How I Would Learn Cybersecurity If I Had to Start All Over Today
It’s not because the industry has changed. It’s because the lies have stayed the same.
It’s not because the industry has changed. It’s because the lies have stayed the same.
If I woke up tomorrow with my memory of cybersecurity wiped clean but my knowledge of the industry intact I wouldn’t do what I did the first time.
I wouldn’t spend months drowning in theory. I wouldn’t chase the certifications that HR filters love but hackers laugh at. And I certainly wouldn’t believe the zero to hero bootcamp myths.
The industry has evolved, sure. But the traps for beginners are exactly where they used to be.
Stop Reading, Start Breaking
The biggest mistake beginners make is treating cybersecurity like history or biology. You cannot learn this by reading a textbook. You learn it by doing.
If I were starting today, I would spend 20% of my time learning a concept and 80% of my time applying it.
Don’t just read about Linux permissions, spin up a VM and lock yourself out of a file. Don’t just memorize port numbers, use Nmap to scan your home network and see what’s actually open.
The Foundation
I would skip the expensive, generalist IT courses and hammer home three non-negotiable skills immediately:
Linux
It is the operating system of the internet (and the hacker). I’d get comfortable with the command line until grep, cat, and chmod felt like second nature.
Networking
You can’t secure what you don’t understand. I wouldn’t just memorize the OSI model layers; I’d use Wireshark to watch the packets fly and understand how TCP handshakes actually happen.
Scripting (Python/Bash)
I wouldn’t try to become a software engineer, but I would learn enough Python to automate the boring stuff. If a tool doesn’t exist, I want the power to build it.
The Cloud
Old-school roadmaps tell you to build a home lab with old servers you bought on eBay. That’s cute. But the modern world lives in AWS, Azure, and Google Cloud.
If you ignore the Cloud, you are training to protect a world that no longer exists. I would immediately dive into:
Identity and Access Management (IAM)
This is where the real hacks happen now. It’s not about buffer overflows; it’s about a misconfigured S3 bucket or a leaky API key.
Containerization
Learn Docker and Kubernetes. Why? Because developers love them, and they are messy, insecure beasts if not tamed.
Cloud documentation is written by sadists. It is vast, confusing, and changes every Tuesday. You will feel overwhelmed. That is normal. Keep going.
AI is Your Wingman
Don’t fear the AI; fear the hacker who uses AI better than you.
I wouldn’t waste time fearing ChatGPT will take my job. I would use it to accelerate my learning loop.
I’d feed it snippets of vulnerable code and ask, “Roast this code. Tell me why it sucks.”
I wouldn’t spend six hours writing a Bash script. I’d ask the AI to write the skeleton, then I’d use my Basic IT skills to fix the garbage it inevitably produces.
AI is a force multiplier. If you aren’t using it to learn faster, you are bringing a knife to a drone fight.
CTFs
In the beginning, frustration is your enemy. Boredom is the killer. To fight this, I would dive into Capture The Flag (CTF) challenges immediately.
Platforms like TryHackMe and HackTheBox are not just games; they are flight simulators for cyberwarfare.
I would start with the guided paths on TryHackMe to build muscle memory, then move to HackTheBox to test my frustration tolerance. This turns studying into “solving,” which keeps the dopamine hitting and the burnout away.
Documentation is Your Superpower
In cybersecurity, you will forget 50% of what you learn within two weeks. I would document every scan, every exploit, and every command I run.
Building a personal knowledge base (like the ones I maintain at here) isn’t just for reviewing; it’s for showing potential employers that you are organized, disciplined, and ready to learn.
Ignore the Gatekeepers
Finally, I would ignore the voices telling me I need a $10,000 degree or 5 years of helpdesk experience before I can touch a security tool.
The truth is, this field rewards curiosity and persistence over pedigree. I would find a mentor, join discord communities, and contribute to the conversation.
I wouldn’t wait for permission to call myself a security practitioner however I would earn it by practicing security every single day.
Sample 1 Month Plan if you are getting started
The goal is to build a foundation so solid that when you eventually stare at a SIEM log or a broken Python script, you don’t panic. You don’t need to spend money to learn this.
Weeks 1 & 2: Networking
You cannot secure the network if you don’t understand how data moves.
Understand exactly what happens from the moment you hit Enter on a URL to the moment the page loads.
1. The Theory
Resource: Professor Messer’s CompTIA Network+ Training Course (YouTube — Free).
OSI Model: Don’t just memorize the layers. Understand why a switch is Layer 2 and a router is Layer 3.
TCP/IP: Learn the Three-Way Handshake (SYN, SYN-ACK, ACK) until you can draw it on a napkin.
Common Ports: HTTP (80), HTTPS (443), SSH (22), DNS (53), RDP (3389). Memorize these.
2. The Math
Topic: Subnetting.
Resource: Subnetting.net or Sunny Classroom (YouTube).
Learn to calculate subnets without a calculator. You need to look at 192.168.1.1/24 and know exactly how many IPs are available. Do practice problems until your brain hurts.
3. The Lab
Tool: Wireshark.
Download it. Turn it on. Capture your own traffic while browsing the web. Filter for http or dns. Look at the packets. See the raw data. It looks like matrix code right now, but you need to get used to seeing it.
You can also check out my free course on Wireshark and Wireshark study notes below:
Check out the below notes if you ever needed references or cert preparation notes:
Weeks 3 & 4: Linux
Navigate a computer, manipulate files, and manage permissions without touching a mouse.
Download VirtualBox and an Ubuntu Server ISO (or Kali Linux if you feel brave, but Ubuntu is better for learning admin basics).
Install it as a Virtual Machine. Do not install the Desktop Environment. Boot into the command line only.
Check out my Linux course below as an additional resource:
Key Linux Commands to Master:
- Navigation:
cd,ls,pwd - Manipulation:
cp,mv,rm,mkdir,touch - Reading:
cat,less,head,tail - The Big One:
grep(Search). You will use this every day of your career.
You could also play with overthewire challenges especially the bandit section.
Start at Level 0 and try to get to Level 15.
Do not look up the walkthroughs immediately. Struggle first. Read the man pages (manuals). This teaches you how to find answers when you are alone.
Checklist for End of Month 1
If you can do these three things, you are ready for Month 2. If not, restart.
- Can you explain the difference between a MAC address and an IP address?
- Can you use the terminal to find a specific text string inside a folder of 100 files without opening them manually?
- Did you survive
BanditLevel 10 without quitting?
👉 Explore coaching & mentoring programs here:
These coaching and mentoring programs give you personalized direction, clear priorities, and a real path forward built around your goals and schedule.
Final Words
Cybersecurity is not a career; it’s a lifestyle of perpetual homework. You will never “know it all.” The moment you stop learning, you start dying.
It is frustrating, exhausting, and often thankless. But then, there is that one moment, that split second when the exploit fires, when the pieces click, when you see the matrix for what it is. And in that moment, it is the best job on earth.
So, do you still want in? Good. Open your terminal. You have work to do.