Cybersecurity is arguably the “coolest” IT-style job role in 2024 (others may put cloud-native in that category).

Because of that, many engineers are trying to get into it and they think they can get into it quick. In fact, you’ll even see colleges tell you that you can take a course and get into cybersecurity right after you complete it.

The problem is that both of those levels of thinking are wrong.

There’s no “quick fix” to getting into cyber.

In this blog, you’ll find out exactly what you need to learn before jumping into a cybersecurity career.

Cybersecurity Is Easy (Don’t Yell At Me)

Securing the underlying platform (infra, software, network) is the easy part.

Getting so undeniably good at that underlying platform is the hard part.

This is where the majority of engineers and tech professionals are getting caught up in today’s world. The majority of posts/questions about cyber security are folks that jus graduated college or are in college and want to start off with cyber security right away.

There’s zero chance that this is happening unless you find yourself in a startup that just needs a warm body or someone to work 14+ hours per day and can catch on quickly.

💡 I was the person who worked 14+ hours per day. I didn’t know what I was doing, but I learned quickly and they saw that, which is why I was able to get the job. If you have this mindset, you’ll be fine right out of college.

The majority of people, however, need to learn a lot of underlying technologies and platforms if they want to succeed.

Security, at the end of the day, is about using a few different tools from a vendor, open-source, or tools that you create to secure an underlying platform. Outside of that, it’s all up to you to be an expert in what you’re securing.

There are four primary underlying “platforms”:

1. Infrastructure
2. Networks
3. Software
4. Cloud

These are the four spaces that you’ll see cyber security jobs because if you think about it, these four categories are what make up literally all of IT.

Infrastructure

First, there’s infrastructure. When thinking about infra, think:

1. Operating Systems (Linux and Windows).
2. Virtualization
3. Cloud (we’ll talk about that later)

For example, it could be an Active Directory server running on Windows or Mysql running on an Ubuntu box.

You need to get good at virtualization, operating systems, and how servers/desktops run. That way, you can identify the vulnerabilities.

Here are some free resources to get started:

1. Free Linux Course: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj8rqL20-CHAxWmpIkEHQE1OfUQtwJ6BAgaEAI&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DsWbUDq4S6Y8&usg=AOvVaw2mdLrYOhQk88avsO1ACirB&opi=89978449
2. Free Windows Server course: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiM__H60-CHAxUpmokEHUg2CpwQtwJ6BAgYEAI&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DkREyzVFb4dQ&usg=AOvVaw1souIKQ7R9wyjamvJBiOBM&opi=89978449
3. Free virtualization course: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjm2ImA1OCHAxUHmIkEHdXKIXsQtwJ6BAgKEAI&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcR1GOYKgx1I&usg=AOvVaw0MjwIXsR3gxWA1ZlE0_YNu&opi=89978449

Networking

Without networks, computers can’t talk to people and people can’t talk to computers. It wouldn’t be possible to have computers share information internally (like on a LAN) or for you/the computers to reach out to the public internet (WAN).

Network Security is a really big cybersecurity landscape and you’ll most likely see infrastructure and networking jumbled into the same category, but they’re just split up in this blog post for educational purposes.

From a networking perspective, you’ll want to focus on these four primary areas:

1. OSI Model
2. TCP/IP
3. General IP information (like CIDRs, Ports, and Subnets)
4. Firewalls

Here are some helpful free courses to get started (and no, you don’t have to obtain these certifications. Just the knowledge):

1. Free Net+ course: https://www.youtube.com/watch?v=As6g6IXcVa4&list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G
2. Free CCNA course: https://www.youtube.com/watch?v=H8W9oMNSuwo&list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ
3. Free Network Security course: https://www.youtube.com/watch?v=ZOV5y3TC50M&pp=ygUdZnJlZSBmaXJld2FsbCBzZWN1cml0eSBjb3Vyc2U%3D

Software

“Software Engineer” in the realm of “Security Engineer” has always been a thing, but engineers have been able to bypass this for a long time. However, now it feels like these skills are more and more in demand.

Keep something in mind though - you don’t need to be a principal-level software engineer building tons of platforms and applications.

You just have to know enough about Software Engineering to be able to understand code, see security bugs, and look for potential vulnerabilities. It’s also helpful to be able to automate/script some of your job and build automated security tools that you can use.

The two most important pieces are:

1. Application Architecture
2. At least one programming language (probably Python)

Here’s a great free course on Python: https://www.youtube.com/watch?v=eWRfhZUzrAc&pp=ygUTcHl0aG9uIGZyZWVjb2RlY2FtcA%3D%3D

How About Cloud?

Last but certainly not least is “the cloud”, and cloud-based security jobs are becoming more and more relevan.

“The cloud is just someone else's computer”.

From an infrastructure perspective, that’s true. Everything that you learn from an infrastructure perspective (OS, servers, virtualization, networking…all of it) translates to the cloud. The only two differences are:

1. You’re using someone else's “computer” (environment).
2. You aren’t managing anything physical (the servers are managed in a data center for you).

The truth is that if you’re really good at infrastructure and networking, all you’ll have to learn is the service names within cloud providers. For example, AWS EC2 are simply cloud-based virtual machines. AWS S3 Buckets are hot storage. It all translates to things you already know.

Here are two free cloud courses:

1. AWS: https://www.youtube.com/watch?v=SOTamWNgDKc&pp=ygUPYXdzIGZyZWUgY291cnNl
2. Azure: https://www.youtube.com/watch?v=5abffC-K40c&pp=ygURYXp1cmUgZnJlZSBjb3Vyc2U%3D