The term cyber-security triggers the word hacking. It's actually not how we are interpreting. The term cyber refers to network or internet. Cyber security is more related to protecting networks or systems from different threats rather than breaking the system. In the context of Nepal, we have a misconception of connecting every dots of cyber security and social engineering to cracking local wifi passwords, gaining unwanted access to someone's Facebook account or hopeless brute-forcing. We need to learn and understand the core differences between "tricking someone to send their password using a clone of Facebook Login Page and "exploiting back doors in a secured distributed system" are different levels of security stories. Both precedes a huge gap in technical knowledge. Phishing is bad. It hampers the culture. Bug Bounty is good. It strengthens the system transparently.
What should you know before getting started?
If you have passion you can start anything. If some basic knowledge of programming, a little bit of math and some problem-solving skills and a little bit of networking could make you a good cyber security enthusiast. Anyone can start their career in cyber security. In the cyber security field, we need to think outside the box.
From where you can get started?
We can start our cyber security career just by googling. There are various good sites and systems which can teach you basic knowledge about cyber-security. Some of them are: Tryhackme, HackTheBox, Portswigger (Web security). After making base we also can go advance by doing some Blue Team Labs, LetsDefend etc. If you want to go on an educational journey, some colleges in Nepal are available too.
What about certifications?
There are many certifications available for cybersecurity specialists. Some famous certifications are CEH ( Certified Ethical Hacker), OSCP (Offensive Security Certified Professional). There are also some certifications that are easy and beginner-friendly, issued by eLearn Security like eJPT, eWPT, eXPT etc. Online Courses that we can take: If we want to go in advance we can take online courses from Udemy, INE, infosec institute, HTB-academy and other sites which are specially developed to make you learn Cyber-Security.
Where every people gets stuck?
To make your hands dirty in the field of cyber security you need to be familiar with the latest technology, frameworks, systems and architectures. Now the point here is that do we have to master each. Let's say, "do we have to know everything about Python programming language? If yes, then the half of life will be spent just in learning programming languages." The answer is that yes we need to be familiar with every technology but not everything of that technology. For example, let's say we need to learn about socket programming just to know the process of communication not to develop a socket. And most of the students in the context of Nepal gets depressed because they can't do bug bounty on Facebook and they simply leave their desire in learning.
What to do next?
If we are certified or become good cyber-security enthusiasts, we can either do a job or can pursue bug bounty as a career or we can simply do our own research. In the context of Nepal, although the salary is not satisfactory however we can perform VAPT in different commercial banks and software organizations. Ethics needed: As a cyber security researcher, or any job related to cyber security, we need to be in ethics because most vulnerable information needs to be private. There are some cyber laws in Nepal to which we need to be familiar and aware before entering into the field. Cyber security is mostly potential responsibility.