How to Build Cybersecurity Skills for Free – No Budget Needed

Introduction

Breaking into cybersecurity can be stressful, and many people rush into certifications. While certifications are a great way to gain experience in the field, they are costly, and some aspiring professionals may have a tight budget. In this blog, we will dive into how to build cybersecurity skills for FREE!

Fundamental Skills For Cybersecurity

Before diving into cybersecurity, you need to learn the fundamentals. It is nearly impossible to do so without understanding the basics. As the saying goes, “Rome wasn’t built in a day.”

While fantastic paid resources are out there, here are some free resources to help you get started.

• OverTheWire (Bandit) - This website will teach you the fundamentals of Linux and help you build your skill set.
• TryHackMe (THM) - THM has fantastic labs that you can do entirely for free. Below are a few that I recommend to begin your cybersecurity journey.
  • Pre-Security
  • Cybersecurity 101
• Cisco Network Academy (NetAcad) - This free platform allows you to learn the fundamentals of computer networks and how communication occurs between devices.
• Amazon Web Services (AWS) Cloud Training - Free material to help you understand the fundamentals of the cloud, specifically for AWS.
• APISec University - Free educational platform for API security-related topics. Teach you the OWASP Top 10 API vulnerabilities and dive in-depth into each category.

Learn Cybersecurity Through Hands-On CTFs & Vulnerable Labs

Next, hands-on practice will help you understand the tools and language used within cybersecurity. In cybersecurity, we call these Capture-the-Flags (CTFs). Think of it as gamified hacking/learning. Some CTFs have challenges like Binary Exploitation, Forensics, Reverse Engineering, Web Security, Programming, and more. Others are storyline-vulnerable machines that you are to hack into and retrieve flags.

Before starting in CTFs, you will want to have virtualization software. This software will be used to host your Linux system. Two of the most popular virtualization software programs are VirtualBox and VMware (By Broadcom). You can download any Linux distribution; however, the popular hacking Linux distros are Kali Linux and ParrotOS.

Now that you have completed the setup, here are a few free CTF platforms on which you can begin practicing your skills.

• TryHackMe (THM)—THM has storyline intentionally vulnerable machines. Most will make you think outside the box and grow in the field.
  • Pickle Rick
  • Tony The Tiger
  • Brooklyn Nine Nine
• HackTheBox—Similar to TryHackMe, it provides valuable storylines for vulnerable machines. However, these machines are the most difficult, even the “Easy” ones. If you’re starting, I recommend sticking with THM until you obtain your methodology.
• Vulnhub—A community-driven platform that publishes vulnerable machines that can be locally installed into a virtualization platform.
• PicoCTF—A multi-category platform with beginner-friendly challenges to help you learn different paths in cybersecurity.
• PortSwigger—The founders of Burp Suite will teach you about web application security vulnerabilities, remediation efforts, and built-in labs.
• Standalone Vulnerable Machines—The community has created some fantastic vulnerable machines with common vulnerabilities you would see in real-world engagements.
  • Metasploitable2
  • Metasploitable3
  • Damn Vulnerable Web Application (DVWA)
  • OWASP JuiceShop

Learn Through The Cybersecurity Community

There’s some fantastic talent out there in this industry. Many people will give their insights and expertise away for free, which helps build an online portfolio. Here are a few people you should connect with who offer valuable insights entirely for free.

• YouTube
  • MRE Security
  • John Hammond
  • InfoSec Pat
  • HackerSploit
  • ippsec
  • 0xdf
  • Tib3rius
  • CryptoCat
  • InsiderPhD
  • PinkDraconian
  • Rana Khalil
• News Platform
  • Hacker News
  • Dark Reading
  • CyberNews
  • Bleeping Computers
  • Cyber Security News
  • Security Week
• Discord
  • Republic of Hackers
  • APISec University
  • InfoSec Pat
  • 0xH3xSec
  • Certification Station
  • 0xP Sec

Conclusion

While cybersecurity can sometimes be costly and daunting, there’s always a way to learn. Whether by using TryHackMe, HackTheBox, or other educational platforms, watching YouTube videos, or participating in community events like live streams on Discord, it’s always a good idea to start with the free material that’s out there before pursuing courses or certifications to solidify what you want to do in cybersecurity.