The Confusing Entry into Cyber Security

Now, this is a story all about how my life got flipped turned upside down…when I decided to enter Cyber Security. When you first decide you want to go into Cyber Security, it’s a lot like any other field. You know you might need to go to school, collect some certifications, and do continuing education. What you don’t realize is you’re jumping into an ocean without a map.

There are so many different disciplines within Cyber Security, it seems like an endless maze to figure out what you want to do. Do you want to be an analyst? Do you want to be a hacker? Do you want to do clerical work? Do you want to do forensics? Red team? Blue team? Purple team? Trying to research everything just makes my brain want to shut down.

Fortunately, I had a general idea of what I wanted. It was either Penetration Testing or Digital Forensics. I would probably be happy in either discipline, but I’m leaning more towards Pen Testing. Now comes the long part: how do I do that?

I enrolled in college. Some say college may be a waste of time, but in my situation, I had already attended college and have student loans…but no degree. I wasn’t smart at 18 years old and wasted a lot of time and a lot of money. Now that I’m in my 30’s (yes, I’m getting a later start), I don’t want to pay student loans with no degree. I’m utilizing grants, scholarships, and military tuition assistance I didn’t know how to use. My goal is to get through college without adding to my student loans.

I also watch YouTube videos. I’m learning things from The Cyber Mentor (Heath Adams and TCM Security), John Hammond, Simply Cyber (Gerald Auger), etc. I utilized some networking skills with Vets 2 Industry to learn about other opportunities such as IBM Skill Build, Act Now with Coursera, and With You With Me. These are all excellent opportunities.

With the dive into Cyber Security, I had to pick and choose which service I utilized. If I didn’t, I would spend most of my time signing up for everything and accomplishing nothing. I had to also plan which certifications I wanted to pursue.

At first, I wanted to get my CompTIA A+, Network+, and Security+ certifications. I also wanted to get my OSCP (Offensive Security Certified Professional). My feelings shifted slightly as I get into it. I decided to buy some courses through TCM Security that are focused on Ethical Hacking and Pen Testing, and plan on going for the PNPT (Professional Network Penetration Tester). I no longer really care about the OSCP. If I see some jobs that are being gate guarded by the OSCP, then I might study for that and take that as well, but it’s not my main focus.

There are so many certifications, courses, videos, and materials about Cyber Security that it’s hard to know exactly what you want to do. Even after you decide, there’s still so much information out there. My recommendation is to just pick something. Look through the disciplines of Cyber Security and get a feeling for what you think you want to do. Look for a free course or two to dip your toes in and see if this is actually what you want. Pick one platform and learn from it. Once you’ve completed it, then you can move onto another platform. Jumping from one to the other is counter-productive and will lead to further procrastination. You don’t need to find the perfect course, just do one course to get the ball rolling.