Where to start?

Xavier Briand
Jan 27 · 1 min read

A while back, seeking the next podcast to listen to, I hit “subscribe” on the BHIS podcast. That led me to their blog and especially to their 30 Things to get you started page, where I watched WEBCAST: John Strand’s 5 Year Plan into InfoSec Part 2.

Well that will be my start.

My notes

Year 1

Focus on core concepts:

  • OS: install linux from scratch, read CIS Benchmarks, use Microsoft Evaluation Center
  • Networking: TCP/IP and ICMP, learn to read a packet, sockets programming, build your own home network
  • Learn a language like Python
  • Learn Bash scripting
  • Lookup security standards (CIS, NIST 800)
  • Learn and understand CIS controls

Year 2

Get your security news, learn PowerShell, be part of a security group, write a blog.

Year 3

Learn to build web/mobile apps.

Year 4

Learn to use IDA, Immunity Debugger, OWASP ZAP.

Do online challenges

MITRE ATT&CK matrices

Year 5

Go to conferences, meet and present.

Other resources

The good news is that I already nailed year 3 and I have a undergrade in telecom and networking!

My journey into Cybersecurity

My experience trailblazing the practice of Cybersecurity

Xavier Briand

Written by

50% solution finder at @ExperiencePoint / 50% endurance cyclist. Will train for food and burn it for adventures.

My journey into Cybersecurity

My experience trailblazing the practice of Cybersecurity

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade