A Hacker – Bug Hunter Journey

Most people often want to learn new skills or start their lifetime career, however it’s not that easy. Not to mention resources needed, personal dedication and sacrifices to be made.

Its been over seven years since I started my Cybersecurity career journey. I’ll confess, its has not been easy. There were days I dint know what I was doing. I had no one to mentor or guide me. The only ground I had was Google and my creativity.

Anyway, it has been a successful and exhilarating journey. Today I pay my bills working from home as a full time Bug Hunter and Cybersecurity Consultant. This post is aimed to guide those interested in joining the Cybersecurity industry or any other career path. I will point out resources that I found helpful and ways you can effectively learn and improve yourself.

First of all, you need to be very disciplined. That is very important. You also need to be very curious and ready to do research, quite a lot. Understand Cybersecurity is very broad. Most people tend to confuse between cybersecurity and information security.

  • Cybersecurity – Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. TheseĀ cyberattacks are usually aimed at accessing, changing, or destroying sensitive information.
  • Information Security – Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.

You also need to choose a niche and perfect your skills on it. There are quite a number sub-fields in Cybersecurity, just to name a few, Network security, Digital Forensics, Mobile App Security, Web App Security, IoT Security, Cloud Infrastructure Security, API Security etc. So as you can tell there is a lot in this field, one cannot be a master of all. Suffice to say, as you go along the way you’ll find out that you need to have the basics of all the sub-fields of Cybersecurity because they somehow compliment each other. Interestingly, as you learn one field, you automatically get to learn fundamentals of other fields.

For instance, as you learn Networking, you get concepts that will be mandatory to web/app and IoT. Here is a link to a blog that I found very exhaustive to help you choose your niche.

At first, it may not be easy to identify what you really want to do. I recommend you familiarize yourself generally with fundamentals of Information Security. Be advised, Networking skills is very important, you have to learn that. You also need to be able to read and interpret codes. People often ask me, is it necessary to learn programming in order to learn hacking skills. My is answer yes. By that I mean be able to read and understand codes. Be able to debug a code. Problem solving skills is one key quality of cybersecurity specialists. Generally hacking is all about solving problems, you have to think outside the box most of the time. It will also come in handy where you need to write your own exploit or modify publicly available exploits to suite your situation.

Understand, all this takes years of dedication and self drive.

There are a lot of good resources online that can guide you. I’ll leave some links I found helpful at end of the post. Sometimes you will have to go an extra mile to get a solution to your challenge, and trust me, its very frustrating.

Another important thing, try to solve as many CTFs as you can. Start by setting up Vmware or Vbox. You learn as you do that. For me I learned a lot on web server technologies by doing CTFs. The setup process itself can be a challenge, especially if you have never done it before. Good thing is Google is your friend. Speaking of Google, you also need to learn googling techniques. Google houses terabytes of data, most with similar keywords. You need to learn how to filter your search in order to get refined results. Keep an eye on this domain, I’ll be posting all that in the next few weeks.

Invest your time in research, practice what you learn as you go along. Register an account at Cybrary and start hacking. Cybrary is fairly a good place to start testing your understanding of the concepts you are learning. There are others similar to it, but I’d recommend you start there before trying others. Youtube videos are also good. Watch as many videos on Information security as you can. Also checkout Tweeter, it has some good info on Cybersecurity from guys already in the field.

At times, like did, just read CTF write-ups without necessarily doing them. I found them very inspirational. Especially seeing how others think in different situations.

Once you feel you are good and comfortable hacking, signup to platforms like Hackerone, Bugcrowd, Bugfinders, Synack etc and start finding bugs. The good thing here is that now you get paid for finding bugs as you continue to learn. Checkout publicly disclosed reports, retry the bugs mentioned, lookout for new features on apps.

Doing this is very addictive if you are passionate about it. You might lose friends and your social life might die along the way for sometime, but it’s worth it.

So yeah, I hope you find the post helpful in one way or another.

Resources:-

http://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/

http://www.securitytube-training.com/online-courses/securitytube-python-scripting-expert/index.html

link

http://vulnhub.com/

https://www.corelan.be/

link

https://www.owasp.org/index.php/Top_10_2013-Top_10


Leave a Reply

Your email address will not be published. Required fields are marked *