally vulnerable systems, designed by professionals to help beginners to sharpen their skills by successfully exploiting these vulnerabilities.
To get started, it’s enough that you install the system on your local machine and start playing around with it, for example, we can cite some vulnerable web applications like DVWA, Mutillidae, bWAPP, and OWASP Juice Shop that you can install to your localhost and start exploiting web vulnerabilities.
After gaining some web penetration skills, you can go ahead and sign up for HackTheBox, where you can find a good amount of vulnerable machines in different categories that you can install and exploit and become a better hacker!
Play CTFs:
CTF (Capture The Flag) is an information security competition, where contestants are challenged to solve a variety of tasks, ranging from simple internet searching to basic programming exercises to exploiting vulnerabilities and hacking servers, the goal of each task is to find a specific text hidden in a server or a webpage, called a flag, which you will need to submit to prove that you solved the task, and earn points! You can read more about CTFs here.
CTFs allow you to enhance your critical thinking and problem-solving skills, it will also make you more comfortable with hacking, as you will be exploiting vulnerabilities along the way! We advise everyone to give it a shot, just open up CTFtime, look for an upcoming CTF, and start playing!
Do bug bounty hunting:
Nowadays, many big companies have what’s called a Bug Bounty Program, which encourages hackers to find vulnerabilities in specific domains in their systems and to report the findings to their security teams, once approved the hacker is then awarded a cash prize called a bounty- depending on how severe is the vulnerability, and can also be featured in the company’s hall of fame!
Bug bounty hunting allows you to discover the professional side of information security and deal with real-world scenarios, so it’s worth the shot if you wish to make a career out of Cybersecurity, as it will make your profile more outstanding!
To begin, you can sign up to Hackerone or Bugcrowd where you can find a variety of programs, make sure to read them well, and happy hacking! Alright, now that we learned and sharpened our hacking skills, it’s time to take things seriously and get into the professional world, let’s see how we can do this!
Networking:
It’s a well-known fact in business that sometimes, it’s about who you know, which is why you must get involved in professional networks and get to know as many people in the industry as you can, that way you can discover opportunities and job offers thanks to that someone you know, who knows someone.
To achieve this, you can attend information security conferences, meet-ups, and participate in open source projects and associations.
Also, you can gain a network by giving back to the community through writing articles, posting tutorials/tips, and CTF write-ups. We must give back to the community that taught and made us what we are today!
Legitimizing your skills by getting certified:
Getting certifications is kind of important nowadays in Cybersecurity, as it gives employers an approximative impression of what roles you can handle in a cybersecurity job.
Although that I believe that what the person knows is more important than what documents he has, I would still recommend getting certified because it’s demanded by employers, and that way you can guarantee the position that you desire.
To know more about certifications, you can read this guide here
Alright, now that the path to becoming a cybersecurity professional became clear, it’s time to get that black hoodie of yours and get into the business.
As a final word, I think it’s important to point out that this domain needs some time and dedication to reach proficiency, and there is no room for overnight success, so don’t get discouraged when you are stuck while some others are making huge achievements, because behind these achievements there exists years of experience, dedication and sleepless nights that led to that final result, and remember that you can do it as they did and even better, just be patient and work harder, and to always be back on track whatever happens! Don’t compare your chapter 1 to someone’s chapter 10.
And we wish you the best of luck on your quest!
By Ahmed Gritli
