Cybersecurity is often considered to be one of the most rewarding and exciting fields. Cybersecurity is a vast domain where it has many specialization roles like SOC Analyst, Penetration Tester, Security Engineer, DevSecOps Engineer, Network Security Engineer, etc., That’s why you can see so many people are interested in this field.

Honestly that’s true, and we should also remember this is one of the highly challenging field as well and that’s been said. So, now you have decided to enter the world of cybersecurity. You must have started your research through YouTube videos, blogs and sites on how to enter into this field. Probably Ethical Hacker/Penetration tester role seems to be right fit for you as you like to “hack things”.

After spending further more time on YouTube or blogs, you now chose to do certifications to boost your resume. You started reviewing each certification one by one what’s going to be right for you, but the problem is now number of certification companies are getting higher day by day, but not everyone can provide you the quality they promise and no can promise you a job as well.

Also, we cannot ignore the fact that these certifications are not that budget friendly, especially if you are a beginner. So, what should a beginner focus now?

Foundations

 Instead of diving straight into certification, you should focus on your foundations using the free resources that are already available to you. Being in cybersecurity, you should really have the idea of how everything in IT works. Yes everything. For now, just pick any sub domain that seems to be interesting for you. For example, you can take Network security. To configure and secure your networks, first you need to have good understanding on how network works.

There are lots of free videos and resources available in YouTube for you to start with the basics. Do not spend so much on any particular domain as you are not going to be Network Architect with CCIE level. So, remember that you are learning only the basics. Once you get the confidence you can move to next domain.

Building your own content

I would strongly suggest to build your own content

After hours of research, you may have concluded that earning certifications is the way to boost your resume. Now you’re exploring the best certifications out there.

• OSCP (Offensive Security Certified Professional) is often considered the gold standard in penetration testing. It’s a favorite among HR professionals and hiring managers. However, it’s expensive and notoriously challenging, especially for beginners.
• CEH (Certified Ethical Hacker) is another popular option, but its reputation has declined in recent years, and it’s also pricey.
• New players like INE’s certifications and TCM Security certifications are gaining recognition for their quality and affordability.
• Hack The Box has also entered the certification game with CPTS (Certified Penetration Testing Specialist), offering an exciting new option.

But is that it? No, these are just a few examples of certifications specifically for penetration testing. While these certifications can certainly help, they often come with high price tags, and many of them aren’t easy to clear on the first attempt, especially for beginners.

The Hands-On Dilemma

You’ve probably grown tired just reading about these certifications. You might even be asking yourself: “Why spend so much money on certifications when I can focus on hands-on practice?”

That’s a great question. However, as you dive into hands-on practice, you’ll encounter another challenge—choosing the right platform. Platforms like Hack The Box, TryHackMe, VulnHub, PentesterLab, and OverTheWire are excellent resources for building real-world skills, but each comes with its own pros and cons:

• Reputable platforms might be more expensive.
• Cheaper options may compromise on the quality of content or features.

This creates a dilemma: Should you invest in certifications, hands-on practice, or both? The answer depends on your goals and current knowledge level.

Start Small and Build Your Knowledge

Instead of diving straight into certifications or expensive training platforms, consider building a solid foundation on your own. Here’s how:

• Learn the Basics by Creating Your Own Content: Writing about what you’re learning, creating small projects, or experimenting with tools will help you understand concepts better.
• Ask Questions and Find Answers: Start with simple questions like, “How does the internet work?” Breaking down such questions can lead to a deeper understanding of the systems you’ll be testing.
• Use Books, Blogs, and YouTube for Reference: These resources are gold mines for learning. Look for tutorials, case studies, and practical examples to enhance your knowledge.
• Understand Networking Basics: If you’re interested in penetration testing, you must know how networks function. Learn about IP addressing, protocols, and network devices.

How One Simple Question Can Uncover Big Concepts

Here’s a basic example: Imagine you ask yourself, “How does the internet work?” At first, it seems like a simple question, but as you dig deeper, you’ll realize it leads to an intricate web of concepts, each building on the other.

1. Domain Name System (DNS):
   You’ll discover that every website has an IP address, and DNS is the system that translates human-friendly domain names (like google.com) into machine-readable IP addresses. This opens the door to learning about DNS servers, record types, and how attackers exploit DNS through techniques like DNS spoofing or cache poisoning.
2. HTTP/HTTPS Protocols:
   Next, you’ll learn about how data is exchanged between your browser and a web server using protocols like HTTP and HTTPS. This leads to understanding encryption, certificates, and how secure communication works. You’ll also encounter concepts like man-in-the-middle (MITM) attacks and ways to defend against them.
3. IP Routing and Packets:
   Asking how data travels across the internet introduces you to IP routing, where packets of data hop between routers to reach their destination. This naturally segues into topics like subnetting, firewalls, and network address translation (NAT). It also introduces vulnerabilities like packet sniffing and techniques to secure data during transit.
4. Firewalls and Network Security:
   As you explore how data is secured, you’ll learn about firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). You’ll start to understand how firewalls filter traffic, how attackers bypass them, and how to build secure network architectures.
5. Protocols and Services:
   Diving deeper, you’ll encounter protocols like TCP/IP, ARP, and ICMP, and understand their role in data transfer. You’ll also begin to see how attackers exploit weaknesses in these protocols, like ARP spoofing or DDoS attacks using ICMP floods.

This single question, “How does the internet work?”, becomes the foundation for exploring topics critical to cybersecurity. Each layer you uncover not only enhances your technical knowledge but also gives you insight into how attackers exploit vulnerabilities and how to secure systems effectively.

This process of asking basic questions and peeling back the layers is what drives true understanding. As you tackle these fundamental concepts, you’ll build a strong base for more advanced topics in penetration testing, network security, and beyond.

Take the Next Step

Once you feel confident with the basics and have gained hands-on experience, consider enrolling in one of the certifications or training platforms mentioned earlier. Certifications aren’t just resume boosters—they also provide structured learning paths and help validate your skills.

Remember, the journey in cybersecurity is as much about curiosity and problem-solving as it is about certifications. Start small, stay consistent, and keep challenging yourself. The world of cybersecurity is vast, and every step you take brings you closer to mastering it.