Post cover image

June 2, 2026

I’m a 1st Year CSE Student Learning Cybersecurity — Here’s What No One Told Me.

The gaps between the course syllabus and the real world

Saharia Hassan Safin

5 min read

I enrolled at Daffodil International University in 2025 as a CSE student. I thought cybersecurity meant watching cool hacking scenes from movies and typing fast. I was wrong and the real thing is so much more interesting.

The moment I got serious

It started with a simple question: "How does a website get hacked?"

I Googled it. Then I fell into a 3-hour rabbit hole of SQL injection demos, XSS payloads, and packet sniffers. That night, I realized my university syllabus teaches me how to build things. Nobody was teaching me how to break them. And you can't truly defend what you don't know how to attack.

What no one told me #1: Your first cert will humble you

I completed the Cisco Introduction to Cybersecurity course expecting to feel like a hacker. Instead, I felt like I had just learned the alphabet of a language with 10,000 words.

But that wasn't the worst part.

After the cert, I went to YouTube — watched guide after guide, tutorial after tutorial. Half the time, I had no idea what the instructor was even doing. Commands flying by, tools I'd never heard of, concepts that assumed I already knew three other concepts I hadn't learned yet.

It was overwhelming. I almost quit.

Then something clicked. Once I got the basics — what a network actually is, what a port does, why encryption exists — the YouTube videos started making sense. The same tutorials I couldn't follow before suddenly felt obvious.

The cert is excellent. Don't skip it. But treat it as the floor, not the ceiling. It teaches you that threats exist. Hours of confusion on YouTube teach you why they work.

The confusion is the learning. Don't skip it.

What no one told me #2: C is still king

Everyone told me to learn Python for cybersecurity. That's true. But learning C first — which I did through competitive programming on Beecrowd — gave me something Python can't: I understand memory.

Buffer overflows, pointer arithmetic, stack vs heap — these aren't abstract concepts to me. They're things I've written by hand. When I read a CVE report now, I actually understand the bug.

One thing I'd recommend to every CS student: start with C. Learn how memory works, how programs run, and what happens under the hood.

Then move to C++ to build strong problem-solving and object-oriented programming skills.

After that, learn Python. You'll appreciate its simplicity much more when you already understand what's happening behind the scenes.

Python makes you productive. C teaches you how computers think.

If you're a CSE student: don't skip C.

What no one told me #3: Linux is not optional

I used Windows my whole life. One month after getting my laptop, I heard about Linux. Curious, I tried installing Kali — and immediately broke my boot.

Spent hours fixing it. Got it working. Broke it again. Fixed it again. Then broke it a third time, doing something stupid.

But here's the thing — every break taught me something Windows never could. How bootloaders work. How partitions work. How the OS actually talks to hardware. You don't learn that by clicking "Next, Next, Finish."

After enough cycles of breaking and fixing, something shifted. I wasn't just using Linux anymore — I had built a foundation from scratch, through pain. I had touched almost every flavor: Kali, Ubuntu, Parrot, Arch attempts, live USBs, dual boots, the whole mess.

Now I live in the terminal. netstat, nmap, tcpdump, custom bash scripts — these aren't scary commands anymore. They're muscle memory.

The painful truth: you don't learn Linux by reading about it. You learn it by breaking it.

So break it. On purpose. Then fix it. What no one told me #4: The community matters more than the courses

I learned more from:

  • Read write-ups on HackTheBox and TryHackMe
  • Watching IppSec on YouTube
  • Following security researchers on GitHub

… rather than from any single course.

Find your people. Join CTF teams. Post what you learn. Build in public.

The Roadmap I Wish Someone Gave Me

When I started, I had no map. Just random YouTube videos, random courses, random tools — no idea what to learn first or why.

So here's what I've figured out, the hard way:

Phase 1 — Foundation (where I am now): Get the Cisco cert. Learn Linux until breaking it feels normal. Understand how networks actually work — IP, DNS, ports, TCP/UDP. Write basic Python. This phase feels slow. Do it anyway.

Phase 2 — Core Skills TryHackMe's beginner paths will change how you think. Learn Nmap and Wireshark. Understand how the web works under the hood — HTTP, cookies, sessions. Then study the OWASP Top 10 like your career depends on it. It does.

Phase 3 — Offense + Defense HackTheBox. Burp Suite. Metasploit. Start solving CTF challenges — easy boxes first. You'll fail. That's the point.

Phase 4 — Certifications that matter: CompTIA Security+ for credibility. eJPT for practical pentesting. Google's Cybersecurity cert on Coursera, if budget is tight, financial aid is available.

Phase 5 — Specialize and get paid. Pick a track: pentesting, SOC analyst, bug bounty, AppSec. Write CTF writeups. Post on GitHub. Blog about what you learn. The OSCP is the dream — but that's a year 3 problem.

I'm at Phase 1. But I'm moving.

What no one told me #5: Start building, not just studying

When I created my GitHub account, I didn't have ambitious projects or a polished portfolio. Most of my repositories were simply solutions to Beecrowd programming problems written in C.

At the time, they felt insignificant.

Looking back, they were one of the most valuable investments I made in my learning journey.

Those problem-solving exercises taught me how to think logically, break down complex problems, debug efficiently, and write code consistently. More importantly, they helped me build the habit of creating rather than just consuming content.

As my skills grew, so did my projects.

I moved from competitive programming and C-based console applications to frontend development, building interactive web applications with JavaScript, React, and Next.js. Eventually, I started developing full-stack applications using the MERN stack, working with authentication systems, REST APIs, databases, and modern development workflows.

Alongside web development, I continued exploring cybersecurity. I documented Windows CMD and PowerShell commands, studied networking concepts, and spent time understanding how systems operate behind the scenes.

Today, my GitHub reflects much more than completed assignments or personal projects.

It reflects a progression:

• Problem-solving with C • Console-based applications • Frontend development • Full-stack web applications • Cybersecurity and system administration concepts

None of these projects is revolutionary. Many of them were built while I was still learning.

That is precisely why they matter.

Recruiters, mentors, and fellow developers are not only interested in polished end products. They want to see evidence of curiosity, consistency, and growth. A GitHub profile that shows continuous learning often says more than a long list of completed courses.

Many students spend years preparing to build something.

The better approach is to build while learning.

Start with a simple project. Publish it. Improve it. Build the next one. Repeat.

Your early projects may be imperfect, but they serve an important purpose: they document your progress and help you develop real-world skills.

My GitHub is far from perfect, but it tells an honest story — from solving programming problems in C to building full-stack applications and exploring cybersecurity.

And that story is still being written.

Build early. Build consistently. Learn publicly.

Where I am now

I'm a 2nd-year student. I have a lot to learn. But here's what I know:

  • I understand why security matters at the code level
  • I'm building real projects, not just doing tutorials
  • I'm actively learning instead of waiting for a professor to teach me

The gap between a CS graduate who studied cybersecurity and one who practiced it is enormous. I'm choosing to close that gap now — not in year 4.

If you're starting too

  1. Get the Cisco cert — it's free and worth it
  2. Learn C before Python (or alongside it)
  3. Install Linux and live in the terminal
  4. Join TryHackMe — start with beginner rooms
  5. Build and post publicly, even if it's small

I'm Saharia Hassan Safin — CSE student at DIU, currently obsessed with cybersecurity and building secure web apps. Find my projects at github.com/Safin313-stack or connect on LinkedIn.