I am getting so many DMs lately about how to start eJPT, OSCP and how to learn all the stuff there is to learn. How can I memorize all the commands in Linux? Where can I study for free, what is and what is not required to succeed in a certain exam, etc? I have been in a similar situation, I have self-studied my way to Full-Stack Development and now I am pursuing a career in CyberSecurity. It can be daunting for someone starting out in the field to take in all the information that is required to get an understanding of what is going on in the first place. But, not having the right methodology or path to Learning to learn things can frustrate and demotivate people. So, I am going to lay down some tools, methods, and services I use when I am learning something new or advancing in a similar field. I will go step by step and have a TLDR at the end maybe.

• Step 1: Learn some helpful technologies!

  • Learn Markdown - It is very easy to take proper structured notes in Markdown. Believe me, once you start using markdown you won't go back.
  • Learn Git and Github - Honestly Git and Github are like life skills, you should definitely take some time and get the basics down. Knowing the basics is enough to make your life way more productive. You will ask yourself why you didn't spend an hour or two of your life to learn it.
  • Learn to live in the terminal - As an IT Professional, you'll be spending quite a bit of time in the terminal. Become familiar with it, it is a lot of fun, to learn what are different shells, learn how to use aliases, how to install some cli tools, and how to script small automation tools using bash. It is a lot of fun and it is easy once you get the hang of it and, extremely addictive.
  • Learn Linux - Using Linux as a daily driver might be overwhelming for some but, VirtualBox and VMware help with that. Set up a Linux distro and understand the process, understand the history of Open-Source, and what role Linux plays in it. I will share two resources here. Linux is used extensively in IT, be it servers or otherwise. It is important we get to know it a little better.
    • Revolution OS - This is a documentary about Linux, GNU and Open - Source
    • Linux Journey - An amazing website that takes you from a Linux beginner to knowing enough to cause some damage. ;)
  • Learn a programming language - Now, by learning I don't mean becoming an expert at a programming language but, learning to code even small scripts and developing a basic understanding of programming concepts such as flow control, variables, etc will help you immensely in your journey as an IT Technician. Being able to understand what a piece of code does and modifying it slightly for your use case is a skill that will take you from being a Script Kiddie to L33T H4cK3R. On a serious note though, learn the basics and you will thank me later. I would say getting into CyberSecurity, the best language to learn in my opinion is Python. You can never go wrong with it; it is easy to understand and get good tutorials on and if you have a problem, I am sure someone else already had it.
    • Python for Everybody
  • Nice To Haves - Somethings you can skip if you are in a hurry -
    • Learn SQL - Databases are important, especially in the CyberSecurity world, and knowing the basics of SQL will take you far.
    • Learn HTML, CSS & JS - Just the basics, to understand how websites function.
    • Learn the LAMP Stack - The old school Linux, Apache, MySQL, and PHP. Knowing how to set up a LAMP stack website will help you understand the Full-Stack view of Web Development.

• Step 2: Get your tools ready!

  • Stackedit - Stackedit is an online markdown editor I use to take quick notes. Something temporary or something that I will transfer to another note-taking app in the future.
  • Notion - Notion is like a workspace you can use to do a shit-load of things honestly but, I use it to organize my life essentially. It is like a second brain. It is not needed, you can use a simple folder and file structure to do the same thing.
  • Obsidian - Similar to Notion, Obsidian is a very powerful markdown editor that is great for organizing your notes, has mindmaps, and is also very extensible. I use this for all the CyberSec notes and writeups.
  • Code Editor - Now, there is a huge debate on which code editor to use, I personally use neovim and VSCode but, you are welcome to use any code editor of your choice, just make sure you stick to it and learn some of the quirks and how to extend it to your needs. Get a nice theme going, learn some shortcuts and you are good to go. Stay away from the code editor debate on the internet. Use what best suits your workflow.
  • Browser - Again use whatever suits you best, I personally like Chrome but, you might not, and that's totally fine. Make sure to look into the extensions, get some AdBlock, get a wappalyzer extension and learn how to create bookmarks. The browser might not sound like much but, it is something you will always have open and you should become familiar with it.
  • Virtualization Software - VirtualBox and VMware are big players in this space and honestly pick whichever you find more to your liking. I use VMware Workstation but, I occasionally use VirtualBox as well. Learn how to set up VMs, how to create snapshots, and change VM network settings and you are good.
  • Kali or Parrot VM - If you are getting into CyberSecurity you know of KALI and PARROT Oses, use the one you find comfortable, honestly all the tools are present in both. I personally use Kali but that should not stop you from using Parrot. Install it, and learn about how to set it up. I am going to release a video about how I set up my Kali VM soon!
  • Nice to haves - Some more tools I use and you can too if you take time to learn them -
    • TMUX - TMUX is an amazing tool that I use daily. TMUX Intro by HackerSploit
    • VIM or nano - Learning a terminal-based editor will help you immensely because you may not be able to install software always, but VIM and nano should almost always be installed on all systems.

• Step 3: Find the right material for you!

  • Everybody learns differently, some people like the audio-visual style of learning through videos and walkthroughs, and other people like to read and understand better that way. I am more of a video person. Although I am a programmer, and I am no stranger to documentation, I prefer videos and doing things by myself. Make sure you assess your situation and come up with some options. I for one am subscribed to ITProTV, I love the way they do their videos and it makes it less boring and way more fun. YouTube is also amazing for finding good content, try to follow TheCyberMentor, JohnHammond, HackerSploit, IppSec, David Bombal, and NetworkChuck. If you like to read things, there are great websites there as well as some amazing books. For practical learning, I recommend CTFs and Wargames. I use HackTheBox, TryHackMe, PentesterLab, picoCTF, OvertheWire and VulnHub. That's a lot of fun practice right there!
  • Finding the right material is essential to not lose motivation and keep on having fun while learning.
  • Once you find the people and material you like, Stick to it! I see so many people just wasting time switching materials, finding the "BEST" course, or stuck in tutorial hell. Just stick to the material you like complete the courses and get the practical knowledge in. Just seeing someone else do something and thinking you will be able to replicate it is wrong and will make you get stuck when you face the slightest of problems.

• Step 4: Misc advice to succeed!

  • Remember the motivation - You might want to get a job, get that promotion, or get more money these are good motivators, but, what was the one reason you were attracted to this field? Was it some movie? A video? a Documentary maybe. Revisit it, and remember why you are doing this! It is important not to lose sight of why you love something you want to learn and keep doing for the rest of your life.
  • Find a mentor - Now, I know not everyone knows someone in the same field, if you do, great! Ask for their advice and learn from them as much as you can. For everyone else, try to find educators or personalities in this field whom you connect with. Maybe you saw a video and really liked the way they taught you something or you really liked the things they liked. Make sure you follow them on Twitter and LinkedIn. See their videos, see what they tweet, and who they follow. The reason this is important is to have someone to look up to when you need that extra bit of motivation or when you feel stuck. Learning from someone more experienced and in the same field as you is a great boost.
  • Take Notes - All the tools we listed earlier, put them to use, whenever you are going through a course, take notes, explain things to yourself the way you try to understand things and write them down. Make sure you include Links to websites you might have read this on or take screenshots and add them to your notes. Having things to come back to when you get further in your studies is really great and gives you the peace of mind that even if you forget something, you have it all written down in your notes.
  • Get your hands dirty - Saw something in a video? Maybe a CTF walkthrough, a Linux cli tool, or a hacking tool, try to do it yourself in your own environment. Doing things yourself is the best way to make things stick and develop that methodology and the mindset that if something doesn't work, you try to make it work, troubleshooting problems is an important skill in our field.
  • Create Bookmarks - Use your browser's bookmarks feature and create Bookmarks for interesting websites or SaaS tools you come across. Create folders for specific topics, create bookmarks relating to that topic, and name them properly. It is very important to create bookmarks as you will definitely forget that website you found a good resource on and then you will get frustrated trying to remember them. In the same way, use Reddit's save feature to save posts you find interesting and maybe want to re-read later.
  • Read Blogs - There are some great blogs on CyberSecurity by Industry experts and you should try to go through some each week, also follow IT Security Multireddit to see all articles from IT Security based subreddits. Some of the good blogs to follow are -
    • Daniel Miessler
    • Graham Cluley
    • The State of Security
    • Troy Hunt
    • Schneier on Security
    • Krebs on Security
    • WeLiveSecurity And many more.
  • Learn to Google - I mean learn to really google. Using the flags that Google Search provides can really help you nail down what you are searching for. 42 Useful Google Search Tricks has some listed and will help you get started.
  • Ask a lot of questions - Never shy away from asking questions, on Reddit, maybe in forums, StackOverflow, or Discord. Asking good questions after doing your due diligence is a good way to solve problems you couldn't on your own and make sure to note down the answers so that whenever you are facing a similar issue, you always have the answer.
  • Backup your work - Create a GitHub repo or save on the cloud but, make sure to always have a copy of your notes somewhere to safeguard just in case.
  • Take Breaks - Don't out-grind yourself into burnout, it will make you lose motivation and it can lead to long days or even months of procrastination and not moving forward. Take breaks whenever something is overwhelming or you are constantly studying for hours. Go for a walk, play some games, do some ctfs, and watch Netflix. Get that drive to learn again and then get back to it.
  • Network with people - Finding people in the same field on LinkedIn, twitter or Discord is a good way to keep your motivation going, make new friends, and step into the industry. Make sure you make a good first impression, don't worry if you are new and don't know a lot, everyone starts somewhere, try to find communities in your hometown, go to conferences and talks, and make sure you make contacts there. These people will help you when you need to find jobs or are looking for advice to upskill yourself.
  • Nice to Haves - More things you can do if you have the time -
    • Get your own website - Get an online portfolio like a digital CV that you can share with people you meet at conferences or meetups.
    • Use Github - Showcase your work on GitHub. Upload your writeups, maybe a good set of notes or even small bash or Python scripts you came up with.
    • Educate others - Sharing what you know or are good at is always a good way to give back to the community and helps the flow of knowledge.

There is a lot more I want to share that I am unable to think of as of now but, I am going to soon make a simple video series talking about this topic. I really want more people coming into the IT Industry especially Security and have a good experience. Be on the lookout ;)