| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by M8thril 3101 days ago

> Let me tell you one thing, it's going to be tough. Cyber security is one of the fields of IT that requires the most deep knowledge of how computers and networks work. So, be aware of that. It's like, when someone is asking how to build a game, and the first answer is: learn a lot about Math and Physics. This is the same thing.

> Recommended path:

> 1. CS Basics (concepts) Conceptually understand how computers work, how interpreters work, compilers etc. You're probably past this point.

> 2.Low level programming Basically C, but pay attention to the OS APIs (posix, win32). Make sure you understand the fundamentals of memory management, procedures, threading, etc. You need a lot of C knowledge.

> 3. Networking [0] You basically need to know by heart all the TCP protocol. I have a friend who's incredibly successful working in security and he knows each bit in each packet in a TCP connection. He can just recite it. Once you know about networks, start throwing code at them. See if you can push the wrong bits to a switch, or if you can access some other processes network stack, etc.

> 4. Web standards Basically, how the web works. Once you're past that: Apache and Nginx. You have to know them in depth.

> 5. Known threats and vunerabilities In this process you'll know that there are many exploited issues that have been resolved. But you should study from them. For example, Heartbleed. Would you have the knowledge to find Heartbleed? You should also practice with every other security threat known like XSS, SQL Injection, etc.

> [0] depending the security field, you might not need so advanced networking knowledge, this is just a general recommendation.

> This is just my recommendation, I'm more of a purist, and I have a lot of respect for cybersecurity people.

> Source: +10 years programming, I have a good friend making A LOT of money as a private security contractor and we speak about this all the time.

Great answer. Look at an offensive security certified professional course for a basic affordable course that covers all of the above.