NOTE: To skip past my philosophy to foundational skills and hacking resources, click here
Passion is key (
Hacking = Life)
The great (and sometimes intimidating) part about computer security is it’s such a broad and ill-defined field. As such, just about anything you want to do can be defined as
hacking - it is simply creatively using technology to solve problems. The real key to longevity is this field is passion (solving problems that interest you), and you below are a few tips to help build this passion.
Simply put, either work on projects that are tangibly rewarding or do stuff that is fun. Many of the resources listed below use game mechanics to teach cyber security (i.e. gamification). You will find yourself learning seemingly by accident while having fun, and it prevents you from being overwhelmed by the enormity of the field. Remember, you do NOT need to be an expert in everything.
Become part of the community
Another important aspect to developing this passion is becoming a part of something greater than yourself. The hacking community is scary at times but also amazing. There are many ways to be involved from hacking clubs (like this one!)1 to conferences2 to online forums3. Being involved involved in a group and the culture keeps you accountable and motivated to learn.
Finally, seek help to avoid becoming frustrated. Resilience is important, but it’s more important early on to simply make progress. These challenges can be difficult. Many of have been around a while and have great published solutions (write-ups); it is not cheating to read these reports if stuck. My initial rule-of-thumb is to seek help after 30 minutes of not making progress. Many of the below games actually have built in hints, and you can [should] use these immediately. I also read write-ups after solving a problem to learn new tools or approaches to the same problem. Try not to start with the write-up, but do not be afraid to get help to build and maintain that momentum in the beginning.
Two Foundational Skills
While there is a wealth of different security fields, gaining some basic understanding of programming and a familiarity of Linux command line operations are two fairly important foundational skills that will help you in any security arena. You do not need to be a programming expert or command line ninja, you just need enough familiarity to know where to start. Instead of taking class or reading books, I strongly recommend active learning through gamification (the use of a game to teach a skill).
Hour of Code4 is a great place for an introduction to programming. It literally will take you an hour and introduces you to some the main concepts of coding like loops. CodeCombat (a game) and CodeAcademy (more traditional learning) are also great resources.
The Gamification of Cyber
Sticking with the having fun theme, there are a ton of resources available that have turned cyber security into a game. These games are generally called Capture The Flags (CTFs). Below I list several of the games and these are good places to start if you just want to dive in to hacking. My favorite resource is picoCTF. This is a CTF for High School students (anyone can play though). This site is so great because it provides all the tools you need (i.e. there is no setup required by you), has many simple yet fun challenges, and gives you useful hints on what to research if you are stuck on a problem. You might want to start with 2017 since 2018 is still live (i.e. no write-ups) but either version is great. Listed below are some other good resources.
How to Guides:
- Best Initial Introduction:
- A Little more Difficult:
- RunCode [Programming Focused]
- CSAW 365
- LiveOverflow’s introductory videos (reversing focus - his channel is a great resource in general).
- Immersive Labs [Free with .edu]
- Holiday Hack 2017 [This is a ton of fun, but the challenges are more difficult]
- Holiday Hack 2016 [Same as above and even more fun than 2017]
- Google Beginner CTF
- PenTesting [applied actual system exploitation]:
- Meetup is a great place to local hacking clubs in your area. There are a ton of groups to fit whatever topic or seriousness you want. openToAll is a good team to join if you cannot find a local group. [return]
- Your local B-Sides is a great place to start since the intimidation level and cost are both relatively low. Bigger name conferences like DEFCON, DerbyCon, and ShmooCon are also great but more intimidating (and getting tickets can be hard). [return]
- Finally, being exposed to what is going on in the community is also important. My favorites are SlashDot, Netsec, and Ars Technica, but these are more technically focused boards. [return]
- There are a ton of versions of HoC here. I just linked the original (Angry Birds) but you can choice whatever (Frozen and Star Wars are my kids’ favorites). [return]
- You will need to be able to SSH into this system (here are instructions for Windows and Mac). We will go over this in the club if it’s intimidating. [return]