In short, everything before it
Career cybersecurity guy and software engineer here…
Cybersecurity is a big field. More on that in a moment.
Regarding penetration testing, the best specialists in that area tend to have a firm grounding in networking and systems. It’s hard to understand a SYN flood or ARP poisoning if you don’t know TCP/IP, DNS, Ethernet, etc. Similarly, it’s hard to understand buffer overflows, how to cause them, and how to exploit them if you don’t understand stack frames and the rest of the memory model.
So, in my opinion, you want to be a pretty good systems administrator and a pretty good programmer. Now, I’m old and I cut my teeth as a systems programmer on high-performance Unix systems a long time ago, so I’m biased. Your mileage may vary.
For web penetration testing in particular, you definitely want to know how the web works. That is, what actually happens when you send a GET or PUT request to a server? What does the server do with it when it receives it? How can all of that go wrong?
Also, as I mentioned at the start, cybersecurity is a big field and if you just want to work in it, there’s some dirty secrets. First, you don’t have to be that good at hacking or penetration testing to get a job. Most of cybersecurity consists of compliance checks and paperwork. Second, what’s going to get you hired are certifications. Specifically, Security+.
Hope this helps.
This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.