Starting Out in Cybersecurity

beginner20 minWriteup

Introduction to offensive and defensive security careers

Learning Objectives

  • Understand offensive security
  • Understand defensive security
  • Explore career paths
  • Know where to start

Cybersecurity is a vast field with many different career paths. Before diving into technical skills, it's important to understand the landscape. This room introduces offensive security (red team) and defensive security (blue team) - think of it as choosing whether you want to be the attacker who finds vulnerabilities or the defender who protects against them.

The good news? You don't have to choose just one forever. Many professionals work on both sides throughout their careers, and the skills transfer between them. Understanding both perspectives makes you a better security professional.

Both Sides Need Each Other

Red teams help blue teams by showing them real attack techniques. Blue teams help red teams by building better defenses to test against. The best security comes from both sides working together.

Offensive Security (Red Team)

1Offensive Security Careers:
2 
3PENETRATION TESTER
4─────────────────────────────────────────────────────────────────────
5What: Authorized hacking to find vulnerabilities
6Skills: Network scanning, exploitation, reporting
7Tools: Nmap, Burp Suite, Metasploit, custom scripts
8Path: CTFs → Certs (OSCP) → Junior pentester → Senior
9 
10RED TEAM OPERATOR
11─────────────────────────────────────────────────────────────────────
12What: Simulate real adversaries over extended periods
13Skills: Advanced exploitation, evasion, persistence
14Tools: Cobalt Strike, custom C2, social engineering
15Path: Pentesting experience → Advanced training → Red team
16 
17BUG BOUNTY HUNTER
18─────────────────────────────────────────────────────────────────────
19What: Find vulnerabilities in companies' public assets
20Skills: Web security, creative thinking, persistence
21Tools: Burp Suite, custom scripts, automation
22Path: Learn web security → Practice on labs → Hunt on platforms
23 
24SECURITY RESEARCHER
25─────────────────────────────────────────────────────────────────────
26What: Discover new vulnerabilities and techniques
27Skills: Deep technical knowledge, reverse engineering
28Tools: Debuggers, disassemblers, fuzzing frameworks
29Path: Master fundamentals → Specialize → Publish research
30 
31SOCIAL ENGINEER
32─────────────────────────────────────────────────────────────────────
33What: Test human vulnerabilities through manipulation
34Skills: Psychology, acting, pretexting, OSINT
35Tools: Phishing frameworks, phone skills, confidence
36Path: Understand psychology → Practice → Certify

Entry Point: Pentesting

Most offensive security careers start with penetration testing. It teaches fundamental skills that transfer to all other red team roles. Master the basics before specializing.

Defensive Security (Blue Team)

1Defensive Security Careers:
2 
3SECURITY ANALYST (SOC)
4─────────────────────────────────────────────────────────────────────
5What: Monitor systems and respond to alerts
6Skills: Log analysis, SIEM, incident triage
7Tools: Splunk, ELK Stack, EDR solutions
8Path: IT support → Security+ → SOC Tier 1 → Tier 2/3
9 
10INCIDENT RESPONDER
11─────────────────────────────────────────────────────────────────────
12What: Contain and investigate security breaches
13Skills: Forensics, malware analysis, communication
14Tools: Volatility, Wireshark, forensic imaging
15Path: SOC experience → IR training → GCIH/GCFE
16 
17THREAT HUNTER
18─────────────────────────────────────────────────────────────────────
19What: Proactively search for hidden threats
20Skills: Adversary techniques, data analysis, hypothesis
21Tools: SIEM, EDR, threat intelligence platforms
22Path: SOC/IR experience → ATT&CK knowledge → Hunt teams
23 
24SECURITY ENGINEER
25─────────────────────────────────────────────────────────────────────
26What: Build and maintain security infrastructure
27Skills: Networking, automation, architecture
28Tools: Firewalls, IDS/IPS, SIEM, cloud security
29Path: Sysadmin/network → Security focus → Engineering
30 
31MALWARE ANALYST
32─────────────────────────────────────────────────────────────────────
33What: Reverse engineer malware to understand it
34Skills: Assembly, reverse engineering, sandboxing
35Tools: IDA Pro, Ghidra, debuggers, sandboxes
36Path: Programming → RE fundamentals → Malware focus
37 
38DIGITAL FORENSICS
39─────────────────────────────────────────────────────────────────────
40What: Collect and analyze evidence from incidents
41Skills: Evidence handling, disk forensics, reporting
42Tools: FTK, EnCase, Autopsy, Cellebrite
43Path: IT background → Forensics training → Certs (GCFE)

Red vs Blue Comparison

1Comparing Offensive and Defensive Roles:
2 
3                      │ OFFENSIVE (Red)      │ DEFENSIVE (Blue)
4──────────────────────┼──────────────────────┼───────────────────────
5Mindset               │ Think like attacker  │ Think like defender
6Goal                  │ Find vulnerabilities │ Prevent/detect attacks
7Work style            │ Project-based        │ Ongoing monitoring
8Time pressure         │ During engagements   │ When incidents happen
9Creativity needed     │ Very high            │ High
10Documentation         │ Reports for clients  │ Runbooks, procedures
11Certifications        │ OSCP, CEH, GPEN      │ Security+, GCIH, CISSP
12Entry salary          │ $70-90K              │ $50-70K (SOC entry)
13Career ceiling        │ Very high            │ Very high
14 
15OVERLAP AREAS (Purple Team)
16─────────────────────────────────────────────────────────────────────
17├── Threat intelligence
18├── Security architecture
19├── Tool development
20├── Detection engineering
21└── Security consulting
22 
23Common Skills for Both:
24─────────────────────────────────────────────────────────────────────
25├── Networking fundamentals
26├── Operating systems (Linux & Windows)
27├── Scripting (Python, Bash, PowerShell)
28├── Web technologies
29├── Communication skills
30└── Problem-solving mindset

Your First Hack (Room Walkthrough)

bash
1606070;"># This room includes a simple hacking exercise
2 
3606070;"># Deploy the machine and note the IP
4606070;"># Target IP: 10.10.x.x
5 
6606070;"># Step 1: Scan the target
7nmap 10.10.x.x
8606070;"># Look for open ports (web server likely on 80 or 8080)
9 
10606070;"># Step 2: Access the web application
11606070;"># Open browser: http://10.10.x.x
12 
13606070;"># Step 3: The application is a simple "hack me" page
14606070;"># Follow the instructions on the page
15 
16606070;"># Step 4: Find the hidden page or vulnerability
17606070;"># Often involves:
18606070;"># - Viewing page source
19606070;"># - Checking robots.txt
20606070;"># - Simple URL manipulation
21 
22606070;"># Step 5: Get the flag
23606070;"># Submit in the room for points!

First Hack Methodology

1
ScanRun nmap to find open ports and services
2
EnumerateExplore the web application, view source, check common files
3
Find VulnerabilityLook for obvious security issues - this is a beginner room
4
ExploitUse the vulnerability to access restricted areas
5
Capture FlagFind the flag and submit it

Where to Start

1Recommended Learning Path:
2 
3FOUNDATIONAL SKILLS (Everyone needs these)
4─────────────────────────────────────────────────────────────────────
5Week 1-4:
6├── Linux basics (command line, file system)
7├── Networking fundamentals (TCP/IP, DNS, HTTP)
8├── Basic scripting (Bash or Python)
9└── TryHackMe: Pre-Security path
10 
11Week 5-8:
12├── Web technologies (HTML, JavaScript basics)
13├── Database basics (SQL)
14├── Windows fundamentals
15└── TryHackMe: Complete Beginner path
16 
17 
18OFFENSIVE PATH
19─────────────────────────────────────────────────────────────────────
20Month 3-6:
21├── Web security (OWASP Top 10)
22├── Penetration testing methodology
23├── Tool proficiency (Nmap, Burp, Metasploit)
24├── TryHackMe: Jr Penetration Tester path
25└── CTF practice
26 
27Month 6-12:
28├── Active Directory attacks
29├── Privilege escalation (Linux & Windows)
30├── Buffer overflows basics
31├── OSCP preparation
32└── Real-world lab practice (HTB, VulnHub)
33 
34 
35DEFENSIVE PATH
36─────────────────────────────────────────────────────────────────────
37Month 3-6:
38├── SIEM fundamentals
39├── Log analysis
40├── Basic incident response
41├── TryHackMe: SOC Level 1 path
42└── Home lab with Security Onion or similar
43 
44Month 6-12:
45├── Malware analysis basics
46├── Digital forensics
47├── Threat hunting
48├── Security+ certification
49└── Blue team CTF practice

Knowledge Check

Quick Quiz
Question 1 of 3

Which role is responsible for simulating real attackers to find vulnerabilities?

Challenges

Complete the Room

Challenge
🌱 beginner

Complete the 'Starting Out In Cybersecurity' room on TryHackMe. Answer all questions and complete the simple hacking exercise.

Need a hint? (4 available)

Key Takeaways

  • Offensive security (red team) focuses on finding vulnerabilities
  • Defensive security (blue team) focuses on detection and prevention
  • Both paths require similar foundational skills (networking, OS, scripting)
  • Many professionals work on both sides during their careers
  • Start with fundamentals before specializing in either path
  • Hands-on practice through platforms like TryHackMe is essential