Getting Started

Author's Note

There's no need to know everything on this list before even starting in security! I personally started with learning C on my own, then venturing to networks before starting CTFs and picking up the rest along the way. YMMV!

Programming

Programming knowledge is a must no matter which area of computing you're in. You can write your own exploit scripts, modify existing tools, do source code reviews, etc. Also, coding helps develop problem solving skills which you definitely will need.

Here are a list of programming languages / concepts I feel are necessary to understand:

• Python: For scripting of exploits and automating stuff.

• Object Oriented Programming: To understand how code is organised into classes and objects, which is useful when dealing with enterprise software architectures.

• Bash / Powershell: The scripting languages used for Linux and Windows respectively.

• C: For dealing with memory manually and understanding how memory vulnerabilities are created / exploited.

• Assembly: To understand how computers execute instructions at the lowest level, useful for reverse engineering and malware analysis.

Computer Networks

To secure an organisation's network as a cybersecurity professional, you need to know how networks work in the first place! I did the Cisco Certified Network Associate (CCNA 200-301) to learn about networks using Niall Anderson's CCNA course, which I found very helpful.

You need to know network layers, architectures and the different protocols at the back of your head.

Operating Systems

This involves using the command line and knowing how Bash and cmd.exe works and enumerating a computer for privilege escalation vectors.

On top of that, I feel that understanding how operating systems are used to manage data, how access control lists for files are dealt with, and how basic operations are carried out using system calls via POSIX or WinAPI is a plus, especially the latter for malware development!