How to start a career in Cyber Security for free in 2022

Mr Carlo
5 min readNov 19, 2021


Cybersecurity jobs are very exciting. The fast-paced field that is perfect for anyone who loves a challenge and the thrill of problem-solving.Cyber Security is a booming career choice in our present world and choosing a learning path seems to be very confusing and difficult now. I would like to share some of my personal favourite websites with you where you can start learning and start earning a passive income too.There a lot of jobs in this field, choosing one is completely your choice, which you will be able to figure out eventually once you start learning.

1. Learning websites

Try Hack Me : It’s an absolutely beginner friendly website where you can learn basics of cyber security, computers, computer networks etc. Also many pathways and modules which are designed to give you good knowledge and a practice too.

Linux Journey : This is a website where you can learn basics of linux.

INE : INE provides training for ejpt certification and they have free contents and paid content. If you take a student pass you can get training for some modules for free.

Port Swigger academy : The Web Security Academy is a free online training center for web application security. It includes content from PortSwigger’s in-house research team, experienced academics, and our founder Dafydd Stuttard — author of The Web Application Hacker’s Handbook. Unlike a textbook, the Academy is constantly updated.The labs and solutions are really helpful for

TCM Academy :This is one of the best websites to learn ethical hacking, buffer overflow and linux and Windows privilege escalation. Right now they are also providing a certification called PNPT. Follow Heath Adams on twitter or LinkedIn to participate in give aways and updates.

Pentester Academy: Provides Training and certifications also best labs for pentesting and cyber security related topics.

YouTube: I ain't kidding. There are a lot of content creates out there in the youtube. You can learn a lot from these people.Some of my favourite youtube content creators from my knowledge at the moment are IppSec, JohnHammond, The Cyber Mentor , David Bombal, DarkSec , NetworkChuck, Hack5 , NllByte , Zsecurity , LiveOverflow , STOK , InsiderPHD , DC cybersec , Nahamsec , Farah Hawa , Jon Good , Hackersploit

2. CTF websites

CTF or capture the flag is an awesome way to play and practice our hacking or problem solving skills. Here, a bunch of challenges will be given to the player and he has to solve the challenges and find hidden flags and submit it with in a given time. CTF’s are of mainly two types Jeopardy(Attack and Defence style) and Boot to Root (Boot up the machine then enumerate it, find vulnerabilities and exploit them and find flags then privilege escalation and find root flag) .

Over the Wire: A beginner level to advanced level of CTF challenges.

CTF : Here you can find news and writeups about CTF’s happening. You can participate in them or you can read the writeups to upgrade your knowledge.

PicoCTF: PicoCTF is a free computer security education program with original content built on a capture-the-flag framework. Here you can practice your skills with challenges from previous competitions in the picoGym. Most problems from each competition will be added to the picoGym when the competition finishes.

Hack the box : Hack The Box is a real world based best hacking website. You can play and hack machines and find flags.Mainly Boxes are of Boot to Root type. And you will have to subscribe for accessing retired machines.

Capture The Flag>101 : In this guide/wiki/handbook you’ll learn the techniques, thought processes, and methodologies you need to succeed in Capture the Flag competitions.

Vulnhub : Vulnhub provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.VulnHub is a well-known website for security researchers. It provides users with a way to learn and practice their hacking skills through a series of challenges in a safe and legal environment. You can download vulnerable machines from this website and try to exploit them.

3. Bug bounty websites

A bug bounty program is a crowdsourced penetration testing program that rewards for finding security bugs and ways to exploit them. For researchers or cybersecurity professionals, it is a great way to test their skills on a variety of targets and get paid well in case they find some security vulnerabilities. It is also a good way to start your career and also to earn some pocket money.

How Do Bug Bounties Work? Companies create bug bounties to provide financial incentives to independent bug bounty hunters who discover security vulnerabilities and weaknesses in systems. When bounty hunters report valid bugs, companies pay them for discovering security gaps before bad actors do

Hackerone: HackerOne offers just the right opportunity by letting you legally hack some of the biggest companies such as Twitter, Uber, Yahoo, Coinbase, and Slack. You can learn about bug hunting also earn and build a good career too.

Bugcrowd:Just like hackerone bug crowd is also another platform where you can do bug bounty. It is more beginner friendly tha other platforms. BugCrowd also aptly advertises numerous Software Development Life Cycle (SDLC) integration capacities, making the DevSecOps workflow faster and easier for their wealthy clients.

OpenBugBounty: With over 1,200 active Bug Bounty programs, OpenBugBounty permits coordinated disclosure of security issues on any website if the issue was detected by non-intrusive means. Bug Bounty program creation is totally free of cost, and the website owners are not required to make any monetary payments to the researchers — but are encouraged at least to thank the researchers and provide a public recommendation for their efforts. This can be used to practice your skills before going and reporting in main Platform and get negative points.

YesWeHack: YesWeHack is a global bug bounty platform that offers vulnerability disclosure and crowdsourced security across many countries such as France, Germany, Switzerland, and Singapore.

All the hacking content mentioned here should be used for ethical purpose only.

Comment down things I missed or websites you know which are good for other hackers.

Connect with me on LinkedIn , Twitter



Mr Carlo

(ISC)2 CC | EJPT | CEH | Passionate about Cybersecurity