How to Start in Cybersecurity – For Absolute Beginners

Start Your Cybersecurity Journey

My name is Aawart KC and I’m from Nepal 🇳🇵. I’m writing this blog to help anyone who wants to start learning cybersecurity.

If you’re confused and don’t know where to begin, you’re not alone. I was in the same spot too. But the good news is you don’t need to be a genius to start. You just need to be curious and consistent.

Cybersecurity is not just about “hacking” it’s a huge field. This blog will help you understand where to start, what to learn, and how to keep going.

---

What part of cybersecurity actually excites you?

That’s the first question you need to ask yourself. There are different areas in cybersecurity. If you know what excites you, learning becomes much easier and more fun.

---

Step 1: Understand the 3 Main Cybersecurity Paths

🔴 Red Team – Break In (Offensive Security)

Red Teamers are ethical hackers. They try to break into systems and websites just like real attackers but legally, to help organizations become safer.

Skills:

• Exploiting bugs, reverse engineering, scripting and many more.

Tools:

• Nmap (network scanning)
• Burp Suite (website testing)
• Gobuster (hidden files)
• SQLmap (SQL injection)
• ZAP Proxy (web attacks)

For you if you like breaking stuff, solving puzzles, or CTFs.

Don’t worry about the tools. You’ll slowly learn what each one does and when to use them. Just start exploring!

Note:
In Red Team, there are many different roles, but all of them focus on attacking or finding weaknesses in systems to help improve security.

---

🔵 Blue Team – Defend (Defensive Security)

Blue Teamers defend systems. They watch over servers, detect hackers, and respond quickly to attacks. They are the protectors who keep organizations safe.

Skills:

• Log analysis, SIEM, incident response, monitoring networks.

Tools:

• Wireshark (traffic analysis)
• Splunk (log monitoring)
• ZAP Proxy (testing security, from defender’s view)

If you enjoy protecting systems and working as part of a team, this path could be perfect for you.

Don’t worry about the tools right now. You’ll learn what they do and how to use them step by step as you go.

Note:
In Blue Team, there are many roles but all of them focus on defending like monitoring, detecting, and responding to threats to keep systems safe.

---

🟢 GRC – Policy & Compliance

GRC stands for Governance, Risk, and Compliance. These people don’t hack or code much, but they are very important. They make rules and security policies and ensure the company is safe, legal and running smoothly.

Skills:

• Writing policies, risk assessment, planning.

Tools:

• Excel (yes, a lot!)
• ISO 27001, NIST CSF tools
• Dashboards for managing audits
• ZAP Proxy (for checking compliance in apps)

For you if you enjoy organizing, planning, and writing, this path might suit you well.

Don’t worry if this sounds new. You’ll learn how these tools and processes work step by step if you start researching, watch video and more.

Are There Only 3 Paths?

Not really, these 3 are a great way to start, but there are more roles too, like:

• Purple Team – Bridge between Red & Blue
• Threat Intelligence – Tracking hacker groups
• Digital Forensics (DFIR) – Investigating attacks
• Security Awareness – Teaching users about safety
• Security Engineering – Building secure systems

But don’t worry about these now just focus on Red, Blue, or GRC first. You’ll discover more as you learn.

---

Step 2: Start the Journey (What To Do)

Here’s a beginner-friendly roadmap:

---

1. Pick a Path: Red, Blue, or GRC

To find out which cybersecurity path is best for you, do some research first.

Watch YouTube videos and read articles about each path to understand what they do.

Try searching for:

• “Red Team vs Blue Team vs GRC”
• “Cybersecurity roles explained”

This will help you know which path fits your interests and skills the most.

Remember:
Research and explore each option so you can choose the best path for you.

---

2. Learn Linux

Linux is used everywhere in cybersecurity. Learn simple commands first.

Here’s a free course:
🔗 TryHackMe - Linux Fundamentals Part 1

You can try these commands for practice:

pwd       # Show current location
ls        # List files
cd        # Change directory
mkdir     # Make folder
rm        # Delete file/folder
cat         # Show file content
nano        # Simple text editor
chmod       # Change permissions
ping        # Test network connection

YouTube Recommendations:

1. Linux for Hackers - NetworkChuck
2. Linux Basics - The Cyber Mentor

Tip:
You don’t need to focus too hard — you’ll learn Linux naturally over time.
Just like how we slowly learned to use Windows by using it every day, you’ll get used to Linux the same way. Try a few commands daily and explore bit by bit!

---

3. Learn Basics: Networking & Scripting

Before diving deep, understand the fundamentals. These will help you later with everything — whether it’s hacking or defending.

Start by learning these questions:

• What is an IP address?
• What is DNS?
• What is HTTP, HTTPS, SSH?
• What is a port? Types of ports?
• URL structure and status codes (e.g., 200, 404)
• HTTP methods (GET, POST, etc.)
• How websites actually work
• What is a firewall?
• Learn the Cyber Kill Chain (attacker steps)

Also, try to write simple scripts in:

• Python
• Bash

---

4. Get Hands-On Experience

Once you have a basic understanding, it’s time to practice. There are many platforms, but I personally recommend starting with:

• 🔗 TryHackMe
• 🔗 Hack The Box

These platforms let you practice cybersecurity skills in real virtual labs.

---

5. Start Using Tools

Start slowly with tools made for beginners. Learn what the tools do and why we use them.

🔴 Red Team (Attacking):

• Nmap – Network scanner
• Burp Suite – Web testing
• SQLMap – Database injection testing
• ZAP Proxy – Web attack analyzer
• Gobuster – Find hidden pages/files

🔵 Blue Team (Defending):

• Wireshark – Analyze network traffic
• Splunk – Log management and monitoring
• ELK Stack – Logging and alerting
• OSQuery – System monitoring
• ZAP Proxy – Used for learning how attacks work (from a defender’s view)

🟢 GRC (Policy & Compliance):

• Learn to write security policies
• Study ISO 27001 and NIST frameworks
• Practice Risk Management
• Use Excel and compliance dashboards
• Try ZAP to check apps against policy requirements

---

6. Join the Cybersecurity Community

This is very important and many beginners skip it.

Join forums, Discord servers, Reddit subs, or Telegram groups.
Ask questions, share your progress, and stay updated.

You’ll learn faster and feel less alone.

---

7. Build Projects / Share Your Work

This step makes you stand out. Start a GitHub or a blog. Share:

• CTF writeups
• Tools you tried
• Notes from what you learned
• Scripts you wrote

Example: blog.aawart.com.np
This is how I’m doing it!

Even if you’re a beginner — share what you learn. It shows your growth.

---

Final Words

If you’re feeling lost, that’s totally okay. Everyone starts that way.

Give yourself just 3 months.
Try something new each week.
Watch a video, write a script, solve a challenge, or talk to someone in the field.

And most importantly…

Don’t quit. You WILL get better.

Everything becomes easier once you start doing.

I promise — if you stay curious, this journey will be one of the most exciting things you’ll ever do.

---

Need Help? I’m Here!

You can always reach out to me. I’ll try my best to help:

• LinkedIn
• Email: aawart2005@gmail.com
• Instagram: @aawart.kc

I’ll answer every question, no matter how small.

I’m also a beginner and still learning.
I wrote this guide because I was once confused too, and I don’t want you to feel the same way.

Let’s learn and grow together. Just message me anytime.