I decided to write this blog post because almost daily I receive messages on Twitter of people asking me how to get into infosec. Here I will write my experience on how I "joined" the field and how I got all my knowledge. Which is still growing, and I have a lot more to learn. These tips won't contain any technical stuff they are just my personal advice that I would give to someone that wants to start and don't know where to start.
When I first started getting interested at security stuff, I only knew the basics. I literally didn't know anything besides the stuff you get taught at your Computer Engineering or Computer Science degree. The only security related thing I did was in my Telecommunications class in which we talked a bit about Network Security.
How everything started
There was this mini conference that was held every year in the island in which they talked about security and brought some people who worked in the field. I decided that I wanted to go that year back in 2016 or 2017 I think it was. When I was there, I noticed one of the speakers was a professor that taught classes at the Engineering School I went to. I learned that he has done a lot of research regarding cybersecurity and that he even gave some elective classes like Network Security or Computer Security. I will get back to this soon.
As time passed, I was looking online at stuff and I found an organization called Women in Cybersecurity (WiCys). I went to their website and I found that they did a conference every year for women who want to get into cybersecurity or are already in that field. When I saw that I was like I would love to go there. Fast forward to 2018, I applied to that year's conference and as time passed to my surprise, I got a scholarship to attend the conference in Chicago. I went there and it was super overwhelming at first because there were workshops, talks, career fair, socials and a lot of stuff. Me not being in the field and knowing pretty much nothing I didn't even know where to even start. I decided to go to some talks and a few workshops. On the technical workshops I failed miserably (or maybe I am exaggerating) all I know is that I went to one where I couldn't even do the first part. I was so overwhelmed that I grabbed my laptop put in my backpack and left the room. That right there was my first mistake. Why? Because I should have stayed and ask the people around me or the instructors who were willing to help us. I was embarrassed and didn't want to tell anyone that I didn't understand it. I felt stupid and thought people would be thinking why I was even there or stuff like that. That is one of the various mistakes I did that I wish I could go back and slap myself and be like don't be stupid.
As time passed, I learned that one shouldn't be afraid to ask others for help. Obviously, there will always be people who know more about you and I never asked them for help or advice because I was embarrassed.
I took a class with the professor I was talking about above and one day I told him that I saw him at a conference and would love to know more about cybersecurity and maybe become a professional in the field someday. He was super nice and told me to come as a listener to one of the classes he gave which was Computer Security II. When he told me that I was shocked that he was that nice. I was super scared to go attend a graduate student class me being only a sophomore and with not much knowledge. I decided to go to the class once and after that I kept going to all the classes because I loved it.
This course was amazing because I learned about cloud security, internet privacy, information warfare, botnets and cyberwarfare. I also enforced my skills with some tools thanks to the class projects he gave to the students that required the use of Wireshark, Nmap and other network mapping tools. While I was there, I met a guy who was super talented. He loved offensive security and any time I saw him doing something 'weird' in his computer I would go to him and ask him what he was doing. I learned a lot just by asking and observing what the other students were doing. The professor then encouraged me to join the National Cyber League and be part of their team. That was my first time participating in the NCL. The National Cyber League (NCL) provides a series of challenges that helps you develop and practice your cyber security skills. I would say that was my first ever "CTF". After that I took an online course about the Basics of Cybersecurity on Udemy. After taking that course I knew I really wanted to enter that field. I started exploring more by watching videos, reading books and taking more online courses. Thanks to all of that I learned the techniques used in the Cybersecurity world like Analyzing Malware, Penetration Testing, Cryptography and much more using the Kali Linux operating system.
As time passed, I made a twitter account, applied for scholarships and engaged with the community. I have attended various security conferences and got to know a lot of people I admire but that was possible because I didn't let my fear consume me. I didn't get embarrassed to ask people questions, I engaged with people even though I didn't know them and tried to start a conversation. I applied to every scholarship I could even if I thought it was impossible for me to get it. The worse thing that can happen is to get a no or rejected but that doesn't mean that you must give up. It's normal and it happens to everyone whether it's a job, scholarship., fellowship, etc. These things happen in life and I have been there (to be honest everyone has been there even those you really admire).
I have written a lot, but I just wanted to give a small background of how I started. Now I will give my personal advice for students who want to get into cyber security/infosec and are new or don't know anything yet.
My personal guide for infosec newbies
1) Don't be afraid to ask people for help
Never be afraid to ask someone for help. Most people are willing to help others. I am here now thanks to all of those who were nice to me and helped me whenever I asked for help. There will always be people who don't like helping others or just don't care but those are the ones you avoid, and you go to someone else.
Of course, there is something a lot of people say which is to not ask stupid questions. My opinion about that is that one should learn how to ask questions. Here is a webpage I found that has some great advice in my opinion.
2) Go for it!
If there's anything in your mind that you want to do but are scared. Just go for it. I know it sounds cliché and it's something you hear everywhere but it really works.
A few years ago, I went through a really hard time where I almost quit school. I felt useless and that I didn't know how to do anything. I decided to take a break and after that I tried once again and this time whenever I wanted to do something like for example: Let's say you want to learn a new programming language or how to use a tool. Instead of thinking "Oh I wish I knew that" change that thought to "I am going to start a tutorial today or read a book about it" and that's how you start. At first you will suck but as time passes and you keep going at it you are going to learn it in no time.
3) Don't compare yourself with ANYONE
Everyone has their own journey. Everyone takes a different amount of time to complete things. If you have people close to you that are "more ahead' in life, that doesn't mean that you suck or you are less that only means that you need to start improving yourself and work hard to get where you want to go. All my life I would compare myself to other people even for stupid reasons and I noticed how badly that affected me. Those same feelings sometimes even block you from doing stuff and advancing on what you want to do.
4) Don't pay attention to what other people tell you
Many times, people tend be negative and say stupid stuff like "Oh its too late" "Oh that's difficult", "You can't do that", etc. A lot of that stuff like that tends to sometimes get into our brain and we unconsciously start thinking those negative thoughts. That happens when you pay attention to what the other person said. Whenever someone comes with a saying like that you should just ignore it and shake it off. The only person that decides if you can do it or not is YOU. You are the one that controls your actions and thoughts. During this journey various people have told me negative stuff about my future. I had a professor say to me that I couldn't finish my computer degree because I was failing Data Structures. That semester I was going through some stuff and didn't have time or just didn't feel like studying. I always thought negatively about myself and told myself that I was never going to learn this and a lot of other stupid thoughts. Obviously thinking that stuff wasn't helping and after the professor told me that I didn't even try I just dropped the class. Whenever a situation like that happens you are not going to give up you are going to show that person that they are wrong, and you can do it. I didn't do that back then I just gave up and repeated the class the next semester. Whenever I think about that incident, I always get mad at myself for not proving him wrong but sadly one can't change the past. After some time passed, I aced the class and was proud of myself because I knew I could do it. That second time I started the course with a positive mind and my head straight knowing how I was going to handle it.
5) APPLY, APPLY AND APPLY
So, there's this internship or scholarship you have been eyeing for a while and you say to yourself that its impossible for you to get that scholarship or internship for whatever reason. An advice I love to give is to apply to everything you can (obviously if you have the requirements). Don't be scared to apply for something and say its not worth it because you won't get it. I have proven myself wrong a lot of times. I remember crying telling my partner that I wasn't good enough and that I didn't know why I even applied. He always told me that why was I crying because the worse thing that can happen is, they say no to you. The world is not going to end soon (I think) and there are many other things you can apply for. He was also very supportive and always told me I would get it and I would say to stop being so positive, many times he was right, and I got accepted to what I was applying at that moment. A thing I would for you to do right now is to go in the internet and search for opportunities related to what you are interested in. You never know what you will find and if there's something that you like and have the requirements remember to APPLY no matter what.
I would say this is one of the most important tips. Something I like about the internet is how amazing it can be for looking up resources and new stuff to learn. There are so many things out there. There are courses (free or you must pay), videos, books and sometimes even classes that they post the lectures online. Whenever you have free time look for that thing you want to learn obviously everything requires something that you must know first like if you were solving a coding challenge then obviously you need to learn how to code first. You need to start from the beginning and learn that stuff in order to learn what you really want to learn. Everyone that is good at something I are good because they spent many hours reading and practicing. Go ahead and start doing the same thing.
7) Join Communities
This is my favorite one because I love engaging in communities and learn new things from others. I remember not knowing anything at all about CTFs and I decided to join a slack called CTF Circle. That slack was amazing for me because I would compete in CTFs with other women/non-binary folks not even knowing what I was doing but I would ask them questions and ask them how they did it. There are communities out there for everything you can imagine. You just search for it on the internet and start exploring. You can also ask people to see if they know any communities you can be part of. Not just online, there are also communities who reunite from time to time and talk about certain topics in person. Explore and join different communities. There will always be ones that you wont like but it's trial and error until you find the right community or communities for you.
8) Attend Conferences or events related to what you want to learn
Attending a conference is amazing because there you will see different type of people those who know a lot, those who think they a lot and those who are new in this journey just like you. While attending the conference go and talk to other people. Engage. Talking to other people is a great way to learn and to meet other people in the community. Making connections and networking is important because that way you will have people you can ask stuff to or just have connections which can be used later when job hunting. Attend workshops in the conferences and when the workshop ends if there's time to talk to the people that gave it go ahead and do it. Don't be afraid to do it because they were in your position once. Everyone has been there. You are not born good at something. You must practice and work hard to be good at something. Conferences have been great for me because every time I go to one, I learned a lot of new things and met new people. Some of those people can even turn out to be your friend. I have friends that I made in conferences and we help each other out whenever we can which is super beneficial.
Those are my tips on how to get started. Most of them you have heard before or sound cliché but trust me that if you do all of that you will succeed. I am by no means an expert at anything. I am just a college student entering the world of infosec and still learning along the way. I just wanted to share this because a lot of people have asked me about this, and I decided to make a blog post about it. My next blog post will be on communities and resources that will help you get started on this journey.
Disclaimer: English is not my first language, so I apologize if there any grammar mistakes.