_edited.png)
Journey from Product Evangelist to Cyber Security Consultant Intern.
I finished my bachelor of computer application in 2018 June. I had to do an internship to graduate, during the internship I gained some experience with web applications and networks. After the internship, I started my own company which designed and developed web applications. Then after few months, we started collaborating with a product based company (customer collaboration tool) and most of the clients were Banks. Every time we had a client meeting, this question was popping up “ How secure is your platform? ”. I was just hearing my partner explaining security best practices. This was where I grew curiosity to learn more about cybersecurity.
After 4 months, I looked for an opportunity to pursue a master's in cybersecurity overseas and chose a college in France. When I started my course I thought cybersecurity was all about hacking and attacking.
September 2019 College starts
I’ve started my cybersecurity journey by learning:
Some networking which helped in understanding concepts such as TCP/IP protocols, OSI model, the configuration of CCNA routers, switches, and their roles in an infrastructure.
Some programming languages which helped me understand the concepts of how an application works, how to automate a few tasks & code review.
System administration which helped me understand different operating systems (Windows, Linux ) and their different configurations, also some technologies like configuration of Active Directory, DNS, DHCP, most common pentesting OSs like Kali and Parrot and the tools present in them which I get to them later.
Project Management which helped to understand how to work within a team, manage deadlines, communication with the team members.
CEH Certification
After 6 months of my masters, I was introduced to a well-known and demanding certificate for every fresher: CEH Certified Ethical Hacker by EC-Council. This certificate has good content and lots of information for a fresher that helps in understanding concepts and basics of cyber security. The book consists of 20 chapters covering Introduction to Ethical hacking, Footprinting and Reconnaissance, Scanning Networks, Vulnerability Analysis, System Hacking, Malware Threats, Sniffing, Social Engineering, Hacking Web Applications, SQL Injection, Cryptography, etc.
Platforms to practise your hacking skills
After learning about the attacks and the tools, I was keen to perform attacks but had no platform. I read an article that mentioned all free available vulnerable virtual machines (e.g. Owasp Juice Shop, DVWA, Bwapp, Metasploitable 2, WebGoat) and platforms(e.g. TryHackMe, RootMe.org, HackTheBox). It even introduced platforms where I could have access to public exploits and OSINT Tools.
The first thing that i did was to install VMWare and Kali OS. You can download and install these with the links provided. I had a look at all inbuilt tools provided in Kali and tried to get familiar with.
How did I start
Looking at all the vulnerable machines and platforms, I was excited and confused about where to start. In my opinion, this is something that every fresher experiences. I choose TryHackMe because it had all types of Rooms from beginner to expert in a particular topic in pentesting. It also provides hints, walk-throughs to understand better if you are not sure about how to perform a particular task. I had made my mind to complete at least one room every day which was possible in the first few days. However it got tougher and tougher as I moved on. I constantly worked on it for 200 days at least 20 minutes /day after my college hours. This helped me a lot to gain additional knowledge regarding the attacks.
How Social Media helps to learn
Cybersecurity has a huge community, who is always on its toes to help people in need. There are people who are experts and the best part is that they like sharing their knowledge to people who are interested. You can find these on LinkedIn, Twitter, Youtube, Discord channels, blog posts etc.
Some of the creators who I follow are:
LiverOverflow, Farah Hawa, The XSS Rat, STOK, TomNomNom, Hakluke, Cyber Mentor, John Adams, John Hammond, Loi Liang Yang, Edureka, InsiderPhd, freecodecamp.org, etc.
Preparation for the CEH Exam
I was worried about how to keep everything in mind, as it is so easy to forget things during exams. For this, I would suggest taking some practice exams before attempting your CEH exam. There are a lot of materials available on google to practice (some are paid and some are free). The best thing to do is join forums and ask for materials from people who have already completed the exam.
CEH Exam
After all, I took my CEH exam in march 2021 and got certified in my first attempt. The exam was not so easy as I thought it would be. The exam consists of 125 questions that are scenario-based and you will have 4 hours to complete it. You have to score a minimum of 85% that is 100 of 125 correct answers to pass the exam. The CEH website states that you must at-least have 70 percent (88 out of 125) but I have seen few case who couldn’t certify with 74%. Time plays an important role during this exam. My strategy was to complete the questions about which I was sure and then get back to those tricky ones. This had really helped me to manage my time during exam.
To conclude
Most of the people in this field have different opinion about certifications and the cost to get certified. According to me a certification helps you to get started and learn in a structured way. Being CEH certified gave me an upper hand from the rest of applicants who applied during job searching as well as interviews. As much as I have noticed all the entry level jobs requires you to have any certifications and CEH is in every job post as a mandate requirement. I want to continue my certifications journey. I’m currently working on ECSA (EC-Council Certified Security Analyst). This certification is the next one after CEH.
Hopefully, I’ll get ECSA certified by February 2022.
Related blog post:
Did you enjoy this blog post?
Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!
We need your answers!
By completing this survey, you are helping us to better understand your interactions with our site and your potential needs.
Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information is requested!
Thank you for your responses!
Would you like to be informed of our news and receive our latest blog articles directly in your mailbox ? Subscribe to our monthly newsletter!
Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!