1

Hi All,

I have a high school aged son who is very interested in learning cyber security and has a desire to go into that field as a career. I have looked a different topics on Spiceworks about it and some are over a year old so I thought a refresh would be great.

Could anyone who works in cyber security ( or IT security in general) give me advice to give him what would you study in high school, college, experience (majors, degrees, certs, etc) to help him decide if this is for him? Also, those of you who do work in security, if you were to do the IT security learning process over again, what would you change and what would you keep the same?

Thank you!

34 Spice ups
2

I’d suggest Network+ and Security+ as beginning study sources. If they can stomach those and enjoy it, then let them keep on pursuing that path. If they’re really into it WGU has an online degree. Cybersecurity Courses Online – Bachelor’s Degree | WGU

10 Spice ups
3

Thank you for the advise. Mastering the basics of IT: ie-networking, sys admin stuff is critical!

5 Spice ups
4

I personally don’t think I will be getting into Cybersecurity. But I am now leading toward that path. I find my CCNA study helps a lot, especially having a good network foundation. We all must start somewhere on the ladder, so good (human) communication is a key to success. The ability to communicate with clients/customers and co-workers will make a big difference.

3 Spice ups
5

Something that is not necessarily related directly to cybersecurity but something that will be quite useful in the long run is starting up a home lab. It is relatively inexpensive to start up a basic home lab and the ability to put school knowledge into action will be far more beneficial for the information to stick. Personally, my faith in education has diminished as I go to school and hold a career. I learn a lot of theory but the theory doesn’t transition well in to the IT environment. An example of this relating to security would be something such as “Configuring Access Control Lists on a firewall is a best practice security standard.” School doesn’t teach you the HOW they just mention that it’s necessary for security. The how is much harder, one misplaced rule and bam, network goes down. Being able to do this at home may be painful at times, but learning how to fix things in crucial in an IT environment.

Some cool idea’s for a home lab:

Minecraft server (or any other game server if he plays games)
Home network storage (centralized storage or media server) All photos, movies etc can be accessed from any device and don’t eat up space on the actual device.
Network firewall config such as pfSense or OPNSense.

For a home lab you don’t need crazy equipment, you can start with something as simple as a raspberry pi and go from there. Like others have suggested, start with the basics. A+ Net+ Sec+ certificates and then focus on CCNA or something cyber security related. The basic will always apply and a lot of higher certs build on their understanding. Also for a job focus, I would recommend him familiarizing himself with both Windows and Linux. Mac is useful as well but is not as widely used. Linux is going to be more on the server side of things but knowing the Linux command line and PowerShell will also help. For task administration and automation python and PowerShell are good languages. There is a lot to learn but I have covered some of the basics in different areas of IT: coding, server, networking, basic helpdesk.

Hope this helps!

10 Spice ups
6

@c-t ​ Great advice on the home lab. Thank you! Focusing on graduating high school is the priority but this may be a way to motivate him to get his school work first, then play in a home lab.

1 Spice up
7

Agree with others on a home lab of sorts to tinker with.

CompTIA certifications are well regarded: Cybersecurity | CompTIA Resources

Having acquired a BS degree and then taking CompTIA, if I had it to do over again, I would skip college and go straight into the cybersecurity certifications.

He also should have at least a rudimentary understanding of networking principles before getting into security.

4 Spice ups
8

Hey OP! As more provide their experience and advice, I thought I’d pop in here and share a good round up of some of our CrowdStrike folks talking about how they got into the cybersecurity field: Many Paths, One Goal: Forging a Career in Cybersecurity | CrowdStrike

Main point to come across with is they all came from different backgrounds, but ultimately ended up with the same goal. Just in case it provides some inspiration for your son!

2 Spice ups
9

I feel similar to @enyr0py . I only took 1 college course that was “Introduction to Computer Management,” or what I would actually want to call it “Intro to CompTIA A+ Certification.” I ended up not continuing it because of cost and then years later went on to just do CompTIA A+ learning on my own, using ITProTV(paid) and Professor Messer (normally free, but I paid for extra things) and within a year, got my A+ Certificate.

I HIGHLY recommend going CompTIA A+ route to get the basics down.​

4 Spice ups
10

A potential option is an internship with the district’s IT department, if the director is amenable to it. I know some schools aren’t while others welcome students with open arms. Just depends on the culture of the organization.

It’s not glamorous, and certainly wouldn’t be any opportunity to touch the network but it can provide an opportunity for students to see how a real IT operation works and getting them valuable hands-on experience by starting with the foundations and fundamentals. Where a student goes with that experience is up to them. If they work hard and earnestly, they can be given more and more responsibilities (just like in the adult working world). If they just shuffle their feet and do the bare minimum, then they won’t.

It also provides the student with mentors in the department, whether it’s the IT director, a sysadmin, or the network manager. That connection can be parlayed into other opportunities down the road, whether it’s with another school district after graduation or during college or even in the private sector because someone knows someone.

That kind of exposure can put a real-world context into the academic nature of studying networking concepts. Pictures in a book or on a Web page pale in comparison to seeing an actual switch and cabling in front of your nose, right? Especially the smells and sounds that don’t come through from the book or screen (or the heat or humidity in the environment).

3 Spice ups
11

I am curently finishing my bacherlor in IT with my specialisation in cyber security. My advice would be to work hard on projects, do your own research and try to do little projects on your own at home focused on things your interested in. (Sometimes you can use these small projects as extra credit in school to) :wink:

1 Spice up
12

I left the “security specific” portion of my position and dived into the applications and EMR of our hospital where I’m actually appreciated for my help. In security, when all goes well you’re just creating “unnecessary annoyances” for poor staff just trying to do their job. When someone knowingly bypasses your best efforts and causes a security breach THEN you’re incompetent for not foreseeing their ignorance and stopping it. Forget that. It’s the least appreciated and easily scapegoated position in the IT universe… I’m glad there are techs willing to take the abuse but I’ll pass. Just my thoughts.

3 Spice ups
13

One thing that I do not see mentioned in any of the previous posts is programming. Pick a language, Java, JavaScript, Python, SQL, PHP, PowerShell, and start learning how to code. Your adversaries are coders and you will need to understand their methods.

5 Spice ups
14

As someone who is studying cybersecurity at the moment, I would recommend getting a subscription to TryHackMe as a way to learn a bit about it first before making any big decisions. They are mostly aimed at red team, but do have some blue team training. Just seems to make sense to try it before sinking a lot of time and money into it, and also would allow him to find if he likes attacking or defending more, but good to learn some of both since you go up against the other team.

I agree with those who recommend a home lab, I’m currently rebuilding mine with a few old servers and some networking equipment I got relatively cheap (a mix of mostly Fortinet, but also Cisco and Avaya).

As for training beyond that, I would recommend OS fundamentals (mostly Windows and Linux, but Mac could be useful), networking, and scripting (Bash, PowerShell, Python).

For certifications, part of that would depend on what he decides to do in the end (red or blue team) as some go a bit more one way than the other, and if there is a certain place he wants to work it may be best to try to find out what they are looking for.

1 Spice up
15

@copierguy310 ​ Thank you for your post. It is great to hear the not so glamourous part of IT!

@itaintbroke ​ Great advice and I have relayed the message. I have an older son who in high school, he decided he was going to take an elective course and chose Python. He created several games and programs in that class and enjoyed it!

1 Spice up
16

Hello,

I will recommend networks fundamentals & infrastructure administration before getting to the rabbit hole.

regards!

1 Spice up
17

Are you saying that hackers the movie is not true to life?!?!?!

3 Spice ups
18

Well, the moment the NCIS method of defeating a hacker by having two people frantically type on the same keyboard gets positive results, we’ll let you know.

6 Spice ups
19

Cybersecurity. Because IT help desk wasn’t masochistic enough.

@copierguy310

4 Spice ups
20

Hi there! Long time lurker, but I think I finally found a reason to post!

Spiceworks News & Insights actually has a really good collection of articles on starting a career in Cybersecurity:

Hope this helps!

3 Spice ups