en
en

Starting Your Journey in Ethical Hacking

FEATUREDBLOG

CypherOxide

11/20/20232 min read

"Embarking on an ethical hacking journey is like leveling up in a video game. You earn trophies, grind for achievements, and keep advancing. Stay curious, passionate, and dedicated to your craft, and you'll conquer every challenge that comes your way."

So you want to get into cybersecurity and begin your journey of ethical hacking but you don’t know where to start? I remember that feeling, torn between my daily routines and my intense desire to push myself to gain new skills and knowledge. But diving into ethical hacking without a solid plan is not the best approach.

I learned the hard way that getting into InfoSec and just starting to hack immediately are very different hurdles. Now, just months after I wrapped up my cybersecurity program and have started working towards my future, I’m faced with the question – where do I go from here? What should the next step be in this journey? For over a decade, I have chased one interest after another and only in the past 3 years have I had a goal. Thinking back on it, I’m reminded of the very first steps I took, and want to share my experiences to help others just starting out.

1. Learn the Fundamentals

  • Learn about core concepts like networking, different operating systems, encryption, risk management, governance, and report writing skills.

  • Study common vulnerabilities like buffer overflows, SQL injection, cross-site scripting, etc.

  • Understand attacker tools and techniques like social engineering, phishing, malware, privilege escalation, and more

First and foremost, you should take the time to deeply explore the field before jumping in the deep end with the technical aspects. The dramatized hacking we see in movies and TV is fun, but not realistic. The job of a pentester is not just furiously typing on a keyboard while telling your client “I’m in!” through a headset.

2. Develop Technical Skills

  • Learn the Linux terminal, scripting languages like Python and PowerShell, key tools used for Pentesting and Security Monitoring.

  • Study database concepts, data structures and algorithms to understand secure coding

  • Lean frameworks like NIST, MITRE ATT&CK, and CVE for exploit understanding, as well as Nessus and Metasploit for exploit development for attacks and vulnerability management

As an ethical hacker, a lot of the job consists of detailed documentation, planning meetings, carefully written reports, and digging through massive data dumps hunting for one critical piece of info. Developing good practices and technical skills is invaluable when you’re diving into log files and packet captures and are faced with potentially thousands of lines of information and no idea what you’re looking for, or what information is in there.

3. Get Hands-On Experience

  • Set up a home lab with virtual machines to practice penetration testing safely

  • Build Projects and test for vulnerabilities like improper access controls, insecure direct object references, injection flaws, etc

  • Participate in bug bounty programs to gain experience finding real issues

One of the best ways to begin on your journey is to start with a home lab. Some people have spent thousands of dollars on server-grade equipment, 10 gigabit switches, and proprietary software or virtualization solutions. This is not necessary. It’s nice to have solutions that have well-funded companies or organizations backing the development of these products, but it by no means a requirement. Your first home lab could realistically be run from an inexpensive second computer or laptop. Additionally, platforms such as HackerOne, Hack4Values, and OpenAI‘s bug bounty programs, you can gain real world experience by doing authorized pentests and bug hunting. The great thing is that even if you don’t find a bug that pays out a bounty, it’s still real experience.

4. Stay Updated on Tools and Methodologies

  • Follow security blogs and podcasts to stay updated on cyber trends, hacking techniques, new tools.

  • Attend security conferences like Defcon, Black Hat when possible. Great for learning.

  • Experiment with new distros, security tools, pentesting methodologies.

Rather than immediately downloading tools, I would recommend starting by building up your core knowledge base. Read widely about foundational InfoSec concepts like networking, Operating System fundamentals, coding or programming, governance models, risk management frameworks, and common attack vectors. Taking online courses focused on core programming languages like Python and Linux skills. With access to thousands of hours of free video training and various platform like HackTheBox Academy, TryHackMe, and FreeCodeCamp, this can help equip you with the base needed to start venturing into ethical hacking.

5. Develop Communication Skills

– Learn to communicate technical cybersecurity issues to non-technical executives and clients

Advertisement

– Practice reporting and documentation skills. Clear reports are crucial for clients

One of the key skills needed when entering into the digital world as a cybersecurity professional is Communication. Whether you’re joining cybersecurity communities and forums or learning technical documentation practices, developing communication skills is hugely valuable for learning from generous professionals willing to share their knowledge. You can read detailed writeups of real-world pentests, ask questions when you get stuck, and make connections. Writeups also give you a template that you can follow to begin developing your own writeups and reports, especially if you use some of the platforms that include a lab environment to develop and practice new skills in a hands-on approach.

6. Build a Portfolio

  • Create a website or GitHub profile showcasing cybersecurity projects and experience

  • Share writeups detailing the process and findings of pentesting assessments

One of the first things I did after going back to school for my degree was to begin working on several projects. The first that I started on was a Raspberry Pi build/Cyberdeck hooked up to a drone for a modern take on wardriving, building home media server, and creating a virtualization environment. Whether your designing your own custom PCBs, creating a cyberdeck, or working on a GitHub page to showcase your scripting prowess, building a portfolio is invaluable when you begin your search for a cybersecurity/ethical hacking career. One of the easiest things you can do is to create a website, start a blog documenting your progress, or start a YouTube channel to share your experiences as you develop, create, and perform.

7. Gain Professional Experience

  • Pursue internships or entry-level positions at information security companies

  • Volunteer as a white hat hacker for nonprofits to build experience

  • Earn relevant certifications like Security+, CISSP, CEH, OSCP, GPEN, etc

Once you have a solid grasp of networking, Linux, Windows, scripting, risk management, and governance, you can start exploring specific pentesting tools and methodologies more deeply. Setting up a home lab to practice fundamental techniques safely and legally, remember to start slow and small, working your way up to more advanced methods over time. In addition to bug bounty programs to gain real pentesting experience, volunteering in various clubs, or taking online courses to prepare for industry certifications, there are numerous, non-traditional ways of gaining experience (this is especially helpful with the current market being super-saturated and companies consolidating IT roles). Pay attention to the job postings out there and see what certifications are in the highest demand. This should give you a good idea of what certifications would be best to spend your time (and hard earned money) working towards. For a long time, the OSCP was regarded as a milestone and a hazing for aspiring cybersecurity professionals. Now with other industry leading certifications like EC-Council’s CEH, GIAC’s GPEN, Cisco Security Certifications and CompTIA CySA+ or Security+, companies now are recognizing multiple alternatives to what used to be a small number of acceptable certifications.

With consistent effort and commitment to hands-on learning, you can gain the fundamental and practical skills needed to begin an exciting and meaningful career as an ethical hacker. Above all, longevity and determination matter greatly in this field. Commit to continuously learning and bettering your skills. One of the most important skills that you can showcase is the ability to decide on a path of action and stick to it, and to be exceptional, you have to be able to follow standards set by the industry while being capable of thinking outside of the box for ingenious solutions. Stay curious and passionate and dedicated to your craft. Don’t let minor setbacks discourage you for long.

If you maintain patience and integrity, you can succeed on this incredibly rewarding journey of becoming an ethical hacker. If you’re passionate about technology and ethical hacking, it might feel like a video game. Every now and then you get a trophy, and then there’s a long session of grinding out achievements before your next advancement. Just keep going on and on and eventually, you’ll make it to the next level.

a man in a hoodie standing in a room with a computer screen
a man in a hoodie standing in a room with a computer screen
a network of people and computer systems with a globe in the middle of it
a network of people and computer systems with a globe in the middle of it
a man in a black shirt is working on a computer
a man in a black shirt is working on a computer

Related Stories

About

Contact

Inquiries

Hope Integrated Systems © 2023

Hope Integrated Systems empowers the generation of tomorrow for a brighter future and hope for every individual.

Terms & Conditions

Privacy policy

Upgrade your inbox

Subscribe to our newsletter and never miss a story.

We care about your data in our privacy policy.