Martian Defense NoteBook
  • Martian Defense Notebook
  • Training and Career
    • Keeping it Real for Beginners
    • Reading and Repos
    • Media
    • Guides
      • Cybersecurity Roadmaps
      • Cybersecurity Training Topics
      • AppSec Training Pathway
      • Interview Checklist
    • Platforms
      • General
      • Offensive Security
      • Defensive Security
      • CTF Sites
      • Live Vulnerable Sites
    • Entrepreneurship Roadmaps
      • Consulting
      • Starting a Business
  • Technical Resources
    • Offensive-Cybersecurity
      • Application Security
      • General
      • Recon + OSINT
      • Infrastructure Pentesting
      • Cloud Pentesting
      • Wordlists
      • Social Engineering
      • Mobile Pentesting
      • Container Security
      • Blockchain
    • Defensive-Cybersecurity
    • General Cybersecurity
      • Cybersecurity Operating Systems
    • Coding/Programming
    • Reverse Engineering
    • AI and ML
  • Notes
    • Product Security Engineering
      • DevSecOps
        • Docker
          • How to Dockerize Applications with Docker Compose (Using SQLite and Flask)
      • SAST/SCA
        • How to setup a GitHub Action for Code Security analysis
        • JavaScript Security Analysis
        • Java Security 101
        • Tools
        • CodeQL for Beginners
      • Product Security Hardening
      • Threat Modeling
      • PHP Security
    • AppSec Testing
      • Checklists
        • WEB APP PENTESTING CHECKLIST
        • API Testing Checklist
        • Android Pentesting Checklist
        • IoS Pentesting Checklist
        • Thick Client Pentesting Checklist
        • Secure Code Review Checklist
      • Targeted Test Cases
        • Part 1
        • Part 2
      • Common Web Attack and Prevention List
      • Ports and associated Vectors
      • DNS
      • Web Tools
      • Command Injection Testing
      • JWTs and JSON
    • Security Research
      • Publishing CVEs
      • Threat Intelligence
      • Shodan Dork Cheatsheet
      • Github Dorks
      • Bug Bounty
        • Bug Bounty Programs
      • Forums
    • Coding/Programming
      • Secure Coding Practices Checklist
      • JavaScript
      • Python
        • Quick Notes
        • Python Basics for Pentesters
        • Python Snippets
        • XML Basics with Python
      • Golang
        • Theory
        • Security
        • Modules
        • Entry Points
        • File Forensics
        • Cryptography and Encoding
        • Golang Snippets
      • PHP
        • Setup
        • Syntax
        • Variables and Data Types
        • Control Structures
        • Arrays
        • Functions
        • OOP Concepts
        • Database Integration
        • Handling HTTP Methods
        • Session Management
        • File Uploads
        • Email Function
        • Error Handling
        • Advanced Topics and Best Practices
    • Network Security
      • Domain Trust Enumeration
      • Bleeding Edge Vulnerabilities
      • Post-Exploitation
      • Access Control Lists and Entries (ACL & ACE)
      • Credentialed Enumeration
      • Password Attacks
        • Internal Password Spraying
        • Remote Password Attacks
        • Linux Local Password Attacks
        • Windows Local Password Attacks
        • Windows Lateral Movement
      • PowerView
      • Pivoting, Tunneling and Forwarding
        • Advanced Tunneling Methods
        • Dynamic Port Forwarding (SSH + Socks)
        • Port Forwarding Tools
        • SoCat
      • Linux Privilege Escalation
      • Windows Privesc
        • OS Attacks
        • Windows User Privileges
        • Windows Group Privileges
        • Manual Enumeration
        • Credential Theft
      • Kerberos Attacks
        • Kerberos Quick Reference Sheet
    • Cloud Security Testing
    • Defensive Security
      • Splunk
        • Basic Queries
        • Dashboards
      • Forensics
        • Volatility
      • WireShark filters
    • Governance, Risk, Compliance
      • Vulnerability Management Lifecycle
    • Capture-the-Flag Training
      • Vulnerable Machine Checklist
      • Reverse Engineering Checklist
      • Mobile Checklist
      • Forensics Checklist
      • Binary Exploitation
      • Cryptography Checklist
    • Reporting
    • PowerShell
    • Linux Basics
    • Basic IT Tasks
  • Digital Privacy and Hygiene
    • Personal Information Removal Services
    • De-Googling Android
    • DNS Services
    • Privacy References
    • Opsec
  • RedPlanet Labs
    • PyGOAT
    • OWASP Juice Shop
Powered by GitBook
On this page
  • Stop Comparing
  • Be consistent!
  • Just Ask!
  • Beware of the modern-day "Enthusisast", "Influencer" and self-proclaimed "Hacker"
  • Gain skills, not just knowledge
  1. Training and Career

Keeping it Real for Beginners

Below are my key considerations and recommendations for being successful in the security space

Stop Comparing

Everyone has their own journey in this space so comparing yourself to people who present that they are highly successful or highly skilled will run you crazy. Dont let this happen while half of the people publicized are not all they seem to be. Learn what skillsets are truly needed and walk your own path!

Be consistent!

Consistency in this space is very important. The threat is just as dedicated and consistent as the defenders need to be nowadays. Stay motivated and ensure you are committing to the right cause or following the correct training.

Just Ask!

You will be surprised how much information you can receive just by asking someone or conducting an official informational interview. People who are truly well-versed and passionate about a topic will often love to talk about it to an aspiring learner.

It is important to ask nowadays due to gathering expertise of the person speaking as well. Often people will speak up to more than what they are actually experienced in just to maintain relative conversation. This is where asking questions for your own understanding or just to gauge someone's skillset is very beneficial!

Beware of the modern-day "Enthusisast", "Influencer" and self-proclaimed "Hacker"

There has been an increase in those who are enthused about cybersecurity but instead of undergoing practical training to learn or ever holding a security role; they turn their cameras on and inform people an excessive amount of useless junk content with regard to cyber defense nor being in this field.

Always be on the lookout for those who are out for clicks and clout versus actual security practitioners sharing their knowledge from experience. It has become very common where your favorite content creator is just out for money and they don't mind misinformation and disinformation along the way.

They all appear to have a pattern of crashing publicly, having their toxicity exposed and/or asked to express their previous experience on their chosen subjects with no verifiable base for even discussing cybersecurity matters.

Not all of them have bad intentions, but there is an infestation of more bad people than legitimate at the time of writing this. Now we have officially even made it to where if they are calling themselves a "hacker" frequently, it is probably smoke and mirrors for potential content payouts.

Message to those offended by this section (Martian's Pet Peeve):

Since money is always the motive, being an actual security professional worth anything will absolutely pay more than pretending on streaming platforms will.

Gain skills, not just knowledge

Some of these self-inflicted "skills gaps" for those starting out are due to role expectations after being certified. These are the same people failing tech interviews when it is time to perform. In the modern tech world it is no longer acceptable to just read a book, do a CompTIA exam and wing it until someone shows you mercy for employment.

You must be more practical by not only learning theory of specialized security subjects, but you must actually PUT IT INTO PRACTICE! Being well-versed in theory will get you to a lot places but in the security space we do more than just discuss these matters, we must implement the solutions.

Reiteration: Congrats on your recent certification, but this field can not truly solve issues with multiple choice tests. What can you do?

PreviousMartian Defense NotebookNextReading and Repos

Last updated 1 month ago