Fundamentals

As a preface, I want to emphasize that I am a beginner. I have not had any jobs in cybersecurity yet and am still in the learning phase. I have been in this phase for a while and have learned some lessons that I hope can save you some time. In this post, I will discuss the importance of fundamentals as well as how you can practice them through TryHackMe.com (THM).

TLDR: Fundamentals are key, you can practice a lot of them on THM for free. This is also a good way to figure out what you are interested in. Do the free stuff before paying, don’t be afraid to Google answers, and be consistent.

Why Fundamentals Matter

I have been slowly learning about cybersecurity over the past couple of years. That being said, I just spent the first week of the new year completing the following three learning paths on THM: “Complete Beginner”, “Pre Security”, and “Introduction to Cybersecurity”. Despite already knowing a lot of the answers, doing these not only refreshed my awareness and confidence in the fundamentals but also filled holes in my knowledge I did not know existed.

Fundamentals are crucial in any endeavor, from security engineering to penetration testing, and all the way to professional basketball. Take this quote from Larry Bird, one of the basketball greats, for example. “I wasn't real quick, and I wasn't real strong. Some guys will just take off and it's like, whoa. So I beat them with my mind and my fundamentals.” I am going to do my best to remember this quote and the importance of fundamentals as I move forward with my studies this year. You should too.

Sharpening Fundamentals With TryHackMe

The "Introduction to Cyber Security" path took me the least amount of time. It provided a holistic overview of cybersecurity, covering offensive and defensive strategies. The "Pre-Security" learning path took a bit more time this week, and this one had some more technical walkthroughs of the internet, Linux, and Windows. Funny enough, the "Complete Beginner" path is by far the most time-consuming. Despite its introductory nature, it proved to be an extensive exploration of various aspects of cybersecurity. From basic Linux commands to web application security, network enumeration using tools like NMAP, and scripting challenges in Python and Bash, this path provided a robust foundation in offensive security.

Now that I have explained what these pathways entail, I am going to give you the takeaways and tips I have for anyone thinking about getting started on THM.

• If you are not 100% sure you will use materials that cost money, do the free stuff first, or at least the cheap stuff.
  • After completing a bunch of free rooms on THM, I decided to pay for a THM subscription. I thought I wanted to get my OSCP cert from OffSec (expensive) right off the bat. After realizing I might rather be an analyst, I decided THM was a better platform for me to explore all my options at a fraction of the cost. You can check out this article regarding what material on THM is free.
• Do not be afraid to use walkthroughs or Google answers for online learning.
  • You should give everything a solid effort before doing this. If it does not feel like you are making progress, however, sometimes your time is better spent finding the answer and learning from your mistakes. This is hard to do if you do not know what you did wrong.
• Education is not a sprint, it is a marathon. Stay consistent.
  • Everyone can burn out, myself included. The most important part about learning is to keep at it and find a pace that works for you. I used to spend entire days on THM and then not come back to it for weeks. About a month ago I put 90 minutes aside to train on the platform each day. I have gotten more done since then than I did in my first year on the platform.

Finding Your Way

One question I have been trying to answer for myself lately is if I want to be an offensive security professional, a defensive security professional, or something outside of these two scopes. These are big generalizations, but I think it is an important part of any security professional’s career. While I have been imagining myself as a hacker since I first started, I recently took into account that I never gave the defensive side of things much thought.

Growing up I always loved movies, and I still do. I grew up watching Sandra Bullock doing social engineering in Oceans 8, and Seth Green taking control of essential services in the Italian Job. I never dreamed I might want to learn how to stop something so awe-inspiring.

Having been networking a lot lately, I got a chance to talk with a career blue-teamer recently. He told me a lot I did not know about what defending technology looks like on a day-to-day basis. He explained a bunch of differences between incident response and security engineering. I immediately wanted to know more and see what these jobs look like. This newfound curiosity for the job of fighting off attackers is what led me back to these entry-level THM pathways I had left incomplete.

Conclusion

Somedays I feel like I could hack into the Pentagon (I definitely cannot do this), and some days I feel like a caveman sitting in front of the computer. The only thing that I know for a fact is that every hour I spend learning, the further I feel from the ladder. While there is a lot I want to learn this year, I am going to focus on not rushing things, that way I end up where I want to be.

When trying to find your path, be it basketball or cybersecurity, you may find yourself wanting to become an ‘expert’ as soon as possible. I know I often wish I could skip to the part of my career where I get to put on my white hat, or a blue team jersey for that matter. Remember that the journey to becoming a cybersecurity professional is a marathon and not a sprint, so take your time, focus on the fundamentals, and enjoy the process.

Path2Sec is committed to helping beginners get into cybersecurity, whether that means teaching them some of the basics, pointing them in the right direction, or giving them a platform to show their passion for cybersecurity.

• contact@path2sec.org