
Ask HN: How Do I Get Started in the Field of Cyber Security? - hackernewsxrx
I am a 21 year old currently living in the UK. I really want to get into cyber security mainly pen testing, but i am unsure where to start. I have limited coding knowledge - i know the basics. Recently i have been looking to go down the compTIA route. If anyone could give me any advice or guidance it would be greatly appreciated
======
Bucephalus355
@OP would you mind putting a contact method/email in your profile

Unfortunately this is harder than it should be. The media is right, there is a
huge need for talent here, but there is 0 pipeline to take/train that talent.

Right now it’s just sysadmins, software devs, and B-Sides hackers who seem to
fall into all the teams I’ve been a part of (mainly network defense and
infrastructure hardening).

Texas is deploying a pretty innovative program next year that will teach
cybersecurity for the last two years of high school and then award the student
an Associates Degree. From there the plan is to deploy them a giant SOCs of
various companies that need lots of eyes to monitor the logs/false positives.
This will be 1 or 2 years of real world experience before letting them go on
their own in the career marketplace.

~~~
hackernewsxrx
If you don't mind me asking, how did you get to where you are now? what route
did you take to get there? i have also updated my profile with an email if you
would prefer to communicate that way

~~~
Bucephalus355
email me: hackernewstemp(at}fastmail.com

Couldn’t see any text or email in your profile page.

------
redweka
If you are interested in studying during you own time have a look at the links
and suggestions provided on this subreddit.

[https://www.reddit.com/r/netsec/comments/g6r71/getting_start...](https://www.reddit.com/r/netsec/comments/g6r71/getting_started_in_network_security_a_list_of/)

This has links to many useful resources such as books and many tools that used
such as nmap, Nessus, burp suite etc.

Remember if you don’t have permission to attack something it is against the
law, which is why there are the following resources that can be used:

Damn Vulnerable Web App ([http://www.dvwa.co.uk/](http://www.dvwa.co.uk/))

and [https://www.hackthebox.eu/](https://www.hackthebox.eu/)

Also check out OWASP (The Open Web Application Security Project)
[https://www.owasp.org/](https://www.owasp.org/)

There are quite a few universities offering cyber security courses in the UK.
I have listed a few below:

[https://www.abertay.ac.uk/schools/school-of-design-and-
infor...](https://www.abertay.ac.uk/schools/school-of-design-and-
informatics/division-of-cyber-security/)

[https://www.ncl.ac.uk/undergraduate/degrees/i190/#courseover...](https://www.ncl.ac.uk/undergraduate/degrees/i190/#courseoverview)

[https://www.kingston.ac.uk/undergraduate-course/cyber-
securi...](https://www.kingston.ac.uk/undergraduate-course/cyber-security-
computer-forensics/)

[https://www.plymouth.ac.uk/courses/undergraduate/bsc-
compute...](https://www.plymouth.ac.uk/courses/undergraduate/bsc-computer-and-
information-security)

[https://www.gre.ac.uk/undergraduate-
courses/ach/gf54](https://www.gre.ac.uk/undergraduate-courses/ach/gf54)

There are quite a few companies that have graduate schemes as well.

[https://www.nccgroup.trust/uk/about-
us/careers/graduates/](https://www.nccgroup.trust/uk/about-
us/careers/graduates/)

[https://www.mwrinfosecurity.com/assets/resourceFiles/Recruit...](https://www.mwrinfosecurity.com/assets/resourceFiles/Recruitment-
Brochure.pdf)

[http://www.aonearlycareers.co.uk/graduates-9](http://www.aonearlycareers.co.uk/graduates-9)
\- The application period will open again later this year for Cyber
Associates.

[https://www.contextis.com/en/careers](https://www.contextis.com/en/careers)

As for certifications I would say aim to get CREST certified though most of
the companies above will help you get the certification. Such as the Crest
Register Tester to begin with. [https://www.crest-
approved.org/examination/registered-tester...](https://www.crest-
approved.org/examination/registered-tester/index.html)

~~~
hackernewsxrx
Thank you for taking the time to reply. Is there a set route that people take
into cyber security? also will the CREST certification be something that i
have to fund myself?

~~~
redweka
There is no set route. There are many former sys admins, former software
developers, and many self-taught people in the industry.

Though as the list above shows there are a lot of universities offering
degrees in Cyber Security.

If you were able to get a job with a pen-testing company in the UK they will
pay for their employees to sit the Crest Exams.

