following suit with HTB's (HackTheBox Academy) lesson on setting goals, i'd like to start there. my goal is to land a remote cybersecurity job. i lean towards the red team side of things, but i'm no stranger to paths taking unexpected twists and turns (i.e. working as a SOC Analyst or Malware Analyst instead) ultimately, i'm shooting for a role in pentesting and/or consistently reporting bug bounties, but a quality i emphasize in myself is to keep an open-minded perspective in learning.
in order to achieve my goal, i have certain steps outlined along the way. this starts with a help-desk position, then working up from there. this would allow me to get hands-on experience, workplace experience, and also meet fellow professionals and build a network. working help-desk requires earning a CompTIA A+. i will also be working through the fundamental courses on HTB (and TryHackMe, although I only have a subscription to the former). it'd be ideal to also get hands-on work on my own as well, but that is subject to whether or not i can procure hardware.
the steps after that include earning my CompTIA Network+ and Security+ certifications. this triad of certifications is considered a "gold standard trifecta" as far as job applications go. we'll consider it a good base to move upward from. it's important to know what a piece of technology is, what it does, how it works, and why it works BEFORE i try to secure it! hence the importance of earning these certifications and really understanding the fundamentals they help lay down.
following that, i will continue my efforts on HTB, namely the “Bug Bounty Hunter Path” and the “Penetration Tester Path”. building a mental model of the relevant systems in the cyber world benefits from multiple perspectives - so taking a comprehensive approach to learning and including multiple job responsibilities can only help me build a more nuanced base of knowledge.
the big certification that everyone seems afraid of, the “OSCP” from OffSec, is the last jewel to collect on my formal curriculum. this certification is to pentesting, what the A+ is to help-desk. i actually really appreciate when things seem a little scary; i have benefited greatly in the past from running towards these things instead of away from them.
within the curriculum i have laid out, there are also a handful of books (yay for no starch press!) that i plan on working through as supplementary reinforcements, alongside any hands-on work i can get done. they include, but are not limited to: “Ethical Hacking: A Hands-On Introduction”, “Grey Hat Python”, and “Practical Guide to Malware Analysis”. in addition, i have a personal interest in low-level programming; my brief exposures to the Assembly language have been VERY intriguing! i plan to get into more detail about my programming experience in another post.
my curriculum was formed with the intent of having my study and my practice work in concert. digesting knowledge, taking notes, and watching lectures needs to be reflected in the actual *work* and *practice* done – missing either side of the equation will limit development greatly. this is something heavily reinforced in my combat sports studies, where your health is on the line for any flaws you don't address! i am eager to continue to take the same diligence and attention to detail into my cybersecurity studies.