CyberMentorDojo: Entry To Cyber Blueprint

Entry To Cyber Blueprint

 

Getting into Cybersecurity can be a challenge so we have created this blueprint to help bolster the efforts of the aspiring cybersecurity professional and ultimately help them get into the cybersecurity industry. This blueprint has been broken down into the following phases;

 

  1. Investigate – Investigate the roles within the industry
  2. Planning – Building a plan to achieve your goals
  3. Studying – Ensure your studies align to your goals
  4. Building Your Network – Gain visibility and insights by building your network
  5. Finding Resources – Locating resources to aid studying

 

Investigate

 

Cybersecurity is a massive field with lots of different facets, from GRC to IoT Penetration testing the number of roles and career paths are mind-boggling. There are roles that are more competitive than others which may make it difficult to get a foot in the door in that particular area, an alternative route may be advisable.

With all this said, finding your passion will help you align your studies, your job-hunting efforts, your courses, and certifications which will ultimately make the challenge of finding a role less abrasive.

To help demonstrate the sheer size of the industry the below link will show you a list of different roles within the industy, this highlights the many different routes one can pursue.

50 titles job seekers should know about: here

 

How To investigate

In order begin your research into the many different roles you will need to know where to look.

 

Use Job Boards and Websites

Using job boards and websites will allow you to understand what the role entails, and the potential requirements needed for the role.

The information found can be useful when planning your studies because you can quickly get an idea of what knowledge and skills are required for these roles and with that you can adjust your roadmap to the findings.

 

Use LinkedIn

Thousands and thousands of professionals use LinkedIn, I recommend reaching out to some of them to find out how they have got into the industry and to get their advice on what to look for, this can be especially powerful when engaging with people in your desired role.

You will soon find there is a lot of conflicting information, people enter the industry through various routes so not everything is not one size fits all, find what works for you.

 

Join Groups

Many social media sites have groups dedicated to cybersecurity, these are great places to understand the industry and get an insight into what is required.

A bonus is the ability to network with industry professionals and increase your network.

 

Join Forums

Another great tip is to join security forums this will allow you to connect and engage with industry professionals and seek advice.

 

Planning

 

One of the biggest bits of advice that we like to give people is to plan your approach to the industry and the reason for this is that there is an overwhelming amount of information regarding entry into the industry with no real logical coherence.
 
Creating a plan whether it be studying, networking with others, or a combination of things is advantageous as it will help you become more focused on your studies and approach without becoming overwhelmed

Assess Your Current Situation

To be able to build your plan, you need to establish a few things.
 
  • Current level – Are you new to information technology? What are your weaknesses? Are you familiar with the requirements for the field?
 
  • Timeframe – Is your timeframe to get into the industry a realistic one, trying to rush into the industry can cause stress and strain on yourself, it is wise to give your self a good amount of time to ensure you cover good ground and prepare as much as possible
 
  • Goalsetting– Are your short, medium, and long term goals achievable? What we mean by this, are you trying to become a cybersecurity professional next week with zero knowledge, chance are there is a more achievable step in the right direction.
 
  • The desired position – Have you established your desired position in cybersecurity? If you have then we recommend looking at the requirements of these roles and adding them to your plan
 
Once you have established this information you will be able to put together a good plan to help you enter the industry

Building Your Roadmap

When you want to travel somewhere you plan a suitable route to get to your destination, you factor in different roads and adjust accordingly to obstacles, the same can be said in relation to building your roadmap. You may ask, why is this important? having a roadmap helps you keep on track and prevent being side tracked which is a trap which is easy to fall into.

Once you have identified your desired position build a plan to help you get there, wether that be setting timeframes to studying particular topics or allot different periods of time to developing a skillset.

 

Here is a useful article about creating a study plan: here

Studying

 

Studying is a very important part of developing as a professional, it helps you stay current as well as becoming a more confident professional. Having the knowledge and the understanding of the different facets of a particular role will enable to articulate your thoughts better and provide a better service, be sure to get a firm grasp of the concepts within the content that you are studying.

 

Build Your Foundation

“When a foundation is poorly constructed, it can post a serious risk to the structure”

This quote was taken from a construction website, however, this quote can ring true when describing a cybersecurity professional, they must have a good grasp on the foundational knowledge before they start to specialise in a certain area.
 
This includes but is not limited to the follow, bear in mind the foundation requirements differ from role to role.
 
  • Networking technologies
  • Programming/scripting
  • Network Security
  • Information security
  • Linux administration
  • Windows administration
  • System troubleshooting
  • Knowledge of regulations that may impact cybersecurity
  • Knowledge of different frameworks businesses may use
 
Be sure in whichever path you decide to take to build your foundation strong for the rest of the structure, don’t skip ahead.

Get Practical

When you begin piling through the books and videos there is a time where you will be like “I need to try this” and you will begin searching for resources that can enable practical application of what you have been learning.
 
There are two ways I recommend approaching this and both have pros and cons, this is a case of finding what suits you better and fits within your learning budget.
 
Homelab – Homelab is a setup produced by yourself (self-hosted) which can be a great learning experience, you will find yourself running into issues that you need to troubleshoot to fix and this is where a lot of skills are gained. Once set up the homelab can prove to be a useful addition to your professional developments.
 
Here is a useful video to introduce you and help you build a homelab: here
 
Practical learning online – While homelabs can be great they can also be costly and time-consuming and after all time and money are precious resources when it comes to learning, enter online practical learning resources.
 

 

Building Your Network

Arguably one of the most important parts of any job-seeking efforts is building your network within the desired industry, this allows you to engage and connect with other professionals as well as making yourself visible to hiring managers.

Commonly people apply for roles through job websites, this can be detrimental to your efforts as well as discouraging when faced with the barrage of rejection and ghosting.

Interestingly a survey was conducted which concluded that in 2016 85% of roles were filled via networking, whether this holds true today is another question, however commonly most roles in cybersecurity are found via networking, this is from personal experience and from discussions with others.

 

LinkedIn

 
LinkedIn is without a doubt the best place to connect with industry professionals and a place where you can showcase your skills, it acts as a shop window to you as a professional and gives you a platform to market yourself.
 

1. Ensure you include as much relevant information on your profile; skills, experience, certifications, and courses.

2. Include a profile picture and change the default banner to something that describes you, remember the banner is at the top of the profile it needs to draw people in and paint a picture of who you are.
 
3. When connecting with new people be sure to introduce yourself and let them know why you connected, this will help build professional relationships which can be beneficial for your career and efforts.
 
4. Engage with the community; comment on posts, like posts and join in meaningful discussions this will help nurture an organic network.
 
5. Post content that is engaging, relevant, shows your skills and passion.
 
6. Be selfless, help people when you see people asking for it, be an ally to others.
 
7. Connect with recruiters, a large number of jobs may never see a job board and will be handled by recruiters whether it be an internal recruiter or external recruiters connect with them, they can give valuable industry insights and guidance on your efforts.

Discord

Relatively new to the cybersecurity scene is the use of discord and the communities that are hosted on there, now there are many different servers you can join and they all have different focuses. Here are a few servers to get you started.
 
Cyber Job Hunting – Cyber career advice.
Cyber Mentor Dojo – Finding mentorship in cybersecurity.
Certification station – Study and certification help.
Security Blue Team – Blue team focused server.
Blue Team Labs OnlineOfficial BTLO Discord.
Unofficial RangeForce – Unofficial RangeForce server.
Unofficial INE/E-learn Server dedicated to students of INE.
BlackHills Infosec – Server – A community with good resources.
TMHC (The Many Hats club) A cyber security community.
Infosec Prep – Cybersecurity study community.
TechVets – Veteran only run community, required to sign up via the website

Finding Resources

 

Once you have planned your roadmap, you know what you want to do, the next best thing is to look for resources surrounding your desired area, this in itself can be an arduous task. The list below will give you a good starting point to help you find resources.

 

Course providers

There are many online course providers that cover Cybersecurity topics as well as producing courses addressing certifications, it is recommended to look at the reviews and prices of each platform before making a commitment. Discounts are available on many of these websites.

Udemy – Platform of user created courses

Cybrary – Platform of various IT & Cybersecurity courses

Linkedin Learning – Platform of various courses

PluralSight – Platform of various IT & Cybersecurity courses

ITProvTV – Platform of various IT & Cybersecurity courses

Websites

PortSwigger – Web application academy

OverTheWire – Linux CLI and Security concept training

TryHackMe – Cyber Security Training

HackTheBox – Pentesting training

BlueTeamLabsOnline – Blue team practical training

Virtual Hacking Labs – Pentesting courses and practical training

RangeForce – Hands on cybersecurity training

 

Github

At a high level, GitHub is a website and cloud-based service that helps developers store and manage their code, as well as track and control changes to their code. Over the years GitHub has changed rapidly and is now being used to host blogs, write ups, and resources, because of this Github is a valuable resource to dig into when looking for content related to your area of study. Below is a list to get you started.

Awesome Incident Response

Awesome repositories are a large collection of resources about a particular area.

Podcasts

Podcasts are a series of an audio programme that addresses a certain topic from DFIR to security news, it is safe to say there are podcasts for everyone. The benefit of podcasts is you are able to listen to other professional’s experiences as well as discover other resources that they recommend. below is a list of podcasts to get you started.

 

We Talk Cyber – podcast interviewing security leaders and other professionals.
Breaking Into Cybersecurity – Podcast to help jobseekers break into the industry.
Cyberwarrior Studios –  A podcast of various discussions with security professionals.
Darknet Diaries – Podcast covering stories from the dark side of the internet.
The Social-Engineer podcast – Podcast covering the social engineering side of security.
Smashing Security – Lighthearted podcast covering current security topics and concerns.
Rebooting With Lisa Forte – A podcast with interesting interviews with industry leaders.

Youtube

A very under utilised source of resources, there are videos and channels covering almost every topic, many have used Youtube as their primary resource when completing certifications.

General

Simply Cyber – Collection of security videos and advice.

Networking

Jeremy’s IT Lab – Networking Videos (CCNA)

Keith Barker – Networking videos and study group (CCNA)

Professor Messer – CompTIA Trifecta videos (A/Net/Sec+)

Programming

FreeCodeCamp – Large collection of Programming videos.

Programming with Mosh – Collection of programming videos.

Ethical Hacking

David Bombal – Collection of various security videos.

HackerSploit – Pentesting videos.

Null Byte – Various Pentesting videos.

Digital Forensics and Incident response

SANS DFIR – Collection of DFIR Videos.

6 Comments

  1. Kim Kennedy on May 5, 2021 at 4:38 PM

    Thank you for this awesome blueprint

  2. Afonso Alves on May 5, 2021 at 4:54 PM

    Thanks for this.
    When I see this type of organization, my faith on good human beings increase.

  3. John Shirasaka on May 5, 2021 at 7:11 PM

    This is one of the most helpful cheat sheets I’ve ever had the pleasure of reading through! Thank you so much for selfless acts of kindness to the community, Jay!

  4. Serge Saa-Lapnet on May 6, 2021 at 5:42 PM

    Jay Jay,

    Thank you so much for sharing this great gem of information and advices. This is so helpful, encouraging, and gives me much orientation.
    Best,

  5. Nathalie on June 1, 2021 at 8:49 PM

    Hello,

    Does any one can guide to find the price of the program. When I logged the register ask me a card but I can ‘t find the prices in the page

  6. Poonam Tiwari on June 11, 2021 at 7:51 AM

    Thankyou for sharing.

Leave a Comment