# Getting into cybersecurity?



## Kinare (Mar 4, 2020)

no more replies pls thanks, I'm just a dumb


----------



## Marius Merganser (Mar 5, 2020)

It's definitely a good field to go into.
Since you're starting out you might want to look at getting a certification...maybe CompTIA's Security+ or the CISSP (certified information systems security professional).  Plenty of study guides at the local bookstores.

I'm currently working on getting the certified wireless network administrator cert just so I can go for the certified wireless security cert.  Wireless security is so underestimated.

You also may want to familiarize yourself with firewall concepts.  Should be plenty of youtube videos about that.  

And you probably want to subscribe to some security news sources to keep up on trends.


----------



## Kinare (Mar 5, 2020)

Marius Merganser said:


> It's definitely a good field to go into.
> Since you're starting out you might want to look at getting a certification...maybe CompTIA's Security+ or the CISSP (certified information systems security professional).
> 
> You also may want to familiarize yourself with firewall concepts.  Should be plenty of youtube videos about that.
> ...



The website I'm learning on has courses for those sort of certifications, indirectly so though. (Basically, they don't say "CompTIA Training", but mention in the description the course can help you get that cert.) Since it's free for 30 days as much as I can squeeze in I'll probably give them all a try.

I actually know a decent bit about firewalls and network security stuff since I had to dismantle my own network to get my game server to be seen by the interwebz, lul. Not enough to get a job in it, but enough to understand the basic concepts and know that I can handle learning about it and actually do it successfully to the point I could troubleshoot it for someone else if needed.

Have any suggestions on a couple solid sources to subscribe to? Google is daunting in that regard...


----------



## Baud (Mar 27, 2020)

I don't know what course you are talking about but out of all the unofficial ones I've checked out there wasn't one that couldn't be replaced by some Googling. Cybersecurity is a very broad subject which requires different skillsets depending on the field you wish to make your own specialization, or at least your starting point. Are you more interested in getting into incident response, offensive security, bug hunting, network administration, or what else?

I'm currently studying for a penetration testing certification to help me break into the industry, I have some practical experience in the field but not a single piece of paper to show potential employers, so I haven't had much success in looking for a job still. Also keep in mind that personal experience is always very important, don't stop at the material the certification entity is giving you, take it two steps beyond and study as much as you can, maybe they won't reward you directly, but it'll allow you to distinguish yourself from the tens of thousands of people getting certified these days.


----------



## Kinare (Mar 31, 2020)

Toni88 said:


> I don't know what course you are talking about but out of all the unofficial ones I've checked out there wasn't one that couldn't be replaced by some Googling. Cybersecurity is a very broad subject which requires different skillsets depending on the field you wish to make your own specialization, or at least your starting point. Are you more interested in getting into incident response, offensive security, bug hunting, network administration, or what else?
> 
> I'm currently studying for a penetration testing certification to help me break into the industry, I have some practical experience in the field but not a single piece of paper to show potential employers, so I haven't had much success in looking for a job still. Also keep in mind that personal experience is always very important, don't stop at the material the certification entity is giving you, take it two steps beyond and study as much as you can, maybe they won't reward you directly, but it'll allow you to distinguish yourself from the tens of thousands of people getting certified these days.



Well, Googling only helps in this case if you have a good basic understanding already, which I don't. At the time of writing my original posts I was going to do Coursera courses, but when I went to actually do them I noticed the ones I wanted were only part of a 7-day trial, not the 30-day one I thought. The 30-day ones didn't seem in-depth enough. I ended up going with a cheap site that has courses for basic stuff I need to know, all the way up to more advanced things.

As for what specific thing I've decided to go into, I don't know yet. I think I'll start as just an analyst, then probably see how it goes from there and aim for the certification that is desired for that area. I like the idea of pentesting, but from checking job listings it seems to require being able to code your own testing programs, which means I will not enjoy it as much as I think because I hate coding. Anything that involves puzzle solving without the need to code is ideal for me, and there's a few options in that regard.

Major issue I'm having atm is it seems the testing center is closed due to covid-19. Their site says until April 16th, but could be longer if the virus is still spreading like crazy then. Other issue is all of the jobs seem to be downstate, which is also where most of the outbreak is occurring. Basically, until this virus fucks off, I think it will be near impossible to get a job. The place I want to apply at first seems like a great opportunity because they hire people like me who are new to it and will help them advance through, even offering to pay for advanced certs if you end up staying with them. Plus, they have decent reviews. They don't say how much they pay in their listings, but if I start with them and commit as long as needed for them to pay for advanced certs, I can live off of the lower end of pay because again that's it's still double what I make now and then go for better jobs.


----------



## kiroku (Mar 31, 2020)

I started my career learning networking terms and how it works. Having a solid fundamental IT background will help you in any branch of computing. Before jumping to security (it's great you have a path in mind!) familiarize yourself with basic things like the data link layer, routing, TCP/IP network models, TCP sockets (important in security), and other things. I think what I want to stress the most is definitely jump into it how you want, but try to dive deep into the things you don't know you don't know.

Look at junior/associate security positions, read the requirements, use those as outlines for things you should be learning about. Most places will want at the minimum a CCNA or Security Plus. Learn what all of the certification jargon means and feel it out from there! The networking/IT community is very transparent and there are a lot of resources out there.

Also, it's expensive, but I highly recommend Coursera. Google has an IT funadmentals (5 parts?) class with a certification at the end. They cover from very basic "what is a computer" to system administration and security.


----------



## Kinare (Mar 31, 2020)

kiroku said:


> I started my career learning networking terms and how it works. Having a solid fundamental IT background will help you in any branch of computing.



Networking in general is something I'm reasonably familiar with having had to fight with it to get my server set up proper. I don't know all the technical terms though, so I plan to take a course that teaches me those even if I don't go for the Network+ cert. Luckily, the site I paid for has a class for such included, so that'll be fine. In general I have a very tech strong background, though I lack knowing specific technical terms, and I still have to ask Google sometimes what a command to do this or that is since I may only need it on occasion right now. I'm sure if I get into a job where I'm using these things a lot I'll remember them better.



kiroku said:


> Look at junior/associate security positions, read the requirements, use those as outlines for things you should be learning about. Most places will want at the minimum a CCNA or Security Plus.



Yep, that's what I've been doing, and is why I've set my mind to getting Security+ asap, then getting an entry level job, then trying to work towards more advanced certs as I gain experience in the field and decide exactly what path I want to take.



kiroku said:


> Also, it's expensive, but I highly recommend Coursera. Google has an IT funadmentals (5 parts?) class with a certification at the end. They cover from very basic "what is a computer" to system administration and security.



I saw that when I was checking Coursera out, but I honestly don't think that will help me get a job, and I don't have money to waste on something that won't impress employers. My mom and dad are helping me pay for these things with their limited funds, so I have to try to do the minimum possible to get in, then I can work on going for extra things after I have an entry level job.


----------



## kiroku (Mar 31, 2020)

Kinare said:


> I still have to ask Google sometimes what a command to do this or that


Don't worry, Google is everyone's friend no matter the position/level.

I think you're going at it wisely. If you're lucky and find a company that values curiosity and an ambition to learn, using personal, at home experience can help, too. I remember when I first interviewed for my first NOC position, I talked about how I set up my own NAS and the RAID I had it configured in and what it means. Yes, there is still "on paper" qualifications to meet, but being able to talk about your hobby experiences like you have already is also something managers look for!



Kinare said:


> I had to dismantle my own network to get my game server to be seen by the interwebz, lul. Not enough to get a job in it, but enough to understand the basic concepts and know that I can handle learning about it



Many tech companies will also pay for you to take certs, so don't break yourself on those, but it will give you a great advantage to have one and experience you can talk about.


----------



## Kinare (May 17, 2020)

So, my exam for the Security+ is tomorrow. Been studying my ass off as much as I can, but man the practice tests (and supposedly actual test questions) are making me feel dumb as a rock. If either the practice or "real" questions are even remotely on point, probably a good half of what the exam will ask of me is absolute nonsense. Not only because the questions are often poorly worded, but also because much of the content is useless and irrelevant to the job... The other half is common sense crap that most people who do IT stuff regularly can make a solid guess at.

My brain hurts from trying to do the practice tests. ;-; I'm stuffing so much useless information in my head while fighting discouragement knowing this crap is designed to make me fail, not for me to learn.

I think even if I fail 2x (I have a retake), I'm going to apply for the job I saw downstate where they welcome people who are trying to get into the field. I will learn so much better doing hands on work, so it will reinforce the few things I might need to just scrape by passing the exam or maybe I can go for a more advanced cert instead.


----------



## PercyD (May 19, 2020)

I got my Security + a few years ago myself~. I just recently got published on a security site, though. I'm thinking about contacting CompTIA to renew since I've been published.


----------



## Kinare (May 22, 2020)

I failed the exam, not surprising. I decided that rather than expend my 2nd try on something I don't feel confident on, I'd apply for that job anyways to see if they'd let me in knowing I had just done some classes by myself.

Didn't think I'd get a response so soon or at all, but after some preliminary questions they want to have a phone interview next week some time. I just have to not blow this interview and I think I have a pretty good shot at this.

The only catch is that I can only work a maximum of 29hrs per week at $11/hr until I earn a full-time position, which they said can take on average 4-6 months. Still, considering this is essentially a paid internship... and $11/hr is a bit more than I make now... I'm gonna try my hardest to make it work. It's pretty much my only chance to get in without finishing up certification on my own, but I'm having trouble cementing the concepts in my head without being able to get hands-on. I'll have to live about half an hour away to be able to afford rent and such, but that would only last a year max I figure and then I'll be making normal analyst wages, which are like 2x what I make now at minimum and I'll finally have benefits.


----------



## PercyD (May 22, 2020)

Kinare said:


> ... I'm gonna try my hardest to make it work. It's pretty much my only chance to get in without finishing up certification on my own, but I'm having trouble cementing the concepts in my head without being able to get hands-on. I'll have to live about half an hour away to be able to afford rent and such, but that would only last a year max I figure and then I'll be making normal analyst wages, which are like 2x what I make now at minimum and I'll finally have benefits.



Keep trying! Don't give up! >u<!!

Also, that sounds like a good deal. Don't be ashamed to take an internship. Internships are how you launch a new career. My experience at my internship help launched the business I have now.


----------



## Kinare (May 22, 2020)

PercyD said:


> Keep trying! Don't give up! >u<!!
> 
> Also, that sounds like a good deal. Don't be ashamed to take an internship. Internships are how you launch a new career. My experience at my internship help launched the business I have now.



Yep, I'm grateful for the opportunity. It's pretty much my only way in, so I'll take it, hehe.


----------



## PercyD (May 22, 2020)

Speaking of, I've gotta get my Security + (and all the others down below it) reinstated. I just got one of my cyber security articles published. c:

I'd love to get more published too, but the person I'm working with is... I don't want to call them flakey, because I dunno whats going on in their life. But it's very hard to get feedback from them/get more work done.

I would have gotten more articles out there, but they've got to put my money in escrow first before I give them something.


----------



## Foxy Emy (Jun 12, 2020)

Kinare said:


> After reading another thread here, I decided to look into it more and, well... I'm lost at how to get into cybersecurity. I think it would be a great career for me, but it seems hard to get into. I asked Google, but there's lots of conflicting info on how to actually get in. Some sites say "just do it" - but... how? Others say "start in IT support/sysadmin" - well that's fine cuz I've done that on a volunteer level for a gaming clan and I enjoyed it until clan drama ruined it, but I'm unsure how close to an actual job that was, so I don't think it would be enough to land a legit sysadmin job. I looked into getting some sort of sysadmin skillz to put on my resume aside from that and found an online training program that gives a free 30-day trial which is cool, so we'll see how that goes.
> 
> To those of you in the field already, how did you get in? Or, if your goal is to get in like me, what have you decided is the best course of action to do so?



Network Security is like 90% of cybersecurity.

A good place to start is by getting your Cisco CCNA Routing & Switching (that test is heckin' hard!) then you take your CCNA Security test and with that you can get a security related position pretty easy even if you don't already have "3 years working in a security related position."

The CCNA Security cert is pretty powerful for getting jobs.


----------



## PercyD (Jun 12, 2020)

Any Cisco networking cert is good because Cisco requires companies to hire certified people to even use their products. Its very good.

You can also get your feet wet with Comptia's Security + cert. I got mine at a certifying organization that hooked me up with a job. It's good to have these connections in the community, since people care far more about who you are as a person then they do about the certifications you have. Having people who can vet you and get you working on projects is the best.


----------



## Kinare (Jun 12, 2020)

I gave up because I'm a dumb when I can't hands-on learn, so this thread is basically unneeded for my needs, maybe someone else can get useful info from it though.


----------



## PercyD (Jun 12, 2020)

Kinare said:


> I gave up because I'm a dumb when I can't hands-on learn, so this thread is basically unneeded for my needs, maybe someone else can get useful info from it though.


Aww, did the job fall through?


----------



## Kinare (Jun 12, 2020)

PercyD said:


> Aww, did the job fall through?



I got the first interview of 3, but was not able to move onto the 2nd. They asked some questions to test my knowledge and even though I knew the answers I felt too much pressure due to a random oral exam and messed up a lot... Right after ending the call I remembered things I should have said. The other people did better and I was told so, and that I could apply again once my knowledge improved. But I am a dumb and will never remember terminology well enough to take an oral exam on the subject without being able to get the practical experience.


----------



## Eli_the_Wolf23 (Jun 12, 2020)

My cousin has a degree on that but as for me I am more into games but yet I struggle with coding unless I write it down on a notebook.


----------



## Vesper The Coyusky (Jun 12, 2020)

Cybersecurity is a good career path to go to. Like marius mentioned earlier, CompTia A+ certification is the way to go. As for me, it is a nice addition to my IT Field, but I'm more of a IT Support Administrator Repair Technician just completing the basic CompTia A+ Essentials certification and looking to fix devices at a store that requires certification or possibly start my own repair shop. I self studied for 3 weeks straight before I took my CompTia A+ exam and passed. As for my advice if you're going into cyber security, prepared to see not just firewalls, but in depth objectives from intruder attacks, like social engineering, phishing, what scenario's you will face, how to solve and react them in an efficient way.  Good luck on to your future career path.


----------



## PercyD (Jun 12, 2020)

Kinare said:


> I got the first interview of 3, but was not able to move onto the 2nd. They asked some questions to test my knowledge and even though I knew the answers I felt too much pressure due to a random oral exam and messed up a lot... Right after ending the call I remembered things I should have said. The other people did better and I was told so, and that I could apply again once my knowledge improved. But I am a dumb and will never remember terminology well enough to take an oral exam on the subject without being able to get the practical experience.


If you decide you want to pick up again, I highly suggest Per Scholas. They have a few schools around the country now.

They have labs where you can get practical experience. I used to run some in the Bronx.


----------



## Kinare (Jun 12, 2020)

PercyD said:


> If you decide you want to pick up again, I highly suggest Per Scholas. They have a few schools around the country now.
> 
> They have labs where you can get practical experience. I used to run some in the Bronx.



I'd wager they're not free though, right? School is never free here. And I'm not exactly in a huge metro area with tons of opportunities, I would have had to move close to Detroit to get the internship, which is not close to me at all.


----------



## PercyD (Jun 13, 2020)

Kinare said:


> I'd wager they're not free though, right? School is never free here. And I'm not exactly in a huge metro area with tons of opportunities, I would have had to move close to Detroit to get the internship, which is not close to me at all.


They are free. They were a (specialized) job placement and training place paid for by NYC.
And I feel you for that, I had to make a lot of sacrifices to move from NC to NYC because they had FAR MORE resources. vAv
I was able to get help starting my business. They had programs to pay me while I was bringing my business up. Whew~...


----------



## Kinare (Jun 13, 2020)

PercyD said:


> They are free. They were a (specialized) job placement and training place paid for by NYC.
> And I feel you for that, I had to make a lot of sacrifices to move from NC to NYC because they had FAR MORE resources. vAv
> I was able to get help starting my business. They had programs to pay me while I was bringing my business up. Whew~...



Here in Michigan it's all about those manufacturing jobs, they'll bend over backwards to train you for them. If I could afford to move somewhere with more opportunities I'd love to, but I'd need a guaranteed good paying job there first. =/


----------



## PercyD (Jun 13, 2020)

Kinare said:


> Here in Michigan it's all about those manufacturing jobs, they'll bend over backwards to train you for them. If I could afford to move somewhere with more opportunities I'd love to, but I'd need a guaranteed good paying job there first. =/


Lemme tell you, I had literally live on food stamps and couch surf for awhile to make it in NYC. Even my enginnering degree didnt mean anything to people. It wasn't very plesant. Im still just renting a room right now.

Sometimes you just have to take a risk. Its a personal choice. I feel like my risk paid off.  It will get better, but you have to lay some skin in the game.


----------



## naeon (Jul 3, 2020)

I didn't see anyone say it (forgive my blindness if someone did), but check out Cybrary! They have a lot of free content that's pretty decent. I've used quite a few training platforms over the last six years and I would rate them in the top 5 that I've used.

I have a dozen or so certs and I can say that I didn't pass them all on the first try. I also have test anxiety and get nauseously anxious every single time I take one. Recently went through two interviews for a popular online retailer and it was nerve-racking. Though after the first interview I did feel a lot more confident. Practice can help with feeling more comfortable in interviews. For them there was actually a shared whiteboard that I had to type out code in... My brain did not appreciate. 

I currently work in the field, so will answer questions that I can if you have any. I can also provide recommendations on getting hands-on experience in a homelab depending on what you're trying to learn.


----------



## Kinare (Jul 8, 2020)

naeon said:


> I currently work in the field, so will answer questions that I can if you have any. I can also provide recommendations on getting hands-on experience in a homelab depending on what you're trying to learn.



I'm pretty sure I can only really go for an analyst role. Pentesting requires knowing how to code to defeat the things you're trying to penetrate, so that's out because I hate coding. My brain gets the angeries and then just shuts off if I try to mess with code too long, having to do it for 8-10 hours a day 5 days a week would be like a light form of torture. I really like digital forensics, but from what I've researched you basically have to get a master's degree so that's out, lul. That leaves analyst.

Regardless, self defeat tells me I'm too dumb, so now I have to waste time I don't have trying to convince myself I can learn anything and that it's even worth trying despite my limitations.


----------



## naeon (Jul 8, 2020)

Kinare said:


> I'm pretty sure I can only really go for an analyst role. Pentesting requires knowing how to code to defeat the things you're trying to penetrate, so that's out because I hate coding. My brain gets the angeries and then just shuts off if I try to mess with code too long, having to do it for 8-10 hours a day 5 days a week would be like a light form of torture. I really like digital forensics, but from what I've researched you basically have to get a master's degree so that's out, lul. That leaves analyst.
> 
> Regardless, self defeat tells me I'm too dumb, so now I have to waste time I don't have trying to convince myself I can learn anything and that it's even worth trying despite my limitations.



Not all pentesting is coding! Remembering switches for nmap is handy, but I've met pentest folk that don't code. You could always look at physical pentesting too. 

Forensics sounds cool, but there's a lot of political stuff involved. At least in my experience. 

One question that I have for you (and it's slightly off topic for this thread), would be what is it that you want to do as a career? Forcing yourself to learn is never fun and not being engaged makes knowledge retention pretty close to impossible.


----------



## Kinare (Jul 8, 2020)

naeon said:


> One question that I have for you (and it's slightly off topic for this thread), would be what is it that you want to do as a career? Forcing yourself to learn is never fun and not being engaged makes knowledge retention pretty close to impossible.



I don't have a particular aim for a career, but when I first made this thread I would have told you my goal was cybersecurity. Anything I do for a career has to be interesting to me and also keep my brain working, so something problem solving in an area that I'm naturally decent at. I know I could do cybersecurity if I could just get into the field, but being forced to learn terminology without putting those terms to work is just making me feel dumb. =/ What's worse, the stupid exam just for the baseline cert (Sec+) is designed to be failed, probably so they can suck more money out of people... Capitalism ftw.

It's also interesting to me that despite being supposedly a high demand field it's pretty difficult to find entry level positions. The job I applied for was the one and only paid internship I found in the country, and there aren't that many internships open to people who aren't actively in school. Self-teaching isn't an option for them. Now, when declined they did say I could apply again when I had more knowledge, but it's still daunting to have put in as much work as I did, failed the exam because it's ridiculous, then have the pressure of needing a better career yesterday creeping up on me.


----------



## naeon (Jul 14, 2020)

The Security+ covers a lot, but I don't think that it's designed to be failed. If it is, they failed when I passed on the first try 

It can definitely be hard to get into.  A lot of companies have ran into employees getting poached once their staff is trained so quite a few tend not to want to hire outside for tier-1.


----------



## Artifex670 (Jul 18, 2020)

I did my CompTia Security+, followed by my OSCP (Offensive Security Certified Proffessional) and got a job as a Penetration Tester (Ethical Hacker) for a Mobile network. Before that I was an Air Force Engineer. 

First off, Cyber Security is a HARD career choice. So don't beat yourself up if you fail any exams the first time around. Especially if you're starting from scratch. But the reason it's in high demand for people and pays well is because of that difficulty. So embrace the challenge 

If you want to get into Cyber Security then saying you don't want to do any coding/programming is like tying your hands behind your back. Go into it with an Open mind, learning to program can be a liberating experience, depending on what language you learn first. I think of it like learning the Arcane Arts of Magic in a Fantasy story, so I'm like a Wizard XD

Ethical Hacking doesn't require you to code entire hacks from scratch, most of it is simply modifying a couple of lines of existing code to adjust it for the target. Eg:

*target = 10.1.1.2*

becomes...
*
target = 10.1.1.3*

Don't get me wrong if you can code entire hacks/exploits that will REALLY impress people but you don't have to be an expert in programming. A working knowledge will do.

Sorry this post is becoming too long and I can keep going for a while 

TLDR: Embrace the challenge, don't be afraid to fail, learn to Program in Python, Books are your friends, Hackers are Wizards XD

Dm me if you have any questions.


----------

