I know absolutely nothing, zero, zilch, nada, about IT. I'm trying to get into information security/ cybersecurity and I need somewhere to start.
Would this be a good place to start and acquire this certificate?
Take into consideration that I wont even be using it for some employer.
>>60453048
1) Learn some programming language, usually these guys all use Python for scripting their own test suites and tools.
Do: Any intro to python course on edx.org
Read: Gray hat Python
Read: Black hat Python
2) Learn network security/web applications. Everything is an application in some cloud now.
Read/do: The Web Application Hacker's Handbook
Read: Tangled Web (Browser Security)
Read: Any other security book that looks interesting on NoStarchPress website.
Find a company who makes a Python product on Github. Start testing their shit with your new security test suite you built. Or learn Ruby/Rails and start zinging Ruby/Rails sites. Google "Appsec" and learn everything you can about it.
Finally go intern for some security corp like Optiv/Accuvant or NCC Group or the hundreds of others. Work there X years until you are confident enough to be a senior consultant, quit and charge $$$$$$$/hr as a freelancer. Get a cringey Twitter nym like "0xFalconSecurity" and follow the usual security people like TheGrugq, Charlie Miller, ect
>>60453264
I guess I could learn python
>>60453264
Don't do any of this imo. Overkill for a beginner. Just study for the A+ or net+ exams, take them and get certified
>>60453841
that's what I plan on doing
net+ or ccna I don't know
>>60453841
Exactly. A+ covers all the basic.
>>60453841
Kinda agree here, his advise is solid, but I would go for entry level certs like A+, net+ etc, to get an entry level job, then maybe follow his advise. In IT the most important thing is getting your foot in the door and accumulating experience, just make sure you don't get stuck in one position, never stop learning.
>>60453943
>>60453841
Worthless
Nobody gives a fuck about "A+" or "Net+" unless you live in India.
None of this >>60453264 is 'overkill', it's the bare absolute minimum you would need to call yourself any kind of security whatever.
>>60453943
Thanks bro.
>>60453996
OP stated he doesn't know shit about IT. He should start with basics.
>Take into consideration that I wont even be using it for some employer.
There's your answer to a+ net+
>>60454136
I chose the easiest possible path lol, which is considered basic. If OP wants basic of basics, Kernighan's latest book will do http://kernighan.com/ and is vastly superior to paying for A+/Network+ certs. OP can read this in 2 days.
This is what a real security path looks like, and is considered bare min knowledge if you don't enter in through appsec angle:
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html
That path typically requires exp being a F/T software developer like a vidjya gayman dev who knows C++/Assembly which is why I suggested the even more basic appsec angle, since anybody who knows nothing with a bit of Python from edx.org can do it.
>>60453048
CCNA looks better but is more difficult than IT fundamentals or Net+ . A+ is good for entry level.
>>60453048
You do not get directly hired into security without a masters degree, or a shit ton of work experience.
Your progression path with no education:
1) This >>60453841
2) Apply for a bench tech or help desk job, and while working study up on networking and servers.
3) After gaining two to three years of experience write your CCNA and MSCE exams, after you pass apply for a System/Network Administrator job. Make sure this company has in and house security team before applying.
4) While working start studying security and get a security cert (not sec+)
5) Gain experience while waiting for an infosec job opening in the same company.
>>60454567
what security cert would you recommend?
>>60455015
sec+ is another basic comptia certificate. Won't necessarily get you any jobs, but its a start. CISSP would probably be an essential one. I've seen some employers value the CEH certificate as well.
>>60455015
This very much depends on which branch of sec. CEH, OSCP, CISSP, and the various GIAC certs offered by sans are the most valuable. I'd really need to know what aspect of security you want to get into.
>>60453264
(you)
>>60453048
Unless you're Amish and know 0 about computers, start with the A+ and then do the Sec+
Just learn how to script with powershell or bash. No need to learn actual programming
>>60455186
wew
Hell, I didn't know there are different branches of security.
>>60455310
Pentesting, incident handling/forensics, management, and development are the primary jobs. There are also security researchers, but those jobs are rare outside of freelancing. The entire field is mostly writing reports, or drafting policies outside of research honestly. The "fun" shit most people think of when they think of the field is pretty much reserved to criminals, or pentesters. Mind you with pentesting that is only a portion of the job, most of it is reports.
>>60455720
I'll just become a criminal then.
But pentesting is probably the most interesting out of all.