0.3% and improving.
So, a little follow up on yesterdays post.
I've had people reach out publicly and privately asking many questions on the how and the why so I figure a post would be the best way to go about answering these questions.
Preface: I have years of experience in computing and only recently found security (via networking, interestingly I was all steam ahead for CCNA/CCNP thanks to
NetworkChuck,
CiscoPanther and
Du'an Lightfoot), in addition to this and when I think back I have actually 'hacked' at things all my life in one way or another; xboxs, computers, phones, my sisters ghetto blaster, scripting.
I was really lucky to 'work' with computers in my day jobs (2nd Line Tech, ISP jobs, NOC job, Application Support Developer) all which broadened my knowledge of how computers, apps and the internet work as well and Call Centre jobs that honed my soft skills to talk to customers, managers, a CEO (whom I had a joke with and he laughed so much he included it in the org wide company email, <3 that guy!). I adapt and react really well in situations and quickly absorb knowledge.
So without further adieu, here we go.
- How did you do it?
Well how do most people learn?
They learn by doing.
In my case I did some googling and found CTF's.
Sites
TryHackMe,
HackTheBox as well as
OverTheWire and others. I could learn 'hacking' better and get in practice (legally) for free? sign me up!
Popping that first box.. man I can't describe how fun that was or how much google-fu I had to use. *cough*
- How long did it take?
This is a fun one, I actually started in March 2020, the start of the UK lockdown.
I saw a post on
The Many Hats Club Discord, ICSI (International Cybersecurity Institute) were giving away vouchers for their Certified Network Security Specialist Certification. It would make the entire training and certification (digitally anyway) completely free.
That was it, that was the thread I pulled and unravelled the wider world of Networking, as above I started by thinking I was going to go all Cisco (I suppose I still could if Cisco are hiring <3 ) and then something else popped up. Basis Technology were doing a similar offer with their Digital Forensics course. It was free so I snapped that up and learned to use something new. Udemy had all of
Heath Adams courses (Now more on the
TCM Academy site direct, I'm coming for them one day, Heaths content is top!) I could afford them and knew it would help lead to greater things and an enjoyment in Privilege Escalation.
Since then I have been hooked and taking in as much content as I can, books (Humble Bundle has amazing No Starch collections for cheap so be on the lookout) podcasts, video.. you name it I was in the process of absorbing it.
- Advice?
One of the best pieces of advice I can give is '
Trust the process'.
I know it sounds like a cat poster, but its true.
I've had days where doing something has come as naturally as breathing and other days where things have been so complicated I gave up and walked away. (you should do that too sometimes, taking breaks is important).
This is where the Trust The Process mentality came in for me and how I came to the idea of: "You have a big issue you need to deal with, chop it up into pieces and take them down one by one!".
In fact
Scott Hanselman did a quick TicTok on this and
how to have a plan to learn. Scott's a great guy by the way if you aren't you should be following him!
It doesn't hurt to at a minimum understand a programming language, you can have an excellent career and not be a top programmer. - My preference here is Python!
And finally, never be afraid to go over the basics again. A firm understanding in Networking can help with many of the issues that you can come across.
-
I've never had anything go 'viral' before so this was an interesting experience.
The outpouring of love and support has really cemented my hopes and aspirations within the Cyber Security space and I still plan to share my knowledge with others (no gatekeeping) so be sure to keep an eye on my hilariously titled site
hacksanddoescri.me where I currently have a series of posts relating to the 'Cyber Basics' just to help give folks an idea of a base line and from that you can springboard into anything else.. trust me its worth it :)
-
One thing I want to stress is that, even though I could be seen as a 'formidable' hacker (and being fair it did go to my head a little being actually 'good' at something).
I still have off days.
I still think of myself as a n00b.
I still find myself googling ports and protocols or examples of exploits.
I still bang my head on the wall when I get stuck.
We're all human.
We all get knocked down and then get up again. (damn it Stack Overflows
Nick Craver putting up Chumbawamba earlier on
twitter.)
I hope this post helps people so feel free to share it, comment, give a like, I do my best to get back to everyone as soon as I can and any of the names I have dropped above are absolute legends and deserve every bit of the respect and admiration they receive.