0

I want to become a cybersecurity engineer. Currently, I have a good knowledge of pentesting, programming(python, c++, bash, batch, powershell), networking, firewalls but something come to my mind. Where do I start to actually become a cybersecurity engineer? Right now I'm on my first job at a helpdesk in Brazil, but I have no idea where to start or which qualifications I should have or certifications. I'm kind of lost, I love computers and learning new stuff and somehow I feel this may be my area. Someone can please share some of your experience on the area, the challenges you had to make, and the knowledge you had before attempting it.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Rui Barbosa
  • 1
  • 1
    Unfortunately, the term "cybersecurity engineer" is not well defined. Once you define what you want to practically do, then what you need to know will be obvious. – schroeder Aug 25 '21 at 19:12

1 Answers1

1

Cyber Security is a very large topic, but at its core is the fundamental understanding of how things work to a degree that you know where the edge cases are and how things might also break.

In terms of where to start? Since you mentioned pen testing specificly, I would most likly start by:

  • building a static webserver (i personally use vultr)
  • learn how to secure SSH and port 80 / 443 on the box with a IPTables or UFW
  • setup dns for your webserver
  • add a reverse proxy like nginx and figure out how to direct multiple subdomains to the same ip
  • use letsencrypt to setup https and research best practices
  • setup BasicAuth and learn about the diff types of hashing
  • mess around with john and what a dictionary attack is
  • add ajax communication between client and server
  • research XSS and CSRF and how it might apply to your server
  • add sessions to your webserver and learn about best practices for sessions
  • add socket.io and figure out how websockets work
  • add a database to your webserver and do research on SQL and NoSQL Databases
  • do research on input sanitation and SQL injection
  • do research on MitM attacks and ZAP
  • do research on metaspoit
  • do research on BeEF

The stuff listed twards the end seems like the most fun, but the knowledge that comes before it in the list will give you a better understanding of how and why they work.

CaffeineAddiction
  • 7,517
  • 2
  • 20
  • 40