Where do I start? Cybersecurity by Stephen

Start with a Personality Assessment

Before diving into technical skills or certifications, take a step back and assess yourself. Understanding your personality type, your strengths, and how you work best will help you choose the right path in cybersecurity. Tools like the Myers-Briggs Type Indicator (MBTI) or the DISC assessment can give you valuable insight into whether you're better suited for hands-on technical work, leadership and strategy, communication-heavy roles like sales engineering, or analytical roles like threat intelligence.

Knowing yourself first saves you from chasing certifications or career paths that don't align with who you are.

Pathways by Background

Complete Newcomers

If you're brand new to cybersecurity and IT, start with the fundamentals. Learn basic networking concepts (TCP/IP, DNS, HTTP), understand operating systems (Windows and Linux at a minimum), and get comfortable with the command line. Free resources like Professor Messer's CompTIA videos, TryHackMe, and Cybrary can get you started without spending a dime.

Military Transitioners

If you're transitioning from military service, you have more relevant experience than you probably realize. Military roles in signals intelligence, communications, information assurance, and even operations planning translate directly to cybersecurity. Programs like VetSec, Hiring Our Heroes, and the DoD Cyber Workforce Framework can help you map your military experience to civilian cybersecurity roles. Don't undersell your clearance—it's extremely valuable in the defense and intelligence contracting space.

General Orientation

For those coming from adjacent fields—IT administration, software development, networking—focus on understanding the security implications of what you already know. A sysadmin who understands Active Directory is halfway to understanding identity-based attacks. A developer who knows web applications is well-positioned for application security. Build on your existing foundation rather than starting from scratch.

Recommended Books

Sandworm by Andy Greenberg — A gripping account of Russia's cyberwar campaigns and the real-world consequences of state-sponsored hacking. Essential reading for understanding why cybersecurity matters at a geopolitical level.
Cybersecurity Career Master Plan by Dr. Gerald Auger — A practical, structured guide to planning and advancing your cybersecurity career. Covers everything from choosing your first role to long-term career strategy.

Certifications Guidance

Certifications matter in cybersecurity, but they matter differently depending on where you are in your career. For newcomers, a CompTIA Security+ demonstrates baseline knowledge and checks the box for many job postings. For experienced professionals, certifications like CISSP, OSCP, or SANS GIAC credentials signal depth and specialization.

Don't collect certifications for the sake of collecting them. Choose certifications that align with the specific role you're pursuing, and prioritize those that are recognized by the employers you want to work for. See the companion article on picking your first or next certification for detailed guidance.

Technical Skills Resources

Hands-on practice is non-negotiable in cybersecurity. Some of the best platforms for building real skills include:

TryHackMe — Guided, beginner-friendly labs that walk you through offensive and defensive techniques step by step.
Hack The Box — More advanced, challenge-based labs for those ready to test their skills without hand-holding.
CyberDefenders — Blue team-focused challenges for those interested in detection, forensics, and incident response.
SANS Cyber Ranges — Professional-grade training environments, often available through SANS courses.
Home Labs — Build your own lab with VirtualBox or VMware. Spin up vulnerable VMs, set up a SIEM, and practice detection and response in your own environment.

CISO Tools and Resources

If you're on the leadership track—or already operating as a fractional or virtual CISO—you'll need more than technical skills. Key resources include:

Open-source policy templates: Organizations like SANS and CIS provide free, well-structured security policy templates that you can adapt for your clients. Don't write policies from scratch when battle-tested templates exist.
vCISO roadmap frameworks: Build a structured approach to your first 90 days with a new client. Cover asset inventory, risk assessment, policy review, incident response planning, and compliance mapping.
Frameworks and standards: NIST CSF, CIS Controls, and ISO 27001 are the foundation of most security programs. Know them well enough to map any organization's current state against them.

Industry Figures to Follow

Staying current in cybersecurity means following the people who are shaping the industry. A few worth adding to your feed:

Brian Krebs — Investigative journalist covering cybercrime. His blog, Krebs on Security, is essential reading.
Katie Nickels — Threat intelligence leader, SANS instructor, and ATT&CK expert.
Daniel Miessler — Security practitioner and writer. His Unsupervised Learning newsletter is consistently excellent.
Lesley Carhart — Incident response expert and advocate for newcomers to the field.
Gerald Auger (SimplyCyber) — Career-focused content for cybersecurity professionals at every level.

News Sources

Stay informed with these reliable cybersecurity news outlets:

Dark Reading — Broad coverage of cybersecurity news, vulnerabilities, and industry trends.
Bleeping Computer — Excellent coverage of malware, ransomware, and emerging threats with technical depth.
CSO Online — Focused on security leadership, strategy, and enterprise risk.
The Record by Recorded Future — Journalism-first cybersecurity news with strong sourcing.
CISA Alerts — Direct from the Cybersecurity and Infrastructure Security Agency. Subscribe to their mailing list for vulnerability advisories and threat alerts.

Resume Resources

Your resume is your first impression, and in cybersecurity it needs to be both technically credible and ATS-compatible. See the companion article on the art of the technical resume for detailed guidance.

For military veterans specifically, VetSec offers resume reviews, mentorship, and job placement assistance tailored to veterans transitioning into cybersecurity. Their community is active, supportive, and understands the unique challenges of translating military experience into civilian job applications.