Re: Kickstart journey in Cybersecurity

n7admin · ‎06-01-2025

Weclome everyone,
I just joined the community, so doing my studies in Cybersecurity i found the field has a lot of cool stuff specially that i came from software development background and i started to feel bored of it, i got a feel for security my only problem is not knowing where to start, i already purchased some books like the practice of cloud security by chris doston cause I feel like i'm more into cloud security but i believe i need a good foundation, so i would love to hear any advice from your journey guys and get to talk to everyone here, thanks for reading all way here

Spirnia · ‎06-02-2025

I would start with the free ISC2 CC certification.

ISC2 provides both the online self-paced training and the exam vouchers to you free of charge.

From there, you’d want to look into CompTIA for their Network+ and Security+ certifications.

You said you are leaning towards Cloud Security. CompTIA also has the Cloud+ certification.

Check out https://niccs.cisa.gov/tools/nice-framework website to get an understanding of the work roles available in the field of cybersecurity.

For career pathways, check out https://niccs.cisa.gov/tools/cyber-career-pathways-tool

Also, check https://www.cyberseek.org/heatmap.html for their Cybersecurity Supply/Demand Heat Map.

Sign up with the Cloud Security Alliance’s Circle Community Forum at https://circle.cloudsecurityalliance.org/home

Certification bodies such as ISC2, CompTIA, ISACA, GIAC, etc. provide official training for their own certification exams themselves.

If you are looking for additional third-party training providers for your self-paced online studies, you can also look into the following:

CBTNuggets

Cybrary

HowToNetwork

LinkedIn Learning

O'Reilly

Pluralsight

ProfessorMesser

Skillsoft

Udemy

For free webinars, sign up with https://www.brighttalk.com

For online labs, give TryHackMe a try.

Join Reddit communities such as ISC2, CompTIA, etc.

And join Discord groups such as CyberSecStation (formerly Certification Station).

I believe you may also qualify to join the ACM because of your work background.

Best of luck!

emb021 · ‎06-02-2025

@n7admin I would echo what @Spirnia said.

I would especially encourage you to look at the different kind of careers within cybersecurity/infosec. Cloud is but one kind of job you can do. And that sometimes this may change as your career changes. I went from being a system administrator to being a security administrator to being a security assessor/consultant to being a CISO& DPO. If you had asked if I planned on being a CISO 5-10 years ago I would have laughed.

I would encourage you to look for local groups to get involved in to meet and network with your peers. This is a great way to find jobs. Look for local chapters of ISSA, ISACA, ISC2, Infragard (if in the US), OWASP, CSA, Defcon, etc. Look for local security conferences organized by these groups as well as local BSides. Many of these conferences, especially BSides, will often have career tracks aimed at job seekers.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow

JoePete · ‎08-05-2025

@n7admin wrote:
I feel like i'm more into cloud security but i believe i need a good foundation, so i would love to hear any advice from your journey guys and get to talk to everyone here, thanks for reading all way here

There is no substitute for experience. Even when looking at certifications, if you peel back the details of those that carry weight in the industry, it is because they are geared toward validating experience. While paid experience is great, there are lots of ways of gaining unpaid experience. From just hacking around in your own homelab or cloud space to volunteer work, etc., these become things that are great to discuss on a job interview, but more important, they give you real world context for understanding what can otherwise be abstract concepts and frameworks. I'd also make sure you shore your general business skills. Know how to design a budget, read financial statements, and talk to the rest of the C-suite. You need to be able to communicate across an operation to be effective. Otherwise, you may love the subject matter, but you can end up in some really frustrating job conditions. For a good overall exposure to security, definitely make sure Ross Anderson's Security Engineering is on your bookshelf.

davzy · ‎02-18-2026

You’re thinking correctly about foundations. Before specializing in cloud, build core security knowledge first: networking basics (how data actually moves), operating systems (especially Linux), how the web works, and fundamental concepts like encryption, authentication, and threat modeling. Cloud security makes much more sense once you understand general security principles underneath it.

A helpful way to think about it is cybersecurity vs cloud security. Cybersecurity is the big umbrella it covers networks, endpoints, applications, governance, and more. Cloud security is a specialization inside that umbrella, focused on securing AWS, Azure, GCP environments, identity management, misconfigurations, and shared responsibility models. Strong basics in cybersecurity will make you far more effective in cloud security later.

Since you have a software background, you already have an edge. Look into:

Networking fundamentals (TCP/IP, DNS, HTTP)
Linux basics
Security+ level concepts
Then move into AWS/Azure security labs

Security rewards curiosity and hands-on practice more than just reading. Break things in labs. Analyze how attacks happen. Understand why systems fail.

You’re not late. You’re pivoting at the right time. The field is huge, but it becomes clear once you build layer by layer like learning how the internet actually breathes under the hood.