TryHackMe – Starting Out in Cyber Sec – Notes

This page contains notes for the ‘Starting Out in Cybersec‘ room on TryHackMe.

The room presents a (very!) brief introduction to cybersecurity roles, both offensive and defensive. It’s purely informational and doesn’t have any VMs or simulations. There are only two (super easy) questions to answer, and the whole room takes just a few minutes to get through.

Walkthrough

Task 1 – Welcome to TryHackMe

This room presents a short introduction to careers in cybersecurity.

Question 1

Read Me and Proceed!

Answer:

No answer needed

Task 2 – Offensive Security

Most of the time when people think of ‘hacking’, they are thinking of the offensive side.

But most of the money is in helping companies to secure their data, especially if you want to stay on the right side of the law.

A penetration tester, or ‘pentester’, Companies pay pentesters to find vulnerabilities for them, and also hire people with pentesting skills for cybersecurity staff positions.

Pentesters will often have a high degree of general knowledge while having a specialty in one or more areas.

One thing to keep in mind as a beginner, is that while pentesting jobs are great, they aren’t the only job in cybersecurity, and they aren’t the only jobs that use the pentesting skillset (which is actively developed by CTFs). For every actual, full-time pentester job position, there are many other (probably 10-20x) positions in cybersecurity.

Question 1

What is the name of the career role that is legally employed to find vulnerabilities in applications?

Answer:

(Highlight below to see answer):

penetration tester

Task 3 – Defensive Security

Every company requires cybersecurity and the larger the company the greater the support requirements.

Since companies are primarily concerned with protecting themselves, it stands to reason that most cybersecurity jobs are on the defensive side. This involves preventing, detecting, and stopping attacks on a company’s IT assets and data.

One of the most common roles on the defensive side is the Security Analyst. Security analysts monitor their organization’s networks and investigate any breaches that occur.

Another role is the Incident Responder. They investigate attacks that have already occurred, trying to assess and minimize the impacts of an attack.

Question 1

What is the name of the role who’s job is to identify attacks against an organisation?

Answer:

security analyst

Conclusion

This room is brief, but manages to introduce offensive and defensive roles in security. I think it also could benefit from a black/white/grey hat comparison as well as a discussion of red and blue teams.

A huge thanks to tryhackme for putting this room together!