Goals are good to have. But we must avoid them being too amorphous or we'll be scared away from trying. I've had previous goals of "Becoming a hacker". That's casting a pretty outlandishly wide net. What type of hacker? What industry do I want to work in. Do I mean security professional, or cyber criminal, or somewhere in between? Do I want to focus on web apps? Do I want to focus on networks? The questions go on and on, and become even less tangible.
A few years back I'd been watching Ippsec videos on youtube. I thought "That's what I should do, I should set up a Hack The Box account." Hack The Box(HTB), at the time, was a great tool for those who are comfortable with CTF challenges and learning through them. I believe it has since expanded to include something a bit more rigid, but not much. It turns out that the style of learning HTB encouraged, I'm not the best at. It was a little too open ended. Your options were "go it alone" or "follow walkthroughs". Both of which, I hasten to add, are very good ways of learning, if you're suited to them.
I was not. I would get frustrated with feeling like I had to resort to following a walkthrough. I'd chastise myself for not knowing something when as I read the explainers it was laid out as being perfectly obvious and simple. This was me being monumentally unfair to myself. I can't know everything. I don't understand which flags or actions are important in a command I've previously only used as intended. I'm only starting to think in an adversarial manner about things. The other thing, and it's worth mentioning, is that HTB is targetted primarily at offensive security. CTFs as a rule are offensive/red team tools. They're ways of keeping on top of your skillset. To turn something like a CTF challenge into a defensive/blue team challenge is even more daunting for someone with limited knowledge.
Last August my friend Brains93 mentioned TryHackMe(THM) as a learning tool. They said it was much more beginner friendly. I tried it for a day, enjoyed it, and promptly forgot about it. This week, the first week in March 2022, I revisited it. I decided that because I pay for and don't use HTB, I could cancel that subsciption and switch over to giving THM a go. Maybe I would make better progress. And to say that's true is an understatement. Over the last 5 days I have gone from completing 1 room to completing 23. All in stuff I kinda know, or was vaguely aware of. We appear to have found a learning tool that will work for me.
So what are my goals? Firstly I want to have fun. Find what I enjoy playing around with. The IT Security/Cyber Security/InfoSec field is broad. Far broader than I think most are aware of. Certainly more than I'm aware of. So I want to explore as much of it as I can before I decide what to follow next. THM has a lot of challenges and learning paths. They have stuff for blue teams and red teams. And it's laid out in an easy to use, easy to learn from manner. So let's explore what's there. Let's find what's fun. Let's stumble over stuff, but stumble forward as much as we can.