I have a basic background in IT support but I want to pivot into Cyber Security. There is so much information out there that it's overwhelming. Should I start by learning networking protocols, or should I jump straight into tools like Kali Linux and Metasploit? I want to follow a structured path that leads to a professional certification like the CEH.
3 answers
Don't ignore the soft skills! Ethical hacking involves a lot of reporting. You need to be able to explain technical vulnerabilities to non-technical stakeholders clearly.
You should absolutely start with the fundamentals of networking. You cannot protect or hack what you don't understand. Master the OSI model, TCP/IP, and DNS first. Once you have a firm grasp of how data moves across a network, then you can move on to Linux environments and basic scripting with Python. Jumping straight into tools like Metasploit without knowing the underlying theory is like trying to drive a car without knowing how an engine works; you'll get somewhere, but you won't know why or how to fix it when things go wrong. A structured course like the Certified Ethical Hacker (CEH) is excellent for tying these concepts together.
Are you planning to build a home lab using VirtualBox or VMware to practice these hacks safely? It is the best way to get hands-on experience without breaking the law.
That is a vital question, Sean. Setting up a controlled environment is step one. I always tell students at iCertGlobal that practicing on platforms like TryHackMe or Hack The Box within their own virtual machines is the only way to build the muscle memory needed for real-world penetration testing. It keeps your learning legal and ethical.
Spot on, Kelly. I’ve seen great hackers fail because they couldn't write a report that convinced the board to invest in better security patches.