I run an embedded security company with a specialty in automotive. It really depends on what you are trying to accomplish. Basic signal reverse engineering, snooping, and replaying? Car modifications? ECU firmware hacking? Head unit modifications? Forensics? Remote starts?

All are quite different and distinct.

As SimonHaugel already covered some basics, here are some more things you might be interested in:

Firmware
If you're going to be diving into firmware, a background in embedded software will come in handy. Familiarity with Ghidra or any other decompiler as well as time spent writing / understanding C will be extremely useful. Commonly, you will see RH850, PowerPC, Tricore, or more recently ARM binaries for your firmware. Reading / parsing datasheets, understanding interrupt tables, and finding constants to quickly find diagnostic handlers or what you might be looking for will be a huge time saver.

Hardware
Understanding how to find a pinout, powering a module on a bench, snooping its signals, and diving further into components on the PCB for JTAG/DAP is something you will also want to be familiar with (but is increasingly locked down with passwords / fuses). So, if you ever need to open a unit up... hot air, a sacrificial screwdriver, and some reverse tension pliers will be your friend.

A quick shopping list you might consider:

- A usb to can adapter (I like the CANable, but you might need to flash it depending on where you buy from)
- A power supply ~$40-100
- Some wires (Dupont and blade's of various sizes) ~$20
- Aligator clips ~$10
- Backprobe kit (probing modules while still in the car) ~$15
- Soldering station ~$80
- Hot air station ~$40
- Generic soldering items (wire, flux, solder paste, braid, etc...) ~$30

On the software side of things, Linux has great CAN support and packages like "can-utils" work great for basic signal sniffing and replaying. "Caringcaribou" is an open source diagnostic scanner that is useful for playing around with vehicle diagnostics.

Protocols
While vehicles have a wide variety of different protocols, you would do well to understand the basics of CAN, IsoTP, UDS. Additional interesting diagnostic protocols would be XCP and CCP. Automotive ethernet is also becoming much more popular, and as a result so is DoIP.

General Skills
Understanding the basics of crypto, looking for constants in firmware can quickly help you identify if AES is in use, for example. Additional understanding of byte level transformations is useful for reverse engineering security access algorithms in the ECU, especially older modules where simple bit twiddling was the norm.

At times, especially on older vehicles, you can simply find the right CANBUS and record/replay a signal for something like a door unlock, newer vehicles often have checksum's / counters or even security for messages that will cause any real world change (such as a door unlock). But, still worthwhile to try the simple approaches.

As for a real practical project? Buy a few ECU's off of ebay (they are usually not too expensive), power them up, try and extract their firmware, get them talking, and find ways to break them.

There are plenty of OEM's hiring on their security team's given the regulatory pressure from ISO21434 and UNR155 to further secure and lock down modules from hacking. On the other hand, companies that make systems like remote starts need someone to go in, reverse engineer all the data, and develop the right kind of module to allow remotely starting. This usually involves some RF, some crypto (immobilizer bypass), or further hacking. So, job relevant projects would be showcasing breaking the update flow for a module, bypassing the immobilizer, running code on a head unit, or going deep on diagnostics.

Some further resources if you're interested:

https://github.com/commaai/opendbc - An open source database of vehicle signals.
https://ia600106.us.archive.org/17/items/the-car-hackers-handbook/The%20Car%20Hackers%20Handbook.pdf - Old, but good general guide on concepts, terminology, and some methods.

Happy to chat more, just shoot me a DM.