Finding My Way In Cybersecurity
My Journey from Discontent to Discovery
Two and a half years ago, I found myself at a crossroads. My career path was a patchwork of sales and odd jobs—from pest control to driving for Uber to moving people's houses. These roles paid the bills, but none sparked joy or offered the fulfillment I was after. At 32, the reflection in the mirror was of someone who hadn't quite figured life out, someone who felt directionless. I paused and reassessed what I truly wanted from my career and life.
My interests were varied, stretching from computers and video games to a curious fascination with becoming a pipeline welder—perhaps as a way to isolate myself and find peace. This period of introspection was crucial. It was not just about changing jobs, it was about altering the trajectory of my life, about seeking a job that resonated with me. And, as fate would have it, my search led me to cybersecurity.
My journey into the world of cybersecurity was less of a straight path and more of a serendipitous wandering. Yet, it felt right. The transition was anything but smooth, peppered with moments of doubt and steep learning curves. However, in this chaotic ascent, I found my footing and, more importantly, a sense of belonging. I had the privilege of befriending Jason Haddix, a name synonymous with expertise in the field. I've crossed paths with a cardiologist whose prowess in hacking in his spare time was nothing short of inspiring. The community I found myself in was composed of incredibly talented individuals, each with their own unique story of how they arrived in the world of cybersecurity. It is incredible to surround yourself with people hungry to always know more.
Cybersecurity has taught me that it's much like riding a rollercoaster—filled with exhilarating ups and daunting downs. One week, you're on top of the world, uncovering a critical vulnerability that could have led to a major security breach. These moments are pure adrenaline; they validate your hard work and passion for the field. But then, there are the other times—the lows that follow the highs. Like when you realize you've missed a seemingly obvious security flaw, such as an overlooked parameter or a misconfigured server. These moments can plunge you into self-doubt, making you question your skills and your place in the cybersecurity realm. Currently, I grapple with self-doubt; I critique my methods and often berate myself for not measuring up, a mental battle that's far from enjoyable. Thankfully, I'm surrounded by a supportive network of cybersecurity colleagues like Jason, XSSdoctor, Keith, and more. They've been my sounding board, offering guidance and understanding through these tough times. Their support has been invaluable, making this journey navigable and reminding me I'm not in this alone.
This field has taught me to be humble and to accept that learning is an endless journey. Despite the moments of self-doubt and the pursuit of unattainable perfection, my passion for cybersecurity remains undimmed. It's a field that constantly challenges me to grow, learn, and adapt. To those just beginning their journey in cybersecurity, know this: the path is fraught with challenges, but it's also incredibly rewarding. Don't sweat the small stuff, and remember, every expert was once a beginner.
Reflecting on my journey, if I were to start over or guide someone just embarking on their cybersecurity adventure, I'd chart a more structured path with resources that I now know are invaluable. Here are the steps I'd recommend for anyone looking to dive deep into the world of Pentesting:
1. Foundation Building with TryHackMe
Firstly, I'd spend two solid months on TryHackMe. It's an incredible platform for getting hands-on with the basics of cybersecurity in a way that's both engaging and comprehensive. The structured learning paths and gamified environment make complex concepts more digestible for beginners.
2. Understanding Web Security with CS 253
Next, I'd immerse myself in the CS 253 Web Security course available on YouTube. This series is a goldmine for understanding the intricacies of web security from a foundational level, covering everything from HTTP basics to advanced security mechanisms.
3. Expanding Skills with Portswigger Academy
Portswigger Academy would be my next stop. It's an unparalleled resource for diving into web application security, offering hands-on labs and in-depth tutorials that cover a wide range of vulnerabilities and attack strategies.
4. Advanced Practice with Hack The Box CBBH
For those looking to solidify and advance their understanding of web app pentesting, tackling Hack The Box's CBBH in conjunction with Portswigger offers a great understanding of practical web application penetration testing. It's a challenging but incredibly rewarding step that cements your knowledge through real-world scenarios.
5. Deep Dive into Recon with Jason Haddix
Lastly, I'd invest in Jason Haddix's Bug Hunters Methodology Live on Gumroad. Jason's passion for teaching shines through in this course, providing deep dives into reconnaissance and how to approach web applications. His methodology, coupled with access to an amazing community, makes this paid course my top recommendation for anyone serious about bug hunting.
Communities That Kickstarted My Cyber Journey
🛠️ Jason Haddix's Discord - The Bug Hunters Methodology
Jason Haddix's Discord: If you want to learn how to find things that others can't, this is your spot. There will be lots of conversation and chat and some live bug-hunting adventures.
🦶 OnlyFeet Discord - Don't Judge a Server by Its Name
The OnlyFeet Discord might sound like it's about something entirely different (nope, not going there), but it's actually where I found some of the most welcoming cyber pros around. They were all about answering questions, no matter how basic, and guiding newcomers through the maze of cybersecurity. This server was my first real taste of what a supportive cyber community looks like.
🤔 CTBB Discord - The Brainy Bunch
The Critical Thinking Podcast Discord: Once you have your feet under you and want to dive deep, listen to their weekly podcast and get ready to take an endless amount of notes.