Betta Lyon Delsordo
Frequently Asked Questions
Here are some answers to the most common questions I get about starting a career in cybersecurity and my own cyber journey. I hope this helps!
1
How did you get started with hacking?
I've written up some of my story in my 'About' section, and you can also watch video #3 on my recordings page with more context from an interview.
​
TLDR; I started teaching myself to code at 13 -> grew into my own web development business in high school and college -> discovered web hacking and application security -> interned with a hacking firm and found I was good at it -> went full cyber mode, certifications, M.S. Cyber -> pentesting jobs -> currently specialize in web, cloud and AI hacking.
2
How can I learn how to become a hacker?
You'll need to learn some core tech skills around websites, operating systems, networks and basic programming. Once you have that, everything you need to learn is available for free online! You just need to make a plan and stay dedicated for probably 2-3 years of consistent studying to get your first pentesting job. See the next FAQ for my favorite learning sites.
​
I would recommend having a good understanding following topics before moving on to hacking:
​
Linux, Bash & the CLI, Windows & Active Directory, PowerShell, Python, JavaScript, HTML, HTTP requests, network protocols, the OSI model, cloud storage & serverless computing, APIs, basic cryptography, how to set up a web server, Git & GitHub, SSH, Docker
​
If you are coming from a non-tech background, you may need to spend a year getting up to speed on these technologies before you dive into hacking them. Everything you need to learn these is available on YouTube, just search for any topic and then ask ChatGPT to explain things in more detail.
3
What are your favorite sites to learn hacking skills?
Everything you need is available for free online! DO NOT pay for basic training, that is only necessary once you get to an advanced level and have exhausted all of the free resources out there. The sites I've listed below should keep you busy for at least a year or more if you do all the free content:
​
The PortSwigger Web Security Academy
HackTheBox Academy - some cubes for free
YouTube - search for any topic you want to learn
ChatGPT - ask it to tutor you on core concepts
AWS SkillBuilder - many free options
Codecademy - filter by the free option, learn Python and the CLI here
Cisco Netacad - many free options
4
What certifications do you recommend?
That's a hard question, and it's really going to depend on your specialization. My advice is to go find 20 job descriptions for the specific title that you want at your level, and make a tally of how many times you see certain certifications listed. Whatever is the most requested, get that one. You will probably need one well-recognized certification to get you out of the resume pile, and it is just going to be someone matching up those letters to see if you have it. After that, your interviews will be passed on whether you know the content or not. So get one big cert, and try to get some scholarships if you can to cover it. Entry level certifications like the Security+, Google Cybersecurity, or ISC2 CC won't get you a job, only do those if you get them for free and then move on to a bigger target.
4
Where can I find scholarships and mentoring?
There are tons of amazing non-profit organizations out there that can help you in your cyber journey, try Googling for groups related to your specific identity (gender, race, veteran status, etc...) or local region. Many of these will have scholarships for conference and certifications, as well as mentoring programs. Be sure to join any Slack or Discord groups for these groups, as that is where many opportunities and jobs are posted. Some of the ones I volunteer with are:
​
Women in Security and Privacy (WISP)
Women in Cybersecurity (WiCyS)
6
What do you wish you had known when you were starting out in cybersecurity?
I wish I would have picked a specialization earlier. In the beginning I was so excited to learn about cybersecurity that I jumped around learning a little bit of everything, but then I wasn't good enough at any one thing to really work in it. My advice now is that instead of doing 50 things 1 time, do 1 thing 50 times. Many introductory cyber courses will have you do 50 things one time, but you can't walk into an interview saying you only did something once. I would suggest picking any one thing that gets you excited or is most similar to you previous background, and then build a portfolio where you do that over and over. Maybe that is a blog where you analyze 50 malware samples or write about 50 cyber regulations, or maybe you complete 50 lab boxes on a certain topic. If you can do that, you will get paid to do it. For me, that was starting with web hacking because I had a background in web development and knew the holes that developers leave when they are rushing out a site. After you are established you can add more specializations, but it is best to pick one to start.
7
How can I get cybersecurity experience without a job?
Many entry level cyber jobs will want 2-3 years of 'experience', but that doesn't have to be a traditional job. You just need to demonstrate proof that you have been studying a specific area for 2-3 years and are good enough at it that they won't need to teach you. This can be a combination of any of the following, as long as you have proof (a blog, social posts, mentor recommendations, certificates, conference talks, volunteer hours validation):
​
- A collection of blogs, articles, videos, or GitHub repos demonstrating your learning progress
- Volunteering at schools, senior centers, and libraries to teach others about cyber safety
- IT help desk, TA or learning assistant experience
- Internships and apprenticeships
- Bug bounties or CVEs
- Conference talks and workshops (try small local ones or diversity conferences to start in a supportive space)
- Freelancing or offering your skills for free/cheap to non-profits to help with basic cyber incident response plans and inventories
- CTF participation, in live competitions or though platforms like HackTheBox
- Research through a university or on your own and getting it published
- Participating in working groups for new cyber policies or frameworks
- Assisting with open source projects and documentation
​
All of these activities will allow you to gain skills, demonstrate proof of your progress, and network with people who can help you find jobs. Whatever you pick, just be consistent and recognized over a period of months or years, and people will want to help you. This obviously takes a lot of time, so you may have to work whatever job you can to pay the bills, and keep working on this for the long term.
8
How do you make time for learning?
Life is busy, and it always will be. If you don't make a plan to carve out time to learn a new skill, you'll never learn it. Most universities and employers are not going to provide you with the resources to learn the real skills you need to succeed in hacking, it is unfortunately something you just have to teach yourself (coming from someone with multiple degrees). I've had some great classes and worked on cool projects, but the most valuable skills I have came from sitting down to learn something I wanted that wasn't being taught to me.
​
With that in mind, you have to just start small, like a hour a week, where you sit down to learn something and work towards an end goal, like a certification, blog post, or lab pathway that you can use to demonstrate your progress. Just like if you are trying to exercise more, you wouldn't just start running 5 miles out of nowhere, you have to build up to it. Once you have a routine of studying a little every week, then you can add more time in and work up to what works for your life. You have to train your mind just like your body! It helps to pick whatever topic is most exciting to you, and let that curiosity drive your learning instead of just what has been assigned to you. Chances are, you'll learn something valuable that many others haven't yet, and that becomes something you can contribute to the wider cybersecurity community.