The cybersecurity industry remains a promising area of growth as a career path. During the last year (2021), while many industries saw decreases in opportunity due to the economic volatility and uncertainty that came with navigating an unprecedented global pandemic, the cybersecurity industry continued to grow.
The remote workforce posed new security risks, and increasing ransomware attacks, and internal threat actors, all contributed to the increased need for cyber professionals.
Cybersecurity job postings saw a 65% increase during the pandemic which means a lot of companies are investing in security internally.
Cybersecurity is an evergreen sector of the job industry, meaning there will always be work available for skilled workers.
Recently, the exploit group LAPSUS$, was found to be run by a group of teenagers. They have been behind the exploits of multi-billion-dollar companies, and they don’t have a degree or certifications.
Even if you don’t have experience, you can grow your knowledge base with free tools and get into CyberSec within a year.
Red Teaming
1) Beginner? Want to learn ethical hacking basics.
The best stepping stone is the Practical Ethical Hacking course by TCM on freeCodeCamp’s YT. FreeCodeCamp has other free courses related to programming, ethical hacking, etc on their YouTube channel. Learn for free.
Link: https://www.youtube.com/watch?v=3Kq1MIfTWCE
2) Try Hack Me (THM)
Learn and practice your cybersecurity skills such as red teaming activities, blue team activities etc.
Has curated learning path for organized learning.
Link: https://tryhackme.com/
Subscription: Most of the rooms are free. Subscription (~10$/mo) enables to access the learning path and exclusive rooms.
Level: Beginner
3) Web Security Academy.
Free, online web security training especially on OWASP top 10 from the creators of Burp Suite
Link: https://portswigger.net/web-security
Subscription: Free.
Level: Beginner
4) eLearnSecurity Junior Penetration Tester Training and Certification.
Curated courses and labs for the preparation of eJPT certification offered by INE.
Link: https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student
Subscription: Free course and lab. eJPT exam costs 200$
Level: Beginner
5) Hack The Box (HTB)
Learn and practice your cybersecurity skills such as hacking, OSINT, binary analysis.
Link: https://www.hackthebox.eu/
Subscription: Active machines are free. Retired machine access requires a valid subscription (14$/mo).
Level: Intermediate
6) Proving Grounds by Offensive Security
Preparing for OSCP? This could be a platform for practicing and for preparation.
Contains machines designed by the Offensive security team and Vulnhub machines.
Link: https://www.offensive-security.com/labs/individual/
Subscription: Two types. Play subscription is free and access only to Vulnhub machines. A practice subscription costs 19$/mo.
Level: Intermediate.
Blue Teaming
7) Incident Response
LetsDefend is a great platform to practice real-world exercises on Incident Response and Handling.
Offers free and premium exercises.
Link : https://letsdefend.io/
Subscription : Free/Analyst (25$/mo)/Incident Responder (40$/mo)
Level : Beginner/Intermediate
8) Blue Team Lab Online (BLTO)
Great platform to learn and practice your blue teaming skills. Includes exercises on DFIR, Security Ops etc.
Link: https://blueteamlabs.online/
Subscription: Free exercises and Pro subscription costs 15GBP/mo.
Level: Beginner/intermediate.
9) RangeForce Community edition.
Learn SOC skills, Incident Handling, also has some red teaming stuffs.
Link : https://go.rangeforce.com/community-edition-registration
Subscription : Community edition is free.
Level : Beginner.
10) AttackIQ Academy
Learn MITRE ATT&CK and Purple Teaming.
Link : https://academy.attackiq.com/
Cost : Free
Level : Beginner.
