#cyber-and-careers

and do they have mandatory service time?

I had looked into the RAF, but 12 years mandatory service is a big nope for me

lmao

nvm

google answered my questions

🙂

The 12 years isn't mandatory. You can leave when you want

My uncle was RAF

he told me otherwise

medical discharge or no leaving was what he told me?

has it maybe changed?

lmao tyty

as suspected

It's a 12 year contract but they're not gonna force you to stay lol

they do

that's how it works?

the only way to leave is medical discharge

and also, their cyber team is a reserve for the air force

so always a chance u get pulled into a warzone on the front lines lmao

committing to 12 years of shit pay 😍

It's possible but difficult to leave early

the dream

yezzir

so appealing tho since it's so easy to get into

already meet all the requirements

but fuck that 12 year commitment

Would rather not be stuck there until my 30's

RAF on the frontlines lol? They'd get some hotels built in the FOB to stay in

hahahahaha

fax

GCHQ CSF is the dream like

I figured they would really like RAF experience

but I think I could get there before my mid 30's

Yea I mean anything to do with the government / national security, they like former military. Idk tho, it's shit pay and not very fulfilling working at places like gchq, mi5 etc from what i've heard

o really?

gchq is also shit pay

Lots of politics, nothing gets done

Tbh I am not overlyyy concerned with pay, I just liked the sound of CSF since your protecting actual people rather than a corporation

and it is like the only real nation state work available for a UK resident

right?

or are there other avenues that could lead to OffSec operations?

I figured either military or GCHQ are the only real options

National Cyber Force, MI5, SIS, GCHQ might do offensive ops but no one would know

CHECK pentesting puts you near government and CNI work at least

GCHQ CSF has said they do OffSec operations iirc

lemme try find the post

In a year of non-CHECK work, I have also done work I can't really talk about

I'm sure there's mil units that pull people from the raf, navy and army sigs to do offensive work tho

v noice 🙂

slightly jeal

Let me know when you've finished your BSc

Nvm, it was NCF

that is the dream

I for sure will 🙂

Def want to become a CHECK team member in a couple years

will have a shitload of certs by then as well

Wait, so you have a 12 year commitment in the RAF regardless of occupation? Or is that just for pilots

yes regardless of occupation

kinda shit 😦

was really interested in their 501 signals unit

they do all sorts of cool stuff

Damn, US only has those contract requirements for Pilots

and again, you can be called into actual service at anytime when you are on the cyber force

which is also kind of a negative for me tbh

would rather not die lol

I'm not sure how that works

Is that like reserves or something?

was lit typing that, yes

lol

have to go through bootcamp and weapons training etcetc

u beat me to it

I've had some email discussions with a Sergeant regarding it

Was super interested until I started hearing all the negatives 😦

Not going to tell you not to join, but you should join for the right reasons.

@mossy pewter Mil Contracting >>>> Mil

trueeeee actually

Also, out of interest, do THM take on any volunteer work?

I don't work for THM

I haven't for about a year

Ah fair play hahaha

You can create rooms though

chea, definetly going to get into that for sure

I think it'll be pretty useful for learning

Need to do some research on it

What are your thoughts on WGU (Western Govern University)?

For?

Cyber Security Assurance Information

B.S program

I can't speak to it, but I'm generally wary of online bachelor degrees. If you're older, from the US, you'll remember schools like ITT Tech

That being said, I haven't heard anything negative and if they're accredited that's a plus/requirement

Yes i remember ITT Tech, one of my good friends from high school went there and became a network engineer

I've heard good things also

I even went live on TikTok with shenetworks and she responded to my comments and said good things about SMU

so i figured WGU is the same

Yeah, ITT Tech was shut down for lying about job prospects, among other things

Really ?? No way

Yes

That I haven't heard. My friend has a legit job and everything

Or they closed themselves

I had thought they were shutdown

https://www.forbes.com/sites/edwardconroy/2022/02/24/report-on-fraud-committed-by-itt-technical-institute-highlights-need-to-protect-student-loan-borrowers-with-stronger-regulation-of-for-profit-colleges/?sh=56e5eb562fff

I haven't looked into them yet. Appreciate the feed back though, I'm a bit optimistic now that you didn't have anything negative to say about them so

Wow

So they don't offer degrees or do they?

I'm not sure what they actually gave at the end

I never looked into them before going to college

It closed in 2016

That's really interesting to be honest

I hope WGU isn't the same in any way shape or form

I didn't see in WiKi that they offered any degrees at ITT Tech

Just Certs

I guess the real assertion should be if the degree they offer at WGU will be accepted in most places to say the least.

It should be accredited

It is

🙂

Find out who it's accredited by

Super juiced

okay

-NWCCU
-AWS Academy Membership Institution
-Cyberwatch Member

Also by CompTIA

So ITT Tech did offer Bachelors degree as well 🤔

That makes me weary of WGU now

Honestly, i think it all depends on the person

And what you do with your degree and knowledge, i would assume

Some of the campuses closed; one of the things that ITT (and other for-profit education did) is have multiple locations, but not all locations were accredited. Supposedly, it's the same program at all locations..... but in practice, the quality of graduates varied hugely, and degrees from unaccredited sites weren't worth the paper they were printed on.

👍

Would you mind give me some clues about making portfolio that they like to accept as Fresher/Intern with zero experienced? Is it nice showing them what I research myself about specific network techs or cheatsheet/ networking code ?

US Intern vacancy - apply while it's hot: https://www.linkedin.com/jobs/view/cyber-security-intern-at-threatmodeler-software-inc-3101200138?refId=f32tPs8u53mR0ue7rc6k3A%3D%3D&trackingId=saBhwRwtABYzzeOll1S%2BRw%3D%3D&position=1&pageNum=0&trk=public_jobs_jserp-result_search-card

Ew, New Jersey?

Do you guys have any knowledge about any good college to do Masters in cyber security from ? Any country

Don't do a masters in cyber

This is how I got into my Bachelors

Just spoke about my interest in tech and security from I was 13

I had some voluntary software engineering and web dev work experience which helped too tbf

Is it worth it to have a lot of rooms completed on THM?

Worth it for what? A job?

Yeah, from an employeer prespective

It won't really mean much to them outside of showing that you actively engage in self-learning. The same way being in the top 1% doesn't matter to an employer

I personally wouldn't put the amount of rooms i've completed on my CV

You can put down that you use TryHackMe and other sites like HTB, especially if you don't have any experience. But as far as the amount of rooms, it doesn't really matter

Thanks for your thoughts man

Gave +1 Rep to @spare kernel

this late in the summer, it's very rare to see new internships get opened

THM and HTB would go in an extracurricular category of the resume. Don't put it on as experience.

The skills you build are what have value, not the number of rooms completed

Will a bachelors degree suffice? Why would you not what to do a Masters in cyber ? (extremely curious)

The "don't do a masters in cyber" gets rehashed most days here

Multiple times a day, in some cases

I still don't quite understand. Does this mean the opinion about getting a masters degree changes often in here?

No, it means that this question gets asked (and answered) a lot.

Oh, yikes !!

got it ! I will do some research 🙂

Many people also see the answer and ignore it, because it wasn't what they were expecting or wanted to hear

I love those answers actually

More rational

So looks like the majority of the answers from knowledgeable people in here has been "no", yet others still seem to go for it knowingly.

I trust this a lot. Thank you! I will achieve it when I gain the experience, even if i want to at that point, don't think it would be entirely necessary if i just want to stay at a pentester role

No, same answer every time but people want validation for their choices

You're correct. I need to stop doing this myself. I just like hearing other people's answers from (THM specifically) to do some reasoning on my own for when i decided to pick a a colloge. I found out here that the majority of the answers has been "not to get one" so therefore I will only go as far as getting my certs and possibly my bachelors degree if I get my financial aid accepted again

If you are going to do a B.Sc, I recommend a compsci and not a cybersecurity degree - it's a lot more broadly applicable, and it's served me to well for both breadth and depth across all the domains I've touched.

Ooooooh! I love that ! And let me tell you why I love that advice. I was literally thinking this myself the other day. I saw that computer science degree touches on cloud security and more !

Though I'm kinda iffy because there is cloud security courses in the cyber security program and not in the computer science program

No. A CompSci will not touch on cloud directly (or at least it shouldn't...) but it will cover many first principles and foundational topics. That's a lot of certs that are IT specific and not CompSci. I don't think I'd trust that program.

You're correct, it's included in the security program not CompSci. Let me take more screen shots. The cyber security program has a pen testers course as well

So apparently there is a 3rd degree which is called "Network Engineering & Security, which i believe is catered to more of a 'management' role type if you want to go that route.

Here are the following Degrees and their courses and what they consist of. I feel as though the cyber sec degree is geared more towards what i want. What are your thoughts?

The Cybersecurity an Information Assurance program consist of:
-Secure Systems Analysis & Design
-IT Fundamentals
-Web Development
-Network and Security
-Scripting and Programming
-Information Assurance
-Ethics & Cyber Law
-Penteration Testing
-Hacking Countermeasures and Techniques
-Digital Forensics and Incident Response
-Technical Writing
-Risk Managment
-Wireless & Mobile Technologies
-Web and Cloud Security
-Data Management

The CompSci consist of:

-Computer Science (Includes: Computer Archeticure, Data Structures and Algorithins 1 etc...)
-Software (software Engineering etc.)
-Data Management
-Secure Systems Analysis & Design
-Operating Systems
-Technical Writing
-Scripting and Programming
-IT Fundamentals
-Business of IT
-Web Development
-Network and Security

There is also the Network Engineering & Security Degree which consist of:
-Scripting and Programming
-Web Development
-Network and Security
-Full Stack Engineering (Version Control specifically)
-Business of IT
-Networks
-Operating Systems
-Information Assurance
-Information Technology Mangement
-Data Management
-Web and Cloud Security
-IT Fundamentals
-Information Technology Managment

That's not really management per se; that sounds very much like network admin and network security stuff.

By the looks, the cyber sec program has more courses that go over more things geared to pentesting roles rather than the comp sci? Would you still recommend going for the CompSci?

I think CompSci is a better degree. I don't know how respected WGU actually is, it's a pretty new university.

I would need to do more research on this. It is accredited by the following:
-NWCCU
-AWS Academy Membership Institution
-Cyberwatch Member

-CompTIA

Not sure if this means anything but it's student loan default rate is less than half of the nationals average and well below their competition.

That doesn't mean anything.

Got it.

One, that's probably because they're new, and two, they heavily advertise to US military, meaning a lot of their students are on GI Bills.

That would significantly depress the rate of students needing loans and thus defaulting.

Does anyone work in Digital Forensics? I have a job interview coming up for a forensics job and any advice would be greatly appreciated

WGU is not a bad university for military or working professionals, especially for IT and cyber folks. They tailor their degree programs alongside industry certs, so you can obtain college credit and get a CompTIA cert or similar, at the same time. Additionally, WGU is self-paced. You could potentially get a degree very quickly, and come out of it very well credentialed. As others have said, it is heavily pitched to military for this reason. However, it is not an "engineering" school. You will not get an ABET degree from this school. That is a big deal in the US if you want to get into a large corporation, as it is often the factor that determines engineers from non-engineers.

Very interesting. I appreciate the feedback! So apparently SMU offers an ABET degree but they require a bachelors. I will look into this more. For now, i have made up my mind to get my bachelors at WGU @boreal zephyr

That coupled with extra-curricular activities such as THM, hackthebox, and my certifications in my resume will hopefully suffice to get into the role I want or at least an entry level role to start reaching my end goal

I wish you the best of luck! There are ABET bachelors out there, but they are rigorous. I know of people that have found success with WGU, and I personally have nothing bad to say about their programs. Feel free to reach out to me directly if you have questions.

Wow, that's extremely comforting to know! I also have an ex friend that went there and has a job right now! I really appreciate your time and response on this and will definitely send you a ping down the line! Thanks a lot 🙂

Gave +1 Rep to @boreal zephyr

Figured for the most part that it was because they were new. Thanks for your feedback

Southern Methodist?

Yes, SMU

That's the one that shenetworks also recommended when she was live on TikTok

I just graduated from UNT up in Denton. If you're looking for college info, shoot me a DM.

Is https://pauljerimy.com/security-certification-roadmap/ still a bit up-to-date?

I think I'm a bit overqualified for a cert like OSCP (aside from AD skills) but other certs like OSEP seem too hard (also AD wise)

It's still shit yeah.

Alrightt 😂

OSEP also kind of seems outdated in the sense that it still teaches MS Office macros while MS is going to disable them

Isn't AD like 1 out of the 25 chapters?

Ahh alright

🥲

Looks like I've got some homework to do

I know that entire industries run on Excel macros...

I am curious is @fringe rivet going to aim for OSCP or OSEP ?

After doing some research I think OSED is the best choice for me as I'm more into binexp and vuln research

Although I wouldn't be surprised if I'm going to do OSCP in the near future regardless for job opportunities

Pentester academy has a few couses similar OSED to aid your journey like https://www.pentesteracademy.com/course?id=52 .

You got to go where the heart leads you 🙂 You can do it.

It will be, yes, although if the exam is anything like OSEP in style, doing it without the build-up of the easier OSCP might be... interesting.

You definitely want OSED rather than OSEP though, from what I've seen of ya

They are not completely getting rid of them

Absolutely. Thank you 😊

Gave +1 Rep to @nimble crow

If you were to hire pentesting mentor - what criteria and qalifications would you insist on as a mimimum ?

I wouldn't hire a pentesting mentor. Mentorship is as much personal relationship as it is professional; it's helping someone to guide their own career.

It sounds like you might be interested in hiring a tutor to teach you pentesting, that's a different thing entirely.

Yes, thats what I meant by mentoy - a tutor guide and just be on call for demos. What criteria would you look for in that person ?

I would ask in my present employment for the opportunity to shadow. And take a lot of notes about what they do, how they proceed, and try to understand the process of what they are looking for without being obtrusive.

I certainly wouldn't pay someone on the internet to tutor me

But you are lucky - not all of us have jobs with such opportunities ? 🙂 I did used to use one for teach some deeper AD stuff for work ages ago.

Pentest is not an academic discipline, it's an industry discipline. It has business value, and learning for it is best done as part of a practicum not in a teacher-student format

One of the difficulties of penetration testing is that it's going to be different on every engagement. Where do you think you are lacking with your pentest skills? Business side or technical? If technical, start learning the common products and configurations for those products. If Business, learning the reasons why a business engages a pentest is immensely helpful.

Ty! I think it's in the justification which I am sensing is why my learing isn't sticky. I understand in part the steps but I am failing to understand the reasoning ... why am I scanning for open ports and services when I can access why the web app or why should I run this type of nmap scan and not this and what are if I do ? It's a bigger rounded picture.

honestly all that comes from having foundational knowledge... sounds like you need to work on your basics vs pentesting

Also, have you gone through a course like Practical Ethical Hacking by TCM? it is pretty comprehensive

I think you have hit the hammer with the nail! I am going thru the moties but not grasping theory. I got PEH but have not yet dived but will do otherwise doing the motions without knowing is mental block.

you can also ask here or other places for some specific questions

Thanks for your insight!

Gave +1 Rep to @flat sedge

I will change my question a little maybe i didn't phrase it right. What is your guys view on a Senior SOC Analyst, does anybody here have some experience with this or maybe some insight?

I'm just asking out of curiosity to get more understanding from possible more experienced members or workers in this field...

Are you asking what our personal views are on an individual who is a Senior SOC Analyst?? or are you asking what it is like to be a SOC Analyst?

No, i am currently a SOC Analyst for 2 years, doing mostly everything from investigation, triaging, creating and editing rules, playbooks everything mostly, with the help of our Senior IT engineers and this because we started the team from scratch with me being first in it.
I saw that most people here are going for the offensive side of cybersecurity and was curious if there are people who are currently working or worked as a SOC analysts and gone through level 1,2,3 or the senior one.

I kind of want to establish for further colleagues, for me and for the team itself some level mechanism, like to keep track of the experience everybody has or gets along the way, idk just thinking a bit in advance and wanted to hear some opinions from somebody more experienced in this...

I've never been a SOC analyst but in general, senior can mean a number of things in various orgs. Generally a junior person is someone who takes guidance on their day to day tasks, with minimal independence. Now this doesn't mean someone is telling them every second of every day but they may be provided written guidance/procedures.

The transition from junior to less junior/towards senior is you can be provided guidance but need less handholding.

For my org, senior is a mid level title. At the senior level, you can be given general high level direction and no longer need handholding. You may also provide guidance/assistance to junior level employees.

Then you go above senior, you are the one determining the long term direction and strategy. You would provide guidance to senior level employees.

Most people say they want to work in the offensive side but it's such a highly skilled and small selection of people that most won't get there. While there is a need for pentesters/red teamers, there's a higher need for defensive and engineering roles, process and compliance roles, investigation, etc... Hacking and CTFs are absoutely vital things to learn and should be encouraged for everyone but those skills need to be complimented with active training in defense etc... Those are where most of the unfilled cybersec roles lie...

Hey thank you for the detailed explanation, it's very helpful, i had a general idea about what senior could mean in a company but really great to hear others experiences, i see it the same way and it's good to know i got it somehow right 🙂 Many thanks for your insight.

Gave +1 Rep to @pseudo creek

Yeah i think so also, the offensive and defensive are interconnected and knowledge on both sides is clearly needed but i personally found myself more suited for the defensive part, at least for now.
I'm starting to get more and more into the offensive side also for better understanding of how things work but still want to continue with the defensive part of it when it comes to work.
Many thanks for the insight also 🙂

Gave +1 Rep to @rugged delta

Hey, Im about to apply for SOC analyst jobs, but I just recently finished my bachelors, what are skills/certs/projects that i should include in CV sir?

I came to this position from an operations side and with little experience in the cybersecurity domain, with more general IT knowledge. I don't have any certs except some IT courses from my country and some that i've obtained online from various sources like Udemy etc

In general with some IT knowledge and some experience on an IT position you can get hired pretty quick on an SOC analyst level 1 position, with little to no experience on a former similar position and without any certs.

Regarding needed certs CCNA and Security+ would really give you a boost i presume but can't say 100% because i don't have them, i said that maybe until next year gonna get at least Security+ just for the sake of having it and testing my knowledge..

As recruiters are asking more and more for soft skills, here's an event I saw dedicated to improving them.
Free and online, ofc on July 6th and 7th
Here's the link: https://event.50intech.com/summit

Where is the full URL or please provide more details? I could be interested. Ty

Gave +1 Rep to @harsh harness

@peak hazel
https://event.50intech.com/summit is the full url
from their page, it says that the evnt lasts 2 days
"Two afternoons of influential women in Tech sharing their key learnings, actionable advice, and answering your questions LIVE with every single masterclass having a 30-minute Q&A session !"
List of top soft skills and how to improve them, career advices

Cheers @warm hinge -I am not a woman but good skill to have anyway.

from what I read, it's opened to everyone, so if you're interested you could still go and see

Hey guys hope y'all are doing good just want to know what's your opinion about 2 columns in a resume ? and your opinion about 2 pages in a resume for a student ?

I personally don't like columns. In my mind it should be single column in a neat and orderly manner. Look at AwesomeCV which uses LaTeX and you'll see what I am talking about. As a student, and in general, resume should be a single page.

And Another thing is certificates of completion for example CISCO: Cybersecurity Introduction or PentesterLab Badges worth mentioning in a resume instead of projects ? Last can I drop my resume here for advices ?

I would not mention “certificates of completion” over projects as projects are real demonstrations of technical abilities, whereas random certificates can be handed out by anyone, aren’t really proof of you doing any work depending on the course, and typically aren’t industry recognized.

You can drop your resume here (personal info redacted) for others to review 🙂

I don't have permissions I think to send any files 😥

You need to verify

!docs verify

Done

So, I think this already looks decent visually

But the thing that immediately caught my eye was the double column for skills when everything else is single column

Languages should go in skills as well

You think something like this is better

Better

Spoken languages should go there too

I wouldn't list programming languages you don't feel comfortable actively working in

Primary, and then order the other two in order of proficiency

But really, listing more than 1 language per category of language is overkill

This

so do I add scripting in my core skills that's enough

1 garbage collected, 1 that requires you to manage memory, maybe an OS scripting language

I'm going to assume English is your second language, I would run this through something like grammarly in order to fix some of the smaller grammatical errors

think about it from a business perspective; what value does your scripting bring?

actually its my 3rd xd

for the roles you've had, it is appropriate to list the industry tools you've used

if you used a tool for static and dynamic analysis', put those on

Yeah, that was my next thing. Your skills should be specific technical skills, not just broad categories

like mobsf

One or two broad categories may be fine but I'd try to narrow it

no need to include python when talking about django, as ALL the backend code is python

Position of Responsibility is not a good section heading

If it's related to school, lump it into Extra Curriculars

Okay, so for skills do I add spoken languages and remove languages or put them in my core skills

Unless other languages are relevant to the role, I wouldn't include spoken languages

I think for mine I did "programming" for the coding languages and the languages for the spoken

But that's also true

And Another thing I'm a bit confused over my current internship I'm doing a Security Audit to a Mobile Application but I don't know how to label my role is "Security Engineer Intern" a good title

What's your title on your employment form?

I wouldn't give yourself your own title i dont think, what about you juun?

your title is something that gets covered as part of orientation

Don't just make it up

"Cyber-security consultant"

Were you actually a consultant as an intern?

Then that's what you put

consulting is very different than traditional roles

The role title should have also been on the job req that you applied for

I'm in the internship, But I didn't apply for the job they offer me the internship

the primary task that I have is detection of flaws and vulnerabilities in a mobile app

Do you have an employee portal that you can use to see your current title?

No they don't have that, is it weird to ask my tutor about my current title

Your tutor?

Is that what they call mentors wherever you are?

ye

xd yes hahahah

I don't see an issue with it

Or go ask HR

Okay I'll try to thank you so much for your time sir appreciate it

Hey there I find it a bit odd that WGU is requiring for me to take the A+ exam since they didn't accept my high school diploma (because i didn't take any IT related classes), is this normal procedure ?

I have a question I want to ask is it compulsory to learn Data structures and algorithms if you want to crack big companies as a cybersecurity analyst?

Actually my college placements are going on. So on the second week of August there will be companies who will visit to hire us.

I have the basic knowledge of C, Bash nd Python. I also know how to write good code and about basic networking related things

My placement office coordinator thats what we call him here said it is necessary to have an excellent grasp of DSA as a fresher

He told me that my knowledge of networking and os wont do any good if I cant clear the first round

First Round: Technical round. Have to solve coding questions

Second Round: Technical interviee

Third Round: HR Interview Round

DSA isn't really a cyber security thing.

Cyber security analyst isn't a software engineering role

I see. Sir, can I ask how a fresher can crack a job in cybersec?

Are you in India?

There's pinned advice if so

Yeah

Ok thanks will check it

DSA is software engineering, not really cybersecurity.

He was also my college professor

If anyone is interested I just found out about 'Cyber Now Labs' from watching Mike Meyers from Total Seminars live today. He really recommends it for job placement anywhere in the world.

I'm going to do some more research on this btw!

According to him they have a 90% job placement rate since they have a dedicated department for it.

It is a 21 week program that is quite costly apparently and not they don't just take anyone

They take anyone that pays? 😄

There are a lot of ways programs like that can fudge their placement numbers up to and including just offering short contract work to graduates to say "hey, we found them a job".

Ask me how I know.

I wouldn't doubt this to be true with some organizations, yes.

hi everyone

are you guys pro cause i need help

How do you know?

Lol, I attended one. It's not to say they're scams; I certainly learned a lot, but I was also halfway through my bachelor's in computer science. However, because it was paid for by a veteran jobs' program, they only get half the money up front, and the other half when students can submit a form demonstrating it got them hired.

So they offered me the opportunity to do some contract work for a week to meet the requirement, then never bothered to actually look at or use the work I did.

what do you need help with?

I'm sorry to hear that! I've never done any of these programs in the past.

Honestly, I think it's best to just apply for jobs and hone your skills to be able to get job offers.

I mean, they're not entirely scams, and I found my way here through having been through one such program, but be extremely skeptical about placement rates at graduation.

I mean not saying they are scams, but I always think it's best to just get a job opportunity.

Like I wouldn't do unpaid internships either as I don't think it is ethical.

Since unpaid internships are geared towards the privileged who can afford it.

Either way, I always say the best way to go is do a lot of projects, engage with community, refine your CV and apply for opportunities.

I mean, I wouldn't recommend paying out of pocket for it, as I certainly didn't.

How to answer this question at interview: During a pentest you come across an application not responding as expected, what will you do ?

Try and resolve it.

If use whichever task killer of the OS you're on and end it, restart it. and work from there.

And record when I closed until when I opened it, probably.

I'm not a pentester so I couldn't know for certain the true steps, I feel Juun or James could best answer this.

Thanks Scrubs! Hopefully more Pentesters chip in ?

contact the client 🤷‍♂️

the client would also appreciated asking them and getting it resolved in 10 mins rather than you spending hours of their money trying to get it in a working state yourself

but yeah the question is very vague so that’s how i’d answer it unless they clarified

Cheers for your answers! I clearly failed that question as I said that I would look to see why this is the case Does this mean this app is out of scope ?

Uhh I’d totally be wtf is a pentester tried to resolve issues with one of our systems / applications

The more you know, thanks.

Gave +1 Rep to @pseudo creek

Please can you clarify 🙂

A pentester is not a system admin / application admin, it is out of their scope to resolve issues. Now a pentester could poke around to see if they see anything 'off' but they shouldn't really be doing things like restarting services

No! I just had a video Teams interview and this one question made my mind freeze.

Great insight! Thank you @pseudo creek

Gave +1 Rep to @pseudo creek

but I'm also on the side of jake, you could poke around for a few minutes to see if you find something unusual but you shouldn't wait too long to contact the client / responsible system / application admins

We also ask some vagues questions when interviewing as we like to see the persons thought process but I think we’ve only had a handful of people ask clarifying questions

I should do this more often! Sometimes I am just stuck in Question/Answer mode I forget too do that. Great advise.

Depends on what is meant by 'not responding as expected.' Scope confirmation that the host and ports are in fact in scope for the technique you're using. If the ports are being filtered, there's something else going on and that is likely to be a thing you don't have control over.

the client will want to know if one of their services isn’t functioning properly, as it may have an impact on the outcome of the pentest. It is not in the scope of a pen tester to triage. It would be in the scope to identify what service and gather pertinent information, how they found it, when, etc. then they should report it to the test lead and let them make a determination whether to continue the test or pause to inform the client so their own sysad team can triage.

If the client is internal, typically situations like this would be identified in the master test plan. If it’s an external client, likely would be covered in the SLA.

Maybe this is where the benefits of starting in support show themselves 😄

Light the tower on fire and flip the table.

Find the server and perform an exorcism.

Smudge as needed.

If you find an unresponsive application on a pentest, the best advice would be to not touch anything, don't even disconnect from the box. Get in touch with the assigned contact (your team lead/the assigned client contact etc) and only discuss your findings with them. Let them negotiate the admin side of it and notify you about how to proceed.

If you find an unresponsive application on a red team exercise, they're obviously not paying too much attention to this box, or it's a trap. Wipe the logs, discconnect and pretend you were never there until discussing the final report. /s

It's not your job to fix the application. If you're meant to be testing it and it isn't working, you talk to the client.
If you aren't meant to be testing it, why are you looking at it?
If the client hasn't fixed it a good way through the job, you need to write it as a limitation in your report.

"If you find an unresponsive application on a red team exercise, they're obviously not paying too much attention to this box, or it's a trap."

• Sorry, what trap? Why is an unresponsive app considered a trap?

Honeypot

is there a way to pass the CEH v11 exam

in a week

can someone give tips

Yeah you take the exam that week and pass it

ironic

but thaks

thanks*

It's tough, almost impossible I would say... but.. what have you got to lose by trying?

400 dollars i would say

450 at the most

You haven't paid for it already?

i have paid

sir

There's a lot of stuff to learn, unless you're familiar with the field already you won't do it in a week

i am familiar

i passed in one mock and failed in the other

Then, you will lose them if you try or not try?

I mean, you paid for it anyway. Is it possible or not is irrelevant

it is but i require a bit guidance

thats all

like atleast much to bolster my confidence to do it and work in a more efficient manner rather than just reading all of it

It really depends on your current knowledge and the amount of work you're willing to do. You'll need to satisfactorily cover the 20 modules of the course to a reasonable level

i can say 50 50 satisfaction

20 years in the IT field and want to make the hop to cyber security. Been looking and applying for jobs, but no luck. I need to up my networking game.

Step one

Don't do CEH

why do you say that?

Ah rip

Just saw u already paid

Not overly well regarded

in india it is tho

Really?

yup

Never seen anywhere else where people like CEH

Apart from shitty companies that r behind the times

Isn't even good to get past HR?

i have done CND OSCP and a few but CEH is itself a hindrance

In UK, not particularly

Copy

but i am yet to get a job because the pay is really low for us

they be saying CEH

For US Detroit area and Ontario Canada

so i gotta wind that exam in a week

I have also not really seen it included

Those r the only places I really look at PenTest jobs

Not looking to move company atm but I like to keep an eye on what certs are valued

CEH is not one

In the areas I look at

Fair play

I mean u gotta do what the employers want at the end of the day

If my boss wasn't so obsessed with Microsoft exams I would NEVER go near them

Soooooo boring

FR

but if anyone got any tips please do help

I bet they're at least better than Soti's 😛

BS

xD

i mean i agree

😂 I had a good laugh

Tf is this

Lmao

The moment someone realises they're going to achieve fuck all with that 😂

"immune to malware and attacks" proceeds to get rekt in a coffee shop

with public wifi

What is the best way to make a long post here? can we do threads somehow?

Break itt up into pieces ig

Hey, is there any legitimate way to earn some money as a 16y/o within cyber?

Bug bounty

Good for CV's as well

Are here lower tier bug bountys available?

I dont think i stand a chance against full development teanms from big companies haha

I don't think you understand what bug bounty is

Huh?

It's not a software development thing.

Nah i mean, that i dont think i wontbe able to find exploits in applicatitons from such big companies

You'd be surprised.

Maybe i will haha

any platform you can reccomend?

I do not recommend bug bounty though, and you can't sign contracts until you're 18 so you can't do bug bounty.

Hmm fair enough

Are prized ctfs maybe something?

there’s loads about

check out ctftime

maybe u aren't ready to make money in cyber yet then

just keep getting better

money will come eventually

also good point from James regarding not being 18

didn't even think of that

Yeah thought about that one too

How are ur fundamentals

Networking, Programming, etcetc

pretty good, started with programming

noice 🙂

fluent with python, comfortatble with networking

good u didn't jump straight into something like PenTesting

Oh, yeah. When i started hacking i only did HTB using walkthroughs lmao

had to create a new acc cos the old one had too many cheated boxes on, but learnt from it so

fair play fair play

good on u 🙂

hey anyone here knows what a diploma is?

Google definitely does...

should you do diploma and then opt for engineering?

Whatever you're asking, it needs one hell of a lot more context.

what do companis look when interviewing for eng

in cybersec

A cybersecurity engineer position?

yeep

Have you looked at several listings on LinkedIn?

alight

leave

it

thanks

for atleast responding

You gotta research

ninja where u from?

It's a fundamental skill in infosec.

k

ohhk

where u from

.

?

Please stop the walls of text, you can type in sentences. Even multiple in a single message!
Why does it matter where I'm from?

👍

Is it ok to link to a Reddit post I made about career?

I'm not sure if this question has been asked before but here goes; I'm currently in the army, I have sec+, I work helpdesk, and my contract ends 2026 in Feb. I'm trying to set myself up for success so I can get a great role as soon as I get out. I've been looking at Security Engineering or SOC Analyst as one of two career paths I want to take. I have found tons of information on how I could break into the Analyst role but not much on how to break into the Engineering role. What certs, training platforms, or/and other tools would guys suggest will get me at least decently employable in an Engineering role by 2025?

Does your current role have a clearance? If so, jumping into the world of gov contracting is probably the fastest way to get a job once you are out.
Depends on what you mean by engineering. Product dev? Systems engineering? Cybersecurity or infosec engineering? There's a lot of variability there.
If you are going for a SOC role, knowing a SIEM (like splunk or ELK) is very beneficial. Security engineering is probably going to be more a network security role, but not always.
And remember that titles, roles and duties aren't the same across industry.

By engineering, I was thinking of the guys who build and improve the systems that the SOC analysts use to monitor for threats.

Also, yes I have a clearance.

Unless you are working product dev specifically for infosec tools, that is more likely to be be infrastructure or architecture. "Building and improving systems" is a pretty vague category - are you talking about the actual product development, or the systems implementation based on an architecture?

Let's say implementation based on an architecture.

"SRE" is going to be the great thing to get familiar with

Security engineering will rely on technical certs for whatever technologies. A networking cert is great as well as a cloud cert. Security+ is good and then eventually CISSP.

Having a clearance and working gov, I’d look at Azure cloud certs although AWS is still used

So, for technical certs, you mean Linux and Windows certs?

Windows, Network+ and RHEL

Depending on what you want to focus on

I would love to work as a member of a team that DIRECTLY deals with addressing cyber threats but not just staring at logs all day.

well if you want to work with a team directly dealing with cyber threats, then you want to go into DFIR

usually their title isn't security engineer but can be

DFIR Diva has a lot of good resources for that https://dfirdiva.com/

"A security engineer will also need to deal with initial design, implementation & configuration of both the tool and the integration, and testing. On an on going basis, engineer will also have to deal with maintenance, support, problem diagnosis, vulnerability and patch management, monitor vendor releases, any cert management, etc. So engineering has much more periodic tasks with regard to the upkeep of the tool." This is what I think of when I say engineering.

I love her site. So many great resources

security engineer is the most common job title in cyber security, it can mean a million things

so what do you mean by 'deals directly with cyber threats' because that job title isn't what I'd envision

like for DFIR, if it is determined a cyber threat may have occurred, the DFIR team would investigate, determine what happened and when, would also potentially find out what remediations may need to be put in place

By "deals directly with cyber threats" I meant for example improving the SIEM/SOAR tools because a bad actor was able to bypass security measures or a SIEM tool is showing too may false positives.

This is why I was trying to be more descriptive rather just throw out job titles.

yeah I think if you want to work with SIEM/SOAR tools, you'd want to start out as a SOC analyst, which may involve looking at logs initially... I'd get familiar Splunk

What if I want to skip being a SOC analyst and go straight to being the guy building and improving the SOC analyst's tools, is that possible?

would depend on the company, if you got extremely familiar with those tools and were able to show that knowledge somehow, maybe

Ok. btw, thanks for your patience.

Gave +1 Rep to @pseudo creek

no worries

@pseudo creek is it okay for me to share a link to a reddit post I made about career?

https://itmasters.edu.au/free-short-course-pen-testing/
Cool course I found, comes with a free exam and certification at the end 🙂

Good for da CV if u can't sit any certs right now I'd imagine

as long as it isn't part of some drama rule #2 or you don't post it all over the place rule #3

Cool. I just haven't gotten any replies on reddit and it seems like I won't so I just want to see if I can get some input from here.

https://www.reddit.com/r/CyberSecurityJobs/comments/vuu3it/first_opportunity_and_i_have_some_questions/

This basically explains an opportunity coming up and how I feel about it, what advice can be given about it, and mostly I am wondering if its truly a once in a lifetime type deal. Mainly I am gathering this data to build a better argument for my wife, who doesn't want to relocate, however I am absolutely sick to death of my job and I need change.

Well, sounds like u got pretty friendly with the guy and showed ur passion and drive

which is the hardest thing to find

u can teach anyone Cyber Security skills, but u can't teach passion

U have obviously proved that passion, hence why he wants you on his team

Definitely not once in a lifetime, but yes, I'd say it is a pretty great opportunity

Thanks

I think once in a lifetime is a bit extreme, but my feelings are essentially that if I don't gun for this, that I will be stuck at my shitty job for another 3-4 years while I finish my education and then try to find a job in cyber.

My main predicament is that we have two children and my wife wont work ... So I can't take very much of a pay cut to get a low tier tech job, like help desk, which generally is offering about $8 less an hour than what I make now.

My wife seems to think that this kind of thing is normal and that I should be able to build this type of relationship with any head of cyber security through LinkedIn, but I'm pretty convinced this has way more to do with their internal hiring habits than my charisma over LinkedIn messages ...

So as someone who works for a large organization, it is fairly normal. Reputation / Internal recommendations can get you a lot. Like if you've had good reviews from your management even in a different role, it can hold a lot of weight...

On the downside, they also often use opportunities like this to underpay people. It is cheaper to get an internal candidate in there than an external, especially if going from a non-tech role to a tech role.

My current leadership has been incredible through all of this. I'm not sure what the chain of communication actually looks like, but they've mentioned many times trying to talk me up to their own seniors, and trying to do the same for anyone at HQ if they can. This is another reason why I think this is so golden for me.

So what's the catch with pay? Should I do some more research and get more comfortable negotiating and expect to negotiate?

you can try to negotiate, but they will probably use your current pay to justify underpaying you what they would otherwise pay someone else and they will tell you things like its a 'growth' opportunity and may promote you in a year or 2 depending on performance

bastards ...

but thank you for the insight

What are some other things I could potentially try to negotiate? Do you think it will stay pretty standard or do you think I could get a lower pay with some better benefits or stock options?

you can ask, never hurts to ask for more vacation time and such

some people shadow has heard have asked if the companies they work for can sponsor trips to defcon

hey people, can I find a job with 0xD GOD rank without any acquaintances?

by without acquaintances, I mean the employer is not my acquaintance

no

can I get a job with pentest + certificate?

Yes

I dont have to start a "career", I just wanna earn some money to cover my university fees

cool

Doesn't have to be a cyber job

sorry, is this a question?

I’m actually signed up for a shadow program right now. Just waiting to get the session actually scheduled.

No, it's a statement

But yeah I’ve thought about the trips a lot. I hope they do sponsor those things.

ok, got it, thx for the answer

Gave +1 Rep to @quick forum

https://www.linkedin.com/jobs/view/3153694206

Someone from India who has PNPT can apply here. (:

Am I remembering wrong or did u not say they were offering double ur current pay?

pay should not be an isssue or something u need to negotiate if they r offering double what ur on now

take it, upskill, then get a pay rise

Did a bit of a rewrite to the LinkedIn bio for my current role.
All feedback is appreciated 🙂

If thats under your role, I'd say its too much information @mossy pewter

Keep it bulleted like you do on a resume honestly

The stuff regarding your team is also OPSEC somewhat, and isn't specifically about you

If you want to expand like this, the account bio would likely be the best place

What you written would look very nice on a CV as it is detailed and provides useful information about your skills. Have you tried browsing Linkedin for other profiles ? This provides you with more insight. Expand on your OPSEC roles or discuss a THM pathway you have completed to link it to cybersec skills - just me thoughts 🙂

Too verbose for a CV.

tyty guys

will get it updated ❤️

OMG! THis is HilArious: https://www.youtube.com/watch?v=UWe4aMPAyvc

"so if you want to find out what I offer I accepted, wait until you hear all about my sponsor..." boring sales pitch... skip... skip... skip... "I'm not going to tell you about the offer I accepted, for reasons..."

Hi everyone, I have an interview next week for a security engineer(soar engineer) position. I passed the initial interview it was about my experience in soc and before that. The job is about preparing playbooks to automate detection and response through SOAR. I will have to write python code for the most part.

For the second interview, I am supposed to prepare a case study. They haven't send me the details yet. What kind of case study should I expect since the job is mostly about managing the soar platform itself (which has its own learning curve) and writing python code.

Not sure how I feel about that. Is this common juun?

Usually some kind of problem to show reasoning ability is common

If they have given you a problem they are actively working on, that seems really sus.

Right, but you having to provide a case study?

Have to wait on the details of what they want

That seems like a lot of work for an interview

Case studies are an output to teach something to the rest of the team

This sounds like a mid- to senior level position

You should see the process that architects have to go through to get hired/promoted where I am

I mean, where you are, I'd see it as understandable. The thing that stuck out to me was bringing the work to the interview.

If it was a longer interview where you have to work through a problem, I don't think i would have asked you for more information

What are your guys thoughts on WGU cybersec bachelors degree?

Too new of a program

Not reputable enough?

could be good, but no reputation that i can see yet

I see

Any programs that you know of that are?

for cybersec? I know some "good" programs exist, but I don't know of any off hand. Unless you have a very specific focus, compsci is a better major.

so WGU compsci major it is hahaha

Hello everyone, I'm doing MSC cybersecurity in the United Kingdom. I'm really worried about my career because everyone is looking for experience, but  fortunately, I still have one year left to complete my degree. Can anyone recommend the best career path to enter the cyber security industry, as well as certifications which can land me on job without experience ? I appreciate it.

Hi, so i just graduated from college with an IT/cyber security degree and i feel like i didnt get the full extent of learning from online school so i've been trying to learn through different methods. I have having a hard time remembering things. The thing is once i do something i can remember doing it, i just cant remember like if i am just sitting here. Does anyone have any good ideas on having the information stick in my brain. I am also trying to start a career in cyber security but it seems like you need 3+ years before you can even get an entry level job. Any advice will help and be greatly appreciated.

Most people working in cybersec have had some experience in IT/Programming etc. A lot of companies do want to hire people with experience but as well as your MSc, other cybersec certifications can go a long way with the HR bots/people. Certs like Security+, OSCP, CISSP and others help a lot and a lot of 3rd level colleges do have work experience placement or at least have resources to assist you in finding positions.

I would recommend checking out the Tribe of Hackers books by Marcus J Carey and the Hakin9 free edition of 'How to become a hacker' from their website...
https://www.amazon.com/Marcus-J-Carey/e/B07MFWJPGV?ref=sr_ntt_srch_lnk_1
https://hakin9.org/download/hakin9-open-become-hacker/

Cybersecurity is a very complex pursuit and none of us remembers everything all the time. It's good practice to take notes while you're reading about things, following courses and performing actions like building applications and performing admin or hacking tasks. There's lots of applications to help, like CherryTree or Notepad++ and others, and even a Notepad or similar app can help a lot.

It's also valuable to have a pen and paper to write notes and draw diagrams and scribble things as you go and then revise them later. Then practice, practice, practice. It's okay if it doesn't work when you're learning

Do you have any prior experience in the computer space? With getting a masters, you've more than likely priced yourself out of entry level positions unfortunately. I'd look at a way to gain professional experience while still in school, internship/part time if possible, somewhere in the computer space. If you don't have security+, I'd look into it.

There are also lots of help facilities like man pages in Linux, cheat sheets for lots of things like Nmap etc and using a search engine is a skillset in itself

Keep in mind that Cybersecurity is not an entry level field. In most cases it takes some amount of experience in another facet of the computer space.

Sometimes things go your way though

Yep it's a long and fascinating journey with plenty of challenges but there's lots of tools and resources to help you out

great info thanks

I'm doing full time self study 😅

It's been 2 years from 0 programming knowledge

Sometimes I doubt my VR dream...

Any advice
:)

Get some professional experience

Something like IT, where you can grow your skills and network

Self learning is very different from gaining experience on the job

I personally tried to do internships in any IT field over the last year and got nothing. Even internships are difficult now

And most jobs will require continuous learning in this space

Most internships tend to be reserved for 3rd level placement these days

Internships require the candidate to be a student, either vocational school or university.

If this is the UK, we have graduate programs too

yes I was in school while applying to interships

I wanted the shortest way(do or die) to VR so I dropped formal education and went straight googling and reading books

Stupid decisions but I'm learning a lot (0 programming to writing some windows shellcode now)

But as u said earlier...gaining real world experience is hard

VR?

Vulnerability research

:)

Im still stuck with this

Join your local BSides, establish local person-to-person connections and network with people who have gone before you into the industry. 😎

How do you actually gain real world experience 🥲

As I mentioned before, start somewhere in the computer space. IT is a common starting point for a lot of people

:) thanks

Open source tool dev is a great thing to have on your portfolio. If you can quantify what you've learned in a way that benefits the cybersecurity community as a whole, that's a great way to start your social network.

IT support is usually the entry point for most folks. Making connections is invaluable

And can anyone land VR(vuln research, exploit dev) jobs without formal education degrees 😬

Ahh stupid questions :/

What is BSides?

Local conferences organized by volunteers. More information here: http://www.securitybsides.com/

Vulnerability research and exploit dev are advanced topics and you would usually need to have a reputation with people in the field and quite a bit of experience to be taken seriously. Also if you don't know what you're doing in those fields and you cause an incident, accidentally or otherwise, you can be held liable for your actions.

For instance, as part of my cybersec college course we had projects for malware analysis and we were informed that, even though we were expected to find sources for active malware, we would be investigated by the police for any security breaches that occured.

🧐 ohh
Thanks

Btw
Where did you go for cybersec ?
College?

Gave +1 Rep to @rugged delta

I went to a 3rd level college in my country. Any time you are undertaking cybersecurity exercises, you need to do so within the framework of the law. That's why platforms like THM were developed, to provide a place where we could learn things that would otherwise be considered illegal, dangerous or dumb to do in the real world. We also had to study law in the cybersec space

College s here don't have any cybersecurity options 💔

I am so wrong for this
But I guess Ill just have to find ways forward
No choice

There's always professional certifications

Would like some advice on my current plan to get into the IT field. Have been working full time while going to school, have one more semester left to get my associates in Cyber/Information Security. I plan on working to get my A+ during this final semester and looking to make the transition from my current field and get into a help desk job to start my career since I have no prior experience. After I get settled into the field, will probably be applying for a program to work towards my BA.

Cybersecurity is a personal journey. People can guide and advise you but it's up to you to explore and to do the work. You'll get a lot out of it for what you put in

Like ?

Yeh :)

Security+ and other CompTIA ones, CCSP/SSCP/CISSP and other ISC2 ones, the ISACA ones, OSCP and other Offensive Security certs, specific ones for AWS/Azure/GCP, Linux certs, Windows certs... There's certs for every level and every discipline and that list isn't comprehensive

Thanks a bunch :)
I'll look into this

Gave +1 Rep to @rugged delta

That's a good plan. Most people start in a helpdesk role during/after college. Certs like A+, Network+, Security+ are good introductions to the field at that level. Working towards your BA is a good idea and there's lots of other professional certs too.

You still need experience to go with those certs

😬ahh yes

Of course but getting the certs is part of the journey and you have to start somewhere. Getting a few CompTIA certs is a good start without even having a job or while getting helpdesk work

Thank you for the feedback!

Gave +1 Rep to @rugged delta

It's going to be much harder than I thought :/

And I cant sub rip too 😂💔

We all start at the beginning. We've all learned things through practice and we've all gotten help and advice along the way. Spend your time learning and practicing. Make that a habit and the rest will happen

Sure,
Thanks 👍🏿

I'm learning and practicing full time :)

Few weeks back, I was practicing my RE skills and successfully patched IDM(internet download manager)...it was a great success for me :)

I tried fuzzing with Winafl but didn't go far as I was fuzzing with i3 duo core 😂💔

Gave +1 Rep to @rugged delta

What kind of organizations would want exploit developers? I don't assume it's just NSO and the NSA (who get their exploits from NSO) right?

^I'm talking about binary exploit development, not webapp etc

Nvm
I know nothing hah...

Suggestions anyone...¿Any great org or college or anything for cyber security¿ Physical not online

That's a personal decision

You need to look at programs

I imagine red team companies might. Things like Dragos

Find a program that fits your needs and has a good reputation, accredited, etc

Hello every one I'm new to cyber security and want to ask a couple of questions. I'm currently doing self studys for cyber security and I use to go to school for Comp Science and after a while I realized that I actually wanted to major and focus of Cyber security. Of course for reasons i had to stop attending and now after a while I'm back on my studys and want to get a job in CS so I wanted to ask whats the best way to get a job in this field? i was thinking of going to a CC because i dont have a lot of money atm but I wanted to see what would benefit me the most? at my nearest CC they have programs such as certs for info security and cyber defense and an AS in cyber defense only

It's quite hard to find any good ones here

Anyway 👍🏿

Get a college degree, certs and do CTFs. but the answer depends on your location

A lot of the low tier boot camps/certs from colleges are just money grabs operated by a third party. So you have to be careful it’s not a waste of money.

yeah thats what im also worrying about

tbh im just trying to get my foot in the door right now but i know i need something that would give me the knowledge as well help me to get a entry level job

im thinking to also doing the EHC and Comptia Security + but other than these 2 what would also benefit me

?

Remember, you're going to need some level of professional experience for entry level positions in cybersecurity

Certs and degree will help but they don't always let you skip the line

Some people don’t like it, but yeah, entry level cyber security is mid tier it career. Yes some people do skip the line. But it’s much more difficult.

I’m not a good example but I was a sysadmin for 10 years before moving to cyber security full time. I could have moved sooner if I didn’t live in a terrible area and have serious imposter syndrome 🙂

Security+ for sure, but skip CEH if that’s what you meant. Let a job pay for that piece of paper if they require it.

Don't get CEH unless the job pays for it

Outside of India, it's pretty much useless at this point thankfully

thanks for the info

Gave +1 Rep to @hollow ice

thanks

So how would i go about getting experince

?

Getting a job

lol

Helpdesk is a common starting point

ok lol i was about to ask what would be a good job to start with?

Are you in school again

yeah i reenrolled but i havent started yet

Ah ok

Internships will be available to you then too

If your school has an IT club or something, join it

If it doesn't, find a professor who will cosign

Ask your IT dept I'd you can shadow or see if you can get a student position up

oh thats an amazing idea i really appreciate all of this info

Hey guys, I am recently graduated in Cyber security from college, and I have security+ on hand. Can anyone suggest what type of job is a good start point in this case?

Congrats bro

Probably SOC Analyst

SOC analyst or help desk

They’re the most likely starting points. Especially if you didn’t put the time in during college to actually research the field you’re going into lol

can we directly choose a cybersecurity course from college . or do have to learn everything online?

Some colleges offer it, have a look in your area.

where do u give the exam?

and is the knowledge learnt online less important in the portfolio

Well, with my college course it was all done in college.

Or at home last 2 years due to covid.

is it included in the engineering course or seperately

is it in cs?

Is what included?

Certifications? Rarely

Is it recommended to go for CEH as the HR admires CEH if we want a job?

Are you in India?

Is CEH highly sought after in India specifically?

I work for a company as Detection Engineer. We're looking for 2 positions Senior Adversarial Emulation Engineer and Senior Detection Engineer. How do I post to the Jobs-board

@hoary sierra You'll have to talk to Hydra I believe

Yeah CEH is great in India and pretty bad in the rest of the world for the most part

Thanks 🙂

Gave +1 Rep to @jolly gyro

i don't understand they say there is a big cybersecurity shortage and i couldn't find an internship

Because Cyber specific internships are hard to come by

it's not exactly a business area that orgs want to put really green people

Most of the manpower deficit is in mid and senior level security roles, not entry level

By expanding your search to include other areas of the computer space, you may have better luck

i heard a lot of people go in via IT helpdesk, then try work their way up

i just feel like my degree is useless

IT is the starting point for a lot of people, yes

wish i didnt get a degree but started as helpdesk

Degrees are useful

i'm 4 th year student studying network and telecommunication engineering and couldn't even land an interview

Just because you didn't get a cyber specific internship, doesn't mean you can't apply for other areas

how much time is minimum for an internship ?

Internships after graduation aren't exactly common

Internships are generally 3 months if over the summer

lol i was asking for 1 month cuz that all i have left no wonder i couldnt find any

that said, they aren't uncommon either. Typically internships are open to students who graduate in the same summer as the internship

Yeah, I saw a few when I was first applying out of school

Probably didn't see the bulk as I wasn't specifically looking

Ya...India

Might be worth it for HR then, but won't be for learning. By all accounts it's an absolute BS cert, but many Indian companies still seem to like it.
If you have to jump through the hoop, best advice is get the cert and forget everything ASAP -- chances are it will be out of date or outright wrong.

What would you guys suggest CySA or SBT L1 or Sec+ for a SOC Analyst role?

I started with Sec +. Gives more foundational knowledge. CySA is a litte more advanced and Sec will set you up

I was thinking about SBT L1 as it is practical based examination😅

I have yet to take on of their cert exams so I cant speak on it, I only have CompTIA certs 🤣 and working on SSCP

Hey guys, did you see my post about the Virtualization Engineer job in #jobs-board ? Really cool opportunity for all my network engineers out there who have a talent in the virtualization side of things. 😁

What are your thoughts Pen-100 offsec vs CyberMentor PNPT ? Love to hear or if you feel Pen-100 is not worth it and hold out for main event 😉

not really worth it...

I mean if you are doing the courses for PNPT, you'll get anything that is already in pen-100

I've had my first pentest intern interview today, I thought I could share the questions I received (although it was only 10mins long):

• SQLi - What it is, what types exist, how it's mitigated
• XEE - What it is, what types exist, how it's mitigated

Also, "sanitization" isn't really an answer to all of these. I recommended sanitizing the input of user to prevent both of these, in one of two ways:

• Removing all non-allowed character
• Returning an error as soon as one of these is identified and blocking the entire input
  The counter question to that was: "What would you do if you had to accept all input, regardless of what it was". The answer for SQLi was prepare statements and for XEE was HTML encoding

Reading through THM, I never expected anyone to ask me what types of SQLi and XEE exist, so I didn't really bother memorizing it (I just understood it and knew it well enough from my head). But, as it turns out, someone actually asks that stuff

I was also directed to this website as a hint for the future: https://bobby-tables.com (hopefully I can share the link?)

All good points to remember, if your goto answer is sanitization with limited follow up, you’re probably going to be expected to answer more.

Removing special chars is not the best answer for either. Look at the perfectly valid surname O'Brien which has an apostrophe.
The proper method is handling the input safely with prepared statements

True. Funny thing is I've used prepare statements and html encoding, but I just never really connected the dots to answer this properly the first time

Also, I guess it's a case-to-case basis. I've only worked in non-sql databases in recent years, so the prepare statement never really applied to my day-to-day stuff unfortunately

The owasp guides are really good

Yeah. Still got a ton of learning to do, but getting there. The interviewer actually asked about koth on THM, but I unfortunately haven't had success with that yet. Still, progress is being made 😄

Not really case by case. If you're doing SQL, you should be using prepared statements or an ORM

Case by case as in

1. doing sql
2. not doing sql

Well, if you're not doing SQL then you don't have to worry about SQL injection....

Yeah, but the question was about sanitization techniques case by case. Eh, whatever, just miscommunication

im planning to buy subscription on INE to take ewpt and emapt. which subscription is recommended? does fundamental is enough? or should i go for premium?

what area in cyber security do you guys think is most in demand?

probably GRC

Honestly, any communications/writing role seems to be in demand IMO

And Cloud

I hope am not to late to save you $$$ . Please don't there are loads of better options to use like TryHackMe, Virtul Hacking labs and Proving Grounds. Why ? Recently a friend of mine subscribed to access matrieals he accessed 3 months: Same membership monthly plan but the prices had rocketed and loads of coursese were no longer available .

My plan was to take fundamental plan, prepare for ewpt and emapt while take ejpt for free because i dont have ejpt. So dont buy subscription?

I can only advertise from my perspective but if you re feeling brave - give it a go and you may have better luck than myfriend.

Definitely! For insight from users - it's worth checking https://community.ine.com/

it helps alot. thank you so much

Gave +1 Rep to @peak hazel

How useful is eJPT for somebody trying to start a career in cybersec?

Not massively

then what cert would u recommend ?

Not James but usually the Security+ is a good one to start with

I see, what abt going with Net+ first before that?

Do you have any prior professional experience?

Net+ is fine, CCNA is also an option

Definitely useful for learning purposes, especially if your plan is to get into pentesting. For getting a job, I don't think it'll help a bunch alone, but you gotta start somewhere. 👍

no,im currently in 2nd year in uni

With you still being in school, I would wait until you get closer to graduation and then get certs. That way they won't expire before you graduate. While you're still in school see if there are any clubs/societies that you can join that relate to IT/Cybersecurity, see if they allow students to work on helpdesk as like a work study, make a Homelab, and start writing a resume so that way you can try to get an internship next summer.

How to Leverage Online Training To Achieve High Paying Careers
https://tryhackme.com/resources/blog/online-training-for-careers

Hello. I have a question. I am in my final year of college, in a non-CS degree. I have started learning cybersecurity in February. I will likely take a programming job after I graduate in about a year. So, for the next two or three years, what would be the best course of action for me to prepare myself for a good entry-level cybersecurity role? How does work experience factor into the job I will get?

I unfortunately don't have a lot of peers who are in or are pursuing this field, some of the pointers I have picked up are to build a home lab, write blogs, beef up my LinkedIn profile, and bug bounty. Any tips on these would be appreciated as well, for someone with beginner/low-intermediate experience like me.

Hey , I would say build a good portfolio under your belt that other people can see, Like a blog, YouTube videos, participate in CTFs etc. also for learning path that depends a lot on which field you are aiming for like Red teaming or blue teaming i would say stick to THM/HTB like platforms in general but to specialize and learn more attacks in Red teaming for example you can setup your own labs, try doing certs like CRTO, CRTP,CRTE,OSWE, OSCP etc. For blue teaming on top of THM/HTB you can use cyberdefenders try to detect attacks on a red team lab and basically try setting up and learning a lot of the software's that are used like FTK Imager/Autopsy/Splunk. Also experience factoring really depends on the position and country you are applying as imo most places having developer background will help you in getting a entry/mid levelish cyber job though it can also not really factor depending on the location and what your future employer is looking for

Thanks! What should someone inexperienced such as myself consider when writing blogs? Should I just write on any topics that I feel like, as long as they are well-written? Or should I focus more on topics that are less talked about?

id say go with the flow and write with what you want/what you learnt , You could make some writeups and stuff as well you dont have to go niche or anything

i did the same with this one : https://enotes.nickapic.com

where like anything i learnt or was researching i just added no need for it to be hella extensive and stuff or being super niche

Oh that's quite nice

I'm actually transferring my notes to a Github repository myself

yeah you can make a github repo for it as well

But yeah, thanks for the advice! Am I welcome to share my blogs here (no spamming ofc), and which channel would be best suited for this?

shadow prefers that their notes are private.... only shadow and one of shadows friends can read the notes as they sync it to a private vps server

for github i did something like this maybe it helps? https://github.com/nickapic/Cyber-Security-Knowledge

yeah those are not all my notes just the ones i dont mind making public

i think you can share to #resources

if you are doing writeups for tryhackme rooms there is also the #thm-community-media channel

yep that one as well

Ah, I will keep all of this in mind. Thanks 🙂
@stark marlin nice resources too

Gave +1 Rep to @stark marlin

no problemo

Narrator: "But it was all problemo"

damn

What I find interesting is the regional differences on how important certs are for a job

In western europe I don't see a huge focus on certifications, at least not for any position I applied for

Very country specific. I.e. USA, OSCP is nice, where CEH isn't. CEH is very india specific. Things like OSCP are nice but you want to be going CHECK-wards in the UK @pallid flare

Question: does Pentest+ satisfy the same requirements as the Security+ for DOD jobs?

can anyone show where to start plss!!

You can see what satisfies each requirement on the DOD 8570 chart

Head over to #start-here to begin

People originating from India or who are working in India, what has your pathway from your bachelors degree to your current cybersecurity job been?

https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

@stoic cave Thanks for the info.

Gave +1 Rep to @stoic cave

Thanks!

Gave +1 Rep to @edgy saffron

It seems like Pentest+ offers more job coverage

For what specifically?

Pentest+ is a pentesting specific certification. One that does not include a practical I might add

Some of the listed DOD IT jobs that I’m hoping to pursue very soon in the future.

Just be aware that the government doesn't do hiring the same as private @deep portal

You cant just apply for any position

Sec+ is a good cert to get as it covers both IAT I & II as well as IAM I

Which is where most people start unless they are already an industry professional

thank you :

Gave +1 Rep to @stoic cave

Having a virtual coffee with an application security engineer at a cybsersecurity company I'd like to work for. I have some general questions but as someone still in school, any recommendations on what else I should ask?

Definitely appreciate your advice, my man

BCA

My University is changing the title of the course that I am enrolled in from "Computer Networks and Cybersecurity" to "Cybersecurity Technology". I have the option of having either title on my degree. They said there is really no difference between them, just how it looks on the degree. Does anyone have any opinion about which one sounds better?

I don't think it really matters all that much as long as you have good grades and you understand the concepts taught and you're able to discuss them in an interview and a workplace environment

Does having a bachelor's matter much? Or do employers mostly look for skill?

It matters unfortunately... There is no down side to having it

University forces you through a bunch of useless stuff, but it gives you the skills you need much faster. Employers know that

I dont have university level courses meaning if I need a bachelor's I'm gonna have to do well in college and than transfer and take an extra year

Which sucks, also I know nothing about cyber security, I'm just getting started so if anyone can guide me to different specific career options that would be nice 🥺

You've got that on TryHackMe, just go through the Intro to CS pathway

When I tried doing it it said it's only for premium members and I cant pay that at the moment lul

You'll have to google it then unfortunately. It should be easy to find anyhow

Alrighty

I would recommend reading Tribe of Hackers . It gives good advice on how to progress and gain skills you'll need in cybersecurity. Also checking out and asking about certifications and other resources can help quite a lot

It teaches you skills you wouldn't have been aware of otherwise. I've been in SE for almost 5 years now, and there is almost no way I would have been able to understand or even comprehend the idea of a binary tree without my studies

If you have the ability, I would get it. Eventually, especially in the Technology field, you're going to more than likely need a bachelors, and then if you move into management/later in your Cybersecurity career, a masters

This advice is US centric btw

Do you think the name of the degree makes any difference? Like "Computer Networks and Cybersecurity" vs. "Cybersecurity Technology"?

It depends. I'd select the one closest to what the actual material is

Also take a look and see if other schools use one name or the other

It's both. I asked the question a little earlier here. #cyber-and-careers message

Name recognition makes things easier

What do you mean?

You said "they said". I'm saying you should look at the course material and make the determination

Everyone knows what a computer science degree is, that's name recognition.

Look around and see if schools are using the same names or similar to either of those titles

If you find a bunch of schools are using one over the other, it may be beneficial to chose that option for name recognition

It seems to me that a lot more colleges go with the first title, "Computer Networks and Cybersecurity". Two of the courses were designed to prepare for the Network +, and part of the CCNA, respectively, so I guess that's why it was called "Computer Networks and Cybersecurity".

I don't know why they are changing it to a less popular name.

If it's because they feel the degree doesn't focus enough on networking, or if it's because they wanted to add the word "technology".

I think juun said this before but Computer Science is a branch of applied mathematics, and should be treated as such. I wouldn't call it "useless", because it really isn't if done correctly. The culture of whiteboard questions sucks but learning the fundamental stuff like data structures and algorithms makes you a better problem solver.

There's a bigger discussion to be had but a university is an academic environment, which occasionally has conflicting goals with people looking to become software engineers or similar roles.

At least, that's my 2 cents coming from someone who isn't out of college yet

What math, and by extension comp sci, really teach is problem solving. And there is a disconnect between academia and workplace skillsets, but that's primarily in the reporting and demonstration of solutions.
The biggest difference is the primary focus as the same discipline is applied to these two discrete areas: One area is concerned with advancing human knowledge, the other is concerned with solving a problem to make money.

It's just too broad in my opinion. In my country, for SE, you have to go through basic physics and electronics, which is just pointless. On top of that, focus on hardware is absolutely insane, to the level of knowing how to build a simple PC by going to the store and buying resistors and transistors to writing your own OS. It's cool, but it's too broad and useless for almost everyone

oh

That feels more like a computer engineering major