#cyber-and-careers

I know abit of linux as well

I would get Security+ and really start looking at interesting job listings you see and see what they are asking for

Shall i do online course ?

Are there any free course ?

Toronto city library is offering linkdin learning

Which offers comptia security+

Any other suggestions?

Lots of people do Professor Messer on youtube, he has free Security+ courses and others I believe

I'm reviewing some Network+ videos from Prof. Messer right now for my Network+ exam.

I tried to self study but the work hours I was doing just blew my focus and concentration out the door every time. I ended up taking a program at an Adult Education Center that was recommended to me, CCNA. I'm actually on Part 2 of the CCNA portion and Server+ which are my last 2 classes. Been trying to get a job this past month to get my feet wet since I got my A+ but so far no dice. I think it might be because I'm still taking classes.

Thank you Zojja for your help

Gave +1 Rep to @pseudo creek

However, I do admit the use of Professer Messer, Mike Meyers, etc.. has helped me to understand concepts better than what I learned in the reading material with the class.

Would starting out cyber security career in government be a good thing or bad thing? Been trying to get a job with what I have so far and actual government jobs I haven't tried touching yet...

It's not bad, but you'll likely get caught dealing with technology a decade+ old. You'll also need a clearance, which you can't get unless you have a sponsor. Sponsors are employers or the gov entity you're trying to work for.

Gov positions are posted on USAJobs.com and government contractor are on clearancejobs.com

For new comers, the OSCP certification should be the first objective. However, before thinking about the OSCP, the individual should first get a good understanding of IT ( hardware, troubleshooting, networking, etc. ). And on both Windows and Linux, no preference. For this reason, I would recommend trainings equivalent to CompTIA A+, Network+, Security +, CCNA. 2-6 months of XP working as HelpDesk at an IT Tech Support provider handling MULTIPLE clients to understand how companies are structured an may operate. How employees represent a risk. Where the flaws are.

And then... go for OSCP.

You could even try to get a Junior Pentester role before getting your OSCP cert or any other cert. Hard to do, but it's possible.

So, OSCP isn't an objective that people should be able to complete in 3 months. More like ... 3 years.

I've been in an Adult Education program since end of Jan. this year for CCNA. I'm on my last two classes, CCNA part 2 and Server+. I got my A+ in September this year and just passed the Network+ exam earlier today before class. After the holiday I'm going to hit the ground running to prep for my Security+ and hopefully have it before classes end or Christmas. I've had quite a few job interviews for entry level positions but no job offers. I suspect it's from still attending classes, but not really sure since I'm unable to get feedback other than they've all went in a different direction.

What does working at an IT help desk actually have anything to do with OSCP?

Not OSCP. Penetration testing.

And Red Teaming.

It allows you to see how businesses are managed, setup, protected, organized, how information and data is stored, etc.

does it tho? IT Help desk as a first job in general in IT isn't a bad move but really it isn't required if you can get other jobs. But one thing to remember is that all IT even penetration testing is a support organization to the business

the only ones who may not feel that are people doing tooling work, but even they may

Not saying it is required. However, for having myself acquired that experience, I would say it would be smart and/wise to get that XP.

For the same reason I think it is great to build a Windows Server to see how Active Directory is setup, DNS, DHCP, Organizational Unit, services, etc. And you can make your own home labs with VMWare.

Wanna test something? Learn how it is built.

That would be great, assuming the person knew how to build the thing.

that is true with everything in IT though, getting hands on practice, if you can, is great. has nothing specifically to do with those whose goal is to be a pentester

Pentesting literally sits on top of everything else.

You want to play with SQL queries? you cant do that unless you understand SQL

no, you are really just talking about building a foundation... which is useful in many IT fields

The foundation for Pentesting is not the same as other fields.

it depends on the field... Most cyber careers start out very specific, focused in on one area, then you broaden out and need to learn a variety of technologies, then you start to specialize in one aspect

so the foundation, the broadening out, is very common among various cyber fields

There is no limit to ethical hacking or pentesting as in... it basically goes to infinity. the more the better. Which is humanly very challenging if not impossible to achieve.

it may feel that way, but its not. It is really concepts.

the concepts are repeatable. Now maybe you are thinking about security researchers but even security researchers specialize. That data is used by a number of professionals within cyber security including ethical hackers/pentesters

… unless this is a software development company or MSSP.

that is why I said tooling may be an exception

So i'm also "new" to IT but I'm working for an IT staffing firm on the bench (Long story) I'm torn between blue team and red team, so i'm doing Pre-Sec, Intro to CS, Jr pentester, Offensive Pentester and Soc Analyst 1. That should give me the best of both worlds correct? I'm also working on my certifications (Mainly blue team at the moment but I am getting my PNPT soon)

P.S. I'm coming from a programming background of self taught for almost 10 years JS Stack.

Everyone I've spoken to has always said be a blue teamer first, then pivot, it will make you a better red teamer.

so learn to defend before you attack.

i can get behind that one.

mainly i'm doing stuff for try hackme and my CCNA

going this route : ITL -> CCNA -> Sec+ -> BLT1 -> BLT2

BLT

I'm joking, btw, It looks a good road map for you.

thanks.

that's the plan

(there are more teams than blue and red and not everyone starts in blue)

but blue team is more entry level cyber friendly than red team and there are a ton more jobs in blue team but there are a variety of other positions available too

if you've done web development, application security may interest you

blue team and red team are available at rather large companies with dedicated SOC

Anyone have personal/portfolio websites related to cybersecurity/programming? Looking for inspiration for my own project (learning JavaScript so might as well make my own site where I put some CTF write ups/my homelab/certs/projects etc

yeah probably there are some typos, my english is not my native language

and at skill bars you refer only at bars or effective at skills

is more good with circles?

here's mine, to see what you can maybe do differently

ok

Instead of these bars, are there other problems?

write a little introduction about yourself

OK

this looks more good?

use it like this, but with words describing instead of bubbles, or bars

and I eliminated CAPSLOCK

Now I will add a description

other tips?

I think this is better

I think you need to do a better job of drawing over your address.

You really should work on the censoring. Use a rectangle or very thick pen.

give me a review at CV, not at how good I censored my contact details :)))))

@austere fractal

Are you around?

So you're ok with your address half hidden for anyone to spend enough time to work out?

the top but doesn’t really make sense

Yes?

I mean, if they wanna dox themselves, it's up to them tbh 😄

Okay, just thought I'd ping you in case 😄

Do you mean to write it in English?

Or is it in English for us to read?

wait I think I dont understand the problem

the guys told me that I dont censored very well my contact details

done

I'm asking because your top part is confusing to me.

I dont know what description to put

"And I have 17 years"

Is that 17 years experience, or you're 17 years old?

Right, they were concerned about you sharing information you didn't want to share in here

yeah, but the contact details didnt see

aaaah ops

years old

and yes I want to make my cv in english

just noticed thatyou have "languageS" (plural) but only one listed. probably should put your native language as well?

the recruiter is roumanian

so is not necessary

I will delete the S

I dont know why I am so dumb at writing in english

I still making some mistakes

@broken idol

and I think in english you say "I am 17 years old".

yeah, I translated from my native language in english

oops

it's a foreign language, don't be to harsh to yourself. (but try to get an experienced person proofread these important docs)

Ok now, I modified thiese typos

Other problems?

or is ready to send

Dang, cool

yeah

I am 17 years old

yeah yeah, I modified

Sorry, I just looked at the latest s/shot.

no problem

I sent my cv in this stage

Don't give a personal photo of yourself. It is the first thing someone is going to judge. I dont know what ROCSC is. I don't know what Unbreakable is. I dont know what Acadnet is. "some learning from some tryhackme room". No. If you want to use THM or other challenge-based platforms as experience, create a portfolio and guide walk the room. You can't demonstrate knowledge by saying "I've worked in this platform". You have to develop a portfolio that demonstrates these skills, especially if you have no previous work experience.
"I dont hesitate opportunities" is improper english. I know it isn't your primary language but if your CV says you know English, your CV should reflect. It should say "I don't hesitate to engage in new learning opportunities and try new things" or something similar.

@weary chasm

I googled, and figured out that "ROCSC" is the Romanian cyber security challenge. Just spell it out, hiring manager is not going to look it up like I did. A general rule, spell out acronyms the first time you use them.

Additionally, you have labeled "courses" and have CCNA1 and CCNA2 listed. I assume from this that you don't actually have a CCNA certification, but have only taken some courses on it. I would not list it at all unless you have the cert. At best, you are showing that you took a class. At worse, a hiring manager might see it as an attempt to pass a course off as a certification, in which case they will question your integrity without even meeting you. I don't think the value to risk trade off there is worthwhile.

Okay: now some suggestions for improvement.

1. remove your picture. Don't give any non-technical reasons to not select you. People are shallow.
2. Spell out the ROCSC acronym, and below it in subtext give a short explanation to your rank. "I ranked 32nd overall and hacked/defended from hacking x devices" or something similar. Give context to the wins to make them sound impressive
3. Create a portfolio website for yourself to demonstrate your skillsets. If THM has a "red team" room and you want to show that you completed it on your CV, do the room and document it. Explain your thought process and demonstrate your understanding of the material. Post the link to your portfolio on you CV.
4. Certifications should be listed above courses on your CV, and ideally you should remove courses altogether.
5. Volunteer Works should be towards the bottom of your CV, and you should go into greater detail about what the work was. "I met nice people" does not tell a recruiter what the volunteer work was. Tell me what you did, and how it is relevant to the job.
   I hope this helps!

Thanks

Hello good ppl,
I’m new here but just trying to get some insight from anyone who is in the cyber security job functions already… I’m seeming to have a hard time landing a role these days.

?

You should probably tell us a little bit about you, your experience, what you're looking for, what you've tried, maybe ask some questions?

And maybe verify yourself...

!docs verify

Yea of course I just didn’t want to make a long post starting off but I’m looking for a incident response role currently in a support role basically system administrator role… currently hold sec plus cert and looking to get the ceh next… just trying to see what can I say during interviews to help me stand out

And I can send screenshots of my resume if needed

Sec+ is a good start, How are you progressing on CEH? What region are you in?

If you want assistance with your resume, you can post it and people will provide commentary/recommendations but you should anonymise any personal info (name, phone number, email, company names etc...)

Mandatory "I strongly dislike CEH" comment.

There are good reasons for that

If it is the desired cert in your region, go for it. But content and quality-wise, I think it's a terrible cert. If you've done Sec+ and have tinkered around in THM for some time, just shoot for Pentest+. It is a much better entry-mid level cert.

Yeah I think Pentest+ is a better cert than ceh, and much cheaper but I think if you have a sec+ and are gearing up for a pentesting role you should go for a pentesting cert that requires actual pentesting. PWK/OSCP if you can afford it but a pentesting cert should be a practical exercise with a reasonable level of training pursued prior to it and preferably with a report portion

My bad here is my resume

Well how can I upload pictures

I am in the USA TX area to be precise

Yea I can’t post in here I’ll have to send it to someone because pictures not an option here

You need to verify your profile. Click this link

!docs verify

CEH isn't widely appreciated these days due to the company's reputation and the fact the exam isn't really challenging, it's just a Q&A quiz. There is a practical version but it's not very highly rated compared to other exams these days. It has some relevance in a few countries like India or if you need it for a role on the DoD 8570 list
https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

Here it is

I didn’t know… what type of reputation does EC council have?

Not a good one, unless you're in India

It has been a few postings I’ve seen that wanted CEH but it hasn’t been many but nice to know… I just wanted to know about the reputation

Your spacing is misaligned on your Test & Eval position

Technical skills section should also be reorganized. Instead of bullets, it should be a bold header and a comma separated list

Everything you list you should also be able to discuss at length and depth for 20+ minutes

Ok but far as content wise I’m looking to improve my rate of acceptance when applying and also if I am missing things

Hardware and networking sub sections can also go, imo unless juun or others say otherwise

Over displaying is just as bad as under displaying

Your resume should be a precise and to the point document

I should be able to scan, preferably a single page (always exceptions), quickly and get the information I need

I get mixed reviews some love it some say it’s too much… it has been through at least 30 revisions

Start looking at LaTeX resumes to see how others are formatted. Plenty of free templates

Personally, I think it's too much. Technical skills should be pruned down and you should keep each job at 3 bullets, preferably, 4 absolute max.

Ok.. far as interviews go should I explain and answer questions in deep details or go straight to the the situation the task and how I resolved it?

I think that would depend on the questions

They usually revolve around things like “what is your Nessus experience” “how did your last company do vulnerability assessment” I usually keep these answers under 3 mins to get straight to the point

Hello, 👋🏾

Something to help.

I learned that the summary part should be brief and concise.
Use bullet points in the summary and not just full length notes.

Put Education right after summary. No need to list the Windows versions, Microsoft Office versions and others.
You want to tell what and or how you used those Software & systems, Hardware and Networking for and how they are important to the job you're hunting, use bullet points.

Consistency and Attention to detail: If you must use full stops (periods), use them everywhere.

Order:
SUMMARY
EDUCATION
CERTIFICATION
TECHNICAL SKILLS
ETC

You can already see that if you put up CEH or Networking+ in CERTIFICATION, I know you know about those Networking technical skills you put up hence I don't want to see them.

In your CERTIFICATION, no need to put where you got your certs from, just put the full name and the acronym or abbreviation in parenthesis, they serve as Buzzwords to be easily spotted.
E.g THM Certified Ethical Hacking (CEH)

I think the whole industry should come together to agree on what to use for lists. 😂

The company have had quite a few scandals, including misogynism, transphobia, and numerous proven instances of plagiarism.

The exam materials are dated and apparently frequently outright wrong. The exam itself, as Moose said, is a meme.

CEH is useful only if you have to get it as a HR hoop to jump through. That's common in India. If you see it anywhere else, think long and hard about whether that company is likely to be a good place to work (and not, say, stuck in the dark ages).

is pentest + useful?

could u just go straight to OSCP

after like sec +

I can never remember if it's PT+ or Sec+ that the US DoD request. Whichever one of those it is, yes, that's useful.
Tbf, CompTIA certs have a pretty good reputation anyway. They're often used again as HR checkboxes, but the certs themselves are also usually considered valuable, yes.

ah okay thx, how much study time do you think would be needed

I mean, I did 🤷‍♂️
OSCP was my first cert. Not the most useful for the UK necessarily, but still packs a punch, has decent training materials, and doesn't expire (I.e. very good for a uni student looking for their first cert)

for net +, sec + and pt+

yea haha thats what im thinking

No idea I'm afraid. I haven't sat any of the CompTIA ones personally.
Everyone will take a different length of time to study for them as well, but there's probably a recommended length on the website?

@remote mauve did you not do a few of those?

ah ok thanks

btw

did you find the OSCP hard lol

Heh, literally all of the ones you asked about he's got. Hopefully he'll wake up soonish.

Yeah. I passed it before they changed the layout though, so not sure about the new one. I would imagine it's a little easier now that a big chunk of the points come from AD rather than having to scrabble for them through rabbit holes though 😆

Again though, I haven't seen the new format myself, so 🤷‍♂️

respect haha

afternoon

afternoon

Morning Chev

12am for me

so morning tbh

xD

it's not morning anymore mate, i'm up for the last 4 hours 😄

Wax lyrical about PT+, Net+, and Sec+ please

It's 11am. That is morning smh

wrong order mate:
Net+ -> Sec+ -> CySA+ -> PT+

Oh, unless you've gone back to the continent for a bit, in which case you get a pass

Those weren't in order lmao

nah, leaving next week for a few days haha

But give me 2 mins to reply to the man

The reason why you do them in that order because the next cert encompasses the previous one to some extent. So it just makes sense. I've done Net+ without studying because i'm an idiot and barely passed it by 2 points haha

They are also really good to build a solid foundation on vendor neutral things which make them worth

tbh I think you've got every single cert i've read of

but best if you have student discount making them 50% off

oh ok, would u recommend doing them all?

if you have the finances and don't believe in yourself like me, then yeah, otherwise nay

im thinking of just doing net +, sec +, then OSCP, but maybe i should do CySA+ and Pt+ in that order u recommended

5 certs

pog

yeah, trust me, there are very few people that actually understand networks in the security industry (or i've been working with the wrong people)

all of them are good to be fair. i've done PT+ because i was beta testing it

i had no materials and sat the exam and passed with a good score looool

will keep in mind, surely networking would be pretty interesting tho?

i still meet people that don't understand NAT-ing...

haha i shall hope to emulate that then

i don't advise, i'm just an idiot in 99% of the cases

dang, yeah, im an idiot atm.. xD

0x1 speaks for itself

... I wish you were joking but I know you're not

oops

i responded to the wrong message

Everyone starts somewhere, and you're (likely) not an idiot. As long as you learn then you're doing well for yourself

meant to respond to this one

thanks :D

Gave +1 Rep to @undone shore

LOL

ok free rep

but jokes aside (or facts in my case) ; learn your networking bits (NAT, DNS, rDNS, private/public addressing) other things worth noting is understanding how encryption and channels work for networking devices, i still speak to networking staff and don't understand algos which make me frustrated ....

and subnetting ofc

right, shall do 👌

thanks for help

Network address translation

my pleasure, i've been absent for majority of 2 years but i'm back here haha

Uh

OI

WHY DID YOU REMOVE TWILIGHT SPARKLE

https://tenor.com/view/smile-gif-22700131

natting belongs to the basics brev

There we go. Much better than that monstrosity.

yeah, when she transformed the look was quite meh to be fair

I will take your word for it smh

you believe so. but i'm telling you from the industry. you have IT managers that don't understand IT.

you have networking staff that don't understand networks

thats pathetic!

then you need to baby glove the information to them so they understand haha

welcome to the real world where stuff is not fair. Sink or swim

also quick question, do you still have to resit all the exams every 3 years for all the compTIA certs u have @remote mauve ?

yes, unless you do a cert that is higher than the previous one

then the answer is no

Goddammit. Why are there no Jen-from-IT-guys GIFs smh

ah ok thanks

np np, as a matter of fact i'm studying for my CASP+

oooh

but if you need pointers or help feel free to @ me 🙂

i haven't heard of that one before, but best of luck, and yea will do, really appreciate ur time

prep work i advise: youtube - professor messer and for practice questions they are on udemy 🙂

cheers i will check it out

don't waste money on the expensive bundle from CompTIA; buy the books from Amazon or second hand

it's security architecture 😄

ahh right :D

i like torturing myself so yeah...

hahaha I can see

But as i said, give me a shout if you need anything else

great, thanks!

Gave +1 Rep to @remote mauve

Ta Chev ♥️

no worries, if you want i'll share my cert page when i'm done with it, i talk about the compTIA certs

and a few others haha

ayy notion gang

i use joplin as well lol

sounds good

Cool, i'll try finishing it off over the next few days, at least this page haha

cool, looking forward to it, @ me when its done

it's part of a bigger project anyway haha

solid solid

but it's a pain

looks cleaner than my notion

oh, that's just what's public haha, my actual private notion is a mess

ohh lol

i see

benefits of being a student bwahahaha

i got the personal pro for free

how did u get it free

being a student?

xd

yeah

you register with your uni account

ah nice

imma be at uni in 2 years

still some time

if you have an ac.uk or whatever email address it should work

github does the same btw

oo i see, yea that is very useful

yeah, i'm a cheapass

i mean ive been using this bitdefender link which gives u 90 days free everytime

its like for new members

but it just doesnt expire lol

can i send a link here

nah, it's okay 😄 i have bitdefender for 5 years

oh lol nice

yeah, it's frustrating as it seems to intercept my VM connections

and if i set up a webserver it sometimes doesn't deliver my payloads

in the middle of running a VM?

yeah, lol

it sees it as a C2

that does not sound good lmaoo

yeah.... it was fun during my OSCP

i was like. I'm 99.9% certain this payload should work

then i check my AV logs and the files were blocked

damn

ive been thinking imma probably go to somewhere with super speedy wifi when i sit OSCP

cant imagine uni wifi

lmao

yeah, probably not

i mean i have 4G at home... and i have to do my OSEP in less than 3 months

that'll be fun

F

yeah

Both. Each fill different categories of 8570. Sec+ fills the more common category.

Ta

@remote mauve do you have a lnk for this? 🥹

Has anybody here ever participated in Google summer of code?

hello. I'm a final-year student. Is there any thing I should know or do in order to ace the cyber security interview and get a job as a security engineer? im currently learning python and penetration testing, create a simple security project such as port scanner, SIEM in azure and setup active directory.

Better to bring the question to #programming perhaps

Final year student of what? School/college/university? Studying what? What skills do you have?

!docs verify

what country are you in? the answers may vary based on that

It's not done yet, I had guests over yesterday and didn't get much of a chance to write, I'll put some time aside for today to hopefully finalise it

Hey

wondering if someone landed a job only with the Tryhackme Cert!

Your ability to land a job might depend on other things, such as your other experience, certifications and qualifications elsewhere and your ability to talk about skills and tools and how you have used them, in your study or in the real world and how they would apply to a role you're seeking.

There's a difference between certs and certifications. THM certificates indicate that you have answered questions in a series of rooms on a path and you've practiced some of the things people do in a cybersecurity environment. You need to be able to discuss some of the tools you used in some degree of depth, show that you understand the processes that might lead to using these tools etc...

Also, a certificate isn't the same as a certification exam. The knowledge you gain will be worthwhile but the certificate isn't going to have the same weight as, say the Sec+, Pentest+, OSCP, CISSP etc.

It might indicate to an employer that you're showing an interest in a particular domain in cybersecurity but you need to be able to demonstrate knowledge/skills to show you know some aspect of the role or you're working to learn and improve yourself.

Check out the THM blog success stories https://tryhackme.com/resources/success-stories

True. It does reflect well still 🙂 Just had some Security Engineering Managers/Head of SecOps commend the other day about one of their new joiners in the SOC being "1% on THM!"

this is actually good information, thanks for sharing!

Also worth noting that THM does not give "certs" (certifications).
It provides certificates of completion -- these do not certify your skills, and TryHackMe is not a certifying body. They prove that you've completed the training in the relevant pathway, but that's about it.

It's... worth not mixing those up on your CV / in interviews. Often doesn't go well.

I can let you know that tryhackme learning + more personal exploration got me far in 3 years.

So yes, it works, it depends on how much you time you invest into actually understanding the core concepts of the rooms/paths etc

@undone shore I agree but I would say it would be something to put on LinkedIn right?

Yes, or on your CV under "Education"

@undone shore Right but to tell your employer or potential employer that you have hacking certs is a no no 😂

I mean, not unless you actually do have hacking certs

THM Certificates of completion:

I have completed the TryHackMe X,Y,Z learning paths and can prove this with the provided certificates of completion
Certs:
I have passed the A,B,C certification exams provided by D,E,F, earning me G,H,I qualifications

@undone shore well I am just beginning my journey and was referred here to learn along with my masters program. I definitely will share to LinkedIn but CV no.

That is up to you. Personally, I agree. I wouldn't put THM/HTB learning on my CV, but I've, uh, got developing the content in under professional experience, so it wouldn't really make sense.
If your CV is a little sparse (e.g., first cyber job or whatever) then it could make a lot of sense to include it as proof that you are a self-starter and place emphasis on your own learning.
Very much depends on circumstances.

@undone shore True im working on my LinkedIn profile now getting it just how I want it so I’m focused on that

If you want to show your doing THM, make posts about it. Imo, it doesn't belong, Muiri you're a different case, in experience or skills and I think education is a stretch. Extracurricular activities would be the best place, again imo

Thank you @stoic cave

Gave +1 Rep to @stoic cave

I always say to go take what you learn from THM/HTB/[insert course here] and go do some project related to it to demonstrate the skills you have

Example: I did The Cyber Mentor's Practical Ethical Hacking course a few years ago. Instead of listing that I did the course on my resume (because anyone can just kind of click through and say they "did it"), I had the Active Directory Lab listed under "projects", because that shows some level of understanding of configuring Windows and Active Directory.

Does anyone know if interview questions that are really specific to a particular issue can prevent you from getting the job? It seems to be always one question I can’t answer being sooo specific to one issue.

it depends, if it is a technical thing you are expected to know, then yes...

or like something basic

but generally when we ask specific questions, we are looking for more how you answer

Mind games GREAT!!! 🙄😒

no not mind games but say we ask you a technical question that it would be nice if you knew... and you didn't, how you answer then matters

but say you were going for a senior networking job and someone decided to ask you the difference between TCP and UDP (which I would hope they wouldn't because... that is a waste of an interview question) and you didn't know, do you think you would get the job if you got the answer wrong?

Welcome to humanity. Society functions on mind games. Get good at them.
Interviewers are looking for a certain set of traits. Adopt those (and not just for the damn interview. In general).

One of the key things I looked for in a candidate was the ability to know the limit of their knowledge... and to admit it candidly. Making guesses and doubling down on those potentially wrong answers is a very quick way to not get to the next stage.

And that's one of said traits

Questions like that can test your adaptability to a situation and your willingness to surrender not knowing. 🙂

Hey all, I currently work in a non-IT field (clinical pharmacist), looking to pivot into cyber. I did my deep dive and have my cert plan lined up: sec+, net+, cysa, AZ-900 at least to start. My problem is that I am struggling with figuring out how to get experience, since I read that is a huge barrier in landing that first job. Is there a way to show experience other than pursuing an IT job (documenting THM, documenting learning on other sites, building a home lab, building a portfolio, other suggestions)? I did build and upgrade my own computer (pc master race!).

I'm not looking to leave my current job right away, rather I'm waiting until a cyber/cloud related job opens up in my hospital and I'll apply internally, or apply to a government job that a few of my friends currently work at.

Of the 7 "specialisations" listed on THM (security analyst, security engineer, incident responder, digital forensics examiner, malware analyst, pentester and Red teamer), which ones are in highest demand? I know it will vary from one country to another, but I work internationally so I'm asking in general.

security analyst / security engineer are probably highest

just because of pure open positions

I have 5 years experience as a sysadmin and 12 years of consulting experience as a developer and architect, so that's pretty much perfect for me then

well and also how those job titles align, may differ per country, like I'd probably flip how how they define cyber security engineer / analyst... based on working for a US company

do you have any cloud experience? I know this is my primary bias

Yes

I'd look to see if you can find any cloud security engineer positiions

you could also look into app security based on your dev experience

I've been working with azure and MS saas solutions the last 8 years or so

This is also a great list of various cyber security roles and cyber adjacent roles https://niccs.cisa.gov/about-niccs/workforce-framework-cybersecurity-nice-framework-work-roles

Nice, ty

Try #jobs-board

Hello everyone I'm new here

Hi, check out #start-here

Heyas, I could use some advice regarding my resume. I'm just finishing up a technical certification for CCNA and I've been applying for IT jobs, have gotten interviews but nothing solid I think because of my current availability schedule. I want to get into cyber security/digital forensics in the long-term, but right now looking to get into the workforce with minimal experience. I've only started really doing THM lately when I got the discount applied, so I'm working on that cyber security skills part. Thanks!

get rid of all the “learned” in the ccna bit - and tbh i’d probably rename it “certifications” instead of “education” and remove bullet points all together - people know what ccna is

i’s make a new section for the “projects” though and expand on them instead

also tie your work history into what you wanna do

did you do anything that helped security in your previous role?

my hands are too cold to expand further

Other than the occasional hardware setting up, I guess security-wise, followed HIPAA and Controlled Substance Compliance....

put some of that compliance stuff in there

mention standards if you can

but dont just list them

say how you applied it

Best response I got is "I kept my mouth shut using HIPAA regulations and Controlled Substance Compliance when processing prescriptions."

I guess I'm not following how to say how I applied government regulatory standards to my work history?

I think your education section is a bit confusing, maybe because you have it blacked out... but I would expect you would have
"IT program at XYZ"

• bullet points

Now specifically for your program, I don't particularly care to list training programs for certifications... You got the certifications already, so your first bullet point I would get rid of. I'd also get rid of "Learned" at the start of each line.

What is CCNA under education? Is that outside of the program? Is that self study?

Did the program have you do something like set up a github? Do you have anything that potential employers could review?

On your skills, I know you might not agree but I'd get rid of anything that is subjective so your first item about being communicative should not be there. But you don't list linux, you don't list networking, think about other skills you believe you possess

Also, think about being more concise or putting more powerful words in general on a resume... like "Spending time learning about cyber security with TryHackMe", I'd just put "Developing cyber security skills using sites such as TryHackMe". That makes it more active than passive.

I guess this whole time I've been looking at it wrong... I thought the program itself was CCNA, but it's actually "Cybersecurity and Networking." Definitely need to change that part then.

Yeah, guess soft skills don't mean squat anymore, so I can get rid of that stuff.

ahh ok that makes sense

soft skills do mean something but they get tested in an interview and really everyone could put "communication" as a skill

I hate resume building... was always good at writing, but resume building... bleh....

its ok, its a bit of an art form

I'll go through it again later today and make changes. Thanks.

I did create a small interactive trivia program about dragons with Visual Basic 2013 as was for the Programming logic class final... I think I still have it on the USB drive I saved it on. But no, we didn't do any github stuff.

Just confirmed with my classmates... the program WAS called "CCNA" when we had started in February... now it's been changed to "Cybersecurity and Networking." I've updated that much on my education since it is more fitting for a program name.

Keywords from the job description, any courses you've completed help

Cybersecurity and Networking does sound better

Do you think ccna certf worth it

In finding job and pratical in general

networking knowledge is definitely worth it. Knowing OSI model, how arp, routing, and BGP works, etc.. subnetting, is always useful, even in cloud.

I guess the real question though is how it compares to other certs, and what specifically you want to do. If you want to work somewhere on premise over cloud, its probably going to be even more useful

do you guys think doing fulltime helpdesk is possible while also being a fulltime student?

I worked full time while doing my BSc. the course and work were fairly flexible

alright, i figured it sounded doable. now just trying to find a position i can apply to.. so many remote helpdesk positions want you to still be very nearby and im getting frustrated lol

Well you have to do what you can. Don't limit yourself to helpdesk jobs if you feel you're ready to approach other jobs

im probably not ready for anything else

Keep in mind that just because subtlety had a job that was flexible, it's not always the case

This is true, it is all about balance and finding what you can to make it work. I split the last year of my course over 2 years as well. If you're studying something that can benefit the organisation, it's worth discussing your course with them

Hi, hopefully this is the right channel to get help with this. My friend and I are looking to start a cyber security club here at my university. We would like to set it up with a professional organization like the ISC2 student associations. Right now we are just trying to see what is out there and I was wondering if anyone here might have any suggestions for us. Really what we are looking for is a good student association that has some name recognition behind it.

Any help given would be greatly appreciated!

Well if you can manage time there are opportunity

You both are new to this field looking for job things?

Yes and no, we are currently finishing up the minor for Cyber Security this winter and we have been working in IT for a few years. We are trying to find a way to help boost our schools foot print for those that want to get into cyber security or are looking for individuals like us on campus.

Ok. Took 1 year to learn things to place 999 aka top 1% here. Now I heard its no juice! What else I need to learn to get teh job? I learn to code with 6502 assembler about 39 years ago....

John I'm not sure what exactly you're saying or asking here

Are you saying that your skills you learned from tryhackme haven't been enough to get a job? What jobs are you applying to? And how many?

nothing... forget all!

Just saying that even in top 1% here dont give any positive signals here In Finland. Maybe in some other coutry? Wondering!

Sounds like they only care about that you know the stuff, not how you rank on some website.... which can be pretty common in a lot of places.

Do you have any other credentials than this? Like a cert or experience? Blog? Degree?

Well it could support your candidature if you have no relevant experience or certifications related

many employers are looking for experiences or degrees, sometimes both but not all. Sometimes they let you the opportunity to prove yourself but theyr not gona hire you only because you are top 1% in thm ahaha

you def should pass some recognized it cert like cisco or comptia

yeah.... just dont have money to pay those exams 😿 So I think this is hopeless situation.

not at all my friend dont give up

you can study by yourself and only pay the exam which is 150 for entry level and 350 aprox for associate cert approx

or make your teeth in another IT field and pass certifications with the sponsorship of your company, there is many solution my friend just don't give up continue to learn and grind

i mean for cisco cert

Well I mean I have no extra money to buy anything. Even 150 is like half of my monthly budjet! And I was hoping to make portswigger's acedamy but they asks company email to get burp to work with they academy. I mean that if you are broke and dont have a job its damn hard ... Period finito caput 🤪

Portswigger academy is entirely free and does not need a work email

Creating a blog is free, you can do write-ups there and write in general about what you are doing/what you know.
Setup a GitHub account where you can help out people on projects or create projects yourself.

Link both of those to your resume after you've built them a bit.
This will at least show the employer that you are dedicated to learning, growing and that you most likely know what you say you know

Stay strong and don't give up 💪

Nice tips! Ty!

Good morning everyone!

anyone know of any remote cybersecurity jobs?

you gotta be more specific like... what type of job? what country?

This isn't the place for this

anything. im an open book. Based on what you tell me I can get a better idea of what topics i need to focus on.

you still didn't mention what country

the states, europe, middle east, maybe asia

Remote work across borders is even more difficult

Basically remote jobs are still for those who have the right to work in those countries and are in that country.

which is why I ask location

It seems a lot of remote positions I'm finding are really not remote positions at all... some say remote but description will say "at a facility," some are more hybrid than remote, and then there are the ones that are actually hybrid but require you to be in that area to work remote... I'm guessing for tax purposes.

Kind of like when a job is advertised as entry level and require mid level experience for entry level pay.

What are the min. Requirements to get a intership in Cyber security.. as a college student?

From what I have seen it's be in a IT related course, cyber sec preffered but have seen comp Sci & software devs enter too

Like ..can you explain the skill set required..or what interviewers look for..

It really depends on what the internship is for... CyberSec is a broad industry. Anything more specific you are looking at?

Was wondering if anyone could point me in the right direction I’m looking to go the threat intelligence route and was wondering what certs/training would be best to get there.

Not sure what your starting point is but eJPT of you are complete beginner, then OSCP if you are looking for certs recognized by employers. (Otherwise I think HTB pen cert is better if you care more about actual learning and affordability but it's not as recognized as OSCP yet).
Blue Teams (BTL1) level 1-2 for defensive part and actual "threat hunting".

anyone know how to volunteer to get some experience?

Never work for free unless you support a charity. Get an entry level job doing something like tech support or wherever you feel your skills are applicable.

asking because i have no exp and i keep getting rejected for entry level. kinda discouraging

but i wont give up

Splunk certifications are good for threat hunting, also recommend looking at www.DFIRdiva.com

Perhaps get some certifications to show your skills and how you've developed them

I've had some folks tell me to try to get internships... issue is I'm not going for any bachelor degree programs which has almost always been the requirement for applying... I've gotten lucky a few times that didn't require it but I think it was a matter of my availability despite the coursework I was completing.

rather than internships, try looking for apprenticeships.

I haven't seen any of those.

hey guys, i got a question to pentesters, do yall got a college degree? if yes do you think that it makes that much difference? i'll finish high school soon, and i really wanna know if i should dedicate myself to a cyber career as fast as possible, or get focused on a informatics engineering degree for example

A lot of people do get a degree in Computer Science or IT or Cybersecurity when aiming for a career in cybersecurity but a degree isn't essential. A degree will teach you a lot about the field and the skills involved in cybersecurity, as well as skills like writing reports correctly, learning how to learn in an organised and effective manner and other things. It isn't essential to do a degree but it is encouraged and most large organisations will expect you to have a degree or higher.

A lot of cybersecurity skills are learned on platforms like THM but most recruiters will also expect to see certifications in areas related to what you want to work in. Penetration testing is certainly a fascinating pursuit but it isn't the only role you can do in cybersecurity and most cybersec folks don't end up working as pentesters.

There are only a limited number of pentester positions for every org that needs them and the skill level and expectations are quite substantial. Hacking skills, though, will teach you a lot about how cybersecurity really works and having hacking certs shows your interest and evidence of your skills/potential to future employers. I would suggest reading the 'Tribe of Hackers' books to get an idea. They're currently part of one of the cybersec book deals on Humble Bundle atm

Thank you for the tips, I'm aiming to do a Cibersecurity level 3 degree, I was thinking about pentesting mainly because it's an role that requires more knowledge and i don't see many pentesters on my environment, looks like the market needs it, Yeah i can also try SOC but looks like there's a lot of people on defensive security to a small portion of pentesters tell me if im wrong, also thanks for the book recommendation i was looking for a book to read aswell

Gave +1 Rep to @rugged delta

It is still worth it learning the skills needed to be a pentester and to aim for it as a role. Everyone here is working hard to improve their hacking/pentesting skills because even if you don't end up working in pentesting, you learn a lot of really cool things and it's a lot of fun. There's a whole culture around this business full of fun things going on. And yeah I'd recommend getting both of those book bundles (Wiley and No Starch) because they're full of books we discuss and recommend all the time in #bookclub

Alright, thanks for the advices, appreciate a lot

Gave +1 Rep to @rugged delta

farming reputation with me lol

Volunteering is good, but you do not have to do that for experience. Working THM exercises is experience too. You need to put that on your resume. Anything you do, home setups to learn, it all counts as experience in the IT world. Also, get an entry level certification. Even if you have a degree, prove to potential employers that you are willing to learn and put forth the effort. They complain there is not enough talent to fill jobs, but the problem is not the applicants, it is the HR people doing the hiring. The "Purple Squirrel" syndrome is a real thing.

No. THM is not experience. Experience on a resume is professional experience, not things that you do on the side.

Things on the side go into the projects or extracurricular categories

Not going to argue with you, but it is experience. You even say it in your second comment.

No, I dont

i put pentest fundamentals on my resume and i got a call but once i mentioned thm, they were kinda like "oh..... well we got customer service rep for entry" i think she's going to ghost me lol

It is not easy to break into this career field. Just keep plugging away. Any thing you do to improve/educate yourself, keep track of it and use it to show you are learning. Fit it into your resume anyway you can. Do not give up, trust me, I spent a lot of time breaking into this field. Pay no attention to the narrow minded. Put anything you do to learn on your resume.

Experience is a very narrow and specific category. It's what you've been paid to do in a professional setting. So in the US that would be W2 or 1099, anything you've done that has those two forms is professional experience and belongs in the experience category. Projects and Extracurriculars are not experience on a resume. They show interest, but doing it on your own for fun is entirely different from doing it in a professional setting.

They're asking how to get professional experience & you're saying by having that same professional experience that you're looking for

cause Im curious too what to put as experience

maybe just certs?

Certs can go into a certs subcategory under skills

By certs I mean certifications

And volunteering doesn't count as experience? Or I suppose you shouldnt volunteer

Volunteering can be it's own category, also in extracurriculars if applicable. I don't want to say all volunteering isn't experience, because that kinda gets messy with 501c3 stuff where you're doing legitimate work, but not getting paid

If you were compensated by the organization that you are filling the position for, it counts as experience. Usually, this is getting paid. Some internships or apprenticeships will compensate in other ways (food, living stipend or credits) but this is very rare. In the US, you can count volunteering as experience in very rare cases.

Usually though, if you cannot demonstrate some kind of meaningful compensation for your time, it does not count as professional experience and should not be listed.

The first time I was in college, one of my friends was in a CompSci program and volunteered as an IT person for the local multiple schlerosis charities - that definitely counted as professional experience, as he was doing legitimate work for the charity that required expertise and some amount of skill and training

So, what I am hearing and do not agree with, if you did not get paid, it is not experience. Unless it is specific volunteer work. OK, with that thought process no one, or very few, would have a job in IT or Cyber. Put your learning on your resume. Put your certs on your resume. Put your messing around on your resume. If you have not had true job experience you have to prove some kind of knowledge in the field. Learning on THM, HTB, Code Academy, what have you is experience. Anybody that say it is not is the same person that says you have to memorize all the troubleshooting steps for help desk or processes for pen testing. Off my soapbox. Good night.

Perhaps differentiate between work experience and general experience based on learning.

You're using a word that means a specific thing, in a resume sense, for things that are not.

We're not saying not to put those things on the resume. We're saying that none of those, besides the paid *sometimes volunteer work, are experience.

Putting it on your resume is fine. Putting personal learning projects on your resume as professional experience is going to get you roasted if you make it to an interview.

Nah thanks for saying that cause Im applying to things soon... Im going to just leave experience blank other than some teaching things Ive done in technical fields maybe... maybe if I write a kind of potent cover letter explaining

definitely not trying to get roasted in an interview lol that would be horridd

It doesn't have to be cyber related, it can be any job you've had

I've had to do it to a candidate. How they slipped by the recruiter is a mystery. Dude showed up 2 hours late for his interview, stoned out of his mind, and then couldn't actually talk about anything on his resume except his name and address.

I had lifeguarding on my resume

Until I landed my first job in industry, I kept my food service and tutoring as work experience, because there were useful soft skills I learned in that field. Also, it showed continuity of employment

Hmm, so even if all Ive done is waitressing and teaching some things?

This. Both things are important

Yes, both of those require an immense amount of soft skills

Relating things you've learned at those jobs to the job your applying to is a good idea

Teaching shows that you are capable of explaining what you know to another human in an understandable way. This is a huge soft skill for security in particular, but is valuable across the board

Yep

bet that makes sense honestly

i got a good offer on this so im weighing if its a good option https://training.linuxfoundation.org/certification/certified-it-associate/

It covers cool stuff, but it is very different from A+ https://training.linuxfoundation.org/resources/lfca-free-resources/

It is a basic cert. Stuff definitely worth knowing, but idk if cert is necessary. If you go through materials, you can see which way you want to go, and just get higher certs maybe, like lfcs, cka, etc. I got it because I had voucher bundled with lfcs.

oh thanks man, i was thinking of picking it up since i got a $90 voucher

A+ is a helpesk cert. This is intro to enterprise IT cert. I am not a man :P

I mean... it will not hurt you, but I would rather learn what it covers, and pick some higher cert if you like LF :)

oopsie hehe, mybad.

It happens, all good.

thats also true but whilst im planning for LFCS, you think the $90 is worth it for the cert?

I would skip it. Go through these courses, learn what it covers, and put money into lfcs. It's kind of like linux essentials with added cloud and devops. I don't think it has much job market value.

But! If you have to pass exam to force yourself to learn, go for it. These courses give you noce foundation.

hmm, i guess i will focus on LFCS then

I picked up vim cred, bahahaha. It's so geeky that I had to have it : D

That knowledge will be very useful for you, but you do not necessarily need to spend 90$ on exam. You will have to learn that stuff sooner or later anyway.

oh its, $90 for the courseware and exam

and then a free opensource course idk

These courses I linked are free.

These are official prep materials.

It is really up to you. Courses are definitely worth to go through them.

Does the job your applying for mention this certification? Also, looking on LinkedIn, there were 29 results found for this cert. HR recognition is an important part of getting certifications.

already employed but i dont have any certifications as of now. Just thought doing this would be somehow worth it maybe when I do LFCS

Yes, the cert I was talking about was LFCS

Is your org having you take it or are you taking it just to get a cert?

Im taking it to solidify my knowledge with sysad stuff and linux

just to get a cert yea

Have you considered Red Hat's offerings?

I would just make sure that the cert you're choosing will provide some form of value in the form of HR checkboxes and name recognition.

oh, can I ask how you searched for jobs that look for a certain certification

well ill be transitioning to red team probably in the future so im just doing this to learn more about linux and sysad stuff

Just type it into the search bar in the jobs tab

LFCS had 29 results and Sec+ had 1 mil

Ah,, so Sec+ is more worth it when im already in a security job

Security+ is a fundamental cybersecurity cert

It's the entry level for cybersecurity and then OSCP is the entry level for pentesting

Alright alright, should I also take Net+ ?

or just go in Sec+ then OSCP

Sec+ is good for building up a baseline of knowledge for a bunch of cybersecurity terms. I actually really like it as a fundamental cert

Most of the RH certs are valuable in terms of HR gating and technical knowledge - they are all 100% practical and require best practice implementations during the exam to pass

LFCS is also 100% practical. They are both good, imo. Which one you get is a matter of a preference. But yeah, if somebody takes them purely for HR, RedHat is more popular. However, I am getting job offers with LFCS, so it definitely is recognized. It is a well established cert with a rep of being difficult, and you need to be very proficient to pass it because timing does not leave much room for playing around, and you need to be careful to not mix nodes (I did, lol). Exam was really fun to take. My 2 cents.

But I think other certs from Linux Foundation are more popular, like Kubernetes certs, and all that.

ISC² is offering their new CC for free for the first 1mi just so you know

for anything entry level

Thanks for this friend. Just signed up

Gave +1 Rep to @boreal mesa

Just wanted to share that I got confirmation of my first cyber security entry level job today! I'm a physicist by trade so this is a big change
I think talking about tryhackme really helped me in the interview so I just wanted to share it here

Congratulations 🎉👏💐

congratulation

Hi !
I'm looking for a career where I can solve problems/"mysteries", where I can use osint (search for missing persons or criminals...) and at the same time do pentesting. I don't know what career would meet these criteria. Do you have any ideas? :p
I would also be happy if you could suggest a path to follow on THM to train myself.
Thanks in advance!

Hats off to you !!

that sound like forensic

take a look at your local investigator job in your city

Pentesting is mostly done on the computer. The job you describe, like search for missing people. It is like FBI or GBI kind of stuff, which can be done by joining government agency or local police

Thank you for the congrats!

And I would have to agree with Dec, that sounds like forensics, there is an area of cyber called data forensics that some companies offer (like insurance companies) or threat analysis might be similar, but otherwise yeah, a police station or your govt

thanks for your answers 🙂
I did a little research on forensic and came across some jobs that seem to fit (Forensic Analyst or Computer Crime Investigator).

do you know what type of job you applied to? im a college student atm but still have no clue where to work lol. was it helpdesk?

congrats on the job btw 💪

Tried breezing through the pinned messages in hopes of finding somebody who has asked my question before with no avail, so if somebody already has a detailed response or answer already posted, please direct me there.

I'm currently majoring in a 2-year Cybersecurity AAS degree (it's my 1st year), and I am completely lost at deciding what end-game job I want to strive for.

I don't know what area I want to specialize in: programming, networking, hacking, ect. Is there any video or website that helps narrow jobs down rather than just the average descriptions of "you will write code!" or "you will make a network!"?

Thank you!!

Look at the job reqs in your area - but don't let that define what your 'end goal' should be.

Community colleges typically have events with local employers - part of the point of post-secondary vocational education is to directly prepare students for job roles

Talk to your department head and instructors, often they have industry contacts who may be looking to recruit from your program

Hey this is Oxyahsefer here !

Looking for skills required for a job as a red teaming !

I am beginner level in the field

What should be my approach to get to my goal

start with the Jr. Pentester path: https://tryhackme.com/path-action/jrpenetrationtester/join

it gives you some nice skills

then you can jump on the Red Teaming: https://tryhackme.com/path-action/redteaming/join

😄

Thanks

do you have any IT background / training?

Do i need to complete Web Fundamental path before doing it ?

Basics of CCNA and LINUX

that's a great start

then you can start here as the step zero: https://tryhackme.com/path-action/presecurity/join

it's an overall view

I have done this 👍

do you have an IT job?

No currently a student

back in the time i got a job in IT and i had great mentors in the office, that's a very great way to learn

I am 17 now

oh, ok

you have plenty of time then

Yeah

I spent my much time in learning only

But sometimes due to assignments 🤣

Its sucks

the #1 rule in this field is to learn and research every day

Reading Blogs and Write-up daily

the technology changes day by day and we must stay sharp and up to date

And POC 👍

Sure

and learn documenting skills

it is very underrated

What's it ?

but clear, tidy documentation helps a lot

document systems, processes, your learning, everything

I will look to this on web today thanks for the info

Ok it mean making notes of things i learn

!

you can follow my blog (it's in my profile) if you want

I already reached you blog 🤣

i try to write beginner friendly posts too

Hn

It's not help desk, no, in my country some companies will run graduate schemes, where they will take in graduates across a range of degrees and train them in a specific area in their company
This job is a grad scheme that will cycle me through a few different areas of cyber and I'll start to specialise after I've cycled a few areas and can then work for the company in that role
So say I get cycled through threat analysis, pentesting and blue teaming and I like pentesting the most, I can chose to be trained in pentesting in more detail and then work for the company as a pentester
Grad schemes are jobs that try to bridge the gap between uni and work, and usually are popular for people with non-specialised degrees, or in my case, degrees in a different sector, I'll be graduating with a masters in physics next year, which doesn't exactly help in cyber

They do grad schemes here in the UK too, aimed less at people with nonspecific degrees or unrelated and more for people without the experience yet

I am from the UK, I kinda assumed I was speaking to someone from the US

Just because of them saying they're a "college student" which is something I only hear americans and sixth formers say

In the US, some companies have that too... grad scheme isn't what I'd call it, its a entry level type thing

but its not really meant for bridging but to get more exposure, see where you might fit best and what you like

That makes sense, I don't know what classes as entry level in the UK tbh, half the stuff listed as entry level I saw was for like kids just finishing sixth form, the other half wanted you to have a CompSci degree or something similar
The grad schemes were like my only in

youd be right lol

thats cool tho

I like how I've been given aptitude and technical tests applying for j obs... like more than half the questions have nothing to do with the job and the questions that have to do with the job, I barely remember or hadn't learned about what the question asks. LOL

That's pretty normal.

The same role across different orgs may have very different day to day responsibilities

but job applications are more than technical prowess

Questions that have nothing to do with the job are also likely to give you insight into the non-technical challenges of the job; collaboration, coordination, esclation for blockers are all likely to come up as well

That's what I'm hoping to grab.

I've hat some talks with JP Morgan and BBC, but they mostly want software engineers.

Well I'm not sure how well I performed, so hopefully I'll find out. There were 50 questions and a 15 min time limit... I only answered 41-42... there were quite a few questions I had to think about as they were something I didn't remember or knew about.

While I was on the phone to schedule an interview for a different job unrelated to IT and more to my own work experience, I got an email response back on that IT job w/ the tests... I must've passed because they want to schedule an interview.

wow congratulations!

If you're looking for 2023 then most cyber schemes are closed now, but if you're looking for later then I'd check like Tesco, BT, Liberty Global, AON, KPM, and there are a couple more that I have unfortunately forgotten, as I looked at those this year specifically because they were accepting applicants with degrees other than compsci or cyber

and congratulations!

Kind of hard to get into smaller businesses for IT around here... lots of big businesses and govt contractors... the contractors are a bit worse... they won't sponsor you for clearance... which is understandable...

Not sure who you're dealing with, but it's very common to get a clearance from a contractor. Several even have College to Workforce Pipelines that handle all of that before you graduate. I find it a little odd they won't sponsor people in your area.

Money reasons.... what if I end up not working out?

I mean as far as I know, I should have no problem getting cleared. I've held other types of clearance/registration that required background checks.

Are you US?

Yep

Are you within 5-7 years of your last held clearance?

I'm talking Federal level clearance

I've never had the same type of clearance for IT. I'm just saying the registration/clearance I got involved background checks.

If so, it's still there, just not active. Can be picked up by a sponsor

My clearance was state registration.

for Pharmacy

Oh, so you've never had a clearance

Ok

No, never had the kind of clearance we're talking about... just similar in background checks.

Getting clearance for a government context is a very very difference process for Secret and higher than anything you've gotten 'cleared' for in civilian jobs

As in it required a background check... fingerprinting and all.

This

Ugh... nevermind...

Public Trust is kind of similar to a typical criminal background check, but they are looking for different things

I don't think ive ever met anyone with a Public Trust

I have...

somewhat related question, if youve previously held a fed clearance like confidential, how "easy" is it to get higher clearances later on?

Depends on the level

Yeah, I'm told depends on level and requirements...

You're still going to have to go through a redo of your SF86

secret is usually the level the jobs which im applying are looking for

Like you could end up filling out a 100 page form, a polygraph test, specimen test, etc... LOL

You have 🙂

ah word, interesting. thank you

SF86 is always a pain

Secret is just computer checks mainly, unless the system flags something

it's never not a pain

even confidential was a bit of a hassle but i dont mind a hassle from time to time lol

SSBI is every stone looked under by actual agents

Some kinds of Public Trust processes require interviews, Treasury in particular loves to do that shit

Wonder if FBI job application is worse than clearance... I remember a classmate talking about a family member applying and she had to fill out forms as thick as a Yellow Pages phonebook.

my ex had ts-sci and i dont envy that process at all.

lots of hassles

Poly is split into Counter-Intel and Lifestyle

SCI isn't a clearance technically, it's still just an SSBI investigation. Then you're read in on the SCI

Just like owning and operating a gun shop, getting clearance is opening your life up to the government on demand...

sadface emoji

he had to do the whole polygraph thing, sounded like a pain. but good to know the rest, appreciate the knowledge drop

So, not going to get into the legal side of it, but that's technically not true

You're still a private citizen

You just need a really good lawyer

https://tenor.com/view/law-police-judge-cop-dredd-gif-8606130

You said you were a Pharmacist, but what's your education background? If you can't get a clearance through tech, you may want to trying going in through the government research route

I never said I was a pharmacist.

I said "for Pharmacy".... and my not getting clearance in Tech isn't me... I have to have a sponsorship, but to get sponsorship, I have to get the job. But yes, I've been working with a recruiter in the gov't sector. Just sent them an updated resume w/ my skills and certifications. They're going to reach out to a couple of their hiring managers looking for hiring students/recent grads.

polygraph is pretty easy peasy

Until the chronic anxiety gives them funny illegible lines xD

Not sure if you're talking about the lifestyle poly or not. If you are, lucky you lol

I'm probably too honest to the point I wouldn't pass the poly.

Might answer a question everyone tells you to answer the opposite of what you'd normally say and it'll flag me.

versus what? It was maybe 60-90 minutes, don't remember

Doesn't sound like the lifestyle poly

Not in Scotland they're not.

Lifestyle, at least from someone I know, was them getting grilled for 8 hours by a psyc and an interrogator

ahh no, this was pure poly, and was related to things on your SF86

I mean it is all lifestyle questions

Lifestyle is the one that is done in the "full scope" package

Then you and the person I know had very different experiences lol

maybe they worked for one of the 3 letter orgs

They were going through the application

I already had a SCI and this came afterwards

Anyone in the industry that can proof my resume so I can get out of being a Desktop Analyst

I know that's usually a paid service, but you'd be doing me a big favor 🙂

You can post a redacted copy as an image here

You'll need to verify

!docs verify

sure, thank you 🙂

Ok don't laugh, I've been coasting jobs by recommendation for like a decade, so the resume hasn't been a big factor honestly >.<

But really without any security related certifications, or any at all, I need a way to express that I've got functional knowledge of some pretty specific security concepts, but I don't know how to make it not verbose as hell

Right off the bat, I'd get it into some form of LaTeX resume. You can find good templates online. Machine readable and easy to read as a human

Awesome-CV is a common one

Juun or Zojja are definitely more qualified to review the resume. I'm still starting my career lol

I'm more used to fresh out of college or still in college resumes

I will jump on the awesome-cv train, it does look better for sure, I've been using the same PDF for a long time 😄

Yeah, LaTeX does export nicely to PDF

Sometimes though, it can go to a non-standard paper size. So just be aware if you try to make a physical copy

I don't even know where I'd go to make a physical copy lol 😄

but thank you 🙂

Profile
you put detail-oriented but then have a pretty vague resume. Do you have an interest in security or do you want to develop your career in cybersecurity?

Skills
Please put a descriptive skills section like what you do with each of the skills or level of experience.
"Deployed Windows 2019 and RHEL 8 servers within AWS environment"
as an example

Experience
Level 2 desktop analyst and other positions - very vague and really needs more details. Please add technologies used and other specifics.

Security Researcher - I'm reading between the lines and thinking this is bug bounty hunting which isn't work experience. Doesn't mean you shouldn't include it elsewhere in your resume but you need to put details such as how many bug bounties have you found? THM/HTB/HackerOne shouldn't be part of experience either.

thank you 😄

How would you explain a gap where you lived off of your savings and did nothing but study o.O

just wait until they ask about it?

yeah exactly

See I was always under the impression that it just gets tossed if there's a big gap, but mine is probably getting tossed for other reasons lol 😅

I appreciate your input, I'll get to work rewriting it to be more specific and less "give me a job please" vague

nah, there are a variety of reasons people have gaps

so long as you aren't hiding a prison sentence in that gap, you should be good

Nah, just wanted to explore my interests, see if I could turn something I used to enjoy as a hobby into a job

I'm trying to move away from supporting like... in-house software and stuff.

Speaking of LaTeX, do people use LaTeX when writing reports in cyber? Say a pentester writing their report of a test, could they use LaTeX? Are there specific document type packages for cyber reports?

ty @carmine jolt

Gave +1 Rep to @carmine jolt

are the CompTIA exams all multiple choice? I just looked over the example questions for Sec+ and PenTest+ and they seem very simple, but I feel that this is probably not indicative of the actual exam

They have some special questions that test your application of knowledge. but the rest are multiple choice

thank you

Gave +1 Rep to @hexed magnet

Sorry, but these are for you to do. We cannot assist or provide insight with this sort of stuff.

my man these are normally under NDA be carefull sharing such stuff

Also yeah, this all on you to see your level so no point in us helping

Cool thanks

#general message

CV tip for you all regarding any "Personal & Hobbies" sections from one of the recruiters at my place of work

Today's tip is about your HOBBIES & INTERESTS

This is one of the most under-used sections of most people's CVs. I have seen hundreds of CVs that just say "Hobbies: I enjoy running & playing the guitar" - Not being funny, but that adds NOTHING to your CV, you might as well not include it.

Apart from your personal statement, the hobbies & interests section is the only other part of your CV where the interviewer gets a glimpse into your personality.

It can also be another way to stand out from the competition, so think of this section as your “achievements in your personal life”, so include hobbies that show your commitment, perseverance and success.

If you don’t have any time outside of work to attend tech conferences or study technical certifications, what hobbies are best to include?

My rule of thumb is, anything interesting.....Have you run a marathon or are you a treasurer for a local charity that’s close to your heart? Do you have any random world records or a YouTube channel? Have you climbed Ben Nevis? These types of hobbies are always good to include because they show you are committed, plus they are a real talking point at the interview.

If (like me) your hobbies are things you do to relax, still mention them, but put more detail...

🎸 If you play guitar - Do you play in a band? What kind of music? Have you written songs together? What's the best gig you've played?

👾 Maybe you like gaming - What's your favourite video game? Why do you love it so much? What's the best score you've got? How long did it take you to get that score?

You get the gist.

Personally I watch a lot of true crime & cult documentaries in my spare time. In my own CV I went as far as to include who my favourite serial killer is & why... and I still managed to get a job here at BJSS 😂```

1/2
CV tip about cover letters again from one of our recruiters

For me the answer is yes. But only if it's written specifically for that role, not if it's a generic, copy & pasted email that adds nothing of value to your application.

Yesterday I rang an applicant who only met 1 of my 3 requirements, because he wrote a brilliant cover letter that made me want to know more about him. His passion shone through & it felt like he could have all the right attributes of a BJSSer. It turns out he isn't right for that specific role but I agreed to keep in touch & let him know if a role more suited to his skill-set comes up here at BJSS.

So makes a good cover letter? For me, it needs to explain why you want the job & evidence why your skill-set/personality are relevant for it.

When I was an agency recruiter I submitted thousands of CVs to jobs, and I always wrote & attached a cover letter to each CV application. A typical cover letter of mine would say something like:

"You said you wanted someone who could do X, Y and Z - well Sandra has done X & Y in her most recent & previous role with THIS and THIS positive outcome, and they are studying Z in their spare time in the hope to get some practical experience of Z in their next position. On this basis they seem to meet 2 of your 3 main requirements, plus they have the self-starter mindset you are looking for, as is evidenced in THIS relevant example.```

2/2

If you're applying directly to a role you can use this knowledge to your advantage. Pick out the 3 or 4 main bullet points from the job description & ensure you back up what you're saying about yourself with examples - this is key.

And if you're applying via an agency, I'd recommend you speak to them about the role first to check it's right for you, then write your own cover letter & ask them to submit it as part of your application. This will really help you stand out from the crowd. (Plus unfortunately not all agencies will go into this level of detail on your behalf).

The main downside to cover letters is when you spend a lot of time putting the effort into writing a relevant, tailored cover letter, only to receive a generic rejection email. Especially if you've applied for several roles, spent a long time tailoring each application & then still get nothing. It can feel like a real blow.

My advice in that situation would be to call/email the person who sent you the rejection email to ask for more information as to why you've been rejected. It could be that there is a reason you weren't aware of, such as you might be seeking a visa sponsorship but the company can't provide it.

I hope this helps someone today.```

Alright fine, another tip.

When looking for jobs using LinkedIn, you may have noticed a filter for the experience level. Be mindful that LinkedIn by default will classify a job as "Entry Level" if the poster has not entered a value. This has led to a lot of jobs incorrectly being classed as Entry Level.

In turn, if you happen to be looking for a start in the Cyber field, chances are that only a small percentage of those jobs are actually entry level. Even then when you find one, that market is so oversaturated it's extremely difficult to get that job.

Get your head down, study and gain experience. You'll get there 💪

Indeed does this too

Do you mind if I pin these?

By all means go for it James if you feel these are useful

what is a cv

A CV is a document that shows your previous job experience, education, hobbies, etc. There are some examples that can help

okay thanks. so unlike a cover letter or resume?

Gave +1 Rep to @vivid flume

Curriculum Vitae

Its another name for a resume

Juun just posted what the 2 letters stand for

It's kind of like a resume; it's a little bit different but it's often interchangeable enough

"Fetti Wop".... that's a name I haven't heard in a long time... LOL

CV is more common from academia, and I had a professor and lab director who had a CV that was over 50 pages

Let me try that again... Resume update 2.1
Better? Suggestions?

Hi, I am currently in a French engineer school specialised in computed science. I am doing my 4th year and will soon finish my internship. I just had an offer by my company to work as an application security engineer junior, payed around 55k. I must take it now, or never (because they look for a permanent employees).
I have no diploma yet, not even a bachelor as I did an integrate class. If I stop my studies now and start working as an engineer. How restricted can become my future if I am good at what I am doing ?

I don't want to bother, but my job says 'no restriction' and my school says 'your high level career will stop the minute you leave us'. So I need profesionnal advices...

Any advice is welcome, thanks for your time

I'm not sure how it works in Europe, specifically France, but if you're 99% of the way through your degree, I don't think it's smart to leave.

alright I'm ready for round two, utilizing the awesome-cv thing (i'm gonna restyle it a bit later, working on content for now)

be gentle @pseudo creek 😎

also that's not the whole thing, just the meat that I actually want judged by pros

One item: Only your bottom job has quantifiable/scaled information. Try to implement that at least once for each job, so it shows the scale/size of your work accomplishments. It adds extra value when demonstrating the size of environments/projects you worked on. 👍

So I should mention like... size of user bases? that's a hard one for me >.<

I dealt with users the most so far in my career, which is why I'm trying to be less... user-oriented lol

I know exactly what you're saying but I'm struggling to find a way to represent that 😢

For example: the size of the network you automated testing for.

roger that, that makes sense, thank you 🙂

I found an article that discusses the different types of quantification for resume purposes, so I'll read this and revise

thank you @distant pier 😄

Gave +1 Rep to @distant pier

If you're doing an integrated course and you're in your final year, are you not able to leave early with a BSc? I'm also currently in my final year of an integrated course. If I fail this year or otherwise drop out, my university will award me a BSc instead of an MPhys at the end of the academic session. Your university might offer something similar that you could look into.

Personally, I'd recommend finishing the course because it's a higher level qualification and you're probably just under halfway through your final year. The job sounds good, but there will likely be others like it. But, if you really want to take the role, I'd try to get your university to award you the BSc instead, if they allow that.

Figured I'd try posting again since my last msg got no responses:

What would be a good substitute for work experience if I want to pursue blue team/government/healthcare? Would a home lab/VMs and playing with various tools and documenting my process be good, or should I pursue a weekend or part-time job in IT to go along with my pharmacy job? I prefer not to leave my current job just to get a full-time entry IT job since it might be too much of a paycut for me, but I would not mind an entry cybersecurity job (~70k+). I also built and upgraded my own computer a few times for gaming.

Background: I have a doctorate degree although it's non-IT (pharmacy), currently working full time at a hospital. Just got my sec+, planning to take net+ and AZ-900 within the next few months, and CySA sometime after that. Maybe in 3-5 years get the CASP. I spoke to the AVP of cybersecurity at my hospital who said he only really looks for security+ or gsec for entry level, and that knowing the hospital is already a plus. My plan is to either wait for an opening internally (they had 2 but on a hiring freeze atm), or apply to DoD where I have a couple connections. Any suggestions on gaining experience in my situation would be appreciated!

I went into Healthcare IT without any previous anything, I assume you're a foot in because you'll have a firm understanding of HIPAA

No clue though, I've never worked a day in cybersecurity

Alright, my final shame. Sorry I couldn't fit like... a rating system into skills, still trying to work that out

Any critiques welcome 🙂

so a few things... does the top of your resume show your clearance cuz I don't see it here...

Summary
I wouldn't say "cleared defense contractor", just defense contractor.. Also, I would not say "who chooses nano over vim every time", no one cares and it is such a weird thing to put in a resume. Besides if you want to go into offensive security, sometimes vim is all you got. This form of rigidity is just not attractive.

skills
I really like to see more descriptive skills, like what can you do vs a bunch of keywords thrown on the page. Besides that, I wouldn't throw outdates systems on the list such as Windows XP/7. An example of a descriptive skill is "Deploying and maintaining Windows Desktop and Ubuntu Linux systems" "System administration of Windows Server 2019" or whatever.

I would not consider Active Directory, AWS/Azure, Python or Powershell to be software. I would also not call out AWS/Azure VPCs separately.

Work experience
Would agree with Tim here, maybe need to show more scope. Also I wouldn't call out things like "Awarded for Charity contributions"

Certifications
Never try to explain what a cert is, get rid of the line below the cert

Im currently on the waitlist for a cyber security bootcamp and they'll help me find work after it ends (through a va benefit called vettec) in the meantime i'm doing tryhack me and other free online resources. What sort of entry level roles should i look into ?

Got it, upwards and onwards again

so there is no real substitute for work experience, your best bet is to try to build a portfolio, showing things you have done. Lots of people do this in github or other places. Write a blog post about your home lab, talk about things you are learning, post writeups of things you've done on THM/HTB and others. Other than that, network, network, network. I don't see why you couldn't get a job in cyber for $70k+ unless you really live in a super low CoL location

no sad faces, you got this

most cyber security bootcamps are scams.. unless you really think you can't get a certification without them. I would look at SOC analyst, which is a popular entry level position. Usually Network+/Security+ can get your foot in the door there

also splunk knowledge is useful

I appreciate that. Do you think I should create a separate section for scripting languages or put AWS + Python + Powershell under "tools" maybe?

right ive heard most are scans but the VA vets their partner schools by employment rates of graduates etc. Also looking at studying for certs and from what i see people mostly go for network + first ? and thanks for the reponse

Gave +1 Rep to @pseudo creek

feels like I'm trying to cram a novel onto one page lol >.<

Like I said, I rather know what you can do with the tools vs what they are

but if you decide to go forward, I'd call it "Scripting languages"

ok so put that under descriptive experiences

like under the jobs

but not generically o.o

ahh if someone is paying for it, it probably doesn't hurt, just most cybersecurity bootcamps I've seen are "we'll help you get certs!" and then it is much cheaper if you had even used the official vendor training to get the certs

no, so.. I think the skills section is useful as a highlights section, things you want people to see when they look at your resume

I can probably drop extracurricular activities too and save some space

I didn't even touch on that... you can but also if you put THM/HTB, it should really just be 1 line

Roger that, I'm just trying to use it in an attempt to show that I'm not sitting on my ass doing nothing

like "Self learning through cybersecurity learning websites such as TryHackMe and HackTheBox"

but I don't know how it looks from the hiring side of things

It is a positive but it shouldn't take up that much space

got it, thank you @pseudo creek your advice has been priceless

Gave +1 Rep to @pseudo creek

especially now that I can't rely on people I know just being like "submit a shit resume and I'll get you hooked up"

never a good plan

Thank you for your advice I will concidere it ❤️

Gave +1 Rep to @desert sonnet

I've done that, be prepared to answer questions about why that's on your CV for example

i have looked at the search and couldnt see much in the way of feedback

Does anyone have anything good or bad to say about the CAPSLOCK course/bootcamp being ran in the UK? Please feel free to DM me if its easier

I've saw some people from CAPSLOCK getting hired in cybersecurity, how long did it take ? Not sure

for an entry level CV/resume with no IT job experience, is it beneficial to put that I built and maintained a PC (and home lab when I build one)? and that I troubleshoot coworker computer issues at my pharmacy job? the simple ones, not the ones that need real IT assistance

You can put your homelab in a projects section of your resume.

Not sure about the troubleshooting a pc at your pharmacy job. I'd probably leave it to things you actually do day to day

you're right, I probably will leave that out. ty!

"Do you have and maintain a home lab? If so, tell us about it?" is a standard interview question that I usually ask when hiring and have been asked at almost every security engineering interview I've done so from my anecdotal experience, I would definitely say YES! Good luck my friend!

@pseudo creek When you make an appearance, I would love your thoughts on what you think an entry level job in Australia would look like: I've tried looking at SOC Analysis on both LinkedIn and www.seek.com.au -- but as of yet, haven't been able to find what I would assume would be entry level. I do want to mention that I have A+, Net+ and Sec+ but with no "on the job" experience, I feel like I'm going to be left out of the recruitment pool in terms of the jobs that I could do.

E.g Job posting: https://www.seek.com.au/job/59449299 -- Not that I think this is entry level but I did read somewhere that anything between 0 to 3 years is considering entry level somehow.

Thanks for all your advice and help, sorry if it's rude to at you directly at this time, its 11:30PM here so I need to hit the hay.

DM Me if you need to.

Gave +1 Rep to @pseudo creek

I wish I had more insight for you, I've heard the Australian market is extremely tough. If you ever see Varg around, pick his brain as he would know better than me.

In the US, there are a variety of avenues and I'd hope they are similar. Getting your foot into IT, if not cyber, is where I'd like. Lots of people apply for help desk positions or junior network/sys admin positions.

I would keep searching, like this position I found on the surface seems entry level friendly
https://www.seek.com.au/job/59420533?type=promoted#sol=c8deed14ecb4269c3b85fda2215cd47e64133294

The primary issue would be that... who are you competing against? even if a job looks entry level-ish, other people may be applying that have experience and kick you out of the hiring pool.

soc analyst is what im currently doing!

hello

newbie here

im in interested in cybersecurity and now i have started learning in Tryhackme !

You can start your journey from #start-here

Should I do an MS in cybersecurity or Computer science after my bachelors? Is it worth it?

@candid terrace what kind of work do you want to do in cybersecurity? The answer to this question will almost always be "It depends". Bona fide, hands-on, production experience will almost always win over degrees and certs unless the field/company that you want to work in requires it. If not, I'd focus on getting experience under your belt; an even better win would be a company that will support your MS studies and tuition as a benefit. This way, you get experience and that advanced degree in parallel. Again though, it really depends on where you currently are at and what your goals are.

If you can afford a masters in anything, it's always worth it. You are your best investment.

I got an interview at a security consulting company on monday for a junior pentest/ethical hacking consultang position. The interview is only going to be half an hour, but they said it's going to contain a few technical questions.
The job description didn't give much information except that knowledge of common tools like nmap and burp suite are desirable.

Any tips on what I should prep for?

There's a good list in the pins here

Thanks! Really good information in there!

Gave +1 Rep to @quick forum

currently going through their website to understand every nook and cranny of their business.

I reside in India and it's really necessary to do an MS to get a better job, a Bachelors can only get you so far, only a few companies check the skills of the candidates and others check the portfolio and degrees. But I agree with you, I'll have to check out if any company supports my MS studies and tuition as a benefit. Thanks for the info!

Gave +1 Rep to @clever rain

Agreed! Thanks!

@thorn drift without knowing any specifics, it sounds like the consulting company is willing to hire junior staff. This likely means that the company is not expecting (hopefully not anyway) in depth knowledge but instead, someone that is trainable. Your approach to know everything about the consulting company is a good one. My guess is that the company wants to hire someone that is well spoken, presentable, and can figure out the problems when given time to research more that knowing the "correct" answers at the interview. Try to focus on how you'd provide good value to clients and more importantly, options to choose from, which in turn, gives clients' agency and makes the consulting company more revenue. Think about why a client would even want a pentest/ethical hacking client to begin with besides "required for compliance" or "because bad things will happen and you'll be in the news". Remember, businesses manages all kinds of risks everyday; cybersecurity is just one of many (e.g. market conditions, competitors, IP theft, etc.). IMHO, if you focus on helping the client understand and manage risk by giving 3 ~ 5 potential solutions in order of cost vs benefit vs risk mitigation, you'll have a head start over the candidate that can only speak L337 and how she'll get root on your containers. This is obviously a huge discussion but I hope my comments help a little. Good luck my friend!

they're focused on fintech companies, so those need to be certified according to some standards.
I also have broad experience talking to people in understandable ways (science communicator for children and museum guide) and am fluent in 4 languages, so I hope that impresses them.

thanks a lot for your input!

Gave +1 Rep to @clever rain

Are you looking to get a job in India or outside of India? If the latter, all I can say is that I currently lead a TCS team from Asia (fully remote), have actually been to India (as well as other countries), and work with/and have hired many fine folks from India (and other countries) and of all the folks I've worked with (any nationality actually), their degree/cert status was never a deciding factor. My experience is of course anecdotal but as a person that has B.A., M.S., and a bunch of alphabet soup of certs, being able to communicate well, think flexibly, and tie cybersecurity into business outcomes (e.g. revenue, profitability) always wins over technical knowledge. Note that I'm absolutely not suggesting technical knowledge isn't important (of course it is!); I'm just suggesting that being a good communicator and working well with others might be more valuable than an MS degree. And if you aren't a good communicator but extremely technical, that's fine too. Just decide if you are okay with that (vs want to improve) and position yourself to be a gold mine of technical knowledge and show how that is valuable to clients/employers/etc.

plus they have a really good on-boarding process where you basically get a company-specific syllabus and need to pass their own internal certification before you can take your own projects with clients. sounds really good and I'm really looking forward to working with them.

@thorn drift that's awesome! Sounds like they have a blue print for success! Best of luck my friend–I'm sure that you'll be successful!

thanks!

My preference is outside India, but as I'm aware, I'm in between the more communicative and more technical side as I'm still on intermediate level, might change later but as you said that communication, flexibility and tie cybersecurity into business outcomes work as well, I might just as well work on them too. I have a plan, but anything I can get, I do it. Like I didn't know that I could do this too, I mean, it might be different in other places? Anyways, so anything that benefits me or my improvement.

@candid terrace you will be fine! The fact that you are on this forum is a testament of your dedication! Just one word of caution.....when you are interviewing, please do not express how the role will benefit you. You gotta play the game my friend...you have to express how you will benefit the company! I'm not saying you have to kiss butt or be disenginious...but...you have to let them know how you'll make them more profitable/better (i.e. by reducing risk and/or more revenue). Yes, in private, you will become more awesome but for your future employer, they need to feel comfortable with how their investment in YOU will be beneficial to THEM.

Thanks! So basically, I have to sell myself if I'm taking this right, present how much of value I will add to the company and benefit it. So what I have to work on is my presentation and my skills so that I can sell it. Am I right?

Gave +1 Rep to @clever rain

Hey, I am a student currently in my 3rd year of cybersecurity studies looking for unpaid internships if anyone has any connections to any companies or any sort of help would be appreciated.

I would not persue unpaid internships, they don't actually help and are exploitative. We're also more of an advice channel, #jobs-board would be where postings are.

what country are you in?

If you're in your third year, start looking for paid internships in your area through your countries primary job board

Finland, but if it s remote work I can probably work anywhere

Thank you, however I dont think my knowledge is enough to land me a paid position yet

Gave +1 Rep to @stoic cave

you can generally only work where you have the right to work

Well, yeah, hahab

but looks like Finland is part of the EU so at least you can look at other EU countries?

Yup!

Interns aren't supposed to know anything, if we're being honest. Sure, the things you're learning in your degree you should know and be able to explain. However, the point of an internship is for you to gain industry experience in an environment that's both beneficial to you and the company. You get the experience and the company potentially gets to hire you if they think you are a good fit.

@candid terrace that's right!

I'm looking at jobs and everything I'm seeing needs degree's and experience, how can I land a job without having either of those?

If you're talking about Cybersecurity, you're going to need one or the other. Security is not an entry level area within the Computer Industry. Many that don't go the Bachelors degree route work in IT to gain experience in order to then move to a security role after a few years. Those in degree programs will generally search for internships and then look for work after schooling.

Thank you!

Gave +1 Rep to @stoic cave

Anyone here in the Netherlands?

Advice me aslo

is there any experienced QA person that can recommend some certification to switch more to the cybersec (without loosing 50% of your salary 😅 ) ? I was thinking about CompTia Pentest certification.

A lot of the advice around certifications will depend on where you are (country wise), and what you're looking to do with it.
Please can we have some more context?

@quick forum I am located within Europe and European market is most interesting for me to work with. I am just wondering, would like for example to do more with penetration testing, but this requires some kind of "downgrade" from my current position when it comes to the salary range. Most companies they do not have own pentesters, but are delegating security checks to external companies as "external audit". Or do you think there might be companies to have all in one position?

Very true

Hey everyone. I'm an American college student looking to get my bachelors and beginner certs in cyber from WGU. I'm a bit nervous looking at the job market that I won't have much experience once I graduate and may not be very competitive. Other than school, certs, and looking for IT work and internships, what should I be doing to advance my career? Also, when should I expect to actually get my first job in cyber?

If you're doing a bachelors in cyber, a lot of companies coordinate their recruitment and internship programmes to coincide with your graduating. Because cybersecurity is not considered an entry level topic, most people do spend some time in tech support, QA and other IT positions to gain experience when looking for cybersec roles. If you combine your experience with some cybersec certifications, companies are more open to onboarding you but you will need to show understanding of some area of computing, such as Linux, Windows, Networking, Coding... Perhaps start a github/gitlab and/or a blog about your experiences