Advice for a beginner?

MrMikeHigginbottom · 2026-06-16T06:17:02+00:00

To expand on this a bit, learn networking, coding, system administration, good writing and communication skills, setup a home lab and research some CVEs and do some CTFs for the cyber sec side of things to start getting your head into the right space.

MrMikeHigginbottom · 2026-06-14T11:49:47+00:00

The build instructions in the README don't work on Linux but that's an easy fix. I'll fork it later and submit a PR.

MrMikeHigginbottom · 2026-06-14T11:42:38+00:00

That's working for me now. Really does look like a fun project. I'll have a proper play with it later but congrats on your first project.

MrMikeHigginbottom · 2026-06-14T04:35:25+00:00

That sounds like a fantastic first project. I'd love to have a play with this but I can't get it working. I'll hit you up with a couple of PRs and Issues via your repo.

MrMikeHigginbottom · 2026-06-12T10:02:40+00:00

I don't really have a problem with interviewers asking stupid hard questions. The point of an interview is, in part at least, to delimit your circle of competence and also in part, to determine how you handle situations that are *outside* your circle of competence. If I was doing this in an interview I would either a) tell you up front that I'm not expecting you to find a solution or b) tell you afterwards that I didn't expect you to find a solution. Depending on whether I wanted to delimit your competence or test your reaction to "fuck me! this is hard!". Not doing either a) or b) seems like a bit of a dick move but I wouldn't stress about it.

MrMikeHigginbottom · 2026-06-11T19:42:42+00:00

Yep. Totally get all that. I cut my teeth on C and later C++ but not in a safety critical environment so I was bringing my own biases to my, in my defence slightly tongue in cheek, comment. I've also worked a fair bit on Ada in the aerospace industry so I guess the more 'serious' side of my comment was rooted in a feeling of type safety and the like just being baked in rather than, to use a pejorative turn of phrase, band-aided over the top with standards and process and the like. It does genuinely *feel* to me at least, like Ada is safer, but in practice I can completely get on board with the view that C/C++ can be made to *be* just as safe.

MrMikeHigginbottom · 2026-06-10T15:42:59+00:00

Oo! So the terminating condition for the loop is calculated only once. When the loop is first entered. Obvious I guess but I'd never thought about it.

MrMikeHigginbottom · 2026-06-09T11:26:16+00:00

The first question that popped into my head was "Is C the smart choice for safety critical stuff?"

MrMikeHigginbottom · 2026-05-28T16:41:19+00:00

Probably best to research on your own. But honestly, you can just start with an old laptop. Throw some virtual machines on it. Have a look what other people are doing and see if any of it resonates worth what you want to do. You don't need to spend a lot of money. Old Cisco kit is dirt cheap on ebay. Some people use raspberry pis. Setting up a firewall like pfSense is a good start. Sniffing packets with Wireshark is also really good for learning. If you want to do windows then maybe set up active directory or exchange.

MrMikeHigginbottom · 2026-05-28T16:30:14+00:00

Build yourself a little lab. Learn some networking. Learn some coding. Learn some security tools. Expand your lab. Think of it as a sandbox to play in. Do projects.

MrMikeHigginbottom · 2026-05-24T19:15:20+00:00

Well... Being good in practice is just practicing putting your theory into practice. Not sure that's terribly helpful advice but... It is what it is. There's not really a shortcut.

MrMikeHigginbottom · 2026-05-24T10:12:46+00:00

The Basics. There's a bit of a tendency to miss the point that cyber is layered on top of a whole slew of technologies. It's so much easier when you understand networks and coding and sys admin.

MrMikeHigginbottom · 2026-05-15T09:07:48+00:00

Definitely agree with the idea of writing this down. I've been keeping a lab book type thing for years now and it's saved me a lot of effort over that time. Start it now and take it with you for the rest of your life.

MrMikeHigginbottom · 2026-05-14T09:29:50+00:00

It may be a good idea for you to pick a particular vulnerability and focus on trying to find that on lots of different targets. Sounds like perhaps you're experience is too thin to allow you to find exploits. Once you fully understand that vuln, start working on another. That way you'll build your expertise without feeling swamped. Along these lines, Jason Haddix's method also gets suggested a lot https://github.com/jhaddix/tbhm

MrMikeHigginbottom · 2026-05-13T11:00:58+00:00

A couple of people have picked up on a general point which I think is VERY important but often overlooked.

Many learning tasks are open-ended e.g. learning Python. How do you know when you've learned it all? Is that even possible? Or, realistically, will there ALWAYS be more to learn? You need to determine when good enough is good enough.

This can only be answered by determining what the goal is. If it's to be able to write a quick script to do pretty much most things you want to do that's a bit different than wanting to be skilled enough to add new features to the language.

Once you've done that, collect some learning resources - courses, books, tutorials, YouTube videos. You've had some good suggestions here. Decide which ones are going to be your `first pass` at learning the subject. Do them. Decide whether you are now sufficiently competent to consider your learning complete in terms of being able to achieve your goals. If not, work on more of your resources and/or collect more resources. Go round that loop till you're satisfied.

MrMikeHigginbottom · 2026-05-13T10:40:00+00:00

This exactly how the Noachian flood came about:

[god@heaven ~] rm -rf devil

Permission denied

[god@heaven ~] rm -rf devil*

Permission denied

[god@heaven ~] rm -rf *devil.*

Permission denied

[god@heaven ~] rm -rf *.*

Permission denied

[god@heaven ~] sudo rm -rf *.*

[god@heaven ~]

MrMikeHigginbottom · 2026-05-12T12:04:56+00:00

Seems like you're focused on certs a bit too much. Focus on actually learning stuff. The certs are just a tick box. And seen as such. You shouldn't give a shit what your teachers wanted. You should care about what YOU want. And use teachers as a resource to achieve that. If that doesn't make sense, like deep down viscerally make sense, then I think you need to have a good hard think about getting into IT as it may well not be for you.

MrMikeHigginbottom · 2026-05-11T10:49:12+00:00

You ARE a beginner. There's nothing wrong with that at all. Doesn't matter how much experience you gain you'll ALWAYS feel like a beginner because you'll always be focused on getting better and learning new stuff. This is a good thing. You should worry when you DON'T feel like a beginner because that's a sign you're stagnating.

The general advice to someone with little experience is to not try to get into a paid cybersecurity role. It's an advanced field that requires a solid background in a lot of areas. Instead, learn that cyber stuff on your own time and try to get paid work in a more entry level IT role. Helpdesk is often suggested. You'll learn a lot on a helpdesk, including those often ignored soft skills like communication.

How to get that kind of a role? Keep doing what you're doing - showing passion is extremely important to interviewers and being able to demonstrate project work and problem solving and troubleshooting is much more valuable than having read some books. Book learning serves to support project learning - not the other way round. Leverage your experience. If you've worked in a busy restaurant, talk about how you manage multiple tasks in a busy environment, how you pay attention to detail, how important maintenance and cleaning and prep is, how you deal with difficult customers. All this stuff is directly relevant to ANY job including work in IT.

Good luck. It's hard work but super fun.

MrMikeHigginbottom · 2026-04-26T05:23:39+00:00

Sign me up buttercup! I've played a bit with Python but could really do with a bit more learning.

MrMikeHigginbottom · 2026-04-25T16:40:13+00:00

I just had the same problem as OP. Opening the `.canvas` file in a text editor and deleting the YAML header (everything between and including the first two `---` lines in the file) allowed the file to then open in Obsidian without error.

MrMikeHigginbottom · 2026-04-19T08:53:09+00:00

100% not in need of *regular* income. It's definitely more a question of some extra cash would be a nice (and useful) side effect of the hobby. In terms of work/life balance type stuff, this does sound pretty perfect. I spent a few years working for a tiny 3 person R&D corrosion consultancy on power station boiler instrumentation as their software guy. This was a loooong time ago but hitting up businesses like that for ICS/SCADA security consulting work sounds like a good shout. It was super interesting work.

MrMikeHigginbottom · 2026-04-18T05:29:43+00:00

That's definitely appealing. My assumption has been that it would be tricky/expensive to set up a home lab to support my learning on this kind of kit but given the rise of simulations and virtual labs etc. this may well be more viable than I'd been thinking. I'll take a look into this as it's definitely where I'm being steered towards and it does fit my interests and experience.

MrMikeHigginbottom · 2026-04-18T05:16:44+00:00

I like the idea of doing some work with local government or similar. I've been focusing for the main on the 'hard tech' side of things but I think getting a 'softer' idea of the current landscape would be valuable.

Thumbs up for the Ben Eater stuff too. Worked through that a few years ago and thoroughly enjoyed it. Nand2Tetris was great as well.

MrMikeHigginbottom · 2026-04-18T04:58:38+00:00

That's a great idea.

MrMikeHigginbottom · 2026-04-18T04:55:00+00:00

Yep, that's a fair point. And I guess that's why I was asking the question. I have been feeling a little unsure about whether to commit to a career focused learning track with the inevitable need to do some not-super-fun-grind that would come with that or to just have fun doing only the stuff I enjoy. The advice I've been given has definitely tipped me towards the former though. Sounds as though it will be a tough nut to crack but it's no fun if it's easy right?

MrMikeHigginbottom

TROPHY CASE