Starting Your Hacking Journey - A Beginner's Roadmap

Starting Your Ethical Hacking Journey - A Roadmap

TLDR: No… actually read this one ;)

“If I was to start again hacking, where would I start?”

-> TJ, a dear friend (tjtechpro)

This question from my friend TJ really got me thinking. After more than a decade in IT, I’ve seen countless people struggle with where to begin their ethical hacking journey, myself included. The field is vast, the resources are overwhelming, and the path forward isn’t always clear. So I decided to create a comprehensive roadmap that I wish I had when I started. I plan to start this as a new series where we can cover the basics of everything you see below.

Target Audience: Complete beginners to cybersecurity and ethical hacking
Time Investment: 6-12 months of consistent study
Prerequisites: Basic computer skills, curiosity, and determination

The Foundation Phase (Months 1-2)

1. Learn the Fundamentals

Before you can hack, you need to understand what you’re hacking and how to take notes properly.

Start with:

Networking Basics: TCP/IP, Packets, Ports, Protocols
Operating Systems: Linux command line, Windows basics
Web Technologies: HTML, CSS, JavaScript, HTTP/HTTPS
Programming: Python and Bash scripting (essential tools) - Automation truly is key here
Note Taking: Cherrytree, Obsidian and other apps - Get good at taking notes

Resources: TryHackMe Learning Paths, Coursera Computer Networks, Cherrytree

2. Set Up Your Lab Environment

You need a safe place to practice. There is no better place than 127.0.0.1!!! Later in this series we will automate our lab creations to skip the boring stuff and dive straight into the fun shenanigans.

Create your hacking lab:

Virtualization: VMware/VirtualBox or WSL (Physical/Virtual/Web) *The Big Three
Linux Distribution: Kali/Parrot or my own hArch (Arch Linux) - It’s not as scary as you think
Vulnerable VMs: Metasploitable, DVWA, WebGoat
Cloud Lab: TryHackMe, HackTheBox (free tier)

Resources: Kali Linux, VulnHub

The Learning Phase (Months 3-6)

3. Master the Process not the Tools

Learn the essential tools like every other hacker but don’t rely on them too much:

Reconnaissance: Nmap, Recon-ng, theHarvester - So so important, probably the most important
Web Application Testing: Burp Suite, OWASP ZAP, Web Sockets
Password Attacks: Hashcat, John the Ripper, Hydra
Exploitation: Bind/Reverse Shells, CVE’s
Post-Exploitation: Privilege escalation techniques

Resources: Lame Codeup - Packets, PortSwigger Web Security Academy

4. Practice, Practice, Practice

Hands-on experience is crucial. Start with these platforms:

TryHackMe: Beginner-friendly rooms and paths
HackTheBox: More challenging machines
OverTheWire: Wargames for specific skills
PentesterLab: Web application security

Goal: Complete at least 50 machines/rooms and be able to read code snippets before moving to advanced topics

The Specialization Phase (Months 7-12)

5. Choose Your Path

Cybersecurity is vast. Pick a specialization:

Web Application Security: OWASP Top 10, API security
Network Penetration Testing: Infrastructure security
Mobile Security: iOS/Android application testing
Cloud Security: AWS, Azure, GCP security
Red Team Operations: Advanced persistent threats
Purple Team Operations: SOC and Hackers working together… sayyy whattt

6. Get Certified we don’t need College

Certifications validate your skills and open doors:

Entry Level: CompTIA Security+, Pentest+, eJPT
Intermediate: CEH, OSCP, PNPT
Advanced: OSCE, GXPN, CISSP

Note: Focus on hands-on certifications over theoretical ones

The Professional Phase (Year 2+)

7. Build Your Portfolio

Document your journey and showcase your skills:

Write-ups: Document your CTF solutions and lab work
GitHub: Share your tools and scripts
Blog: Share your learning journey and insights
Networking: Join communities, attend conferences hint hint

8. Stay Current

Cybersecurity evolves rapidly. Keep learning:

Follow Security News: Krebs on Security, Dark Reading
Research Papers: Stay updated on new attack vectors
Conferences: DEF CON, Black Hat, BSides
Continuous Practice: Never stop learning and practicing

Common Pitfalls to Avoid

⚠️ Don’t Make These Mistakes:

Skipping the basics: Don’t jump straight to advanced topics
Tool dependency: Learn the concepts, not just the tools
Isolation: Join communities and learn from others hint hint
Impatience: This is a marathon, not a sprint
Illegal activities: Always stay within legal boundaries

Final Thoughts

The journey into ethical hacking is challenging but incredibly rewarding. Remember, every expert was once a beginner. The key is to start, stay consistent, and never stop learning. TJ, if you’re reading this, I hope this roadmap gives you the clarity you were looking for. The cybersecurity community needs more passionate people like you!

Remember: The goal isn’t to become a “hacker” overnight. It’s to become a cybersecurity professional who can protect and defend. Use your skills for good, stay curious, and most importantly, have fun on this incredible journey!

“The only way to learn a new programming language is by writing programs in it.”

-> Dennis Ritchie (applies to hacking too!)