#cyber-and-careers

hı,I could not find the answer to the first question in tryhackme,please help me subject intro to offensive security

#room-help 🙂 it’s best to ask there

okey

Lists of stuff are taking up waaaaay too much room. Trim that down to a course or a program, not "here's everything we've ever touched on"

Does anyone here have any YouTube recommendations such as people explaining stuff better and like a walkthrough of different topics

I personally would not include too much details about THM, HTB paths it shows you have passion sure but it bloats your CV a lot

Hello guys! Im very interested in learning infosec, I love cybersecurity and solving puzzles..... BUT its a little bit off-putting to know that most systems nowadays are too secure to be hacked, especially android and iOS.... Also on bugbounties for example I would have to compete with geniuses who started coding when they were 5 years old and dream in code etc.
Is it possible to hack and find vulnerabilities as an average hacker enthusiast without being a genius prodigy dreaming in code?

just keep learning honestly, and do research on whatever u feel confuse about not just leave it aside and move on. Ask for help when needed (Google first tho)

I haven't done any bug bounty but I think this topic requires deep knowledge about what u are researching

You can't live your life thinking it's going to be too difficult to get up to peak level in any domain. You're starting at the start so just keep building, day by day. Realise where you are and work on getting to the next step, It's the only way.

Properly engineered systems are difficult to hack because the people who create them spend time figuring out ways they're insecure and put up barriers. Ethically speaking, it's important for us to learn how to hack the systems we have in place so that we can correct them but lots of bugs still exist.

It is possible for you to find vulnerabilities in systems while competing with others who have been doing this a long time but not as much until you're better skilled. Luckily for you, it's possible to learn these skills through THM and other sources that we frequently discuss here. Then it's just down to hard work and developing skills

Also do any of the attacks taught on THM work in real life? For example... WPA is obsolete and most modern routers have WPA2 which is uncrackable... ARP spoofing works only on http and most sites use HTTPS nowadays.... social engineering is almost always required to make a person download your .exe and even then the user gets a notification that its from an unknown developer.... also any script will be blocked by windows defender unless you are really really innovative and code something completely new in python which will not be recognized as malicious software

and so on

I understand, its a good answer thanks... So I guess its like a game of cat and mouse

Gave +1 Rep to @rugged delta

We learn about tech like WPA and older protocols because newer tech is built on older ideas frequently so that you understand the basics. And yes in THM you can learn newer hacking techniques but things are taught from the basics so that you get familiar with things in a way that isn't too taxing

Yeah, I understand... That makes sense its a good approach definitely

Learning the skills needed takes time and patience and effort on your part, It's not like in the movies. It's a set of skills to be learned and practiced and repeated over and over again

I understand... I just fear that Im too old to start learning infosec... im getting 30... I have experience in web dev only... Is it too late to start working on a career change?

never too late 😄

Lots of people find their way into infosec in their 30s, 40s and older. It's not practical to think in terms of being too old. People change careers often these days and learn whole new skillsets. You just have to decide if it's something you want to do and then to just pursue it. It's up to you to decide if the field is something you want to work in. Don't let ideas like your age hold you back from doing something important to you or that you might enjoy...

+rep @rugged delta good advices thank you too for this

Gave +1 Rep to @rugged delta

Thanks, thats motivating to me

Gave +1 Rep to @rugged delta

Hi all, I was wondering if anyone had any experience with remote cybersec functions. I'm Net+ & Sec+ certified, living in Europe and curious to explore working for US companies. Curious to hear what you think!

US companies will require you to be in the US with the right to work in the US. If you have US companies in your current country, that is best way to work for a US company

Hello everyone, I am studying to become a pentester in the future and have one question. How much programming skill should I have and in what language?

also on this point, most remote jobs are more advanced roles ( Mid-senior level ), so if you are starting out in cyber security looking for a remote role is going to be very hard

the answer is 'it depends'.... I would expect a pentester to have a working knowledge of javascript and python. Depending where you work would depend how much knowledge

Okay, thanks. So It's a good idea to just have some examples of proficiency with JS and python in a resume? Appreciate the help.

Gave +1 Rep to @pseudo creek

Hey guys, i am a german computer science student and am currently learning cybersecurity with tryhackme, i have to do an internship for my studies and wanted to do it in japan, does anybody have any experience or can give me any tips how i should pursue this? Appreciate the help 🙂

Just an FYI, Japan is notoriously hard to get into for a full-time position. Realistically, I don't see this being a possibility but I would talk to the German Consulate and look into the process of working abroad

Hi everyone, currently I am in a cyber security bootcamp and loving it. I am wondering what are some entry level cyber security jobs that is good for someone who will have 3 months education?

A bootcamp does not count as 'experience'. It would be education, but experience always refers to 'paid experience doing a thing as part of a role or job'

okay, my fault

After going through some of the rooms in the new red team engagement rooms. I found that I would really enjoy that as a career with previously gunning for penetration testing. Are these jobs generally in military / big corporations or can I just look up red cell operator jobs?

Red teaming is usually something you do after getting experience with pentesting, which is usually something you do after getting experience with security or IT elsewhere

Oh cool! Thanks for letting me know

Question. If you were hiring for a Jr Cyber Security Analyst. What would you deem an appropriate annual salary? This job application asked me what my target wage is and it caught me off guard.

I saw that message before you deleted it XD What country and area are you in (it's gonna be more expensive to live in London than, say the country with a remote role), what does the role entail. Are you in a job currently?

ah, I'm in Washington State. I know the range that the title holds according to Indeed, 70k to 89k ....... but maybe I'm just making more complicated than need be. Haha yeah This question was better suited here than the other channel lol.

that 70 to 90 k is pretty reasonable - if you have other cyber or IT experience, I would expect to be closer to the top end. As a first job, that's ballpark what I would expect

I'm in Aus and currently working in helpdesk. Doing my md100/101 but put that on the backburner while I spend my evenings on thm. Long story short I'm looking for any advice for certs to passively work towards in security with OSCP/CISSP as a sort of mid term goal, although any other advice for useful security certs in Australia would be a plus. Realistically I'm not even sure how long it would take to get OSCP from where I am with 2-3 hrs a night of study on weekdays and 8 hrs a day on weekends, but I figure things between here (no security certs) and there (with OSCP)

Hey, my main goal is to become a cyber security analyst, I am studying to get a CCNA certificate and I would like to ask you what should I do next after CCNA, get a job or get another certificate like Security + ?

How hard is to get a job without being a graduate?

It depends

It all depends on what you want to do, what skills you have, etc

We have some openings at the company I work for. Is anybody interested in a Sr. Cloud Security Engineer position. Looking for someone with static code analysis experience, programming exp., that knows security. Role will allow the individual to work on Red Team and pentest engagements as time permits. Must be US based. If this is against the rules please delete. I wasn't able to post on the jobs-board.

If you'd like to post a role to the #jobs-board , you can verify your recruiter status with @tacit bobcat 🙂

Email me at hydra@tryhackme.com with the posting(s) from your corpo account

Mention your discord name too please

cool thanks

HI everyone, got a question or wanted an opinion on this. I have 3 years as help-desk and I have been always interested in Cyber Security but never really venture myself to deep on it, the deepest I have done is install Kali on my computer and use Tor and setting it up (with youtube help). And I was thinking on trying to make the change of career to a SOC analyst, would a 1 year of going full on THM and other platforms be enough to at least start looking or be considered at this position, thanks and sorry for the long post

THM will 100% prepare you for a SOC analyst role. I'd argue that if you did the first few intro paths you'd be way more suited and ready for a cyber role than someone with a master's degree in cyber and no experience

Doing something like the intro to cyber, complete beginner, pre security, jr penetration test path will likely make you more technically sound then your average soc analyst

What’s the starting salary for a jr pentester?

Yeah, I plan on completing the entire series. Really excited that they introduced red team training into the program.

Search the job sites based on the job role description and limit the search for your local area. Most of the job sites will show median salary bands (ranges). Example: https://www.indeed.com/career/salaries

I’ve ran into a few jr pentesters that have claimed to be making six figure after only six months into their new careers. And this isn’t one or two of them, this was maybe 8 jr pentesters that I got to talk to.

Thank you for respoding! would adding certs like Sec+, Net+, EJPT and such would be even better or even without those certs think a SOC analyst position would be reachable? I am planning to dedicate myself 1 whole year to try and get to a SOC like studying and practicing at least 5 hrs every weekday

Gave +1 Rep to @vocal depot

That's probably overkill, unless you're into the whole sigma grindset thing. My old job only really -would like- a Sec+ but there are lots of SOCs that are looking for a certain level of technical aptitude and mostly passion

eJPT is a superb cert, though

Awsome! Thanks man! I will start then with the paths you mentioned before.

That and network as much as you can

Gatekeeping in this industry is out of control and has been for a long time. But I can speak with total confidence that the technical aptitude of your average soc analyst isn't really that high, so that will be the easiest thing to shore up

lmao i am on the same position, but would like to do it in germany 🙂

hey, one of my profs once told me about some companies here in germany which offer internships as pentester regularly i can ask him for you when semester starts if you want to 🙂

that would be awesome <3. The problem is i dont know german yet... 😦

i dont think thats a huge problem, here in germany ppl are good in english especially ppl who work in IT

i dont have that much luck in japan 😛

yep that's great! but i checked many job and most of them required german knownledge or experience... that's why i was looking for an intern, thank you anyway!

Gave +1 Rep to @manic forge

@fervent mango @manic forge Again, just a reminder because I think ive talked to both of you about this, finding internships abroad is rare. You're going to need to look at the labor laws of each country and what is required to get a work visa in each. With Germany, you can get a work visa by going there for your education. Education, the last time I was there (2019) was free for everyone, including foreigners. Previously it had just been for residents when I was looking at universities in 2014/2015. Japan, is a notoriously difficult country to 1) get into and 2) work in. Their work culture is the polar opposite of western work culture.

@stoic cave Thanks for the info, i know its super hard, especially because internships arent really a thing in japan, i will get some help with visa and stuff like that from the "international office" in my uni but its something i definitely wanna try since it will be a great work experience even if the work culture in japan can really be horrible

Gave +1 Rep to @stoic cave

Any fintech internships opportunities in here?

possible Health internship next year for offsec

Hey I have a question: I am in the process of getting my 2yr computer science degree. I'm not sure what specific path I want to go but I am interested in security.

Hey all, wondering if there is anyways for a freshman college student who is fluent in python to earn money while in school

What's your question? I would suggest checking out the content on #start-here and then going from there

Most people start their computing career doing some sort of tech support or building websites or helping out in a local computer shop. It really depends how much time you have between your courses and your deadlines

Hi everyone !! Hope you all are doing great. I have come across many pentesting/ethical hacking courses on internet but are there any one-shot SOC/Blue Team courses which are affordable as well, all I have found till now is soc path from cybrary or individual topics playlists.

I need a one-shot complete course that is affordable as well

https://securityblue.team have several blue teaming certs I've heard good things about

maybe you can work part-time at one of those programming day camps for k-12 students

i dont know anything about actually working there (or where ones in different states/countries are located) but i have received emails before that were asking for college students who wanted to work at one part-time

guys do u advise me to go through intro to cybersecurity after finishing pre-cyber or it is fine to jump to cyber defense?

Im beginning my application for my masters degree this year and this has been a major concern for me as realistically im looking into moving after university but im not sure how compatible cyber security is with working remotely

Very

i should clarify its less the actual idea as a whole since thats understandably possible but realistically would i be able to get a job in time because from what i know its a competitive field

i know i could always get a remote job as a programmer its just where i intend to move has strange rules on how many foreigners can get work licenses per year so ill essentially need to mke sure i can get a job in time and support myself for the time being

Without experience? It's hard

yea i figured, id probably need some sort of other job to support myself, thankfully the place i want to move is fairly cheap

a modest 8200 euros per year

thank the lord

plus rent but still could be so much higher

well thank you for the information ill look more into what i can do to make it easier to get jobs

Gave +1 Rep to @quick forum

my degree will only help so much since itll be in data science assuming i get accepted into my masters programme

Masters in cyber is often a bad idea

its also not offered where im applying haha

the only nearby uni that even offered a masters in cyber is in sweden

a far cry from where im applying

A masters generally can make entry level jobs difficult

i am a fan of education also so is my family and ill be able to better help my family as someone with higher education so im going to get a masters in data science but yea if sticking with a bachelors was really an option id take it

Just look into overqualification

im not so worried about over qualification ^_^ i have multiple qualifications that arent related to cyber but are able to get me a job until i can get one

i just need to be careful about it because those qualifications are only good for seasonal jobs

Overqualification makws it hard to get your foot in the door

How to get Internships?

Why all job ads are looking for senior positions 🤦🏼‍♂️🤦🏼‍♂️🤦🏼‍♂️ hire juniors and let them gain experience in your company and then make them seniors 🤦🏼‍♂️🤦🏼‍♂️ Such a simple thing and yet not many companies do it.

Because juniors they train don’t stay and they need seniors now and it takes years to have a skilled senior

That is very dependent by what country you are in. In the US, you generally need to be a college student

They do not stay because they do not pay enough or the conditions are not good. So why would any senior join such place

This is a very narrowminded view

They don’t stay because juniors are paid junior rates and an advanced junior knows they can make more elsewhere, jumping is a common technique to increase pay

🤷🏼‍♂️ what is your view. If I’ve worked somewhere and enjoyed it and they offer to promote me to a senior why would I leave

So a junior with training and a little experience can generally get paid more by moving companies so they do so companies don’t want to spend resources and money to train juniors knowing they would leave

Companies also know that instead of paying to train someone, it is cheaper to convince them to move to their company

It takes a good 5 to 7 years (and sometimes more) to train someone to senior

There are ways to make people stay. I think by hiring someone that never worked for the company and puting them on a senior level position is like having a junior for the first year or so.

Not really

So essentially every company is hiring for a senior positions but everyone is applying for junior positions because pay to duties rates are better.

When we list for senior roles, we get dozens of applicants so seniors are applying to senior roles

Of course we get 100+ applicants on our junior roles

Well don’t know if you’d believe me on this but during the past year I have been applying for 5 junior level positions every day. Despite my university degree in cybersecurity and work experience I haven’t even got a phone call from anyone to even tell me they don’t need me. It’s just depressing.

And I can imagine most companies are receiving 10s or 100s of applicants for every position

So that’s where my frustration comes from. I mostly see senior level ads

It sounds like your resume needs to be reviewed or you are applying to the wrong roles

I know someone who applied to 100+ jobs, no interviews, they asked for feedback on their resume, did updates and got a job within 2 weeks

I have like 5 resumes depending on the type of work I am applying for. Where did they ask for the feedback? I might have to get mine checked

Can I DM you a cyber jobs discord to join?

Yep

You might not be able to tho.

I am from India 3rd year under graduate students still hard for men to get internship

Hello

How hard is doing cyber security

?

Can anyone tell me

Your question doesn't make sense. There's way too much to cybersecurity to assign a difficulty to "doing" cybersecurity

For example, using good passwords is cybersecurity. Is that difficult?

Cybersecurity in like jobs

Maybe making a new firewall?

Or what do you usually do in cybersecurity as a job

There is no usual

What do you do as a person with that job

?

There are various jobs in that field.
You might want to check out:
https://tryhackme.com/path-action/introtocyber/join

I'm contemplating jumping over to HackTheBox after I feel done with TryHackMe. However, I wonder if the information will be redundant, or if HTB has something more to teach than THM.

The stuff you learn on THM will certainly help you on HTB. Whether you enjoy the platform is up to you but it can benefit you in numberous ways

I feel like THM is much better for learning while htb is just for practice.

Well if you have a good interest nothing is hard and if you fell hard start from basics.
At a point everything is hard until and unless you don't start learning and working on that thing

@stoic cave I understand certificates aren't certifications. Ok so I need to focus more on getting actual certifications then when it comes to getting into the workforce

Yes and no

It depends on where you want to end up

Security+ is a foundational certification in cybersecurity

I would love to get towards pentesting and red teaming but I am hopefully looking to start off in a SOC analyst position

So you'll want that one. However, it has almost no use if you have no professional experience due to cybersecurity and its domains not really being entry level

Do you have a degree?

No but I have experience in IT overall (as broad as that is)

im familiar with navigating Linux and basic windows trouble shooting

as well as mac

every day im on tryhackme trying to learn and grow more

Like actual professional experience?

yes

Helpdesk mainly

If so, get security+ and start applying for SOC roles

How does one go about finding a mentor here

someone I can turrn to without looking like an idiot lol

Just ask questions here when you have them

Everyone started somewhere

I have noticed many "gatekeepers" and it kinda discourages me but ill see how it plays out

either way thank you for answering my questions

Not a problem

If i may ask, what do you see as gatekeeping?

just people making comments like, "The industry is saturated, you are better off not even trying"

Huh

"stick to IT"

Don't listen to those people

That's actually bad advice

I thought it was going to be more along the lines of "why does entry cyber require some experience"

and its bad enough sometimes I feel a little overwhelmed when learning lol

it can get overwhelming at times.

Yeah and sometimes I dont know how to verbalize what im trying to find on google

as long as you enjoy it and you're passionate you'll be fine.

learn stress management

that comes with practice and observing others doing it

Cyber is definitely putting your mouth on a firehose

Don't let it put you out

"drinking from a fire hose"

which is all Ive been doing im just consuming everything I can

Same position

Not for long, only about 6 months

Funnily enough came to ask a similar question

I do regret not doing security study earlier though since I've known I've really liked it for a long time

same ever since i watched the movie hackers as a kid lol im getting a late start but hopefully ill catch up.

Just keep putting in the time @plush ice , you will get there. The lessons you learn at this time in entry roles will be invaluable later on. So much relies on the basics like networking and learning how Linux and Windows/AD works.

As for a mentor, I have been in the business for about 9 years now and do a mix of security and sysadmin work in my current role. Feel free to reach out directly or just post here if you questions or want some guidance. Lots of experienced people here willing to help.

Just like you though using platforms like THM to stay sharp.

Sounds like you are on the right path

heyy
can someone verify me

!docs verify

how

okay thanks

Gave +1 Rep to @pine grove

Anyone here leave their career mid-way to go into cybersecurity? Like complete career fork?

Yo can anyone tell me how to get into cyber security i have done the basics of python i would appreciate if some can tell me what to do next

Not me, but my coworker who had a masters degree in classical gutair, dropped EVERYTHING to get the oscp cert thinking it was that or nothing going into the field and he got it after 5 months of no experience before hand and he’s doing great

@supple arch Dang! That is inspiring!

Yeah ikr, he invites me for lunch and learn attack labs and I love it

(I’m an intern)

That's awesome, I'm filling all my free time with learning while doing my day job. Hopefully will hit a tipping point in the future where I will start applying to things I have no work experience for.

There is a guy who went from being a pool man to a penetration tester

I work with all sorts of people from various backgrounds

That’s awesome. I left a twenty year career as a medical assistant to pursue cyber security.

damn thats impressive as well dude

wish you all the best

Thank you, but it’s been a struggle. There have been times I wanted to quit my training. But I’m pushing through.

Gave +1 Rep to @stark marlin

That happens a lot in cuber security tbh the best advice i have to minimise that is get a group of people about your level or a bit higher and do ctfs boxes with them

it helps a lot when you are not just banging your head on stuff alone rather with s friend group also they reassure and motivate you to push through as well

As personally my friend/study group has helped me grow immensely

Yeah I’ve been searching, but I’ve found very little. I’ve been chewed up and spit out because I asked for help. I’m looking for a private tutor that can help me navigate through THM when I get stuck, which happens a lot.

thats horrible but i think regarding the private tutor thing i would not recommend it specially for THM as most of the content is beginner oriented qnd can be easily followed if you dont understand try watching some videos and ask in community what i would recommend though is to get a mentor i think cybermentordojo you can find mentors for free to guide you through your journey and regarding groups id say be active in the community THM is mostly preety friendly so i am sure you will not have a hard time finding some new friends here and then you can make a group yourself with them etc

Anibus, we used to have a weekly study group here with some folks where we would do rooms together 🙂 Would you be interested in something like that?

Oh my god yes! Sign me up!

which timezone are you in?

I appreciate it, thank you

Gave +1 Rep to @stark marlin

CST, I’m in Dallas

no problems and if there is something i can help with feel free to reach out my dm’s are always open

It’s pretty much a daily think for me when I need help. I was stuck for 8 hours on What The Shell.

Okay thats great. Please check out #964299422538289245 ( I put up a poll a little while ago ). Most folk voted for EST on Sunday afternoons/eves so that's probably what its going to be set to

Oof, don’t temp me😆 I’ll be blowing up your DM’s daily.

Ok cool, thank you

I understand but everyone here has their daily lives and work and timezones etc. I dont think you're going to find someone who's always going to be around. But hopefully when the sessions start, you'll naturally form a group of regulars

we had some fun times and a fixed group of people. That way its easier to make some friendly connections 🙂

I'll make up a list of sessions tomorrow or the day after tomorrow and put up a schedule in announcements to kick off

Bless you 🙏🏽🙏🏽🙏🏽 I really appreciate this🤗

no worries, hope it works out!

I think it will. Maybe I can find someone that can spare some time in between meetings.

yeah maybe! Will be mostly people in your timezone-ish so thats a plus

Sweet

damn i mean feel free

in my mr burns voice Excellent

Do you think you have some time later today, around 4 CST!

Here’s the thing, I completed Web Enumeration, and What The Shell. But I struggled through it.

The other thing is, I didn’t take any proper notes. I want to go back and repeat the two modules, because I need to get some practice and I need to make sure that I get my notes straightened out.

I’m gonna try to get through them on my own, and see how far I get. But if I get stuck with the two, do you mind if I hit you up?

How does working hours look like for a red teamer/pen tester i imagine this is usually a salaried position as youre working contracts to match another companies time frame? Inferring from that itll be heavy crunch time followed by some reasonable down time, no?

it 'depends'... if you are in internal red teamer/pen tester, it may be standard 9-5, even for those that travel/work for customers, customers probably don't want you pentesting after work hours in case you break something. May require travelt hough

This might be a dumb question, but what does "Vehicle SOC Analyst" refer to?

I know SOC Analyst of course, the vehicle part throws me off though

Someone that looks after the fleet?

Are you looking at a job description?

No, a recruiter hit me up on LinkedIn

Upstream?

Also, no harm in asking what the role entails

@hard stag do you have a degree or any previous professional experience?

I don't have anything security related, however, I am about 1/4 done with CCNA and ENCOR

IT experience?

However, my computer skills are above average

I can install windows, troubleshoot most of software issues, and I can do some hardware too

I also got SQL and use it in day to day work / other stuff like microsoft office and google suite

Not to sound rude, but this is very subjective.

What do you currently have professional experience in?

I'll respond later, have to head back into work.

I meant like I use computers over 12 hours a day, like I can get into registry editor and do bunch of stuff (ofc with some googling and I only do this when I encounter something that has to be done from there) so basically anything new I learn like an OS wouldn't be hard

If it's not part of your job role to do that, it's not part of work experience.

I currently have experience far from IT, accounting and partner operations support, sure thing respond whenever you can, I appreciate it

Accounting is a good place to start from to get into security - you have a large technical uplift ahead of you, but it's do-able.

yes I don't have IT work experience, I was referring that I can get into such stuff very easily

how's accounting a good place :0

How easily you can get into it doesn't matter, in terms of putting it on your resume. If it's part of your job description, it goes on. If it isn't, it does not go under work experience.

Accounting is a good place because a large part of security is documentation, reading and writing. Understanding how responsibility for a thing works within the context of an organization is one of the most fundamental concepts

Many auditors for very technical cybersecurity frameworks do not have a huge technical background; many are from an accounting background and understand the risks associated with compliance very well.

I see, well that's a good start, how long do you think it'll take to land an intership or entry level job?

I am sorry if I am taking your time, you can let me know if you're not up for a conversation

Internships are for students. If you aren't currently enrolled, that will be off the table for you.

Open a conversation with your current empoyers security manager, stating your interest and wondering if you could shadow someone on the team for a day or two; get permission from your direct report before doing that though.

we don't have a security manager here tho, bunch of ITs and the dude in security is basically a system admin, our security operations are overseas, the dude put me on a path but I believe it's wrong, he said I need to get CCNA, Windows and Linux then I'll be qualified to Helpdesk, and later on jump into security

He's not wrong; that is one path into security that many take

Security is not entry level for IT; usually 2-3 years of domain experience are required by most orgs

I shouldn't say most orgs. Many orgs have that requirement

very understandable but this is kinda the long road to it, starting as a helpdesk then getting into security

another friend directed me to learn Splunk, but I am certain I cannot land a job with just Splunk where I live

That's not really the long road. No one gets into security without domain expertise. What changes that path is where that expertise comes from.

Your certainty is misplaced

Splunk is a very common and popular tool; if you understand it very well, your odds of employment go way up

not where I live tho, security is not popular here, mainly security is handled by IT professionals and it's very rare to find dedicated vacancies for security, we operate in multiple countries and our security is based outside of the country

look at local job positions and see what they are asking for, then apply

I promise y'all they don't have security jobs here xDDDD like for example when I mentioned Splunk to the guy who's supposed to be managing our security here he didn't know it, all of our security positions are out of country

I meant entry level jobs by this ^

that doesn't change my statement, look at local job positions and see what they are asking for, look to get those skills and apply

I believe there'll be jobs here in the near future, I cannot predict what'll require tho, so I am trying to get on the international level so I be ready when this opens up

an IT job is a great way to get your foot in security so start there

Where's here? I refuse to believe there's no cyber

To be fair, cybersecurity is still new.
I bet there are many companies, possibly smaller, that are still old school where the cybersecurity stuff is shared between developers and network technicians.

Many companies won't have a cybersec team or won't hire a 3rd party to handle it until...
It happens to them.

still new in relative terms... like cyber security has been around for 20+ years

information security has been along much, much longer. CISSP is almost 30 years old

like it didn't seem that companies started to care much about cyber security until the early 2000s but governments did and companies practiced information security for.. I dunno over 100 years

Game companies only started to care about Cybersec after 2015.

That's very recent.

They had money, they just didn't care.

But with multiplayer games getting more popular, cyber attacks also become more frequent

In my area, ( Quebec, Canada ), because several schools recently got hacked...
People around here and taking cybersec way more seriously now.

Now, the college that got hacked...
Now offers a Cybersecurity program. ( lol )

We have many universities here, but only one now offers a full bachelors by getting 3 certificates in Cybersecurity.

Years ago, the common path was to just do a bachelor's degree in Computer Science / Software Engineering

That recently changed in recent years

And when we change the education system, job postings follow and adapt.

Is there anybody here who is a pen tester like a proper one working for a company etc. I have a couple of questions in relation to it ?
more specifically black box/white box and how it all works out in a workplace with clients etc.

I would just ask your questions here

While some of us may not be "proper" pentesters, a good portion have real experience in the Cybersecurity field

Or is blackbox/whitebox your only question

Not just that, my question is, "If you are a pentester in a workplace environemnt (probably workking for a pentesting company) and if not but have sufficient knowledge on pentesting, with relation to blackbox testing, how do you execute your black box testing with your clients (companies). What is the process of doing so and could you explain it in the most simplestic way possible ?"

Is this a homework assignment?

no im interning in a company and its based on it

pentesting company*

How do you execute a black box test with your client?

I'm having a hard time envisioning a test where we are performing a black box test for score. It serves no one.

We might perform APA or tabletops to reach initial threat analysis but we never start out at black box

? All a black box test is is something you aren’t given inside access to, it’s the most realistic setting for a penetration test in most cases bc it mimics real world attackers. Anything regarding the dos and don’ts for any type of pentest is defined in the SOW, ie the scope, budgets, deliverables

Hello, I want to became SOC analytic, have 1 year experiment working as Software Developer, I really want to switch to cyber security, because I don't like programming, after searching online I found this roadmap for became soc analytic

• tryhackme website
• security+ certs
• ejptv2 certs
• eCIR or eCTHPv2 or eNDP

Does my roadmap correct?

apparently the pentest company im interning at, i asked one fo the clients and they said that they get more white box than black box but generally it usually varies and they pay more, but takes longer to do

https://www.youtube.com/watch?v=EtVTPonfm6Q pretty good advice here

Personally I would go with sec+
Than optionally rangeforce SOC analyst learning path.
BTL1 cert and than maybe CySA+
i believe with all this knowledge you can land a job as a SOC analyst lvl1

So, No need to go with tryhackme webiste or ejptv2 or eCIR? to land my SOC analysis or DFIR?

Thank you sir

Gave +1 Rep to @uneven igloo

It's an option,I just shared my opinion on this topic,its up to you decide what's best for you

Thank you sir

Can I land my first job as security analysis in three months, when I have 1 year experience in software development?

It depends on your knowledge and skills,I believe only your future interviewer can tell you for sure if you can land a job or no,Three month is not much.

I’d recommend learning Splunk. There is also some Splunk certs that are fairly easy to get as well as Sec+

It also would depend on your location, I'd go on LinkedIn jobs and look for what companies are expecting of SOC analysts and what is in your current price point to achieve. Some US companies swear by GIAC, I've seen Euro companies that only want ISC^2 certs, it's location specific.

precisely

the answer is often " Well it depends ". If unsure, look at the job postings. they tell you what companies are looking for. it will paint a clearer picture. even better, get in touch with employees and leads to know more

Cold messaging random employees is not really recommended. Look for someone in your network, college alumni, etc that works at the company and send them a message. If you don't have a connection, stick with the recruiter assigned to the role.

I would ask your intern lead/mentor/boss at your company then. If it's a question from them, say that you don't understand and if they could explain it.

entry level jobs for cyber security?

I passed my sec+ thinking about subscribing to tryhackme to get into cyber security role.

Congrats. go to #start-here and sign up. Most of the content is free but the premium content is worth the subscription imho

imho == in my hellish opinion
imho == in my holy opinion

Cybersecurity isn't an entry level field. You would be expected to have reasonably good knowledge in networking, systems administration, coding/scripting or another role and have some experience, at least in tech support

So I’m interested in getting my computer engineering degree. I’m mainly interested in hardware. Do you know any careers that I can get into straight out of community college ?

Community college will only cover the basics but if they have advisors, you could talk to the community college. Hardware wise, telecom installation and maintenance generally has a low bar to entry

If you live near a metro area, data centers are always looking for people as well for network cabling and server hardware maintenance

Sooo I'm starting as an intern in the cloud security and dev sec ops environment and I literally have no clue what to expect (applied for pentesting but they got no space 🥲). Could anyone recommend me any good resources I could use to prepare for that? AZ900 was mentioned for the cloud security one by them

If they are using Azure then Az-900 will help you get a basic understanding.

Also Black Hills Infosec has various free and paid resources for learning cloud security https://www.blackhillsinfosec.com/blog/

Thanks for the link! Well they are providing the service for everything like Azure, AWS and Google Cloud but Azure seems to be a go-to for me

Gave +1 Rep to @pseudo creek

I second the black hills infosec stuff - they are top tier

Thirded

Some times i lose motivation lol about learning

🥲

Any people out there with a law degree? What's your cert roadmap? Anything free we can get related to GRC and/or ISM, Privacy?

Hello, im a new grad. Recently got hire as system engineer at general dynamic. I wonder if this is a good position to start

From their description, sound like it has to do with a lot of networking.

I'm not sure but good luck 🙂

Yeah good pay so better than nothing 😂

Of course, my friend.....👍

sure, its a good start

GD is a pretty solid from what my friends there say

Hey guys, in order to get a first job in security after graduation (aiming for a SOC analyst), should be logical to do the cyber defence path on tryhackme right? since it has probably more to do with it? thank you!

also, what certs do you advise? i've heard of sec+ or cysa

I've been at GD for just about 2 months now as a Cyber Security Specialist. So far they're a great company to work for and it looks REALLY good on the resume down the road from what I've heard.

Plus they offer something like $3000 per year for continuing education which is huge for collecting certs

That's certainly a good start alright

Nice, sucks that you cannot discuss about your work. But can you tell me what system engineer do general without disclose information from the inside

I got hire as System Engineer in Network Architecture System Eng team, but I'm not sure what im going to do in there 😂

Definitely will grab some cert

I like this community more than Software Engineer

all of them do is "FAANG" evveryday

Guys do you know any remote cyber security internship i could intern as ?

i guess now its called MAANG

Have you tried to Google around you?

yes i have

FAANG is overrated

Yeah lol, most software engineer acted like high schoolers. They still on that chasing prestige game, even after school. "Work for faang so it looks good for your resume"💀💀

Depends what project you get put on, which could depend on your country and locality. Sorry, really can't say much 😉

Alright understandable 😈😈. Right you in US. I didnt know they have outside of US site

Good evening, I need some advise for my career path, I work as software development for one year (remotely ), and I feel and I don't like my programming, but some tasks and bugs and take more than estimation time, that will case delay for the project and my teammates, my teammates get angry for me, because I'm slow at programming also my manger, and that will cause my burns out .. so I decide to trying to switch my career away from programming, the problem is I don't know where I start, my friends that works as cyber security tells my go to cyber security, I found that it's really interesting, it's less stress than programming in general

What do you advise for your point of experience?

It really depends on your position and the environment/teammates you're working with. Some programming jobs are low stress and some cybersecurity jobs are high stress and visa versa. If you find cybersecurity more interesting than programming I recommend pursuing it. You'll be happier doing something you find interesting

^ I agree. Ive also noticed that within the cybersecurity domain, there are so many different types of opportunities whereas programming is a little more one-dimentional in my mind. For example in cybersecurity, you could do compliance if that is what you like OR you could do hands on pen testing or something if you want to be more technical.

Yeah, That what I like about cyber security, there are many fields on it, unlike programming in general

Hi there, I would like to ask if there is anyone who switch careers on their 30s from Non-IT background to cyber world. How long does it take until you land a cyber engineer job? does comptia+ gave a huge boost of success percentage?

Im still wondering whether its comptia security+ or comptia pentest+ to aim for at the begininng

thanks in advance

Hi Dranoid!

I switched to IT when I was 32. I haven't landed a cyber security job yet (admittedly I've not been looking seriously as I've got a great job 3 minutes from my apartment), but I'm an Engineer by title. CompTIA is a great path to go down, that's for sure. Depending what you're wanting to do, I'd suggest bypassing the CompTIA stuff in favour of ISC^2 certs, like CISSP or the OSCP from Offensive Security etc. The best advice is to jump on LinkedIn and check out what jobs you want and what they're looking for. Here's a good vid that explains some things: https://youtu.be/EtVTPonfm6Q

thanks for the insight!

these pas several days I have browse a lot about cyber world and the requirement is vary from each website that I found. But most of it require network+ and security+ from comptia. Does it eligible too? I know cyber world involves a lot of knowledge and skills, just want to make sure about what Im about to go first, you know, looking for the correct pathway

Gave +1 Rep to @uneven igloo

It's a great start going N+, Sec+ - it'll never hurt to have it that's for sure. You can probably land a good SOC job like that. Since this job is about always learning, plenty of time to add other certs afterward

when you switch your IT career, did you join courses or bootcamp? or you learn it by yourselves using online course like udemy, etc?

Honestly when I switched, I just got a 1st level tech support job that provided on site training. I was there for 3 months before they moved me up to 2nd level tech support. I did the corporate climb from there but now I'm looking at going for the CISSP first. Then bolting on more specific certs to that to give myself great chances.

Granted my first jobs didn't pay big, but they were my foot in the door because I really wanted out of what I was doing

ah yes, this one. Im now working non-it jobs which is not my cup of tea. I haven't been able to work my way for cyber world due to old laptop. Now I have a new one the excitement is getting back, although I know I must face a mountain before landing a job

Depending on where you are in the world, you can look for entry-level positions which don't 'require' anything but like 10hrs of research on tools they use and what not. I'd suggest that as the path, because it'll put you into a role that will motivate you to study, write exams for certs and rise up

Security Auditing and SOC Analyst L1 are good places to start looking

Thanks! I guess I will study for networking first in hope on landing my first job. while studying some basic programming

Gave +1 Rep to @uneven igloo

Yea I finished the N+ but didn't write the exam because I pivoted, but it's a great course!

Good luck!!!

Good evening, for SOC analysis job, is it required to take (network+ certs)? or is it enough to study the subject without taking exam or the certs?

Depends on the country, some entry level ones will state no experience required. Others want certs. Depends on the company.

Certs are proof of your study

James is right, but it isn't mandatory for some companies. It will come to bite you in the butt because you're going to have to get them anyway long term, may as well get them now

A lot of sweat, I didn't know I will make it. Got job offer after im about to graduate. They tend to be very flexible. It would take you about a year or two, if you have a busy life. But keep grinding

It is good to have it. I'm getting mine next in few months. Stick with the process and enjoy the grind

PS for y'all here, it is never too late to get into Cyber. I know people who got into it in their 60s... lots of people from ages of 30+ on get into cyber from various fields even non-tech fields

Guys
I m new to all these things

help me to proceed

what to do

how to start learning whatever is required
i mean like basics

Please don't ask the same thing over multiple channels, that's considered spam

You can check out #start-here

its like facing up a huge mountain with no ends, but somehow I know I will get there. Currently learning the network basic, kinda weird if I jump straight to security without knowing the basics

ok sorry

i have a concern

i have asked but i didnt got answered..

may I ask here @austere fractal

#start-here

Have a read over.

I had

my concern is that I am on windows but the tutorials are there only for ubuntu on the website

Please send tutorials for windows

thanks in advance 🙂

You can use the attackbox which is Ubuntu.

what is attackbox?

got it

how to install it?

or can we use it online

?

The attackbox is provided by THM, you can use it within your browser.
Or you set up your own attacking machine in a VM

please send the link of it

Not sure what link you mean, but here is a guide on how to use the THM machines
https://tryhackme.com/room/tutorial

ohk thanks
actually u said that i can use it within my browser
so I asked for the url to open

You open an AttackBox from within a room - first you join a room then you start the AttackBox which will spawn in your browser

yes got it

@uneven igloo how to be a red team member?

and how to get verified?

!docs verify

Follow that link.

ok thanks

done

https://tenor.com/view/wolf-of-wall-street-jordan-belfort-leonardo-di-caprio-one-of-us-jonah-hill-gif-5441859

You complete the Red Teaming Path! Each room you complete gives you a chance to pickup a Red Team Ticket, collect 3 and get the name - but for 1 day more hehe

Dose anyone here work for TryHackMe?

Not a member of staff, but I can relay your question if you have one.

uh why not downloading?

If you get that tool set up and running, who you gonna send the links to ?

my self only study thing learing new stuff dont it look cool so wanted to learn it @austere fractal

Okay, but why exactly you need to learn about a tool to phish credentials ?

@stark marlin Pls don't.

https://tenor.com/view/jim-halpert-face-yeah-ok-then-sure-gif-19567619

ya becuase one time i got phish and was really supsiresed how tf did he do it and i kept searching and searching and watned to try on my self for study because i tried rat file on my pc like alt pc @austere fractal how to download?

I'll be honest with you, although learning about such things isn't bad in general, but I do have the impression you have some black hat motivations behind that, considering you jump from using phishing tools to study about RATs.
I highly suggest you make sure to stay ethical and legal in what you are doing, otherwise this will end up with getting yourself into trouble.

There is a reason I'm asking them such questions, so no hard feelings, just don't interfere pls while mods are doing so 🙂

oh ok!😅

but how to have root acces? like i hav to put my passowrd agian and agian

dont want to be a user i have to use sudo most of my time

This is not even the right channel for such questions, use #infosec-general

sorry my bad

Will having a good understanding of Splunk and Wazuh help land and entry level SOC Tier 1 role and are their any other tools I should learn?

an*

or know?

The Cyber Defense path on THM gives you a good introduction. The Security+, CySA+, Cisco CyberOps Associate, BTL1 certs etc could go a long way

Ok thnx for help

Hi
guys how to level up?

this isn't really the room for this

ok
i didnt knew that sry

where we can ask doubts related to tryhack me?

here it is not showing /bank-transfer

why?

#room-help

ok

if I continue TryHackMe to learn further
is it paid?

A lot of the content on tryhackme is free

Mainly content outside the learning paths

Oh thanks I am really excited for my journey!!

I am a school student rn
so its new for me

Thank you for you reply!

Gave +1 Rep to @rugged delta

possibly internships or see if your college has student cyber roles

Gave +1 Rep to @pseudo creek

when I was in college, I worked part time in IT at the college I went to

@carmine jolt DJ khalid voice another one

I just hate when the job application has open answers where they are asking you to reply and even give you minimum words requirements to answer a question like “give as an example of when you provided a good customer experience”🤯 some people in HR are way too lazy …. Trying to merge the interview with a job application is a red flag

This is often used as a pre-filter to weed out candidates who one-click apply to many jobs on job sites, as well as pre-filter candidates who realize they don't qualify before applying. 🙂

It makes sense but for a higher level position m. Writing a 2000 words essay explaining the same things a few times just asked differently for a help desk is not my type of a job application.

Hello. Anyone here that is working in the Information Security industry and that wouldn't mind me asking 2 or 3 questions in private chat? Thanks!

Many of us either currently work in infosec, or have worked in infosec. Your questions are probably better suited to get a variety of opinion

hey guys, just started my undergrad for cyber operations (defense and forensics) at UofA. Currently NOT working in any of the fields, what would be a good job to get my toes wet as a somewhat older individual to develop experience with no certs currently.

It help desk would be a good first job in the field without any qualifications

i appreciate the help. Do any of these help desk jobs allow you to transfer into better positions?

It all depends on the company. They might transfer you to 2nd line support and eventually you can move to infosec for example and eventually pen testing or whatever you prefer for your career

It's an internship; either way, you are going to get something useful out of it and it won't define the rest of your career. Pick the one that seems more interesting to you and overthink it.

awesome. thank you. will start looking for part time positions now.

Gave +1 Rep to @heady axle

Hi anyone, does anyone know any junior openings for someone just entering the industry. Singapore based

look around in the #jobs-board

alternatively you can search for some remote job sites for junior positions

Thanks @maiden thunder

Gave +1 Rep to @maiden thunder

fellows, CTFs are a good way to start into hacking?

It depends on your skill level. You need a background in some things first. Have you done many of the rooms on THM?

nope, i guess i will look for some rooms to enter in Tryhack

Go to #start-here and have a little fun. CTFs generally require a bit of knowledge and experience but the content/challenges in THM will set you up to do CTFs

hello guys can you suggest me any tools to learn reverse engineering

youtube

Do what sounds more interesting to you. But I would say Cloud Security would give you a better career path. You can still do great going the SOC route.

hi guys, what learning path should be sufficient to learn if I want to start in bug bounty?

hey guys, im new to the cybersecurity world

just wanna ask a kinda weird question

once i get through all the learning paths starting from the very beginning and i retain like 80% of the information after

what would you recommend that i do next, if my goal is to ultimately start a career as a pen tester

and how much closer would i be to becoming a pen tester once i get through all the learning paths

weird questions but id appreciate it if anyone could give me a clue

thank you guys

initially my plan is to learn more about networking after i get through all the paths

then once i get a good grasp of networking, i would move on to learning python

then possibly start looking into certs after

i definitely feel like im getting ahead of myself here by planning everything haha especially since i cant clearly see the path to becoming a pen tester yet

any word of advice would be great. thank you all

Looking for a part time jobs in London if any please contact or DM me

Iam from India and i have experience in security engineer for 2 plus years working in usa company. Now I wanted to be a pentester and i have skills and knowledge along with certification and i know what to do , let me know anyone who are in hiring process i can work remotely or else onsite jobs also

Gave +1 Rep to @arctic raptor

lifesaver

Wonder if Employers sees tryhackme as asset? Mostly they just want "4-letters" 😆

employers generally consider self learning as an asset, TryHackMe can be part of that

Ok hope so! Was planning to use time for Azure next and make some rooms now and then here so I dont drop. Now 2390...

Not sure if this is the right channel, but I’m looking at the CEH (certified ethical hacker) cert, does anyone know anything about it? Is this a easy cert that’s worth it? I’m looking towards red teaming and pen testing currently

I have A+

CEH can have value, depending on where you are. If you are in India (or need a DoD checkbox), it's an HR gate. If you are in the US or UK, I think you are better off getting at least pentest+.

I plan on getting pentest+ is it worth getting CEH and then pentest+ or going straight for pentest+

I would personally skip CEH unless I absolutely needed it to get through HR

Thanks

in the UK I'd recommend CPSA over Pentest+

or Cyber Scheme equivalent

We must be willing to get rid of the life we’ve planned, so as to have the life that is waiting for us.

-- Joseph Campbell

Hello, i have a question about my resume. When asked if I have cyber security experience, i usually put "none" but I have been working on CTFs and all sorts of other things as many of us have for years now. Would it be improper to put that I have cyber security experience?

I'd say no.

It's not experience of work.

Ctf experience

shadow can put that they have tech related work experience due to 1 year of programming but would probably need to be specific to cause the least amount of problems and a higher hiring rate

what is your current job? Do you do anything cyber security adjacent?

I wouldn't consider CTF participation or completion to be work experience. You could legitimately put those on, as part of 'other skills' and personal learning sections.

Or even as a hobby.

I currently work as a network administrator. I do somethings that may be in the security related but I guess I have imposter syndrome a lot.
I install firewalls and also monitor our workstations for ransomware and things of such.

firewall work is 100% cyber security work, do you configure? set up policies? any of that?

Yeah, i build them in our office space. Install them at client locations and all i usually do is close all the ports and set the default random policies put in place by my supervisor. We open ports as needed per customer later on

Also, thank you all for replying. I appreciate the help and advice

yes so I would really think about your daily tasks and what items touch on cyber security and use that as talking points in interviews but also emphasize cyber security aspects in your resume

Will do! Thank you for this

How have you benefited from taking the pnpt? From those who have taken it and passed. I don't believe it's a good idea to take it for hr reasons because it's not well known . Is it because of the knowledge gained from it from being hands on ?

that is probably a better question for TCM's discord server

Hi guys I am having my 2nd round interview for blue team and SOC analyst any suggestions?

Why certification are soo pricey, Converting in INR just become insane. Isn't there anything I can do?

I find myself saying the same thing about certs, I think it’s best to get into a role with a company that would pay for the cert or reimburse you for passing

What certs do you need for the Vulnerability Management field?

Will probably be a little more technical. Anything you have on your resume is game, so be prepared to talk about it

Got a new job opportunity guys wish me luck
Vulnerability Detection and Response Engineer
Any tips would be appreciated 😄

Sure

Good luck

I have about 6 months worth of app dev experience. How can I break into the app sec field?

thanks friend 🙂

Gave +1 Rep to @glacial sail

Welcome

Does red team pay more than pentest

?

That's a fairly broad scope. I'd recommend looking at local salaries for more specific positions.

Be careful how you organize your schedule at work so that you will have time to make money as well, okay? 🙂

What?

Nothing, just a simple thought and advice for the friend above. 🙂

You do realise that both pentest and red team are jobs?

I don't think you understood what I meant exactly but I don't want to talk about my personal perspective about jobs and stuff...

Everyone can choose what he or she wants, I suggested him to be careful what job he chooses .. how much time he spends on that job, to have time to live and make money cuz we know, if you want to make more money, a job isn't enough .. so you will have to do some work for yourself too... business, pentest for companies.. and so on

...ok

Have a good day! 🙂

I have a question i like offensive security what careers i can do ? what is the name ?

thanks

Gave +1 Rep to @pine grove

https://tenor.com/view/walter-white-breaking-bad-muslim-arab-islam-gif-18263751

Hi, I noticed on an infographic somewhere that there is something in cybersecurity called a media exploitation analyst? But I cant find any info on it really.

does anyone know more about that?

Are you sure you have done a search on your favorite search engine for "media exploitation analyst"? I just took a look and a bunch of links come up.

i did and I got a bunch of unrelated stuff.

ill give it another shot

searching with quotations helped lol

You can also search for job titles with that. Read the job description for an idea too

Redact and post, more comments are better than 1 person reviewing

Give me all you've got - please

I'm getting my net+ in 2 weeks and my cysa+ by the end of the month

if thats relevant

You'll get more feedback if you post the resume as an image. People here don't want to be required to download potentially sus files

right

silly me

i could maybe remove cashier

Having your DoD clearance already is great!

Also your dates seem to overlap on 2 of your job experiences

National Guard is a weekend thing

Idk how to explain

But I've been with the NG since 2020 won't leave until 26

@warm hinge Not really a lot to go off as it seems really cropped but work experience should only have the bullets. Don't do center justified for one section and then right justify the rest. Skills should be things you can do/discuss for an extended period of time at an in depth technical level. Use something like AwesomeCV to improve the formatting

Problem solving doesn't belong in skills and neither does computer knowledge

Your skills should be more specific honestly

You don't need that sentence at the top. Improve the formatting and the reviewer will be able to get all the information they need quickly. Education should be legitimate education centers, this would include any DOD schools you've attended.

I would remake the resume in AwesomeCV and post the output. Then we can continue from there

will do boss man

Looking for some advice, I don't really want to enroll in college just to waste 4 years onto a CS degree. I would like to expand my skill set, but, I would really like to have some sort of higher-education certification for entry level jobs. I looked into boot camps and they are absurdly expensive, Why would I spend 10-20k on this??? Maybe I just need to keep self studying and get certifications like Security +. What does the community think?

Look at what jobs in the area you're wanting to work in are asking for.
Like it or not, a university undergrad degree (let alone post-grad) is often a fast-track promotion, if not outright necessary to get the job in the first place.

Don't get me wrong, it's quite possible to do it without, but you're much better off looking at job reqs in your local area to get an idea of what you need to get a job there

What do you think about freelancing?

Freelance what

Pentesting? Black hat? Bug bounties? Red team? SOC? vCISO?

Pentesting sorry

Np
Not a good idea though, not unless you have a lot of experience and a lawyer on retainer.

Hmm

With pentesting there are a bunch of documents that you must have in place and that must be watertight -- the scoping document in particular.
If you don't have those you're likely to end up sued at some point.

Realy?

Didnt know that

Sued or outright prosecuted for that matter

Which is more likely will depend on jurisdiction I'd imagine

Such sad when u trying to help a buissness and getting sued

TL;DR: if you hack stuff without the proper permission (and airtight documents backing that up), you may end up in trouble

But if you have perms?

If you have documents proving that you have permission (and you stick to the scope) then you're fine

Which is why you have a lawyer on hand

Or, more commonly, why you stick to working for a pentesting firm

Ah

Oke

I get it

I was to plan to start a small online company in my town where i pentest websites from companys in my town to earn a little money. But if i read this nvm

Thanks!

Gave +1 Rep to @undone shore

Yeah, that's not a good idea, especially if you're not already very experienced.
Bug bounty would be a better option, but not by much if you 're wanting to use it for a consistent income

Thanks for the advice, i might have a internship at a pentest company in a few months!

Gave +1 Rep to @undone shore

Np 🙂
That would be a good idea, indeed

Its in like 4 months so i will be grindin tryhackme and other stuff

Hello everyone! I was first thinking on getting on trying to get into a SOC analyst tier 1 with only tryhackme maybe getting Sec+ and eJPT, and to be honest looks like an awsome place to start, but gotta admit that Pentesting looks awsome as well but my understanding is that is harder to get there as a newbie like me that just have 3 years as a tech support/it analyst. Would you say tryhackme and some certs would be enough to get a job in any of this roles? should I keep doing the beginners paths and the rest of the blue team paths? thanks in advance for reading and answering

OSCP and PenTest+, could also get CYSA

Cysa+, PenTest+, n Security+ would land you a Jr. Position

You have a good amount of experience, I think it's definitely possible to make the jump to SOC. does your company have any internal openings? That would be a great opportunity if they do.

As far as certs, see if you can get your company to pay for Sec+. If not, then I would suggest you get it and get to applying

@warm hinge notes, should look ar CYSA never heard about it or mentioned as much as the others

@stoic cave not really, for the moment that area is complete, but I'm always asking them to explain to me some of their tasks

Personally, I don't think you need CySA+ to get into an entry SOC roll. @ancient prairie correct me if I'm wrong.

@stoic cave i do remember my company offers some educational help but dont know about those certs

Ask your manager

They may know and if not they should be able to point you in the right direction as far as company policy and who to talk to

@stoic cave Yeah, i will ask, if not i can still study to get it and start applying yo SOC openings

CySA+ is way overkill, Sec+ is enough for true entry-level SOC work

Since I want to be a DFIR what certs should I focus on?

DFIR Diva has a good site if you want to learn more

Thank you captain

Just a general question. I'm studying to get a GIAC GCIH for 2023 to be eligible for a cyber security job. My real concern is that apart from a few certificates, I have no real experience with Cyber. Will that be hurtful towards getting a career in Cyber Security?

I don't think I'm qualified enough to answer your question but I'd say it matters some what if you do internship, since most people want uh experienced members for jobs, no idea though, could be wrong or not.

in this episode of Darknet Diaries, Ed Skoudis brings up a story where pentesting hospital with all the required legal documents could have gone pretty badly.

https://darknetdiaries.com/episode/121/

thanks

Gave +1 Rep to @lilac escarp

a lot of it depends on your local job market. Do you have any experience? Any IT experience? Generally a company will want to see some experience, some IT experience is great. I'd look at your local job listings and see what they are asking for.

Wanted to get OSCP but it isn’t recognized by DoD, so C|EH it is :(.

Pentest+ is also recognized by DOD iirc, so that is another option for you

Yeah im already studying for that

But the position im gunning for requires a CEH

ah I see

along side Pentest + and security +

At least they pay for the exam cost

That is nice for sure

What position is that? CEH and Pentest+ fill the same checkbox.

Junior pen tester

And yeah i know it fills the same box but getting both is a booster, no?

.

No. You only need one.

Once the checkbox is filled, you don't need to fill it again

Which one would you get?

Not CEH

Why not?

Because they are a garbage company, and CEH is grossly overpriced for what the content is.

So id be better off with an OSCP?

Unless it's a specific HR requirement, practically anything is better than CEH.

Okay that saves me a decent amount of time

Ig my progression will just be sec + > pentest + > oscp

Is there a possibility to get the thm username of somebody if I have the number (THM-[A-Z0-9]{10}) printed on a certificate (e.g. Jr Pentester Path)?
Backstory: want to stalk a dude who applied for a job in my team and presented said thm-certificate

I don't think you can, beside that, what would you want to "stalk" them for ?

Assuming you already have a clearance, have you checked who is allowed to apply?

Government, even if it's publicly posted, will have requirements for who is allowed to apply. It's not always open to the public.

Should be over on the right hand side of the page on USAJobs

Yeah

So what 8570 categories are required?

Because that's all you need

oh i know i only need a pentest + or ceh

For the position, but OSCP is like a personal achievement

thx for the info, i just to look at his profile to see which rooms he did and in which field his strengths are at. But I‘ll just ask for it then

Gave +1 Rep to @austere fractal

I think you can just view what is printed on the cert, which could possibly be a doxx.

Imagine you are Technical Recruiter for infosec company of 100 people and your job is to hire 10 interns with no prior job experience

• What type of resume do your new hires have, like what list of skills do they have?

Is this homework or are you the recruiter IRL?

Also going to need more information to go off

Ask the hiring manager.

Just chatting lol

I haven't been assigned homework in 20 years...

Yeah I did Google, I read about 50 Indeed job posts and many many LinkedIn job posts
funny thing is only few were for entry position so I thought it might be fun to chat about it with people that would be interested in the topic if any.

You think we can put tryhackme like à project ?

IMO, no.

This isn't something you have created, and worked on.

Just worked on, would be interesting other opinions though, they could differ from mine

No, an extracurricular section would work though

Or 'Personal Interests'

True

tbf I dont agree with the trend of folks feeling the need to have a bunch of tech/infosec related extra-curriculars and it lends itself to hustle culture which really equals burnout culture

and if your work doesn't allow you time to at least keep up with the industry, do self-study + training on company time, they are stealing from you

I agree with that; however, many people are trying to transition into security, and common security tasks and concerns aren't part of their current role and responsibilities. It's difficult to get some businesses to buy into the idea that cross functional learning enhances current productivity

yeah I agree on all points, I just see this pervasive attitude in hiring where candidates will be pushed to the bottom of the pile because they aren't doing "enough" outside of work, I get there's a balance to be struck though

ill take the person who gardens and hikes after work in a heartbeat 😄

It is so hard to highlight hobbies outside of tech in a resume or interview without feeling like I’m losing out on time and space where I could be justifying my skills more

I think it can be useful when you are just starting out / early career. This is absolutely something I wouldn't expect in a resume for someone who has a few years experience

Hey everyone. I'm very new in the infosec field and was hoping you would have some pointers. I'm looking at switching careers from support to security completely but not finding any companies who are willing to let me into a junior security role to learn and grow with the company

one, I would look at your current resume and see if you can spin any of your current or previous roles to focus on any and all security aspects. Secondly, I'd look at getting a cert or 2 to help you get there

I've been doing plenty Tryhackme paths etc which is helping a lot. Adding it to my LinkedIn as I go. But I'm so lost with which certs I should begin with. I've only got Matric, so 16 years experience and no certs.

Probably my complacency to blame. Work is constant and time to study is limited, but I guess I have to just set my mind to it and go

usually Security+ is a good entry level cert but it really depends on your country and what companies are asking for in terms of certs

I've been thinking about Sec+ for a while. Might actually go for it

Funny thing. My boss has already changed my title to Security Specialist just because of some audits etc Ive done for him. So the basic understanding is there. I just want to go deeper into hacking.

well hacking, you may need some specific certs / training and possibly other things that show your interest / work.

I was hoping there would be some companies looking for interns. I learn best in an environment with a team

As things stand I'm the only employee interested in cyber security

Hacking and being a SME/IC for an audit are two very different security disciplines.

That's exactly my issue. I am more interested in pentesting etc. I just need some kind of direction. I might go with the Sec+ but I don't want to waste time on the wrong field

Sec+ is a good stepping stone for almost every security role - it's an introductory and entry level cert

Thanks so much. I'm going to push ahead with it

Gave +1 Rep to @flat sedge

I just got my first IT job, it start at 15 but thats okay! I want to finish my associates degree next year before I go into anything else

Gonna start studying for that CCNA

congrats

congratulations and welcome to the informational technology industry and job space.... hope you enjoy your stay and learn lots of fun stuffs

Nice that you mentioned CCNA, past couple of weeks I had talks with a Network professional with a lot of experience and certs and he kindly mentioned that he wouldn't recommend going for that certification this days except for studying it to get the knowledge value... opinions? I mean it makes sense that you'd need the knowledge but no need of the actual certificate right?

Whoever told you that is disconnected from the reality of HR checks to get into industry.

Once you have work experience, those certs matter less, but they can still be an HR gate-check.

Maybe his words are coming from him bringing people into the industry under his own wings and them answering questions directly is more measurable to him then showing certificates but yeah different situations going trough HR for hiring and talking to someone in charge of Networking and Security directly as a candidate, on the other hand I need to check how much do certifications even cost to be honest

Also did he go to college?

And yeah, I see the CCNA being the most wanted cert on Indeed at least

And it's better and $11 cheaper than Net+

When writing a cover letter for an internship is it okay to say "Dear Internship Company Name,"

If it was me I'd like to start with something more original so I'd google how to start a cover letter and find some good example tbh

Most companies won’t even read cover letters

It's an internship

I would hope they would read a cover letter for an internship atleast

I mean you can write one, still no guarantee they'll read it

unless they specifically asked for it

I would like to start pen-testing when I graduate but I have trouble deciding what I should study and would be the best choice. I am able to choose between Programming and System and Network Administration to get my associate degree in. I was hoping to get some opinions or advice since both interest me equally as much

System and Network administration would be more relevant

Thanks! I'll look into that then 😊

Need some career advice. I spent over a year working as a SOC intern, I learned a lot in very short time and had a lot exposure to different great tools, projects, etc. then I was hired by another company as a SOC analyst. Now all I’m doing is investigating phish emails. Also, all tools are ancient, a lot manual work, spend more time looking for logs than actually doing the investigation. Not sure if I should stay or look for another job? I fear that jumping into another position in very short time would look bad on my resume but I feel like I’m loosing all the experience I gained from internship and SANS training

Try to figure out what you can automate

You should always be looking to put yourself out of a job that way, it makes you a very valuable employee

any tips on how to transition from a web developer to someone working in the cybersecurity area?

Portswigger's web academy is a good spot for web app sec.

Look into career progression internally by asking Tier II+ analysts/lead on what the outlook is at your current employer. 🙂

Hey peeps, I have been having a really hard time finding a job in cybersecurity. A little about me: MS in Computer Science, Sec+ cert, competent in Java and Python, professionally reviewed resume and cover letter format, website portfolio with blog keeping up with little projects, but very little work experience in technology and 0 in cybersecurity. I'm starting to feel like the stinky kid. Any suggestions?

You can always start with a job in tech support or QA and work your way up from there. You need to learn to network with people in the industry, on LinkedIn and get to know recruiters as well as being registered with companies themselves

As far as networking on LinkedIn goes, try to network with people who you have some sort of real life connection to. Ie same employer, fellow alumnus, etc. Random connection requests generally get blocked and are being seen as more of an attack vector these days. Those individuals are also not public figures and didn't sign up to be peppered with hundreds of requests.

Going to a local BSides is a great way to network in person

thanks @rugged delta @stoic cave

Gave +1 Rep to @rugged delta

Is it bad if I start looking for jobs in January after I get my CCNA in December #. Because I just started my job this month. So that’ll mean I’ve only been working at this job for 4 months when I start applying. Is that bad or am I overthinking

Repeatedly hopping jobs in short periods is a red flag to recruiters/future employers . Also, you don't actually get "real" responsibility/taskings until about a year into the position

Idk how to word that better, I'll have to look back and see how juun phrased it

I understand but I have a dilemma, I won’t be able to start networking until 2025 because we may be going on deployment in 2024 so I feel like I won’t have much experience and I’m trying to move to canada in 27

I personally don't think it will be a good look, but others may disagree. On the topic of immigrating to Canada, they are extremely strict on who is allowed. Afaik, you'll need someone to sponsor you financially for up to 7 years as well as some other requirements.

Jesus Christ I don’t even want to live there for seven years

I guess Europe it is

Switzerland sounds nice

EU probably easier to get in

Hate to break it to you but other countries have strict immigration rules

Getting a work visa will likely be difficult

These things take tons of research and planning

I will figure out a way to get out of this Country

I have 5 years

I just have to get out of here

I’ve figured it out! I’ll say that I was on orders to help Florida when I focused on getting my CCNA! Jobs can’t see where you used to work right?

Unless you put it on your resume

What should be the best career path for none CS cyber security enthusiastic? From learning to landing to something for living.

Is it a promising career path?

"best" is subjective as everyone has different interests

I mean e say, can a self learned person learn cyber sec and do something for living

I would not lie about orders

Bug bounty is not a stable earning stream

What else can a self learned person do as freelancing

Cybersecurity is not exactly an entry level field within the realm of computing. You're going to need to bring some level of experience, whether it be IT or another computer occupation

In order to freelance you're going to need a client base, a good network that can give referrals, and a good lawyer

Thank you @stoic cave

Gave +1 Rep to @stoic cave

A degree will also go a long way

Okay

So if anyone learn all THM paths and stuff and earn some certificates too. What could be the next step?

And, how much time it may take to complete THM?

THM is self-paced so it would take as long as you want

Okay

Getting a job on a local helpdesk, if you have no professional experience, is a common pathway that people follow

Thanks again @stoic cave

Cyber sec field is not organized yet, I think. Because, as I know there are lots of problems out there and here lots of unemployed person hanging around too.

The field is pretty organized

There's also currently a manpower deficit that will likely never be filled

I couldn't find any clear or promising path for none CS either of blackhating

You're trying to be a blackhat?

Everyone said that. But I see a lots of person with lots of degrees and hanging here and there

Nope. But, if you want money. There is no clear way to make it on white

That is just blatantly untrue

I am just trying to figure out the scenario

Blackhat is illegal also you would need years of experience to bank off of blackhatting if you don’t want to be caught

just dont do that, end of story

there is plenty of money to be made legally in tech

If you know basics, Russians are waiting to hire you and teach you

How?

If anyone completed all THM what is waiting for him next?

What do you mean how? By starting your career.. become knowledgable, get paid well for your valuable work. I'm going to give you one ( and only ) warning here and ask you to drop this topic of black hat. We do not condone or encourage illegal activities here at all. I strongly encourage you to focus on a legal path.

I just wanted to know the legal path

And the 'get paid well for your valuable work' part

Is there any resources or guidelines for me?

check out the pinned messages in this thread, there is a lot of information there

TryHackMe: You have been ⚠Warned
Reason: this is not a place that condones black or grey hat activties. Do not encourage others ( or yourself ) to go into that direction and keep focused on a real, legal career. You can do it! You get one warning for this

I just wanted to know the career paths and here THM is warning me and ask me to stop talking!! Great!!!

I'm asking you to drop the talk about black hat seduction. Its just a warning

you are very welcome to talk and discuss any legal career paths

👍

even if you maybe didnt intend this for yourself, other users may interpret this differently or get ideas and go down a wrong path. I'm sure you understand that

I am looking in the pinned messages and I see that in the certs pin CySA+ isn't mentioned. Is there a reason or was it just overlooked?

I'd ask Zojja or Juun about that

Got it, thanks.

I didn't knew about pinned messages and threads. There are a lots of resources there for career path counseling

Thanks again for letting me know

no worries 🙂 if you come back maybe in a few hours some more knowledgable people will be online to tell you more about this field

I am here to seek the right way to be a part of the community while I can earn something for living.

Does anyone here know how much Pentest+ is worth?
The pathway wasnt so hard (did most of it by accident, by completing other rooms) and was thinking about taking the exam. Or does it just look good on the wall?

Have you also gone through theory from the exam objectives

https://www.comptia.org/certifications/pentest

So, no answer... Great!

@lament geyser it

It satisfies DoD 8570 for pentest at least

Good for US

My findings is, if you are a non cs. You can learn cyber sec as hobby. Earn certificates and you need to do another job for living

its tough man, ive been trying to go at it for a while with just doing stuff in my off time and trying to get a job in cybersec. i've been looking at helpdesk positions then shooting out from there

@lament geyser that's been my experience

Thanks @mellow ledge

Gave +1 Rep to @mellow ledge

it sucks so far man

Yep. Argeed. Unless you join Russians

There is no value to be honest and work legit

i've asked in here a lot, and i've heard a lot of conflicting and varied answers. I'm pretty sure it is more of a networking thing? at least it seems that way from my experience since that's the last thing i've gotten into

oof, i still wouldnt do that man

is it possible for you to get a helpdesk position, then spring from that position to something in cyber?

I like InfoSec and was thinking about learning and earning certificates but , now I see there is nothing here for living. If you want to help others are grow community it's good for you.

i think there is plenty there for a living, just it has a high bar for entry

i say that as someone not employed in cybersecurity though lol

Did we not already speak to you about this attitude and how it's not acceptable here?

And if you have a CS and want to boost your career, it's good have InfoSec certs in your resume

Infosec is not an entry level field, it builds on IT knowledge

I am just trying to figure out what will be my future if I devoted myself to this field. @quick forum

I mean, you're doing the same as last time. The same thing that got you warned. Maybe that's not so wise?

If you guys don't want to answer or want me to stop asking I think it's better to leave my dream here.

Sorry for that.

No, just stop encouraging or glorifying blackhats. It's not a valid career path.

But, didn't getting any clear guidelines

I checked all pins post

Rule 9, very blatantly anti blackhat.

And there is a list of certs

No discussion of illegal or unethical actions, which encouraging blackhatting falls under

Yes, obviously I am. That's why I am here and asking you guys for a clear guidelines

Where are you based?
What's your current level or experience and qualification?
What's your goal?

Here's a very clear guideline that is as unambiguous as I can make it: Do not encourage actions that promote unethical or illegal behaviors

I hate that guys too who loot people because of their weekness. And, I really want to join you guys to fight to those people and make internet safe

@lament geyser i hear your frustration and feel it very much as well. I don't think there is a one size fits all list of things to do in order to break into cybersecurity, unfortunately. NinjaJc01 is asking the correct questions that you need to answer. What job do you want to have? are you trying to do more work on the front end to get it or do you need a job now? What does your resume point to that says that you are qualified to get the job? what are the next steps that you need to take in order to get the job?

Join Law Enforcement, specialize in cyber crime

Or pentest, remove vulnerabilities from companies

Or security engineering, working to make the world more secure