5 Phase Plan

PHASE 1

Learn your core operating systems. Build a lab. Get started with a language. Learn basic security fundamentals.

Start your education with the soft skills. Understand the technology: how are these machines used in business? What are people doing with them? You can be as technical as anyone, but if you don’t understand the application of what you’re trying to do and if you can’t SPEAK THE BUSINESS SPEAK, you won’t get far.

Windows:

Go to the Windows Evaluation Center. Install software from Microsoft. This is going to be painful. Some things are easy to install, like Active Directory. Some things are very, very difficult to install, like SCCM or Configuration Management. But these are important lessons for you to learn. Set up the things that you will be constantly defending (or constantly attacking) as a security professional.

Linux:

Install everything... from scratch. Don’t know how? Visit a search engine. Type your question. Click the button. Don’t give up just because it’s hard. Security isn’t about taking the easy route – it’s about constantly learning, even under exceptionally difficult circumstances. The only way to get good is by struggling. If you need to, remove your easy way out and uninstall Windows.

Also, learn Bash scripting (there are other shells, but Bash is the one you’re gonna end up using more than not).

Networking:

Set up a network lab. First, get your stuff at home up-and-running and make sure you KNOW what it is doing. Then, get some simulators (https://www.brianlinkletter.com/open-source-network-simulators/). Get some gear. You can buy old equipment for cheap on eBay. Take it apart. Find out how it works. Buy two or three of things... you’re gonna end up breaking a few.

Coding:

Learn to code. Python is the best place to start (though other languages are important to learn). Study online. Code Academy, Code Warrior, and Pluralsight are all great resources, among many others.

Security Standards:

Learn the CIS top 20 Critical Security Controls. The AuditScripts Critical Security Controls Master Mapping spreadsheet (https://www.auditscripts.com/free-resources/critical-security-controls/) is an incredibly valuable resource. It can help you learn not only one framework, but directly apply that to a variety of other frameworks through its intensive cross-referencing. Knowing these is a big plus in your resume. It’s strategic and high-level. Learn it.