Hey Folks! Some of you asked how I got into cybersecurity, how I acquired the skills needed, what certifications I recommend, etc…So I made this post to wrap up everything and to have something I can refer to in the future. First thing first I would like to mention that this is the way how I did it, every person how his/her talents, skills, and opportunities so what worked for me is not supposedly working for you the same way. Let’s begin!
I always was a curious type of guy, I wanted to know how things work, BUT NOT IN DEPTH. I haven’t had that type of hunger as some of the great hackers I know. I wanted to learn and liked to learn, I got general knowledge in a lot of topics, and also dug myself into some of the topics I liked but not too much. I wasn’t a social type either, got well with everybody, and people loved to be next to me because of my jokes, sarcastic comments and all that stuff. I was always liking deep conversations and I am a good listener, also. Moreover, good problem-solving, analytical thinking and research skills.
That’s who I was, I had to realize that with my talent and knowledge getting a job is impossible.
So I went to university in 2019 to learn Internet and Communication technologies, but I didn’t like it too much. It was in Spanish which was a whole new language for me at that time (i have been living in Spain for 1 year before starting university). I had bad notes even when I knew the material, it was all memorizing, examing, and forgetting. This was the process and I didn’t like that, I finished 2 years of my university studies and started learning cybersecurity at another university which is more practical and people-oriented.
Then in 2020, I started to do machines on Tryhackme, which was a different experience. Learning while doing models, tasks after every section, lab while doing the module, and well-structured paths. It was awesome, in one year I was in the top 1% of the platform. I was learning a lot while enjoying it and I suggest to everybody to start here. It’s free and if you don’t find joy on this platform either in HackTheBox (which is another amazing platform to learn to hack) then you won’t find joy working in cybersecurity, either.
I made my LinkedIn profile in March 2022 and started to be active on some Discord servers (SecurityNewbs, Tryhackme, Cyber Insecurity…etc). Then I realized that I have no clue what I am doing, where to go and what to do. That’s why I searched for a mentor (hey Serdar :D), we met on Cybermentordojo.com and he helped me decide what I want and what the steps are the achieve my goal. I HIGHLY RECOMMEND to everybody who wants to land a job, to find a mentor, from your country and from the sector you want to work in. With the help of a mentor, you will have guidance and somebody who looks at things from the industry and knows what actual certs are worth, what courses are good, what are a waste of money..etc.
Fast forward to May 2022, I completed almost all the paths on Tryhackme, I was going well with my signatures and had some money. So I decided to go for an entry-level certification and my choice was to go with INE and with the eJPT. The course was free but I needed 50 bucks for the cert, luckily I have the best aunt in the world who gave it to me and my dream possible (hey Susan <3). I did the course in a month, some rooms on THM, and more networking.
I started to go to conferences and open days in my local area to meet with new people and to see how they talk and interact witch, each other. Being able to do small talk and interact with new people IRL is something that I didn’t do too often. I had some fear in myself but after 2-3 conferences I gained the confidence and vocabulary necessary to make real connections and communicate with people (which is an art in itself).
July 2022 I AM EJPT!!! Nice, so what? This is something I ask myself a lot to be able to determine the importance of my actual goals. So I started to apply to some jobs, made this awesome website, reached out to a lot of people asking for advice and their opinions and learnt a lot. Also, I did the Threat Hunting and SOC Core Skills by BHIS.In the meanwhile i had some time to do some more courses on AttackIQ, emulating APTs was a very fun experience, learnt about purple teaming, different APTs like FIN6 or LAZARUS$.
In August it was interview after interview, I applied to a lot of jobs, researched companies redid my LinkedIn and my CV a bunch of times, and got rejected 50 times at least. It’s frustrating, I was at my lowest and here I want to say thank you to all of the people who helped me through this month. Keep on applying and reaching out, just one more. Say this to yourself every day and keep moving, if you are on the floor keep crawling out from that feeling, if you can then run. Keep it going champs, the goal is near!
In September I reached out to a fantastic HR professional who offered me a job (Thanks Eva, you are the best), and the whole process was amazing. They called me, and again, and again, and send the papers, called me again and I went for my laptop and company. From the interviewing to the actual work it was less than 2 weeks and believe me we had some problems. But they were flexible and ready for everything.
I am more than grateful to you guys, this is exactly the opportunity I needed. Every day I saw headhunters or HR people in my inbox wanting to have a call with me but you were nice to me and the bare minimum is to do the same with you! I won’t change this team and this leadership for another, God were on my side when this opportunity came.
But, I still learning, I still check the infosec news, I am preparing for the eWPT, completing the last path (red teaming) on tryhackme, writing posts for you amazing people and doing the PNPT course. Learning never stops in this field that’s why I chose it.
In the end my bits of advice (keep in my mind that I am NOT a cybersecurity professional):
Identify yourself: who are you? What are your talents? What are your weak points? If you want to do something that you’ll have absolutely no idea about or don’t have a problem no problem. You can always learn but every problem starts with identification. If you are bad at operating systems then you still can be good at Digital Forensics, just with more work.
Identify what you want instead of saying that “I want to work in cybersecurity” say that “I want to be a pentester, GRC analyst, SOC analyst, purple teamer…etc”.
If you don’t know what rules are available then research the industry, and look up some youtube videos about different roles in an organization related to cybersecurity. Google for some roles and job posts to know what you will need (certs, experience, degrees).
GET YOURSELF A MENTOR. Without a mentor you are lost, you need guidance, this is a huge industry and after 3 years of learning, I still find roles and responsibilities that I had no idea about.
Make a plan and stick with it, if you want to be a SOC Analyst then do all the modules on letsdefend.io or Microsoft have some awesome courses about it. If you want to be a pentester you can go for courses in INE (eJPT,eWPT,eCCPT), ec-Council (CEH and stuff), CompTIA (Pentest+, Security+) all of them are amazing. Just if you start something do it, don’t quit.
Network, network, network. Connect with people with the same goals and help each other, and find a study group for yourself where people are in the same life situation as you. Help each other guys, it’s easier if you are not alone.
DOCUMENT your journey. Make a website, GitHub, medium page, or youtube channel. It can be anything, but you should document your courses, and your notes because the industry is huge, and you gonna learn a lot about a lot of things. Also, how can be the best if nobody knows it?
That was all I wanted to share with you guys, I hope that you will have an amazing weekend, spend a lot of time with the family and learn something new! 🙂
