n2ishin

You've mentioned several times that you suggest practical, hands-on stuff rather than certifications. Like some of the other users posting here, I'm currently:

• Studying for my Security+ Certification
• Actively playing wargames and CTF
• Going to security conferences
• Playing with Kali on vulnerable virtual machines
• Learning C, Assembly and Python
• (Trying) to contribute to open source
• Looking for internships
• Creating virtual machine networks and hardening them

Can you help me add more to the list? I'm studying and reading all the time and doing the things above, but I'd like find more ways to gain practical experience. What's the next step?

Thank you for the reply! I'll be sure to do so.

I didn't do any significant security stuff until last semester, where I took a class System Security class. The class taught valuable basic Linux/Windows administration and security as well as basic networking. We created a network of virtual machines (pfSense firewall, Linux/Windows clients, FTP, web, database) and learned to harden the firewall and systems). From there I branched out to reading and doing the stuff I described above. You don't really need to know the basics before you start learning Kali, but I really recommend studying basic networking first. It's like learning C before Python, I preferred to understand the low level details first. If you want to jump right into Kali, Penetration Testing: A hands-on introduction to hacking by Georgia Weidman is a great book and mirrors the OSCP course.