One of the fastest growing fields in Computer Science is that of Cybersecurity. The world is digitizing and today, we have more computers and smartphones than ever before. Large corporates have a lot of digital information and so, the security of this data becomes critical. As a result, they are investing heavily in data security.
This opens up a lot of job opportunities in the market for Engineers who are looking for jobs in a cutting-edge, fast-growing field.
In this roadmap, we will talk about the various domains of cybersecurity and how you can build a career in it.
This roadmap has been contributed by Nimit Jain from IIT Kanpur. Nimit works at a reputed Cybersecurity firm as a Senior Security Engineer. Surprisingly, Nimit is not from Computer Science - he has learnt it all by himself, setting up a great example for all those who are not from Computer Science, but want to build a career in the tech domain.
Cybersecurity is a broad domain and it can be classified into the following 5 subdomains:
Web Application Securit
Android/iOS Security (Mobile Security
For a beginner who has recently graduated from college and is looking to build a career in cybersecurity, the first 3 (Web Application Security, Network Security and Mobile Security) are great starting points. In fact, for those who have some prior experience of Cybersecurity in college, even Cybersecurity Training is a great opportunity. All 3 of them have common starting steps:
Learn the basics of the Security domain as a whole to get a high-level understanding of all the concepts
For Network domain, you should consider brushing up with the fundamental concepts of Computer Networks (TCP, UDP, IP, DNS, etc.
For Android/iOS, it is recommended that you have some prior experience (or a project) of mobile application development so that you have a better understanding of what’s happening under the hood.
Note that the above concepts have nothing to do with Cybersecurity. The above are all rather domain-related concepts where you are trying to first understand what is Web and how does it work before getting into the security of the Web.
Once you have a brief understanding of the domains, you can take an introductory Cybersecurity course on Cybrary. Cybrary offers some great courses on Cybersecurity in various domains and it is a great starting point for beginners. Aim to complete the most basic Pentesting course on Cybrary. As you get to know about various domains, you should try and see which one interests you and accordingly, you can choose to develop skills in that domain in order to get a job.
Among all the above 5 domains, the most demanded one is the Web. For web, once you’ve completed the above Cybrary course, you can start practising on various vulnerable machines that are available on Vulnhub. Another great resource is Hack The Box. Both are one of the finest resources available to practice your skills. A few of the machines available on Vulnhub from beginner's perspective would be DVWA, Metasploitable 2.0, Necromancer, and Kiotrix series. ctftime.org is another great platform, although Vulnhub and Hack The Box are recommended.
Talking about books, you may want to start with The Web Application Hacker's Handbook and Mastering Modern Web Penetration Testing. As you read books, try and apply those concepts in practice. Remember, the theory will help you just get started. However, applying your learnings to real-life scenarios is most important to develop your skills.
As a Cybersecurity aspirant, you should also consider learning some widely used Cybersecurity related tools. One of the must tool to master, particularly if a person is going in Web application pentesting or Android/iOS is Burp Suite. It is one of the best tools and most widely used across the globe by almost all hackers.
You should also read a lot of Cybersecurity blogs to get an idea of what’s going in the market. These blogs give you a perspective of activities happening in the rest of the world. You may want to refer Cybrary and other good blogs.
If you have time, you should consider attending Cybersecurity related conferences like NULLCON. Not only will these conferences help you improve your knowledge, but also they will help you in networking with other Cybersecurity experts.
Take courses on Cybersecurit
Read Cybersecurity related book
Apply your learnings on machines available on Vulnhub and Hack The Box
Once you are through with the above, you can start reading reports on Hackerone which is a great platform for bug bounties. You can try your hands on real-life cases too. However, you should make sure that you are through with the fundamentals before you do that. In the beginning, this may seem tempting. However, such concepts are advanced and you may get demotivated if you skip the fundamentals