Tryhackme is the best website that has helped me gain valuable insight into the cybersecurity space. Tryhackme will show you a lot, from the networking aspect to the blue and red team roles.
Networking/Security
I would suggest doing the Pre-Security learning path first because it will show you the networking basics—for instance, the OSI model, DNS, HTTP, IP addresses, and much more. The second learning path is the Introduction to Cybersecurity. This learning path will show a glimpse of offensive and defensive security. Offering you the different roles and careers in offensive cybersecurity, such as Penetration tester and Red teamer. For Defensive security, some roles and career paths are SOC Analyst and Security Engineer.
Offensive Security
Tryhackme has several learning paths, such as Jr Penetration Tester, Comptia Pentest+, and Web Fundamentals. Jr. Penetration Tester will teach you to be ethically driven to attempt to test and analyze the security defenses to protect assets and pieces of information. A penetration test involves using the same tools, techniques, and methodologies that someone with malicious intent would use and is similar to an audit. Comptia Pentest+ path is for practicing most practical skills required for the CompTIA PenTest+ exam. Web Fundamentals will teach you about how to attack web applications. To successfully attack and exploit web applications, you must understand how they work. I would suggest starting with a Jr. Penetration Tester or Complete Beginner. The Complete Beginner aims to briefly introduce the different areas of Offensive Security.
Defensive security
Tryhackme has some great learning paths for defensive security, namely Cyber Defense, SOC Level 1, and Security Enginnering. Cyber Defense will briefly introduce the different areas necessary to detect and respond to threats. SOC Level 1 will teach you to monitor the event logs, alerts, and more. Security Enginnering will lead you to design secure systems, networks, and software, understanding threats and risks that can affect the organization, and being able to assist in responding to incidents. Security Engineering is an excellent start because no matter which specialty you choose as your cyber security career, understanding all elements will help you proactively identify and mitigate security risks and play a crucial role in strengthening your security posture.
Final THoughts
In conclusion, if I were to start over with a blank slate, I would do this. Start with Pre Security -> Intro to Cyber Security -> Security Engineering. After this, you can take it two ways: offensive or defensive security.
Offensive Security: Jr. Penetration Tester -> Red Teamer or Complete Beginner, or Web Fundamentals or Offensive Pentesting
By the time you finish Jr. Penetration Tester, you’ll have a great concept of which path you want to do next.
Now for Defensive Security: Cyber Defense -> SOC level 1 -> SOC level 2
I would also suggest doing some of the opposite paths of what you want to do to understand how Offensive and Defensive Security works.
Bonus TIp for the real ones
Going for Certifications can help you improve your knowledge. CompTIA’s Network+ and Security+ are two great certifications, but more about that in my next blog.