Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How can I learn to be a cyber security expert?
20 points by shadowfaxRodeo on March 23, 2021 | hide | past | favorite | 11 comments
I've become increasingly disturbed by high profile hacks and data breaches.

Maybe I'm wrong, but it looks like these things are getting worse — and when there's a data breach, hack, or privacy violation — the most vulnerable people are hit hardest.

I'm a web dev, thinking about focusing on helping people stay secure online.

What are your tips for becoming a cyber security expert? How can I start learning online?




First, understand it'll be a job and all the things that come with it.

Second, spend some time watching lectures and presentations from security professionals. I like to watch videos from previous DefCons. Why do this? It'll help narrow down your interests. Think of it as a survey/appreciation class.

Third, spend some money (after proper research) on classes, software, then hardware (in that order). Once you know the software you want to start with (from watching fun lectures) and your focus (pen testing? red hat? blue hat? etc?) you can better focus on your learning.

Fourth lurk then participate in some online forums.

If it weren't a plague season I'd recommend going to a local security professionals slash hacker meetup then a national one. But that's not a good idea at the moment. Regardless, it's a good idea to get to know people. They'll be able to give you more specific advice on where to get a jobby job.

---

IMHO The most vulnerable people are always hit the hardest. That's what vulnerable means, right?


Thanks that's really useful — I definitely have the time to watch videos at the moment so that was an easy sell.


You're very welcome. I hope you have a good time and find work that's equally compelling and challenging!

My favourite talks to watch are from Jayson E. Street. 100% code free social engineering, but so funny. People are always the weakest link.


1. Refrain from calling yourself an expert. Cybersecurity is too wide a field for one person and it sets off warning bells.

2. Start general, read a wide variety of topics, maybe get a Security+ certification -- it's a good toe dip. Maybe the Certified Ethical Hacker (another toe dip).

If you want an affordable, but time-consuming deep dive into pentesting, take Offensive Security's OSCP course.

3. As you get more of an idea on what areas of cybersecurity interest you the most, drill down into those specific subject matters.

4. Become a subject matter expert in the area(s) that interest you. This will involve social media, quality blogging, and speaking at conferences.

5. Profit!


As a dev, you should start learn about the most common bug classes and get a proper understanding on what is happening and how you can prevent them. Then it's worth looking into how you can exploit them. If you work for a big company, you may be able to spend some time working along your security team, that will help you get a foot in the door. Security teams are always looking for people who already understand the code bases and deployment processes and want to inject security everywhere :)

<shameless_plug>You may like https://pentesterlab.com/ if you are looking for a course</shameless_plug>


OWASP is a good organization with lots of resources and events if you want to get involved!

https://owasp.org/


Take a course or two in cryptography if you haven't already. Once you understand the basics, move on to the application level and learn about best practices. Afaik the best way is via courses, a lot of online reading, and even better, on the job training if you can get a security-related job


Since you are a web dev you are in prime position to do a lot of good. Here are some tips.

Advocate for good web security practices. You'll be surprised about how bad some web apps are set up.

Pick an area of focus (networking, peripheral devices, IoT, web apps etc). You can use sites like hacker one to level up


You can do various courses like https://www.tryhackme.com/login and https://www.kali.org/


I'd say start from making your own machine very secure first


georgia tech offers an online masters in cyber security for $10k




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: