Ask HN: How Do I Get Started in the Field of Cyber Security?
I am a 21 year old currently living in the UK. I really want to get into cyber security mainly pen testing, but i am unsure where to start. I have limited coding knowledge - i know the basics. Recently i have been looking to go down the compTIA route. If anyone could give me any advice or guidance it would be greatly appreciated
8 comments
[ 2.9 ms ] story [ 26.1 ms ] threadhttps://www.reddit.com/r/netsec/comments/g6r71/getting_start...
This has links to many useful resources such as books and many tools that used such as nmap, Nessus, burp suite etc.
Remember if you don’t have permission to attack something it is against the law, which is why there are the following resources that can be used:
Damn Vulnerable Web App (http://www.dvwa.co.uk/)
and https://www.hackthebox.eu/
Also check out OWASP (The Open Web Application Security Project) https://www.owasp.org/
There are quite a few universities offering cyber security courses in the UK. I have listed a few below:
https://www.abertay.ac.uk/schools/school-of-design-and-infor...
https://www.ncl.ac.uk/undergraduate/degrees/i190/#courseover...
https://www.kingston.ac.uk/undergraduate-course/cyber-securi...
https://www.plymouth.ac.uk/courses/undergraduate/bsc-compute...
https://www.gre.ac.uk/undergraduate-courses/ach/gf54
There are quite a few companies that have graduate schemes as well.
https://www.nccgroup.trust/uk/about-us/careers/graduates/
https://www.mwrinfosecurity.com/assets/resourceFiles/Recruit...
http://www.aonearlycareers.co.uk/graduates-9 - The application period will open again later this year for Cyber Associates.
https://www.contextis.com/en/careers
As for certifications I would say aim to get CREST certified though most of the companies above will help you get the certification. Such as the Crest Register Tester to begin with. https://www.crest-approved.org/examination/registered-tester...
Though as the list above shows there are a lot of universities offering degrees in Cyber Security.
If you were able to get a job with a pen-testing company in the UK they will pay for their employees to sit the Crest Exams.
I’d personally pay for OSCP if anything. CREST only offers a syllabus with no real direction about what to expect on the exam or training labs. Also, the prices are rather extorinate just for sitting an exam. Even worse than that, you take the exams in Slough...
Any of the companies listed above will pay for your exams if you work for them.
Learn to write reports quickly to save yourself!
Unfortunately this is harder than it should be. The media is right, there is a huge need for talent here, but there is 0 pipeline to take/train that talent.
Right now it’s just sysadmins, software devs, and B-Sides hackers who seem to fall into all the teams I’ve been a part of (mainly network defense and infrastructure hardening).
Texas is deploying a pretty innovative program next year that will teach cybersecurity for the last two years of high school and then award the student an Associates Degree. From there the plan is to deploy them a giant SOCs of various companies that need lots of eyes to monitor the logs/false positives. This will be 1 or 2 years of real world experience before letting them go on their own in the career marketplace.
Couldn’t see any text or email in your profile page.