Roadmap to your first cybersecurity job
What you need to do, how to do it, and in what order.
NOTE: IF YOU SENT ME A DM AND I SENT YOU HERE, READ EVERYTHING HERE AND IN THE Q&A BEFORE ASKING YOUR QUESTION.
Not all, but many of you are here because you’re looking to get a job in cybersecurity (or tech in general). $60k-$110k/year starting salary for an entry level IT position can be yours in the next 90 days with hard work, and most importantly, the right kind of work. Here’s the roadmap, in order of how you need to proceed based on your experience level, and how the substack fits into the equation.
BEFORE YOU GO ON:
THIS IS A VERY AGGRESSIVE METHOD AND NOT FOR EVERYONE. THIS ONLY WORKS FOR THE TOP 5% OF HARD WORKERS IN THE WORLD.
If the thought of trying an IT Speedrun makes you uncomfortable, go get a degree from a university and then go get a helpdesk job.
First and foremost, upgrade to a paid hoodie in the stack so you can join the discord while studying for your certs.
Don’t wait. Do it now.
Even better yet, check out Bootcamp Lite!
48+ lectures of 100% all original content
12 months of access
Live weekly Q&As
Exclusive bootcamp lite discord access
WORLD CLASS Learning Management System complete with lectures, quizes, notes, flashcards, and everything else you need to go out and CRUSH your exams and start your career
This course has rolling enrollment! Get your seats here:
Now, you need a laptop to toy around with. I’m using my old college laptop. This needs to be a PC and not a MAC. MACs don’t play nice with Linux. Here are the recommended requirements:
4 core processor
8GB of RAM
256GB SSD (They’re like $20 on Amazon - don’t cheap out here)
A few 8-16GB thumb drives (literally $4 each at Walmart)
Can you get a new machine? Yes. Any new machine that matches or exceeds these requirements will work. It’ll be more expensive than buying used. I recommend getting a used laptop to play around with, but you do you.
If you want to use just one machine, then all of the previous requirements apply, but you’ll need 16GB of RAM (in this case, a MAC is fine). This is because we’re going to be using heavy virtual machines in place of putting new OSs on your laptop. If you don’t know what a virtual machine is, the next section is for you.
You need to have SOME GRASP of what computer hardware is and how it does. If you’re capable of reading through the performance metrics in Task Manager, can swap out an SSD, add RAM, and know how to at least get to the BIOS, you’re probably in good shape and don’t need to spend any extra time studying hardware.
If this is not you, then you need to learn something about hardware. Go to this link and start listening to videos and working through the material:
This is the link to a YouTube playlist for the topics of the COMPTIA A+ certification, taught by Profesor James Messer. He is an unbelievable wealth of information for several COMPTIA exams and will be referenced many times in this article. Watch the videos and learn something. You do not need to take your A+ exam. It will not help you get a cyber job. You just need to know the basics.
So now let’s say you’ve done that and you’re ready for the next step? This is where you need to learn Networking - how computers communicate. Cybersecurity is a world of breaking shit because we’re getting computers and programs to do stuff that it wasn’t intended to do. In order to do this properly, we need to know how things are supposed to work in order to figure out how to break it.
This is the first certification that I’m recommending you get, and it’s the COMPTIA NETWORK+ certification. Start learning this by watching the YouTube playlist from Professor Messer at the following link:
You will need to schedule and sit for your Network+ exam. The exam costs a few hundred dollars. You may want to purchase additional study materials such as books and practice exams (which Professor Messer also sells at ProfessorMesser.com), but I haven’t used these so I won’t formally recommend them. Buy some practice tests somewhere and make sure you’re ready before you sit for your exam.
Once you pass your NETWORK+, you will then move on to your COMPTIA SECURITY+ exam and follow the same process. The link for that Professor Messer playlist is here:
If you’re looking for a udemy course for Network+ and Security+, Check out Jason Dion and Mike Myers.
Dion’s exams are harder than the actual exam. If you’re getting 80% on his tests then you’re ready for the real deal.
You can also use PocketPrep for test questions that tend to be SLIGHTLY easier than the actual exam.
Separately, Boson can give you some good hands on practice for the PBQs.
Previously, these were the only two certs I strongly recommended for my students. However, in the recent months, I’ve added 2 more:
Splunk Core Certified User
These can BOTH be done in a week and we have guides on how to do them.
High ROI for the minimal time and expense for both.
While working through obtaining your certs, this is when you want to be getting your hands dirty. This is where the substack comes in. This substack is dedicated to filling in the gaps that these certifications don’t teach you, to help you get a job in the real world.
We will focus A LOT on Kali Linux and hacking, but that’s not all. Ultimately, your goal is to get a job as a Blue Teamer (Defensive) because that’s where the most jobs are. We will also go through how to install and configure Suricata (the most popular Intrusion Detection System), how to analyze packet data, use popular tools, hack into stuff, and how to detect (and maybe) stop it, as well as introductions to popular technologies.
As part of the substack and in addition to what we do (let’s be honest, I’m one guy and there’s a whole industry of technologies out there, so you’ll have to dig and do some of your own research, projects, and learning) you’ll want to know something about each of the following technologies:
Hacking Tools on Kali (Metasploit, Burpsuite, John the Ripper, aircrack-ng, etc)
After you get your NET+, SEC+, and have learned a fair bit from the stack, you may want to consider getting your CERTIFIED ETHICAL HACKER certification (CEH). The exam itself is a joke and won’t teach you much, but much like a degree, that doesn’t really matter much. It’s to help you put JOHN SMITH C|EH on the title of your resume like the pretentious Linux user that you are (or soon will be). It’s also rather expensive and might require an online training course to sit for the exam.
Finally, you need a portfolio. To have a portfolio, you need to have done stuff. To do stuff, you need to know how to do stuff. So we get certs, we learn, we follow along in the stack, we learn, and we apply to real world scenarios, and that’s when we really learn.
What are these real world scenarios? There are so many avenues for learning out there to practice on live environments that are completely legal. Here are a few free resources to cut your teeth on hacking and coding:
https://cybertalents.com/ (Web App Pentesting)
https://www.hackthebox.com/ (Web App Pentesting)
https://www.hackerrank.com/ (Python and Linux Scripting Challenges)
https://www.vulnhub.com/ (Network Pentesting)
https://projecteuler.net/ (Intense Math Problems Solvable with Python)
There are many others out there, these are just the ones I’ve used in the past. Take your victories from these, and for each one, make a write up explaining what you did, how you did it, and why it worked. This will reinforce your learning as well as show an employer that you know what you know, and being able to explain these scenarios to them in real time is what they’re actually looking for.
Check out my redacted portfolio here:
If you write code, no matter how trivial, put it in a repository on github. Learn a few basic git commands like git push, git pull, got commit, etc to be able to say you have a basic understanding of git on your resume.
So now, you have the certs, the knowledge, the portfolios. Now you need a resume. Put any good professional experience on there. Don’t put garbage experience on there, your high school GPA, or that you enjoy racquetball and long walks on the beach. Keep it clean and tight.
One trick is to list your self study as experience on your resume. Just be clear that it is actually your journey of self study and not fabricated employment. There’s a fine line there. You know what that line is. Paired with a GOOD portfolio, this will act as your first “experience” and once you talk to an employer, they’ll see that you do know your shit.
See my actual redacted resume here:
Then you apply to 1000 jobs. Indeed.com is your friend. Apply everywhere. Interview often. Find out what they’re asking that you don’t know and go find answers. Then, eventually, you will get your first job and the rest of your career is gravy.
See the process of applying for cyber jobs here:
That’s all for now.
Go get some certs, become a paid HOODIE in the STACK, and happy hacking!