Cybersecurity Journey

After you feel comfortable using the Linux command line (this course), look into the Kali Linux distribution for a lot of pen testing and security tools all part of a Linux distribution.

I know there are various books on Kali Linux; there are probably some web sites, too. Kali Linux is based on Debian Linux (which is the base for Ubuntu). Kali is just another distribution of Linux. When you get through this course and feel comfortable using Linux as a user, then use your favorite search engine to find the (free) Kali distribution (probably kali.org). It is still Linux. It simply has a bunch of tools included in the distribution, Now, learning how to use those tools requires reading books, manual pages and documentation. Of course, that is part of you learning about cybersecurity. During your learning about cybersecurity, you hear about using a tool called nmap, for example, you can easily find that tool (and many others) as part of the Kali Linux distribution. The good news: Your journey of learning has just begun. The bad news: Your journey of learning never ends.

I agree 100%! Security is a broad field affecting so many parts of a system. A well-versed cybersecurity practitioner should know programming (and secure programming practices) along with understanding how programs, and the Linux kernel works, in order to discover ways to exploit those programs. As you pointed out another exploit could be with installing or updating software packages (such as introducing Trojan Horses). Most people will specialize. OS security? Web security? Network security? Red team vs. blue team vs. purple team. Pick an area and start digging into it. If it interests you, keep digging/drilling down. Technology changes daily. The good news: your knowledge journey has just begun. The bad news: it will likely never end. I suggested looking into Kali Linux (based on Debian) because it pulls a lot of Pen Testing tools together. This may be a source of areas to explore. Metasploit is a nice tool, but if you only learn how to use it and not what it is doing under the hood, then, yes, you are nothing more than a Script Kiddie. Seeing that Metasploit has a buffer overflow exploit for an old version of the Apache Web Server will, hopefully, incentivize you to find out what a "buffer overflow" is and how to use it to gain control of a system, for example. Knowing that there is a tool that can brute-force passwords may enable you to better understand what makes a good password (and I would prefer to use the term "pass phrase" since it implies a long password made up of several words). I just mentioned two of the dozens of tools in the Kali Linux distribution. But, yes, learn to walk before you run. Learn to use Linux (this course). Then, learn what is call Systems Administration (or Management). Then Network Administration. All of this may direct you into an area of security that you are interested in. When I teach Linux Systems Administration, I mention that some people specialize in PAM (Pluggable Authentication Modules) or udev (User Device Management). There is so much to learn (and it changes constantly). How do you eat an elephant? One bite at a time. I hope this helps. By the way, I've been working with UNIX and now Linux for over 42 years, and I don't begin to know everything! I learn new things every day! Good luck!

Thank you very much. My philosophy is that you never stop learning (as long as you are open to it). Linux and FOSS is very vast! I don't know the stats off the top of my head, but it sure seems that several new commands and systems are coming out every week!

Just to be very clear, I am an independent contractor teaching classes for The Linux Foundation since 2014. So, not certain I can be totally unbiased. I try, but to be honest, I'm not that aware of other training programs. I will suggest that you look into The Linux Foundation's IT Professional programs. There is one specifically for Cloud Engineering. You can find that here: https://training.linuxfoundation.org/training/cloud-engineer-itprofessionalprogram/. This is an independent study set of courses (and two certification exams) similar to this (LFS101) course. Again, I'm just not too aware of all the programs out there, but I am familiar with several of the courses in The Linux Foundation's IT Professional program. I've taught the first two courses in this program several times. Again, this program is independent study and not Instructor led training and is priced that way. Taking Instructor led training is more expensive (but that's how I earn my income).

Before teaching, I was a Software Development Manager (in UNIX-like systems) for much of my career. I've always enjoyed mentoring people. I often learn as much from my students as they learn from me (well, I hope they learn from me!). If you have further comments or questions, let me know. I enjoy interacting with other techies. There are always new things to learn.