4 answers
2
Questions
Updated
505 views
What are some of the best ways to up skill yourself as an aspiring cybersecurity professional?
I have some certifications under my belt, and have made the decision to pursue a degree in the field as well.
Login to comment
4 answers
Teklemuz Ayenew Tesfay
Electrical Engineer, Software Developer, and Career Mentor
517
Answers
Updated
Teklemuz Ayenew’s Answer
To upskill in cybersecurity, focus on learning, practicing, and connecting with others. Start with basic certifications like CompTIA Security+ and progress to advanced ones like GCIH, eJPT, CEH, CISSP, CISA, or CySA+ as you gain experience and depending on your career goals. Use free resources like Cybrary for certification prep, Professor Messer’s YouTube channel for Security+ content, Open Library for e-books, TechExams forums for study guides and practice exams, and Coursera courses with financial aid or free auditing options.
Hands-on experience is key. Create a personal lab with Windows and Linux, and use tools like Wireshark, Nmap, Burp Suite, Kali Linux, and Splunk. Practice on platforms like TryHackMe, Hack The Box, OverTheWire, and CyberDefenders, which offer free labs and exercises. Join Capture The Flag (CTF) competitions, hackathons, or cybersecurity clubs to apply your skills. Document your work in a portfolio or personal projects. Learn scripting with Python or PowerShell, practice log and malware analysis, and understand cybersecurity frameworks like MITRE ATT&CK and NIST to align your skills with industry standards.
Networking is also important. Join communities like Reddit’s r/cybersecurity and r/netsec, Discord servers like The Many Hats Club, and LinkedIn groups to share knowledge, collaborate, and find opportunities. Gain real-world experience through internships, volunteer roles, or small freelance projects. Stay curious, keep updated on new threats, and by combining learning, practice, framework knowledge, and community engagement, you can develop the skills, confidence, and network to become a successful cybersecurity professional. If you need more information, feel free to ask.
Hands-on experience is key. Create a personal lab with Windows and Linux, and use tools like Wireshark, Nmap, Burp Suite, Kali Linux, and Splunk. Practice on platforms like TryHackMe, Hack The Box, OverTheWire, and CyberDefenders, which offer free labs and exercises. Join Capture The Flag (CTF) competitions, hackathons, or cybersecurity clubs to apply your skills. Document your work in a portfolio or personal projects. Learn scripting with Python or PowerShell, practice log and malware analysis, and understand cybersecurity frameworks like MITRE ATT&CK and NIST to align your skills with industry standards.
Networking is also important. Join communities like Reddit’s r/cybersecurity and r/netsec, Discord servers like The Many Hats Club, and LinkedIn groups to share knowledge, collaborate, and find opportunities. Gain real-world experience through internships, volunteer roles, or small freelance projects. Stay curious, keep updated on new threats, and by combining learning, practice, framework knowledge, and community engagement, you can develop the skills, confidence, and network to become a successful cybersecurity professional. If you need more information, feel free to ask.
Thank you for the response Teklemuz! I appreciate you taking the time to answer my question. You mentioned some resources I wasn't aware of, so I'll definitely check those out. My biggest issue was applying what I learned once I was introduced to certain topics and concepts.. I'm CompTIA Security+ certified, and have used most of tools and platforms you've listed loosely. I just haven't fully took the plunge and gotten lost in the cyberspace, if that makes sense.
Dorsey
You mentioned gaining real-world experience in several ways. One that caught my eye was the small freelance projects. How does one find these opportunities specifically? This seems like a great opportunity to get some early hands-on experience.
Dorsey
Small freelance projects are an excellent way to gain real-world cybersecurity experience and build a portfolio. You can explore platforms like Upwork, Fiverr, Freelancer.com, PeoplePerHour, and WeWorkRemotely. On Upwork, Fiverr, Freelancer, and PeoplePerHour, you can begin with smaller tasks such as website scans, security audits, and vulnerability assessments for small businesses. WeWorkRemotely offers remote IT and security roles, often contract-based, where you can apply by showcasing your personal projects, lab experience, or entry-level certifications.
Teklemuz Ayenew Tesfay
Thank you once again Teklemuz! Your insight is greatly appreciated. I will explore these options as well.
Dorsey
Updated
Sam’s Answer
Hey Dorsey! Teklemuz gave a great answer in talking about a personal lab. When you get this to the point he is saying, I would look at integrating a bunch of different cloud technologies into your infrastructure, as a ton of these companies have free accounts for students! Some examples once you have a couple VMs going
1. Free Cloudflare account with proxied sites through DNS and zerotrust on an app you host
2. Building a site/app in AWS with lambda
3. Create a serverless CI/CD Pipeline
There are almost endless possibilities either free or extremely cheap!!!
1. Free Cloudflare account with proxied sites through DNS and zerotrust on an app you host
2. Building a site/app in AWS with lambda
3. Create a serverless CI/CD Pipeline
There are almost endless possibilities either free or extremely cheap!!!
Thank you Sam for commenting and mentioning additional resources for cloud integration for a homelab setup. I'll save these for later when the time comes!
Dorsey
Updated
Kent’s Answer
Hi Dorsey. Seems you have at least partially answered your own question about upskilling by deciding to pursue a degree in cybersecurity. That's very cool, and I think you will get a lot of return from that.
I won't repeat what Teklemuz indicated. He did a great job of outlining a bunch of the big hitters.
I think you might do well to become familiar with just how broad the Cybersecurity field is (if you haven't already), so you can try to focus in on what you think you might be most interested in. That way, you can then more closely focus your upskilling efforts. Translated, that means that the field is huge and there are just too many possible directions to go in. However, if you can focus in on a few areas of Cybersecurity you can then dig into what it takes to be successful in those areas.
Seek out opportunities for internships while you are in school. Experience like that will pay off many times over.
My suspicion is that you are already doing this, but I'm going to say it anyway - never stop learning. This is critical.
One, technology never stops advancing. When I started in Cybersecurity data centers were on-prem, and there weren't any Clouds unless you went outside and looked up at the sky. Now, not only is everything seemingly Cloud-based, but AI is raging onto the scene. And did I forget to mention Software Defined Networking? Low code / no code. Containers. And on, and on.....
Two, the threat landscape never stops changing, threat actors (the bad guys) never stop advancing and they never stop becoming more sophisticated.
You have to go out of your way to keep up. Which takes me back to what I said at the outset - narrow your focus as much as you can so you can stick with the upskilling that makes the most sense. No way can you keep up with it all, so stay close to your strategy.
I won't repeat what Teklemuz indicated. He did a great job of outlining a bunch of the big hitters.
I think you might do well to become familiar with just how broad the Cybersecurity field is (if you haven't already), so you can try to focus in on what you think you might be most interested in. That way, you can then more closely focus your upskilling efforts. Translated, that means that the field is huge and there are just too many possible directions to go in. However, if you can focus in on a few areas of Cybersecurity you can then dig into what it takes to be successful in those areas.
Seek out opportunities for internships while you are in school. Experience like that will pay off many times over.
My suspicion is that you are already doing this, but I'm going to say it anyway - never stop learning. This is critical.
One, technology never stops advancing. When I started in Cybersecurity data centers were on-prem, and there weren't any Clouds unless you went outside and looked up at the sky. Now, not only is everything seemingly Cloud-based, but AI is raging onto the scene. And did I forget to mention Software Defined Networking? Low code / no code. Containers. And on, and on.....
Two, the threat landscape never stops changing, threat actors (the bad guys) never stop advancing and they never stop becoming more sophisticated.
You have to go out of your way to keep up. Which takes me back to what I said at the outset - narrow your focus as much as you can so you can stick with the upskilling that makes the most sense. No way can you keep up with it all, so stay close to your strategy.
Thank you as well for the response and time Kent! This is great advice and I will heed it well. I've narrowed down my focus/desired discipline to start off. I'm leaning into SOC analyst with a more specialization towards Splunk and AI integration. That's the path I seek, but I know things change and I could potentially end up on a different path. Those are my main goals for the time being though.
Dorsey
Updated
Theresa’s Answer
I have a different perspective. If you're serious about standing out in cybersecurity, the next primary skill to build isn’t just technical—it’s communication. The people who grow the fastest in this field know how to stay grounded, translate complex risks into human language, and navigate the inevitable conflicts that arise in security conversations.
Technical skills get you in the door. Communication and emotional maturity are what move you forward.
Practice “translation drills”—explain the same vulnerability to both technical and non-technical audiences
Study incident-response communication by rewriting public post-incident reports
Take a negotiation or difficult-conversation course (NVC, Radical Candor, etc.)
Join a local BSides or cybersecurity group and participate in tabletop exercises
Learn feedback frameworks so you can collaborate without tension
Technical skills get you in the door. Communication and emotional maturity are what move you forward.
Theresa recommends the following next steps:
Thank you Theresa for the response and valuable input. I’ve seen many posts about the perspective you mentioned of being able to communicate technical assessments into messages that will get the business minded people’s attention and actually support any security improvements that are suggested.
The resources and tips you’ve recommended are appreciative and I see some that are very intriguing (such as taking a difficult conversation or negotiation course). This will be immensely helpful and I appreciate you taking the time to respond to my question!
Dorsey