Learning cyber security by avoiding resource curse

Personal Experience

Cybersecurity is one of the fields which has a lot of resources. This sometimes may lead to a resource curse. I have been a victim of the resource curse. That is why I decided to focus on three resources for at least the next few weeks while preparing for my Practical Network Penetration Tester certification.

In this blog, I will share my experience of learning and developing my cybersecurity skill using TCM-academy, tryhackme, and portswigger. First of all, I chose TCM for three reasons.

1. I have to go through HR in my job hunting, which means I have to show that I have some certification. I found Practical Network Penetration Tester certification to be practical, affordable, and junior level [I am not ready to pay $1K, and I am not fond of MCQs].

2. TCM-academy covers various areas, such as web security, application security, privilege escalation, OSINT, report writing, and Active Directory attacking.

3. The courses are practical, following the lecture is accessible, and the streamers are easy to understand.

How am I combining the three?

I consider tcm-academy to be a course outline. The first few sections of the course can be taken without referring to other places. However, it makes sense to put more effort into the practical part.

For example, when I first encountered Nmap in TCM, I did Nmap room in tryhackme. The same applies to Metasploit and Nessus. When studying web security, for every web security OWASP top 10 attack, I visit portswigger academy about that specific web security and do the exercise. The combination results in both practical knowledge and portfolio.