#cyber-and-careers

Is that a small market? I live in the Netherlands so I would probably need a Dutch speaking lawyer

Unless you have a couple million laying around to bankroll your startup, I would recommend working for an established firm for awhile to learn the business first

Ahh

It's not cheap

Was just looking for some web testing gigs you know

Not multi-week engagements

Contract lawyers no, cyber more than likely a small market, and you'll want good ones of both. Which isn't cheap

Going in as a security assessment contractor, either independent or working for your own company, is really, really though to get started. You really need to be trusted before you'll be able to sign those contracts

If you test and you fuck up, who picks up the pieces?

Liability insurance

Lol

Security even in the US is a fairly small pond, Chris Roberts is a 2nd degree contact of mine through a dozen people I have worked with

And then you never get reinsured

Ahhh okay

It's happened to more than 1 construction firm I know - when they can't get liability insurance any more, it's really difficult to be competitive.

Yep

My point with this is that you have a brand and a reputation even if you don't know it, and it goes a LOT further than you think. You are still very young (I'm sure you hate hearing that) but you haven't been in any industry long enough to build the network of connections and trust you will need to be successful as an independent

The issue is, every single pentest firm in my country thinks I'm too young... "You have an amazing CV but you're too young and over 3 years you can ask us for an internship for sure!"

(I heard that more than 6 times in the past months)

If you're under 18,then yes, you're too young

You cant even legally sign a contract, which tanks your whole idea

Go get that experience, then. What they are saying is that you don't have the context and trust to be allowed to break their shit in reasonably safe ways. Go work in a SOC, go work as a sysadmin, go do something devsecops-y. You will get there, you lack the trust of industry right now.

But not a single SOC wants me ,-,

That sucks, but it's not technical holding you back, it's your lack of work experience.

There's probably like 5 or so in my country which I know out of the top of my head

Yepp

^Most corps over here have a SOC in the US

Hm that's certainly a fair point

Also likely why you're not getting hire as companies don't want that risk

You are under 18, right?

Yeahh tim gave me an explanation of that earlier; they don't want to be a training satellite

Correct

Honestly, enjoy being a kid

The company told you they would consider you for an internship when you're older

Growing up too fast in a miserable experience

Keep in contact with the people you talked to

Yes, this

Give them an update when you go to university, tell what what you're studying and ask what electives you can take that they would look for in with a sec ops internship

I'm in my first year of uni

Ahh okay

Welp that advice came too late

Spent 3 years (straight) of my teenage life in full lockdown at home due covid and other things

i wish I wouldn't have to put job details just to view job sites and reviews.

Like I just want to see reviews, base salary and job requirements for different positions.

That's if the shitty bootstrap sites even work correctly lol

if you're just looking for some web testing gigs you can do a lot of different web bug bounty programs if you're 14+. You'll need parental consent if you're under 18

if you get some decent bounties that you can disclose it'll look great for your resume

but you just need to be lucky

then I can do vuln research as well

hi i just wanted to ask how to become admin i didnt find a offtopic channel

Admin of what?

a admin in this server?

Apply for the Community Manager position to become the Discord Admin in here 😉

sorry i dont know in what text channel

There is no text channel to apply for job positions

then how do i apply

If you are talking about how to become a mod, then you already disqualify yourself by asking for it

https://tryhackme.notion.site/Careers-at-TryHackMe-6bd665d7bd3448348d04fa06f4b4ef66

Hey guys, I would like to ask you for some advice regarding a job search. I would like to hear your personal experience maybe correlating with mine. I recently passed my Sec+ cert, quit my job and now looking for entry-level system admin/security admin/security analyst types of roles. I apply everyday, created my personal website, talking to recruiters, trying to network as hard as I can. Do you have any additional advice of what I can do extra or different. Thank you

Check clearancejobs.com and search filter jobs that require no clearance or will get you a clearance to work with em-- govt contracting isn't for everyone but it's a great starting point

I'm currently in the military, and I'm gonna initialize the process of getting one for myself for free. It will take a while, but eventually I'll have it. Thanks for the tip tho

Gave +1 Rep to @hollow geode

perfect! As you transition out, there are a TON of programs. Use all of them. for the govt jobs, the resume will be different from civi side. much much more robust. can give the pointers ive learned (the hard way) if youre ever interested.
Currently wrapping up my time in as well, so most of the lessons are fresh in my mind.

well, I'm in a guard, so it's a little different

right on. you are smarter than i was!

Personal Development

Everyone gets a minimum annual training budget of £2,500. Use this for online courses, to acquire certifications, and more. Thats pretty decent

You will have ton of job available for you once you get your security clearance. Go shop around Virginia.

I would look up Top 100 defense contractor in the US and start apply their cyber security position. It is crazy high demand in defense world.

Virginia, Colorado, Alabama, Seattle area... been the hot spots ive seen so far... but everwhere is begging for cyber security people

he can join NSA as well if he wants to

They are begging for Cyber people but most of them only available for US citizen people with clean background

💀

if only the movies happened more often and you could just hack your way into a job

Truth is cyber security is nothing like movie 😢

Also they might have a lot of job for clearance, but they hella picky idk why. I'm in one myself. Who they pick to interview is hella random.

Got in GD but rejected by all of the other one

My friend is in NG, but from what i know. Your present on social media does determine your ability to get job.

you landed a good one it sounds like. thats awesome.

the interviews definitely seem illogical. i have 15 years of proj mgmt, training exp and then some.. but couldnt get an interview. then someone saw my sec+ and pushed me towards their IT jobs, but wanted me to work in hella expensive areas for half a living wage 😄
finally found a good balance and i think a good company. will see next month

The process is very sensitive and invasive

lol my friend got in through connection. He didn't even qualify for the basic

they took him in because someone in there said yes

nepotism is a thing in government for sure

my favorite is the interviews that ask random port numbers and such, knowin i hadnt touched systems in 1-2 years -- just dont call me for the interview, you obviously dont want me lol

I got in without cert. Going to get mine this year hopefully.

i lost a job for that too.. sat forever waiting on an answer... they hired their buddy to run/admin/secure a huge expensive system... he had no quals or experience 😄

need that level 3 DoD cert for more money

nice! some hiring managers are good with picking up on people who they can teach job to.. they seem few and far between though

They did ask me some network question. I was able to answered them. I can get cert in 1 week if I grind tho. I did learn about it. Just dont remember about subnet topic much

but yeah it is not that hard. Hard part is getting interview from them

hahah yep

they seem hella picky who they give interview

govt wise, timing is huge too

gotta get in around aug-sep to hit the jobs that are getting funding for the new fiscal year

and definitely dont use the same civi resume for govt related jobs... write a novel

anyway, back to my linux fundamentals 🤘

yeah, I don't have security clearance, but my unit can make me one for free, but it will take a while

you mean, sponsor you and go through SF86 form?

they can't just make clearance.

Try to see if you can get Top Secret

that would open you even more job

my NCO said he can submit a packet, I'm 92Y, idk if I just can get it

Idk but ask them if you can do the top secret one

it takes longer but way more worth it

I understand, I'll ask, but the problem is a need a job by the end of this month, clearance would be perfect to have to transition somewhere else with experience

Do you know what kind of clearance are you applying for?

I asked him if I have a security clearance, he said that if I don't have it, he can get me one

it depend on the clearance title

for Cyber security job in DoD you need Secret or Top Secret

secret take approx 4 months to year

top secret takes little bit longer because you need to do polygraph as well

I'll ask him next drill but I'm pretty sure we were talking about Secret, because he said it takes 5-6 months

yeah

you can try to get Interim as well, which temporary clearance for work

like tbh, I can do all of those things

As long as your background is clean. Nothing to worry about

I need to do something different I guess, my time is limited

it is just filling out the SF86 is a pain

well, I wasn't born in US

you have to recall everything 10 years ago

well that

is going to take longer to get then

You are US citizen right?

yes

naturalized citizen will take a bit longer than natural born

do you have like foreign contact

that would make it even more difficult

like contact with people oversea and not family

wdym by foreign contract

but imma dm you

kk

Does anyone know how one would prac for certs?

What certs? Good study habits are key

What is LinkedIn Skill assessment worth it for the profile? Do recruiters event filter by skills when searching for candidates?

If the cert has a practical, you're likely going to need to do additional preparation.

I was thinking sec+ and A+ certs

Do you have a general understanding of what makes a computer work and it's hardware components?

Yes, I have been learning on tryhackme continuing on to Udemy rn

If you can point to components and explain how they work, I'm not sure you need A+

Do you have any professional experience?

Ah ok, I do not have any experience in IT. Trying to make the transition into cyber. I graduated with a bach in Digital Media

Are there any certs I can get without getting a job or smth like that

I see certs like comptia require job experience

Eh? Since when

I can't think of any CompTIA ones that require previous industry experience.
The only cert I can think of at all that requires industry experience off the top of my head is CISSP (from (ISC)^2)

They aren't requirements, just recommendations

theyll recommend experience, but like @undone shore said, only one ive seen that actually requires it is CISSP... i take it back, CNNP as well, i believe has the A for under 5 years of experience.
these companies arent going to turn away your $$ for the most part

Funnily enough I've seen so many entry level jobs wanting CISSP, which means it won't be 'active' since you lack the years of experience... HR really doesn't know what's going on.

How much of a recommendation is Uni? I never went at all but getting into cyber. What would be a good starting point?

Many CyberSec degree programs are still very new; I would recommend a computer science degree supplemented by other sources.

If you pass the CISSP without the experience, you become a CISSP associate and acquire full certification by having five yearscumulative experience over six years in at least two domains listed. A four year college degree or an advanced degree in cybersec counts as equivalent to one year of required
https://www.isc2.org/Certifications/CISSP/Experience-Requirements

wait, so CISSP without experience is a thing?

Kinda

You're not a full cissp exactly

Yes, you can have an associates qualification if you pass the exam. It just means you had the knowledge to pass the exam but you do still need to gain the experience as per the above link and have it validated one you qualify

yeah, I just thought you couldn't have the exam without the experience first

Every certification organisation has a path to attaining the certification you're looking for. With the CISSP you are able to do the exam once you pay the fee. It's up to you to choose your training material, whether it's the ISC2 courses or whether you use books or courses from other providers or gain the knowledge/experience another way

How is this resume?

Too many bullets per line, try to keep it 3 or 4 max. Awards should just be the award, imo

The acknowledgement, cases and phone calls, is also a little weak. I'm not really sure how to rephrase it though

Okay I’ll continue to work on it

Thank you

IMO "Army Achievement Medal" seems a lot stronger without the background info, then you can share details at interview if they ask

(the details themselves might be stronger if you can share info about the broader mission this supported)

Hello Guys
I have doubt regarding my career and i hope i can find my answer here ,

Currently I'm working as a junior software developer
and I'm interested in cybersecurity
I did few HacktheBox machines with guides i still lack skill in cybersecurity field.

and i want to get into the field but i dont know what to do
i love coding as well
sometimes i feel i want to be a good developer but then i feel like i dont want to spend my life in development.
I want to make my career in Cybersecurity

one of my friend he suggested me go with SecDevOps because it's Development and Cybersecurity
but i hardly have knowledge in DevOps.
and he told me to write Security+ exam for it. so i dont know should i start preparing for exam or you can suggest something better.

im just a small developer and i want to be in cybersecurity field.

please let me know your views and suggestions.
thank you

Probably might as well get it out of the way, the benefits outweigh the time investment generally https://www.google.com/search?q=how+long+did+it+take+you+to+pass+"security%2B"+site:reddit.com&tbs=li:1

I'm also working as a developer feeling just the same like you. If you're interested to improve more in cybersecurity skill i think tryhackme learning path is a good start. As for the career, if you are still doubt what to choose, maybe start from bug hunting in your spare time and keep the main developer job until you are confident enough to apply to security job

I don't recommend pursuing devsecops if you're a junior dev split between dev and security. devsecops jobs generally you need to be advanced in devops and security so it's years down the road for both paths. Working toward some of the entry level certs for security is a good way to get started on the security path.

DevSecOps is also a path that not many orgs are mature enough to do and make sense of. There are a lot of moving pieces, still requires proper testing and staging prior to production.

What are the easiest certs to get?

easy is relative to background, experience and knowledge

true

also, depends on how you are at cramming/testing.

some bootcamps and study guides really have it down to jam your brain full of information just long enough to pass the test. some will stick but its all a memory game

@lyric solar Sec + is the good base level cert. that i have seen commonly used.
if you like free (who doesnt), ISC^2 has a cyber cert for free, as an intro. didnt go back and check your experience level, but if youre new/wanting to refresh basics, there are lots of free options to add into the daily THM courses

**whats your goal for the cert? i think that would help more point to the right option

I'm just looking for certs that I can go for that can help me at internships

I am currently a cybersecurity student

I do THM rooms on my free time aside from university studies

(I love cyber security lol)

what country?

US

then Security+ should be a good one

I'll check it out

Yeah sec+ will be a great flag to start convos on your resume.

I've also been asked about any coursera classes and such as well to show extra outside learning. Udemy and coursera are great, and you can find free to cheap courses

Studying for that right now, don't really have a timeline goal for it

This bewilders me

Let's hope they pay an 'associate' the same amount as a fully certified CISSP

They're not equivalent

If you're asking for full cissp, that person has IT experience

Precisely my point! So why ask for a CISSP for an entry level position? It's clearly not an entry level qualification.

Cissp associate is.

And entry level to IT is not entry level to security

Then they should explicitly write that in my opinion

Security is typically not entry level.

I assume nothing without seeing it on paper

I agree with you there too - yet many security jobs are marked Entry level asking for years of experience. The entire hiring practice is just broken.

Entry level for security often expects IT experience. That's understandable.

Security builds on strong IT foundations

If it was just IT experience that they wanted, I wouldn't complain either. Anyway, it's nothing you or I can change. It's just bad algorithms and automatically generated LinkedIn job specs

Or at least I hope it is

We can try to change it from inside the system, I've personally helped a bunch of people get pentest positions without experience now. There's a talent shortage in the industry, but a lot of training methods like degrees fall short of preparing you for the work

Not to say degrees are bad, just not sufficient on their own

I agree there

and that's really great to hear that you've been managing to help place candidates without degrees

With degrees. Without experience.

Ah that's expected in my view of things

Not directly into pentest.

I thought it was the other way around, was going to say that's very forward thinking

Yea I wouldn't expect that

Anyway, there is a very clear path in, I'm just frustrated when I see very entry level jobs like Auditing advertised as requiring advanced certs.

Hello there,im 22 year old student currently studying for online Masters degree in cyber security, security+ certified, studying for CySA+,and going through learning paths for SOC analyst 1/2,Threat Hunting.I have no IT experience at all,but im have finished some introduction courses in Java/Python, software development and software process.Im from Ukraine, and have been applying for all Cybersecurity positions without getting a single interview for a month.Perhaps someone might advise me what may help me getting an entry level job or internship ? I believe if CySA+ don't maybe with BTL1 I will manage to get a job or internship ?

Can easily be an HR requirement to justify a salary band. Makes less sense as a technical qualification. 🙂

Sweet thanks!

Gave +1 Rep to @hollow geode

which is more beneficial GPEN or GWAPT, or do they both have their pros and cons?

What's your overall goal? Your question is quite vague.

Overall goal is to obtain a Jr Penetration Tester role if that helps

and what companies rather you have or it doesn't matter

So I think your best course of action is going to be looking for junior pentester roles in your area and see what they require

Seems ideal! Thanks for your answers appreciate it!

Gave +1 Rep to @stoic cave

I see, that is a good point.

Looks like Ill ping you in 5-6 months.

😄

Hello

I’m going into my freshman year next fall for a major in cybersecurity with a focus in geopolitics, wanting to pursue a career in some fed gov agency

My school is recognized as an academic center of excellence by dod nsa cia and homeland security, so once I graduate with my degree I’ll have a nsa certificate that would help me in that side of the job search

But over half of my schools technology campus is cybersecurity students

I know there’s a talent shortage, but it seems like every year there’s been more and more and more applicants? We even have a cybersecurity professional coming to speak w my compsci class lmao

Would it not be harder in 4yrs for me to find a job?? I see u guys r saying a degree isn’t sufficient

be sure to get internships and possibly a certification or 2. Work experience is something critical to get while in college

Yea the college won’t allow u to graduate unless u land an internship

W college

but like not just 1, every summer apply apply apply

I’m so excited fr

and usually applications for the next summer start around this time, October/November

Wonder if there’s any I can do as a freshman

some companies will even allow high school seniors going into their freshman year

Definitely gotta look into that

yes, start looking now/soon at various companies college recruiting websites

Do you know anything about this?

eh, every year there is pretty much the same amount of applicants... most of our entry level cyber applicants come from comp sci programs, not cyber

cyber continues to grow, continues to have more jobs, there is a talent shortage at the senior levels, not at the junior levels, that doesn't mean we don't hire at the junior levels because we do

Hey guys, I am a computer science student and I just found my first job, I am going to be a programmer in the national cyber unit, special force in the police.

If you wonder what things were in the interview so of course I had a few questions style leetcode on data structures and algorithmes, also a few question on security, linux and one 'room' to gain privileges.after the interview they gave me a home assignment, to develop a specific web app on the dark net, and also to create a telegram bot that basicly automates nmap and a few simple gobuster scans for a given ip.

Some of the things I will be doing are python and c programming, finding vulnerabilities in operating systems, networks, pentesting and even some criminals finding through crypto and blockchains

I hope it can give me great experience, as the salary isnt great and competetive as the high tech but currently my goal is to kickstart my cyber career and do things that probably I wont be doing any where else

Dont let go of your goals, I had times that I nearly thought to drop the cyber and just concentrate on my programming skills and my studies

when ur going to sit for your first cert exam soon and are questioning everything you studied up until this point 😭

u ever just get like insanely nervous

i think i will be fine but still

its only ITF+ so im probably freaking out for no reason

you'll be fine

Hi @pseudo creek
I would like to post a job opportunity for my company on #jobs-board

you'll need to talk to Hydragyrum

Ok thx

Gave +1 Rep to @pseudo creek

Hi @tacit bobcat 👋🏻

email me at hydra@tryhackme.com from your corpo account mentioning the posting and your discord username

Sure, I'll do that.

Done ✅

https://www.microsoft.com/en-US/cloudskillschallenge/ignite/registration/2022

if you complete one of the challenges you get a free cert exam for that challenge topic.

https://www.microsoft.com/en-US/cloudskillschallenge/ignite/officialrules/2022

That's kinda cool, might be something to share in #resources as well

ok

Sweet thanks

Gave +1 Rep to @tall wigeon

So, ISC2 made this comparison between CC and Sec+

Is Sec+ really that entry?

Nvm I think I’m being silly

what cert, should I get? background: going to take my ged soon and I plan on getting some cert for cyber for blue teaming, which one should I choose? BLT1 or the cysa?

If you want future clearance, dont do drugs, keep your credit score clean, and avoid lots of foreign travel/overseas acquaintances. Best to go look at the clearance form and keep track of the stuff they want you to report.

I just finished one module in security challenge course. I have to say this is really out of my expectation. The knowledge is practical. The course is interactive. It's really like a systematic blue team course based on Microsoft product, but there're still so much knowledge product-independent.

i just finished my ccna certification and i wish to start my networking career with internships, im open to any advice on how to increase my skills for the job market

Wrong channel to ask, if it’s not for an active ctf, try #general

Although most college students may not have time or resources for foreign travel, you can travel internationally and get a clearance. Lots of active clearance holders do. They don’t even care about some foreign contacts. I had a language teacher from a foreign country and thought that was reportable but nope. I don’t even think they care about some drug use and experimentation in college, it is an ongoing drug habit once you are working that is the issue. I’m not advocating for doing such things, but those things won’t disqualify for you a clearance automatically

A lot of this is true, except for the drug part. The FBI and some other agencies will not hire you/work with you if you admitted it at all.

Initial secret is largely just a computer checking over everything and then it flags things if it needs a human review.

On top of this, if you fail or get an inconclusive on the poly for the FBI, you will be barred from working for them as a contractor or direct hire permanently. Even if you're currently working for them.

• on the permanent, as there is an appeals process, but it's very rare

awesome. I haven't even started lol

but good to hear

Someone who did the room Active Directory Basics for a question?

If you need help with THM rooms, #room-help is the best place to get assistance

I’m stuck

Nvm

well I'd assume if you are going for the FBI, you'd know that in and look into their specific requirements. I know people who have TS/SCI who have said that college drug use was part of their application

I mean like I was considered suspect because I was one of the few people who said they didn't do marijuana in college

(person I know did more than marijuana)

Right, but the FBI is a common and large sponsor for clearances. I agree that it got a little narrow in scope but it's not just the FBI that will toss you

well and even that, the person didn't say they were interested in working in gov/for a government contractor, there are jobs in cyber in the US that don't require a clearance...

My company routinely sends out news letters saying if you try x product you will be tossed and they will make sure the government goes after the clearance too

I mean... don't do drugs but marijuana in college isn't a disqualifier and even other drugs may not be

? The one you replied to specifically mentioned clearances

they mentioned a clearance to someone who didn't

Hi I'm interesting in both programming and cybersecurity (i just want to build tools, exploits...etc ), what are the certs/books/courses you guys would recommend for a guy like me? Also are there any jobs that match the stuff i want to do?

exploit development is a valid job. There are some older books but "Hacking: The art of Exploitation" and "Reversing: Secrets of Reverse Engineering" are good ones to look at

Thank you very much

Where lies the line between bragging and selling yourself in a job interview?

Because I'm kind of afraid I'll come across as a bragger to recruiters

Stay respectful and humble about it

You have accomplished x and y but don't go shoving that in their faces if that makes sense

Imo, the difference would be something like this:

"in my spare time I enjoy working on THM, where I've worked to reach the top 100 spot in my country."

Vs

"im top 100 on THM"

Mention personal accomplishments as well as team accomplishments. Most work is a team effort. 🙂

Also true

but don't focus too much on the team

be sure to include how you played a part on the team

It depends on which country as far as I aware. Canada and othe republican countries are fine. Russian, Iran and china will delay his clearance.

and it does 'depend'... but a delay would not be a denial... but I wouldn't discourage someone from traveling the world because they might later get a job that requires a clearance

even people with clearances travel to those countries, I think there are only a few truly no no countries (NK being a notable one)

Yah, you can still travel as long as the person report to them

What if you've never been part of a team?

show your inner terrorist

jk

hm.

Might work.

do you write security blog

It is one of the good thing you can do to showcase your skill

negative, I do nothing right now but I'll go through and have a look at things when I am not so mentally/physically/emotional exhausted. Don't wanna burn myself out.

roger that

you'd be surprised what one month of studying does to the human mind.

which certification?

OSCP?

Nooo.

Not yet.

I did A+ and Network+ CompTIA

in 3 months.

oh yeah network+ 💀

I think you should skip it tho

get security+

then get CCNA

I'm legit working on security+ as we speak

yeah get that one

most people who earn network+ doesn't make much compare to CCNA

I'd still be on at least $60k a year in Aus apparently

CCNA enable you to earn $80k-$100k role

like Cisco for example

you can work for them with CCNA

yeah, but right now, security+ is my next one.

in DoD tier list CCNA rated higher

infact, brb.

you got this bro

i should get mine as well

I got hired without certs

but im 100% i need to get it

I think unreal is in a country with a much tougher job market

But you got this unreal

Are certs like Network+ and Security+ accepted in Europe? I'm from Portugal but when the time comes I'm sort of unsure of what certs would be more acceptable around here (open to work remotely for other countries outside Europe, but still curious)

Hello, I'm doing a career change and aim to start education next fall but I'm not sure what type of education to go for. The end goal is cybersecurity, and I'm looking at either a bachelors in computer science(3 yrs) or a 2 year program majoring in IT-security(gives "Higher Vocational Education Diploma", but im not sure if this is an international form of education or just in Sweden) The 2 year program includes 20 weeks internship in the field while studying, and mostly have relevant subjects but not much focus on programming and doesn't give any official certifications.

I don't have any prior programming skills or relevant knowledge in cybersecurity so I'm worried I wont be able to get a job after a bachelors in cs, do you guys think it's smarter to just skip the degree and go another path? or do you learn critical things that you actually have a use for - that way maybe its worth studying 3 years for the bachelors even if im not able to immediately get a job after?

Hello guys, anyone done Cisco cyberorps associate certificate ? Or know what chances I’ve got with it. I have just finished a Bsc Cybersecurity & Networks. I want to add something else. Any recommendations too here?

BS CS if you can handle it

Make sure you do side project and join club. Even thou you probably can get one without doing any of those.

Side project, club, and intern give you a chance to negotiation salary

Research is very good as well

Most people who skip degree end up in help desk. And wait for opportunity. If that what you want to do. With CS degree you can do Software engineer and transition to Cyber later. Coding skill is very high demand in cyber space.

I would take a person who can code over someone who has cert anyday.

Cert can be grind later. Get that coding skill up

More knowledge never a bad thing 😈

Thank you 👍

Gave +1 Rep to @loud marsh

Any recommendations on how to get into the job space?

which location are you based off?

like country?

In UK

argh i don't know, i'm from US. Maybe someone else can help. Im gonna say writing security blog will help you a lot in your journey.

since cyber security is a lot of documentation anyway

definitely reach out people from local cyber security event in the UK, and ask for advice.

Thank you this is helpful

Gave +1 Rep to @loud marsh

Have been looking at blog definitely

learn HTML, CSS, Javascript and make your own blog site

trust me knowing those 3 give you skill to hack web

🙂

Will get to it

That is one of my fears! :p
Is it a big step to transition into cybersecurity later on? If I work for 1-2 years as lets say a software engineer, would I have a good foundation for cyber security or is it almost completely unrelated aside from the programming skills?

Tbh you can skip helpdesk with Computer Science degree, which what I did. I have two friends who skip helpdesk as well

they are both Penetration Tester now

Do security research or any kind of research in your college as well.

@noble jungle What jobs are you looking for?

And what sort of experience/qualifications do you have?

Well Cyber Security is mostly self taught, but having Software Engineer(Programming) knowledge allow you to know which spot is common for people to attack. They both go together. When you take software engineer class, they will teach you about security as well. Like how to make your database secure by hashing the user/admin account in the database.

See if they offer security courses, just take all of them

Join cyber security clubbbbb and compete!!!!!

They do offer some voluntary courses that I can take
Guess i'll have to aim for the degree then 🙂

do degree and do tryhackme = profit! 😈

Im not work for them but subscribe to do their premium course

👍

They offer student discount

I am looking at SOC analyst or pen tester

Got a degree in Cybersecurity & Networks

No experience at the moment

Without experience, you'll struggle to get pentest roles

There's a few trainee level roles but it's usually something that needs exp

If you can get OSCP cert. You can get Jr Pentest role. I have not seen anybody in my class land jr pentest role without the OSCP cert. My friend told me, they give you a room like the OSCP, and ask you to hack it then send them the report for the job. A take home environment.

So I can start with a trainer role? Or go for SOC analyst?

I’ll look into this

Yes

Thank you

Gave +1 Rep to @quick forum

i will say over here while this is 2nd hand experience degrees arent always necessary in the UK im doing the helpdesk side of things while constantly doing CPD my current manager has no degrees no certs just experience used to do CySA and pentesting work that is one of the great things about a large part of the tech field there is definitely many ways for someone to carve their own path into it

Degrees are a lot more necessary now than in the past

falei com alguem que tambem trabalha em europa e ele disse que sim, aceitam esses certificados e que tambem sao importantes aqui

Thanks! @deft isle

Gave +1 Rep to @deft isle

Hey guys, what’s the best certificate to work as a penetration tester and which paths should be complete before trying to attempt the test?

Best depends on a lot of factors

Can you give me a few?

Where you are, in particular

As of now?

The geographical region, most country wise, that you're seeking employment in.

Do we reckon the SC-200 is helpful in getting a Security operations or analyst job? i mean im getting it for free so im doing it anyways

Maybe in my country as an Intern but in the future most likely US, Germany and etc… I’m from Lithuania

I've got no idea outside of US and UK, so I'd recommend looking what employers are asking for on job postings

Basically the previous one I tried to get an interview in they required knowledge of Web,Api and Mobile app testing

Web testing I’ve spent over a year learning so I mainly know how it works

If they want certs, they will ask for certs. Specific certs

Most of them say it’s optional but it has a higher chance in getting accepted

Yep. So look what the most common certifications employers are asking for are

Also James, what is the difference between CPENT and CEH?

No idea, but EC Council is a morally bankrupt organization in my opinion

I assume you know both of them, correct?

Nope

Only heard of CEH and it's a joke

Wdym by joke?

Like literally a joke among my friends and coworkers. Outdated, low quality, etc.

Yea but don’t companies just see that you have it and think “Aw shit he’s good, we should hire him”

My country is so fucked that mostly every where if you wanna get a job they require 2+ year experience

The CPENT program is the next step after the Certified Ethical Hacker (CEH) certification on the journey to the Licensed Penetration i googled it.

Not here. We would laugh at you

It's not a high quality certification program, especially considering it's not practical unless you do the explicit CEH Practical too

If I may ask, which part do you do in cyber security? Pentester, Analyst, DevOps and etc..?

I'm a pen tester

Do you pentest all of these : web, api, mobile apps?

I end up doing infrastructure, compliance, and some security engineering as part of my role but it's not my main thing

I do web, api, thick client, and infrastructure. I try not to touch mobile.

Why so?

It doesn't interest me

I’m gonna need to learn api and mobile app testing, since you mentioned mobile testing doesn’t interest you and from my knowledge testing API the 2 common apps used is burp and postman

Postman or insomnia are usually what I use

API testing is just sort of lower level webapp testing. A lot of the same ideas and processes, just with different tooling and different output

I would say it doesn’t sound so complicated but I would be wrong, no?

Like with any pentesting, it can be complicated. The basics are basic

In your opinion what do you consider basic’s?

Owasp make an API top 10 which is a good place to start.
APIs can have injection flaws etc like webapps do

Also should you be ashamed of this or no, since your a pentester

Honestly I know what Sql injection is but I could/couldn’t reproduce it manualy and I use sqlmap for checking sql injections either thru url’s or burp requests

Is this good or bad?

As with anything, practice

Also let’s say for priv esc instead of looking for priv esc parts manually is it better to use for instance winpeas/linpeas or check manually for priv esc points?

You've worked out something that you need to practice, that's a good step.
The next step is practicing.
You can't instantly be good at everything, and there will always be more to learn

Better is subjective.

Better depends on the criteria you're assessing against

If I list you the things I know could you tell me am I able to work as a pentester at some company or do I need to learn more? p.s quote I am not saying I will ever stop learning about pentesting since there is no deadline

No, I can't assess whether you're employable from a list of topics

Well it’s not like topics just things I am comfortable doing

Most employers will do a technical test, like a CTF, for good reason.

You're also likely to be asked technical questions in your interview, to assess your understanding

Perhaps you can give me an example of a technical question if either you can come up with one or you were asked in an interview yourself?

There's a list in the pinned messages here from Bananaisu

Okey, Linux and Networking need some work haha, Web question were 70/30 easy😅

Hey guys. New to cyber and looking at trying to figure out what certs I should work towards. I have 2 questions

1. Do u guys think Data+ (by Conptia is worth it)
2. I’m using Try hack me to learn whatever I can. Thinking of adding Cybrary to help. Anyone have any experience with Cybrary was it helpful? Thanks.

I used Cybrary myself a while back and liked it at first, but once I started exploring other learning platforms I found Cybrary to be not great in comparison. I personally wouldn't reccomend it, there are a couple of gems on the platform but the rest is subpar imo

Wasn't cybrary once upon a time free

I was like surprised seeing the pay option to access stuff

Ty. Seems confusing to manage. There’s a free option but doesn’t seem as try hack me. Is there another learning platform u tried or like?

Hackthebox & TCM academy are the other two that I use the most as well as thecybermentor youtube channel if you are looking for more free content

TCM Academy?

https://academy.tcm-sec.com/p/home

They also have certs in addition to training. I recommend following them on LinkedIn - sometimes they have deals.

They were free for some time, it was a great platform by then! Unfortunately it is mostly paid now 😦

TCM learning is free.. but u need pay for certification. but its good deal..

some TCM learning is free

So I think I would like to go down the sys admin path but mainly for Active Directory. I checked some job postings to see what companies like and stuff like azure Active Directory, AD CS, ADFS, and others I can play with on my own. My issue lies with I won’t be coming from a sys admin role. I’m just afraid if I do go down this path, the lack of experience might hurt me. (My current role is security engineer, very broad Ik)

If you want to work with Active Directory in a sysadmin role, you'll need to be a generally widely experienced Windows sysadmin, since AD is so tightly integrated into Windows systems and networks

That’s why I try to do some stuff similar outside of work. I saw on some posts mentioning MS certs but they were expired. Idk if they have updated ones or not but maybe that’s another good resource?

There is the hybrid windows admin certs now, they are fairly newish but would be useful for your goal

Like those AZ-??? certs & exams?

Found it i think - https://learn.microsoft.com/en-us/certifications/exams/az-800 ?

Yup this

cool ty both for the info, ill take a look at these courses

Gave +1 Rep to @pseudo creek

Do you guys know a company that accepts internship for red team?

largely depends on country, in the US, there are internships if you are an enrolled student in a US college

That's currently my problem. The opportunities are mostly outside my country. I really want to land a pentester job or at least cybersecurity related job. Are there any company in your knowledge that accepts applicants from other country and would probably be okay with a remote internship?

no, generally you have to be in country

are LinkedIn skills badges worth anything? or it just for making searchs easier

Not cybersec specific but there is a web dev opening @ The Calyx Institute https://calyxinstitute.org/about/jobs/web-developer 80-90k/yr, paid benefits

What is the best certification to start now, security+?

not a thing

depends on your goals, Security+ is a pretty solid certification

you think with jr pentest course on tryhackme i am prepared to try it?

i dont want to waste 300 dollars

my goal is to work on pentesting or anything related

but red team

most of the job roles on my country ask for security and pentest+

if are a student get a pretty good discount

yes i am

https://academic-store.comptia.org/certification-vouchers/c/11332?facetValueFilter=tenant~user-type%3Aindividual%2Ctenant~certification%3Acomptia-security%2C%3A&

thank you!

You're gonna struggle to find an internship for red team 😆
SOC, definitely, pentesting maybe, vuln assessment, definitely

no, I'd do a Security+ course. Look at Professor Messer on youtube

Do you recommend any THM rooms for the SOC?

So many certs to choose from as your first one. So hard for a student who’s not 100% sure which field he wants to specialise in

you know, don't think about 10 years in the future or even 5 (well you can kind of)... I didn't know what I wanted to do specifically, once I got a few job offers, I kind of chose the direction I wanted to go but you know what? I spent 3ish years at the job and then figured where else to pivot. What you choose now won't be your forever job / path

Nah I know, I just want to get a foot in the door doing anything cyber-related to get experience

And then I’ll figure out where I want to go

then I'd look at Security+

Alright! Really appreciate it!

It recommends doing Network+ first. Thoughts on that?

if you don't know networking, that can be a smart move

yo udemy or simplilearn for CEH??

There’s plenty but they’re all pipelined

I have an interview for one.

In Glasgow.

I snagged a udemy zero to mastery ceh course... 80% off

Hey everyone......looking for a full time Cybersecurity job, okay to move anywhere and preferably something related to Penetration testing and Red Teaming. Finished my BSc(hons) in Cybersecurity degree and currently studying and working on my skills.

Check out #jobs-board and ask questions about anything you wanna know

Alright thanks 👍

I'm thinking of doing masters, there are a couple of options after the course I just did, either M.SC or Masters in CyberSecurity/CyberForensics. Not sure if they'll be much help but they sound promising.

There's an option for M.Tech but it's only after I do a Masters in Computer Applications, M.Tech has more weight from what I've researched.

But it'll take more time and effort than just doing one Masters degree.

So other than M.Tech, I have these options shortlisted, there are more but they're more on the management side.

Hey guys, I'm a 4th year engineering student in cybersecurity, and I'm looking for an internship.
Do you have any companies in mind that could be interested ? Preferably in Europe, with anything around cybersecurity but pentest-oriented if possible

I'd read the pin from 6/30 in this channel

Your best bet would be to do some research using your favorite search engine and your country's preferred job board.

No pin from that date

Excuse me, 30

This one?

There aren't 30 months 😁

don' listen to Muiri

No, the channel pins
#cyber-and-careers message

guessing Frizzy saying MTech means they are in India, think any advice we have about masters and India goes out the window

Okay, thanks! But the Masters I'll be doing will help out a lot

Fair

(And probably date formats)

and Thus you need to ask someone in India for advice really

Hehe, yeah, India uses dd/mm/yyyy too apparently

because the UK corrupted them

Well there isn't 20 months

damn colonizers

Yup, I have some friends in the US so I understood the dates 😉

30 damn

Idk why my brain is stuck on 20

Oh, I just like reminding them that there are more systems than just the US one 😆
International standard formats ftw!

2022-06-30

yeah yeah, mm/dd/yyyy is all we need

The irony is, there were no Indians and Dogs allowed in the British clubs, but now their prime minister is Indian with a 10 y/o dog.

That's the only one that makes literally no sense

lies

figures

I mean, he was born in Britain, and holds British citizenship. Pretty sure that makes him a Brit (along with anything else he wishes to identify as)

Okay so I asked a relative, she's in the IT field from the last 12 years and gave some advice

That said, the sooner we get rid of him and his entire cesspit party, the better.

tbh, politics tire me so I don't talk much about it 😆

Day -> Month -> Year
Smallest denomination to largest

Year -> Month -> Day
Largest denomination to smallest

Month -> Day -> Year
Confused mess

Good policy

just because you can't comprehend it..

🤣

It's quite literally just a case of the earlier independent Americans going "well what can we do to be edgy and set ourselves apart from our British overlords? Oh, I know! Let's change the date system to something so bizarre that no one else would ever consider it! Then we must be unique!"

Hello, what is difference between ejpt and ejptv2? does I have to take ejptv1 then ejptv2 or I can directly goes to ejptv2?

v2 is a new version

Not an additional stage

Hey guys, are there any pentesters here willing to give a short interview about their job? I'm a computer science student ( currently doing my Bachelor ) and I'm very interested in cybersecurity. I'd like to find out more about this area of expertise, and the requirements needed for this profession. Thanks!

I would ask your questions here. You'll get more eyes and different perspectives from multiple people. It will also benefit future members of the community.

Yeah, I thought about that, but the thing is, I'm also doing this for university, and I would need to know the name and the company of the pentester in question. But I wouldn't mind asking them here if that's not a problem.

Hello all, can anyone give advise to someone trying to pursue a career in cyber sec specifically pen testing in the uk. I have just started college (currently 16) doing a-levels and I'm planning on doing cybersecurity in uni. Is uni the most preferred option or do alternatives exist that may be quicker or more beneficial such as certifications or would you couple them with a uni degree. I'm trying to figure out a suitable path for me to take and would be happy to see what has worked for you guys. Thanks in advance.

Which part of the UK?

England

Cybersecurity is a long term pursuit and really depends greatly on your knowledge, experience and willingness to learn. University would be very beneficial in this regard, as would various certifications, books, courses and platforms like THM. The most important thing with cybersecurity is to get experience using security tools and computer systems. You should be knowledgeable to some extent in Windows, Linux, Networking and Programming, though you can start with the basics and build upon that.

A lot of what cybersecurity involves includes areas and principals of systems and software engineering. Cybersecurity is not a beginners' discipline in any of these areas and requires focus and development of the skills in the areas you wish to focus on. It would be very beneficial for you at this stage to get comfortable with computers, networks and a little programming, doing activities on platforms like THM and building from there

Hi

Thank you for the response, my knowledge of Linux and networking is getting there however my programming skills are a bit lack lustered. It helps tho in college I'm doing python and vbnet so I'm learning the fundamentals quite quickly and I've looked into some certs that I hope to accomplish in the near future but for now I'll just stick to thm, htb and YouTube.

Gave +1 Rep to @rugged delta

Is it frowned upon to use notes in a technical interview?

My memory recall isn't fantastic and I always rely on notes during the day-to-day

Typically in a technical interview you'll be asked fairly general technical questions about tech and some specific to the tech you'll be working with. You might have to write your answers to technical questions in a quiz form or be given a physical/virtual machine to perform some tasks. It really depends on the company and what they're looking for. Notes are typically frowned upon but being organized is something they'll expect.

Guys is there an excess of Red Teamers in Cybersec?

hey everyone, is it possible and advisable to self-learn pen testing? it feels like college tuition is not worth it if i can just self learn and get some certs as alternative for the degrees

I will start by saying that pentesting isn't an entry level area within Cybersecurity. You're going to need some level of professional experience before getting into pentesting. A degree can change where you start and also offers increased salary over someone without one. Do you have previous professional experience in the computer industry?

im currently a student

but i do have some experience on building websites(Front and backend) and also some scripts with Python

Were you paid for these things?

From a company/made enough that the government would care about taxes

There’s an excess of people wanting to be red teamers lol

nope they were just some school projects where i made a script and a bunch of vulnerable websites and i used an ai which i trained to find and fix SQL injection vulnerabilities of those websites.

and maybe learned linux because i used it as my daily driver

There's a lot more to working as a pentest than just that.

If you can afford it, I strongly recommend you go to university and get a related degree - highest value for most of IT is a computer science degree, but there are some (very few) good undergraduate cybersecurity degrees as well.

A couple of the biggest reasons to do so are that a well-rounded education gives you a huge shortcut to mid- and senior level positions, whereas you would have to work for several years in junior and associate roles first and there is no guarantee you would get the background material needed to make the jump to senior.

I see, so Red Teaming is still not a sub-field to aim for?

if you like it, you can, just be aware that the competition may be tough and more skills / experience in other areas may be required first

So what's another good field to go into?

sub-field*

DFIR good as well? I'm personally interested in Red Teaming, Pentesting and DFIR the most.

Analytics is dope too though.

yeah DFIR is good as well and seems to be a bit more welcoming to newcomers to cyber

@crystal condor it's still worth learning pentesting/red teaming skills as a lot of cybersecurity is about understanding how a threat actor might operate within your environment and interviewers do like to know about your activity/success/failure on various cybersecurity platforms. A lot of the skills you learn in pentesting are applicable to or give you a good understanding of other cybersecurity roles

Yea, and knowing both Blue and Red Team stuff enables you to do anything you want in the future.

If you're good enough you can become a red teamer.

If not then you can do something like DFIR or Pentesting

I don't think of it like that... basically there are a ton of cyber security jobs out there, many of them I would consider more complex and difficult than red teaming... but its that if a red team has a 100 applicants and a blue team has 10, your chances are greater with the blue

Doing a few years in college or doing a few years of experience seems about the same time on getting that mid-senior tier position.

I think most importantly it has to do with attitude and how hungry you are for more knowledge.

It is, believe it or not, a shortcut especially if one eventually plans on being a manager. There's a lot of soft-skill stuff learned in the gen-ed classes that is problematic to learn on the job. Believe it or not, the most useful part of my undergraduate degree is the courses on Communication and Rhetoric&Writing.... Especially when I worked in infosec.

The writing part and management I 100% agree with.

What do you do currently? Position wise?

QA

How do you like it?

I see some QA bootcamps pop up from time to time.

Juun is smort cookie

It's a lot of telling other people their stuff is bad, and arguing why it needs to be fixed

But I agree that my most useful class was a public speaking one

That and having to write and edit 30 page papers as well as having to explain the concepts

Company I work for is heavily invested in DevSecOps, so there's a lot of culture agile stuff that drives me crazy

Ahh interesting. I work in the Airline Industry

In the IT field here

Honestly, spend some time doing other stuff before jumping into QA unless you have at least a bachelors in comp sci and understand what a dev cycle ought to look like

Looking to getting into the Cyber field once and for all.

a QA bootcamp is going to help a current dev or engineer transition to QA, I would not expect someone with no IT experience to get value from it

You'd be surprised...

Maybe. I'm not a fan of bootcamps in general, every one of them I've looked at has been a money sink of extremely questionable value

I have basic programming fundamentals.

I think it depends on the bootcamp and the person.

I'm in the IT field...with no degree or a single cert.

Do you have any experience in software engineering, or just fundamentals?

and have rose through the ranks....work for federal agencies and now fortune 500

Lacking certs hurts your value when you decide you have outgrown your current role, unless you stay with the company

I do plan on going to college in a few years once I have more time on my hands.

Yeah it's got me this far...I honestly making great money considering the fact that I have no school.

But I'm ready to jump into a different field.

Just fundamentals..

HTML, CSS, Javascript, bit of python

I've worked SCIF adjacent for a couple years, I see a lot of people whose careers suffered from being in the SCIF - they were not able to learn current technologies, and are 10 to 15 years behind current industry standards as a result

Yes

That's one concern I have currently

I'm still in ifcfg land and that was deprecated years ago

And CISCO IOS from 2003

yeah, but that's normal for your environment Moose

This will be the first time for me ever going after a cert...
I plan on going after 2-3 certs this year in cyber and transition into the new position with my airline.

What certs are you planning on?

I'm going to go after TCM's first. Then eJPT, and OSCP after.

In conjunction with finishing all of TryHackMe's content.

Just be aware that TCM doesn't have HR recognition

Yes I'm 100% aware

Unless your current employer has a pentest role they are grooming you for, you may be better served getting Sec+ first

I'm doing it more for myself.

To help with OSCP

If only for the HR recognition

And i dont think you'd need eJPT if you do OSCP

Beat me to it

Yeah I may go after Sec+....
I pretty much have a in in the next 6-8 months for the transition.

To me eJPT and TCM was just momentum for the OSCP

Since I know it's quite difficult.

If you aren't in contact with the airline cybersec leadership (operational director for sure), you ought to talk to them about what they do, and make your interest known. That kind of networking is invaluable when you make your transition

They said OSCP and AWS cert will do just the job.

Maybe you can shadow someone who currently has the role you want and can help guide you towards what makes sense for that role

Yes...we have a thing called Day in the field..

But since Covid most of the field is at home instead of HQ lol

It would guess its generally adviced to have a networking degree in the pentesting field right

Im looking qt getting that before moving on to more specific certs

Yo anyone here took the microsoft sc-200 exam or familiar with it?

When learning the material for these certifications (especially AWS), start thinking how the material can be applied in your current work environment. Will also make it easier to learn cloud technology, as you will be able to connect the AWS technologies and terminology with the framework and infrastructure at your work. Learning AWS in a "vacuum" is a lot harder. 🙂

Name calling isn't the best way to get advice, FYI. However, I would look for similar roles in your area and see what they are getting paid using something like Glassdoor.

hey so im a freshman compsci college student who's been programming for a bit (since 13 i think) and have alot of CTF experience. this isn't a humble brag but rather just context, i guess? what advice do you recommend regarding careers? NetworkChuck has given advice on joining IT helpdesks at first but i guess i just want to know what to expect when i actually start getting money lol 🧍

in college, you would want to look at getting internships... like now.... start looking at various company college recruiting websites and apply, apply, apply. The application period starts now for May/June starts. Also if you know anyone who works for a large corporation, ask them about college internship applications. Alternatively, if you are able to get a job while in college such as the college IT department, that is great stuff.

So hard to find internships/studyjobs in the security field. Would you just go for a developer/other tech job?

Im studying computer science as well

Doesn't have to be security

My internship was with an IT department

The main goal of any internship is to gain professional experience in the overall industry you're looking to get into. As long as you stay within the computer field I, personally, don't see an issue.

May be controversial to some, but I think getting a little bit of time as a developer under your belt helps significantly when pursuing security later, and I might even argue the better route. The "how and why" background knowledge comes in very handy later.

But that argument heavily depends on an individuals perspective of security and their desired career/end goal.

'depends', generally IT background does help, I started as a network admin, some people start as system admins or database admins

100%. A background in IT in general is always going to be beneficial and all provide knowledge and experience that can be leveraged later. I spent time as help desk and sys admin before even going in to dev and that experience helped during that transition. I guess the broader point I was trying to make was getting experience in IT, especially in a business environment, to see how stuff is deployed, used, and maintained. It takes a bit of the black box element of out the picture when you get into the security realm.

I've found that, even though it was an extremely short stint, the knowledge I gained in IT was/is and will continue to be invaluable as I progress

Thanks a lot for the response! Really appreciate it. I will broaden my study job search

Gave +1 Rep to @iron mulch

any tips on where to look? if thats alright

It's very much region specific. Look at the job boards your country uses the most for potential opportunities.

alright, appreciate it 👍

I saw you asked this across multiple channels, but you'd probably get an appropriate response if you ask the questions you have.

There's a wide breadth of knowledge in these parts

Hi, is it dangerous to open camera while browsing dark web

??

You already asked this in another channel

wrong channel but it depends

Are there any known platforms that companies typically use for pre-generated red-team pentest technical assessments?

I've come across the likes of Codility for SwDev, but not sure if that kind of niche exists for infosec

Hi! I'm doing it today, whats your question?

If you're looking to be a red-teamer you'll already have significant pentesting experience in a work environment and be training up for red team exercises. Red teamers are highly experienced hackers with years of provable and verifiable effectiveness in the field

Wrong use of terms there, meant to say pentesting

There's lots of ways they can test to see if you'll make a good pentester... They'll verify any certs you might have, or check your activity/experience on thm/htb if you want to show that but they'll almost certainly give you a challenge as well to determine what stage you're at

Yes, quite a few. Some companies even do it inhouse.
There's often an interviee CTF.

what would be an ideal starting out cert? I heard A+ and security+ were good ones to get your feet wet

If you have knowledge on the components of a PC and how they work, I don't think you need A+

Security+ is the baseline cert for cybersecurity

Do you have previous professional experience in the computer industry or a degree?

i am currently in my last year for my cyber security associates degree, but besides that no. I am "fresh meat" you could say. Looking for a starting point to help gain knowledge in the field, i am currently going though the jr pentester THM course

but besides THM, no other experience i just got out of highschool a year ago

With no experience, getting a job in security may be rough. However, I think you may be able to get into a SOC once you finish your associates.

@ancient prairie is our resident SOC expert. Do you think they would be able to get on a SOC with an associates?

i have also been considering military to gain experience in the field, preferably air force or army. But I plan on going for my bachalors in homeland security, with a concentration in cyber. but with the bachelors, its required to intern for a summer and I plan on doing that at the local police station on the high tech crime team(digital forensics team). Do you think that would help?

I should add that im stuck in a small area so that there isnt many options around me

Yes, I think that the internship would be a good opportunity. On the military, you have to be 100% certain you want to join and make sure you're joining for the right reasons.

Job experience, in my opinion, isn't one of them

I have a few other reasons as to why i would join the military, I just said experience to not get too into detail on that. I also see it as a way out of my current situation and area

goal is to become an ethical hacker

lol, an ideal end goal would be being able to go agency in the far future

yes, i strongly believe in the right org you shouldn't need more than a high-school diploma or equivalent - but hiring is tough right now, honestly its hard to say exactly what its like in other orgs but i've generally heard its slowing down or there are outright hiring freezes throughout tech/cyber

Hi I want to start my carrier in cyber security and pentesting . And not getting the right path way to start can some one help me to show me right path from beginning .

^^^ I'm kind of in the same boat as well, I've completed a couple of the starting rooms for tryhackme(like the presecurity and the intro to security rooms) and got pretty far into some of the intermediate rooms before my summer had other plans for me. I could use some advice for getting my foot in the door with cybersec careers and beefing up my resume before I apply for an internship!

how to get an internship in cyber security

🤷‍♂️

Look for one near you, apply.

In the US or globally?

Hi renegade, if you'd like to post jobs, please talk to @tacit bobcat so they can verify that you work there and can give you the recruiter role.

Will do, thanks 🙂

Gave +1 Rep to @stoic cave

Don't DM without asking

Hi I want to start my carrier in cyber security and pentesting . And not getting the right path way to start can some one help me to show me right path from beginning .

Hey, you already asked this question above. Repeatedly posting it is not the right move.

Sry

Guys, perhaps someone here can share their knowledge about IT audition/Cybersecurity audition,or work experience at the one of big 4 companies?

Do you have any prior professional experience, a degree, or certification? Pentesting is not a entry level area within Cybersecurity, and Cybersecurity isn't an entry level area within the computer industry generally.

Who are the big 4?

Pwc,EY, Deloitte,KPMG

Ah

Yeah, I personally can't speak to that. I do know some classmates of mine who went on to Delloite, and I've met one of the senior partners? Not sure on the title, the person was very high up though. However, the roles that they were in were cutthroat to say the least.

I know Deloitte have a lot of graduate schemes if you're trying to get in, I think the others do too

I learned about the big 4 from InfoSec prep, which has a lot of Europeans. One thing they seem to say is the pay isn't great until you become a manager

Send an email from your corpo account to hydra@tryhackme.com and list the job posting as well as your discord username/id

Does anyone have any certification from (ISC)^2. Like is their new Certified in Cybersecurity recommended for beginners to pursue the cybersecurity path after THM?

I've heard it's ok.

I have an exam to book with them.

ohh I see!

But i guess it's free for the first 1 million candidates right?

Not sure, I have 2 tickets.

oh okay!

woops wrong channel

hello im new here how can i get into cyber security

thanks ya'll

@carmine jolt ^

Ty

Hi, is there a resume review room or anyone willing to help out? Trying to break into cybersecurity from NOC role.

Here, best to redact anything sensitive though.

Well I am in the process of being offered to be a cybersecurity tutor for someone with a disability. I'm wondering what is justified to ask for.

where do you live

what is your relationship with the person

how much experience do you have

have you tutored before

Is it possible to land a cybersec job even without certifications? But have prior trainings and such for the job, although entry/intern level, it's just that can't afford to take certifications atm.

I redacted my resume but cant seem to attach files. Didnt think I should just post the text as it may be alot

You need to verify with the bot first

!docs verify

Thank youu, I was kinda worrying if my application would get rejected or something just because I don't have any certifications.

Gave +1 Rep to @pine grove

If anyone has time to criticize my resume it'll be greatly appreciated

Thanks a ton.

Gave +1 Rep to @quick forum

Yes but you need to network for that to happen. I got work in pentesting by being a sys qdmin for 2 years then working part time sales at a small cyber security company and while doing I did qlot of thm and proved to my boss I know how to pentest so i became a pentester

That's cool. I'll keep that in mind. Thank youu

Gave +1 Rep to @mellow bobcat

So you got a degree 2 years ago, you'll want your degree to be below almost everything else. Recommended format would be Skills (if you change it, if you don't, it should be last), Work experience, Certs and then Degree.

Once I see a few years on someone in terms of work, I tend to like more verbose skills section vs a word vomit. Such as "Network analysis using tools such as TCPDump, Wireshark", etc. Basically tell us what you can do with those skills.

Your first job, the first bullet is a bit off. So the only way you maintain system and network security is by applying patches? Second. bullet "Run Nessus vulnerability scans". I'd word it slightly different like "Perform Vulnerability assessments with Nessus and recommend remediation efforts" or something similar. Try as much as you can to use some powerful action words.

I like this resource but there are many online which tell you kinds of words to use on your work experience to tell the story of what you do/did
https://www.themuse.com/advice/185-powerful-verbs-that-will-make-your-resume-awesome

Thank you! Definitely going to make these changes, I'm terrible at resume writing.

Do you think this resume is enough to land an Analyst position?

If they only have two years of experience, wouldn't they still want education at the top? They're still fresh out of school pretty much

I would say no, because work experience is more critical than a degree and I'm guessing they have more than 2 years work experience

Gotcha

Is the Cisco CCNA cert an interesting cert for red team? If not, what are the most important/essential network certs for red team?

CCNA is a fundamental cert for networking. However, there is more to "red teaming" than just certs. You need professional experience as well.

Ahh, being fundamental for networking, it's definitely a viable cert for any career in cyber in general. My university has some discounts on certs, and the CCNA is pretty cheap rn, so I'm gonna look forward to it 🙂

CCNA is great to get into IT as a network admin, which can get you experience for a cyber career

Yeah, if you can get it at a discount, I'd take it.

Makes sense

Thanks guys!!

would you guys take the OSCP even if you already working on a red team?
I'm trying to figure out if my first cert should be OSCP or I should start with red teaming certs like CRTO, CRTP, etc

OSCP would be a worthwhile experience, since it includes a lot of the knowledge you'll need to perform investigations/attacks in a pentest situation. It also requires a lot of focus over a prolonged period. I've heard CRTP is very thorough in the methods it teaches and might be worth delving into after OSCP. Lots of people have said the CRTO 1 & 2 are also worthwhile certs to do after you're comfortable with the skills you learn from the OSCP.

If you're already working on a red team, you probably have a lot of knowledge and experience already but it's always good to discuss with your team and to find out where your skills need firming up. The courses for these certs will teach you quite a lot and that's really where the value is in pursuing a certification. Though the certification itself might only have recognition within some circles, I've had positive discussions with people about all of them. A certification itself, while a good mark of the skillset you learn, is only part of what makes you a good pentester/redteamer and you'll be continually encouraged to learn and research in your work

I would still say it has value

any network engineers i here??

in

Just ask your question

I'm a junior malware analyst the red team so I do think that I will take it at any point to set a minimum level of my skills and then to move on red teaming certs, I'm thinking about whether it gives me new opportunities or other companies will focus on my work experience rather than the certs

Tf that's helpful

As you say, OSCP is a very good baseline. I would say that it's worth using as a starting point to build upon with more focussed certs, personally, yes

Hi

My kali can no more detect wifi

Is the CEH "worth it" or is OSCP more highly regarded or a better use of time these days? Personally, not looking to get into pentesting but, as an Analyst, looking to build out technical skills and see the point of view of an adversary

aw man

Anyone get the OSWE? I want to do both OSCP and OSWE, debating which one to do first. I have eJPT, currently working as a web developer.

Thanks, sounds like getting it will be a good step

Gave +1 Rep to @undone shore

Hehe, good timing. Passed it at the weekend.
"Web developer" is a big topic, might need more detail there 😆. If you're focussed on back end and comfortable reading a bunch of different languages then that will serve you really well for OSWE.
Bear in mind that your ability to write standalone scripts is equally important though.

I would nearly always recommend OSCP first because Offsec have a certain style with exams and you're better off not encountering it for the first time with a 300-level...
That said if you're already really comfortable with web vulnerabilities and a bunch of different web stacks, and if you're doing this for the knowledge rather than job hunting (remember that OSCP tends to be the one with hiring power), it might be worth skipping ahead 🙂

Is there anyone with ISO27001 LA cert ? Can you share your experience with that certification?

Yea I'm doing full stack web development - React/Django. I've gotten through most of the material in TryHackMe and Pentesterlab, so pretty comfortable with web vulnerabilies. Looks like offsec is doing 20% off a Learn One annual subscription (https://twitter.com/offsectraining/status/1587450696038760448#m). I'm learning towards OSCP, but thinking I could probably start with OSWE given my background. How was the OSWE exam for you?

Ello.

.

Hi
My graduation will be over by next year july and I am entering my last semester. I am having 6 months of Internship Experience And I want to got for freshers Job In Cyber security Analyst
any suggestions what should I do next?

Exam was simultaneously hellish and great fun 😆
Sounds like you'd probably be fine with OSWE, yes. OSCP will be more useful if you're wanting to transition into a cyber role. OSWE will almost certainly be more fun. Ideally do both, otherwise pick which you prefer 🤷‍♂️ 😄

Does anyone know of some companies have starter programs?

I would look in your local area and see what surrounding companies are doing.

I have found some. But 1 has a horrible reputation. So I am just curious at what else is out there

hey everyone. I am going back to college currently and getting a degree in cyber security. degrees are great but they don't cut it compared to work experience. so i am wondering if there are any jobs or internships that would be part time to get experience. I currently work in the telecommunications industry as a field install and repair technician. I have to continue working until i can land a full time job in cybersecurity. (this is at least 3 to 6 years down the road. just trying to find experience between now and then)

this largely depends on what country you are in. Internships are more meant as a recruiting tool for companies vs to get you experience. One thing I did in college was work for the college's IT department. Something like that would probably pay less than what you are doing now though as it is part time.

U.S. & even tho I’m in college, I still plan on working full time, & picking up something part-time to gain experience. But unfortunately because I work in a union they will not let me hold two positions with the company.

Thank you for replying 😁

From what i've seen working in the industry and been told from various different recruitment consultants and managers they look for experience and certifications. Most couldn't care less about a degree and if they do they lead no where. At least thats in the UK. But Certifications and experience over a degree.

Thank you

Gave +1 Rep to @stiff swan

in the US, it is really a mixture of degree + certification + experience. It can be really difficult to get your foot in the door without a degree

Really?
Degree's don't really compare here to someone with certifications and hands on experience. Personally I didn't get a degree just shown my employer I have a good portfolio for someone that did everything by myself.
My interview process was more like a selection. We had our initial interviews then you had to compete on different challenges against other candidates. For someone that had nothing in the industry as far as certifications and degree's went i danced rings around the candidates and then got offered a job out of it.

Degrees are still highly desiravle in the UK

You might have had a different experience but that doesn't speak for other places

From what I have seen and/or spoke to both managers/ directors and IT recruitment consultants have all said if they see a certification with experience they will pick it over a degree. Don't get me wrong a degree won't hurt you but when you weigh up a degree to being certified and experience.
It's a no brainer on who's going to get picked. A degree only does so much for you as far as moving forward. Is it worth being a debt in the £1000s off a degree or going on a few courses getting a few certifications for the sake of a few grand. Which most providers you can pay off in a few years with ease. Or stuck with a student loan for several plus having to go and get the certifications on top. I know the route I would go down.

But I agree a degree doesn't hurt by any means. Just only goes so far

Seen most jobs requiring certs and a degree, or certs and experience.

I wouldn't be in the position or pay scale I'm in without my degree. Getting my degrees gave me a huge shortcut in professional progress of about 10 years worth of experience for 7 years of education.

I disagree with ypur anecdotal evidence and substitute my own

I skipped 3-4 years of working dull IT helpdesk and soc work

Unless I just got lucky I got the certs and walked straight in entry level job to where I want to be.

One experience can't speak for the industry.

A degree is valuable to employers for many reasons; typically, if a role doesn't have a lot of ramp up time to learn how to do the job, certs+experience is preferred, because there is already proven practical value.

What I typically see is that a BS or BA has a much greater theoretical knowledge bank, but doesn't usually know how to apply it. That doesn't mean that the employee isn't worth having, it just means there is some on the job training that has to occur to make them useful.

Experience and certs means that ramp up time is greatly reduced, but that employee will have to learn the theory on the job. That's usually a much more inconsistent way to get the theory part.

The reason why recruiters like candidates without a degree is that it's practically guaranteed they will be in those entry level roles longer than a similar candidate with a degree. If you don't have a degree, they can make a stronger argument (but still bad, IMO) that they cannot promote you because you lack the HR required background.

But countered your own point I never said it hurts you. But in reality certifications give you hands on experience to do a specific job role that's why certifications exist not just in the industry that's across the board. A degree shows you have knowledge and have it to the required standard to achieve the degree. What a degree doesn't give you is the qualifications specific job role qualifications to walk into the job role and do it. Again that's not just in IT that's across the board. A degree shows a potential employer that you have foundations in place already in order to confidently build in said industry across the board.

An employer uses a degree for the advanced entry level roles to replace the certifications because the likelihood is said person doesn't have them. But the degree shows you are more than capable in achieving.
That's not just in the IT industry that's across the board.

What I'm saying is for someone like myself for example I've done it for what about 10 years give or take about 7-8 years it was a hobby in my spare time I learnt about it. When it got to the stage that I went for a career change I just got a A+ token and passed the exam straight away and I started working my way through them with ease because I had done the work in my time off my own back. I know I few people that have worked in the industry longer than me by a couple of years and I'm further ahead they came into it with degrees. I didn't. I came into it learning from them because I was of the same opinion I needed a degree to skip the years. Which I'm proof that a degree gets you so far. I'm in my role now I have no debts to pay off at all. And I'm working towards gaining my next certification.

So in 3 years with no degree I have gained 3 certifications doing my 4th now. Compared to a uni grad in the industry some 2-4 years longer than me and still working on getting a 2nd/3rd certification.

So does a degree hurt no definitely doesn't but it's not desired by any experienced employer. Put in the work regardless of your past and you will progress a bunch faster Than a uni grad paying off debts plus trying to front up more certifications.

I don't know anything about the UK, but as someone who takes part of hiring in the US (as a peer/lead) and who has seen people without degrees stagnant in their career AFTER getting experience... in the US, degrees are highly desirable and aren't replaceable by experience

I'm a uni grad. I got a job before I graduated.

so I will always recommend degrees to people in the US unless there is a specific reason to not

Your statement about "not desired by any experienced employer" is complete nonsense as evidenced by grad schemes.

If you are paying for certs and while working in IT, your employer is exploiting the shit out of you. That is a thing the company pays for to make you more valuable to them, so do not fall into the trap of paying for it yourself.

It's completely reasonable to justify certs as enhancing your current job role, even something like OSCP.

If you are paying out of pocket with no reimbursement, you are absolutely being taken advantage of.

I agreed on the pay cut to take the role to get the certifications I needed to get into the job role then anything after that they are paying for.

That's barely acceptable, and only if hte role is absolute lowest entry role in the entire org.

Even then, it's right on the edge of being extremely exploitative. Even more so because of the pay cut.

I mean in college, working for the University's IT department, I was making as much if not more than entry level IT professionals (help desk that is), when I graduated, I was making more than double of entry level IT professionals

My first industry job was a senior role due to my degrees.

thats anecdotal but its not all that uncommon, my recommendations are based on working in the industry and being part of hiring committees

I'm no longer on hiring committees, but I have similar experiences

At the time I was of your guys opinion was a mission impossible without a degree but as I've progressed without a degree not anything to really back up the fact I could do well in the industry.

My first role was a IT tech for about 6 months then I was contacted by my employer now about an opportunity which is where I wanted to be. So I took it with the opportunity with the worst they can say was no and I landed in the entry role with where I was wanting to be in 15 years time.

its not mission impossible... its a rarity

It's not a mission impossible without a degree. It's just a lot more difficult.

When you 22 at the time with kids to support going to uni to get a degree isn't really an option

all we are saying that a statement such as "a degree is useless" is not true, especially in the US and sounds like the UK as well

its not to say that people haven't succeeded without one, but if you are giving generic advice, that can be bad advice

I know its hard work doing it at the moment. Been with this company now for 3 years still turn up everyday like I did on my first day. Work my arse off. Any work outstanding I'll get done. Because I'm still on paper not at where I should be for my job role but I've over taken a handful of grads I know in the same industry doing it for longer. So I am going to have that opinion.

Many paths lead to the same summit. Follow the one that works for you. 🙏

Thank you for sharing your personal journey into cyber security. 👍

Gave +1 Rep to @stiff swan

I have a question There is anyone known Courses teach Web App Pentesting ?
I want to learn Web App Pentesting

Lots of resources on TryHackMe, PortSwigger Academy, Hacker101,
https://portswigger.net/web-security
https://www.hacker101.com/

What'sup minion's

Anyone have resources for AWS Cloud Practitioner Cert?

https://aws.amazon.com/certification/certified-cloud-practitioner/

I mean besides the given study material

I am not sure that Adrian Cantrill has any courses because he recommends skipping that and doing the Sol Arch Asc but if he does, his courses are great. Stephane Maarek on Udemy and has good AWS courses

Thanks for the info! Yeah I'm still a Uni Student so I just wanna get my foot in the door with AWS for a few Internships I may apply to in the future. I've already have some AWS experience, but thought a cert doesn't hurt (even if it's not super technical)

Gave +1 Rep to @pseudo creek

Well it is 0 technical, meant more for manager types but it may show you have some knowledge

Yeah I figured

It is the "we are going to get you excited about all the amazing AWS services" certification. 😄

@vast totem Most technical people would start with the Certified Solutions Architect Associate or one of the other associate courses. It covers all the stuff the Practitioner cert covers and technical things like the AWS CLI and the Well-Architected Framework and lots more. I used A Cloud Guru for a lot of cloud stuff

heyyyy guys

Some of us have been around for decades and worked in multiple industries in IT. The hiring process is the same in all businesses and industries. What matters is who is involved with the hiring process as they define what has value to their eyes and what does not. And we will always find various company cultures and school of thoughts. Some people will highly value University, others will try to grab talent from other companies, others value hands-on skills + track record, others value specific certifications more, others seek new talent and will prefer to train them themselves, etc.

Since we are just humans, networking will hands down be the most powerful tool to find jobs.

In my experience, a certification will get you a job. A degree will get you paid and promoted. In a promotion scenario where you are competing against someone of similar skill but with higher education, they are promoting the person with a degree. Some larger (US) corporations won't promote you at all without a degree, so in many cases it is a barrier to entry. A lot of times management selects the person, but HR decides the pay scale and position, and often times they decide based on education.

That does make sense to some degree. But picture what happens to a company as it gets older.
Friends promote friends. And networking takes over ''competency''.

Certifications say " I know some stuff", where degrees say "I am willing and capable of dedicating myself to one thing for many years. I am dependable and competent". And that is a powerful message to an employer, which is why it is often used a barrier to entry.

networking definitely has its place in landing a job, you are right about that.

Many directors will say ''I don't care so much about skills. I need a solid team player that gets along with everyone else. And I only hire people that people I know can vouch for."

I dont know about that second part. Sure some hiring managers may set aside skill in favor of a charismatic and amicable candidate, but I doubt they would go so far as to only look for people they can "vouch" for. That can be problematic.

We are only human. And for better or worse, many of us are desperately looking for new friends. Or at the very least, to ensure that every day at work will be pleasant. There are people that are very skilled, but very difficult to work with. Imagine working with that person for years, it becomes less and less fun to work in such environment.