5 answers
El Mahjoub
Student
El-Aaiún
1
Question
Asked
670 views
What is the ultimate guide to be an expert in cybersecurity ?
How to be an expert in cybersecurity ?
5 answers
Alexander V
IT audit
4
Answers
Ljubljana, Slovenia
Updated
Alexander’s Answer
Dear El Mahjoub,
The first step is to invest your time and energy into this journey. By asking questions, you've already made a great start, so well done! Now, try to dedicate at least 2 hours each day to learning about cybersecurity basics and related topics. Your focus will shape your success. The more you concentrate on something, the more skilled you become. It might seem obvious, but it's important to remember.
Explore resources and organizations in the cybersecurity field. ISC2 and ISACA are trusted worldwide. A good starting point is a cybersecurity foundations course. For instance, ISC2 offers an entry-level (CC - Certified in Cybersecurity) training program that provides a basic understanding of cybersecurity concepts. I checked and they currently offer free training with an exam, which is a great opportunity to begin.
You can take the next steps below at the same time.
Research cybersecurity topics on a daily basis (news, articles, videos).
Finish cybersecurity courses that will teach you foundations and advanced cybersecurity concepts.
Connect with cybersecurity professionals (find/follow them on LinkedIn, through ISC2, ISACA and others).
Look for jobs where you can get hands on experience.
Always lead with curiousity Why is something like it is. Don't accept facts without verifying them and develop your own understanding of them.
The first step is to invest your time and energy into this journey. By asking questions, you've already made a great start, so well done! Now, try to dedicate at least 2 hours each day to learning about cybersecurity basics and related topics. Your focus will shape your success. The more you concentrate on something, the more skilled you become. It might seem obvious, but it's important to remember.
Explore resources and organizations in the cybersecurity field. ISC2 and ISACA are trusted worldwide. A good starting point is a cybersecurity foundations course. For instance, ISC2 offers an entry-level (CC - Certified in Cybersecurity) training program that provides a basic understanding of cybersecurity concepts. I checked and they currently offer free training with an exam, which is a great opportunity to begin.
You can take the next steps below at the same time.
Alexander recommends the following next steps:
Sanja Swanson
Strategic Procurement
35
Answers
New Orleans, Louisiana
Updated
Sanja’s Answer
When it comes to cybersecurity, it's important to note two things. 1) Basic IT knowledge. When I say basic, knowledge of web, cloud and 1 programming language. 2) How many attack surfaces are there. Meaning let's say you have a website - I can login to the website through desktop/laptop browser or through mobile or through an app published in an app store. Why this is important is hackers always think how many ways there are to hack this site and what is the least used option. A lot of times companies and developers do not know how many ways their own website can be accessed. For ex: In our company's case, we have employees internally logging, customers externally logging and contractors (like OEM, vendors) accessing our portals, etc. These are all attack surfaces for a hacker.
Cybersecurity is not about tools alone. It is also about policies, procedures and standards. Unless we have policies and procedures, tools are of no use. This is the part that would be important for you to understand. I hope this helps!
Cybersecurity is not about tools alone. It is also about policies, procedures and standards. Unless we have policies and procedures, tools are of no use. This is the part that would be important for you to understand. I hope this helps!
Himanshu Tiwari
CyberSecurity Architect
3
Answers
Bengaluru, Karnataka, India
Updated
Himanshu’s Answer
In cybersecurity, it's crucial to grasp the basics, spot current and possible weak points, and fix them to avoid cyberattacks. A great goal is to become a Red Hat Ethical Hacker. This role involves testing your organization's systems to find and fix security gaps.
George Comenale
Senior Director, Cybersecurity & Risk Management
6
Answers
Hartford, Connecticut
Updated
George’s Answer
In addition to the great responses from others, think about what specific role or roles in cybersecurity interest you. The industry is broad, with many different paths to pursue: offensive (ex: pen testers), defensive (ex: perimeter security), data protection, identity & access management, etc.
Once you narrow your area of interest down to 1 or 2 subjects you love, the training resources shared by others can help you have a laser-sharp focus on the resources you will need.
Something not to ignore: there's always a human in the mix. Ensure you're also developing your communication skills; you have to be able to contextualize risk based on the audience you are communicating with. For me in my leadership role, I always ask "so what?" - not in a dismissive way, but for the team to talk about the impact to the business, not about a CVE score.
Best of luck.
Once you narrow your area of interest down to 1 or 2 subjects you love, the training resources shared by others can help you have a laser-sharp focus on the resources you will need.
Something not to ignore: there's always a human in the mix. Ensure you're also developing your communication skills; you have to be able to contextualize risk based on the audience you are communicating with. For me in my leadership role, I always ask "so what?" - not in a dismissive way, but for the team to talk about the impact to the business, not about a CVE score.
Best of luck.
Nigel Golding
Security Architecture
5
Answers
Houston, Texas
Updated
Nigel’s Answer
There is no single ultimate guide, because cybersecurity is such a broad field. The real path to becoming an expert is to build strong fundamentals first, then go deep over time in the area that interests you most.
I would start with the basics: networking, operating systems, how the web works, identity and access management, cloud fundamentals, and how attackers actually exploit weaknesses. If you do not understand how systems are built and connected, it becomes much harder to protect them.
From there, practice matters a lot. Read, study, and get hands-on. Use labs, home projects, capture the flag platforms, and try to understand both defense and offense. The people who grow fastest are usually the ones who do not just memorize terms, but actually test and apply what they are learning.
It also helps to choose a lane after you build your foundation. Cybersecurity includes areas like security engineering, cloud security, application security, incident response, governance and risk, penetration testing, and security architecture. You do not need to master everything at once.
A good path is:
learn the fundamentals, practice consistently, build projects, earn a few relevant certifications if they help your goals, follow real security news, and stay curious.
Most importantly, be patient. Cybersecurity expertise is built over years, not weeks. The people who become great at it keep learning, because the field is always changing.
I would start with the basics: networking, operating systems, how the web works, identity and access management, cloud fundamentals, and how attackers actually exploit weaknesses. If you do not understand how systems are built and connected, it becomes much harder to protect them.
From there, practice matters a lot. Read, study, and get hands-on. Use labs, home projects, capture the flag platforms, and try to understand both defense and offense. The people who grow fastest are usually the ones who do not just memorize terms, but actually test and apply what they are learning.
It also helps to choose a lane after you build your foundation. Cybersecurity includes areas like security engineering, cloud security, application security, incident response, governance and risk, penetration testing, and security architecture. You do not need to master everything at once.
A good path is:
learn the fundamentals, practice consistently, build projects, earn a few relevant certifications if they help your goals, follow real security news, and stay curious.
Most importantly, be patient. Cybersecurity expertise is built over years, not weeks. The people who become great at it keep learning, because the field is always changing.
Delete Comment
Flag Comment