There are tons of information out there about the theory of Cyber Security. But without knowing the practice of it, it is often hard to really understand what is going on. You need to get your feet wet. And here is how!
One of the most amazing things about the internet is that you find information and tutorials about nearly every topic. But this can be a disadvantage too. I made the mistake, and I am sure many of you did – following one tutorial after another without really getting your feet wet.
The more information you have the more you risk jumping from one resource to the next – without ever finishing something.
Don’t do that! Before you start, take a good look at all the tutorials, videos, and books you find and choose the one that fits you best.
It really comes down to what kind of study type you are. Do you learn best if you are reading? Look for books or text-heavy tutorials. If you want more hands-on practice and like to watch how people do it, a video course could be best for you.
No matter what you choose, start getting into practice early, try the examples by yourself, or solve tasks in your own way. Learning how to do something new is always a good mix of the theoretical basics and a really good portion of practice. The more you practice the more the basics you studied stick.
Find good programming projects for beginners
Especially if you are new to coding, it can be hard finding good beginner-friendly projects to practice.
So choose popular projects to which you find many examples. This way you can look at how others solved the problems you run into.
If it is still too difficult for you to program everything yourself, look for the code and code it line by line.
Try to understand everything you do.
Important is, in my experience, that you write the code instead of just reading it. I learned best when I did this.
Plus, you see immediately what the code snippet does.
Practicing Pen Testing
Testing out what you learned about Cyber Security can be tricky – and in the worst scenario be illegal.
Testing some random website or network on the internet is not a good idea if you value your freedom 😉
That’s where labs or CTF’s are coming into play. Many online courses like the Portswigger Web Academy have their own labs where you can practice what you learned legally.
Another good possibility is the “Juice Shop” from OWASP. It is an insecure web app with many known vulnerabilities and flaws.
You can install the application on Heroku for free and play around as much as you want.
Then there are “Capture the Flag” hacking games. A CTF is a contest designed to challenge its participants to hack into or defend a computer system.
In a CTF you usually have to find a flag that is hidden somewhere on a system or machine.
I myself fell into the tutorial trap a number of times and regretted the time I lost.
Because knowing something in theory and apply it in practice are two different things.
Often I had to go over what I learned again because although I knew the basics and the concepts, I just couldn’t figure out how to really do it in a “real-life” situation.
Don’t make the same mistake and lose precious time! Start getting your feet wet early.