Have you ever been told that you cannot get into the cyber security field without a college or university degree? If you have, you are not alone! Lametably, this is one of the most common false assumption that permeates even the cyber security industry at large. The general consensus is that professionals must have formal education in order to stand a chance of getting hired. While it is obvious that formal education has its benefits, is it really that significant?

There are certain industries that are essentially impenetrable without formal education and a university degree. The medical field is a prime example of this. Other fields have adopted a different form of learning through an apprenticeship where a master trains an apprentice from the ground up. In today’s digital world, where an incredible amount of information is at the fingertips of anyone having access to the Internet, a third form of education has arisen – self-learning. No longer are you limited to the curriculum of a particular educational institute or the skills of just one individual. Instead, you have the freedom to choose what to study, from whom to learn, and which subject matter experts you want to listen. The flip side is that this great freedom of choice lays a significant responsibility on your shoulders as there is no one to push you forward except you yourself.

If you can overcome the obstacles and arm yourself with motivation and perseverance, self-learning can yield significantly better returns than traditional academic learning or an apprenticeship. Additionally, self-learning gives you the freedom to learn new skills in your spare time, even if you already have a job in a different field.

The main problem with formal education is that it is far too theoretical for a field that is so practical. Understanding the theory behind information technology and cyber security is, of course, of prime importance, but that alone will not be sufficient when faced with real world challenges.

Another issue is the bureaucratization of educational institutions which prevents universities and colleges from applying rapid changes to their study curricula. Information technology in general, and cyber security in particular, are fields where things change constantly due to new emerging threats, the advancement of technology and the enforcement of new legislations. Universities and colleges simply are not capable of handling this volume of change. On the contrary, new information and content are uploaded nonstop to the Internet. In many cases, you have the latest and greatest information readily available to you free of charge!

If you are just staring out, I strongly recommend focusing first on acquiring a solid theoretical foundation and at the same time gradually incorporating an increasing amount of practical exercises to the mix.

Hack the Box is a superb online training platform for seasoned professionals and novices alike. It offers a wide range of different types of Capture the Flag (CTF) challenges with varying levels of difficulty. Essentially, it is a game that you play in order to learn and sharpen your cyber security skills. The goal is to successfully compromise machines by legally hacking your way into them. New machines are added regularly, and old retired machines can be played with a VIP subscription.

TryHackMe is in many respects similar to Hack the Box. Personally, I find it to be more suitable for newcomers whereas Hack the Box is more likely to meet the needs of professionals. Especially the Advent of Cyber challenges are an excellent way to embark on your CTF journey. Many basic concepts such as web application attacks, network mapping, and even static malware analysis techniques are explained well in layman’s terms. This will help you to understand not only what to do to complete the challenges, but also the reasons behind these actions.

If you haven’t already, head over to the Advent of Cyber challenges and start learning!

Advent of Cyber 2020

Advent of Cyber 2021

Advent of Cyber 2022

Cyber Defenders, as the name implies, is an online platform dedicated to the important area of Security Operations and Digital Forensics. The site provides various lab exercises free of charge to practise, research and learn how to defend against cyber threats, and how to investigate security incidents.

A fantastic trait of the platform is that most of the labs are created by individuals, and thus there is plenty of variety. You can find labs dedicated to particular operating systems such as Windows, Linux and MacOS as well as specific applications, files and even malware families.

YouTube houses nearly an infinite amount of video content about cyber security, networking, digital forensics, systems administration and cloud computing. Although most videos will not dive very deep into a subject matter, they provide a good basic understanding which you can then supplement by reading related articles and blog posts. YouTube is an excellent resource for newcomers as it offers easy-to-understand video tutorials from industry experts.

I personally recommend that you learn from John Hammond, a highly experienced offensive security expert who has been a Department of Defense Cyber Training Academy instructor. Moreover, Mr. Hammond holds numerous industry standard certifications, including the prestigious Offensive Security Certified Expert (OSCE³). Mr. Hammond has a plethora of videos on YouTube where he shows and explains in detail how to hack.

Please take a moment to watch this insightful, controversial and intriguing recommendation from John Hammond:

If you are still wondering whether you can actually succeed in the field of cyber security without a college or university degree, the answer is Yes. You can demonstrate your enthusiasm and commitment to prospective employers by completing CTF challenges, reading online articles, watching various videos, participating in industry events, and reading books. With all the resources that are available today, you really have no reason to turn down this great opportunity! Go for it!