Establish a Solid Technical Base

Building a robust technical foundation is paramount. At a basic level, the essential skills include:

• Operating Systems: Acquire a thorough understanding of contemporary computer operating systems and their security frameworks, including Windows, Linux, Mac OS, as well as mobile systems like Android and iOS.
• Networking: Gain an in-depth comprehension of networking principles, such as the OSI model, network topologies, routing and switching, the TCP/IP addressing scheme, common networking protocols, wireless technologies, and network services.
• Programming Languages: Develop the ability to read and write code in at least one programming or scripting language, such as Python and Linux Bash/Shell. Familiarity with other languages like C/C++/C# and Java is also beneficial.
• Web Technologies: Attain a detailed understanding of web technologies, including HTML, JavaScript, HTTP/HTTPS, and DNS, along with the interplay between these technologies and the security vulnerabilities they may present.
• Databases: Understand the security models and potential threats associated with databases, which serve as persistent storage solutions. Familiarize yourself with SQL, RDBMS, and NoSQL databases.
• Cryptography: As a fundamental aspect of modern Internet security, cryptography underpins e-commerce, data protection, and secure communication. It's vital to grasp cryptographic concepts and their vulnerabilities to evaluate the security of contemporary Internet technologies.

Pursue Relevant Certifications

While certifications are not mandatory to kickstart a career in ethical hacking, they can provide a structured learning pathway and exhibit your dedication to potential employers.

Initially, consider pursuing one of the following entry-level certifications:

• CompTIA Pentest+
• GIAC GPEN
• Offensive Security PEN-100

Once you complete an entry-level certification and build your confidence, you might opt for Offensive Security’s PEN-200 course leading to OSCP certification, widely regarded as the benchmark in penetration testing credentials.

Be discerning with your certification choices, as not all carry equal weight. For instance, EC-Council’s CEH certification is often viewed with skepticism among cybersecurity professionals, except in cases where it might be necessary for specific job opportunities.

Explore Recommended Books

Reading books is one of the best methods to attain a comprehensive grasp of a subject. They delve into topics in great depth, offering insights unavailable in other formats. Therefore, regularly reading cybersecurity literature relevant to your interests should be a key component of your strategy to keep your skills current.

Here’s a list of notable books in penetration testing and ethical hacking:

• Gray Hat Hacking: The Ethical Hacker’s Handbook
• The Ultimate Kali Linux Book
• Metasploit: The Penetration Tester’s Guide
• The Hacker Playbook: Practical Guide To Penetration Testing (Parts 2 and 3)
• RTFM: Red Team Field Manual v2
• The Web Application Hacker’s Handbook
• The Browser Hacker's Handbook
• Hacking APIs: Breaking Web Application Programming Interfaces
• The Mobile Application Hacker’s Handbook (Advanced)
• Hacking: The Art of Exploitation (Advanced)

Note that some of these texts may require advanced security knowledge, so ensure you read the foundational books first.

Utilize Online Resources

Theoretical knowledge is valuable, but continuously refining your practical skills is essential to excel in the field.

Numerous online resources and Capture The Flag (CTF) challenges are available to practice your skills. Here are some popular platforms:

• HackTheBox
• TryHackMe
• Offensive Security Labs
• PortSwigger Web Security Academy
• Pentester Academy

Create Your Own Lab

Setting up a personal lab is ideal for honing your skills, providing the flexibility to experiment and tailor your learning experience. With the advent of virtualization technologies, building a home lab has never been easier.

It's crucial to keep your lab contained within a sandboxed environment on your local network. This precaution is necessary as the vulnerable distributions you install could expose your local network and personal information if mistakenly connected to the Internet.

To start, install Kali Linux, a widely-used distribution for hacking purposes. Kali Linux comes equipped with numerous pre-installed tools essential for penetration testing. You can use VMware, VirtualBox, or Docker for virtualization. This article won’t detail the lab setup process, as it warrants a separate discussion.

For vulnerable distributions, many pre-configured options are available online. The OWASP Vulnerable Web Applications Directory lists both online and offline vulnerable applications. VulnHub is another excellent resource offering a collection of vulnerable distributions for safe practice.

Participate in Bug Bounty Programs

You don’t have to wait for your first job to gain practical experience in ethical hacking. Numerous companies offer bug bounty programs. Platforms like HackerOne and Bugcrowd are among the most recognized in this domain, although there are lesser-known options as well. Once you feel ready, consider enrolling in one of these platforms to engage in bug bounty programs. Always review the terms and conditions, along with the rules of engagement for each program.

Conclusion

While this article highlights key resources for those looking to embark on a career in ethical hacking, many more exist on the Internet. The primary aim here is to provide a focused learning pathway for aspiring ethical hackers. Once you gain confidence, continue exploring additional resources that will complement your acquired knowledge.

For further reading in this series, check out How to Get into Cybersecurity.