What I learned my first week looking into cyber security:

1. What I learned as a web developer applies.
2. It’s more fun to learn than regular web development.
3. It broadens my skill set.

TLDR

It was an exciting week dipping my toes in cyber security. Links and info I came across during my discovery:

• cat To read plain text files.
• wget To download files.
• file To look at the file type.
• exiftools Read and write meta data.
• CTFTime Competitive events.
• picoCTF Learn and compete against others.
• Kali Linux Linux for hackers.
• Intro to API hacking

A lot of what I learned as a web developer applies

I was going through PicoCTF and solving the beginner challenges. The experience was to going through the usual way of how I would debug an issue in my application.

The goal of Capture the Flag games (CTFs) is to find a string with a specific format. This string is a flag. For PicoCTF is looks something like this picoCTF{some-striing}

I tried the beginner challenges, designed for high school students. I found myself using tools that I use on a daily basis, which was encouraging.

CLI tools I used which I already knew:

• cat To read plain text files.

• wget To download files.

• file To look at the file type.

exiftools was the only one I needed which I had to discover. And man, I’ve been living under a rock! This tool is awesome. It can read metadata from images, videos, audio files, and more. I used it to find the flag in the first challenge.

Along with the tools above, I was running python scripts. I was using the same tools I use on a daily basis. I was just using them in a different way.

I got excited piping a string through base64. I don’t know why, but it was great find a flag that way.

I know, I know, these are beginner CTFs, but it gives me an idea of how CTFs work.

It’s more fun than learning web development

Yeah, you read that right. I’ve been a web developer for 15+ years and I never had more fun learning a topic like cyber security (well, generated art comes very close).

The community has gamified the learning process. CTFTime and picoCTF made cyber security competitive and fun. There are even CTF teams! which I’m excited about. Unfortunately, it looks like it takes a year or two to be part of a team.

It broadens my skill set

My world has been in application development, some devops and database architecture. Cyber security has me learning about netcat, file meta data and hacking tools. It’s broadening my skill set because I need to learn these things to get to the flag.

I feel like I’m becoming a better developer. My many years of backend software programming helps a bit. But, not much. I feel like noob in this space.

I even started using Kali Linux. Nothing against Linux, I use them all the time to host web services. But I don’t use them for development. I’m using Kali Linux to learn about hacking tools. I’m excited that I have a new environment to play with.

First impressions

I’m excited to get into it. I heard/read that it takes 5+ years to get good at this. Sounds just like backend web programming. So, here I am, week one. 4 years and 51 weeks to go to get a sense of mastery. What would be clutch is if I can join a team.