Where to start, on the road to Cyber Security

My end goal is to get into Cyber Security, currently I would like to be a pentester. However I’m currently on the road to Network/System Admin as a stepping stone and to get a real foot in the door.
My goal was to start with python and then I discovered this website through youtube.
Now I do see the Information Security section of curriculum, however I want to be able to understand what I’m learning. Should I start there? I’ve learned HTML about 3 years ago but haven’t used it and thus forgot it all.

I personally feel like pen-testing and web development are kinda in different realms. There’s a lot to learn for web development, and some overlap with pen testing. (SQL injection, XSS are the big ones) but the there are totally different focuses on both, one is more programming and design based and the other is usually more tooling based, especially as you start out.

Now since you mentioned you originally wanted to be a pen-tester I would say the first step is getting Kali Linux and learning how to use Linux in general. Kali Linux is a Linux distro that comes with a lot of pen-testing tools out of the box. There’s nothing wrong with being a “script kiddie” when your starting out and learning what is there to learn for pen testing. Knowing how to use linux is almost always a big plus on any resume, developer, or IT, and is a great skill to have for a number of reasons. So even if you can’t or don’t want to jump straight directly into Kali linux, I do suggest getting your feet wet with any other Linux distro. (Manjaro is my personally go-to for general programming due to the abundance of community packages and rolling releases, but look into what you’d like to try yourself)

I personally would recommend still learn python and programming, since knowing how to program in general is a nice thing to know. Python is very easy to learn (arguably the easiest general purpose language) and is a swiss army knife in terms of capabilities. It is super flexible, for example you can write a web back-end with it, or write a DDOS script (for ethical reasons!) or do some data science very quickly and easily.

Unfortunately I do not know much about the Information Security section on FCC so I cannot provide any input on that area of the site. But I provided the above suggestions based upon my own personally experience with a few of cyber security professionals and students.

Finally, I’d like to point out that pen-testing might seem like hacking from a dark room typing a bunch of code into the keyboard, but from my experience with it, it isn’t really that.
Regardless, to get really good you need to have knowledge in a lot of disciplines from exploiting lower level issues like memory overflows, to more “higher-level” exploits like man in the middle attacks, there’s a lot to learn and a lot to cover. But if your dream is to become the prototypical hacker then go right ahead and jump in, security will only become more and more relevant in the future as more things become “hackable”!

Good luck, stay curious, and hack ethically :stuck_out_tongue: