My Journey Through Cybersecurity: Degree, Certifications, and Hands-on Labs

Contents

Cybersecurity Journey

Introduction

Quick note before we begin, I am an aspiring offensive security professional with a growing portfolio of certifications and hands-on experience, particularly through platforms like INE (formally known as eLearnSecurity), TryHackMe, and HackTheBox. While I have made significant progress in my learning journey, I am still early in my career. This review reflects my personal experiences and observations so far, and I highly encourage readers to consider multiple perspectives when planning their own cybersecurity education paths.

This topic is important because many newcomers to cybersecurity face the same dilemma: Should I pursue a degree, stack certifications, or dive straight into practical experience? Will I land a job by the end of my studies? In this blog, I’ll share how all three classroom learning, professional certifications, and platforms like TryHackMe, HackTheBox, INE and many more can be leveraged to build a well-rounded foundation.

The Traditional Route: Cybersecurity University Degrees

Below are two overview tables highlighting pros, cons, and job readiness offered by a Cybersecurity degree. Keep in mind that each university has its own curriculum.

CategoryRelevant Details
What Degree OffersStructured curriculum covering CS and cybersecurity fundamentals. Strong theoretical foundation (networking, OS, cryptography). Academic & professional networking opportunities.
ProsRecognized by employers (especially corporate/government roles). Teaches broad tech concepts beyond just security. Access to internships, research, and graduate programs.
ConsOften lacks practical, hands-on training. May not reflect current industry tools or attack methods. Can be expensive and time-intensive.
Pros and Cons of Degree
RoleReadiness
Offensive Security (Penetration Tester, Red Teamer)Limited practical exposure. Theory helps (OS internals, networking), but hands-on skills must be learned outside — HackTheBox, TryHackMe, VulnLab, etc.
Defensive Security (SOC Analyst, Threat Hunter, Blue Teamer)Slightly more aligned, especially for SOC, IR, and GRC roles. Still needs labs, internships, and tools like SIEMs for practical knowledge.
Degree and Job Readiness

Overall, a degree is a great starting point but not enough on its own. A well-structured curriculum combined with hands-on practice, certifications, and self-learning is the best approach.

Certifications: Focused, Practical, and Industry-Recognized

The “Golden Standards” Widely Recognized

  • OffSec → The gold standard. Known for hardcore hands-on exams like the OSCP, OSEP, OSWE, and OSCE.
  • CREST → Highly practical, industry-driven, and often essential for senior technical roles.
  • GIAC (SANS Institute) → Premium-priced but extremely well-respected. Certs like GCIH, GPEN, and GCIA are staples in large enterprises and government roles.
  • EC-Council → CEH is popular and often requested in job listings, though it’s frequently criticized for being outdated. Note that there is CEH and CEH (Practical).
  • CompTIA → Ideal for starting out and great stepping stones for junior to mid-level roles.

Technical & Practical-Focused Certifications

  • HackTheBox → Rigorous and reflective of real-world TTPs. Great for red teamers and SOC analysts alike. Check out HTB Academy and ProLabs.
  • INE (formerly eLearnSecurity) → Very hands-on and respected in the PenTesting community, providing both Red and Blue Team certifications.
  • TCM Security → Affordable, practical, and community-driven. Known for its flexibility with lifetime vouchers.
  • Altered Security → Known for Active Directory exploitation training at various levels. Highly recommended if you’re serious about AD PenTesting and Red Teaming.
  • ZeroPoint Security → Known for the famous CRTO and CRTL certifications. Very hands-on and focused on C2 infrastructure, AV evasion, and real TTPs.
  • SecurityBlueTeam (SBT) & CyberDefenders → Excellent for the defensive side. Certs like BTL1, CCD, and BTL2 are ideal for those looking to go beyond theory.
  • TryHackMe → Recently launched SAL1 and PT1 certifications.
  • CyberWarFare Labs → Affordable but highly technical. Covers Blue Team, Purple Team, Red Team, and Cloud Security.
  • SecOpsGroup → Affordable exam vouchers worth exploring if you’re on a budget.

Note: Certifications such as OSCP, CEH, PNPT, and PenTest+ are often listed as entry-level requirements for PenTesters. HTB CPTS is gradually becoming a gold standard for junior PenTesters. For Blue Team/SOC roles, consider HTB CDSA, BTL1, CCD, or PSAA. Security+ is applicable for any entry-level role.

Dive into the Security Certification Roadmap to find out more.

Cybersecurity Degree or Certifications, Which One to Choose?

AspectCybersecurity DegreeCybersecurity Certifications
Duration2–4 years (undergrad)Weeks to months
CostHigh (tens of thousands)Varies by vendor
ScopeBroad, theoretical, foundationalSpecialized, practical, skill-focused
Career OutcomesLeadership roles, broad opportunitiesMid-level roles, niche expertise
Learning StyleStructured, academicHands-on, exam-focused
FlexibilityLess flexible, fixed scheduleMore flexible, self-paced
Employer PreferencePreferred for management and researchValued for specific technical skills
Degree Vs Certifications
A few considerations:
  • If you seek broad knowledge, leadership roles, and comprehensive education → a degree is more suitable.
  • If you want quick entry, specialization, or to supplement existing knowledge → certifications are ideal.
  • Many professionals combine both to balance theory and practical skills — in my opinion, this is the best possible approach.

Practical Hands-On Experience: The Game Changer

No amount of theory can ever replace the value of hands-on practice. Platforms like HackTheBox, TryHackMe, and INE have been instrumental in helping me build real-world offensive security skills. These environments simulate actual assessments and challenge you to think outside the box.

I would always recommend HackTheBox as the methodology takes students out of their comfort zone, making it invaluable. HTB Academy & Labs is one of the best places to start if you’re serious about improving your skills.

Finding the right balance between academic coursework, certifications, and hands-on labs can be challenging, it requires a certain level of dedication and discipline. For instance, at the start of each semester, I would allocate more time to platforms like HackTheBox and pursue certifications such as eJPT, CBBH (now CWES), and CPTS. As the semester progressed and academic demands increased, I would gradually adjust my focus accordingly.

Relevant Foundational Skills to Guide Your Cybersecurity Career Path

1. System Administration (Windows & Linux)

Foundational to nearly all areas of cybersecurity. An individual with SysAdmin expertise understands how operating systems start, run, and fail — processes, services, permissions, and privilege escalation paths, which are crucial when dealing with hardened systems.

  • Red Team: abusing processes, permission misconfigurations, privilege escalation, persistence, pivoting, and tunneling.
  • Blue Team: hardening systems, log collection, and patching.

Relevant certs: RHCSA/RHCE (Linux), LPIC-1, Windows Server Admin, Microsoft SC-900, SC-200.

2. Programming & Scripting

Mastering programming and scripting enables you to go beyond simple certifications and exploitations — automation, tool development, and exploit analysis.

  • Python → Scripting, automation, recon tools, exploit writing.
  • C/C++ → Binary exploitation, buffer overflows, malware development.
  • Go / Rust → Speed and robustness. Known for modern malware and cross-platform tools. I am currently learning both.
  • PowerShell / Bash → Native scripting for Windows/Linux ops and attacks.

3. Web Development & WebApp Security

Understanding how apps are built helps break or defend them. Mastering HTML, CSS, JavaScript, basic Node.js, PHP, and databases (SQL, PostgreSQL, MongoDB) is a great asset. HTB CBBH & CWEE Learning Paths and THM WebApp Pentesting cover everything you need to know.

4. Cloud Platforms and Security

Everything is moving to the cloud, so will security. Core skills include AWS, Azure, GCP basics (IAM, S3, EC2, Lambda, VPC), cloud IAM, misconfigurations, and cloud logging/threat detection.

Notable certs: AWS Cloud Practitioner, Azure Fundamentals, CCA (Practical).

5. Networking and Network Security

Cybersecurity starts with the wire. Understanding TCP/IP, common ports, and tools like Wireshark, tcpdump, Nmap, and Netcat is fundamental.

  • Blue Team: Traffic/PCAP analysis, NIDS tuning, alert triage.
  • Red Team: Scanning, pivoting, lateral movement.

6. Cryptography Fundamentals

Essential for understanding secure communication, encryption, and cracking. Covers symmetric/asymmetric encryption, hashing, digital signatures, TLS, certificates, and crypto attacks.

7. Soft Skills (Yes, Seriously)

Often overlooked but crucial for long-term growth:

  • Report writing: clear, structured, technical and non-technical
  • Communication: explaining risks to non-tech stakeholders
  • Time management and documentation (probably one of the most underated skill out there)
  • Curiosity and a continuous learning mindset

The Do’s and Don’ts

✅ Do’s

  1. Learn and master the basics: solid foundations in Linux, networking, and OS internals will take you further than any automated tool.
  2. Commit to continuous learning: cybersecurity is a fast-moving field. What works today might be obsolete tomorrow.
  3. Balance theory and hands-on practice: reading about privilege escalation is one thing, performing it in a lab is another.
  4. Build your network: connect with like-minded individuals online or in person. Join communities, attend webinars, CTF competitions.
  5. Document your journey: take notes, write blogs, record your progress. Sharing your journey might inspire someone else or lead to collaboration opportunities.

❌ Don’ts

  1. Don’t rely solely on one learning path: completing a path is great, but the goal is understanding key methodologies and going beyond.
  2. Don’t neglect soft skills: communication is just as important as technical skill. Growing up I thought cybersecurity was all about running scripts and popping shells. I learned the hard way that writing, speaking, and active listening are equally important.
  3. Don’t ignore emerging trends: cloud security, AI, threat intel, and zero trust are becoming mainstream. Stay informed through blogs, newsletters, and conferences.

Conclusion

Cybersecurity is a field that rewards curiosity, dedication, and adaptability. Whether you’re starting with a degree, certifications, or hands-on labs, the key is to blend all three for a truly well-rounded foundation.

No matter the career path you choose, you will come across tools such as Metasploit, Wireshark, BurpSuite, Nessus, Nuclei, Splunk, Snort as well as common services (FTP, SMB, RDP, DNS, Email) and common applications (WordPress, Drupal, Joomla, Tomcat, Jenkins, GitLab, LDAP and much more).

Long story short, start with TryHackMe as it is beginner-friendly, then progressively migrate to HackTheBox as things get more serious and challenging. Check out their learning paths to choose where you see yourself. Immediate action is key to achieving the best results.