no BS cybersecurity roadmap (non-sponsored)

This is my last cyber guide I've told you all you need to know. I set you free little ones... make me proud...
Also here's another cool resource when it comes to keeping up to date with attacks: thedfirreport.com/

they never told us this sort of thing in uni. they never emphasized getting certs, doing self-study outside of class, etc. my biggest regret was not spending more time on CTF's and getting certs; I spent all my time getting A's in classes that ultimately didn't matter much. you live and you learn, though

"You'll find very quickly if you like it or not and if you do not, DROP IT IMMEDIATLY" this is the best advice i could give to any begginer lmao.

You're a breath of fresh air. I have an-900, security+, CySA+, and passed the cissp. And I'm currently doing SANS courses, this shit is not for the weak. I'm a network analyst and have 3-4 years of experience in networking. I have only had 1 offer as a cybersecurity analyst, but since the pay was so low I couldn't take it.
This shit is not for the weak. You really do have to grind.

Crin is single handedly raising the new gen of cyber sec.

You are 100% on point! The "buy my course to become master programmer in 3 months" or "start vibe coding now" videos are a plague so it's nice to see something more sincere.
I always had passion for tech but for a long time I was just made to believe I was too stupid to be in IT. It all started looking very depressing when it turned out comp-sci degree on it's own was not enough for me to get a job and and I started thinking that I wasted money and maybe I should have started to code when I was 12 and start getting certifications when I was 16 to have a chance. Now I'm slowly but steadily doing my CTFs, HTB courses (so far, the free ones) and daily driving linux and I don't even care that much about getting a job anymore because I just like what I'm doing but one day I will be confindent enough in my skill to start applying for interviews again.

I think, as shitty as it sounds, the current strict and picky job market in cybersecurity is actually beneficial for those who are truly passionate and not for the 'cyber bros' just looking to make quick money because it’s trendy. I can see people pivoting away very easily.

This is the most raw take I have ever come across for breaking into cybersecurity let alone tech. There are so many nuances that just get overlooked about working in tech in general.

I'm glad I found someone that actually talks about how this will all play out in reality, and how the state of things will affect it. I've been working towards getting into the industry for a while now, with pentesting/ethical hacking as my ultimate goal. I can't go for a degree right now with my current situation, but it's a core part of my personal roadmap. I wasn't aware that the industry was so overhyped, but I'll be keeping that in mind moving forward, and probably rethinking my approach to some things to avoid accidentally hopping on hyped trends and all that.

Man that last bit. That’s why I pray for discernment. Just Being able to be alone and get comfortable in making your own decisions with good judgement. Good message

I think a lot of beginners expect everything to be spoon-fed to them because that's what they are taught in most schools. I only got out of this mentality when I had actual passion for something.

keep it up Crin, as the new generation for cybersec there’s way too much of nothing. Lots of RUclipsrs and consultants trying to sell people things instead of them actually learning and understanding
best practice is to hit your head against everything that exists

I work in Network Defense (Threat Hunting, CTI, DFIR). This vid hits the nail on the head in a lot of ways it's tough out here. One thing that maybe I can recommend (but maybe its not for everyone) is to specialize early and get a sense of what you like to work with long term. If you end up choosing network defense, you are likely going to be reviewing the fundamentals of stuff like Network +, Security + and A+ (more or less in that order) the rest of your career so I would just recommend specializing early. Blue team/network defense responsibilities are tough and your aim is basically to adapt to any IT environment thats hiring network defenders (SOC, CTI/TH, DFIR, etc...). That being said, and as the vid here is mentioning, the skills needed are no joke and the way I like to think of it is you have to keep practicing to keep your skills sharp. Certs play their part and while i hate that something like SANS costs 10k per course, you'll see a lot of job apps asking for any or a combo of GCFA, GNFA, and/or GREM (or better yet to have all three in the same person), along with being able to script in at least one language, (python, powershell, bash). Being able to craft YARA rules is also getting more important by the day to identify new malware strains and Applied Network Defense has an excellent course on YARA that im thinking I will take one day. If i had to sum up a list of skills to pursue, it would be a combo of memory analysis/RAM analysis, Disk analysis (NTFS primarily), Log analysis, Network Analysis/PCAP analysis, and malware analysis/writing detection rules, all of which have their own hierarchies of skills that can be a specialization if you choose. I only have a few years of experience but Im happy to help if anyone has questions. I know it seems dreary out here, but network defense is still very much needed and I don't see that going away anytime soon, even with advances in LLM and other AI tech.

The amount of relevancy from 5:00 onwards is exactly what I needed to hear. It's uncanny.
Thank you Crin for speaking plainly, your words are going to help a lot of people.

I'm a 3rd year CSE major , 2 years of my uni life i spent procastinating because of seeing the talent pool in the more saturated fields like software dev, It was honestly exhausting grinding leetcode trying to get my core programming fundamentals in place especially when what i was learning despite putting in efforts realising i was at a standstill . I am one to shift to cybersecurity not due to the buzz of it being a high paying industry rather i actually found myself learning and enjoying seeing how useful a very simple concept can be alongside having it apply to real world . I stopped using ai to jot down stuff for me rather leveraging it as a way to create detailed reports on what i learn't so i can access it anytime. Hands on approach with labs taught me more about networking concepts OS than any of the Uni courses . Also as you mentioned learning alone is what i actually found comfort in, having myself as the sole standard to compare with is pushing me to learn more and not be presumptious of my abilities , these vids are really refreshing man + i get snippets of my comfort characters

Before video: Bocchi
After video: Serial Experiments Lain

Man I love finding channels of people who actually have a soul and not trying to sell me some bullshit. Great stuff, and a lot of what you said can be applied to many other skills in life, technical or not.

Thanks for the down to earth convo - especially about the "solo mission" part.
Like I mentioned in a previous video, I'm currently doing a cybersecurity degree while doing a fulltime job as a system engineer. I got that job out of sheer self-study, constant improvement and home labbing (aka, using my free time to learn stuff).
I have people around my age, early 30's, in a university program, constantly asking for handholding and guides: may it be to accomplish basic tasks, or get a structured approach in their learning. I'm not talking about trying to get a hint or two from the learning approach of other people - but actual checklist questions, which makes me ask every time how these people will survive in the professional world, if they can't even streamline their own learning approach what is technically the very beginning of their cyber career.
I'm very grateful for this video, I still hope to see more bangers from you about this topic in the future.
May I ask what your job actually is or what your daily business entails?

Thank you for this video. I’m a junior in cybersecurity and struggling to find an internship. I did some projects, such as creating a home server, but I didn’t know what to do. Otherwise, your video gave me a lot of insight. I believe I love cybersecurity, and I plan to follow your advice.
Thank you once again

Imo the quickest (though not necessarily the easiest) way is to learn how modern software is built + deployed in actual production environments. Along the way you'll learn tons of software, infra, networking, etc. that getting an entry level security job will be cake. This will also give you the opportunity to pivot to other careers if you decide you hate cyber (as I did). The "easy" way to make all of this stuff stick is understanding how things are built and work in the first place.

This literally came at the best time for me. You confirmed how I’ve been feeling about cybersecurity after studying independently for a couple months. Oddly motivated me to keep going lol. Thanks.

This is correct. I did my Masters in CompE at Carnegie Mellon University, which has one of the top security programs in the US. I initially focused on security, but after some research, I realized it would still be hard to get into even with such a degree. I pivoted to more standard software engineering and I couldnt be happier. Cyber is super interesting and I enjoyed the coursework, but at the end of the day it just wasnt for me. Its not for everyone and should never be treated like a simple career roadmap like everyone makes it out to be.

You are a really underrated channel who tells about the truth of cybersecurity rather than overhyping things. I really have a passionate intrest in this field and thanks to you i know more things rather than falling into course-buying pitfalls.
thanks for the video😊
ps: idk if it's me but the minecraft parkour adhd trap made me dizzy for some reason

I absolute adore this vid. I'm studying Informatics Engineering with a specialization in Cybersec, and I've taken some Masters courses in my uni to get the Cybersec mention. I'm really happy to see how much I liked actually hacking and analyzing what I was looking at, but one of the main reasons I'm focusing in Cybersec is because I also love programming, and leveraging both has made the experience amazing since I can really combine things and concepts that TRULY interest me.
For my thesis I'm doing a GRC software for small and medium business that cannot afford a pro solution like IBM's or CISCO's, because I do really care about security and I hate seeing small businesses end up going bankrupt over lack of GRC knowledge; at the same time, I'm learning networking and malware concepts in Rust and it has made everything so much more enjoyable by applying what I learn into actual programs. The grind for certifications and CTFs is definitely hard (specially now since I don't have much time because of my job), but I really cannot see myself going down another career path in CS, this really is it for me and I love it lol

i click for the hype and stays for the philosophy

When I heard that in cyber you have to work independently and solo, it's like I was searching for a job like this all the time and i finally found something that resonates with my personality. Thanks for the advice crin.

I admire you being so real and raw. It’s a breath of fresh air ! Thank you ☺️

I'll never forget moving from the NOC into the InfoSec team and how steep the learning curve was. I felt woefully unprepared as I didn't fully understand what my team was talking about most of the time. Because of that feeling like I didn't belong with them, I spent the next 2 years working my ass off to get up to speed by learning everything I could, studying for my Security+, and taking a lot of classes. I still spend a lot of time learning every month, but I'm 6 years into my InfoSec career and I'm significantly more confident in my abilities though I still feel dumb most days but thats par for the course.

This video found me when I really needed it, been stuck and overwhelmed just as I stepped into cyber security ( mainly cuz of the influencers hype). Now I am just gonna spam atleast 100-150 CTFS see what happens. I like it I like it, I don't, I don't. Thnx man.

Best Cybersecurity overview and roadmap on youtube hands down! A must watch for any beginner looking to get into the field with a hard nose approach of the industry!

damn this is the fastest i have ever been to a video. Thanks for all the good knowledge crin.

I’m coming from the Fed world (was enlisted, do not want to go back) who then transitioned into higher Ed (perfect timing I know) who’s considering going back into dedicated security. I really appreciate this video because it’s hard to get a modern perspective when so many of my mentors and people I know still think security is “get your Sec+ and use your clearance.” Programming and scripting has been my biggest weakness so hearing your perspective of doing the research and hobby-work is what I needed to hear to get past my biases as someone who’s already been in one side of the field.

The last 3 sentences of this video got me with those words - creative, independent, alone, research xD Overall I thought CyperSecurity is a boring job. But since I got into QA I realized that I love to find bugs. I got into python cause I love how logical syntax it has. I enjoy your videos

From Germany here. This video gave me a different perspective on cybersecurity. I didn't know where to start because the field is so big. I even bought a few useless books (exam prep books) from comptia (linux+ & network+) where I already know most of it. Right now I'm trying to get into low-level programming and web development.

Dude this is huge, i just got my sec+ and I did my ccna a couple months back, I have done some python programming but I'm gonna get back into it, currently dabbling more with THM and what they have to offer, at the end of the day it's a a marathon not a sprint, this is a top notch video and I hope everyone see's this. great job man!

Like many others, this is such a fresh air in the creator world of these high paid jobs, courses, youtube clickbait. Please continue youtube for a long time , we need more people like you!+

i love how this videos make me feel smart by not having silly expectation like mentioned in the video and actually being realistic and alr doing your advice even though i am still basically a beginner

I am guilty of being the minimal effort guy. I have always been interested in security and privacy and this video is like a slap to my face.
The beautiful thing about the truth is, even if it hurts, it (should) make you think.
Great video crin. I will keep watching you.
I may only in the starting area, but now its time to evaluate if i am actually enjoying it or doing it because i saw no alternative (so far).

Thanks for the video, what you said is actually quite useful in other IT disciplines.

Thank you for the practice exams you gave me on Discord. I just wanna say that you and your channel popping up in my recommended has been a miracle, because I've been learning fundamental networking and cybersecurity in a trade school alongside high school, and I really needed a better teacher (oh my God don't get me started). I truly thank you for everything. You actually care. God bless you.

This is gold!
Thank you for sharing this knowledge.

Super great advice, Im currently looking for more projects and labs that I can set up at home to test out different concepts/technologies. I don’t think my first job will be coming from a job board I have also been trying to meet more people in the field. Over all, the people within this industry have been super supportive and eager to share their guidance. Im really excited to land my first role and actually get real world experience.

Thanks. I appreciate your genuineness and honesty. I feel like the more I research the more confused I am about where to start.

Such great knowledge here on careers and why higher level people deserve higher pay. What really resonated with me was the not having your hand held and this being a solo mission part. Honest really applicable to so many careers, maybe all of them. Great job.

Very true about web development. Even if you’re passionate about it/enjoy it the barrier to entry was always to just have a decent understanding of front and backend. Recently laid off from my position and at this point if you’re not at senior level proficiency you’re not getting hired. The current management meta is to acquire a software engineer with 10 years experience and make them do the high level planning/architecture while at the same time making them ALSO do all the grunt/product work with the help of AI. This is already having the huge side effect of more bugs introduced as the grunt work is done under both the pressure of deadlines + being half written by AI. The workers I left behind are now under constant threat of layoff while expected to output 20x more. At this point I don’t know if the layoff was a curse or a blessing.

Recently came across your videos while compiling a list of resources and training materials for some people who recently asked me how to get into cyber. I have three of your videos linked in my guide now since its exactly the same things I've been telling people: Cyber is hard, be actually passionate about it and not the money (burnout/boredom is real), expect the market to be very hard and competitive, always be dedicating time to learning and do your own research (and want to do it), certs mean you studied well to pass but don't prove how much you remember or know now (some exceptions). Nice to be able to refer others to your content because I see so many people attempt to come into the field for money or wonder why they cannot find work after getting Sec+. And I'm tired of seeing those youtubers (and LinkedIn uploaders) that put out generic content or push certs that ultimately will not aid them in "getting a job in cyber" or "get paid over X money" after getting said cert without mentioning the rest of the work that needs to be put in for that to actually happen. Keep up the great videos!

I appreciate you keeping it real at the end, the truth bombs we all gotta remember not only managing through the cyber field right now, but just tech in general. Mad props my guy.

Yes bro, thank you for being the only honest person on this damn platform. Ive been helpdesk for 2 yes, constantly studying cyber in my free tome (still need to do my certs) but its refreshing to hear honesty for once - especially when youve got cybertubers pushing their own "courses" for stupid amounts of money a month.
And youre right, its fucking hard, but its such an amazing feeling to start understanding concepts/physical implementation of tools/skills etc.

tbh, i do enjoy of learning new things, new concepts, starting off with networking doing easy projects but documentating it is very useful
cuz that same approach when i do research i can apply it to wargames like overthewire and is very enjoyable man, keep it up!!

Thank you so much for sharing this, everything that you said applies not only to cyber sec but to any area in life in my view.

Keep it up man, you are throwing reality to beginners who are just new to this program. I admire the way you expressed everything that I kept in my heart for so long.

If I may add one small but important point : __do not neglect soft-skills_ (like communication and time/ressources/people management)
Tech skills are the fun part, if you're really passionate about cybersecurity you will learn them no matter what, soft-skills tho, will require actual effort and neglecting them can be as bad (if not worse) than lacking tech skills and can easily cost you a job.
If you're good at what you do, you'll quickly get responsibilities, you gotta know how to handle them because it's real easy to get overwhelmed by it.

good job bro , one of the few people that are telling the hard part about it. Love you bro ❤️

This is one of the most instructive videos I've ever watch. Exactly what I needed to here to start working on educating myself.

I can't emphasize enough how useful learning powershell was to me in every position I have had LEARN IT.
I also like many started out wanting to be "h4k3rm4n" pentester only to realize I don't have the mentality for it if and it really does take a special mentality to know where to look for bugs and how to ACTUALLY pentest those areas for bugs. CTFs can be fun but they are simulations and should be treated as that, you're not gonna have writeups for real world scenarios and exploits that may work as a PoC may not on a real world scenario either you need to learn to make your own scripts.

Thanks for the video, I am still going strong learning and having fun with cybersec ^m^

Ngl I 100% agree with the pentest thing. It sounded cool when I was hearing about cybersecurity, but now I just want to do SOC-related work. What I didn't think I needed to hear was the journey being a solo one. I've tried to find people at my college as interested in doing CTFs with me and preparing for competitions for cybersecurity and even projects/self-learning, but I feel like it's not really worth it vs. doing it solo. I'm going to stick to that philosophy and really just get in the rhythm of just doing it.
I also think the hand-holding comment has a lot of merit. A piece of advice I've heard a lot is to just read; there's so much documentation/videos on how to do stuff that I don't see any reason not to look it up instead of asking, especially when being resourceful on the internet is so easy nowadays with YT, websites, AI, etc. Critical thinking at first sounded corny to work on, but it's something everyone should constantly be working on regardless of what field you study because of how much easier it makes studying/life.
Great video, man, keep it up

Thanks for the video. I really like your style, because others are less sincere and promote that a certification is everything. I totally agree that the person must be interested enough to learn more and adjust to new things in this field. Still, I assumed that there are few qualitative certifications opening the door for some position. For example entering with OSCP pentesting, because it’s the gold standard, is practical and apparently demonstrates skills, which are enough for an entry position

I dont know how I found myself here, I dont even care about cybersecurity field as I'm on the AI engineering roadmap, but heck, he really meant it when he said "no bs" guide. I wish I saw this kind of video in my teens or BSc era. They dont say things so straightforward in the edu system. Cheers

I've been in Tech for 6 years in data analyst roles, but since I was a child I always had a passion for cyber security and I'm really considering doing the jump

Just wanted to say I've been learning CyberSec for about a year now, but tbh, I could have learned more in these time. Starting a new job soon, gotta learn HTML, CSS & JS-hope it helps a bit with my long-term goal of getting into CyberSec. Subbed after your last vid, love your honest content. Thanks a lot, Crin!

I saw that your oldest video is OSRS related and now I love you.

A perfect reality check and no bs guide . Appreciate it man 💯

I was just talking to my dad the other day about all the RUclips grifters in InfoSec and how much it bothers me knowing they're misleading people desperate for a job into thinking they can "Get one cert and make $200k like I did!" A lot of your points are the same things I say to any people I know who say they want to get into cyber. To go far you have to have some level of interest in it and be able to look up information on your own.
If you're that guy in the chat asking "What's the difference between blue teaming and red teaming?" or "Is this file I downloaded malicious?" then either take this as your wake up call to be more self-sufficient or possibly look for another field to work in.

Lmao I just squeezed myself into my first jr web developer job, fullstack, with the most hyped and saturated stack out there (node/react) and I can say everything he says in this video is true. You gotta be useful, there are are opportunities out there. In my case, I'm way ahead of 2023 Jr devs, but hey, I made my way in, pretty reputable company, career plan and all. If you want to get into tech these days you're gonna have to show a lot more skill than a few years ago, the market is getting back to normal really fast.

This video literally made my hopes and motivation to keep going go so high up thank you man ❤❤

I genuinely needed to hear this, thank you🙏

Very very great video i am trying this world of cyber security and i am really enjoying it, this video show the reality of this world as i start to understand what i got if i get into, thanks for the content very informative man

Realest shit, honestly. Been doing all different forms of helldesk and cable punching in logistics/warehouse for over a decade now and finally decided to try to become a soc analyst and work from there. The bootcamp I'm in has so many people that don't even know how to operate a container, much less operate their laptops and when I tell them I'm doing several other certs and am really doing this cause my job covers the cost of said bootcamp and I get a SEC+ voucher so this bootcamp is more something to help retain whatever shit I'm learning from every other cert program (like splunk, cause every other analyst Ive talked to say they primarily use that SIEM and burpsuite) and just trying to utilize as much of these free programs as I can...but a lot of the people Im in class week just seem to think they can cruise through this bootcamp and take the sec exam and just magically find a 6 figure job.

this is exactly everything i needed and wanted to hear. it answered all of my questions
thank you so so much for this

I've been in cybersecurity for 3-4 years now and am now finishing a master degree on it, and I am planning to get security+ and some solo project done this year and with a few friends from the same degree
Recently I heard multiple guys around me who were doing simple tech jobs or development stuff say that they wanted to get into cyber stuff, but the way they said it was almost like they thought it was a "specialty" within IT that they could get under their belt to find jobs more easily because it's hype and all
And I was like "dude, cyber is not a specialty, it's a whole field, a massive and very technical one that requires years just to get the basics of. You can get into the basics of devsecops to complement what you have now I guess, but don't go into cyber expecting it to be easy or if you're not planning to make a career in it"
Too much hype, I guess

real. i was one of those "i wanna be a pentester" types. i have a bachelors in IT w a concentration in infosec and like i realized i like policy/grc more but it's not one of those "sexy" roles in cyber. theres a lot of learning on your own so if you can't handle continuous learning its not worth it

Honestly I did, need to hear this. Currently studying for GFACT and I have been struggling, but enjoying my experience so far. Hopeful for my future.

thank you for keeping it real as always
also fantastic job on improving on the original mspaint presentation

Omg I love you, that's exactly what I was looking for yesterday

Your videos are fantastic man. Clicked for getting a taste and I'm hear to stay. Thank you

Appreciate your video. You have no idea how bloated youtube is rn with fearmongering AI videos or like cyber videos where they tell you taking the slow route of actually learning the fundamentals is useless and all you need is 3 months and to pay for their course and youll get a cushy job in cyber. I want cyber/IT to be my career for life so Im doing my absolute best to learn from the bottom up instead of cramming exam questions and memorizing stuff just to forget it and be a useless imposter in a job im underqualified for. Im passionate about hacking but i like IT and networking too and i wanna get my fundamentals in IT and computer hardware before committing myself to hundreds of ctfs a day

A cup of coffee and this video are the best way to start the day.

Nah this was a much needed video. Thanks for taking the time to share.

I dropped out of college for this exact reason, you can learn cybersecurity on your own with books and RUclipsrs, the process is constant trial an error but once you figure out why you'll have to add it to your notes of commands for later reference so you don't deal with the same problem

I wish there was someone like you for gamedev

I skipped to 5:00 to hear your best advice and it made me feel reassured about my goals in cyber. Thank you.

unrelated to the topic but my biggest regret is blindly getting an IT-related degree, if i can turn back time i will keep away from IT courses...IT Courses isnt for everyone.
"You'll find very quickly if you like it or not and if you do not, DROP IT IMMEDIATLY" too late for me.

This is such a good general advice for any tech job search to be honest.

Looking for a change in my life and these videos are super helpful. Thanks Crin!

You mentioning that most people don't know what pen testing actually is literally opened my eyes, after some research, I realized there are other things im much more interested in in cyber instead of grinding pen test to realize its not my thing. thanks

I will make you proud, father. (I've already been studying since September, but that's been a little slow here and there.)

Your channel is a breath of fresh air in this niche.

Finally a honest review about cyber security specially in bug bounty and the dream of six figures I always tell people it is overhyped but no one believe and pointing there people get money but they are pro in their game

thanks for the reality check. it's hard, really hard for me to push myself to learn, I'm not that guy, but I'm trying anyway.

Cybersecurity really needs CCNA understanding, because we need to know how data packet actually works

I figured out what I wanted to do in life because of you. Thank you so much!

if a slav gives u cybersecurity advice, u better listen to him!

I love how I’ve been around the cybersecurity algorithm for a while now and seen all these guys. & then I find this channel that condenses it all & adds anime in it too. How incredibly convenient 😂

I personally want to be a firewall engineer. I've spoken with a few other cybersec people including people in the military cybersec branch. Im working on certs constantly and have several projects going. Including improving my homes security posture. I want to start working within my own world designing and improving firewalls, but am at a crossroads of just stacking information and skills. Currently learning Rust. Im sure years from now i might not be in that actual field, but its what im aiming for right now.

Well this video was a needed bucket of cold water. I am passionate about cybersecurity and computing in general, but I have a bad habit of being reactive, and just tagging along with what my friends are doing, or what guides I've seen, or what's required in my college courses, etc. Digging things out by myself is pretty out of my comfort zone, but that's not gonna go well for me if I keep it up. I still wanna do this more than anything else, so I guess I should get off my ass.

thanks. what we need to hear instead of what we want to hear. ❤

Thank you for detailed insight, As a beginner it really helped

He said little ones 😭😭😭. I do like this no BS direct approach video

This is such a nice and refreshing conversation to hear. I'm so tired of seeing "BECOME X IN 3 MONTHS" or whatever crap because, to me, that just feels like school: they aren't there to actually teach me the foundations, build on it, and to critically think. They're just there to give me info to regurgitate and MAYBE feel confident enough to go for a job, but when you get there you realize that you are WOEFULLY under-prepared. So much of cybersec is just learning. You always know just enough to know that you don't know shit.
Great great great video, crin. Always enjoy seeing what you put out!