My Journey into Cyber
Getting into Cyber Security is an adventure. I have gone through a couple of lows, and a handful of highs! But in the end, I could not have been more happy with how things turned out in the end! In this post, we will focus on the highs and how they lead me to where I am now. This is my journey ( ˘▽˘)っ
3/8/202513 min read
So.. why am I writing all this down as a blog post? Why not move on and look forward?
A journey is often filled with victories and defeats. Some of these are plans that is executed well or poorly, and sometimes, things just happens out of your control. Reflecting over these events and understand what actually happened, why it happened, and how to improve the chances of things going better in the future can help me improve as a person. If you are a new student and gain some wisdom from this post, then maybe I have done a tiny good change in the world, which is good enough for me ٩(^◡^)۶
This blog is also written as an addition to Level up your chances of getting a job that I have been collaborating with Bjørn Hennien for a while, as this is my point of view and acts as a backbone for our statements.
The state of Cyber
Understanding the state of Cyber Security marked in Norway is challenging. But once you have some insight, it all makes sense. I remember when I started my Cyber Security Bachelor degree at Kristiania in 2021, we had a kick off with the person that had initiated the program, and he clearly stated that
“There are plenty of jobs within the realm om Cyber Security in Norway, but to get the few good ones, you need to study hard and prove yourself”
This is at least how i interpreted his message, and has been the baseline of my motivation through my studies.
From a Franchise operator to an Application Security Engineer
Before starting my studies, I was 26 and had just quit my job as a franchise operator where I was operating a store with 10+ employees on my side. It was an insightful and intense job that I loved for a long time, but grew out of. I was in a place where I had more than enough money to sustain myself, my wife was working full time, so economy was not a motivation for me. It was more important for me to have a job where I have could grow, have fun and can learn new skills with like minded people.
TryHackMe
My wonderful wife Una Kvålshagen introduced me to cybersecurity, as she was already deep within the field at the time. She introduced me to TryHackMe, which is a good platform to ease yourself from a non technical cyber view into wonderful world of fancy syntaxes, learning how to break things and diving deep into rabbit holes. She also introuced me to Darknet Diaries which fueled my interest for the field and kept me motivated for a long time! (Thank you so much draga! ♡^▽^♡)
I had basic computer skills to begin with, after hosting some gaming servers, tuned config files and opening ports. On TryHackMe, I learned how to use Linux, what the difference between encoding and encryption is, how web applications actually operates and more. I was hooked! So slowly over time, I started building up my own “Wiki” page of everything I learned. Since was self aware that I did not have the best memory, as I still had to many knowledge gaps, so I made an info bank on Notion to store all knowledge I had gained and used to motivate myself and track my own progress.
A screenshot of my old documentation. It acts as a relic of the beginning and stays untouched to this day. With charming typos and confusing logic, as learning is a chaotic and wonderful process <3
This inspirational spiral lead me to have a 365 day streak on TryHackMe. My belief is that if you learn a little bit every day, you strengthen knowledge you already have. Doing this for a long time, you will learn way more than.. Well, doing nothing for a long time.
Building up this persistence requires discipline, patience and a creative mind. If you are not able to turn it into a fun process, you are less likely to succeed. Because doing this will give you the same feeling as when you try to motivate yourself to go to the gym. You really want to do everything else, and there is a fight to get be had each day. But once you are sitting in front of your computer, with KaliOS or ParrotOS booted, you can be sucked into learning for hours!
I started all this early March and built up a solid foundation before starting the Bachelor in August. I did research on what subjects we were going to have and learned a lot before they even started. This funnily enough made some co-student misinterpret as the “Smart one” when I was just prepared for every session beforehand. This lead to me having tiny lecturing rounds where I explained concepts we were learning, which further strengthen my own knowledge, as sometimes I was wrong and corrected by my co-students.
March 6th (That is actually 3 years ago from the day of writing this! 🥳), I broke the TryHackMe streak on purpose, as I wanted to pivot to other platforms and try them out. And also to give myself some breathing room and relax a bit more. Since it is fun, yet demanding to keep such a long streak going.
A screenshot of my progress on TryHackMe.
Conferences & Events
Once we started the Bachelor program, I took the chance at becoming the class representative, which was waaay out of my comfort zone since we were over a hundred students at that point. A lot of skilled and strong participants volunteered, but I was lucky enough to get the role. This role lead me to a more management side of things, as I had to deal with the “politics” at the university and be more of a public figure, something I did not mind since I was used to it from my past when I was managing my store.
While studying, I went to plenty of conferences in Norway. This was to meet skilled people I could learn from and discuss with, attend CTF competitions and of course.. Get all the merch <3 Here is a list of conferences I went to, usually still go to, and recommend attending!
A year into the Bachelor
In this blog post, I am writing a lot about what I did outside of the Bachelor program. This is because I view a Bachelor itself as a structured way of gaining some base knowledge to get into the field, and that it is the extra effort is really shapes you and makes you stick out of the crowd. But being in a strong group when studying can enable you to learn, evolve and have fun in the process!
There are so many I want to thank for three insightful and fun years while studying, but Petter Fjellheim Bakkan and Preben Andersen Berg has a special place in my heart <3 They made everyday at the university something to look forward too, and we have experienced a lot of fun, and faced and handled a handful of challenges together. So here is a personal thank you to them for 3 fun years and a wonderful end result on our Bachelor thesis (´◡`)
The study group
Build a strong portfolio
Jumping a year into the studies, I wanted to start working on my own portfolio to show the research and work I had done so far. But.. What is a portfolio exactly?
A portfolio is a concept I was introduced to when I was studying illustration 2 life times ago when I studied Illustration and art. Back then we put all our illustrations into a physical folder and wrote about what we had learned, what we could improve and about the ideas we had. It is basically a framework to document everything you are doing, and it has plenty of benefits!
I am using this blog you are reading on now as my portfolio. I collect everything I do on Github, CTF sites, make write ups and spread knowledge on this platform, and when doing so I have 2 things in mind.
When I was, and if I am going to look for a new job in the future, everything here is proof that I am active within the realm of Cyber, and a future manager might take a look and get an impression of me.
It is a great way to reflect on what you are doing. For example, just writing this, I need to dig even deeper into my own head to understand why I am doing what I do, which is great to improve and understand the reasoning behind the things you do. If you are lucky, you might even get some feedback from other Cyber experts and improve even more!
If you are struggling getting started because of the thought of being judged, then I highly recommend just jumping into anyway, as you will not become any better if you are not practicing. I am by no means any expert at “blogging” if there is such a thing. I was struggling to get get started for a long time, until a wise man, Bjørn Hennien told me one thing to pushed the fear out of me. “But no one is going to read it anyways..” he once said.. And he was right! Put your thoughts on paper (Or on screen) and document your learning, very few people will read it, and those who do, might learn something from you! It was first when I started hosting Simulacra and AI CTF tasks on my platform that I started getting real traffic, and by now, I am comfortable with it because I had a couple of years to blog beforehand. Thank you Bjørn for enabling me to start blogging!
Working on multiple platforms is normal, as they provide solutions for different challenges. This is how I use my platforms;
Hostinger is a good service, as it provides a blogging opportunity with a low code solution. This is good if you often spend way to much time on technicality instead of blogging if you have the chance.
Github to host private and public coding projects!
PythonAnywhere Is a good provider to host APIs with Python backend (And perfect for being a platform for Security testing, and hosting CTF tasks!). Of course you can host projects from home as well.
LinkedIn is a go to place for networking in realm of Cyber Security in Norway. Add people and follow people you look up to! And when on social events, make sure to add people to follow them afterwards.
TryHackMe is a great place to both improve and document the progress.
Of course this is how I use them. You should find your own handful of platforms you can use to express your work and thoughts. But it is important to connect them together, to have links between the platforms, so when someone is looking at your profile, they can end up jumping from platform to platform and learn more about you.
Landing my part time job
I was playing around with the thought of getting a part time job within the field. Not because I needed money, but because I would love to see how it actually is to work in Cyber! I had already been going to a lot of conferences and talks at that time, so I had a solid network to begin with.
Let us take this adventure from the beginning. But every now and then, I went to OsloSec to meet talents and nerd about Cyber. The person leading OsloSec at the time was Nelson Cheuque, who is an important key role in the Norwegian Cyber Security space, as he is the admin for NorSec and much more. He was already in touch with Sondre Roall Tunheim, the founder of CybSec student organization about having a presentation and QA for the students at Kristiania and talk about how working in Cyber actually is and give some advice. I used my role as a class rep to communicate this with my class and we were able to have this presentation over at PwC which was a great success! (But again, All credits goes to Sondre and Nelson, I just did my best to enable it)
Now why is this important about how I got my first job? Well, you see! Sometime after this presentation, I got a message from Nelson. He was wondering if I had tickets to BSides, which I replied no, because of exams prioritization and yada yada.. (I was actually just embarrassed that I did not manage to buy the tickets in time, since the event looked very fun). He told me that they had 2 tickets extra and that I could bring someone to the event! I was so happy and eager and asked around in class to see if anyone wanted to join, but no one was able to because of the short notice. So I went there by myself.
Going there alone was.. Probably one of the smartest things I did during the Bachelor, because going alone, meant that I did not know anyone.. Which meant that I had to force myself to approach new people. I had a habit to always show up early to events, which meant that I often had some time to kill by chatting with other event goers and network. And this happened here. I just walked up to someone and said “Hi! My name is Stian, I do not really know anyone here, but you look cool!” or something like that. It was a gamble, since I had no idea how they would react, but they laughed and greeted me, and we chatted. This person worked for Storebrand and I had little to no knowledge about security in finance, so it was fun to learn more! We split apart when the event started, but during lunch we met again, but this time the person was with their manager at the time, Kenny Jansson, the head of Offensive Security at Storebrand. I got to sit at their table and we nerded and had a lot of fun sharing our knowledge and experience. Kenny have a very strong offensive Security background which aligned with my interest for Penetration testing and Bug bounty hunting at the time, so it was fascinating to listen and learn from a professional and share some of my own thoughts.
After Bsides, I got a message Kenny about a position in Storebrand. It was not a offensive security role, but in a different team, their Blue team! And I did not mind at all, since my mind went straight to “But how am I going to be able to learn to evade detection if I do not understand detection itself!”. So of course I took the chance and applied for the job!
I was called into an interview, and I am not exaggerating when I say that the interview was the nicest and interesting meeting I could ever imagine. The person I was talking to have a strong technical background and I could see the joy in his eyes when we started to nerd about the state of Security in 2022. About new and old technologies etc.. It was awesome, and I am so happy that I was lucky enough to be a part of his team, as I still see that joy from both him, and our team to this day <3 Thank you so much Øyvind Bergerud for giving me a chance to join your team, then later letting me join full time! The adventure has been amazing so far and I cannot see what more challenges we’ll face in the coming years (´∀`)
I could of course continue my rambling about how Øyvind has enabled me to grow as a person and professionally, but that is a topic for another time!
Reflection
I think the main reason why I landed a job early on, is that I grew a burning interest for Security and technology and the strong network that i build while taking my Bachelor degree. I gave myself the time and energy to really dig deep into the field by going to conferences, joining CTFs, meeting skilled people, and sitting late nights understanding how things actually work. The people that I have met have given me plenty of opportunities and I have done my best to use these. By setting up my own applications, sub-nets. By fucking up, retrying and becoming a little bit better each time. A good manager will see the effort and love you put into your projects and will of course take it into consideration when choosing new part time (Or full time!) Employees.
It is also important to remember that all experience has some value. In my previous life, I was a store owner! That has nothing to do with the Security skills I have now, but because of that, I have some managing skills. I studied arts and illustration, which means that I have experience with creativity and problem solving. Use your whole background, not only what you think is relevant.
Key takeaways
That is my story in short on how I got into Cyber. The key takeaways here is:
Find out what you love doing in the realm if Cyber Security and enjoy it!
Have some way of documenting everything you learn and do. (If it is not documented, it did not happen!) and build a portfolio to show your work
Engage with the Cyber Security community and build a strong network ❤️
Realize that it is okay to not be the best. You will fuck up and do mistakes, but learn from them and be with skilled people that you can reflect and talk with
I hope this was helpful in any way! And that you have gotten any ideas, inspiration or anything to improve. As mentioned on top, this is an a post that goes hand in hand with the Level up your chances of getting a job post that I have collaborated with Bjørn Hennien, so if you liked this one, give the other one a read! Good luck out there! ☺️
