Sign in Subscribe
For Newbies

Building a Strong Foundation In Cybersecurity

New to cybersecurity? 15+ yr pro guides you: Start with CompTIA Security+/Network+/PenTest+, then Microsoft Azure/Server, firewalls (FortiGate/Palo Alto), SIEM (Splunk/Sentinel), NAC (Cisco ISE). Hands-on via TryHackMe/HackTheBox. Practice is key! Free options too.

Abu Saleh Muhammad Zakaria

7 min read
Building a Strong Foundation In Cybersecurity

Hi, If you're new to cybersecurity or maybe you are a fresh grad or someone looking to switch careers, This article covers things you may consider and you can take it as a guide.

About me I've been in this field for 15+ years, and I know starting out can feel overwhelming, but don't worry. We'll build your skills step by step, assuming you know the basics of computers. The key is focusing on core ideas like networking and security, so you can handle real-world problems. Remember, this isn't just about reading, hands-on practice is everything. Without getting your hands dirty in labs and exercises, the knowledge won't stick, and you won't be ready for jobs.

Let me share some tips on how to study this in order. It's best to go one step at a time, so each part builds on the last. That way, things connect and make sense.

  1. Start with the basics of cybersecurity: Jump into courses like CompTIA Security+, Network+, and PenTest+. These give you a big picture of security rules, how networks work, and basic testing for weaknesses.
  2. Next, learn security for Microsoft stuff: Once you're comfortable with the basics, check out Windows Server and Azure security. These are used in tons of companies, so you'll see how to protect specific systems.
  3. Move to advanced firewalls: Get into tools like FortiGate, Palo Alto are the most common, however you may also find Juniper SRX Series, Cisco FTD in some environment. You need to know what they can do to block threats and their limits, super important for keeping networks safe.
  4. Then, explore SIEM tools: These are for watching and analyzing security events. Look at Microsoft Security Operations Analyst(Sentinal) and Splunk to learn how to spot and respond to issues.
  5. Cover Network Access Control (NAC): Focus on Cisco Identity Services Engine (ISE) as a solid example. It's widely used, and understanding it helps you get the main ideas of NAC, like controlling who gets on the network. Don't worry about every brand right now, the goal is grasping the big picture in security, the concept how NAC works and whats its purpose. NAC is just one tool among many.
  6. Always mix in hands-on work: All along, practice on sites like TryHackMe.COM for attack techniques. It's beginner-friendly with guides, and affordable. Once you're better, try Hack The Box for tougher challenges. Hands-on is MUST and its non-negotiable, without it, you'll forget stuff fast and struggle in real jobs, even interviews.

Now, some key advice from my experience:

  • Really master networking: It's the base of everything in cybersecurity. Understand how data moves and gets protected, networks are how systems talk to each other.
  • Pay extra attention to TLS and PKI: These handle encryption and proving identities for safe connections. Dig deep into how they work.
  • Don't just memorize, understand why: If something doesn't click, stop right there. Look it up on YouTube, docs, or even ask ChatGPT until it makes sense. If you're still stuck, reach out to me on Linkedin. (https://linkedin.com/in/asmz )
  • Hands-on is king: Theory alone won't cut it. Set up a home lab to play with networks, firewalls, switches, and Windows servers. This builds troubleshooting skills that matter. Networking and Windows Server setup are must-haves, so spend time there. Search YouTube for "how to set up lab using EVE-NG" it's a great free tool for virtual labs. Without this practice, you won't be effective.
  • For attack-side security: TryHackMe is perfect for starters. Sign up, follow the guides, and capture flags to practice ethical hacking safely. Practice, practice, practice, it's how you get good.

Stick with this path, stay curious, and keep going. Success comes from patience, persistence, practice, and performing in real scenarios.

No shortcuts here!

Alright, let's get to the resources. I've grouped them, kept the links as they are, and added what you'll learn from each based on checking them out.

GENERAL – VENDOR NEUTRAL

  1. CompTIA Security+ (SY0-701) - On Udemy.Com
    You'll learn the basics of cybersecurity to prepare for the CompTIA Security+ (SY0-701) exam, including a practice test. Key topics cover security principles, threats, and controls to build a strong foundation. Complete Course & Practice Exam - [ Give Exam and do certification ]
    Click Here
  2. CompTIA Network+ (N10-009) - On Udemy.Com
    In this course you'll learn networking basics to pass the CompTIA Network+ (N10-009) exam, with practice tests. Key topics include network setup, troubleshooting, and concepts like protocols and devices.
    Click Here
  3. CompTIA PenTest+ (PT0-003) - On Udemy.com
    In this course you'll learn ethical hacking and penetration testing to prepare for the CompTIA PenTest+ (PT0-003) exam, including practice. Key topics cover testing methods, tools, and reporting vulnerabilities.
    Click Here
  4. The Complete Certified in Cybersecurity CC course ISC2
    In this course you'll learn entry-level cybersecurity skills for the ISC2 Certified in Cybersecurity (CC) exam. Key topics include basic security concepts, risks, and starting your career in the field.
    Click Here.
  5. Network Security by Udacity
    You'll learn how to plan and design secure networks and infrastructure. Key topics cover architecture basics, security planning, and protecting systems from threats.
    Click Here

  6. Fortinet: NSE 1,2 & 3 by Fortinet
    You'll learn free basics of network security through NSE levels 1, 2, and 3. Key topics include threats, Fortinet tools, and foundational concepts for certification.
    Click Here

Get Security Knowledge For Microsoft Products

  1. Microsoft Windows Server 2016 Training for Beginners - On Udemy.Com
    In this course you will learn to install and manage Windows Server 2016, including domains and DHCP. Key topics cover beginner server admin, setup, and basic networking.
    Click Here
  2. AZ-500 Microsoft Azure Security - On Udemy.Com
    In this course you will Azure security features to pass the AZ-500 exam. Key topics include managing identities, securing networks, and protecting data in the cloud.
    Click Here

NextGeneration Firewall

  1. FortiGate Firewall NSE4 Version 7 Training Part1/2 - On Udemy.Com
    You'll learn to configure FortiGate firewalls (NSE4 Version 7) through labs. Key topics cover setup, policies, and basic management.
    Click Here

    [ NSE 1, NSE 2 and NSE 3 are free certification get them all ]

  2. FortiGate Firewall NSE4 Version 7 Training Part2/2 - On Udemy.Com
    Learn advanced FortiGate features (NSE4 Version 7) with step-by-step labs. Key topics include deeper config, troubleshooting, and security rules.
    Click Here
  3. Palo Alto Network Firewall - On Udemy.Com
    Learn This firewall, Once you learn One firewall, rest become easy as the fundamentals are same only, some options are different and how they are set is different, so learn this one, Palo Alto and Fortinet are very common.
    Click Here

SIEM TOOL

  1. SC-200: Microsoft Security Operations Analyst - On Udemy.Com
    Learn to be a security operations analyst with Microsoft tools through labs. Key topics cover monitoring, responding to threats, and SOC roles.
    Click Here
  2. The Complete Splunk Core Certified User Course - SPLK-1001 - On Udemy.Com
    Learn Splunk basics to pass the SPLK-1001 exam. Key topics include searching data, creating reports, and using Splunk for analysis.
    Click Here

NAC Solutions

  1. Cisco Identity Services Engine (ISE) 2.7 - On Udemy.Com
    Learn Cisco ISE 2.7 setup through labs. Key topics cover access control, policies, and network security basics.
    Part 1: Click Here
    Part 2: Click Here

Identity Access Management Solutions

  1. Identity and Access Management (IAM) - On Udemy.Com
    This course is vendor neutral and the key topics cover access controls, identities, and real-world security skills.
    Click Here

Privileged Account (Access) Management (PAM)

  1. Privileged Account (Access) Management (PAM) - On Udemy.Com
    Learn how to manage privileged accounts securely. Key topics include PAM concepts, tools, and protecting high-risk access.
    Click Here

Vulnerability Scanning Tools

Qualys Vulnerability Management - On Udemy.Com
A tool used to scan and manage vulnerabilities in systems, cloud, and web applications. It covers key areas like asset management, scanning, and agent-based detection. Commonly used in banks and organizations that must meet regulatory compliance.
Click Here

Nessus Vulnerability Scanning - By Tenable - On Udemy.Com
It does the same job what Qualys does, but some features are different and its from a different brand.
Click Here

Once you've got the basics clear, next comes the tools like Enterprise Key Management tools like CipherTrust Manager by Thales , Database Activity Management (DAM) Tool, EDR, XDR, will come easy, they're quick to pick up in a day. You'll face interviews with confidence and do well as a newbie. But keep practicing what you learn, it might take years to get solid. That practice will open doors to advanced stuff like designing infrastructure, enterprise security, or ICS/OT solutions, these are rare skills, and they are in high demand for decades.

Key Tips to Succeed

  • Practice Is Everything: Don’t just watch videos. Set up a virtual lab (check YouTube for “EVE-NG setup” or “home lab cybersecurity”). Practice, Without hands-on, you won’t be job-ready.
  • Understand, Don’t Memorize: If something’s unclear, pause and dig deeper, use YouTube, docs, or even ChatGPT. Get it to click before moving on.
  • Show Your Work: Build projects (like a simple network setup or CTF write-up) and share them on GitHub or LinkedIn. Recruiters notice this.
  • Start Small, Stay Consistent: Pick one course, finish it, and practice what you learn. Patience and persistence are key.
  • English Communication is important : You often need to write things, explain things, English is needed. You do not have to be excellent but atleast you should be able to find correct words while writing or expressing something.

Why Hands-On Matters

You can’t just read about cybersecurity, you have to do it. Set up a virtual lab to mess around with networks, firewalls, or servers. Telling again and again without practice, you’ll struggle in interviews or jobs, no matter how many certifications you have.

Once all these which are mentioned above are done, you have the followings:

  1. Deep knowledge how they works
  2. Which problems they addresses
  3. What are the features available with each of them
  4. How they can be implemented
  5. And you have some years of hands-on in production environment.

You re ready to start with OT-Security and time to understand and learn PLC, HMI, RTU, SCADA and industrial Protocols.

And if you struggling with finance as the most of the link to the courses mentioned above are not free, click the link below where I have share globally recognized courses you can take 100% free (or nearly free) to gain real skills and earn certificates you can proudly showcase. It would be enough to get you started, get a job, save some money and get back to this article again. 😊

Free Cybersecurity Courses & Certifications For Beginners

If you have any question(s), feel free to get in touch with me on Linkedin, I would definitely try my best to address. Good luck, and happy learning!