My 6 Month Journey Towards Cybersecurity
If you look through entry level cybersecurity positions, you’ll see companies want a minimum of 3 to 5 years of experience. How do you do this? You’ve been working helpdesk and desktop support for 4 years now? The gap between lower-level IT into mid-level IT seems to be huge for someone that’s trying to get there.
I’ve been on this journey for a few years. In 2020, I passed the CompTIA Security+, then worked on some homelabs and studied for other certifications. Even though I was working hard, I didn’t do what needed to be done to get into the field. I failed to document my homelabs and I didn’t have my priorities straight, I went down the path that most appealed to me. From experience, it’s not the way. Everything online says “pursue a certification!” but how are you supposed to understand what’s being tested on if you don’t have the experience? Do some digging into Reddit and you’ll find many posts about getting experience rather than a certification. As I was in college, I failed to understand the real world — that employers want you to be able to do the work not just the credential. I looked through the job postings of the places I want to work and adapted myself to their work. Juniper is used at the organization I work for so I got the JNCIA-Junos. Still, that’s not enough, I needed the experience. I told myself I want to recreate my home network. I have hardly any experience in networking so I knew it was going to be a struggle, but I dove right in. You can see the progress on my GitHub. This struggle led to my six month journey.
This project began on May 31, 2022. I set a deadline of six months to hone my skills, document my journey, put myself out there, and get a job. I grabbed a piece of paper, a pen, and started to write:
My goal:
- Get a cybersecurity job by December 4, 2022.
How am I going to do this?
- Work on homelab
- Document journey in GitHub
- Expand on existing knowledge
- Progress everyday — plan ahead
- Plan work for the week
- Write weekly reviews
- Study tools my company uses
- Study tools of other companies
- Review Anki daily
- Work on LinkedIn page
- Put myself out there
- Continuously work on resume and cover letter
- Work hard in existing job — ask manager how I can improve
What are skills I’m going to learn?
- Understand the incident response process
- Understand logs and correlate events
- Triage incidents
- Understand real-time monitoring
- Digital forensics
- Malware analysis
- Document resolutions
- Sysadmin for security tools
- Remediation/IOCs
- False positives vs true positives
What are some tools I should learn?
- Splunk
- Nagios Core
- Snort
- Python
- Nessus
- Linux
- pfSense
- Windows Event Viewer
- File Formats
- Malware traffic analysis
- Navy labs
- VirusTotal/Talos/MXToolbox/HybridAnalysis
There’s going to be many more tools and actions to take, but this is the start. Hopefully these actionable steps are ones to get a cybersecurity position by December 4, 2022! Please join me on my journey!
