#cyber-and-careers

hi

guys i have one question

Whats up?

What's your question?

thanks man they already answerd my question❤️

Hey everyone! Is this pathway helpful for taking PenTest+?
I'm new but I want to get good with learning anything related to cyber.

CompTia?

Hello Everyone! Just have a question, How to get an entry level cyber job as I have prior experience in different domain of Technology?

What's your prior experience?

Everyone's pathway is different but you're probably going to want to get Sec+. Then start applying for jobs that fit your specific skillset.

Hey !! I want to know that which will be more valuabe degree after 12 BTECH or BCA for Cyber security field.

Yes!

I'm in the same boat. I started learning on THM and after 2 months I actually got invited for interview to Intern and Jr Pen Tester positions. I'm still waiting on results but I'm optimistic

No certs, no college. Just start applying ASAP

Comptia Pentest path on THM will help you, if you complete the path you'll even get a 10% discount code (Not sure what the discount code is applied)

I think it's fixed now if that's what you're not sure about

No, I wasn't sure if it was applied to just an exam ticket or something else.

Ah, yeah, I think it's just the exam voucher

guys, maybe you will know, what is the name of cert where you dont use any exploits and all is based on misconfiguration, it was 4 letters starting with C

if someone would be so kind to tell

az-900 is very easy, dont waste too much time on it

I'm planning to take it in the next two weeks. Then work on finishing up my Sec+ notes

you plan also az-104 afterwards?

I've never heard of az-104. What does it cover?

its harder than az900 and its basically administrator exam

az-104 is a great cert if looking to get a job working with Azure

az-900 covers the basics of what is cloud, what are some high level topics with Azure but its not a technical exam

its basically vocabulary

az900

but az104 is how stuff works

Hey you all! I really want to go into cybersecurity, but I have no prior IT experience. I understand without experience I would have to do an entry level job, which I’m fine with that. I currently have the A+, network+, security+, and working on the CCNA. What type of jobs would I be able to get this those certs. I have been looking at job postings and they all seem to want experience even for entry level. I’m working on getting a home lab going, and attach it to my LinkedIn profile so hopefully that helps me in my job search. Any suggestions would be appreciated!

With those certs you should have no problems in getting at least a SOC level 1 job, without any experience, at least in my opinion. Complete your Linkedin profile and open it for opportunities search and follow the cyber industry and you should be able to find something relatively fast...
Add and follow people from the industry it helps making your profile more visible to other seekers

Thank you! I will work on getting more connections on my profile!

Gave +1 Rep to @peak wind

No worries, there is also an options that makes the profile visible and open for job opportunities, make sure that option is turned on also. And keep trying don't get discouraged you will find one in the end you are doing things right...

Don't pay too much attention to what the job requires. If you meet even 40% of what they are asking, send your CV. Worst thing that can happen is that you don't get the job.

All of my jobs have come when I expected to not even receive a response on my CV.

Thank you I will keep that in mind!

Gave +1 Rep to @glass zinc

Hi guys, I’m new here, for my whole life I have loved cybersecurity as a profession but I don’t know how to get about it, I will really appreciate if someone can father me. Thanks

you can #start-here and also you can find a group here #964299701581119538 of other people who are getting started also, you can team up and get on with it together....

What are the best certifications to get for a job in cybersecurity? e.g. CEH, CISA, CISSP

It's country dependent and what your overall goals are

What country are you from?

CEH is, thankfully, becoming less respected and not as requested unless you're in India

India still wants it

Sec+ is your baseline for Cybersecurity certifications. Do you have any professional experience? Certifications can only do so much without it.

@stoic cave I've applied to a lot of helpdesk positions but no one seems to be interested. All of them demand experience in their job description

How do you think we can gain valid experience?

Been going through something similar, every job requires 1 year to 3 years experience. Applied to over 60 jobs now and have only got to 2 interviews yet.

I'm not in this industry but I'm curious about the "experience" requirements I hear a lot about; do you have any work experience, like, do you have a job right now and just lack relevant experience? I admit I look for people with "experience" when hiring people for certain positions because I don't want to to have to teach someone how to simultaneously do their job and be a human being in a work environment for the first time. As long as you've done work with transferable skills I'm happy.

For help desk, I'd imagine they want any experience. It is hard to be someone's first employer

you might need to have your resume looked at, usually not getting interviews is either your resume or applying to the wrong jobs

I guessed that could've been a problem so I actually paid for a professional website to design my resume, which also has 9 months of internship experience just while I was studying, I was mainly applying to junior cyber security jobs.

if you want, I can look at your resume, it may be a few days, but if you dm it for me or even drop a sanitized copy here

Thanks, I'll see if I can dm you a copy, whole lot of much sensitive info.

Gave +1 Rep to @pseudo creek

Redact PII out of your resume and post it here. When I say professional experience I mean any jobs where you've had a W2 or a 1099, or your counties equivalent

Once you start looking for jobs in cyber, you're more than likely going to need professional experience in a computer domain. Level 1 helpdesk usually doesn't require experience, however, having any professional experience will help

i don't have any professional experience yet :/ i mean i have worked jobs before just not comp sci/IT related

the only place i've worked at is a warehouse and housekeeping lmao and some landscaping

i've just been doing a lot of THM lately and will be attempting my A+ this year

If they were legitimate jobs, that's professional experience.

i mean yea i was on a payroll

i'll send just a second

Transferable skills

Yep

@stoic cave sorry for the delay just had to make some edits

i tried to manipulate the description to be as relevant as it could be

oh fuck forgot to redact

one sec

im dum

also upload a picture not a file

no one wants to download stuff, especially in an infosec community

that's true again a dum thing

@stoic cave

I'd put scheduled end date of your degree

oh my gooooooooooooooood

it is bad

Ya know there is a tool that un-redacts.

i didnt zoom in

Don't fuzz. Block it out with solid blocks.

to check

i did that first

but i just

wait

yes i'll change that

@pine grove sorry iam wonky today i usually dont do this

Interests, why brackets? You're abusing brackets

I'd write them in a different voice too, rather than first person

That's a style choice

i just used a template editor. I'll change that

flowcv

^

It's a nightmare to print that format

It stands out, but it also burns through ink

It's rare to print, but often orgs will do it to go through it with you

yes that makes sense. I'll edit that

Alright, Ill go from top to bottom.
-I dont like the color or the format. Look at something like AwesomeCV, or another LaTeX template, to organize your resume in a single column.
-Education at the top is fine and preferred with less experience
-I don't think a resume should have "interests". It should revolve around things that you have done, personal projects and a homelab are good examples

• I don't like the profile either, however, some people on here do
  -skills should be made into a major category with a few sub-categories. These sub categories should be separated into Certifications, Software, Technical, Programming. Only put spoken languages under skills if the job asks for it.
  -Languages section should be absorbed by skills or removed. Also, don't put stars or anything to "rate" yourself. Rating scales change per company and even per person. Your two may be their four.
  -Experience section looks decent. I think you have too many bullets though. Try to keep it a 3-4 max and make the bullets relevant to the job/industry you're applying to. As James said, transferrable skills are important.
  -Make a projects section. Put one big school project and then a personal project or something similar. It will make a good talking point during interviews and show your interest.

appreciate it a lot ! I'll revamp the whole thing

thank you for the tip as well even if i didn't ask hehe

Gave +1 Rep to @stoic cave

Lots of people like flowcv.io for building a resume. One thing for your skills is you should keep to skills that can be measured, if everyone could, they'd list things like team player (or maybe everyone). So I'd nix communication, team player, attention to detail, time management and organized

@pseudo creek hmm although i see your point I still wanna convey that I have attained those skills through my other jobs. Will that just be through the job descriptions in my resume?

because I've seen a few samples and it was listed under skills

I agree with zojja

"communication, team player, attention to detail" aren't skills. They are employer expectations. Basic things they anyone should have entering the workforce. They are not things to be touted in a resume, but instead made apparent during an interview. Your skillset is a measurable, demonstrable showing of your experience. "I have experience with Python, here are some of my coding examples" and then link to your portfolio.

The questions you get asked in your interview are often related to your ability to work with others, or a time you have to be a team player. You can talk to those, you shouldnt waste valuable resume real estate by saying you are a team player.

@boreal zephyr I understand. Thank you for the explanation !

Gave +1 Rep to @boreal zephyr

Communication: Basic thing anyone should have!

if i was looking at a cv and saw things like “communication, team player” etc, i would know they’re using it as cv filler

Hi all. I'm currently working in infrastructure maintenance completely separate from the IT world (electrical technician) and have been for the past 15 years. I really fancy a career change and I like playing around with computers in my spare time (I use Manjaro and have created my own bash scripts, etc.) Has anyone here done a career change into this field? Or do you have any advice? Try Hack Me is obviously one thing I'm going to do, also considering CompTIA A+ too

Hi everyone, I am a CS and Math bachelor and currently a junior backend developer.I was wondering if I should apply to Cyber security masters and if the salary afterwards will match or be higher than the one of a backend developer(ASP, Laravel) or if I should continue following footsteps of, how would I call it web dev/software engineering/developing CS.
I really enjoy the theme that the Cyber security offers but I also have to consider job opportunities and everything else that comes afterwards.
Thank you in forward for advice 🙂

well if you enjoy always learning of new things and constantly reading about stuff in security or programming even on your free time both are really good career options

programmers is slightly more needed in at least sweden shadow has seen but there is probably plenty of jobs in both

Don't do a masters in cyber

Don't do a masters until it will further your career.

I see, it is really a tough decision but I will note this and consider it properly so I don't end up messing up my choice.From my research It really tends to be much harder to find universities that offer masters in Cyber security, that seems a bit unusual to me considering the field itself is really really important but also from my working experience side, small/medium companies dont required Cyber sec engineers because QA testers and programmers themselves know enough not to make drastic security issues.
That makes me wonder, is this field specifically required by big companies(Excluding system administrators) and are full time jobs hard to find?
Do people hire Cyber sec engineers only if it's necessarry after the project is done?

So do you mean not do Masters in cyber anytime?

And to do different master after I go further into my career

I am kind of confused

I mean, that's a decision for you

But I don't recommend doing a masters until it's going to further your career. In your early career, a masters will price you out of jobs. You'll be overqualified and find it even harder to get work.

What I also fear is that Cyber sec engineers are only scouted by employers if they are really experts at the field unlike programmers who are scouted at the beggining of their careers to be taught gradually

It's true that Networking matters, but there's lots of trainee programs too.

I see, that is a good advice that I haven't heard before but really makes me think deeper about the decision

Cyber security engineer is a pretty broad title.

Oh well I am honestly kind of blindly going into t

it*

I only know some concepts which are cool

Pentesting seems interesting

Well I suppose that is the main part of this right?

Could you maybe give me some sort of a job experience explanation( I only know of System administrator)

What else could be done

But as a full time job

I'd honestly avoid making decisions about what you want to be until you're familiar with the field

I see, fair enough.It really is hard to decide

Once you've learnt about the field and what you like, you can make better decisions about what you want to do

I kind of dislike web dev that I am doing currently so I thought finding something new as this would be interesting

I will most definitely try that before deciding

Quite cool that this exists

But will also take into consideration your advices about further working experiences

So yeah

Thanks a bunch people

Means a lot

👍🏻

I have a question about one of the answers to a question in THM. Windows Fundamental 2 the hidden share is named without a $ at the end of the name, I thought a hidden share required a $, is this correct?

#room-hints but yes

So who would correct this?

#room-bugs

Thank you I posted my question there.

Gave +1 Rep to @quick forum

Is it common in Cyber security positions, that companies offer their employees an option to work remotely from home?

Quite.

hello

Was it like that also before pandemic or is it a trend that spiked due to pandemic?

No idea, haven't been here that long

I’m the US, it wasn’t uncommon. I worked from home before the pandemic and know others who did as well

Guys, do you think with THM practice and Security+ Cert I'll be able to land Security Analyst position?

Do you have any professional experience?

well currently I am technical support for cable techs

I'm working with resi and biz

I can't give you a guarantee but SOC I roles may be within reach

With biz customers I script modem/routers for static IPs and working with firewalls sometimes

Seeing that you have taken the time to type out what you have, I felt compelled to give you a reply. Here's the two cents of a random THM member:

• (Feel free to ignore this part if you want to save yourself from the ramblings of an old dude.) Choose a career in cyber security not because of what others say but because you want to. Look into what you will have to do down the line and try a little of what you're expected to do and know through TryHackMe or any other site. When choosing a career, put your hand on your chest and ask yourself:
  Are you doing it for the money or because you like it? There's no right answer to this question but it will help you determine if your intended career choice is the right one for you.

1. I'm no expert or in any way knowledgeable about ADHD, but I do believe that if you have the genuine will to learn and determination to claw your way up to greater heights, you can overcome this obstacle. (Heck, you have a job that you can say pays well.)

2. I feel you mate. That was how I felt when I was 17 years of age. I'm currently 26, and I'm in the process of making a career change into the IT industry. I have a background in a completely different field and it's a far cry from what I aim to do now. After having invested a whole lot of time and money into my initial career, saying that I felt or still feel intimidated and have a whole lot of self-doubt is an understatement in making this change. I'm starting completely fresh at 26. (Not exactly old but you get my drift.)

3. Self-learning isn't for everyone, so if you find that it works out for you, that's great. As for whether you should take the chance to enroll into university to get that degree, ask yourself this:
   Do you have sufficient funds to tide you over for AT LEAST 3 years, preferably 4, without any income? If yes, I don't see why not. You don't lose out too much since there are courses in university that equip you with the fundamentals that you need. You'll also get the chance to make some potentially valuable contacts that may help you out down the line.
   You already have a job, so you've already proven to yourself that you can get one (not cybersec related) without a degree. As for whether a degree is required to pursue a career in cyber security, I would say it depends. The requirements for each company isn't necessarily the same. You'll need to do your own research for this. Look through job postings for cyber security roles and what they list for their education requirements.

4. If that degree is accredited and recognized in your own country, it shouldn't be an issue. From what little I know, countries and companies who hire globally don't really care all that much about what university you're from. As long as it is accredited (there are companies that do look out for this so just keep that in mind) and you can prove that you know your stuff, you'll get your foot in the door.

5. Based on the advice that I've read from the veterans of this group in this channel, save getting a masters for later as it will "overprice / overqualify" you out of most entry level cyber security jobs.

6. If you're moving to a different country, then refer back to point number 3 and 4. That will help you decide.

7. Everyone will end up procrastinating at some point. Heck, I do. As for whether how often you'd end up procrastinating, that's entirely dependent on you. If you procrastinate a whole lot, even going into university wouldn't help. Don't let this comment of mine put you down. No matter who decides to enroll into a university or otherwise, how far they go is almost always dependent on their own efforts.

8. You might want to refer to the "ramblings of an old dude" at the top of this long list.

@stoic cave

do you mind going over this once ?

this is a little clearer

Seeing as you're going for something that isn't gardening or hotel attendant, I would focus on transferable and soft skills in the bullets there

does anyone know of a good cyber grc (governance, risk, compliance) focused discord server

looking for some place more grc focused for knowledge sharing/careers questions/learning qs etc.

how many bullet points do you suggest for the gardening job

¯\_(ツ)_/¯

Quality over quantity, content over count

gotcha

thanks !

anything else that might need a change?

@quick forum

Probably, but I'm currently cooking dinner

Does it roll over to a second page?

nope

i tried to keep it to 1

people told me thats what employers like

The margin at the bottom is screwy

it did go down to 2 but i adjusted it to 1

That skills section is... Weird.

as in format or content? @quick forum

Yes.

both of them?

So your current and past jobs should really be used to emphasize aspects that may be transferrable, and don't be afraid to minimize jobs that aren't related.... like an example of your current job, I'd say something such as "Worked with customers to ensure their landscaping needs were met" and then I'd leave it as that (or some similar wording)

Similar to your past jobs, possibly 1 sentence blurbs will be enough

Your skills section is weird... don't put text editors, no one cares... but also you put those as your skills but then your Home Lab has a ton of stuff. I'd develop your skills section a bit, minimize your experience section

Hi everyone, just got my first infosec job as a junior IT Security Administrator 🎉🎉. Posting this for motivational purposes because almost a year ago I knew nothing about cybersecurity but got introduced to THM from a friend’s post on LinkedIn and btw I still don’t have any infosec certification. It’s in my plan for the future but the aim of this post is for those who probably think it’s impossible to land that first role in infosec without a certification. You can learn almost any cyber stuff on THM, so don’t give up 👏🏾. P.S: this is not a promotional post 😌

Congratulations 🎉🥳. I'm really so happy for you 🥰.

And I needed that. I just got into cybersecurity.

What’s the best entry job

the one that will hire you

Pretty vague answer but that’s understandable since my question was pretty vague also but the position I’m really looking for is a security analysis and I was wondering what is the best entry for that since the ones that I looked up around my area had terrible reviews

it also depends what experience you have, for entry level, its good to get your foot in the door, get experience, then get a better job

I have zero working experience the most I have is building and mess around with phones on my spare time. Don’t get me wrong I understand where you coming from in terms of experience i just wanna know where to find a great entry job for me to build growth

generally if you have 0 experience, IT help desk is a great place to start, also junior system admin/junior network admin and SOC analyst

is it recommended to do crtp > crto
or crto >crtp? i heard mixed opinions

Linkedle👍🏾thx

Appreciate it

Anybody know any decent job boards for cyber sec specifically? Currently a Cyber Intelligence Analyst and need a switch up. I’ve been applying via LinkedIn, Indeed, Zip-recruiter but no luck. Canadian citizen here so if anybody has any advice, please reach out and let me know!!

Thanks a lot

Gave +1 Rep to @hollow swift

What also helped me was I got into bug bounty too so I got some practice in and got my first CVE. I’m more hands on so I learn better by practice. Might not work for everyone but that’s what helped me

Need some input,

I'm getting ready to finish my google it cert and then plan on enrolling into a cyber security degree plan bachelors. I have been gaming/building computers since 2009. US army veteran all of that nonsense anyways , As I've researched i see alot of these jobs require experience. What is the best thing to do to accumulate verifiable experience for employers? Should I start out as help desk while im in school ? I really enjoy the pen testing courses on tryhackme so I feel that route will be my best option when it comes to being invested with a passion. Just trying to figure out this whole IT field coming from truck driving. I also have very little experience with lua,js,css,C#

thanks ! I'll make these changes

Gave +1 Rep to @pseudo creek

@pseudo creek how does this look

i also have a THM cert for pentesting that i will be finishing soon

i'll also do a basic IT cert

I wouldn't put certificates on the resume. Certificates are not certifications. Certificates don't verify that you actually know the material whereas certifications do.

Is your security clearance still active?

so i can put something like the A+?

Yes

ok

That's a certification

so THM just for the skills and kowledge

If it's in an extracurricular category sure

It's not experience or anything like that

because I talked to a guy who works as a pentester and he said during his interview he mentioned doing THM labs and that might have helped him in some ways ( to land the job )

yea that's true

Mentioning in an interview does not mean that you put it on the resume necessarily

fair enough

@stoic cave so does the google IT cert mean anything?

Is it a certification or a certificate

Don't list things you can't explain in depth. If you cannot set up a VPN service, or a DNS server, or a very in-depth DHCP server, do not list them.

You need to look at what HR wants

That's very very different than listing 'THM CTF player or something' under work experience. It's not something you got compensated for, don't list it.

1099 or W2 is a good metric for whether it goes in the experience section

That's US specific, other countries have different employment forms

That's awesome! Congrats!

fair enough. Once i get my A+ done i should have a better understanding of these technologies so maybe I can include it then. I'll also have some credibility for it ig if i get the cert

gotcha won't be listing it

A+ doesn't really cover any of those in-depth enough.

hmm i just wanna go for helpdesk roles at the moment. Do i just focus on troubleshooting skills then?

Yes.

A+ is pretty much a help desk cert.

yes i've seen a ton of job descriptions that need or consider A+ as an asset

yes

Do you have any certifications that satisfy DOD 8570?

not yet, the degree plan im going for gives me over 14 certs some listed here.

That seems like a lot

Have you verified the reputation of the degree program?

not really sure what you mean by that, first time going to school 😄

I know its an approved school and program through the va

which has strict guidelines

Unfortunately, some schools don't have the best reputation with their degree programs even if they are on the approved list. There have been instances of colleges taking advantage of the VA/GI loans

What’s the best way of finding this out

Looking at schools reputation, course content, etc

If you're in a FB group with your old Company ask around

If you're up for a little OSINT, go on LinkedIn and find others from your old Batt and filter them by their current occupation. See how they got to where they are now

14 certs just seems like a way to drag you in imo

Good idea thank you

Given that you have a clearance, all you really need is Sec+, which satisfies IAT I & II as well as IAM I, and a degree or professional experience

You could more than likely get in on a classified helpdesk as a L1 Tech with Sec+

Maybe add a networking cert too like CCNA

Once you get some work experience, which degree from which college really doesn't matter much. Lots of former military like WGU because you can test out of lots of stuff. Not sure if it is WGU you are talking about, but it will be fine if you are.

There is a diminishing returns and even a sort of bell curve when it comes to certs. I find 2-5 relevant technical certs are a sweet spot. After that number, it starts to be come suspect especially for certs obtained in a short period of time. Did you really learn anything? know anything? and if you are doing a program that encourages/works to get you certs? Are they actually teaching you the subject or teaching you how to pass the test? You might need to just tailor your resume, leave out certs and focus on the certs that are most relevant for the position.

Yes that’s the school I’m looking at!! Thank you

Gave +1 Rep to @pseudo creek

Hi, so uhm I have no professional (jobs but do a lot of projects and stuff) experience in tech rn. But I was really looking to get into computer forensics. What kind of experience should I look for? Or just start at help desk and work up? Or even try to switch to help desk for the state since I’m currently working for them(snap and ebt processing) and it’s easier internally than externally?. And what kind of projects should I put in my resume to help me stand out for either one. Oops that’s kind of long my bad

Now I'm curious, WGU is an all online school correct? I was thinking about attending them for a bachelors degree but my brother steered me away. He said the government typically doesn't like degrees from online universities. As long as the school is accredited, does it really matter?

I just double checked with him, he mentioned the same thing but added both public and private sectors are skeptical of online schools. He mentioned that these schools scam vets because they know they can steal the GI bill and not offer a real education. Point being @twin crescent , if you are a vet, please thoroughly research which school you wish to attend. I would hate to see your GI bill go to waste.

WGU is decently respected

Interesting. I guess I'll have to do some more research on it myself.

You can’t just jump into their programs, I did the google it cert on Coursera to get admitted. The problem with the school is it’s self paced. The longer you take, the more they get paid

the government should be fine, I would not go WGU if you have no work experience at all, but its fine if you do.

lots of vets have gone to WGU, its very very popular with veterans

WGU is popular because it is self-paced and is regionally accredited. You can get several industry certs while taking classes.

There isn't anything inherently wrong with WGU, but it isn't a traditional online college.

hello, what IT job has a lot to do with Defensive Security, I like to look for something challenging and not just always the same, think of something in the military

Not really sure what you're asking for?

Do you want a job in the military?

Hello everyone.
Does anyone know of any Cybersecurity apprenticeship that is open for people in Europe?
I have only been seeing those open for US only.

Threat Hunter. Incident Responder.

Is there any list of remote jobs related with cyber somewhere ? I made the offensive pentesting course, and worked for 2 years with many technologies, so I have an odd background. But I'd be interested in try to join a team somewhere.

Which offensive pentesting course did you create? What other professional experience do you have?

Cyber has plenty of remote opportunities

Sorry, I've completed the course here, that was what I've meant.

And I did a bit of everything. Full stack development with psql and redis, devops (kubernetes + docker), made policies in amazon, used S3, created some backup systems, did some of blockchain and rust

You've done these in a professional setting or on your own?

Professional, I was in a small startup company and I've ended up covering almost all roles at some point, with the guidance of people who were more senior than me.

Software big enough to have a couple of million users

But not as big as to need more than one DB

That would be great! If you know anywhere where I can look for them it would be helpful

LinkedIn and Indeed

I didn't know about Indeed, will try to look there. Thanks

Gave +1 Rep to @stoic cave

Have an interview for Application System Analyst

not sure what programming language they use.

I don't have any coding experience/data base experience. Just took my shot and reading some basic SQL

not sure if it'll help, any advice? :0

"At least 2 years of professional application system analyst experience
Experience with KCS (Knowledge Centered Service) or similar framework supporting the IT knowledge database"

An application systems analyst is someone who designs and engineers application systems and processes around them. It could be designing and building a core/complex application, maintaining a large/core application/system and you would need to be an experienced developer. What other IT skills do you have?
https://www.floridatechonline.com/blog/information-technology/application-systems-analyst-career-and-salary-profile/

thanks 🥺

Gave +1 Rep to @rugged delta

i’d definitely be entry level in terms of applications design and engineer

but i bring 2 years of experience as service desk technician /IT help desk and i’d say i’m very technical and quick learner and hope they’ll be willing to take me in

i’m reading a lot about the job and would love to start learning which language they want but they didn’t specify which language they use on the job description

i know there’s so many….

Well an interview is an opportunity for you to ask questions about the role and organistation yourself so don't be afraid to ask

Never thought of this that way .

I feel like an internship should at least cover fuel costs. Make it easier to get there would make you feel valued a lot more.

You shouldn't take an unpaid internship, ever. It devalues you as a human and isn't beneficial in the long run.

I'll take that into account, and I agree. thank you

Gave +1 Rep to @stoic cave

Very few jobs pay your travel costs, but yeah, don't take an unpaid internship

Traveling to the job from where live, yes. Traveling for the job, they better be paying you.

What if it's work from home and you currently have no other source of industrial experience

are you asking if you can get a wfh position without any professional experience?

No

do we have a channel for jing of the hill challenges??

#koth

Has anyone taken the OSCP since the format change earlier this year? If so, would someone be willing to have a brief discussion?

Is there a reason that discuss can't happen here in the public channel?

You'll get more interaction and you're more likely to get an answer if you aso your questions directly

not particularly. just didn't wanna flood the channel, as it was likely to be more of an open discussion.

That's absolutely ideal for here then

Okay, let me re-phrase the question then 😛

Anyone who's taken the OSCP since the format change, are you able to share your experiences? Things you wished you would've studied before going, or some of your do's / don'ts you'd go back and tell your past self?

I bought the course before the change, and had the exam format change before I could take the exam. I've got CSTM instead so I'm not taking oscp as it won't give me a payrise etc but I'd recommend doing all the exercises etc and making heavy use of your lab time

What's the difference between OSCP and the CSTM?

Cstm is UK only

ah. i see.

Totally different really, only common ground is it's a pentest cert

Gotcha, thank you for the info! 🙂

Hey friends. I'm having a hard time catching a break on getting an interview as a SOC analyst or anything else in the security field. Anyone got a few mins to potentially listen to where I'm at and tell me if I'm on the right path?

It would probably be best if you asked your questions in here. That way you get multiple perspectives.

MS in Comp Sci from 2018, resume, projects, and other portfolios listed here https://willmaxcy.com, I've been applying to security analyst, soc analyst, security engineer, etc. positions. eight days ago I passed the Sec+, so I'm still waiting on hearing back from a few new applications. Would love to hear some feedback, criticisms, or any advice. Thanks!

MS will be part of it

Masters of Science is bad?

If you're starting out, generally. It prices you out of entry level positions.

You'll also get more of a response if you post a redacted image of your resume. People don't like to click links or download files.

Also I mentioned in my summary that I'm looking for an entry level position. How do they know if I'm priced out because I haven't even gotten to that stage of the interview yet lol? is there anything that I can do in order to fix this?

SOC Analyst 1 is going to be way below your skillset. I'm not surprised you aren't getting a callback for that. Log analysis is super boring, unless you are the one developing the algorithms for heuristics and aggregation of events. You will likely have better look getting into devsecops or architecture role

@flat sedge Do you think the problem could be my gap? I've been told before that the gap between graduating and getting an infosec job is part of the problem. Also, I have 0 experience in infosec as a career. I know some places don't seem to mind about that as long as you show up with the skills and knowledge, but a lot of these "entry level" jobs require 1-2 years of experience on the application. I'm having a hard time finding listings that don't require that.

also, thanks for helping out yall. for real. been going crazy wondering why i'm not getting call backs. i feel like the stinky kid

Could be. If you currently work in IT, you can leverage your current position to at least learn about what your current orgs security team does. That can be a way to work into security without having to change orgs.

im currently bartending lol

Yeah, you need to go get some more recent experience working in IT. Maybe you can jump into a dev role, or admin role depending on how much infra you know

that's why im applying to soc roles lol. should i switch to sys admin?

it's very rare to jump into security with zero it experience; it's possible, but rare. What's really holding you back is that you need some entry level experience that is security adjacent, and your MS prices you out of those roles.

The overqualified card is usually pulled to avoid turnover (the fear of the employer that the candidate will get bored and will job reposition very quickly after 6 months).

Well what would you do if you were in my situation is what i guess I'm actually asking

Get into IT, gain platform experience and skill, build expertise in 1 or more fields, transition to the security-related side of this in 3-5 years.

Thanks @distant pier ! Would you go into system admin stuff or help desk or what? What would be something that I'm not overqualified for if that's a problem?

Gave +1 Rep to @distant pier

Grab job position descriptions in the category of work what you're interested in, and compare the requirements for multiple levels (junior, regular, senior roles), and see which requirement list aligns with your resume.

thanks @distant pier

Gave +1 Rep to @distant pier

@mellow ledge shoot for the jobs with 1-2 years experience. Just be open about not having it and apply anyway. Since you have an MS, your going to have to explain why you want an entry level job. I wonder why you want an entry level position as an SOC analyst. As long as you’ll take the pay and don’t mind explaining yourself you should have a hard time finding work

Shouldn’t*

@boreal zephyr Trust me, if I could get an mid level job I would take it. I went MS route because my undergrad was Psychology and it was easier for me to get an MS than it would be to go back and get a BS. I have one internship turned part time job for experience. I think that people value experience over education when it comes to hiring now, which I honestly agree with. Also, I would like to be SOC because eventually I would like to be a penetration tester, which I know I could do without SOC experience, but I feel like the best way to actually understand how enterprise security works. If i'm misguided in this thinking please let me know

Hey guys I'm new here I started THM few days ago now my questions is...to find a job in cybersecurity what are the necessary certificates do I need to have pls or any successful person that got a job should tell me pls

Is this a good course on software testing

honestly you can't tell from an outline like that, try to find people who have taken it

it all depends on your area, look at job listings in your area and you'll see what they are asking for. Generally they will ask for certifications.

If you want access to the jobs board here, you can verify your recruiter status with @tacit bobcat ! In the meantime, please don't post job adverts

Thanks for the notification!

Gave +1 Rep to @flat sedge

Hey today I have a job interview a couple cities over for an IT company. It's the largest in the whole city and has the best reviews.

I've had 2 internships at another computer place in town and I learned a lot and had very high marks for all my evaluations. The shop couldn't afford an extra employee so I've been applying elsewhere since my internship ended. I've got to ride the bus for a couple hours but luckily it's right across the street from the cities transit center

So the problem is, I'm only 17 years old but I really need a job. I've applied EVERYWHERE and I've always received declination emails/messages. This is the first job to answer back with an interview in 2 whole months. I'm pretty nervous about the whole interview thing as I haven't had a legitimate IT-based interview yet.

A bit of context for the company: They're an MSP for multiple companies and do lots of on-site work. I've already spoke with the boss for about half an hour over the phone and he says he personally doesn't care what my age is. I'll be doing lots of Bench Technician work and configuring networks.

My question is.. anyone here been in the same boat? Do you have any tips for me?
What can I expect from this interview?

i hope the boss confirmed the “doesn’t care what my age is” with legal

Well they've got a minor work permit which allows me to work there. Unfortunately in my state the laws say that bosses don't need any reason to fire you and could do it on the spot. Meaning he could literally hire me for a week and take back what he says, but hopefully that's not the case 😃

Apologies if this is a silly question. Right now I'm studying for my CREST CPSA qualification, which I will then use to study for CREST CRT and then get that qualification. Could it be worth applying for jobs right now with this information I have learnt across the time, along side the knowledge I have gained both THM and other similar websites by doing a good number of hours on them?

CyberScheme Team Member

Satisfies check for much less work

Interesting, I'll look into it. Is it similar to the content of the crest exams

I can't speak for crest, but I can say it's not that difficult

Syllabus makes it look a lot worse than it is

Ah ok, tysm really appreciate your assistance and guidance

Personally I dont have the experience to confirm or not what you are saying. But my colleagues are saying the same thing. I started recently my first job in IT(generally speaking) a SOC L1. Everyone say that the experience you gain os valuable at practical level and for the cv. And they all reccommend to take some certificates to change role within cyber security field, along with experience. So you seem to have a good point of view 😉

Hello All,
I am in my starting phase of hacking and a lawyer by profession. I have recently obtained an oppurtunity in the domain of cyber sec (it audits, data privacy assessments). I want to understand what all possibilities lie ahead?

Hey! I am currently looking for a job in IS or cybersecurity. I have some experience and would love to be a junior associate or an intern. If anyone has any connections I’d love to talk.

Oh man idk what you’re interested in but if you want to make insane money as a lawyer and you don’t care about being on the technical side, I would look into becoming an Executive Cyber Claims Specialist. A lawyer on the insurance side of cyber is 💰

You are doing it great! I hope you got the job/role 🙂

Thank you 😄 the first interview went pretty well, I've got a second interview tomorrow with another employee. I appreciate the words!

Gave +1 Rep to @cobalt knoll

Idk if this is a dumb question or not, but how common are part time jobs in cyber security? Say, would you be able to easily find a weekend only job role in cybersec to keep active in that career while you simultaneously go back to uni or something during the week? And would these part time/weekend only jobs only come with lower entry level cyber roles? Or could you find them higher up too if you had been working 5-10 years in cyber and then decided to want to work part time and go back to uni?

At smaller companies, I know a few people

I worked part time for 10mo while finishing my degree, and we're looking at grabbing another student part time now that I'm full time

Oh okay, cool. May I ask what your role title was/what you were doing and how you managed to get that job? Was it more of a carried on employment from an internship or something? Also, which country is this?

Sorry for all the questions :)

Penetration testing

It was sort of trainee but it was just while I finished my degree

I managed to get it through networking, specifically one of my university lecturers

I went full time once I'd finished my exams etc, just before I graduated

Any one with an opportunity for me please?
I am in search of a place to Intern as a Cybersecurity Analyst.
I am residing in Ontario,Canada.

Interesting, thanks for answering my qiestions

Where have you learned, if not a secret?

Hire me full time

I've been a security analyst for 3 years nad have a degree in cybersecurity

depends on a lot of other factors but sure yes, and you are referring to a degree on what, cyber degree or a degree in general?

Why would i get offended, there is no reason for that 🙂

Well i don't know your exact situation but i guess that if you have a laptop or a pc, some general knowledge and practice in cyber security or IT in general, you can start a linkedin profile and try to search for a junior or entry level IT Support role.

But it depends on a lot of factors and the problem is that companies, recruiters in general search for background experience, look at your education history and a college degree in any domain would boost up your chances in getting a job, regardless of the domain.

There is a #jobs-board channel here in this discord server also, don't know exactly how much success people have with it but i guess it couldn't hurt to take a look there from time to time...

Other than that there were some specific sites for cyber jobs but can't remember them exactly but i'm sure you can easily find them by searching google "cyber security jobs portal" or something like that.

And also i guess that depending on the country you are leaving in, a lot of them like the one i am in also, have their specific job portal sites, but idk exactly how things work where you are living...

No worries and good luck

Hello guys ! I'm completely new to this world and i love it. I'm currently in law school (Master degree) and i'm planning to do a 180° career choice, going into cybersecurity. Is it mandatory to get school background to get employed ? I heard personnal project and certification plays a lot, which one should i aim for ? Thanks !

A Masters in Law would play well in the cybersec arena, there are plenty of cybersec law positions, if you choose to maintain that. You would have to become technially proficient in the technologies you deal in to a certain extent. Or you can pivot completely and work a technical or managerial position.

It isn't mandatory to get a school background for a lot of cybersec positions but you would need to be able to demonstrate proficiency with some level of networking or systems engineering or ciding/scripting and improve on it as you progress, depending where you want to go.

Personal projects like learning in an environment like THM and progressing through things will help a lot, as well as the books and other resources you use. certifications can be a major help too. You can learn a lot of the basics on THM but you are encouraged to use all the resources out there.

There's a bunch of channels on this Discord to help, like the rooms for the recent releases, learning paths, the #bookclub and lots more

Try the tribe of Hackers books by Marcus Carey to read about some of the ways people found their way into a cybersec career
https://www.amazon.com/Marcus-J-Carey/e/B07MFWJPGV

Also,

#start-here

@rugged delta Thanks a lot for your detailed answer, really appreciate it ! i've already tought about combining law+cyber and i don't close the door about it, but i'll prefer do a technical position as pentester for example. I'll definitely stay on THM and grind on my side, gathering much information as i can in the field in cybersec, will finishing my studies in law. Thanks again !

Gave +1 Rep to @rugged delta

thanks for the books, exactly what i needed !

Do feel free to ask in here about anything. The community is very helpful, especially for enthusiastic people

i saw that and it's really nice, from what i saw the community is insanely kind yes. changing a whole career after finishing school is definitely one of the most decisive choice i'll make, deep inside i feel this is my field and i wanna try the switch, people who help like you are making me think that's the way. Ty again

Your background ought to point you to a GRC role, which is absolutely essential to a well-running organization.

Cyber lawyer roles are broadening in scope past GRC but yes that's very important too. This is a good article on that:
https://lawrina.com/blog/becoming-a-cybersecurity-lawyer/

The American Bar Association has some good advice, including pursuing IT training. They advise you to pursue CompTIA certs (really useful for entering a lot of fields) and then straight away recommend SANS, quite possibly the highest quality cybersec training but it is incredibly pricey. There are other substantive and financially viable alternatives, such as ISC2 and the SSCP/CCSP/CISSP, Offensive Security's certs, including the highly sought OSCP and others like ISACA's CISM and CISA.
https://www.americanbar.org/groups/litigation/committees/minority-trial-lawyer/practice/2018/how-to-become-a-cybersecurity-lawyer/

I wouldn't say that cyber law is beyond GRC; every place I've worked, legal dept has had a very close relationship to security. There is a very significant crossover

Thanks for the suggestion ! It seems that some point in law studies can be implemented in GRC, but from what i understood in job offer is more close to managerial/business approach (i may be wrong !) with a high level in cybersec

Gave +1 Rep to @flat sedge

Having a legal background is a HUGE benefit to writing corporate policy; often, it is the CISO who writes the policy, but the lawyers certainly have a say in that.

that's gold, i'm looking what certs are the best to start and have a strong base, seems that OSCP is THE must have in many fields

Legal departments also have a very large say in how other departments are run, as well. Understanding how to write a good policy is built on governance and policy that has been hugely successful elsewhere - which is usually the public service sector

Nope. OSCP is a mid-level overall security cert, but it is considered entry level for penetration testing. Unless you are actively targeting a pentesting career, it is not a broadly applicable cert.

oops, i saw that the name cameback a lot so i tought it was like the basics, mb

OSCP requires a pretty strong understanding of the business drivers of why pentesting is done. If you are looking for more broadly applicable entry level security certs, Sec+ and CCNA are very good.

I would also say that RHCSA is a good start to understanding how basic linux stuff is done, but it's not really security focused; after getting RHCSA, the next 'security' related thing would be understanding topics like hardening and security policy monitoring

Thanks for the certs, + i saw the pinned message with some certs and their recognitions, i'll have to determine precisely in which field i want to work in before passing cert

Gave +1 Rep to @flat sedge

I've heard good things about Linux+ as well, but my job insisted on RHCSA

Sec+ and CISSP are hugely broad and in demand; CISSP is more intended for senior engineers and managers but there's a reason is widely asked for.

The entire reason pentesting is done is for the report - if the report is not actionable, it's not worth anything to do the work.

Yeah RHCSA is a good Linux cert to pursue. They expect you to already understand the majority of Linux+ content at that level and Red Hat certs are the most widely recognised in the Linux field

Right, but understanding the goals are the report are the most important aspect of writing the report. If the tester writes the report for a PCI perspective, but the actual environment is very different, it will have limited value. When I say 'understand the business driver for pentest', what I mean is 'understand the objective that the organization wants out of the report.'

Whether that is OffSec grading scripts and proctors or a CISO and the DO, the first objective from the tester standpoint is to understand what the audience wants.

It's not that close to a real report

I'll agree to that

guys I am new to this field
can anyone give a road map of how to start out

any help would be appreciated

#start-here

Has anyone gotten a job or has been taken seriously as a potential candidate by using TryHackMe rooms or other ctf platform as experience?

I see.

REALISTICALLY, what should expect my prospects to be when I get out of the army with only help desk experience (35 T MOS), and maybe certs such as aws, rhel and a masters in CIS?

in which country

https://tryhackme.com/resources/blog/olufelas-success-story

USA

https://tryhackme.com/resources/blog/michaels-success-story

https://tryhackme.com/resources/blog/tepis-success-story

Read those success stories and see how far THM can help you along

Thanks

Gave +1 Rep to @rugged delta

This 100% depends on how much of your experience in the army you can talk about. I know a couple of folks who couldn't get roles they had done in the army, because they couldn't talk about what they did as part of their work. They also didn't have any 3rd party accredited certs though, so they had to basically start at the bottom and work back up

Hey, so I'm looking at getting my A+ cert just to have it and have that to establish myself as a beginning. Does anyone have any suggestions on what to study/how to study? The practice questions seem super easy from the ones I'm taken

Ie: Study guides, exam practice questions, etc

Cert collecting isn't exactly a good thing. You'll want to come up with a plan on where you want to go.

That way you won't waste money on things you don't need

Certs aren't cheap

Well I need experience, hence why I was thinking about A+ just to branch into the field, and money isn't an issue.

A cert doesn't provide experience

A+ is required for most entry level positions, near me at least

Let's start from the beginning. What are you trying apply to?

Once we get an idea of your preferred trajectory, we can provide better information

A+ is really only for those that don't know what computer components are, kinda sorta

My plan at the moment is to acquire the A+ so I can get a help desk position nearby, as it's required. Once I have experience in the field, roughly 6-12 months and I obtain my Sec+ I was going to transfer somewhere else. I have a security clearance as well.

6 months is a little early but if you have a security clearance get sec+ first

That way you meet DOD 8570 and then you can skip helpdesk

Might be better just going directly for Sec+. They'll just assume you know how a computer kinda works at that stage

Hopefully this is the case, but governmental agencies aren't exactly the smartest. I have veterans pref + the clearance so I should be set. I'll study up for the Sec+ and just get it comped from post 9/11.

Do you have any suggestions as to what I should be putting my focus on for Sec+ in terms of THM Room's or study guides/exam questions?

I work in the government space, they just want warm bodies

I hate how true that is.

Get your Sec+ and start applying for 0-2 year experience positions

ClearanceJobs and USAJobs is your friend

If you're in the government area do you mind if I ask you what your GS rate is?

Get the latest Sybex guide or the latest All-In-One, they're both highly rated books and reasonably cheap

Contractor

Decent money then?

GS I think I'd be 12?

Oh very good money then.

Idk id have to look

roughly 100,000 TC is gs12

Yes, I make more than my direct counterparts

Uh maybe not 12 then

More than 8 less than 12

70,000 base + 30,000 benefits

Oh then yeah, 12

I only have 2 years experience as well

Thank you, my library only has SY0-501 unfortunately instead of SY0-601 so I'll have to bite the bullet on this

Gave +1 Rep to @rugged delta

Yeah I think the book is somewhere between 30-50 bucks, easy enough to afford

$31.49 paperback

$25 kindle

It's an investment in your career. At that price it's pretty cheap. I buy plenty of ebooks in that price range

Get Certified Get Ahead is good, Professor Messer on YouTube, and then Jason Dion Quizes

Ty I'll give these all a review

Gave +1 Rep to @stoic cave

@ashen obsidian I just passed the Sec+ 601 if you have any questions. I can give you some study material as well if you need any

I'd caution about sharing study materials if you paid for them. Free / commonly available resources, share away

That‘d be great, thanks

Gave +1 Rep to @mellow ledge

Good morning everyone! I’m trying to get my foot through the IT door. I’m looking for any internships or mentorships in the US (remote, or in the Salt Lake City area if on-site) I would greatly appreciate any leads! I have a CompTIA A+, Network+, security+ and working on the Cisco CCNA.

Is it normal to be required to answer a security hotline phone for a SOC analyst role? Should I consider a position that requires that or keep looking?

I would consider it, some SOCs do have that

Thanks

Gave +1 Rep to @pseudo creek

Hello, I just needed some advice

A recruiter just called me with a data center job interview with Google. I'm interested in them, but since I'm currently a security analyst, I wasn't sure if moving in this direction would be a good career move given that I already have a foot in the door.

if your goal is cyber security, then it wouldn't be a good career move

Hi,
i am preparing my CCSP certification. Do you know where i can find a test that is close the the real one ? I would like to verify that i'm ready as the test is expensive...

this book has 2 practice exams https://www.wiley.com/en-us/CCSP+Official+(ISC)2+Practice+Tests-p-9781119449225

Are these tests better (closer to real exam) than random PDF exam dumps we find on the Internet ?
I did some an do more than 80% but i do not know if they are accurate or if the real test is completely different (600$ to have a look is not in my budget)

Keep in mind that using "dumps" is more than likely against the exams rules and the proctors TOS

Exam dumps are definitely cheating. If you use one of those to study from, you are not learning the material, you are memorizing answers to specific questions. The Wiley books are usually pretty good to study from. Getting a cert should be about knowing the material not memorizing things you don't understand.

I agree with you. But having sets of questions that cover all the topics help you to see where you are not good enough.
So you can pinpoint subject to re-learn

Wiley includes sample exams in their cert books.

and Wiley sample are close from the exam question ?
I passed CISSP 1 year ago and i was surprised that questions had nothing to do with exam question...

A lot of questions in ISC2 exam are not black or white and you have to understand ISC2 point of view to answer right (Most/Least important, when they are a specific answer and a global term, and so on)

When i did my CISSP, i used only ISC2 materials and i was surprised during my exam. hopefully I passed but i would like to be a bit more prepared for the CCSP

Study guides and practice tests are to prepare you for the exam, it doesn't try to give you a similar format of questioning so you can pass it. The idea is to validate you have understood the various domains covered in the certification. SYBEX books (a Wiley imprint) are good.

i quite confident with all subjects. I am more concerned about "english words that i do not know" and "when 2 answers are correct and have to choose the best".

Yeah, the books do not attempt to provide insight into the question templating and composition style that (ISC)2 uses. But some study guides do give hints/tips.

That is what i really need.
I globally understood all topics (won't say i memorized all information). So, i would like to prepare myself to understand the question and ISC mindest. I just feel stupid when i know the subject but cannot answer correctly because i do not understand the question

There's no book to prepare you for that particular to an exam study guide or practice test. The question trickery is usually included to really validate someone understands the topic, although you'll pick up on key-words in questions, like when it says What is the best usually means there are two valid answers, but you have to pick the best one.

yes, i always identify the right answers. When i have to choose the best, i always think it depend on the context (and there is no context in the question)

Thank you all for your time. It looks like doing some shamanic incantations is the best way 🙂
I will panic a bit like for my CISSP and hope it will pass

Analytical oriented people (also dubbed Overthinkers) tend to struggle more with a multiple-choice format. 😄

The context is you don’t know any more info than they give you. 🤔😂

Has anyone done the SSCP? I was wondering if it would be worth it as a stepping stone if I already have a security+

Nope, sorry... I think my next will be AZ-500 and MS-500 as i'm more Microsoft oriented

Good luck with your exam. 👍 Let us know when you have passed it.

I've never known anyone who has done the SSCP. You are better to do the CISSP and claim associate of ISC2... but even better is focus on other technological certs

Greetings. I'm looking for input on getting my foot in the door for cyber security. I'm 43 years old and grew up with computers and always teaching myself things and went from being in the BBS scene to now. I never did go to college due to late ADHD diagnosis. I have taken the A+ and Network+ certs but have expired a decade ago. I work in a blue collar field with no practical IT experience. It's always been my dream to work in IT and would like to get into it. I've been listening to the darknet diaries podcast,doing a bunch of research. I'm just wondering where I should start to get my foot in the door at a decent wage since I still have to support my family with my decent wage now. I'm told tryhackme is a good place to start. I'd like to get into something like ethical hacking, pen testing or something along those lines in cyber security. I'll be self learning so I'd like to utilize my time as best as possible. Should I learn Linux, CCNA, Python or anything else first to get a grasp on things and make my resume more attractive? Just wondering what path to follow from the beginning.

Is it a bad idea to ask a recruiter if they can offer any insights as to what kinds of questions or concepts will be discussed in an upcoming technical interview?

A recruiter probably won't know.

What will be on the table for discussion are the job reqs that you looked at when you applied, and the things you put on your resume.

Hey, If you are completely new then Tyrhackme has some great paths to start of with like Pre Security, Security learning paths which i would highly recommend, then follow the offensicve security path on thm, do some other platforms in cyber security depending on your intrests like HTB, Cyberdefenders, Tryhackme ofcourse, Also a very good way to get into security positions in most countries is to get the OSCP so i would recommend investing in that, if you have the money to invest if not make blogs, videos, make a name it really helps participate in CTFs, Hackathons etc. a lot of countries look into those events and hire from them.a

Where can I find CTFs and Hackathons?

Usually announced on websites, blogs, social media pages etc... Use a search engine

Got my security + back in March my next step has been to write a resume for an entry level position in Cyber kind of had my eye on getting a roe as a SOC analyst. My job for the last 3 years has been in a NOC and prior to that I did LAN/WAN support for a year. I have no real Cybersecurity experience so the only thing I would have that would be Cybersecurity related would be my Security +. Was wondering if anyone could help me write a resume that would be tailored to an entry level SOC role or any entry level Cyber role.

Did your NOC role require you to monitor a log aggregator, and investigate weird network stuff?

for WAN/LAN/NOC role did you ever use anything like tcpdump or wireshark? did you configure ACLs?

Did you ever respond to security events in anyway?

Hey thm

So I'll keep it short and simple. I'm 24 years old and work at a Microsoft focussed MSP as a cloud engineer. This in itself is a pretty decent job with the possibility to become a cloud architect relatively easy.

However I really don't like microsoft. I am a opensource enthousiast and I really like cybersecurity.

I do have the option to work at a small security company as a security automation engineer. But Im afraid that the company where i work at right now is better career wise even tho it doesn't allign with my principle's. In the end of the day, Microsoft is truly everywhere.

Any advice?

follow the money

damn

microsadge it is

I'll say in general, a company doesn't provide better experience, they may provide better opportunities for moving within the company but working at a small company can provide a lot of experience that working at a larger company wouldn't

I've heard that a lot, that working at a small company gives more experience

and I say this as someone who works at a very large company

Its just that I really wanted to land a job in cybersec and I really like automating things but I just felt like cloud engineer is the "new" big thing and thats why I started at the big MSP

I felt like my future career would not be as big in the smoll cybersec company

maybe im just an idiot haha

True tho, So should I leave the big MSP if I dont feel like learning Azure stuff

I mean I should if I dont feel like this is for me right?

damn never thought that finding a fun job is harder then getting a job

sigh

I investigate alarms such as carrier circuits going off line to ports dropping as well as environmental alerts on devices. Not sure if the system we use to monitor the alerts would technically be considered a log aggregator.

I know for a fact we never used TCP dump but I think we may have had a system that was similar to it. As far as ACLs the only thing we would have done was to temporarily remove them to test a connection and then would place it right back in the config. I probably should have mentioned but I am trying to work with Try Hack Me regularly. I'm currently doing the Web Fundamentals track then hope to go into the pre security route then cyber defense route. I know they say to put that on my resume but not sure how I would fit that in. I feel I really need to just gut my whole resume and start over using a template.

Hey, i need some suggestions. I'm currently a pentester as a fresher and was thinking to maybe switch into a different cybersecurity role like auditor or analyst. I don't like learning programming that much and since a pentester needs that i was thinking that an auditor or analyst or any cybersecurity role which doesn't involve learning programming might be a better role. Is that a good choice?

Yeah i do white box

Sometimes gray too but so far it's white

I love cybersecurity but I'm tired of learning programming languages

@pine grove Is dsa important for cyber security jobs ?

ctftime for CTFs , hackathons depedns on your area

Coz u r community mentor 😁

🤣

Hello, i had a question, I'm a former cook, do you think if I follow the tryhackme courses doing ctf on website like root me could be enough to get a job ? I'm passionate about cybersecurity and I love following the courses but I was wondering if it could be enough

Sorry for my English I'm french though ahah

🤔 hard but not impossible right ?

Agree with lassi, getting into security without IT experience or education is going to be very difficult. You'll need to demonstrate competency in some other way

I mean how could I get IT experience without education?

Set up a very rigorous homelab, get some basic low-cost certs that are in-demand for the roles you want to interview for

Wich one are basic that i should aim for ? I don't really know what I want to do to start, but for now I'm more into pentesting, sorry for my question

You should be looking at the job market in your area and getting an idea from those posted job reqs

🤔 i see, thanks for your answer i won't take more of your time

Is it acceptable to ask how well you did on an interview towards the end? I asked and was told they will discuss it internally and get back to me .

I wouldn't

they wouldn't be kind enough to care about it tbh

You can usually ask for feedback if you're rejected. I'd recommend that.

oh no that sounds like me 😂 😭

I recommend taking security+ or network+ some people say A+ but im taking security+. If you're into that go on youtube and look up professor messer he goes through all the material. Another recommendation is to buy comptia book as extra material. But that is my take on it

the book btw is just extra you dont have to buy it but its a good idea if you are really into it

Hello Guys,

I work at Cisco as a Technical engineer within the firewall field only, might it hard to get a job as a DevOps engineer? do you think the DevOps is different field than CyberSecurity?

DevOps is a cultural way of managing IT processes within an organisation. There are lots of books/courses about the tools used to change the way software is created and managed within a DevOps environment. Something like 'The DevOps Handbook' by Gene Kim will gve you a good insight on it. There's a lot to learn about the systems and platforms used and how they're integrated.

DevSecOps is a modification to the DevOps method to integrate security into the culture of a DevOps-based organisation and its processes. DevSecOps is not completely security oriented and it doesn't cover all of the needs an organisation has with regard to its security

yes, its an IT field although there is DevSecOps... do you know development? Often you may need to work in cloud environments, use automation tools like ansible or terraform

thanks for the insight guys, much appreciated

Gotcha will do 🙂 Thank you

Gave +1 Rep to @pine grove

Minimum age is 18 for a job position. 🙂

Got it thank you 🙂

Gave +1 Rep to @distant pier

What are the worst aspects of working as a pentration tester ?

Often you'll be asked to work outside the standard 9-5 shift pattern to meet client deadlines
Clients are often problematic, often they don't understand what access you need for pentests
Clients can generally be a pain in the ass. Hopefully your managers will deal with most of their nonsense and you won't have to deal with much if any.

devs saying its a feature

Jobs that are advertised as penetration tester where in reality you're doing 75% non-offensive tasks. 😄

Anyone know if remote SOC jobs require you to install a system agent for security compliance? Or if monitoring is just browser/app based? I want to switch my host OS to Linux, but only if it won’t create barriers with remote work. However I’ll probably continue running Windows to be safe until I can afford a separate system for work.

That’d be ideal. Not sure what the industry is like in this regard.

That’s excellent news. I’ve known some scenarios, but it sounds like they may have been uncommon. Thanks.

Gave +1 Rep to @pine grove

only situation that would happen is super small companies where you might be the owner of the company and therefor buy your own laptop to use for work

I would not expose myself to the liability of processing company data on a personal device

Thanks. That’s a great point.

Especially something like the SOC or other infosec jobs. A lot of proprietary/confidential information is invovled there, I do not want my personal devices to be anywhere near it.

Thanks juun. This advice is solid.

Heya! I jsut finished the first beginner modules and know i'm struggling to choose between which next to take first (in a nutshell i'm aiming first for pentest and SOC, i'm a fulls tack developer), can't decide between Jr Penetration tester or Offensive pentesting

i know some parts are the same (and i'm gonna do both of them anyway)

so far i completed these

https://tryhackme.com/p/razed

You’re probably better off learning cyber defense skills first, since SOC jobs are more likely to be entry level. But if you still want to learn pen testing, I’d recommend starting with the Jr. Pentester path. Just know that it’s harder to land a pentester job with no experience.

i'm not especially looking to switch career, just slowly drift on the security side coming from dev

I see. Jr. Pentester path is easier and will prepare you for the Offensive path.

thx!

This. I would flat out refuse.

If a company is having their security department work on personal devices, they aren't taking security seriously.

If you are in the US they have to provide you with equipment.

There are laws around it

gives james s a forklift

Do you have any specific references?

BYOD was a huge thing a couple years ago including computers but IT generally will be provided equipment. I do know some people in the US who do have to use their own devices and it blows my mind

Ill have to dig it up but this is just stuff I have been passed down from my managers.

Let me see if i can find something official

Yeah, it's honestly wild.

yeah i would never work off a personal device

that asking for trouble.

There are plenty of reasons not to, but accountability if something happens when working on a personal device is nasty. much better to keep a separation....

Interesting, can you provide links to the this?

okay so i actually had it wrong

its a stipend or equipment

This is the closest to official i can find https://www.thehrdirector.com/features/flexible-working/five-things-employers-legally-need-home-workers/

but i asked my boss they are required to provide a reimbursment / stipend or the equipment itself

Hello! If there's any members in the server that could provide any pointers - Here's my current situation.

I'm currently looking for a job in the IT field - (to get my foot in the door, as i'm uncertified) - In the interim, i've been working on obtaining certificates (through THM and other various sources - like coursera) and within the near future, i'd like to get A+ certified. For the time being, i've been looking for a career in the IT Field and i'm uncertain - given my lack of experience on what would be a good entry point in any manner. I hope this is the right channel for this

Not sure if it will help but… Don’t get upset if you do not get a job. I used to apply for 10 jobs every day for months before someone even called me.

Get the certificates that are desirable for the field you want to be working in. When you get your first job work there for at least an year so it doesn’t look bad on your CV

if you are trying to get your foot in the door, certifications (vs certificates) are the best way to do it. A+, Network+ are good ones

My suggestion, having applied for 10 jobs in my life and having got 8 of them, is you need to vet the employer properly. Sending out blanket CVs that don't say much about you or showing them that you've researched them doesn't work.

You need to investigate them, spend time on their website, get to know their products (download and use them if possible), see what qualifications others who work in the job you want have and ensure you mention that you're interested in acquiring those qualifications in the near future as well.

Write a good cover letter, explain why you're switching to IT briefly then explain why you'd be a good investment / fit for the company. Don't write an essay, keep it concise.

Job hunting is an expenditure of energy on your behalf, it's not a 5 minute lazy process. No one owes you a job, so make sure you fight tooth and nail for it. Best of luck!

Thank you all for the pointers 🥰

@polar sedge Excellent advice here and above, however I would be careful which you go for. With IT being so broad, if you have a general idea of what you'd like to do - maybe aim for those more directly.

A+ will give you a techie job laying cable and fixing things, which is entry level but rather low pay. A Linux+ and Security+ may get you something more your speed depending on what you want. There's no need to 'start at the beginning' if you have no intention of being a techie. I bypassed that and went straight to Linux+ and got a very decent job.

Lots of people start out as IT helpdesk and lots of IT help desk require A+. Network+ can help get your foot in the door but if someone is barely starting out, they can find it intimidating. And it all depends but it is better to get your first job quickly, build up experience, use employer benefits for further certs / education, then get better job. More experience the better

This is also true. My switch was near mid-life so I didn't have much time to start with entry level experience. If you're young and have time to put in the hours that's definitely the better way to go as Zojja mentions. More experience is definitely better.

My switch is about at the start of my adult life. When i was younger (i’m 29, almost 30) i went to school for a degree that wasn’t computers or technology based (bachelors of business admin) because i thought law would be what i wanted. But after i graduated, i realized my interests were technology based and law wasn’t where i wanted to go.

Thats kind of what i was hoping. I know comptia is the standard, and A+/network+ and sec+ would all be good things to have under my belt

even with all those certs u gonne be having, u need to still buff yourself up and keep learning

i think i'm way younger than you guys but this field is challenging and require consistency

yeah, the field is for sure challenging

Wh

Hello I am a beginner in learning cybsec
I am currently in my final year of bachelors in IT (did not learn a lot it's a degree just for it's name sake)
I am not keen on programming, I find it quite boring I had to make my project using ASP.NET framework and c# which I did somehow just to pass
but when I was going through linux's fundamentals I found it quite interesting and fun to work with maybe THM makes it look that way, I did some python too in my second year and solved n queen problem water jug problem etc.... using but but found that quite boring to do as well
I am also doing my CCNA and find that interesting too.

I know cybersecurity is a huge domain but I am generalizing the question a bit
Is explicit programming a huge part of cybsec if not in entry level positions, does it increase as you make your way up or gain more experience? To be quite frank I am not even that good at programming or maybe I have been learning it the wrong way.

What suggestion do you all have? Do I need to adjust and master some language sparing my lack of enthusiasm aside? if yes which? Should I continue my CCNA study and build my basics in networking?

sorry if it's a long list of questions, I have been stressing over it a lot as I fear it's too late

programming is pretty rare in the cyber security field, some areas really want you to understand programs / be able to read them

I've been in cyber security for 18ish years, I've only done very limited scripting and it was by choice. A CCNA is overkill, Network+ is good. A CCNA is good but may be more than you need

Thanks for the advice zojja

Gave +1 Rep to @pseudo creek

What resources/method of learning would you suggest to understand code
The thing is there are so many langauges and at the same time bombardment of suggestions that I get, it's hard to decide where to give your 100%

Maybe start with some scripting. PowerShell, or some Python.

I think if you've done python / some programming, you should be good, i'd focus on other skills like networking, linux, Windows (including AD)

Thank you Zojja

Thanks Ryzome will keep that in mind

also cloud (AWS or azure) are also good skills to learn

Ah I have heard a lot about that but cloud computing overwhelms me to the core

Any particular reason? It's really just computers that aren't yours that you can access from anywhere*

It helps if you're already familiar with networking, traditional enterprise network infrastructure, and the virtualization of that. After that it is familiarizing with the cloud terminology. Takes time, but is highly interesting in my view. 🙂

and profitable in my view 🙂

Thanks Tim and zojja

Maybe it's because when I was in first year of my college one my profs asked me what cloud computing was and I explained cloud storage, the sarcastic comments I got are still in my mind, ofcourse i do now know the difference between the two

I would say at least learn the fundamentals of PowerShell (Microsoft Learn site or Powershell in a month of lunch book) and Python (Automate the boring stuff good book). That will serve your well no matter which part of InfoSec you get into or any part of IT for that matter. I got my CCNA early in my IT career (pre getting into Cyber) and I would agree it is overkill for the InfoSec field. A Network+ is good cert if you want one for networking. Cert or not, having a solid understanding of Networking is important. Professor Messer is a good resource for Network+ videos and they are free 🙂

Thanks and yes I am looking into network+, I'll have some break after my university exams might study what you mentioned at that time

It's interesting the CCNA vs Net+ dilemma. I'm in a position to change careers but with no great urgency and have been looking at a cert path into the industry. I could potentially do Net+ and Sec+ in the time it'd take me to do CCNA, but when time isn't a factor the CCNA is more comprehensive at the same cost and appears to carry more gravitas as a HR firewall bypass. I'm trying to build out a plan of how to start my journey and feel a networking cert is a solid foundation to the IT world before pivoting into security; however I am coming to this conclusion as a person not in IT haha.

Hello, i'm planning to do this path to have my first job: TryHackMe > eJPT > OSCP

I wanted to know if the OSCP is necessary to have my first job or i can do this certification later on ?

you might need to provide information like what country you are in, if you have a college degree, what other experience you have and most importantly, what type of job you are hoping to get

Just wondering if anyone know/has any internship roles in anywhere in cyber ( remote )? Or entry level positions.

It's worth keeping an eye on #jobs-board, and there's a cyber job hunting discord i can send you an invite to if you don't mind me DM'ing

Yes please do , thank you !

Gave +1 Rep to @trim hollow

Thank you for your answer. I'm from France, i don't have any college degree in cybersecurity. I've been working on the web as SEO/webmaster for 6 years now. I would like to be a pentester for my first job and then evolve in to another responsibility role

Gave +1 Rep to @pseudo creek

i'm also intrested by your cyber job discord if you can share it, it would be awesome

Sent 🙂

!docs verify

thanks

Gave +1 Rep to @trim hollow

Ok maybe i should try to work on my CV and show my automatisation projects and all my web projects

Hey, does anyone know a credible site that I can learn CompTIA CySA+ or PenTest+ at a cheap price?

Check out https://www.comptia.org/certifications

Udemy has a sale, most courses are like $15 rn

Thanks

Gave +1 Rep to @gray escarp

https://www.itpro.tv/courses/comptia/cysa-cs0002/

If you were 17 and had been doing infosec for 2 years and programming for 3 years, how would you plan on getting an infosec job?

I'm in this situation and I don't know how to proceed:
a) Doing certs has barely any value because companies don't want me because of my age so it's money waste since I will forget the cert content
b) Getting a job in IT will most likely be helpdesk
c) Continuing to learn infosec on platforms like htb and thm will give me no money

Focus on your education. As much as you can get for free/cheap.

@idle wren please chat to Hydra to get access to #jobs-board for advertising positions here

I'm starting university of applied sciences next week but everyone is accepted into the course (that's how edu works here), including folks without experience

So I have a very, very strong feeling I will be learning about Microsoft SQL database design and C# for the next 4 years 🥲

i believe the subjects will be vary in every school through out the year

It probably will yeah

I just hope some of the subjects will be relevant/interesting

u better hope so cuz i studied random sh*t during my college

Hope for the best prep for the worst

looks pretty good compare to mine ngl

This is actually similar to my comp science units

This guy has a full CySA+ course on youtube. https://www.youtube.com/c/CertifyBreakfast

That doesn't remove it's value...

On paper it doesn't

But it does make me kind of wonder how much I will learn (it's all assumptions, though)

It has value to employers etc

Whoops I meant that on paper it doesn't remove it's value

Is coding matter in hacking i am thinking to buy a coarse of python like i know basics of python

Python is always more than welcome in Cybersecurity world. Also, it will help you automate ton of borring stuff

Anyone have any tips for getting over job hunting burnout? I've been going for a few months and it's rough.

Don't spend all your time job hunting, set a day or two a week for it. Spend more time refining your CV/Resume for the jobs you're applying to (be specific about the skills you have that apply or are transferable) and improving your skillset

Write a cover letter for each job but make it personal.

Spend some of your days doing things you enjoy doing without worrying about the job application aspect

This doesn't look bad. If you can, try to get into a public speak course and a law class or two

How personal are we talking? I have a cover letter that I use but it's fairly generic.

Talk to your academic advisor about the law stuff. You might be able to get admined in to a course with prerequisites

Applying for jobs is itself a full time job. You should have a distinct resume per job you're applying to. The shotgun approach doesn't really work.

If you're going to write a cover letter, personalize it to the job. They shouldn't be copy and paste

Hmm

Thanks for the tips

Do you have any examples of a cover letter then? 😅 I promise I won't plagiarize.

Oh I also had a question about resumes. How important is it to keep it all on one page?

If you are not a seasoned expert in the field you should be sticking to one page

One page, hard stop.

I guess if you have 20+ years of experience you can go to two, but even then idk.

👌

Disagree. The resume should be as short as you need to communicate your work history, skills, and relevant experiences

Sometimes that is a bit longer than 1 page - be absolutely sure that if you go longer than that, that it doesn't have any unnecessary items

Mine is 2 pages, I might need to go to 3 but we’ll see, I have a lot of relevant experience but I’d say most people with 10 years or less experience should be able to keep it to 1 page

It also depends where the resume is going. Specifically to an individual you know is going to review it should be as short as necessary to communicate skill set. A job board or a large company? Pad it with keywords. Most resumes are parsed and scored with an algorithm, especially if it’s Federal (US) or government service. It won’t make it to a real person without scoring well and you need to hit enough keywords to do that.

Prepare several versions of your resume, basically.

I'm looking for a Cloud Cyber Security Engineer, to be based in any of these locations, Macclesfield - UK, Chennai - India, Guadalajara - Mexico, or Gaithersburg - US. Hit me up if interested https://astrazeneca.wd3.myworkdayjobs.com/Careers/job/US---Gaithersburg---MD/Cyber-Security-Engineer_R-138953

If you plan on posting more roles, please talk to @tacit bobcat to verify recruiter status so you can post to #jobs-board

hey, please email me at hydra@tryhackme.com from your corporate email with the postings and I'll validate recruiter status to be able to post on the jobs board

Done

Hello, I am very interested in cybersecurity and particularly in hacking, can someone tell me where to start and what is the path to follow ? if you want you can send me a private message

You could have a look over here at #start-here

TryHackMe has some good content to read through and give you a taste, and what you want to expand on I'm sure THM has more materials on it, if not it will give you a good starting point to google.

do you have any references other than THM? written lessons or something else?

So, I have to follow the pre-security first and then choose between offensive and defensive?

try and see what satisfies your curiosity.

How realistic is making a career out of pentesting? I feel like it seems cool on paper until you think about demand. I assume most of the work is in consulting and contract work?

I'm currently at an MSP and enjoy the day to day problem solving. I've only broken into the IT field but I've known for a long time I enjoy security and trying to work out how to optimise time and how to make the most opportunity. The next logical step at least seems to be sysadmin or security engineer but any assistance from people in the field would be greatly appreciated

It's very realistic.
Plenty of demand, and you'll likely work for a company that either does it for their internal stuff or does contracting/consulting for other companies.

id say it gets tiring at times and leads to a lot of burnout if you are on a consulting place i feel, Ofcourse those are not permanent things but they do happen, Thats id say internal pentesting teams are much better, Also personally role wise i feel purple teaming( security engineer) is the best balance of things

Thanks for that @quick forum @stark marlin

Gave +1 Rep to @quick forum

Gonna take my MD100/101 soon to make work happy, then try to figure out what security cert I wanna do

if you looking for a good secuirty cert later on would recommend eJPT and then OSCP or directly OSCP

Yeah oscp is definitely on my list

But I figure doing some easier ones first then working up to that wouldn't hurt

yeaah indeed

Practicing on THM and other platforms can teach you a lot about cybersecurity/pentesting and there are plenty of guides, like this one from the THM blog:
https://tryhackme.com/resources/blog/going-from-zero-to-hero

You might also consider these recommendations about how to organise your training and pursuits to achieve what you want:
https://tryhackme.com/resources/blog/online-training-for-careers

It's also worth knowing a little bit about the job market and where you might want to direct your goals and your future career. Although we all enjoy learning ethical hacking, there is a broad range of positions in the field:
https://tryhackme.com/resources/blog/cyber-security-job-market-2022

You're amazing, thank you @rugged delta

Gave +1 Rep to @rugged delta

I've been interested in security for quite some time and security as a whole interests me just as much as the hacking subsection

Doing about 1-2 hrs a night after work

Just working through all the fundamentals

The complete guide is definitely nice though 😉

Keep it up, enjoy the journey, take lots of notes, don't be afraid to google something if you're stuck

Hey all! I am currently heading into my final interview for saas sales for cybersecurity and needing to do a discovery call. I am picking the company Coinbase and are there any suggestions or good questions for me to ask? Would love any advice! thanks guys

Hey ya'll! Would love to know if there are any mentors out there willing to help folks learn about cyber security!

Thank ya!

Please don't post the same message in multiple channels

Hi all,

I need some guidance on how I can start cybersecurity?
currently working as a desktop support engineer

hey i cant dedicate and be a direct mentor but if you need help/have questions feel free to reach out , also for mentors i think you can find em here : https://cybermentordojo.com/

^ The same for you as well

Thank you so much!! I really appreciate your help!

Gave +1 Rep to @stark marlin

no problems at all happy to help

Hello everyone! I've got an interview for my first IT job as a cyber security analyst tomorrow and was wondering if anyone has recently went through the hiring process for this position or something similar to it

Any resources shared would be appreciated!!

what is your global rank in thm

Hey @lean night,

I'll give you the advice I would give my younger self.

1. Be yourself, show your human side. People will work with you and need to see that you're pleasant, a team player, good under pressure etc.

2. Study the company you're applying for. Don't walk in blind. Know what they do, know their tech and try and play around with it (I usually did a 6hr recon of their stuff to say I know my way around it). If you don't know it, look up what skills people in the department you're applying to have on LinkedIn.

3. Don't walk in scared and let them dominate the interview, you need to control it as much as HR will without meaning that you should run the interview. Just don't let them talk your salary down or your role.

4. Ask questions you want to know, things like what the company offers you in return, leave days, how the team works during the holidays, if there is a continuing education programme / fund for courses etc.

You're trying them on as much as they're testing you out. Be kind, be humble, be happy and I'm sure you'll nail it bud!

Such quality advice! Thank you very much!!

Gave +1 Rep to @uneven igloo

Good luck 🍀

Particularly 4) make sure it wasn't in the job description etc, because that tells me that you didn't read it carefully.

thank you!

Gave +1 Rep to @undone robin

+1 thank you sir

lol just got an email about a role

4 days WFH and 1 Day onsite.
Title : Penetration Testers – DV Cleared required.

what's the need for dv if it's all at home (contract)

How many people even have DV?

I've heard it's a pain to get

How would one say they basically one manned an entire company wide win 10 migration in a resume? I did everything from imaging, backups, scheduling replacements, doing the replacements and returning assets to our vendors....but I'm having difficulty wording it in a not so wordy bullet point.....

"Technical lead for migration effort to win10. Responsibilities included <list of problems>"

Thank you thank you

DV is for Top Secret stuff right? woulda thought the access control on that would be tight XD

Something tells me you wouldn't get told that in an FOI request

At least in the US, you can look that up

May not be exact but it's close

Looking around on the webs, looks like there are 250,000 queries per year in the UK

wow, i wonder how many get it

UK gov says majority without issue

Question for other experienced interviewers. Personally I didn't really care when we received resumes that were two pages but what about everyone else? Does the "keep it to one page" really actually matter?

IMO it only matters when a candidate cannot get the essentials of their history and experiences. If it's succinct and goes beyond a page... that doesn't matter to me

thanks

hello all, i kinda feel awkward in my first job. I graduated this past spring and started working as a "security engineer". The issue I am having is the lack of "hands on" due to the company having a MSP. I feel like a role where I am more engaged (hands on) would suit me more early on in my career due to me learning best this way but my current role is definitely exposing me to a ton of new things and Im learning a ton. Also, there are plenty of great career opportunities my boss has already put me in even though ive been there for such a short period. Its just frustrating to me that we have to go through the MSP for issues or certain things and our team/org is restricted due to this. Any tips? Am I panicking a little since Im so new or should I try to find a diff job somewhere?

Look for training opportunities - an MSP will still need oversight, and being in that management type role many not mean you'll get the hands on experience from starting at the bottom, but you will be placed to be a decision maker much sooner.

What do you mean by training opportunities? Like for certs and such? Also, that is true but I find it awkward because im oversight for these individuals though i hardly know much when it comes to actual environments (if that makes sense). I feel im not that knowledgeable enough to be in that role.

I’ve been invited to do a 4 part CTF as part of a job interview. Should be fun.
Anyone else have a hiring process like that?

yes but not 4 step

most I got was a 2 step, assessment and interview after

Hi, I have an interview next week for a security engineer role (purple team). Here is the job description

Job Description

Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team.
Qualifications

    Experience in a technical role in the areas of Security Operations, Detection Engineering, Threat Intelligence, Penetration Testing, Red Teaming, Purple Teaming, Threat Hunting or Incident Response
    A strong understanding of system internals and security mechanisms related to the Windows Operating system and Active Directory
    Experience working with Windows security logging in either a forensic, threat hunt, incident response investigation, or red team operational security research capacity
    A strong understanding of networking including how firewalls, load balancers, and proxies function within a large enterprise network
    Understand system and network telemetry generated by Endpoint Detection and Response (EDR) tools
    Functional understanding of how threat actors gain access, move laterally, privilege escalate, set persistence, and evade defenses to achieve objectives
    Ability to critically examine an organization’s systems through the perspective of a threat actor and articulate risk in a clear and precise manner
    Be able to communicate, both verbally and in written form, technical and risk based information to individuals with a variety of both technical and non-technical backgrounds

I don't see how this role is different than penetration testing. Do you have any comments?

Is the role for a penetration tester, soc analyst, forensics analyst, security architect, red teamer, blue teamer, risk manager, incident responder or team lead?

Security engineer (purple team) this is the role

Okay, I was wondering from your previous comment where you said you couldn't see how it's different to pentesting. The description seems to have elements of all kinds of roles and positions. Since I don't know what kind of organisation you're applying to, it's very difficult to suggest anything to you because it looks like they want someone who knows how to perform every role in the cybersecurity division while also managing it and reporting about it to senior management, while also researching, designing, implementing and maintaining the entire operation...

There's no discussion of the specific qualifications or experience or the specific responsibilities or what team you'd be working with. There's no separation of duties hinted. It's practically the contents of a high level certification book and career prospectus with none of the meat...

Is there anywhere in the job description where they tell you exactly what you'd be doing?

yeah it sounds like a crazy work where they are trying to get away with hiring a single person for a 2 whole teams of people

hello, i’m looking to get into cybersecurity and i have some questions. i was wondering if anyone is open to having a 1 on 1 discussion to help answer questions i may have. i would appreciate it.

Hey Ayanami, just post your questions here 🙂 you're more likely to get engagement that way!

I’m looking to get into cybersecurity and start a career. I signed up for a bootcamp to start in a couple of weeks which teaches: Networking, Systems, Ethical Hacking and Penetration amongst other things. Would it be the ideal route for someone to get into cybersecurity or would it be a waste and be better to self teach?

Please read the rules as well ( particularly rule 1 ) 🙂 but welcome!

Boot camps in general don’t seem to do much for cybersecurity as they are basically used to study for certs, sometimes certs that aren’t very good for getting a job

Do sysadmin skills translate to dfir?

What route would i take then if i want to start a career? Would it mainly be self studying or sign up for courses to pass the exam certification?

Kind of.. especially system forensics

Look at local listings for entry and mid-level positions. I think it's fine to spend money out of your own pocket to get the intial certs such as CCNA, Net+, etc, but spend as little as possible to get the job.

System forensics?

Yes.. like forensics potentially investigating servers and desktops

As I was looking into the program it seems as though besides the curriculum itself they provide you with career services in which they help build your portfolio and match you with companies looking for candidates. But it says that’s it’s mainly to prepare for Security+ exam so it’s as though it’s opening a door to start a career in it? However i’m just hesitant in which if it’s the best way to go or if i’m spending more than i need to.

Career matching with boot camps is very sketchy. Unless they have a deal where you don't pay until you get a full time job, the 'best effort' matchmaking is usually 'almost no effort'

Security+ is a great cert which you can study for on your own

Not this one, it’s having me pay while i’m taking the course and won’t assign a certificate of completion for it unless i pay it off within 6 months.

certificate of completion is not a certification

be wary of stuff like that; is the cost of the sec+ exam included in the boot camp cost?

Anything that offers a certificate of completion sounds scammy to me

I meant for career services to “help” look for a job requires that. My bad

No employer cares about certificate of completions

I think it’s just there to show you completed the course lol

No employer cares if you completed a course, they care about the certification

and yes it’s included. however you get to choose which of the comptia exams you want to take

This still sounds a little sketchy - you may be able to take a prep course from a local jr or community college for much less than the boot camp cost

It says it helps gain experience with: Wireshark, Kali Linux, Metasploit, Nessus, amongst other things and prepares you for comptia exams and for CEH

IMO, you are better off spending a fraction of the money for a THM sub and textbooks for the certs you actually want to sit the exam for. CEH is also limited opportunity outside of India.

i heard a lot of bad review from people i know about CEH

I’m looking to get into tech and cybersecurity as a whole. However I have no previous experience so which certifications do i go for that the employers look for?

@winged osprey

Entry level is Security+ and hate to say it, employers want some IT experience generally so a job such as IT help desk will help get your foot in the door

And what juun said