
This article will sum up the past 4 years of my life. I remember someone telling me “It’s not what you know but who you know”. This stayed with me for as long as i can remember. This is not absolute but does make up a huge part of this story. TL;DR Basically, getting into Cyber Security entails the following: Finding out what interests you Spending a lot of time building a foundation in that ‘interest’ (e.g. pentesting, vulnerability research, ICS/SCADA systems, etc.) Building Confidence → which is equivocal to how much evidence you output. This can be projects, credentials, talks, blogs, etc. Connecting and building a strong network \ 1. Finding out what you’re interested in… But how? One needs to understand what it is that they find themselves interested in. This challenge can be solved by asking a few simple questions like: What do you find takes so much of your time without you realizing? Does this make you happy or content? Can you see yourself pursuing this long term or professionally? This can quickly separate (i.e. if you are honest) a hobby from a professional commitment. Doing something you enjoy that consumes your time is a good way to know what you might want to spend the next segment of your life dong. \ It took me a while to see what it was that i liked. In a way, I worked really backwards to the traditional learning curve. Take for instance the following visual for linear learning: Learn basics, Build foundation Test knowledge in simulated environment Prove capability and competency \ Funny enough, I reversed that pyramid order. I, instead, had my journey summed in: Learnt about deploying VMs Booted my own instance of Kali Tested tools, cloned repos, and did stuff……… I had no clue what i was doing. Literarily spraying and hoping for the best. Decided to learn the basics from: “Master OTW…” ʅ ( ․ ⤙ ․) ʃ Learnt alot from David Bombal, Network Chuck, Hackersploit, john hammond, etc. Resorted to youtube and Udemy Repeated step 3 & 4 for 2 years. Decided to take things seriously… (づ ̄ ³ ̄)づ \ ╭━┳━ ╭━╭━╮╮ ┃┈┈┈ ┣▅╋▅┫┃ ┃┈┃┈ ╰━╰━━━━━━╮ ╰┳╯┈┈┈┈┈┈┈┈┈◢▉◣ ╲┃┈┈┈┈┈┈┈┈┈▉▉▉ ╲┃┈┈┈┈┈┈┈┈┈◥▉◤ ╲┃┈┈┈┈╭━┳━━━━╯ ╲┣━━━━━━┫ \ I first wanted to get into pentesting. My naivity thought the job market was a piece of cake. You know, like crack a few THM labs, get dozens of Udemy certs, create a 4 page resume… Bruh. \ 1.1 Finding my Interest This definitely took some time. The more time i dedicated to journaling and introspection, the more i got closer to what I’d call my calling. Being completely honest, I wanted to escape the daunting nature of being a script kiddie and achieve something worth a lot of respect, dignity, and holds some weight. I then thought it over a bit, and asked myself “how much power can someone have if they are the ones building the tools others use? how powerful are those hackers at the top of the food chain, who develop the exploits that can cause catastrophic economical damage?” After doing some research, those hackers in one way or another excelled in vulnerability research and/or exploit development. Now I seen that, and the sheer respect and power reminded of that quote from Spiderman “with great power comes great responsibility”, and I truly fell In love with the imagination of what I too can become by choosing this path. My motivating factor was in one word “capability”. So not only do I get to be a hacker but someone with immense technical depth and value. This took me almost 2.5 years of exploration before stumbling across this thought. Take your time, great things don’t come overnight or during that 3am motivation to rule the world. Things take time. \ 2. Building the Foundations “ Rome wasn’t built in a Day” I know it sounds cliche, but it’s true. Rome was not built in a day, a 6 pack will take months of training, mastery takes years. Likewise, getting good at vulnerability research will also be no exception. I’m no where near where I want to be, but I’m also no where near where I started. Always try to look at things through a positive perspective as you NEED to ensure you are conditioning your mind to deal with uncertainty, difficulty, and novelty. So you want to have a positive outlook so you find ways to keep going and continue to push yourself through adversity and not succumb to it. Also, taking a role model in the field also helps with aspiring big and picturing yourself in their stead. My biggest inspiration is Alisa Esage, founder of Zero Day Engineering. Here I mapped out what skills where needed to develop, including: Computer Architecture Assembly C & C++ Operating System Internals Reverse Engineering Memory Corruption Modern Mitigations Exploit Development Compilers Debugging Binary Formats Fuzzing Program Analysis Secure Coding Cryptography Networking Kernel Internals Browser Internals Research Skills Mathematics \ Then we need to find resources that we can use to learn and study from. In my context, there are treasure troves of materials covering all topics listed above. Some of which include pwn.college, corelan, Gray Hat Hacking Edition 6, among many others. But a new revolutionary tool to accelerate learning is AI. You can use models like ChatGPT to not just find resources to learn, but to develop them. To teach them in such a manner, that is comforting, easy to digest, slow, and personalized. Then receive practice labs generated by it. This cycle repeats indefinitely teaching everything and anything you ask it to do. As I continue to build upon the building blocks of my mental palace, I reserve this experience under my research brand. Think of it like an investment trust that will reimburse you in the near future. So while i learn, I’m technically upskilling myself and thus benefiting my personal brand. (˶ᵔ ᵕ ᵔ˶) \ Side Note: Apart from pursuing this, all the experience I’ve accumulated over the years has also augmented my skills in other facets that directly and indirectly benefit my pursuit for vulnerability research. Take OSINT for example, I’ve learnt to use information at my disposal. The competitive edge for me is knowing where to look for information i need. Now this can augment vulnerability research by crawling for exploits, or for finding information about anything i need to find. Thus being of benefit both directly and indirectly. The same goes for vibe coding, web and network penetration testing, and a lot of other things i did within this period. One thing OSINT does to your mind after enough time, it conditions you to understand EVERYTHING is connected in one way or another. Whether corporate secrets, geopolitical agendas with “accidental” incidents, devices, or simply how all knowledge benefits each other. Whether you see it or not is irrelevant to the fact that it does. \ 3. Building Confidence through Evidence Yes I know, I stole this quote from Alex Hormozi. That’s because it really does work. Evidence proves to the world, but more importantly, to yourself of your own competency. It says your not full of Shit. But how do we build “Evidence”? Well, a few examples of what can be considered “Evidence” includes: Blogs, articles, walkthroughs, etc. Demonstrate you know your shit. Teach it, show effort. Similar to point 1, make videos, tutorials, etc. You might even start a YouTube channel if you want. GitHub. Just make something and ship it. Vibe code it if you suck at coding. Use your imagination, use AI to code for you and then make it. Simple. Complete CTFs, HackTheBox, TryHackMe, etc. labs help show understanding, critical thinking, and dynamic workflow. Credentials. This can include certifications like PNPT, CPTS, (Not OSCP :/). Credentials can also be Letters of Recommendation from companies you pentested or reported vulnerabilities to, mock pentest report (like your one from the CPTS), etc. really anything that shows commitment, understanding, and validation. \ Build a living portfolio. I mean… build a website (very easy, use GitHub for hosting, and deepseek to generate the code (both for free)) that showcases all projects, certs, articles/blog posts, short bio, aspirations, etc. etc. etc. \ 3.1 Using Reddit for Experience Another nice way to get real world experience is by contacting startups. They’re FILLED with vulnerabilities. Most lack the skill, finance, and time to worry about security. So why not be that solution for them. To do this: Go to reddit Subreddit for Startups (can be any, don’t fuss over it) Find a startup you like Offer a tailored solution to them or Send a post saying your “looking to find and report vulnerabilities for FREE, in exchange for a letter of recognition. Looking to join a team and build experience. Have experience in….” Just be honest and hopefully someone will get back to you Spend time with the team, have some fun, Deliver the solution, Receive the Letter of Recommendation. Congratulations, you now have a credential to showoff and add to your collection. Its important to understand not everything’s about money. You want money, but need experience. When money becomes a need, get a job. The current goal is to accumulate enough experience, skills, and credibility to get your foot into the door. \ 3.2 Creating a Brand Another interesting way to get experience is by founding a personal brand. Branding comes down to: What idea are you promoting? What problem can you solve? What kinds of services or products do you offer? (e.g. software, consulting, research, etc.) You don’t even need tangible results NOW. You can sell your vision. For example, “Creating next gen inference accelerator”. You don’t need a product, but can promote an “idea” . In saying so, there isn’t anything stopping you now except for creativity. That’s where ChatGPT comes in. Brain storm, map out your interests, skills, strengths, and weaknesses. Think, is there ANY problem out there I can fix. These are the kinds of thoughts that help the AI narrow down its suggestions to a more personalized perspective in accordance to you. The genius behind this approach is that YOU are giving YOU a job (job = experience) without waiting for a company to hire you to then get exp . \ In summary, getting experience has never been more easier and straight forward now as it has been ever before. \ 4. Connecting and building a Network Im not sorry for you Introverts, but if you actually want to get a competitive advantage, no one will demand speaking at defcon, but talking to other human beings will help significantly. There are plenty of events and meetups with a bunch of people ranging from: software engineers ML Engineers AI Engineers CEOs Graduates Pentesters etc. It honestly is just like a Kinda Surprise, you don’t know what you’re gonna get. But anything is better than nothing. Spoiler Alert, that’s how I got an Internship o(≧∇≦o) 。◕‿‿◕。. By accumulating the evidences above, when you meet new people and small talk becomes a decent conversations, you’ll be able to show the depth of your commitment. Hence, hopefully, building credibility and trust with the recipient. I prefer solitude any day of the week, but I also must get out of my comfort zone if I’m to actualize my dreams and become greater than what I currently am. Plus, it’s so cool connecting with like minded people. Take their numbers, connect on LinkedIn, connect at Uni parties, Meetups, etc. \ 5. Summary I know I work backwards a lot of the time, well considering I’m a reverse engineer (つ≧▽≦)つ… No pun intended (._.) But seriously, I take my craft like an Art. Art is something you build but also a skill that resonates a lot with how you feel. It’s laced with emotion. Similarly I feel the same. So, I don’t take this endeavor like a curriculum and some linear fashioned study. It’s something I build on, slowly, over time, more and more. That’s the kind of drive and curiosity that fuels me each day. There will be days where you feel like shit. That’s okay. Understand why you feel that way, take a break, then get back to it. Don’t overthink, just do. Because the thought of “what could happen if I continue this?” should be so exciting it makes you smile. \ Short summary of what I showcased and built that would end up being the backbone leading to my Internship: Hacked NASA → Got a letter of Recognition Hacked DHS & DNFB → Reported vulnerabilities Hacked Readov (Reddit advice) → Got a letter of Recognition Founded my personal brand → Spectra Vrg Published all my projects on Github & on my Website Attended meetups and conferences Spoke to as many people as I could (ended up speaking to head of HR) Got an Interview And that’s how I landed my Internship. \ So yeah, after 4 years of trial and error, that’s my advice for ya’ll. Kind Regards, Ayukotsu. \ \ \n \ \ \ \ \ \ \
View original source — Hacker Noon ↗


