How to progress in cyber sec
thank you for taking a moment to read this,
i'm very interested in cyber security, but i'm not sure what kinda progress i should be aiming at.
recently i did the CompTIA A+ exams and passed them both, but my goal is the Offensive Security Certified Professional (OSCP) qualification.
i have the privilege of working for a small, but successful IT support group as the junior cyber security analyst, but i don't currently have a senior and i'm now gaining experience answering phones.
my guess the question is, what's a logical next step, that's beneficial for; me, the company, and the future progression.
do i learn more about Kali Linux?
do i move more into gaining sysadmin experience?
do i continue CompTIA course's?
really any advice is welcome and i thank you again for reading this. Joshua.
12 comments
[ 3.8 ms ] story [ 40.1 ms ] threadShow your work, start bug hunting
i do believe networking is a important aspect of it.
thank you for your comment!
Instead, focus on something that you have an interest in. Do you want to find bugs in data file handling libraries (like libpng or libxml2)? Do you want to reverse engineer software and hardware to find previously-unexplored attack vectors, that could be sold to bug bounties for lots of money? Do you want to help companies find errors in their software configurations that could lead to security breaches? Do you want to hack hardware?
My point is not that Kali Linux is useless. It’s a convenient hodgepodge of most every penetration testing tool in existence. My point is, however, that you should find an interesting niche and get experience finding real bugs and solving real security problems. You’ll build up a portfolio this way that could help you get hired in a more senior position. It sounds like you’ll want to focus on defensive protections and mitigating attacks, if you currently work for a regular company as a cyber security analyst.
Good luck!
the only reason i mentioned Kali Linux is it's a requirement for the oscp? and i guess kali would be used for basic pen testing.
i'm not sure exactly where i fall, id like to be a jack of trades for a few things; defensive protections, pen testing, social engineering.
thank you for your advice, that's what i really want, to put myself into the position where i can solve real problems and be a part of the sec community.
thank you snazz.
However, there are a million and one resources online that will tell you what you need to do to prepare for the OSCP.
doing pen testing would be alot of fun, would i need to get the ethical hacking cert
You don't need the OSCP to call yourself a proper cyber security member at all, there are plenty of pen testers that do not have it. But it can be a convenient way for a junior to break into the industry. The other option is to do bug bounties which demonstrate that you are capable of going through the entire pen test process in a real world context.
Also, one thing to point out is that reporting is a huge part of pen-testing. Being able to write with perfect grammar and punctuation is vital.