Where to start as someone who wants to get into information security?

I do not have any degrees and want to set myself apart from others who apply in the Cybersecurity field by knowing how to program. I know basic HTML. I don’t want to spend too much time on web development. So is there a better place to start, like Javascript, for me?

nowadays cyberseurity means mostly web, so how can you protect a login page if you don’t know which html elements are used there?

maybe CSS is not needed, but html is

the freeCodeCamp curriculum from top to bottom is a web dev curriculum, I would say if you don’t want to, avoid some stuff, like all the CSS part, or the first half of the Data Vis cert, as those are about “drawing” on the page
but try to complete it

I don’t think you’d need HTML for security, frontend form data validation is nice-to-have for increasing user experience, but ultimately useless in terms of security. In order to secure a website, you’d need a backend language like either NodeJS or PHP, knowledge about transfer protocols, encryption algorithms, etc.

Maybe start with a free course from a list like this: https://www.techradar.com/best/best-online-cyber-security-courses

XSS requires a basic working knowledge of HTML and JS. Web security in general requires knowing about the web, and the more parts you know about, the more of the attack surface you’ll be familiar with. Cybersecurity is a big field that isn’t all web, but since the web is the lion’s share of every company’s internet presence, it’s sort of the front door that they want to make sure is locked.

Hello @elysium2049, welcome to the freeCodeCamp forums!

So the biggest thing about cybersecurity is the fact security is everywhere, as risk is everywhere. So the field is less about standing out, and more about breadth of knowledge. Simply put the more experience you have with different parts of the stack, technologies, attack vectors and mitigation the more relevant you become in the field.

To stand out is to have standout experience.

So there isn’t really a “better place to start”, as experience is experience. If your goal is to be a cybersecurity professional, you should have as much experience in a multitude of aspects and the corresponding security risks associated with those aspects. So as stated above knowing what an XSS attack is important, or a script-injection attack, or just being up to date with security issues related to relevant web technologies, like what zero-day vulnerabilities are affecting browsers like Chrome and Firefox.

I’d spend enough time so you understand how it works, why it works the way it does, and any part of it that can create potential security risks. For example knowing enough of why using JS’s function of eval is a horrible horrible idea, or how a regex can be abused to create vulnerabilities is more important than building a binary search tree.

Obviously you can’t become an expert in everything, but you should have enough awareness of the main security risks associated as much as possible. This includes front-end, back-end, database’s, and even other stuff you might not usually think about, like security risks within the software development lifecycle, to even the human element!

Cybersecurity is a great field to get into, as the more technology grows, the more security risks come up. However its a huge field that continuously is changing and you must try to be on the “leading edge” as much as possible. As the “bad guys” will always be doing the same.

Even if you later decide you want to get out, this sort of knowledge is great even as a normal everyday person! Knowing why you shouldn’t use the same password on multiple sites, what a phishing attack is and looks like, or understanding the latest “big hack” on the news is all useful knowledge even for a normal person trying to navigate the digital age.

Good luck, keep learning, keep growing!

1 Like

That’s a funny metaphor, because you can’t lock the front door (unless you take your site off the web), you can only make sure that whoever knocks on the door gets the content that they’re permitted to get. For securing that content, all you need to know is how to handle incoming data, and understand where that data is coming from, and how the data was transmitted, and if a third party could have messed with the data, and then build a backend that is prepared to handle all that. No point in learning how to create a well-formed frontend contact form, assume that you can get everything imaginable from the frontend.

I get what you’re saying though, but since the OP asked about where to start to learn cyber security, I thought the fCC HTML section wouldn’t really answer that question.

“Locking” the front door makes for a more folksy metaphor than “securing” it. Anyway, it doesn’t take expertise or even comfort in developing front-end web technologies, but one still has to know things like the same-origin sandboxing policy of JS, CORS, http-only cookies, and so forth.

I think the most FCC touches on cyber-security is a challenge to install the helm plugin in an express server, sooo… yeah. It’s a great field to know and be in, but it’s not really entry-level.

-For Cybersecurity you will first need to start with some standard baseline certifications: Security+, Network+ and the tide and true A+ will look good. After that it will depend on were you want to branch into, i.e. offensive or defensive. Higher level certs like Pen+, OSCP, etc. are where you will want to look. CCNA might also look good as a higher level cert.
-Understanding Networking is very important so definitely focus on that.
-Having a good understanding of OS’s is very important, specifically Windows and Linux. If you learn Powershell and Bash that will look good on a resume.
-In regards to programming languages. Again I suppose it depends on were you want to go in the cyber world but if we are just talking baseline Python, C, C++ are probably, again probably, the three go too’s . But again it all really depends. If you want to focus on web security then obviously JavaScript, HTML, PHP, etc. will be your focus. If you are looking to analyze malware it will be lower level languages like C, and even really, really low level languages like Assembly. Ethical Hacking will be like Python, SQL, etc.
-In my opinion (and again this is just my opinion, others might tell you completely differently) I would start with the A+ and Security+ in that order. Those two certs will give you a VERY good beginner / baseline knowledge of computers, operating systems, networking, and general security. A+ and S+ will look good on a entry level resume. All the while I would focus solely on learning Python programming.

I don’t disagree with anything you said.

However, I would like to point out that there are many skilled hackers/crackers that have never once taken any sort of certification or had any form of formal training. I’m not suggesting the knowledge they have has prepared them to work professionally in security (responsibly, organized, and within the law) but the skills are not just gained from education. I think the most important personal trait is curiosity (without killing the cat preferably).

You can find a lot of free and relevant resources shared in open source projects like these “awesome lists”:

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.