Getting Started In Cybersecurity

Abigail Johnson
·
Follow
9 min read
·
Aug 17, 2022

Listen

Share
This article is to guide anyone interested in cybersecurity, who wants to begin a career journey
and does not know how to begin.
I am Abigail Johnson, https://twitter.com/Abee_john, a cybersecurity enthusiast, my career path
in the field is ethical hacking/penetration testing. I wrote this article with a friend, Ibukunoluwa
Morountonu, https://twitter.com/ibukun_tonu, who is also a cybersecurity enthusiast, her career
path is Governance, Risk, and Compliance — GRC.
We are both Cybergirls 1.0 Alumna, an initiative of the Cybersafe Foundation, https://
cybersafefoundation.org/.
We wrote this article for anyone who has an interest in Cybersecurity but doesn’t know how to
begin, it’s a guide on how to get started in the cybersecurity industry.
However, always remember to do your research, Google is your friend.
Let’s begin with the definition of Cybersecurity
Cyber attacks are evolving day by day, hackers are becoming smarter, coming up with new ways
to bypass scans and firewalls and exploit flaws in a person’s system.
Cybercriminals may use computer technology to access personal information, business trade
secrets, or use the internet for malicious purposes. The rise in cybercrime is because of flaws
present in modern-day technology.
This is where Cybersecurity comes in.
According to CISCO; Cybersecurity is the practice of protecting systems, networks, and
programs from digital attacks. These cyberattacks are usually aimed at assessing, changing, or
destroying sensitive information; extorting money from users; or interrupting normal business
processes.
Cybersecurity as a Career Path
Cybersecurity is a career path for anyone, irrespective of their background. Just as technology
applies in every field of life, cybersecurity is not limited to a caliber of roles. There are several
roles in cybersecurity and you can choose to niche/specialize — this helps to curb being
overwhelmed.
Before you niche down, you must understand the basics of IT (how computers communicate
with each other, operating systems, and how the internet works). You must understand a thing
to be able to protect it. The basics of cybersecurity and the general understanding of the
various paths can’t be overemphasized likewise.
Note: You don’t have to be a programmer to be in Cybersecurity, although some roles like
ethical hacking demand knowledge of programming for script writing and other purposes.
A break-down of different fields in Cybersecurity
In cybersecurity, there are different job roles from offensive (finding weaknesses in applications
to gain access, exploiting bugs in software, and breaking into computer systems) to defensive
(investigating computers or devices to understand how it was hacked, tracking down
cybercriminals, or monitoring infrastructure for malicious software).
The most common job role is ethical hacking also known as penetration testing, beginners find
this role to be fascinating. There are other interesting roles in the field, and in this article, we’ll
break down the different fields in cybersecurity.
 ● Information security analyst: A security analyst protects computer networks
from cyber attacks, creates cybersecurity policies and practices for the entire
organization, and documents security breaches.
Responsibilities:
● Develop security plans, incorporating research on new attack tools, trends, and
measures needed across teams to maintain data security.
● Compile reports about the safety of networks, documenting security issues and
measures taken in response.
Security analyst certifications:
● CompTIA Security+
● Certified in Risk and Information Systems Control (CRISC)
● Certified Information Systems Auditor (CISA)
2. Ethical hacking and penetration testing- Red Teaming: A penetration tester or ethical hacker
exploits vulnerabilities in a network as allowed by the organization, carrying out simulated
attacks to evaluate the security of a system.
Responsibilities:
● Perform simulated attacks to aid proactive measures against cyber attacks.
● Research and experiment with different ​attacks.
How to become a Penetration Tester- Coursera.
Ethical Hacking Certifications:
● Certified Ethical Hacker
● GIAC Penetration tester (GPEN)
 ● CompTIA PENTEST+
● Offensive Security Certified Professional (OSCP)
Programming languages for Hacking:
● Python: Scriptwriting.
● JavaScript: Used for web hacking, node.js, and cross-site scripting.
● PHP: Application in web domains, used for web hacking techniques, and server-
side scripting.
● SQL: Used for database interaction, hacking databases, and SQL injection.
● C Programming: Hackers use C programming to access and manipulate
hardware resources and write and develop exploits, and it’s also used to create
shellcodes, rootkits, malware, keylogger, etc.
● Ruby: Used by several hackers for scripting and it’s used interchangeably for
bash scripting.
● Perl: A great language you can use to manipulate Linux text files, create tools
and write exploits.
3. Threat intelligence: A cyber threat intelligence analyst provides the organization with
information and knowledge on cyber threats and threat actors, intended to help mitigate cyber
attacks.
Responsibilities:
● Analyzes and detects cyber threats and malware impacting an enterprise.
● Research, collect, analyze and disseminate intelligence materials from various
sources to help the enterprise understand and mitigate threats and attacks.
Threat intelligence Certification:
● Certified Threat Intelligence Analyst (CTIA)

4. Security Operations (SOC)- SOC analysts are on the front line of cyber defense, detecting
and responding to cyber attacks as they happen.
Responsibilities:
● Defends against security breaches and actively isolates and mitigates security
risks.
● Continuously monitors and analyzes the security procedures of an organization.
Security Operations Certifications:
● GIAC Security Operations Certification (GSOC)
● Certified SOC Analyst (CSA)
5. Digital forensics — This field focuses on the application of investigation and analysis to
gather and preserve evidence from a computing device in a way that is suitable for presentation
as evidence.
Main Responsibilities: Extract data from electronic evidence, process it into actionable
intelligence, and present the findings for prosecution.
Digital Forensics Certifications:
● GIAC Certified Forensic Examiner (GCFE)
● GIAC Certified Forensic Analyst (GCFA)
● GIAC Reverse Engineering Malware (GREM)
6. Governance, Risk, and Compliance Manager — GRC — Coordinates the creation, review, and
implementation of policies and procedures, established by the agencies that regulate the
company.
Responsibilities:
● Implements processes, such as GRC (governance, risk, and compliance), to
automate and continuously monitor information security controls, exceptions, risks, and
testing.
● Develops reporting metrics, dashboards, and evidence artifacts.
Governance, Risk, and Compliance Certifications:
● Certified Risk Manager (CRM)
● Risk Management Professional certificate (RMP)
● Enterprise Risk Management (ERM)
● Chartered Enterprise Risk Analyst (CERA) certification
● Certified Risk Management Professional (CRMP)
7. System Security Engineer: The job role of a security engineer is to develop and implement
security solutions, and test new security features.
Responsibilities:
● Designing computer security architecture and developing detailed cyber
security designs.
● Identifying and defining system security requirements.
System Security Engineer Certification:
● Certified Information Systems Security Professional — Architecture (CISSP)
● Certified Information Security Manager (CISM)
● Certified Information Systems Security Professional (CISSP)
● Security 5 Certification
● Microsoft Certified Systems Engineer (MCSE)
● Certified Information Systems Auditor (CISA)
● IT Information Library Foundations Certification (ITIL)
Soft Skills Required
In cybersecurity, we must not only have technical skills but also soft skills required to grow and
maintain our position in a job role or an internship.
 ● Decision-making and leadership
● Communication and good presentation
● Critical thinking
● Time management and personal effectiveness
● Flexibility and adaptability
● Emotional intelligence
● Teamwork
● Organization and self-management
● Networking
There are many platforms on the internet that educate and help anyone get started in
Cybersecurity with different courses (free and paid).
Here, we’ll list out platforms ​you can check out.
● The Tryhackme platform; https://tryhackme.com/ this platform is for absolute
beginners in cybersecurity, it has both free and subscription models. Tryhackme currently
has 8 learning paths which include; intro to cybersecurity, pre-security, complete
beginner, web fundamentals, cyber defense, JR penetration tester, offensive security, and
compTIA PENTEST+. In the future, I’m sure they’ll introduce new learning paths. To get
started on the tryhackme platform, you need to create an account. After you’ve created
an account, you can explore the different learning paths. Since you are a beginner, start
with the intro to cybersecurity, once you are done, move on to pre-security, then
complete beginner, and web fundamentals. As we explained the different career paths,
you either choose the defensive or offensive part of cybersecurity. If you choose the
offensive, you move on to the JR penetration tester path, offensive security, and
COMPTIA PENTEST+, while if you choose the defensive, you move on to the cyber
defense path.
● Hackthebox Academy: To some extent, it is free. Upon registration, they grant
you several cubes that help you take the Fundamental modules. Another great platform
with enough resources to help you get started in cybersecurity. https://
academy.hackthebox.com/ and https://academy.hackthebox.com/catalogue
● CISCO networking academy: The cisco networking academy is another great
online learning platform for beginners, you find different courses on networking,
 operation system and IT, programming, internet of things, infrastructure automation,
cybersecurity packet tracer, etc. https://www.netacad.com/
● IBM skills build: You can learn the basics of cybersecurity on this platform.
https://skillsbuild.org/students/course-catalog/cybersecurity
● Professor Messer: This is a cybersecurity website owned by Professor Messer,
he provides free IT training videos, you can find CompTIA A+ core 1 and 2, CompTIA
network+ and security+. https://www.professormesser.com/
● Thecybermentor Academy Security: In the platform, you find ethical hacking,
malware analysis, and forensics courses. Also, ​it’s not a free platform, you pay for the
courses so you earn a certificate. https://academy.tcm-sec.com/
● INE: Not a free platform but this platform has great hands-on practice videos.
https://ine.com/
● Hacker-arise: This website has a free subscription model. This is a great
platform as you find many cybersecurity courses. Also, if you are choosing ethical
hacking as a career path, I’ll advise you stick to learning from this platform. https://
www.hackers-arise.com/
● You can also check platforms like Udemy, and Coursera for beginner courses.
Note: If you have a non-technical background, it is important to take a course on IT
fundamentals.
● Google IT Support Professional Certificate: this course is available on Coursera,
financial aid is available to get it. If you want to go all out on learning IT fundamentals,
give it a go.https://www.coursera.org/professional-certificates/google-it-support
● IT Fundamentals & Computer Networking Course with CompTIA A+, a free
udemy course on networking and IT fundamentals. https://www.udemy.com/course/it-
fundamentals-computer-networking-course-with-comptia-a/
Link to Free Cybersecurity courses and Ebooks
https://docs.google.com/document/d/1ezxtIE-Kiv7eRqDzlRZH_ade87EkEpyoe6AxpiCuOGc/edit?
usp=sharing
Cybersecurity professionals:
Here we list out some cybersecurity professionals you should connect with either directly
(sending an e-mail, or private message on their social accounts) or indirectly (following them on
their social accounts and learning from them without actually sending any message). You can
also reach out to them for mentorship and ask them if they would love to mentor you as a
beginner in the field.
 ● Confidence Staveley; you check her out on Instagram, LinkedIn, or Twitter
● Iretioluwa Akerele https://twitter.com/ireteeh
● Ozioma Simbiat https://twitter.com/Xymbiz
● Celeb McMurtrey on Twitter
● Occupytheweb on Twitter
● John Hammond on Twitter or LinkedIn
● Mike Miller on LinkedIn
● Edakoudis https://twitter.com/edskoudis
● Kevin Beaumont https://twitter.com/GossiTheDog
● TheCyberMentor
● And Many other good guys out there, once you follow and connect with these,
Twitter and LinkedIn algorithms will show you other professionals, to connect with.
Cybersecurity communities (Discord and Twitter):
Check out these cybersecurity communities that are open for beginners.
 ● Cyberblack
● Cybersechaven
● Diary of hackers
● Cyber Experts NG
● Tryhackme Discord Server.
● Cyber Mentor Dojo.
● Cyber Insecurity.
● Trusted Sec.
● Network Chuck.
● she_secures
Staying up to date in Cybersecurity:
Listed below are a few articles and podcasts you can check out to stay on-to-date on
cybersecurity news.
Articles:
● The Hacker news
● Bleeping Computer
● Dark reading.
● Threat Post.
● CISO series.
Podcasts:
● The Cyberwire daily.
● Darknet Diaries.
● CISO series.
● SANS Stormcast.
● Tech Stuff.
YouTube Channels:
Here is a list of YouTube channels we recommend for beginners
Forage is a platform where you can find free virtual work experience programs. On this
platform, you have access to model work samples that would help you build your skills.. https://
www.theforage.com/
Conclusion
One step at a time, take your time to learn and resist every urge to skip the basics. Remember
new trends, technologies, and threats keep emerging. Hence, ​continue learning about
cybersecurity. It is therefore important to stay up to date in cybersecurity.
Leverage communities, LinkedIn, Twitter, and your network to upskill in Cybersecurity.
Thank you for reading. I hope you find this helpful. You can connect with the writers via Twitter
https://twitter.com/Abee_john, https://twitter.com/ibukun_tonu, or LinkedIn https://
www.linkedin.com/in/abigail-inyang-561b71224/, https://www.linkedin.com/in/
ibukunoluwamorountonu/

336

Cybersecurity
Technology

336
4

Follow

Written by Abigail Johnson

184 Followers
API Penetration Tester - Cybersecurity Analyst - Technical Writer

More from Abigail Johnson

Abigail Johnson
A little about ME and My TECH journey
I am Abigail Johnson Inyang, a penetration tester, python developer, and technical writer. I’m a
17-year-old high school graduate and an…
6 min read
·
Sep 12, 2022
252

3
Abigail Johnson
TryHackMe — TomGhost WriteUp
Introduction:
6 min read
·
Nov 18, 2022
49
Abigail Johnson
How strong is your password? What authentication technique are you using?
When creating a Facebook account, trying to access your phone, withdrawing from an A.T.M.,
decrypting an encrypted file, and so on, we have…
5 min read
·
Aug 13, 2022
62

Abigail Johnson
#2 Fawn — Starting point — Hack The Box Write-up
Introduction:
6 min read
·
Jun 21, 2022
69

See all from Abigail Johnson

Recommended from Medium

Coded Conversations
Cybersecurity Role: Salary, Skills, and the Daily Grind
Salary, Skills, and the Daily Grind
4 min read
·
Jul 21
55
Left4Zed
in
Maveris Labs
I took Google’s Cybersecurity Certification Course and Here’s What I Learned.
I took the Google Cybersecurity Certification Program and I recommend it, here’s my feedback.
10 min read
·
May 31
647

Lists

AI Regulation6 stories
·
127 saves

ChatGPT prompts 24 stories

·
400 saves
ChatGPT21 stories
·
157 saves

Generative AI Recommended Reading52 stories

·
241 saves
Vishnu Shivalal P
TOOLS FOR CYBER THREAT HUNTING (PART - I)
Cyber Threat Hunting
3 min read
·
Aug 23
6
Josephalan
TryHackMe Security Engineer Learning Path Review
5 min read
·
Sep 12
30

Prajwol Dhungana
Accessing data on A525FXXU4BVG1 without unlocking.
Hello, it has been a while since I last wrote a post. In essence, it’s a write-up on a logical issue I
recently discovered on Samsung…
4 min read
·
Sep 13
124

1
Sushrita Swain
Day 41 — Unlocking Cybersecurity Knowledge: Free Courses and Practical Learning
Greetings, fellow cybersecurity enthusiasts! Today, on our 41st day of exploring the vast realm
of cybersecurity, we embark on an…
3 min read
·
Jul 8
2