Have you ever wondered what is the best way to learn cyber security and acquire the necessary skills?
It’s a common question for anyone who wants to get into this exciting area of IT.
In this article, we are laying out a clear, actionable plan in six strategic steps. First, our guide will explain the importance of foundation skills in IT and networking. Next, we will discuss gaining general cyber security knowledge and picking a specific direction within it.
We will show you the best way to assess your current skills, the importance of networking, and how to fill in any of your skill gaps with resources such as courses and certifications.
If you are ready to start, let’s begin.
1. Get Basic Knowledge in Networking / IT / Operating Systems
Before thinking about cyber security, you must complete the foundational knowledge. This involves learning about operating systems, basic IT, and some networking.
Why is it important to learn these skills first? Wouldn’t it be quicker to jump right into learning cyber security?
While you could logically start learning cyber security from scratch without IT or networking, it will be much harder to grasp the concepts, understand how different elements interact, and how malicious actors can exploit vulnerabilities without foundational knowledge.
Attempting to dive into security skills too soon often leads to frustration and wasted effort since it requires connecting many disjointed pieces that rely on core IT and networking fundamentals.
Learning the fundamental skills involves learning topics such as:
Computer Hardware Fundamentals
- Understanding components like motherboard, CPU, memory, and storage devices.
Operating System Basics
- Installing/configuring Windows and Linux OS variations.
- System administration - managing users, file systems, and applications.
IT Support Skills
- Troubleshooting issues.
- Managing backups and recovery.
- Monitoring the health of infrastructure.
Networking Principles
- IP addressing, subnets, routing, and network layers.
- Key networking devices - switches, firewalls.
- Common protocols - TCP/IP, HTTP(S), UDP.
Basic Computer Security
- Security concepts - authentication, encryption.
- Security controls like access controls, logging, and backups.
The best way to learn these skills and become certified simultaneously is to take industry certifications in these areas.
Not only will you learn the knowledge needed to understand these foundational skills, but you will give yourself a certification that can help bolster your resume and demonstrate your understanding to potential employers.
Consider the CompTIA A+ for IT skills and the CompTIA Network+ to gain networking knowledge. In lieu of Network+, you might also consider the CCNA.
Courses
Here are some courses that will help you gain the basic IT and networking skills we recommend you have.
2. Gain General Cyber Security Knowledge
Now that you have IT and networking know-how, it’s time to gain general cyber security knowledge.
This knowledge is important to give you an understanding of the main concepts. After learning these concepts, you should be able to converse with security professionals about topics such as encryption, the CIA triad, or even the zero trust model.
This material is covered in great depth in CompTIA Security+, so you could look at using this material to gain the knowledge needed, and then use that to write the exam.
The type of knowledge you will need to learn to grasp general security includes:
Cyber Security Fundamentals: Basics of securing computers, networks, and systems.
Threat Landscape: Understanding various types of cyber attacks and actors.
Security Protocols: Knowledge of common security protocols and best practices.
Risk Management: Identifying, analyzing, and mitigating risks in cyber security, such as identity theft, and developing strategies to mitigate them.
Incident Response and Management: Learning how to respond to security breaches.
Ethical Hacking Basics: Introduction to penetration testing and ethical hacking methodologies.
Encryption and Cryptography: Basics of securing data through cryptographic methods.
Identity and Access Management (IAM): Understanding control of user access and identity management.
Network Security: In-depth knowledge of securing networks against various attacks.
Cloud Security: Basics of securing cloud-based platforms and services.
Once you have a solid understanding of general cyber security, it can help lay a strong foundation for your long-term goals.
This can help you identify specific career paths that might align with your interests and strengths.
Other certifications at this level are optional, depending on your goals and where you want to end up. You could opt for eJPT or CEH (certified ethical hacker) if you want to begin a career as a penetration tester. Or you could aim for CompTIA CySA+ or BTL1 Junior Security Operations certification if you see yourself pursuing a more defensive-minded career, such as an information security analyst.
If you want to know how long learning all of this material will take you, read our article How Long Does It Take To Learn Cyber Security.
Courses
Check out these courses to help you gain cyber security knowledge and skills.
3. Choose Your Direction
Now that you have the general cyber security knowledge, it's time to choose your direction. You could look at becoming a specialist in either an offensive (red team) or a defensive (blue team) role. Alternatively, you could look at moving into an advanced generalist role.
One way you can visualize this is by looking at the StationX career pathway. Let's quickly explore this.
The cyber security career pathway offers a defined roadmap via five stages, from IT and networking basics to security expertise. This roadmap aids in your navigation, career advancement, and goal achievement.
Every stage builds on the last, providing a clear route from feeder roles in IT and networking and entry-level cyber security roles to specialist experts.
Let’s break down some roles you may want to choose once you have gained some cyber security knowledge.
Red Team (Offensive Security)
Roles: Ethical Hackers, Penetration Testers, Vulnerability Assessors.
Path: Focuses on attacking or simulating cyber attacks to find vulnerabilities.
Skills: Deep knowledge of hacking tools, coding, vulnerability assessment, and social engineering.
Blue Team (Defensive Security)
Roles: Security Operations Center (SOC) Analyst, Cyber Security Analysts, Forensic Investigator (Digital Forensics Analyst), Incident Responders.
Path: Focuses on defending against attacks by strengthening systems. In-depth analysis of cyber incidents.
Skills: Network monitoring, incident response, threat intelligence, security policy formulation, and use of forensic tools and techniques and malware analysis.
Advanced Generalist
Roles: Cyber Security Consultants and Architects.
Path: Has a broad understanding of both offensive and defensive aspects.
Skills: Risk assessment, compliance, and general knowledge of various cyber security tools and practices.
Making a clear initial goal can significantly speed up the process of learning, gaining skills, and finding a career in cyber security.
Finding a niche that fits your career goals and meets the changing needs of cyber security is all about matching your skills and interests with the job market's needs.
4. Take Stock of Your Current Capabilities
Now that you’ve taken the step and decided where you want to focus your time and energy as it relates to your career aspiration, it's time to understand the current skills you have as well as the skills you will need.
The first step is writing out all the current skills you possess. Let’s take the example of a Penetration Tester.
You’ve decided that you want to become a Penetration Tester. You need to catalog all the skills you already possess, from hard skills like Linux, networking, and Burp Suite, to soft skills such as teamwork and communication.
Once you've listed all your skills, it’s time to look at the specific role and the accompanying job postings. From these postings, look at the skills and experience asked for. This could include some of the skills you already have, or it may be skills that you will need to work on.
You want to use something you can refer back to frequently as you build your skill set.
We made a tool to assist you with this, but you can do it in any way that works best for you as long as you can refer back to it and make changes as needed.
In the Current Capabilities tab, fill out the capabilities column with your current skills.
Write down your knowledge about hard, soft, and transferable capabilities.
Hard skills, like network administration, Linux, Python, or AWS, can be measured, proven, and sometimes certified.
Soft skills, like managing your time, making reports, and solving problems, are learned through experience and may be harder to quantify.
List no more than 10 for each. Choose your level of knowledge (how well you understand the ability) or skill (how well you can use what you know in a given job or situation). You can use months or years to measure experience.
Capabilities I Need is the second tab. It's set up the same way as the last table.
Here, you look through the job description for the job you want. Using our example of becoming a Penetration Tester, you should do a gap analysis and fill in the hard and soft capabilities you frequently see in these postings.
Next, fill in the certifications or credentials that are asked for in those job postings. Check to see what qualifications you have and whether they are listed on your resume.
Once you understand your current skills and compare them against the required skills, you will have an organized list of the gaps remaining. You can now build a plan to acquire the needed knowledge.
5. Network With Other Professionals and Students
You now understand the skills you need to pursue your desired career. Now, it’s time to discuss the importance of networking within cyber security.
We understand that not everyone has an outgoing or extroverted personality, and many in the IT field lean introverted. However, networking remains critically important.
The good news is you can build connections that work for all types of personalities in many ways:
- Connect with mentors in the industry who can offer their knowledge.
- Join small, dedicated study groups in your focus area.
- Participate in mastermind groups for accountability and support.
- Volunteer for security conferences or meetings.
- Offer your expertise to others.
Let’s explore some points more thoroughly.
Mentors
Those with knowledge and or experience within cyber security serve as mentors to guide you on your journey. In addition to technical advice and expertise, engaged mentors offer a career growth perspective. Mentors who work in the industry know which certifications are valuable and which skills are in demand.
The goal is simply to listen and learn from those further ahead while making authentic connections through the help offered.
97% of those with a mentor consider them extraordinarily valuable and influential. (Source)
Study Groups
Being part of a study group is a great way to help you learn more effectively, stay focused, build confidence, and collaborate with others aiming for the same goals, such as working towards a certification.
70% of respondents to a survey indicated that being part of a study group increased their motivation. (Source)
Mastermind Groups
Mastermind groups are small groups of like-minded individuals who meet regularly to support each other’s personal and professional growth. The groups are extremely beneficial as they offer shared wisdom and accountability and can help expand your network.
Sharing your goals with others increases your success rate by up to 95%. (Source)
Personal Branding
In cyber, you must try to stand out and sell yourself to prospective employers. You can do this by highlighting your unique skills and passions.
When done effectively, your personal brand can work as a magnet by drawing opportunities to you instead of you needing to pursue them directly.
You can do this in a number of ways. You could share advice through blog posts and YouTube videos. Topics might include “A Beginner’s Guide to Penetration Testing” or “My Favorite Practice Resources."
You can also engage the infosec community on X (Formerly Twitter) or LinkedIn by commenting on relevant issues and challenges. The goal is to regularly provide value to build familiarity.
Another great way to use personal branding is by creating a personal website. Use this site to showcase your skills and projects you’ve completed; and any courses and certifications that you have finished that can demonstrate your abilities to employers.
80% of employers believe a personal website is essential when assessing job candidates. (Source)
Ken Underhill's Cyber Security Personal Branding is an outstanding course available in our member section.
Accelerator Program
With the immense value of mentorships, study groups, and mastermind groups, imagine having on-demand access to all three within one dedicated program.
Now envision that the program is focused on accelerating your skill development through courses, resources, and networking.
This is where our Accelerator Program can help. Our exclusive member-based online platform connects you to security professionals, experts, and peers.
Join a community of like-minded individuals who are equally passionate about security where you can connect, share insights, and grow together. Take advantage of everything we have to offer and grow your skills today.
6. Build Specific Skills
With clearly defined skill gaps standing in the way of your end goal noted back in step four, it’s time to construct a plan for gaining these missing skills.
Start by revisiting the direction you chose in step three and pursue certifications and courses that address your areas needing improvement. If your direction were in the blue team area, for example, you would look for material (certifications and courses) to help you gain the missing skills.
Let’s continue to use penetration testing as our example career choice.
You should look at certifications like the OSCP, CEH, or PenTest+ and immerse yourself in courses covering Active Directory, Linux privilege escalation, and Windows privilege escalation.
Depending on your goal there are other certifications you may want to consider.
Explore our lists of top certifications for various career paths:
The 10 Best Network Security Certifications
The 10 Best Cyber Security Certifications for Beginners
The Best IT Certifications for Beginners
10 Best Pentesting Certifications: Your Ultimate Guide
Take advantage of the mentors you connected with in step five to provide advice on the best opportunities to practice these skills through lab simulations or real-world projects.
Also, use study groups to help with motivation and accountability in hitting learning milestones and working together to build skills.
Make dedicated time for hands-on skills development, from labs to understanding basic programming in Python, Bash, and PowerShell.
Courses
Check out some of our courses below to help you build relevant offensive or defensive security skills.
Tips and Advice
Here are five tips to help you make the most of learning cyber security.
- Dedicate set weekly hours for learning and try to stick to it, whether three hours or 20 hours.
- Establish accountability check-ins on progress in a mastermind group to motivate one another.
- Create gamified rewards for hitting milestones to reinforce consistency - ex. treat yourself to a nice dinner after hitting a certification goal.
- Construct a dedicated home lab for immersive, hands-on practice without constant setup/teardown - make training frictionless.
- Alternate intensity levels daily: easier video training or reading after high-focus hands-on days to prevent burnout.
Conclusion
You now have a great roadmap on the best way to learn cyber security. By following our battle plan, you are setting yourself up for success.
Remember, mastering skills in cyber is about always learning, adapting, and evolving.
You can integrate all of this with our Accelerator Program by joining an inclusive community and connecting with mentors, joining study and mastermind groups, and taking advantage of our large selection of courses.
Stay curious and good luck on your journey.