How to get into Cybersecurity with NO Experience – The Ultimate Guide

How to get into Cybersecurity with NO Experience - The Ultimate Guide

#Cybersecurity #Experience #Ultimate #Guide

Hey everybody josh here welcome back to my channel i do a lot of videos on it cyber security education and career things but today’s video is going to be the ultimate guide on how to get into cyber security that is like how to break into the field and start working in

Cyber security the format of this video is going to contain a step-by-step curated list of things that you can do that will increase your chances of being able to break in the field some of the steps will have multiple tiers in them like for example you should do a at the

Bare minimum to increase your chances or b to have a slightly better chance or you should do c to like you know totally max out your chance in this particular area and the idea is the more things that you do in this checklist or this framework and the better you do them the

Higher your chances are that you’re going to be able to find a job and like ultimately get hired and enter the field so if you’re interested in getting into cyber go ahead and smash the like button consider subscribing and let’s get started so the very first step in this

Checklist is to kind of get in tune with the cyber security world and then kind of maintain this until you get a job and then ideally afterwards like throughout your career and how i do this i personally recommend using podcasts and twitter so as far as podcasts go i would

Kind of recommend two particular podcasts that you should subscribe to and kind of listen to uh the first one is just being like basic news podcast which is the cyber wire it’s like a really highly produced well-organized team of people the main guy’s name is dave bittner and they they do like it’s

Called the cyborg daily and they do daily news about cyber security events that happen all over the world and it’s really good to listen to this because it kind of will get you in tune with the world of cyber security and the more you listen to it it’s kind of like hanging

Around security people all day because you’re using a lot of security and like industry jargon and talking about like all these different things like apts and ttps and iocs and like all these kind of like strange security words and they talk about all kinds of news and stuff

That’s happening around the world and it it kind of like subconsciously will improve your cyber security vernacular and like give you things to talk about when you actually like get to the interviewing phase it will kind of get you in tune with the industry and like

Help you be able to talk about it in a more natural way so go ahead and listen to the cyber wire don’t listen to like the back episodes because it’s news so just pick up today’s episode and like kind of listen to it every day moving forward and the second podcast i would

Like strongly recommend listening to is darknet diaries by jack resider the format of this podcast is like a nice storytelling theme and it’s really really well produced and it’s really really entertaining and he kind of talks about a lot of different cyber security events and stories and like different

Criminals and hackers and he interviews people like from all over the place and it’s like super super interesting and the point of listening to this again is to kind of open your mind up to what’s possible in the world and like what people are doing and it will give you

Things to talk about like in your interview like if if somebody i always get this question like which breach do you find the most interesting or like name three events that happened in the last year or something like this um this podcast and the cyborg will both like

Really help with this as well and the third kind of thing i’d recommend is find some good accounts to follow on twitter like i might recommend hunter slabs to be honest and maybe the hacker news or something like this there’s a whole bunch of other ones but those are

Ones those are the ones that i would recommend and the kind of point to this is a lot of the times like stuff will come out on twitter like really fast like before anything else like before cyberwire or before like someone says anything about it on youtube it tends to

Come out on like twitter like really fast so remember how i said in the beginning like each one of these steps like some of them will have different tiers in them so i would say like for this step like tier one would just be like picking one of the three like i

Would recommend if you just pick like any one of those i might recommend dark net diaries because it’s the most interesting and you can learn a lot if you want to be like tier two to kind of like you know make this step even better like i’ll do like dark net diaries and

The cyber wire because they’re like really easy to digest and you can kind of just passively listen to them and if you want to be like hardcore like tier three in this step just do all three like pick some nice twitter accounts to follow like hunter slabs the hacker news

Uh listen to dark knight diaries and listen to the cyber cyber wire as well so you can like really get kind of engulfed in the cyber security world so yeah that is step one get in tune with industry and ideally you want to maintain these things like at least

Until you get a job but you know ideally like after you start working you know at least maintain like one of these things so you can kind of stay in the loop if that makes sense and step two of the checklist is to get yourself some basic computing and security knowledge along

With some basic programming skill getting into cyber security is a little bit tough because cyber security is kind of a subset of i.t and to really like understand a lot of the security concepts you have to have like an okay understanding like a foundational understanding of information technology

Like especially networks so in this step i recommend getting a basic understanding of computing as well as a basic understanding of how to program and there’s a lot of different ways to kind of go about doing this um but i what i would personally recommend is not necessarily taking the certificates but

The comptia a plus network plus and security plus curriculum itself is like really good like if you understand those like if you understand the topics in these exams at least it will give you like a really decent foundation for jumping more directly into security especially security plus like anyone

Kind of working in the security field i would pretty much expect them to know like most of what’s on the security plus exam i’ll put some resources in the description so check those out for the comptia a plus network plus and security plus curriculum and for programming languages i would strongly recommend you

Learn at least the basics of a programming language if you don’t know how to program already avoiding programming in it or security or any tech field in general is you’re really doing a disservice to yourself so i’d recommend like embracing it like learn python at least code with mosh has a

Really good free python course on youtube i’ll put a link to that in the description as well just go through that course make sure you like don’t try to memorize everything in it of course it’s you know that’s impossible like no one memorizes anything when they’re coding

But just go through the course and then when you’re done try to build some a really basic program like a really basic port scanner or or something like this like write the code for it publish it to github and then you know ultimately put that on your resume and at the end of

This this list i’m gonna give like a link i’m gonna show you what a resume might look like after somebody like goes through and implements this whole this whole list so this kind of section in the list or framework is gonna have two tiers basically the first here is you

Just kind of learn the a plus network plus and security plus curriculum but you don’t necessarily take the exam and then you learn python but you must you know you must make a simple project with python to put on your resume and put in your github and then the second tier

Would be getting one or more of the certs in conjunction with learning python and then putting a project on your resume i would recommend if you’re going to get any of those sorts i would recommend getting security plus there’s like no need to really get all of them

To be honest so tier one just learn the curriculum from those three exams and then do python python project tier two learn the curriculum from those three exams get security plus build an app in python publish it to your github also i wanna mention i made this video on the

Truth about programming where i kind of talk about programming a little bit and i the whole point of this the whole point of this video is to kind of like bring that intimidation factor down because a lot of people think programming is like harder than it is or

You need to be like some kind of super genius absolutely don’t so if you’re if you’re one of those people who’s like kind of you know shying away from programming or you feel you don’t want to do it just watch this video it’s it’s pretty short put it on 2x it might like

You know change your career essentially so i’m just trying to say that you should really embrace programming you don’t have to be like a developer or anything but you you should you know try to incorporate that into your skill set it’s really important and it will really

Give you an edge over a lot of candidates so step three of the process is to gain a security specific credential and then gain some hands-on security experience for yourself that is do something to make some experience for yourself so now that you have like a foundational understanding of basic

Computing networking and security from the previous step now is the time to kind of dive a little bit deeper into security get some skills and kind of put them to practice by yourself there’s a lot of different ways to do this because there’s a lot of different areas of

Security like you know compliance and audit and those risks and those kind of boring things no i’m just kidding i shouldn’t say that but there’s a lot of different areas of security but kind of what i would recommend when you’re kind of getting some skill and experience for

Yourself i would recommend going with like an offensive security route which i’ll i’ll elaborate on a little bit here in a second but the reason why i would practice offensive security early on is it gives you like a really good idea of how to defend stuff and it gives you a

Good intuition of why a lot of security controls are important and like why things like patching is important and why it’s important to use hardware hardware and software that’s not been deprecated and it gives you like a really good understanding of like what people will do to like get into your

Network or get into like corporate or government networks if you’re the one attacking like you you you’re grasping at like any possible straw that you can to like compromise a system or like get into it one way or another and it really helps you to like realize like why you

Know why it’s important to to defend well and check all the security boxes and all of these good things so i think it’s really important to kind of learn how to attack early on so what i would recommend for this step is to get the ejpt certification that’s that was

Originally the elearn securities junior penetration tester certification the actual training for it is is absolutely free now and it’s offered by ine so i’ll put a link in the description for this so i would recommend kind of working through this whole course and then ultimately getting the ejpt certification after getting the

Certification there’s a bunch of different things that you can do to kind of make experience for yourself from here some things you could do or some capture the flags like or you can even go to hack the box and do some of the modules there like i know

They have some like web application pen testing modules or or osint modules or active directory modules just kind of pick a few of those that are interesting to you and like go through them and like kind of go hard on them and learn what you can and you can kind of supplement

Your learning by publishing blogs or like publishing like some kind of walkthrough for an attack that you learned or something like this you can publish it to like a medium blog you can make a youtube video about it or something like this but just get some hands-on experience through capture the

Flags or hack the box or something like this you know document what you do put it on your resume and go from there this step can have multiple tiers um so i would say like tier one would be like earning ejpt something like this just earning the certificate and doing like a

Few hack the box labs or modules or something like this maybe tier 2 would be something like earning ejpt and an additional like higher level certification like cissp or oscp and i know a lot of people are going to hear me say this and be like oh my god those

Are not like entry-level certifications but a lot of the time like i won’t get into cissp too much like i know there’s like a experience requirement on it but if you’ve worked in it before it’s it’s more than likely you meet the domain requirements for it but the reason i

Recommend cissp is it’s like the absolute like ultimate like hr bypass certification in my opinion it’s really really good at getting new interviews because like everyone knows what it is like hr knows what it is and people are just gonna like at least like consider you more at least for an interview if

You have cssp and then oscp right now it’s kind of the de facto penetration testing certification i know um the cyber mentor offers a pretty good offensive security certification as well but osep is kind of like the one the offensive security cert that everybody knows it’s really it’s not easy to get

So i’m not gonna recommend you like go out and get it but just kind of uh think about it and like at least maybe you can research oscp and see issp a little bit but for this step like bare minimum you know get ejpt and then do some hack the

Box or some kind of capture the flags publish what you do on a blog or youtube or something like this and then put it uh put that experience in your resume and again i’m gonna show a kind of sample resume at the end of this list so

Step four of the process is to get your resume and linkedin squared away so basically you’re gonna take all the things you’ve done in the last three steps and kind of put them on your resume in a way that makes sense that kind of accurately conveys like the knowledge and the

Experience you’ve gained again i’m going to kind of show a sample resume at the end and like leave a link to some sample resumes in the description but you just want to make sure your resume is as good as it can possibly be don’t leave anything out and you should be good to

Go also at this point i would make sure your linkedin is as up-to-date as possible and start making as many connections as you can on linkedin like don’t um you know do like 200 in a day or something and get flagged by their like anti-spam thing but just kind of

Network make like maybe in your area or people who are doing certain jobs that you want to do that you you find on linkedin you don’t have to know them or anything but just kind of make connections and follow them follow other people in the industry like maybe you

Know robert emily and like those kind of influence or like famous type people just go through and follow people make connections on linkedin fill out your linkedin hundred percent and at least fill out one other job site like maybe like indeed or something and get a profile on there and make sure

Everything is like really up to date and good to go so at this point your resume should look something like this maybe you have a little bit more experience on there from whatever you did beforehand but this is a pretty good idea of what it will look like so the next step step

Five is to start applying for jobs if you don’t already have ita experience i usually recommend people like when they really want to get into cyber but they don’t have it experience yet i recommend people to apply to both like it jobs and like whatever cyber security jobs that

They can find don’t hold back like too much on applying to certain jobs like if you see something that’s like senior or mid-level and and you’re new to the field and maybe you meet only like you know like 25 of the requirement you know i would apply to it anyway and watch

This video in particular i kind of do a deep dive on like why you should just like apply to to most things because if i’m gonna summarize it like it’s okay if you do don’t meet 100 of the job requirements if you’re the type of person that it’s demonstrable from your

Resume and from your interview that you’re the type of person that can learn and do things on your own people are more likely to like take you and like put you into like a mid or even even senior level position depending on like you know your past experience and like

What’s on your resume so don’t be afraid to apply to jobs that you think are like too good for you because they’re they’re probably not honestly like another thing you can do is consider even getting a remote job or even consider moving to like a new city or a new state at least

For that initial job because if you think about it if you live in like a medium-sized town on the midwest or something but you’re actually like willing to work like anywhere in the us there’s like way more jobs open to you and it like really like exponentially increases your chances of getting hired

You can always work there for like you know eight months or a year or something and then when you get that experience you can kind of apply to a new job so you know if you’re brand new apply to both it and security and if you get like

An it job consider taking it because a lot of it jobs have well all itu jobs i guess i could say have like have a security component to them and it’s a lot easier to move from it into security than going like straight into security with no i.t experience so just kind of

Keep that in mind for example like maybe it takes you like eight months to find a security job but it takes you like two months only to find an it job in my opinion it’s better to like start working in it and kind of get that experience and then kind of getting

Money at the same time and like learning things and then once you’re like in that job you can you can always just start applying to like only security jobs like while you’re working the i.t job so just con consider like all of these things and step six is going to be the

Interview preparation phase during this step try to get a pull try to get a hold of as many it slash cyber security interview questions that you can and go on a walk or something with your phone and just practice reading them and then answering the questions to yourself out

Loud like this this will help in a couple things this will help in a couple ways obviously if you read a bunch of questions you can kind of look up the answers and like kind of gain that extra knowledge i guess going into the interview which is good but more

Importantly it helps you get used to articulating yourself and like articulating answers to questions because you know there’s only like so many questions in existence and humans are like really bad at entropy and like making new things and and this type of thing so a lot of questions get recycled

And the chances are you’re gonna get asked a question that you’re like already previewed and you don’t have to think about it too much you can just kind of answer and save that mental energy for something else also it kind of helps you to learn how to answer

Questions that you don’t know the answer to because you can practice like answering questions you don’t know the answer to like saying like oh i don’t know this but i know this or i don’t know how to do this yet but i can learn

And i can do this so far and it kind of like it’s much better to say these kind of answers than just saying no or like i don’t know and i also made this interview this series here where i ask a bunch of cyber security interview questions and i answer them as naturally

As i can so you can check that out too and kind of get an idea for how you can answer different questions and i found this video too it’s pretty good i actually watched it because i was trying to find my video and i i found hers i’ll

Check that out that one out too it just gives you like something to think about so basically in this step just try to go over as many practice interview questions as you can so you can practice articulating your answers and don’t forget about those personality based interview questions too try to hit those

Like pretty hard just to get some practice in and anticipate what people might ask and kind of practice answering and speaking to yourself so it’s easy like once you actually go to do it and the last step step seven is the networking step and that’s the networking like networking with human

Stuff and i don’t really i don’t really like talking about this because i know a lot of people don’t like doing it like including me and i just don’t do this at all for my jobs and i’ve been able to be like totally fine but this is like the

Most powerful step if you have like a good network or you know somebody you can just essentially like almost like throw the other steps away almost you should do them anyway so you can be like a better you know cyber security professional but this is the most

Powerful step you can kind of do this by like i suppose like going on linkedin and kind of asking like finding people who are working in the role that you want to work in and offer to you know buy them coffee or something like this if they’ll they’ll jump on like a quick

Zoom call with you and you ask them a few questions or some something like this you can always like send linkedin messages i i do this sometimes actually to be honest i’ve done this before like i will i’ll send it a nice short polite message to someone like asking them

About their job and like or asking them for tips on how to get into the job that they’re into like something like this um just be like really nice try to like meet people digitally if you can like i don’t i know it’s funny i said i don’t

Really network but um recently i started talking to people on there like after doing youtube but but anyway this step is really powerful i guess you should do it i don’t really do it to get jobs i haven’t gotten a job from just like networking on purpose before i’ve gotten

Jobs because i know people because i’ve worked with them before and like you know they they know me and then i’ve gotten jobs subsequently from that but you know knowing people is like really really good and important so if you have energy left after all the other steps

You know you can go ahead and try to do some networking like on linkedin or something like this and probably find some discord channels but i don’t really use discord that much i have my own discord but i don’t you know i don’t like use it for networking but yeah

Those are the seven steps and if you implement these seven steps as good as you possibly can then it’s only a matter of time before you get hired and start working like definitely working in it and you know working in cyber security of course eventually but i feel like

Getting an it job is easier but for sure if you implement all these steps as well as you can it’s only a matter of time before you get hired before you get that first job and you start working so as promised here is what a sample resume

Might look like of somebody who has like absolutely no experience but they kind of implemented this checklist at an average level you might see something like this kind of this basic you know a basic intro you don’t have to add it i don’t have this on my current resume

Because it’s like too big already so i tend to like not have this intro but if you don’t have that much stuff and you want to say something nice and succinct about yourself you know it’s not necessarily a bad thing and this would be this should actually be

Certifications uh so for this one um i recommended you know ejpt and i recommended like at least like studying the curriculum for a plus network plus security plus so maybe this particular person like went ahead and got ejpt and then went ahead and got comptia security

Plus security plus is pretty good um it kind of serves as an average hr filter ejpt will serve as like somewhat of an hr filter but mostly for knowledge for you right so this person opted for both of these and then maybe they started studying cissp or if they don’t have the

Experience requirement technically it’s going to be called associate of isc squared but um yeah so maybe they’re studying for this but it’s still in progress and for experience this is all the experience that they they generated on their own this isn’t from an actual like a w-2 job where they went to an

Office or anything this is just stuff that they did on their own so maybe maybe they started maybe they bought a domain for themselves for you know 12 per year or something like this and maybe they have a github where they store their hack the box pen test

Reports or they store you know their python projects in there that the interviewer or whoever’s reviewing the application can look at and it’s okay to put links and resumes these days mine has like a bunch of links in it because usually people are going to be looking

At it like a pdf or something like this maybe this person like made a you know and very average youtube channel just to kind of show some of the things they’ve done which i would recommend doing it doesn’t have to have like thousands of views or whatever just has to be there

On display for somebody to see and all this stuff is just kind of basic things that you can do like different ideas on ways you can generate experience for yourself and these are as valid as like going to a normal job anyway like if i was hiring and somebody showed me like

Someone came with this resume i would take it seriously because you know it’s well it’s well written and it references things that are real and there’s real things that i can like look at and see what they did so it’s pretty useful uh past work is here my first job i ever

Had was mcdonald’s so i just like used that here just to kind of show you know it doesn’t really matter you know that you don’t have to have like a super fancy resume with like all this crazy stuff on it under education it’s okay to put something like you know if you do

Like code with matches like free python course you can just put it down here for you know put it down here even though it’s like a free course because it’s education and it’s it’s kind of uh quantified i guess you could say like up here with your github where people can

Like click here and like go and look at it these links are like all fake by the way but um this is just a good example of what your resume you know might look like if you implement this checklist and this this resume is like absolutely good enough to work in entry-level security

Jobs like absolutely like especially because of this and if not security like absolutely entry-level it jobs or even like mid-level to be honest so you know have something like this make sure your resume is nice and squared away apply to both it and security jobs and whatever comes your way like seriously consider

It and then you know start working and enjoy your time in the field and lastly before we kind of finish i highly highly recommend you watch this video in particular this guy’s like really crazy who they’re interviewing because i i just watched this recently and this guy

Like i like i might as well be him like i mean he’s better than me in terms of his like what he’s done and his credentials and experience but the way he thinks about job hunting is like exactly exactly the same as me it’s really crazy it’s really crazy so please

Watch this it’s a nice kind of long interview podcast thing but he really he really basically like talks about a lot of stuff that i said in this video but kind of in more depth and he gives like a lot more context to it so check this

Video out it’s it’s gonna be really useful to you but yeah if you enjoyed this i would really appreciate it if you’d like and consider subscribing almost at 10k i hope to get 10k at least sometime in november would be pretty nice uh but yeah really appreciate it i

Also have a patreon if you feel like supporting me but if you have any comments or criticisms or suggestions or anything please feel free to leave a comment i 100 read all of the comments and respond to like every single one of them so yeah let me know if you have

Anything to say otherwise thank you so much for watching this far and we’ll see you next time bye You

Like it? Share with your friends!


What's Your Reaction?

hate hate
confused confused
fail fail
fun fun
geeky geeky
love love
lol lol
omg omg
win win


Choose A Format
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
Youtube and Vimeo Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format