As a university lecturer in IT/cybersecurity, I would encourage those interested in cybersecurity/ethical hacking to initially focus on a good grounding in programming, networking, OS, architecture, etc as too many want to jump straight into learning to hack without the necessary foundational skill to even understand what they are hacking. Learn general IT BEFORE trying to specialize in cybersecurity. Certs (Cisco, etc) are the way to go for a solid foundation and springboard on which to build.
@@518trey1 I would leave off the CISSP until you have a bit of experience in the field but 100% on the other two. I went the GSEC route but only because my work picked up the check. It's a great course and exam, there are cheaper options, like the ones you suggested, though.
@@dontbemadsunshine first of all I didn’t say it was easy. Second of all you don’t know me or my education bud but nice try. This is why people like you are so snarky you should read more you’d realize I didn’t say anything you said just now. Lol
@@143jeg that’s whatsup man! And I know the CISSP requires 5 years of work experience in the field. I’ve been in the field for 5+ years and have my CCNA and Sec + so this is the next step in the chain for me. Also thinking of obtaining a CEH and a PCap since I’m fluent in python but who isn’t. Lol
I appreciate that you made this video. I think it's important to understand how intensive this field can be and one truly does need to have that passion. I'm still on the fence, but partly because of the fear that I can't do it. I'm slowly training myself through your videos and other resources to build confidence, technical knowledge, and the passion. I'm getting there, but I know I'm not ready to take that leap just yet. Thank you.
I agree, most people like the idea of being a 'hacker', thinking it's a super cool thing to do and tell people that they do. However, the reality of it as you need to constantly study and work awful hours.
Always loved this field as a kid. Got older and realized it was nothing like the movies but the passion to learn was so big that I still took a chance to challenge myself. Recently obtaining my eJPT gave me a tad bit more confidence in pursuing this career (currently working as a sysadmin). Hopefully I can one day hold a OSCP certification.
how’s it going? I’m currently in the cybersec club at my college while studying to complete a certificate and I met some met some guys my age that one has OSCP already and the other is waiting to complete eJPT. I like pen testing and think it’s what I’d like to base my career around and just wondering if you think eJPT is a good starter cert to do so
This is something I thought I was working towards for years. I was interested in cyber/IT security but thought I was just working towards being a pen tester. On that path I found that I really have a passion for vulnerability management on an enterprise scale. I still build my pen test skills as a hobby, but don't think I would take a pen testing job if it were offered to me now.
Yeah I quickly realized that after I did 1 pentest, while it is fun I couldn’t see myself being able to keep up with it and found it would require intense amount of research outside of work. Switched to Infrastructure Security Engineering and Architecture, it’s a bit more relaxed and I like it, it’s basically being a solutions architect for security related things.
@@ViolentbyDesign I dont have any certifications. I graduated college in December 2020 (BSc in IT with Security classes), in the meanwhile I went and got a cyber internship in july 2019. I got that internship based on the project that I did and security+ course and book I read to have enough knowledge to get my foot in the door. The first year of my internship I did a pentest as a combined group of interns, it was more of a vulnerability test. Moving forward to the year after however, they wanted me to be the "lead" pentester and to prepare for that I took TCM's PEH course from Udemy and basically was able to do a successful test just from that course with a much better knowledge of pentest methodology. I personally find value in the certificate resources not actual test itself. Ill then apply the knowledge in a real environment. To have a more wholistic experience, within the same company I was a cyber intern, help desk support specialist, and then a jr security analyst over the 2 year period, then moved to a different company as a security engineer after again studying enough to get foot in the door and selling my self and skills on interviews.
@@multithangam I don’t have any certs. I believe the reason why I was given a chance as an engineer is because of the way I presented my experience on my resume as well as my interviews. Which is another critical thing that some people aren’t able to do, I didn’t either at first but after failing multiple, I’m talking atleast 10-15 phone screens or interviews, I did a self reflection and made changes to my resume as well as the way I present my self. Certs arent everything, your ability to show an employer professionalism, willingness to learn and grow is what gets you far
Thank you for this video. I'm relatively new to the space but something I quickly realized was studying the "boring" stuff is absolutely necessary. Right now I'm setting up freeipa and keycloak in a homlab so I can better understand how to configure the service for our work infrastructure. It has hugely beneficial working through the headaches and getting a better understanding of identity management. It's not sexy but it helps with understanding how ldap actually works.
Hey bro what is your job profile and do you get to use Kali Linux ? Cuz I'll be getting in the same field Edit: i mean do you get to hack using Kali Linux?
I agree...partially. I think most of these could be learnt as long as you are curious and willing to develop the habit of learning. A change of mindset could go along way in achieving all of this.
I'm studying ethical hacking both for fun and to improve my understanding of red team methodology, eventually I plan on getting a job in cloud security to help protect critical infrastructures specifically hospitals if I can.
That is pretty close to the path I took to get to where you want to be. So for what it's worth I think you are on the right path. Keep studying though, you just have to love learning new things in the cyber security field.
I've been security-adjacent for a long time now, and what you said rings true to me. One thing that crossed my mind with regards to the report writing, is how to bridge the gap when someone is technically proficient (maybe even exceptional), and can communicate with tech folks, but maybe aren't strong on business communication. It strikes me that there's room for a role that can act as the translator; someone who can understand the gist of the technical report, and turn it into a more business-friendly one.
Thanks for this Video Keith. This cuts across almost all fields, when you know want to be top in your field you need to be able to accept doing all the extra reading, continuous learning and growing as part of life. If you want money, you should equally accept the stress that comes with it. Keep up the great job. Love from 🇳🇬
Great video, Heath! I'm glad to say that I fit your criteria of being passionate about pen testing and ethical hacking. This video is much needed for those that are wanting to do this solely for the money and haven't given it much more thought than that. Looking forward to more videos!
I first learned about ethical hacking a few years ago, but it wasn't until recently that I really started becoming interested in the field. A few things that I have always loved, and feel I will continue to always love, are learning, problem solving, helping people, and technology.
Definitely a great and sobering video. Good to have these azimuth checks to make sure all the motivations are there but also that we're being real with ourselves and understanding that it's still a job and if we're not all in than it'll feel more like a burden than something fun. Thanks for putting this together.
I really appreciate this perspective. I’ve been looking in to many different fields of IT work and I initially started down a path of becoming a Java developer. But when I looked at the cons I was heavily discouraged and felt it wasn’t for me. I also felt the same about many of the defense based cyber security roles and was ready to give it up. But this was the first time that I heard the cons of a field and wasn’t discouraged but instead felt that the reward was worth the hours I would have to put into to become efficient as an ethical hacker, even though it will require some skills in the fields I was initially discouraged from. That let me know that there is an underlying passion for this kind of work and I’m still very excited to begin this journey and now I have a better understanding of what it is I’m getting into. Thank you so much! ❤️
Hey Heath - you often talk about having to stay up to date with new exploits/attacks/defences in the space, could you advise of some websites or forums that are particularly useful for this? Sorry if you've already covered this somewhere!
Follow-up question: Where specifically do you go to study to make sure you are up to date? If you're new and once you get a few certificates, how do you keep up?
This video has me questioning whether I am the person you're talking about.I love this field and have a passion for IT. I did start with the basics and learning networking fundamentals through a network engineering course. I was originally going for a Network Engineer role, but I couldn't see myself typing in those Cisco CLI commands day in and day out. I love to do things I'm not really supposed to and the rush you get when you basically break into something is amazing. I did obtain my eJPT recently which was probably the most fun I've had in a very long time. I'm still going to pursue a cybersec role despite this video. I think I still have the passion, and while I haven't kept up with my writing skills, I believe that with a little hard work and effort, I can quickly have that skill set back under my belt. The only thing that sort of makes me feel uneasy about this field is like you said, with every minute that goes by in everyday this field is changing and the need to be able to adapt to that requires a certain mind. I hope I have that mindset. Every free moment of time I have I spend studying. I don't have any programming skills yet (I can read code at a basic level but can't write it effectively) but I'm hoping your Python courses in your academy will help me out since I've been working on learning Python through a book called Black Hat Python already. Thanks for the video and thanks for TCM Academy. Let's see where this goes.
Thanks, Heath for that PSA! You are 100% correct! Many things are forever changing and you have to keep up with the latest of everything that relates to the "ethical hacking wheel-house".
Most of my current experience is Blue Team and I'm wanting to move to Red Team or even just to get the knowledge and know how to be a better Security Analyst
I like your T-Shirt! Thank you for the video- I realised this field is for me. Studying is like my superpower, all jobs that I have burnt out because I wasn’t intellectually stimulated.
Really agree with what you have put into the video, one thing to add could be that it's not the "Hollywood" definition of what a ethical hacker is as that is why many people want to do it
My question is how do you stay so up to date at all times? How does someone stay ahead of new things coming out If I didn’t have someone tell me about it I’m not sure how I’d know im about changes
Thank you so much Now I’m 100% sure that I want to become an ethical hacker I’ve been wanting to learn this type of material I’m hoping to get my ITF+ this summer and I want to go down the CompTia Pentesting route Thank you!
i see many channels just focusing on the hacking part. can you please start a series to talk to us about how to make a report? I'm talking the stuff you are mentioning on 7:17 that will be very helpful for us
I kind of always thought that I would be more comfortable in a Cybersecurity Analyst role as opposed to a Penetration Tester. I'm currently taking the PNPT certification training and that training and this video have cemented the idea that an analyst role is what I'm more suited for. I'm still taking the training and plan on eventually getting the certification as most analyst roles I've found still typically require/prefer candidates to have such certifications anyway.
here also an accountant like you and studying my Msc in cs to change my career and my life bro. i feel like i wasted my time studying and working that shit😢 .great to have a man like you!
For me its like martial arts, you have to take it seriously. You have to be responsible and you HAVE TO STUDY AND PRACTICE. YOU GET BETTER AFTER a while. My teachers have said; "once you BECOME a black belt Now your education begins." You are learning new things if you are serious allllll yhe time.
Thank you, Heath! Excellent material. I know next to nothing about IT, but my impression is that, in order to be an Ethical Hacker, one needs to have a multidisciplinary perspective and knowledge; as you said, learn, learn, learn. I liked your excellent point about not being motivated primarily about money… I think it’s important for one not to lose sight of the real purpose of ethically hacking which is making organisations and people (majority of them non- IT specialists) safer. If one keeps people in mind at all times, he/ she would not even question why they have to produce a report that is in a readable format. Speaking of reports- do they include an analysis of the causes and suggestions for remedial actions (considering, also, any objective financial constraints and other particular difficulties the company might face?). Many thanks, again. 😊
In school for cyber right now. Been in IT for over 5 years with an msp and also worked as the sole IT guy for a state facility. I have done all kinds of stuff in both. Currently I am on the security team with the security analyst title. I do way more than typical analysts do though. I love the security side of things but where I am not is actually kinda boring. I love to learn and read all the time. I find that part of things easy. I also find writing to be very easy for me, likely due to 20 years military experience having to write tons of stuff. I think pen testing sounds fun and challenging which is what I need. Money is nice and all but it is not everything. I could make more than I do now, but love where I am. I figure the money will come if I am good enough. Pen testing is my goal. I watched your other video about the new hires. I already surpass most of those people in qualifications and experience so that side of things should be pretty easy. Love all your videos and advice.
I am 19 and have no idea what I want to do. I'm going into this field because of family connections and because of the money. What can I do to be more passionate about it?
you cant decide to be passionned, you wake up and you have only one thing in mind: hacking, art, math, flowers, dolphins anything... and some people have no passions and they are happy as well
@@plushplush7635this is kind of a lie. When you challenge yourself(but not so much to the point where you're stressed out)and get better at that and you start to accomplish bigger things you start to like it even if you were not passionate about it. I'm not into cyber but web dev didn't sound as good as how I feel when I'm doing some websites now. Now I really like web development and I didn't do it for the fun at the beginning. You can start liking something new if you challenge yourself and If you are curious enough. Even things that are extremely boring and shitty can be good if you do it right
I have had a lot of chaos in my life over the past month with suddenly moving and so it might have changed because i haven't been able to spend any time in this past month on tcm academy, but you should add a report write up course or info for better reports such as bug bounty vs pentest or breach reporting. i am still subscribed to your courses and you are to this day the only course i feel is worth the money and that you get more than you spend thus i am probably going to stay subscribed even if i get out of IT and get a job in cybersecurity for the foreseeable future. thanks for all you do.
omg I've been thinking a lot of time if this is the field that i want to specialize in, but now that i'm seen this video... i KNOW is the perfect field for me, i'm so exited but it's hard to find an entry point, there is so much information, courses, certifications, and even opinions but i need to find a way to become an ethical hacker, i love it
I really enjoy your videos, the amount of work and the information you pack into them, is greatly appreciated. Do you have a video about how to get into Defensive side/Blue Team of Cyber Security field? I am looking for some sort of road map, guidance to transition from IAM/PAM field which is what I am currently doing into the defensive side of cyber security. Are there any certifications, or specific skills geared towards this field that I should be learning? I am already Security + certified. How do I leverage/or Transfer my IAM/PAM skills going into Defensive side/Blue Team of Cyber Security field? Thank you
Awesome content and excellent commentary that I believe applies to ANY career choice! Passion, continuous skill development (Kaizen), dedication, and persistent drive, are essential. The combination of which is a money magnet. MM
So I'm about to start studying EH at a University level, after watching this I am sceptical cause honestly money ticks a box, logically I'm good in IT historically and the Social engineering aspect of EH really intrigues me cause I've instinctively always found social loopholes from a young age, but I do not like hours of studying in goes, and know very little in the way of coding. If anyone wants to give their 2 cents I don't mind
Has a fist course for add new skills(i'm a software delevoper plus Pen Testing my own machines) do u think is good start with EC-Council Ethical Hacking C/EH course or better something else???
every professional field needs these videos. I wish I had a video for my career. Well done and said! I am now researching a new career. Thank you for making this.
I have fell in love with I.T. period. Your right you have to have the hunger and passion for it. I am constantly wanting to learn new information. I have an associates in Cybersecurity, right at this moment, I am studying various programming languages and, working on several certs. My agenda is to study and understand the procedures, commands, executions that I carry out. I have interacted with several individuals that are chasing money, the salary, its really a spit in the face. I love hacking, and all the I.T. fields are involved. I learn from everyone, and like you said, it is forever evolving, it keeps me excited and on my toes.
Main reason I love my field (Malware analyst) is because you always need to learn new things and keep up with the world, ethical hacker is very similar in this I would say. If you just like learning and studying, experimenting with new stuff or discovering new things all the time, than go for it! I love my job and always strive to learn more and adapt, making my job also my passion
my main thing is if person has a humanities background and to what extent. every square is rectangle but not all rectangles are squares. when i have people fail, it is usually due to tunnel vision or lack or understanding bigger picture, how to think, etc. there are great experts that come into field multiple ways but i know almost all i worked / hired with that had humanities background (humanities based towards business or economics degree / variation exception), have much better rate of success.
Im studying myself, and as I study I find out I need to learn 10 more things, then 10 more and 10 more and 10 more lol. When do you think you are ready enough to apply for jobs?
If you have a general interest and enjoy the idea of ethical hacking etc, or any computer related field, be careful, once something becomes your job and you HAVE to do it, at times that you may not feel like it, it can quickly become a chore and not something you enjoy anymore, which is a real shame.
I am definitely lacking some of those necessary skills but I know I will improve. With enough practice, I can be just as good as those talented ethical hackers. Thank you for this video. Now I know what to focus and improve on! :)
Hi Heath, I'm really struggling to find a job in cyber security, they always require experience and I Just graduated in information sys tech- Cyber security so what is ur advice to get a job in a cybersecurity ?
Any tips on how to improve my communication skills in order to be able to explain technical concepts at a high level? What did you do to improve your communication skills?
To be honest the best thing you can do is first understand perfectly the technical concepts, sometimes it is hard to explain because you lack the knowledge in the first place. If you think you master the concept then try explaining to your mother, sister or non technical person, I have done that many time and when in the interview I always explained the concepts with ease.
I was in accounting/finance, and I hated it! Did for the money too but it wasn't for me, but now I'm learning what I enjoy. Ethical Hacking, and still learning.
I had a single accounting class apart of my CIS curriculum. I can't even fathom how you completed a degree in it and came out the other end thinking it was for you.
Thank you for this briefing, it helped me realize that i should start somewhere else in the IT career so that i can kind of "find myself" inside of this evolving playground!
I'm rediscovering my passion after having kids stopped me doing it passionately. They've left the house now and I'm finding things are very different to 21 years ago
Thanks. Good video. I just took a job that relies heavily on cyber security, but isn’t so closely involved in it. I’ll continue my hobbyist side and maybe, just maybe work up Into the defense side for my company. It’s a long shot, but it’s there.
I'm very interested in this field. When I was a kid i thought hacking was the coolest thing in the world. As i got older, i never learned how to teach myself (as a high school student) so i found out that you could make music on your computer when i was in 10th grade. I had a new dream! To be a touring edm artist. long story short, i wasn't able to put out music consistently enough market myself correctly. i sadly realized over a decade later that dream wasn't for me anymore. So i started wondering about my very first dream, hacking. I am very much eager to learn and what not. However, i am very easily frustrated with trying to understand basic concepts. i feel like when they're explained, i don't have enough information to "attach" it to something else. So basically i have to keep going until i have a solid enough foundation to be able to determine if it's worth it to keep going or not. I can't tell if im overwhelmed because i simply don't know, or if once i really get into it i'll realize its not for me. And having that doubt is really discouraging to be able to learn. I also have so many questions in the back of my head that add to the angst. Once i'm caught up to speed, how do i stay on top of things? how do i KNOW im "caught" up to speed? there's no central hub of information. chances are, my best bet is to find some underground forum on tor or somethin? Basically i'm second guessing everything because there's no neds declassified hacker survivor to go by... If you could make a video addressing this i would be so grateful. And I'm sure there are MANY others that feel the same as me, who just don't even feel the need to articulate it PS: I've been going thru stuff on tryhackme and i really like the ELI5 concepts. But even so i often find myself looking up words that i should already know but don't. and then i have to look up words that were used to describe the word that i initially looked up.
no siempre vas a saberlo todo, no te desanimes por el video, intentalo nuevamente, y si ves que no es lo tuyo pues dedicate tal vez a algo más divertido, sé féliz y busca tu felicidad.
I love the idea of eh. I'm a very strong creative, so technical eh seems very contradictory. I'm very very laid back by nature. so why am I so interested by this field? I keep saying no, but I keep coming back to it. The psychology behind my dilemma is a mystery. thanks, Kenn
I have been complacent for few years in IT, nevertheless I have gotten more experience in project management. I would like to give a try as a part-time. I kinda enjoy working remotely.
it's been my passion since when i was a kid to be an ethical hacker although, i'm not quite good with communicating but i will improve my communucation skills for sure
Sir, your organizational analysis of this field is reality based. I became aware of you through J. Auger. I like this field in what you mentioned. One of my goals of this field is help pay for mental health topics to help folks in the aging field and cybersecurity. You nailed it with writing.
Other reasons would be, if you think this field is as portrayed in the media or Hollywood representation, and also if you aren't willing to build a solid foundational knowledge of computing, and networks, mainly.
The resources and tools are ever end-growing and always is easy to get overwhelmed. The passion is the thing here and ever-willing to learn and keep self updated well said TCM™️👌👌👌
What would be a good starting point to make sure that I am going in the right direction. I am completely new to hacking and IT and I find it to be very interesting, but am not sure if it will be my passion, or if I am up to par with what will be thrown my way. I would love some tips to help dip my feet in the water so I can start somewhere comfortably and figure it if this might be for me or not.
The hard truth is that if you have zero knowledge in IT or anything computer related, being an hacker is just to soon. I have seen too many courses stated that you go from zero to hero or that in 40h of course you can become an ethical hacker, of course not, at most a script kiddie but nothing more, computer science and pentesting takes so much time and effort.
Thanks for the info. Sounds like I need to get out of my comfort zone, but it's and an area that I want to peruse and want to achieve in my professional career.
Hi Heath, thank you for this timely video. As a person who have no technical background and having worked in a non-technical government role for almost a decade, I was worried that none of the my skills would be transferable to this field. I am happy to hear that my years of writing reports, working with technical partners and "dumbing it down" to the non-technical executives are potentially transferable. I am on the verge of leaving a very well paying job with promotions lined up for me because taking PNPT so far and diving into the wonderful world of OSINT triggered a fire in me that I have not felt for a very long time. The materials are technical and a bit alien to me but at the same time, I am filled with so much wonder at the kind of knowledge that is out there and the capabilities that these materials are expounding. I think i might have found my life calling.
Almost everyone I know in the cyber/IT security field has taken a round about path to get there. I literally think some of the best experience I have for my current job was bartending in college because it taught me to find connections with people even when we have very little in common. Keep up the good work and follow your passion, it won't steer you wrong.
This is true for many roles or jobs. Many people go in thinking it's easy or I can also do it. Yes you can if you are willing to put in the effort. If you enjoy what you do then it just makes it easier.