Getting Into Cybersecurity in 2026 the Right Way

Every new year, new articles and videos drop. I used to watch them like everyone else, never thinking I’d reach a point where I’d be writing one myself, but here we are. Hard work really does pay off, and most of the time, we don’t even realize we’ve slowly become the person we once wished we could be.

This blog is about how to get into cybersecurity, with a stronger focus on the offensive side of things. My path to becoming OSCP certified was far from smooth. I started back in 2020, watching YouTube videos on “how to hack someone’s Wi-Fi,” genuinely thinking that was all cybersecurity was about. Not long after, I discovered TryHackMe, then moved on to Hack The Box, eventually passed CPTS, and finally, it was time to go for OSCP.

I still remember sitting there after showing up, thinking, shit… who would’ve thought I’d come this far?

The Secret to Passing OSCP: My Journey and Tips

The Offensive Security Certified Professional (OSCP) certification is known as one of the toughest certifications in cybersecurity. Some…

medium.com

After years of learning, failing, restarting, and struggling, I finally found what I believe is a clear path for anyone who wants to get into cybersecurity. The reason I’m writing this is for the people who feel lost, overwhelmed, and don’t have anyone to reach out to. I was that guy once, and I know exactly how that feels.

I’ll do my best to clear everything up.

Is Cybersecurity right for you?

Many people have the wrong idea about cybersecurity. Some are inspired by movies, others by the fantasy of hacking nuclear launch systems and blowing everything up. That’s not how this field works at all.

In cybersecurity, especially on the offensive side, the goal is to perform penetration tests on systems and make sure they are secure against real attackers. It’s the complete opposite of the fantasies people imagine. This is about understanding systems deeply, breaking them in controlled environments, and helping organizations fix their weaknesses.

If you’re motivated by breaking systems, understanding how things work, and finding loopholes, then cybersecurity might be for you. But if you’re here purely because of the image or hype, I strongly recommend learning how things actually work in cybersecurity before committing.

This field demands a huge amount of time, patience, and energy. Realizing halfway through that it’s not for you can be extremely discouraging so it’s better to understand the reality early and make an informed decision.

The Fundamentals

There are two types of people who want to get into cybersecurity: those with no prior experience with computers, and those who already know the ins and outs but aren’t sure where to start learning the real stuff.

Both groups struggle, but for different reasons.

For folks who are completely new, it’s important to slow down and build a solid foundation first. Before touching hacking tools or labs, you should focus on learning the following:

1. Introduction to Networking & Network Fundamentals
2. Operating System (Windows & Linux)
3. Web Applications & Web Requests

I’ve linked the best courses in the bullet points above. If you search on Google, you’ll find plenty of free resources as well. There’s no need to pay for anything at this stage.

All of the courses I mentioned are from Hack The Box. This isn’t sponsored in any way; it’s simply my personal recommendation. The pricing is very affordable, the content is clean and well-structured, and it saves a lot of confusion.

There are completely free paths you can take, but they usually cost you more time and energy. Choose what fits your situation best.

Never try to rush. This is a field that demands more than just effort it demands your soul. You have to be obsessed with it, breathe it, and live it. That level of curiosity and commitment is often the only real sign that someone will succeed here.

Cybersecurity isn’t something you casually pick up on the side. The people who make it are the ones who can’t stop learning, breaking, testing, and asking why.

The Secret Pathway

Now, for the people who already know all of this, here’s the secret.

Web Security is a must, so we will start with PortSwigger Academy. It covers all the topics. It teaches you everything you need to know about web security, and it includes hands-on labs so you can practice as you learn. If you take your time, practice properly, and keep notes, you’ll be able to perform Bug Bounty and web pentesting.

For most beginners, the confusion around web security disappears after completing PortSwigger Academy. Then comes the Active Directory, Cloud Pentesting, Privilege Escalation, etc. All these terms might sound scary, but they won’t be once you understand them. I remember when I first started Active Directory, I wished it never existed,d but now I love AD.

Since PortSwigger already made you good at web, the following certifications will teach you Active Directory and Post Exploitation.

The usual choice is between OffSec and Hack The Box, and both are solid. There are other platforms like TCM Security (beginner-friendly) and INE.

• Offsec OSCP+ PEN-200 includes web, Active Directory, post-exploitation, and cloud. If you want to focus on web only, then OSWE WEB-300 from Offsec is for you.
• HackTheBox has a lot of certifications. CPTS is an alternative to OSCP+. If you want to do web only, then the Web Penetration Tester is for you.
• TCM Security has certifications as well, both web-focused PWPA and PNPT, which is CPTS-like but more beginner-friendly.

The main difference is this:

• OffSec is expensive but has strong market recognition, which can help when applying for jobs.
• Hack The Box focuses on pure knowledge. People do it for the love of the game. It does not mean these can’t land you a job.
• TCM Security is beginner-friendly; people also do certs from here, like PNPT, to prepare for OSCP.

A quick reality check: OffSec certifications alone do not guarantee a job. They help, but only when paired with real skills, consistency, and the right mindset.

I’m not presenting this as the perfect path that everyone must follow because that doesn’t exist. Everyone is different, and the same path won’t suit everyone. But if I were to start again, I would absorb all the PortSwigger Knowledge and jump straight to CPTS and then OSCP.

Don’t get stuck overthinking which certification to choose. My advice is simple: once your fundamentals are solid, start with PortSwigger Academy or the Web Penetration Tester path on Hack The Box. After that, move on to CPTS, and then go straight for OffSec certifications.

It’s not complicated at all, that is it. Itis very simple. People often complicate it because there are so many options. It’s fine, you don’t have to plan all of your path in one day. Just start, and you will know the step yourself.

Tips

• Take notes while you learn. This is not optional. You must take notes; you’ll thank yourself later.
• Don’t rush any part of the journey. If you rush, you’ll end up coming back to relearn it properly anyway.
• Keep it simple. Don’t overcomplicate things; fundamentals matter more than fancy tools.

Conclusion

I hope this helped in some way and cleared up your confusion. If you have any questions, feel free to ask in the comments or reach out to me here or on Discord (bericontraster). I’m even happy to hop on a 1-on-1 call and guide you further on anything to give back to the community that helped me come this far.

Best of Luck.