I wanted to share my journey into the cybersecurity industry today to explain why I still work in it (despite writing about the high rate of burnout among cybersecurity professionals).
It roughly started during high school (about 8 years ago) when I saw an interview with a person who dropped out of college and started a company to provide pentesting services.
In those days, cybersecurity wasn't as popular, and no one recommended this as a career option. "Hacking" was considered a crime, and the concept of "ethical hacking" simply did not exist. But I was determined to learn more about this subject, so I contacted that pentester and asked him how he got started. He recommended a book called "The Web Application Hacker's Handbook, 2nd Edition by Dafydd Stuttard and Marcus Pinto."
I started reading it and quickly realized that I didn't have a basic understanding of how websites work, and the book was too difficult to read without it. I realized that I needed to take a step back and start learning basic IT and network skills as I went along.
My first stop was YouTube, where I discovered Professor Messer, who offers free video series on CompTIA A+, Network +, and Security +. This is by far the most valuable resource that anyone can use to get started in IT to date.
Once I had the foundations covered, I started to look for more in-depth resources to get hands-on experience. I discovered two excellent instructors who made many of the more difficult concepts approachable and understandable. They are:
Hackersploit : https://www.youtube.com/@HackerSploit
The Cyber Mentor: https://www.youtube.com/@TCMSecurityAcademy
Practice in live environments is the quickest way to learn pentesting, and sites like Hackthebox make it easy. I've rooted around 80 machines so far. I used to watch Ippsec's walkthrough and copy his methodology when I was struggling with it at first.
While all of this was going on, I managed to get a job as a network engineer and later moved on to a security engineer role that primarily dealt with firewall management.
Today, as a senior security researcher, I get to point out all of the bad things that I find in my company's network.
I intend to pursue other opportunities, such as participating in bug bounty programs, and to improve my skills, particularly in web app pentesting, which is why I started this blog.
I'm currently enrolled in the API Pentesting course, https://university.apisec.ai/apisec-certified-expert, and I believe I'll cover some of its key takeaways in future posts.