As a university lecturer in IT/cybersecurity, I would encourage those interested in cybersecurity/ethical hacking to initially focus on a good grounding in programming, networking, OS, architecture, etc as too many want to jump straight into learning to hack without the necessary foundational skill to even understand what they are hacking. Learn general IT BEFORE trying to specialize in cybersecurity. Certs (Cisco, etc) are the way to go for a solid foundation and springboard on which to build.
@@518trey1 I would leave off the CISSP until you have a bit of experience in the field but 100% on the other two. I went the GSEC route but only because my work picked up the check. It's a great course and exam, there are cheaper options, like the ones you suggested, though.
@@dontbemadsunshine first of all I didn’t say it was easy. Second of all you don’t know me or my education bud but nice try. This is why people like you are so snarky you should read more you’d realize I didn’t say anything you said just now. Lol
@@143jeg that’s whatsup man! And I know the CISSP requires 5 years of work experience in the field. I’ve been in the field for 5+ years and have my CCNA and Sec + so this is the next step in the chain for me. Also thinking of obtaining a CEH and a PCap since I’m fluent in python but who isn’t. Lol
I agree, most people like the idea of being a 'hacker', thinking it's a super cool thing to do and tell people that they do. However, the reality of it as you need to constantly study and work awful hours.
Hey bro what is your job profile and do you get to use Kali Linux ? Cuz I'll be getting in the same field Edit: i mean do you get to hack using Kali Linux?
I appreciate that you made this video. I think it's important to understand how intensive this field can be and one truly does need to have that passion. I'm still on the fence, but partly because of the fear that I can't do it. I'm slowly training myself through your videos and other resources to build confidence, technical knowledge, and the passion. I'm getting there, but I know I'm not ready to take that leap just yet. Thank you.
Always loved this field as a kid. Got older and realized it was nothing like the movies but the passion to learn was so big that I still took a chance to challenge myself. Recently obtaining my eJPT gave me a tad bit more confidence in pursuing this career (currently working as a sysadmin). Hopefully I can one day hold a OSCP certification.
how’s it going? I’m currently in the cybersec club at my college while studying to complete a certificate and I met some met some guys my age that one has OSCP already and the other is waiting to complete eJPT. I like pen testing and think it’s what I’d like to base my career around and just wondering if you think eJPT is a good starter cert to do so
Yeah I quickly realized that after I did 1 pentest, while it is fun I couldn’t see myself being able to keep up with it and found it would require intense amount of research outside of work. Switched to Infrastructure Security Engineering and Architecture, it’s a bit more relaxed and I like it, it’s basically being a solutions architect for security related things.
@@ViolentbyDesign I dont have any certifications. I graduated college in December 2020 (BSc in IT with Security classes), in the meanwhile I went and got a cyber internship in july 2019. I got that internship based on the project that I did and security+ course and book I read to have enough knowledge to get my foot in the door. The first year of my internship I did a pentest as a combined group of interns, it was more of a vulnerability test. Moving forward to the year after however, they wanted me to be the "lead" pentester and to prepare for that I took TCM's PEH course from Udemy and basically was able to do a successful test just from that course with a much better knowledge of pentest methodology. I personally find value in the certificate resources not actual test itself. Ill then apply the knowledge in a real environment. To have a more wholistic experience, within the same company I was a cyber intern, help desk support specialist, and then a jr security analyst over the 2 year period, then moved to a different company as a security engineer after again studying enough to get foot in the door and selling my self and skills on interviews.
@@multithangam I don’t have any certs. I believe the reason why I was given a chance as an engineer is because of the way I presented my experience on my resume as well as my interviews. Which is another critical thing that some people aren’t able to do, I didn’t either at first but after failing multiple, I’m talking atleast 10-15 phone screens or interviews, I did a self reflection and made changes to my resume as well as the way I present my self. Certs arent everything, your ability to show an employer professionalism, willingness to learn and grow is what gets you far
I'm studying ethical hacking both for fun and to improve my understanding of red team methodology, eventually I plan on getting a job in cloud security to help protect critical infrastructures specifically hospitals if I can.
That is pretty close to the path I took to get to where you want to be. So for what it's worth I think you are on the right path. Keep studying though, you just have to love learning new things in the cyber security field.
This is something I thought I was working towards for years. I was interested in cyber/IT security but thought I was just working towards being a pen tester. On that path I found that I really have a passion for vulnerability management on an enterprise scale. I still build my pen test skills as a hobby, but don't think I would take a pen testing job if it were offered to me now.
I agree...partially. I think most of these could be learnt as long as you are curious and willing to develop the habit of learning. A change of mindset could go along way in achieving all of this.
Thank you for this video. I'm relatively new to the space but something I quickly realized was studying the "boring" stuff is absolutely necessary. Right now I'm setting up freeipa and keycloak in a homlab so I can better understand how to configure the service for our work infrastructure. It has hugely beneficial working through the headaches and getting a better understanding of identity management. It's not sexy but it helps with understanding how ldap actually works.
I first learned about ethical hacking a few years ago, but it wasn't until recently that I really started becoming interested in the field. A few things that I have always loved, and feel I will continue to always love, are learning, problem solving, helping people, and technology.
I've been security-adjacent for a long time now, and what you said rings true to me. One thing that crossed my mind with regards to the report writing, is how to bridge the gap when someone is technically proficient (maybe even exceptional), and can communicate with tech folks, but maybe aren't strong on business communication. It strikes me that there's room for a role that can act as the translator; someone who can understand the gist of the technical report, and turn it into a more business-friendly one.
I like your T-Shirt! Thank you for the video- I realised this field is for me. Studying is like my superpower, all jobs that I have burnt out because I wasn’t intellectually stimulated.
Thanks for this Video Keith. This cuts across almost all fields, when you know want to be top in your field you need to be able to accept doing all the extra reading, continuous learning and growing as part of life. If you want money, you should equally accept the stress that comes with it. Keep up the great job. Love from 🇳🇬
Follow-up question: Where specifically do you go to study to make sure you are up to date? If you're new and once you get a few certificates, how do you keep up?
Hey Heath - you often talk about having to stay up to date with new exploits/attacks/defences in the space, could you advise of some websites or forums that are particularly useful for this? Sorry if you've already covered this somewhere!
Definitely a great and sobering video. Good to have these azimuth checks to make sure all the motivations are there but also that we're being real with ourselves and understanding that it's still a job and if we're not all in than it'll feel more like a burden than something fun. Thanks for putting this together.
I really appreciate this perspective. I’ve been looking in to many different fields of IT work and I initially started down a path of becoming a Java developer. But when I looked at the cons I was heavily discouraged and felt it wasn’t for me. I also felt the same about many of the defense based cyber security roles and was ready to give it up. But this was the first time that I heard the cons of a field and wasn’t discouraged but instead felt that the reward was worth the hours I would have to put into to become efficient as an ethical hacker, even though it will require some skills in the fields I was initially discouraged from. That let me know that there is an underlying passion for this kind of work and I’m still very excited to begin this journey and now I have a better understanding of what it is I’m getting into. Thank you so much! ❤️
I am 19 and have no idea what I want to do. I'm going into this field because of family connections and because of the money. What can I do to be more passionate about it?
you cant decide to be passionned, you wake up and you have only one thing in mind: hacking, art, math, flowers, dolphins anything... and some people have no passions and they are happy as well
@@plushplush7635this is kind of a lie. When you challenge yourself(but not so much to the point where you're stressed out)and get better at that and you start to accomplish bigger things you start to like it even if you were not passionate about it. I'm not into cyber but web dev didn't sound as good as how I feel when I'm doing some websites now. Now I really like web development and I didn't do it for the fun at the beginning. You can start liking something new if you challenge yourself and If you are curious enough. Even things that are extremely boring and shitty can be good if you do it right
Most of my current experience is Blue Team and I'm wanting to move to Red Team or even just to get the knowledge and know how to be a better Security Analyst
Really agree with what you have put into the video, one thing to add could be that it's not the "Hollywood" definition of what a ethical hacker is as that is why many people want to do it
omg I've been thinking a lot of time if this is the field that i want to specialize in, but now that i'm seen this video... i KNOW is the perfect field for me, i'm so exited but it's hard to find an entry point, there is so much information, courses, certifications, and even opinions but i need to find a way to become an ethical hacker, i love it
Great video, Heath! I'm glad to say that I fit your criteria of being passionate about pen testing and ethical hacking. This video is much needed for those that are wanting to do this solely for the money and haven't given it much more thought than that. Looking forward to more videos!
So I'm about to start studying EH at a University level, after watching this I am sceptical cause honestly money ticks a box, logically I'm good in IT historically and the Social engineering aspect of EH really intrigues me cause I've instinctively always found social loopholes from a young age, but I do not like hours of studying in goes, and know very little in the way of coding. If anyone wants to give their 2 cents I don't mind
here also an accountant like you and studying my Msc in cs to change my career and my life bro. i feel like i wasted my time studying and working that shit😢 .great to have a man like you!
I kind of always thought that I would be more comfortable in a Cybersecurity Analyst role as opposed to a Penetration Tester. I'm currently taking the PNPT certification training and that training and this video have cemented the idea that an analyst role is what I'm more suited for. I'm still taking the training and plan on eventually getting the certification as most analyst roles I've found still typically require/prefer candidates to have such certifications anyway.
Thanks, Heath for that PSA! You are 100% correct! Many things are forever changing and you have to keep up with the latest of everything that relates to the "ethical hacking wheel-house".
My question is how do you stay so up to date at all times? How does someone stay ahead of new things coming out If I didn’t have someone tell me about it I’m not sure how I’d know im about changes
i see many channels just focusing on the hacking part. can you please start a series to talk to us about how to make a report? I'm talking the stuff you are mentioning on 7:17 that will be very helpful for us
Im studying myself, and as I study I find out I need to learn 10 more things, then 10 more and 10 more and 10 more lol. When do you think you are ready enough to apply for jobs?
This video has me questioning whether I am the person you're talking about.I love this field and have a passion for IT. I did start with the basics and learning networking fundamentals through a network engineering course. I was originally going for a Network Engineer role, but I couldn't see myself typing in those Cisco CLI commands day in and day out. I love to do things I'm not really supposed to and the rush you get when you basically break into something is amazing. I did obtain my eJPT recently which was probably the most fun I've had in a very long time. I'm still going to pursue a cybersec role despite this video. I think I still have the passion, and while I haven't kept up with my writing skills, I believe that with a little hard work and effort, I can quickly have that skill set back under my belt. The only thing that sort of makes me feel uneasy about this field is like you said, with every minute that goes by in everyday this field is changing and the need to be able to adapt to that requires a certain mind. I hope I have that mindset. Every free moment of time I have I spend studying. I don't have any programming skills yet (I can read code at a basic level but can't write it effectively) but I'm hoping your Python courses in your academy will help me out since I've been working on learning Python through a book called Black Hat Python already. Thanks for the video and thanks for TCM Academy. Let's see where this goes.
Thank you so much Now I’m 100% sure that I want to become an ethical hacker I’ve been wanting to learn this type of material I’m hoping to get my ITF+ this summer and I want to go down the CompTia Pentesting route Thank you!
Has a fist course for add new skills(i'm a software delevoper plus Pen Testing my own machines) do u think is good start with EC-Council Ethical Hacking C/EH course or better something else???
In school for cyber right now. Been in IT for over 5 years with an msp and also worked as the sole IT guy for a state facility. I have done all kinds of stuff in both. Currently I am on the security team with the security analyst title. I do way more than typical analysts do though. I love the security side of things but where I am not is actually kinda boring. I love to learn and read all the time. I find that part of things easy. I also find writing to be very easy for me, likely due to 20 years military experience having to write tons of stuff. I think pen testing sounds fun and challenging which is what I need. Money is nice and all but it is not everything. I could make more than I do now, but love where I am. I figure the money will come if I am good enough. Pen testing is my goal. I watched your other video about the new hires. I already surpass most of those people in qualifications and experience so that side of things should be pretty easy. Love all your videos and advice.
If you have a general interest and enjoy the idea of ethical hacking etc, or any computer related field, be careful, once something becomes your job and you HAVE to do it, at times that you may not feel like it, it can quickly become a chore and not something you enjoy anymore, which is a real shame.
I have fell in love with I.T. period. Your right you have to have the hunger and passion for it. I am constantly wanting to learn new information. I have an associates in Cybersecurity, right at this moment, I am studying various programming languages and, working on several certs. My agenda is to study and understand the procedures, commands, executions that I carry out. I have interacted with several individuals that are chasing money, the salary, its really a spit in the face. I love hacking, and all the I.T. fields are involved. I learn from everyone, and like you said, it is forever evolving, it keeps me excited and on my toes.
every professional field needs these videos. I wish I had a video for my career. Well done and said! I am now researching a new career. Thank you for making this.
my main thing is if person has a humanities background and to what extent. every square is rectangle but not all rectangles are squares. when i have people fail, it is usually due to tunnel vision or lack or understanding bigger picture, how to think, etc. there are great experts that come into field multiple ways but i know almost all i worked / hired with that had humanities background (humanities based towards business or economics degree / variation exception), have much better rate of success.
Main reason I love my field (Malware analyst) is because you always need to learn new things and keep up with the world, ethical hacker is very similar in this I would say. If you just like learning and studying, experimenting with new stuff or discovering new things all the time, than go for it! I love my job and always strive to learn more and adapt, making my job also my passion
I had a single accounting class apart of my CIS curriculum. I can't even fathom how you completed a degree in it and came out the other end thinking it was for you.
Any tips on how to improve my communication skills in order to be able to explain technical concepts at a high level? What did you do to improve your communication skills?
To be honest the best thing you can do is first understand perfectly the technical concepts, sometimes it is hard to explain because you lack the knowledge in the first place. If you think you master the concept then try explaining to your mother, sister or non technical person, I have done that many time and when in the interview I always explained the concepts with ease.
Awesome content and excellent commentary that I believe applies to ANY career choice! Passion, continuous skill development (Kaizen), dedication, and persistent drive, are essential. The combination of which is a money magnet. MM
I have had a lot of chaos in my life over the past month with suddenly moving and so it might have changed because i haven't been able to spend any time in this past month on tcm academy, but you should add a report write up course or info for better reports such as bug bounty vs pentest or breach reporting. i am still subscribed to your courses and you are to this day the only course i feel is worth the money and that you get more than you spend thus i am probably going to stay subscribed even if i get out of IT and get a job in cybersecurity for the foreseeable future. thanks for all you do.
Hi Heath, I'm really struggling to find a job in cyber security, they always require experience and I Just graduated in information sys tech- Cyber security so what is ur advice to get a job in a cybersecurity ?
For me its like martial arts, you have to take it seriously. You have to be responsible and you HAVE TO STUDY AND PRACTICE. YOU GET BETTER AFTER a while. My teachers have said; "once you BECOME a black belt Now your education begins." You are learning new things if you are serious allllll yhe time.
I'm rediscovering my passion after having kids stopped me doing it passionately. They've left the house now and I'm finding things are very different to 21 years ago
it's been my passion since when i was a kid to be an ethical hacker although, i'm not quite good with communicating but i will improve my communucation skills for sure
I was in accounting/finance, and I hated it! Did for the money too but it wasn't for me, but now I'm learning what I enjoy. Ethical Hacking, and still learning.
I'm very interested in this field. When I was a kid i thought hacking was the coolest thing in the world. As i got older, i never learned how to teach myself (as a high school student) so i found out that you could make music on your computer when i was in 10th grade. I had a new dream! To be a touring edm artist. long story short, i wasn't able to put out music consistently enough market myself correctly. i sadly realized over a decade later that dream wasn't for me anymore. So i started wondering about my very first dream, hacking. I am very much eager to learn and what not. However, i am very easily frustrated with trying to understand basic concepts. i feel like when they're explained, i don't have enough information to "attach" it to something else. So basically i have to keep going until i have a solid enough foundation to be able to determine if it's worth it to keep going or not. I can't tell if im overwhelmed because i simply don't know, or if once i really get into it i'll realize its not for me. And having that doubt is really discouraging to be able to learn. I also have so many questions in the back of my head that add to the angst. Once i'm caught up to speed, how do i stay on top of things? how do i KNOW im "caught" up to speed? there's no central hub of information. chances are, my best bet is to find some underground forum on tor or somethin? Basically i'm second guessing everything because there's no neds declassified hacker survivor to go by... If you could make a video addressing this i would be so grateful. And I'm sure there are MANY others that feel the same as me, who just don't even feel the need to articulate it PS: I've been going thru stuff on tryhackme and i really like the ELI5 concepts. But even so i often find myself looking up words that i should already know but don't. and then i have to look up words that were used to describe the word that i initially looked up.
no siempre vas a saberlo todo, no te desanimes por el video, intentalo nuevamente, y si ves que no es lo tuyo pues dedicate tal vez a algo más divertido, sé féliz y busca tu felicidad.
Quick question, is pentesting/ethical hacking professionally is really as exciting and interesting as people say it is? Or is it boring and monotonous?
The hard truth is that if you have zero knowledge in IT or anything computer related, being an hacker is just to soon. I have seen too many courses stated that you go from zero to hero or that in 40h of course you can become an ethical hacker, of course not, at most a script kiddie but nothing more, computer science and pentesting takes so much time and effort.
Another reason why someone may not want to become an ethical hacker? Some Tech companies in Europe are 95% male, with none of their 5% of females working in a technical role. Starting out as the first girl in a technical role in a company like that can be very hard.
Thank you for this briefing, it helped me realize that i should start somewhere else in the IT career so that i can kind of "find myself" inside of this evolving playground!
I really enjoy your videos, the amount of work and the information you pack into them, is greatly appreciated. Do you have a video about how to get into Defensive side/Blue Team of Cyber Security field? I am looking for some sort of road map, guidance to transition from IAM/PAM field which is what I am currently doing into the defensive side of cyber security. Are there any certifications, or specific skills geared towards this field that I should be learning? I am already Security + certified. How do I leverage/or Transfer my IAM/PAM skills going into Defensive side/Blue Team of Cyber Security field? Thank you
Other reasons would be, if you think this field is as portrayed in the media or Hollywood representation, and also if you aren't willing to build a solid foundational knowledge of computing, and networks, mainly.
I am definitely lacking some of those necessary skills but I know I will improve. With enough practice, I can be just as good as those talented ethical hackers. Thank you for this video. Now I know what to focus and improve on! :)
Sir, your organizational analysis of this field is reality based. I became aware of you through J. Auger. I like this field in what you mentioned. One of my goals of this field is help pay for mental health topics to help folks in the aging field and cybersecurity. You nailed it with writing.
Hi Sir, I have jumped into Ethical hacking recently. I am graduating in CS and for quite some time I am working on ML and data science. It's been a year and I am progressing in it. Recently I have explored ethical hacking and have found it really interesting, just really enjoyed doing it. I want to take both of them side by side giving equal time to both(I study a good amount of time). Should I continue with my approach or will I have to swallow the tough pill and choose one?
As a university lecturer in IT/cybersecurity, I would encourage those interested in cybersecurity/ethical hacking to initially focus on a good grounding in programming, networking, OS, architecture, etc as too many want to jump straight into learning to hack without the necessary foundational skill to even understand what they are hacking. Learn general IT BEFORE trying to specialize in cybersecurity. Certs (Cisco, etc) are the way to go for a solid foundation and springboard on which to build.
I say this all the time CCNA CISSP security +
@@518trey1 I would leave off the CISSP until you have a bit of experience in the field but 100% on the other two. I went the GSEC route but only because my work picked up the check. It's a great course and exam, there are cheaper options, like the ones you suggested, though.
@@518trey1 there's a reason why the CISSP has a 20% pass rate. Because people like you who think it's easy. Lol
@@dontbemadsunshine first of all I didn’t say it was easy. Second of all you don’t know me or my education bud but nice try. This is why people like you are so snarky you should read more you’d realize I didn’t say anything you said just now. Lol
@@143jeg that’s whatsup man! And I know the CISSP requires 5 years of work experience in the field. I’ve been in the field for 5+ years and have my CCNA and Sec + so this is the next step in the chain for me. Also thinking of obtaining a CEH and a PCap since I’m fluent in python but who isn’t. Lol
I agree, most people like the idea of being a 'hacker', thinking it's a super cool thing to do and tell people that they do. However, the reality of it as you need to constantly study and work awful hours.
Too late, already became one
Same🤣😭
Hey bro what is your job profile and do you get to use Kali Linux ? Cuz I'll be getting in the same field
Edit: i mean do you get to hack using Kali Linux?
Same, this video came four years too late 😂. Good job I actually enjoy the job - reporting not so much 😜
@@curhou2 how do u start?
Script Kiddy does not count. 😬
I appreciate that you made this video. I think it's important to understand how intensive this field can be and one truly does need to have that passion. I'm still on the fence, but partly because of the fear that I can't do it. I'm slowly training myself through your videos and other resources to build confidence, technical knowledge, and the passion. I'm getting there, but I know I'm not ready to take that leap just yet. Thank you.
It's just fun to learn in my opinion.
Always loved this field as a kid. Got older and realized it was nothing like the movies but the passion to learn was so big that I still took a chance to challenge myself. Recently obtaining my eJPT gave me a tad bit more confidence in pursuing this career (currently working as a sysadmin). Hopefully I can one day hold a OSCP certification.
how’s it going? I’m currently in the cybersec club at my college while studying to complete a certificate and I met some met some guys my age that one has OSCP already and the other is waiting to complete eJPT.
I like pen testing and think it’s what I’d like to base my career around and just wondering if you think eJPT is a good starter cert to do so
Yeah I quickly realized that after I did 1 pentest, while it is fun I couldn’t see myself being able to keep up with it and found it would require intense amount of research outside of work. Switched to Infrastructure Security Engineering and Architecture, it’s a bit more relaxed and I like it, it’s basically being a solutions architect for security related things.
@@ViolentbyDesign I dont have any certifications. I graduated college in December 2020 (BSc in IT with Security classes), in the meanwhile I went and got a cyber internship in july 2019. I got that internship based on the project that I did and security+ course and book I read to have enough knowledge to get my foot in the door. The first year of my internship I did a pentest as a combined group of interns, it was more of a vulnerability test. Moving forward to the year after however, they wanted me to be the "lead" pentester and to prepare for that I took TCM's PEH course from Udemy and basically was able to do a successful test just from that course with a much better knowledge of pentest methodology. I personally find value in the certificate resources not actual test itself. Ill then apply the knowledge in a real environment. To have a more wholistic experience, within the same company I was a cyber intern, help desk support specialist, and then a jr security analyst over the 2 year period, then moved to a different company as a security engineer after again studying enough to get foot in the door and selling my self and skills on interviews.
Sounds like me. How did you transit? I too want to do something likr solution architect for cyber sec
@@ViolentbyDesign No worries! If you need any help further with resume or general advice I’d be happy to do what I can!
@@HowToCyber Hey, what certs did you do to get into security engineering?
@@multithangam I don’t have any certs. I believe the reason why I was given a chance as an engineer is because of the way I presented my experience on my resume as well as my interviews. Which is another critical thing that some people aren’t able to do, I didn’t either at first but after failing multiple, I’m talking atleast 10-15 phone screens or interviews, I did a self reflection and made changes to my resume as well as the way I present my self. Certs arent everything, your ability to show an employer professionalism, willingness to learn and grow is what gets you far
I'm studying ethical hacking both for fun and to improve my understanding of red team methodology, eventually I plan on getting a job in cloud security to help protect critical infrastructures specifically hospitals if I can.
That is pretty close to the path I took to get to where you want to be. So for what it's worth I think you are on the right path. Keep studying though, you just have to love learning new things in the cyber security field.
@@143jeg How you both doing with the process?!
This is something I thought I was working towards for years. I was interested in cyber/IT security but thought I was just working towards being a pen tester. On that path I found that I really have a passion for vulnerability management on an enterprise scale. I still build my pen test skills as a hobby, but don't think I would take a pen testing job if it were offered to me now.
Same here. I thought I wanted to become a pentester, but I prefer looking at logs, packet captures, and responding to alerts etc
blue team is awesome and hacking as hobby is perfect for me
I agree...partially. I think most of these could be learnt as long as you are curious and willing to develop the habit of learning. A change of mindset could go along way in achieving all of this.
agreed, alot of these are just learned habits and skills
Thank you for this video. I'm relatively new to the space but something I quickly realized was studying the "boring" stuff is absolutely necessary. Right now I'm setting up freeipa and keycloak in a homlab so I can better understand how to configure the service for our work infrastructure. It has hugely beneficial working through the headaches and getting a better understanding of identity management. It's not sexy but it helps with understanding how ldap actually works.
I first learned about ethical hacking a few years ago, but it wasn't until recently that I really started becoming interested in the field. A few things that I have always loved, and feel I will continue to always love, are learning, problem solving, helping people, and technology.
Hi
May I know how did you start learning ethical hacking? I mean did you study by your own watching videos or you went to college?
Thanks in advance 😊
I've been security-adjacent for a long time now, and what you said rings true to me. One thing that crossed my mind with regards to the report writing, is how to bridge the gap when someone is technically proficient (maybe even exceptional), and can communicate with tech folks, but maybe aren't strong on business communication. It strikes me that there's room for a role that can act as the translator; someone who can understand the gist of the technical report, and turn it into a more business-friendly one.
I like your T-Shirt!
Thank you for the video- I realised this field is for me.
Studying is like my superpower, all jobs that I have burnt out because I wasn’t intellectually stimulated.
Thanks for this Video Keith.
This cuts across almost all fields, when you know want to be top in your field you need to be able to accept doing all the extra reading, continuous learning and growing as part of life. If you want money, you should equally accept the stress that comes with it.
Keep up the great job. Love from 🇳🇬
I already know I’m gonna love Pentesting. Just playing in the lab, I get really excited and happy when I accomplish something.
Your video just convinced me I SHOULD be an Ethical Hacker! Thank you, Heath!
Follow-up question: Where specifically do you go to study to make sure you are up to date? If you're new and once you get a few certificates, how do you keep up?
Hey Heath - you often talk about having to stay up to date with new exploits/attacks/defences in the space, could you advise of some websites or forums that are particularly useful for this? Sorry if you've already covered this somewhere!
I totally agree. I read all news, all pdf, many books, watch videos... every day. Im watching you at 2 am
Definitely a great and sobering video. Good to have these azimuth checks to make sure all the motivations are there but also that we're being real with ourselves and understanding that it's still a job and if we're not all in than it'll feel more like a burden than something fun. Thanks for putting this together.
I really appreciate this perspective. I’ve been looking in to many different fields of IT work and I initially started down a path of becoming a Java developer. But when I looked at the cons I was heavily discouraged and felt it wasn’t for me. I also felt the same about many of the defense based cyber security roles and was ready to give it up. But this was the first time that I heard the cons of a field and wasn’t discouraged but instead felt that the reward was worth the hours I would have to put into to become efficient as an ethical hacker, even though it will require some skills in the fields I was initially discouraged from. That let me know that there is an underlying passion for this kind of work and I’m still very excited to begin this journey and now I have a better understanding of what it is I’m getting into. Thank you so much! ❤️
I am 19 and have no idea what I want to do. I'm going into this field because of family connections and because of the money. What can I do to be more passionate about it?
you cant decide to be passionned, you wake up and you have only one thing in mind: hacking, art, math, flowers, dolphins anything... and some people have no passions and they are happy as well
@@plushplush7635this is kind of a lie. When you challenge yourself(but not so much to the point where you're stressed out)and get better at that and you start to accomplish bigger things you start to like it even if you were not passionate about it. I'm not into cyber but web dev didn't sound as good as how I feel when I'm doing some websites now. Now I really like web development and I didn't do it for the fun at the beginning. You can start liking something new if you challenge yourself and If you are curious enough. Even things that are extremely boring and shitty can be good if you do it right
Most of my current experience is Blue Team and I'm wanting to move to Red Team or even just to get the knowledge and know how to be a better Security Analyst
Really agree with what you have put into the video, one thing to add could be that it's not the "Hollywood" definition of what a ethical hacker is as that is why many people want to do it
omg I've been thinking a lot of time if this is the field that i want to specialize in, but now that i'm seen this video... i KNOW is the perfect field for me, i'm so exited but it's hard to find an entry point, there is so much information, courses, certifications, and even opinions but i need to find a way to become an ethical hacker, i love it
Great video, Heath! I'm glad to say that I fit your criteria of being passionate about pen testing and ethical hacking. This video is much needed for those that are wanting to do this solely for the money and haven't given it much more thought than that. Looking forward to more videos!
I love to do all of these things. I'm just starting everything at 35y old. Wish me luck.
So I'm about to start studying EH at a University level, after watching this I am sceptical cause honestly money ticks a box, logically I'm good in IT historically and the Social engineering aspect of EH really intrigues me cause I've instinctively always found social loopholes from a young age, but I do not like hours of studying in goes, and know very little in the way of coding. If anyone wants to give their 2 cents I don't mind
I am a beginner in cyber security field. now at this time , I am going to start of our journey in this field. thank you !
I'm learning it just as a hobby and for fun
here also an accountant like you and studying my Msc in cs to change my career and my life bro. i feel like i wasted my time studying and working that shit😢 .great to have a man like you!
2 years back,
I'll change the world by becoming an hacker.
Now,
Still doing phishing.
I kind of always thought that I would be more comfortable in a Cybersecurity Analyst role as opposed to a Penetration Tester. I'm currently taking the PNPT certification training and that training and this video have cemented the idea that an analyst role is what I'm more suited for. I'm still taking the training and plan on eventually getting the certification as most analyst roles I've found still typically require/prefer candidates to have such certifications anyway.
I totally agree with all your reasons. Passion is crucially driving mechanical for all areas, not only Ethical Hacking.
Thanks, Heath for that PSA! You are 100% correct! Many things are forever changing and you have to keep up with the latest of everything that relates to the "ethical hacking wheel-house".
My question is how do you stay so up to date at all times? How does someone stay ahead of new things coming out
If I didn’t have someone tell me about it I’m not sure how I’d know im about changes
i see many channels just focusing on the hacking part. can you please start a series to talk to us about how to make a report? I'm talking the stuff you are mentioning on 7:17 that will be very helpful for us
Im studying myself, and as I study I find out I need to learn 10 more things, then 10 more and 10 more and 10 more lol. When do you think you are ready enough to apply for jobs?
You hit the head of the nail! This is field is like the Medical Research field. You have to do your research and study your ass off.
This video has me questioning whether I am the person you're talking about.I love this field and have a passion for IT. I did start with the basics and learning networking fundamentals through a network engineering course. I was originally going for a Network Engineer role, but I couldn't see myself typing in those Cisco CLI commands day in and day out. I love to do things I'm not really supposed to and the rush you get when you basically break into something is amazing. I did obtain my eJPT recently which was probably the most fun I've had in a very long time. I'm still going to pursue a cybersec role despite this video.
I think I still have the passion, and while I haven't kept up with my writing skills, I believe that with a little hard work and effort, I can quickly have that skill set back under my belt.
The only thing that sort of makes me feel uneasy about this field is like you said, with every minute that goes by in everyday this field is changing and the need to be able to adapt to that requires a certain mind. I hope I have that mindset. Every free moment of time I have I spend studying. I don't have any programming skills yet (I can read code at a basic level but can't write it effectively) but I'm hoping your Python courses in your academy will help me out since I've been working on learning Python through a book called Black Hat Python already.
Thanks for the video and thanks for TCM Academy. Let's see where this goes.
Thank you so much
Now I’m 100% sure that I want to become an ethical hacker
I’ve been wanting to learn this type of material
I’m hoping to get my ITF+ this summer and I want to go down the CompTia Pentesting route
Thank you!
Itf+? Get A+ .
Has a fist course for add new skills(i'm a software delevoper plus Pen Testing my own machines) do u think is good start with EC-Council Ethical Hacking C/EH course or better something else???
In school for cyber right now. Been in IT for over 5 years with an msp and also worked as the sole IT guy for a state facility. I have done all kinds of stuff in both. Currently I am on the security team with the security analyst title. I do way more than typical analysts do though. I love the security side of things but where I am not is actually kinda boring. I love to learn and read all the time. I find that part of things easy. I also find writing to be very easy for me, likely due to 20 years military experience having to write tons of stuff. I think pen testing sounds fun and challenging which is what I need. Money is nice and all but it is not everything. I could make more than I do now, but love where I am. I figure the money will come if I am good enough. Pen testing is my goal. I watched your other video about the new hires. I already surpass most of those people in qualifications and experience so that side of things should be pretty easy. Love all your videos and advice.
I love videos like this. Thanks for helping me (as a college student trying to break into IT) to choose the IT field to work in👍
If you have a general interest and enjoy the idea of ethical hacking etc, or any computer related field, be careful, once something becomes your job and you HAVE to do it, at times that you may not feel like it, it can quickly become a chore and not something you enjoy anymore, which is a real shame.
all oif these things sound oke to me. BUT my quistion is are there youtubers who go over these changes as they happen?
Thanks TCM! I always appreciate your completely original talent for capturing the needs of the security community.
I have fell in love with I.T. period. Your right you have to have the hunger and passion for it. I am constantly wanting to learn new information. I have an associates in Cybersecurity, right at this moment, I am studying various programming languages and, working on several certs. My agenda is to study and understand the procedures, commands, executions that I carry out. I have interacted with several individuals that are chasing money, the salary, its really a spit in the face. I love hacking, and all the I.T. fields are involved. I learn from everyone, and like you said, it is forever evolving, it keeps me excited and on my toes.
8:00 almost all jobs need good communication skills
every professional field needs these videos. I wish I had a video for my career. Well done and said! I am now researching a new career. Thank you for making this.
my main thing is if person has a humanities background and to what extent. every square is rectangle but not all rectangles are squares. when i have people fail, it is usually due to tunnel vision or lack or understanding bigger picture, how to think, etc. there are great experts that come into field multiple ways but i know almost all i worked / hired with that had humanities background (humanities based towards business or economics degree / variation exception), have much better rate of success.
Just started your PCRP course. Cannot wait to begin this journey!
Main reason I love my field (Malware analyst) is because you always need to learn new things and keep up with the world, ethical hacker is very similar in this I would say. If you just like learning and studying, experimenting with new stuff or discovering new things all the time, than go for it! I love my job and always strive to learn more and adapt, making my job also my passion
I had a single accounting class apart of my CIS curriculum. I can't even fathom how you completed a degree in it and came out the other end thinking it was for you.
Any tips on how to improve my communication skills in order to be able to explain technical concepts at a high level? What did you do to improve your communication skills?
To be honest the best thing you can do is first understand perfectly the technical concepts, sometimes it is hard to explain because you lack the knowledge in the first place.
If you think you master the concept then try explaining to your mother, sister or non technical person, I have done that many time and when in the interview I always explained the concepts with ease.
@@compote-s1r cheers mate that's helpful
Awesome content and excellent commentary that I believe applies to ANY career choice! Passion, continuous skill development (Kaizen), dedication, and persistent drive, are essential. The combination of which is a money magnet. MM
I have had a lot of chaos in my life over the past month with suddenly moving and so it might have changed because i haven't been able to spend any time in this past month on tcm academy, but you should add a report write up course or info for better reports such as bug bounty vs pentest or breach reporting. i am still subscribed to your courses and you are to this day the only course i feel is worth the money and that you get more than you spend thus i am probably going to stay subscribed even if i get out of IT and get a job in cybersecurity for the foreseeable future. thanks for all you do.
Thank you. I am in process of looking my IT field and videos like this mean gold to me.
I think most aren't aware you need to learn straight through your entire career & life plus it's a lifestyle that becomes you.
I'm 13 rn, i don't like to study to much, but I'm already taking courses for it, cuz im passionate about it. I hope this does go well for me
Hi Heath, I'm really struggling to find a job in cyber security, they always require experience and I Just graduated in information sys tech- Cyber security so what is ur advice to get a job in a cybersecurity ?
For me its like martial arts, you have to take it seriously. You have to be responsible and you HAVE TO STUDY AND PRACTICE. YOU GET BETTER AFTER a while. My teachers have said; "once you BECOME a black belt Now your education begins." You are learning new things if you are serious allllll yhe time.
I'm rediscovering my passion after having kids stopped me doing it passionately. They've left the house now and I'm finding things are very different to 21 years ago
I must say: You words are deep rooted
So much to learn from you
it's been my passion since when i was a kid to be an ethical hacker although, i'm not quite good with communicating but i will improve my communucation skills for sure
I was in accounting/finance, and I hated it! Did for the money too but it wasn't for me, but now I'm learning what I enjoy. Ethical Hacking, and still learning.
I'm very interested in this field. When I was a kid i thought hacking was the coolest thing in the world. As i got older, i never learned how to teach myself (as a high school student) so i found out that you could make music on your computer when i was in 10th grade. I had a new dream! To be a touring edm artist. long story short, i wasn't able to put out music consistently enough market myself correctly. i sadly realized over a decade later that dream wasn't for me anymore.
So i started wondering about my very first dream, hacking. I am very much eager to learn and what not. However, i am very easily frustrated with trying to understand basic concepts. i feel like when they're explained, i don't have enough information to "attach" it to something else. So basically i have to keep going until i have a solid enough foundation to be able to determine if it's worth it to keep going or not. I can't tell if im overwhelmed because i simply don't know, or if once i really get into it i'll realize its not for me. And having that doubt is really discouraging to be able to learn.
I also have so many questions in the back of my head that add to the angst. Once i'm caught up to speed, how do i stay on top of things? how do i KNOW im "caught" up to speed? there's no central hub of information. chances are, my best bet is to find some underground forum on tor or somethin?
Basically i'm second guessing everything because there's no neds declassified hacker survivor to go by...
If you could make a video addressing this i would be so grateful. And I'm sure there are MANY others that feel the same as me, who just don't even feel the need to articulate it
PS: I've been going thru stuff on tryhackme and i really like the ELI5 concepts. But even so i often find myself looking up words that i should already know but don't. and then i have to look up words that were used to describe the word that i initially looked up.
no siempre vas a saberlo todo, no te desanimes por el video, intentalo nuevamente, y si ves que no es lo tuyo pues dedicate tal vez a algo más divertido, sé féliz y busca tu felicidad.
This is really a good heads up for the new security/hackers.
Might keep it as a hobby for extra money. And yes i bought your course. Courtesy to TCM free coupons. Heath you are love.
Quick question, is pentesting/ethical hacking professionally is really as exciting and interesting as people say it is? Or is it boring and monotonous?
Its challenging like didn't work? Try harder... You can love or hate it
full of stress, I would say
I have been ethical hacking for 2 years and only a few informational and duplicates tells you how difficult this field is.
The hard truth is that if you have zero knowledge in IT or anything computer related, being an hacker is just to soon.
I have seen too many courses stated that you go from zero to hero or that in 40h of course you can become an ethical hacker, of course not, at most a script kiddie but nothing more, computer science and pentesting takes so much time and effort.
Hey Heath. How about a video on choosing red vs blue team?
personally, im in it to help people that mayh need help right now. i want to do good for the world and bring hope to loved ones. i hope can do that.
First of all I love your video ❤️❤️
Sir, please make a video on cloud security.
Yes :)
This was eye opening, thank you, still here though! I'm all in...going blue team first then red.
Thx u for this video it’s offering a different perspective
Another reason why someone may not want to become an ethical hacker? Some Tech companies in Europe are 95% male, with none of their 5% of females working in a technical role. Starting out as the first girl in a technical role in a company like that can be very hard.
Person with full of passion 🙌
Once we take your cert exams, what resources can we use to stay up to date on new threats?
Thank you for this briefing, it helped me realize that i should start somewhere else in the IT career so that i can kind of "find myself" inside of this evolving playground!
Don't be like me. Don't be a hacker.
Mr robot : hello friends 🤖
Painful but true, as an ethical hacker myself I noticed I'm not really that fit for my job even though I like it
That was legit. Now I got the answer for myself. Thank you 4 dis
I instantly thought of Cerberus when you said being an ethical hacker means being a 3 headed beast.... I love dogs! 😁😁
I really enjoy your videos, the amount of work and the information you pack into them, is greatly appreciated. Do you have a video about how to get into Defensive side/Blue Team of Cyber Security field? I am looking for some sort of road map, guidance to transition from IAM/PAM field which is what I am currently doing into the defensive side of cyber security. Are there any certifications, or specific skills geared towards this field that I should be learning? I am already Security + certified. How do I leverage/or Transfer my IAM/PAM skills going into Defensive side/Blue Team of Cyber Security field? Thank you
How much money do you make proportionally between pen test, selling courses, accounting and youtube videos?
thats great because i dont give 2 craps about money
Facts I do not care about the money🤣🤣🤣
I know a guy who calls himself gummo who was wildly successful becoming ethical.
Can you make a video on which is the best website to learn hacking for beginners and which one is the best for advanced hackers ?
tryhackme for beginners and hackthebox for intermediate and advanced
@@plushplush7635 thanks and your right
This just added to the ambiguity of this field. Not sure how to break to the Cyber .
Excellent advice! Thank you!
Other reasons would be, if you think this field is as portrayed in the media or Hollywood representation, and also if you aren't willing to build a solid foundational knowledge of computing, and networks, mainly.
I've been coasting for a year 😀 glad you mentioned it
I am definitely lacking some of those necessary skills but I know I will improve. With enough practice, I can be just as good as those talented ethical hackers.
Thank you for this video. Now I know what to focus and improve on! :)
1. stay curious 2. persistent 3. dont worry if you are not top notch
@@plushplush7635 thank you :)
Instructions unclear, became an unethical hacker
(/j)
Sir, your organizational analysis of this field is reality based. I became aware of you through J. Auger. I like this field in what you mentioned. One of my goals of this field is help pay for mental health topics to help folks in the aging field and cybersecurity. You nailed it with writing.
what if you find a bug, send the report, they do not accept it as a bug, but later you see that they have fixed that bug though
Hi Sir, I have jumped into Ethical hacking recently. I am graduating in CS and for quite some time I am working on ML and data science. It's been a year and I am progressing in it. Recently I have explored ethical hacking and have found it really interesting, just really enjoyed doing it. I want to take both of them side by side giving equal time to both(I study a good amount of time). Should I continue with my approach or will I have to swallow the tough pill and choose one?