#cyber-and-careers

Gave +1 Rep to @rugged delta

how to get internships?

Look at websites of local tech companies, job portals that are specific to your country, LinkedIn.

Most internships are geared towards college/university students but yes, companies do look outside of academia for talent

To modify just a tad, being a student, at the undergraduate or postgraduate level, is a requirement in most cases

Hi

I'm a fullstack developer and I want to go on a journey of cybersecurity

Is it possible?

what role are you trying to get into?

Red team

Or pentesting

and you have industry experience right as a dev?

1 year

that's definitely a very doable transition. Over the course of 6 months - 3 years.

i'm curious why you think it wouldn't even be possible?

especially from a monetary perspective.

I was scare that's y

here's a description of a red team role from gitlab. as a full stack dev, you likely hit a ton of the criteria as is

Ability to use GitLab
Understanding of the MITRE ATT&CK framework
Ability to automate tasks by writing basic scripts/programs - we often use Python and Go
Ability to read and understand multiple programming languages, especially Ruby and Go
Command-line experience with Linux-based operating systems
Experience exploiting vulnerabilities in at least two of the following areas:
i)Web applications
iI)Cloud environments (GCP / AWS)
iiI) Linux and/or MacOS workstations
iv) Software supply chain

• Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure)
• An adversarial mindset - you must be able to put yourself in the mind of the attacker
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner

https://about.gitlab.com/job-families/security/red-team/

Thank you sir for clearing my doubt sir🥹

no worries, good luck out there

i'd recommend reviewing a handful of postings to solidify in your brain what you need. Then reach out to actual red teamers (not me), who can help you develop a plan to fill in gaps and potentially refer you!

Thank you sir

Gave +1 Rep to @main flint

Sure sir

Hello all, been awhile... crazy busy holidays and doing interviews... still waiting on responses from at least 2 IT companies that are promising for entry level positions. I've realized I either forgot to ask before or forgot if there was a response, but if I use the TryHackMe stuff to add to my skills, how should I put TryHackMe on the resume or CV for the non-US folk? Would this be considered as education? Obviously I want to list where I learned the skills. Thanks!

It's extracurricular

Education is for your college, university, etc type learning. Self learning can go into extracurricular or if you did a personal project while self studying, a projects section would work

I figured as much. Thanks, @stoic cave !

Gave +1 Rep to @stoic cave

Np

Also, just as an FYI, cross-posting across multiple channels is kind of frowned upon. More often then not its seen as impatient

My other post was more specific to the Advent Calendar event... this was more career/resume specific??

My mistake

They were of similar length and started the same

I admit that much... and could've done w/o starting both the same way. Apologies for that.

No, you're not at fault at all

I wasn't paying attention

Hello all, I am currently a junior software engineer with 1 year of work experience and I am interested in getting involved in blue team roles such as security engineer or security analyst. I was wondering if any of you have advice on how to break into these fields and if my current experience will be beneficial. Additionally, I am based in India and I am curious about what certifications would be most valuable for pursuing a career in cybersecurity here. Any insights or advice would be greatly appreciated! Thank you.

IT experience always helps and EC-Council is good if you're from India

is it required to learn several programming languages for a cybersec career?

nope you can get by by knowing zero... though having knowledge in at least some will be helpful to open more opportunities

thank you

Gave +1 Rep to @faint ice

no problem

https://www.upguard.com/blog/does-cybersecurity-require-coding @crimson vector

if you want some references

tysm

not required unless you want to learn to write rootkits

For what purpose would you be writing rootkits?

Reading comprehension isn't your strong suit 😂

Am I crazy or just not understanding anything at all?
Just seems to be incredibly out of place when responding to a message about cybersec careers.

They're saying programming and knowledge of multiple languages isn't really required for a cybersecurity career, unless you want to write rootkits as part of your job.

We discussed it in staffs, but thanks 😁

Gave +1 Rep to @stoic cave

Rubbish lmao
Agreed with not needing to be intimately familiar with numerous programming languages to work in many (if not the majority) of cybersec jobs, but there are plenty of times when someone in cyber is going to have to build stuff

And that's not even going into white box pentests / source code review

knowing to write and read code increase the productivity a lot

even some one liners can save us a lot of time

Yes, and it's outright required for some jobs

I spend most of my time writing red-team offensive tooling (userland) just now, for example. Wouldn't be able to do that if I couldn't code lmao

exactly

i'd be dead in this field without programming knowledge

You're disagreeing with... yourself? lmao

hmm, we misunderstood each other

my job technically requires no programming knowledge... technically but its been useful even if I don't do any programming for my job

You said earlier that programming knowledge isn't required (other than to write rootkits) 😄

i think i wasn't clear enough, sorry

my bad

i wanted to reflect on the fact that she/he can start practicing cyber security without programming knowledge

but it will be a huge disadvantage

strong computer skills, network knowledge and programming is important in my opinion too

Ah, gotcha 🙂

so we agree

Apparently so 😁

now I'd disagree, I work with tons of people in cybersecurity, many have never programmed in their life, many have never programmed in their cybersecurity career

I used to do some scripting as a network/unix admin and I did some scripting earlier in my cyber career as part of IR work but it was not necessary, it was kind of like 'oh you can do this?', many of my peers didn't do any scripting and so a lot of scripting fell on me in the early days

Can you guys recommend a company that accepts cybersecurity intern that is willing to train applicants? or something like that?

It really depends on country, in the US, internships are mostly for college students. Other countries have various other types of setups for college students or not.

Ohhh, I see. Thank youu.

Gave +1 Rep to @pseudo creek

If you look at all those intern roles, you will see a requirement under "What you will bring" that says "Currently enrolled in an accredited degree program". @distant turtle . Those roles do require the applicant to be a student

Some roles may allow for recent grads as well, but internships based in the US will require proof of eligibility to work in the US as well as proof of student status.

I'll take note of this one. Thank you.

Gave +1 Rep to @flat sedge

What remote position can I get that involves zero interaction with a customer with Net+? (I have CCNA as well but I'm extremely rusty took it a looong time ago and don't really like to bring it up)

IT is inherently a customer service field, maybe you should look into software development

😭😭 Ok

Still customer service. I would argue that every job, every where, is customer service. There is no such thing as a job that doesn't have a customer

True but you have a better chance to be abstracted from customers

I think who the customer is changes, but it's still doing customer service. Development may even have closer relationships with customers due to the swing towards devops and stakeholder involvement

New favorite quote from THM Offensive Security path's Enumerating Active Directory section...."Defenders think in lists; attackers think in graphs." ❤️

It's specifically in relation to the entrance of Bloodhound into the AD enumeration toolset. Loving Offensive Security path!

Think he meant interaction with customers like a non customer facing role. I get the feeling he's tired of Help Desk

Grow your skills beyond what you have. A lot of roles in IT involve dealing with someone outside your team or organisation but being able to discuss the details of the technology you're supporting and providing makes dealing with them a lot easier. As you become more professional, your customers tend to be as well

I've been in IT for 25 years, I started as a network admin, you always deal with customers.

Sometimes your customers are technical, sometimes they aren't they just need their IT services when they need it and don't understand all the ins and outs of providing it

I'll say as a cyber architect, I mostly work with supportive technical teams who work with the customers but occasionally I'll still need to talk to customers to understand their needs and wants

Bit of a long shot here but does anyone know of any cyber related placement opportunity's in Manchester UK? (remote placements are also good with me too). Cheers.

Anyone from Canada? We could talk about career and stuff. I am trying to find a job as a SOC analyst but it is kind of hard.

Hi as a veteran do you know of some good learning materials i should look into? im currently doing THM beginner learning paths

im new to the field but am really excited in learning all about it, just looking for an efficient way to get into it

there are a ton of learning materials, what is your focus? what type of things do you want to learn? what type of stuff do you want to do?

My first goal is to acquire enough pen testing skills to get recruited into a team and learn from working with those individuals

i mean i learn best from practical experiences , in my country its hard to get recruited without a college degree, so maybe freelance remote work might also be a good option

free lance remote pentesting work from one country to another seems like a very hard sell. remote work from one country to another is basically non-existent, freelance pentesting without extensive previous pentesting experience is also a really bad idea. Basically a smart company would never hire a pentester from another country as there are legal ramifications of pentesting and potentially no recourse if you are in another country.

i had no idea ....

so im guessing most parts of infosec is barred from remote work from another country?

@pseudo creek which part of Infosec should i focus on if i want to start working remotely asap?

I'd say I don't know, I don't know any areas that are really amicable to remote from one country to another... people that have done so have done for purely remote companies and even then it is extremely rare

ooh i see, thanks alot for clearing that up, i have got a lot of rethinking to do now

Gave +1 Rep to @pseudo creek

A lot of it. There's also a lot of issues around security clearance too

im soo sad to learn this, i had this plan made out in my mind and its all crashing to this reality check

Hey, I need some help from anyone available

I just found out that I made it to the second of three interviews for this field engineer position

Can anyone help me with some interview questions? It is an advanced IT and networking position

I'll be going from data center to data center helping set up servers, maintaining equipment, setting up accounts, etc

They are also putting me into their cybersecurity development team to help with Dark site management and dark site network setup

I'm nervous and a little bit panicky, the next stage interview is tomorrow

What part do you need assistance in exactly?

Also anyone interested in a CTF challenge?

anyone knows what category should THM learning path certificates be submitted on the Aspen portal for ECE credits?

Do certificates actually count?

I'm assuming ECE is like CEUs. The organization should have a list of acceptable sources to gain those credits.

Certifications would make sense

I didn't mean it in a way that I hated dealing with people. The thing is I'm coming from the call center industry and I just wanted something that isn't such a grind being on the phones 24/7 back to back. It gets kind of exhausting so I was wondering if Net+ offered anything like that

Hi! What SANS certifications (from the 500+ courses) are a real career booster? Is it even a thing or are all of them equally good?

in General, the 500 courses are good, I'd take what you are interested in and how you see your career goals. The 400s, not so much

"depends"... like you could potentially get a junior network admin job although CCNA would more likely get you there, you would most likely be dealing with customers in person and maybe occasionally on the phone

Well, I have some thinking to do in that regard... Since I want to do security research, but there is no real path to that. It's just, well... doing research and publish stuff in order to get there and apply for those positions. I'm currently working as a Security Analyst/Solution Architect helping the SOC have better detections, find use cases for logs that we have etc. And my manager wants me to "become and expert in endpoint security", so I figured I'd take the SEC555: SIEM with Tactical Analytics which leads to the GIAC Certified Detection Analyst (GCDA), this would help out immediately for my job but long term I don't know. If it were entirely up to me on what to take I think I'd go for the malware analysis course (FOR 610), as this is something I find fascinating. I don't know where I'm going with this, I'm just rambling at this point

Howd u get the job u are at right now? You are at the place I want to be

As an education I have a BSc in CompSci, MSc CyberSec, did CTFs all throughout Uni (still a noob tbh). Then I was looking for my first job. I sent my CV to a company through a contact, their CISO-Division asked around who could use someone like me. Had an interview for SOC Analyst Tier 2, and the position I'm at, both were interested so I could choose. Started in October. And here I am.

Hi guys, this was probably answered million times but I need help which certification to do first... I'm currently working as a sysadmin with 2 years of experience but I want to pivot into cybersec. I've been doing CTF on tryhackme for a whole year as much as I could and would like to dive into a certification so I'm more likely to get a job offer in the field. Considering I have experience with networking (Certificate of higher education Systems and networking 4 years) where do you think I should start? ejptv2¿

what sector within cybersec are you interested in

security engineering would probably be a very simple transition from a sysadmin

Hi guys, I just wanted to ask if anyone has gotten an internship or job in cybersec in the US/UK from another country? Are employers less likely to consider due to having to apply for a work visa?

Ive been doing pen test the most but I’m open to almost anything at the beginning to be honest

internships in the US are largely reserved for those in the US enrolled in US universities

Anyone from Germany here?

Hello everyone.

I'm hoping to touch base with some folks in the gov't/contracting sector about opportunities in pentesting. I am reaching out here as I do not currently work in this realm, nor do I have any contacts. I'm new to the pentesting domain, but have dipped my toes into many areas within IT, and feel like this is what I would like to specialize in (thank you, Darknet Diaries). I'm not necessarily looking for a job right now, but would consider it if some OJT would be available. Otherwise, I'm cool with adding to my knowledge base for a year or two.

Here is a little bit of my background/experience:

• Active TS/SCI (would prefer to keep this if possible)
• Certs: A+, Net+, Project+, Sec+, CIW Professional, MCP, PMP (expired)
• Over 15 years IT experience in various roles

I would appreciate any information/advice others have for pursuing this career path in the gov't/contracting sector.

Thank you very much!

Edit to add:
I am a military veteran and currently work for a US defense contractor. Combined, I have been working with the DoD for over 20 years. My current role requires a TS/SCI clearance and Sec+, but does not involve cyber security, and I have no professional experience with pentesting.

I'm looking to network with others working in cyber security as DoD contractors to get advice/possible job opportunities.

Depending on how large of a contractor you're talking, your best move might be internal.

Pentesting as a Fed Civ seems to be kind of rare, at least from what I've seen, and it's contracted out. Obviously, your mileage may vary depending on what kind of project/group/agency you are with.

The reason I suggest an internal move is that you can make it known you want to switch and then work with them to get the relevant DOD 8570 certifications

I agree with trying to move internal if you work for a larger contractor. People move all the time from non cyber to cyber jobs. Also try to connect with your internal cyber team regardless. Are there various cyber events throughout the year? Get involved if you can

also get involved in local hacking conferences, if you happen to be in the DC area, Shmoocon is one to know as well as things like Bsides which happen all over and depending where you are, others probably exist

Shmoocon unfortunately sold out in less than 30 seconds. I was going to try and go lol

yeah its been like that for years

although some companies may have tickets if they do sponsorships

What happens at Conventions exactly? Are they just a place to make connections?

Networking, sometimes recruiting, tech talks, etc

In terms of work life balance, what steps do you all find effective in limiting anxieties about work, especially in a work from home context? I’ve made many steps to limit this, especially with devices that are more disconnected from social and work, but that doesn’t always solve the “me obsessing” issue lol

Main concern at the moment is my boss asked me how to solve a VMware server cluster problem that was important enough for me to escalate to him. Except he asks me 15 minutes before my shift ends. Fair enough, I do often solve problems that stump him but ugh, just leaves it looming all weekend. But I’m just venting lol

It’s just not fun after a week of small business issues lol

Do you get paid overtime?

Nope, I’m an out of state independent contractor technically because that was easiest for this small business and distant remote. I did sorta get grandfathered in to be fair, but nah only on-call time is time and a half

For me personally, it would be a "see you next week" thing

As in, it's not getting worked on until the start of the next business week

Yeah it really is, I just have this troubleshooting obsession where I have to fix the issue, especially when the boss proposes it to me. But you are right, I’m being silly

If you have flexible hours, I would consider working but then taking those hours worked off the next week

That is normally my approach when it’s not our most important VMware server cluster lol

I think I technically do, and would be neat to take advantage of that, remote workers just currently work the same hours but I’m basically doing level 2 sysadmin and infosec most of the time

Yeah, my timecard is bi-monthly, so I have a set number of hours I need to work between the 1st to the 15th and then 16th to the end of the month. If I work on a weekend, typically traveling, ill not work another time in the pay period if that makes sense

My company technically doesn't have OT, but when I have gone over they've allowed it to be paid out at my salary level or bank it as PTO

My only concern is if I open myself up to abnormal hours, the help desk folks will be resentful as I’ve been taken away from our very small pool and that I’ll end up working even more since I’ll feel obligated to work normal hours and then extra, but yeah I don’t get formal OT

this is an MSP so all the hats, I landed in infosec, compliance manager, and sysadmin as my primary but still have to do help desk when we’re short on staff. But I’m not complaining too much, help desk does directly inform infosec goals and ideals honestly, seeing what the end users need even if they are the bane of my existence lol

Yeah, I think it's important to respectfully set boundaries and this is one of those times.

Juun or Zojja are probably better equipped to answer this question, but that's just my perspective

Yeah so far my boundary was to stick to my normally allotted 8 hour shift as with in-office techs. There are honestly times were I feel compelled to continue working since tech is my thing, but I’m not on salary I’m hourly. I think that’s the big distinction in my mind

No you’ve been very helpful, and if nothing else it’s been nice venting. Thank you!

Gave +1 Rep to @stoic cave

You're welcome

ask your PM. It's very unlikely that you aren't billing yourself, that there is a company you work for who is doing the billing. It needs to be included in the burndown rate, and if they don't want you burning hours super early.... they shouldn't task you a multiple hour story so close to the end of the work week

are you filling out a 1099T self employed tax form and doing quarterlies?

This is an MSP of 6 techs after our last round of firings, you may overestimate our scope heh. My boss is the CEO. But hey we were doing interviews to replenish the tech pool today

No no, not overestimating the scope. Your MSP work contract should have clauses about this, and the SoW should be further used to decide what is or isn't in scope for you to support and when

This is my first year doing this, my SO is in the exact same position with this MSP. His position was just to take a loss on the quartlies since it was barely an issue but I’ve not faced my own tax season yet

Value your hours, or they'll get used to abusing the MSP stuff

Be sure the extra hours you work are noted somewhere, and you should have a supervisor managing the relationship between you as a contractor and the MSP

your contract ought to have a defined action for "out of normal hours" requests and billing beyond 40 hrs

The company has a certain allotment of hours budgeted and that's how this stuff gets billed. If you are on a lump sum for a long contract, stick to the normal office hours

Honestly all I signed was the NDA, I’m serious when I said I got grandfathered into an already makeshift situation

It does sound like I can add as much hours as I want theoretically and I’m sure they’ll love that, I just don’t get proper OT

I’ve easily surpassed 40 hours a week on many occasions anyways

Yeah it does really sound like my company didn’t do their due diligence making this a sound solution for remote workers, but unfortunately that’s been the name of the game so far generally. Our techs do a decent job mostly, just small business things

Honestly you’re not wrong and my lack of a formal contract is a major concern, I will bring this up with our office manager

This was a massive massive help, thank you @flat sedge

Gave +1 Rep to @flat sedge

I knew this setup was unusual but didn’t fully realize how out of the norm it was

I don't work over 40 hours. I'd say something like 'I already have plans after my working hours so this will have to wait til tomorrow'

Thanks for the info. It seems more likely to get work as a contractor, which I would be fine with as that is kind of what I am doing now. Just trying to get a feel for which companies would allow me to work a pentesting role and are looking for people who have/need TS/SCI.

Gave +1 Rep to @stoic cave

I appreciate the input. Due to my current role/location, online is currently the best option. For now, I will look into the different online communities and see if any opportunities pop up. From what I have seen so far, they do happen relatively frequently!

https://www.youtube.com/watch?v=3ctQOmjQyYg

Oh I live near one of the next ones!

They cost a lot tho damn

Defcon is fairly cheap compared to others. Black Hat, a con run by the same guy who started Defcon is up to $5k depending on your ticket tier

👀👀

Why is it so expensive?

Because its an industry conference

So like people get paid to talk there is that why

It's expected that your org will be sending you to Blackhat

Defcon is more personal choice

So it's like $300

Because cybersecurity is worth a lot of money. Organisations can spend hundreds of millions a year on defending their infrastructure and systems

Oh so black hat is usually company sponsored but defcon is just a you want to go?

Industry conferences will always be more expensive than "for the love" conferences

Defcon still has industry, but it's not solely focused on industry

Oh ok

Local Bsides are always a good way to get in to conferences. Local area and low cost generally

Bsides?

Then as far as the cons people travel to, Defcon and Shmoocon have probably the most name recognition

Defcon is a hacker con set up by hackers for themselves, they were the first con to invite governments and companies into the hacker world but it's essentially for the hackers, by the hackers.

Blackhat is a conference set up for organisations to learn from each other and to understand cybersecurity better

Ooohhhh

https://en.m.wikipedia.org/wiki/Security_BSides

Defcon is one of the cons that's known to encourage the kind of play that hackers like to engage in... Hacking, CTFs, sharing ideas, drinking, partying, going to lots of talks... Crazy things happen at some of these cons. You should check out the Youtube channels for them

Yeah, I was planning on going to both Blackhat and Defcon this past year. Plans fell through though

This sounds really fun! Now I’m thinking of attending, won’t need to travel or anything so yeah!

Was going to turn off my phone for the entire week and pretty much only use cash

Yeah it's in Vegas in August. Hoping to get there too

Oh and a Faraday bag

Yeah that's my plan. Hotel safes aren't exactly secure either by the way

Oh i know

We weren't going to be staying in a high traffic area persay

There's plenty of ways to stay safe at these things

Yeah

All about being smart and not having any electronic devices on you

But then how can you do the ctf?

Watch

Not that I'd be on a level that could even dream of being on a team contemplating trying to get to defcon via the ctf

How would u get into one of those kind of teams u think?

Hi guys.

Is anybody here from Romania, especially Bucharest? 🇷🇴 PM me 🙂

I'm thinking about moving there for a while.

what kind of interview?

@upbeat osprey We don't do that type of things here.

guys, is ejpt better than Security+ when it comes to Entry level/intern jobs ?

Why not it's basically like career questions right and that's what the board is for

It's just a pretty small one about their career, how they got there etc. And I need to record and make a transcript of it

A moderator just said that we don’t do this here, please do not ignore them.

You would need to be really good, top tier at CTFs, possibly be on a college ctf team or have reputation with and be close to various people in that sector

Yr 12 A-lvl student seeking cyber sec work experience. Goal is to become red teamer. Appreciate any advice or opps. Thanks!

If your goal is to be a red teamer, you have a lot of interesting work to do. You'll have to be knowledgeable in Windows, Linux, Networks, perhaps bash/python to some extent, pick up a little bit of programming knowledge as you go too.

Most places providing work experience in cybersecurity are doing so as part of a college/university undergrad/postgrad programme. It would be a good idea to improve your skills through a degree process if you have the opportunity. Otherwise, gaining some form of professional certification can be beneficial. CompTIA Security+ or ISC2 SSCP or Offensive Security OSCP are very beneficial, you'll see in job search what they're looking for.

You would usually need some experience in a professional working environment. Most people start in IT Helpdesk or QA and move on to sysadmin or programmer or network engineer prior to working in cybersecurity.

As for becoming a red teamer, you would need a thorough understanding of penetration testing, legal and ethical obligations, responsible use of tools and techniques, learning how to document your activity, writing reports, giving presentations and a whole lot more... It's a long road to get to that level and there are a lot of other opportunities in cybersecurity as you go...

Thanks, what kind of work experience should I do if I'm in full time education? I will have one week in July dedicated to work experience.

bt came into our school during y12 see if they have anything

zooming out. Any conference, gym or club with a goal has to manage who enters in order to achieve that goal. Creating a financial barrier is the most straightforward way of ensuring that only the people who need/should be there are there. If DEFCON was $10-40, tickets would sell out and you'd get a ton of no shows or casual fans blocking out more ideal attendants for the goals of the conference.

Anybody have experience with taking the infosec route through the military? I just graduated from a fast track BCompsci (wasn't able to clinch a co-op in that window). It seems like the fastest route to Malware Analysis, but the 6 year contract (i'm 30) and potential income ceiling is causing doubts.

But I am fucking struggling out there for anything.

Try with BT, like @static tide hinted. I've worked tech support with them. Look for other telecoms/IT companies and just ask for experience

Plus, up until recently, DEFCON was solely a cash on the door conference. You get in by queuing up and paying. No names, get a badge and away you go. This past year you could book online but whether that continues is up to them

There are routes other than the military to get into cybersecurity. Plenty of success stories on the THM blog. The Tribe of Hackers books have a lot of good advice for careers/certifications etc

It was online payment for the Defcon at home years. iirc 2022 was cash only again

They had an online payment option in '22 I believe but cash on the door was always an option 🙂

Hmm, I'm not seeing that

And there were no online options when I was planning last year

Blackhat also says cash only for defcon tickets

When you buy your black hat ticket you get an option for a DEFCON ticket/badge. They give you a voucher and you go collect your official badge from defcon

https://defcon.org/html/defcon-30/dc-30-index.html

Huh

If they do it again they'll announce it in a few weeks, same as this one

Yeah, obviously I was searching early. I never saw that post and Blackhat says the opposite.

i do have those books from a humble bundle. that's a good pointer. I'm weary of promotion from platforms tho of success stories. there's potential for survivor bias for sure

like for every, i grinded THM and 3 months later i got a SOC LEvel 1 role, there's like a 1000 who started at a help desk

in Canada it seems the expectations for entry level are much higher then entry level in the states (especially the Detroit jobs i monitor)

Oh for sure, not everyone can get a job based just on their THM experience. In fact, in most cases you would probably list THM as an education or extracurricular activity in addition to what you've achieved or are comfortable with

should i highlight path certs from THM , my rank or both under extracurricular on a resume. I've notice my resume isnt even being seen after doing the linkedin premium trial

They're goign to keep the online option this year and the price for this one hasn't been announced. BlackHat and DefCon are separate conferences, even though they're run by the same guy so stick with the Defcon pages for up to date info

It doesn't hurt to mention it in an interview or cover letter but the rankings aren't that important. As for LinkedIn, you might need to go into the settings and change it to public, make sure your info is up to date etc... If that's the setting you want

When i apply i mean.

The path certs are certificates to state that you completed a lesson track. They show that you've worked through some learning environments but a certificate is not the same as a certification. They an show your interest in a topic but apart from as a discussion point on the technology and processes, they don't mean as much as a certification or a degree. By all means, mention THM on your resume/cv but your real experience comes from certifications

It will help to mention it at the end of your cv as a training resource/pastime/extracurricular activity and will help you discuss your new skills

Is Cyber Threat Intelligence a field with growth/in demand? I’m currently trying to consider paths in Cyber, and CTI interest me the most but I wasn’t sure how in demand it is?

I mean it is highly related to SOC type roles and there is a demand for it. It has been around for a while, just maybe not called CTI. I would say you should go for it if it is your interest.

And really I know a lot of people seem to be concerned about this role or that role and if it is going to go away... I've been in cyber for a long time and IT for a longer time, jobs always morph. My current job literally did not exist when I got into IT or cyber.

https://tenor.com/view/back-in-my-day-seth-meyers-late-night-with-seth-meyers-back-in-my-time-when-i-was-young-gif-20021069

hey gang, I'd like to ask about CRT via OSCP https://www.crest-approved.org/certification-careers/offensive-security-oscp-and-crt/

I have oscp. Does it worth to get a CRT since I can just buy it around $150 to $ 200

The equivalence is absolutely not worth it, no

CRT is useful because it leads to CTM -- it's otherwise dead weight. The equivalence does not grant CTM

Also means you'd need to resit either OSCP or CRT every three years iirc. Much easier to just do CPSA + CRT separately and maintain it that way

CRT does not lead to CHECK Team Member if it's granted through an equivalency btw

That's what I just said lmao

The equivalence does not grant CTM

Ah I didn't see that sentence

Fair 😆

Thank you guys, won't do it

What do you need to access a web application? i know it is web browsers but in one of my labs its saying that the answers is in correct

browsers without the s, "browser"

worked thanks

Yooo....I have one month before my company-funded PWK course starts for my OSCP. I'd like to knock out the PenTest+ beforehand, and I think I can do it. I've completed THM's Complete Beginner, Web Fundamentals, Jr. Pentester, Offensive Pentesting, and PenTest+ paths (took detailed notes the entire time). I've run through a slew of Easy/Intermediate THM/HTB boxes with success. I ran through JDion's PenTest+ course on Udemy (not great imo). Now I'm reading the CompTIA PenTest+ book for good measure. Are there any other PenTest+ resources you'd recommend?

You should do Dion's practice tests though. those are definitely worth it

What are the most useful certifications for employment

There's no "most useful" list. If you are looking for certs to check HR hiring boxes, best bet is to check local listings.

Thanks! I've definitely heard mixed reviews on a lot of the study materials. Seems a sizeable portion folks seem to think none of the study materials are remotely sufficient. That includes Dion's practice exams. Either way, I'll take your advice and run through them a couple times over the next few weeks.

Gave +1 Rep to @hexed magnet

Same^

If you verify, you can post a redacted screenshot here to get the most eyes.

!docs verify

Would you all think a healthcare sysadmin or EMR applications analyst be more appealing to transition into a blue team/GRC role in the future?

You could most probably become an IT Auditor in a Healthcare company. I'm not sure what the exact requirements for that though. I've seen some companies requiring a law degree.

UK people, anyone know if the gov offer any cyber entry level courses?

Go to nationalcareers.service.gov.uk. use google next time

I'm asking if the government offer if themselves, not external providers. Please read my question carefully next time

Please don’t be rude

The GCHQ does some cyber summer school thing but not sure if its the type of thing ur looking for

https://www.gchq-careers.co.uk/our-careers/early-careers/summer-placements.html

This looks really interesting, totally missed that...thank you!

Hey is it possible to get a cyber security internship without being in college?

Hey! so i am currently looking to further educate myself in the form of certificates and credible courses,

after having a small amount of experience in most fields, i decided my favorite's are pentesting and malware analysis

for pentesting i have a pretty good idea of what i want to do/get, however with malware analysis im pretty lost, my experience is pretty small (C & Assembly basics, with a decent understanding of encryption)

does anyone here have recommendations to really learn malware analysis that isnt books nor youtube that can bring my knowledge to where i can start in the field?

for the US, it would be very unusual, not sure about other countries

Hello friends! I have a question regarding educational requirements and finding employment in the realm of cyber security.

If you have a question, just ask

I am in my 3rd semester shooting for an Associate's degree in Comp Inf Systems, and spend time aside from coursework honing skills doing THM, Vulnhubs and others. Basically whatever tool or software I can get my hands on that I can break and fix, along with being self taught and fairly proficient with python and golang and some coursework on java. My school is mostly geared towards CCNA, A+ and Security + with some database stuff thrown in, an this new teacher trying to cram this Scrum process down our throat, which is not necessarily aimed at what I need for the field I wish to enter. I have been heavily eyeing transfering to WGU for a bachelors in cyber sec. To finish my Assoc or get a full Bachelor from WGU would take about the same amount of time and money, vs an Associate's from a California Community College look better on a resume, or should I just go for certs?

I have that homelab knowledge 🙂

If you've got the time and means, I would do the bachelor

I'm under the assumption that you have no professional experience?

I can build a house from the ground up with a smile on my face, but as far as technical experience, you are correct

And yes, I did google 🙂

Yeah, so juun can correct me if I'm wrong, but I would do the bachelor degree over the other options. A full degree will give more opportunity, afaik. Don't just take my word for it though, I would look on LinkedIn and other sites to see where people with that degree are placing

That's a good call. I know the bachelor is preferred, however I don't know how much (if any) credit WGU has among employers.

so linkedin is a great place to check, thanks!

nobody ever heard of my school anyway

Getting a BS is totally dependent on your financial situation and where you want to start in your career.

An accredited university is an accredited university - WGU is still new enough that no one really knows how their grads stack up to traditional state and private schools.

I've never understood getting CCNA certification, this coming from a guy that has CCNA certification. Every sane sysadmin that doesn't work directly for Cisco will get any other brand terminal networking appliances

Actually do malware analysis. Pick a sample that has been analysed several times and try to identify the IOCs of the sample. Then you go ahead and read the analysis of well-known companies to see if you got the same conclusion. But since you will never do purely malware analysis in a job you can go further and try to write detection rules for that sample that are deployed to a SIEM. Then you deploy the malware to see if your rules trigger as they should

"Detection rules" just take the hash value... Done ;) It's already been analysed

It's because Cisco is the most widely deployed networking kit on the planet by a huge margin and their training has always been quite thorough and consistently good. All networking kit follows the same networking standards and protocols but Cisco took the lead with training in the networking space and it's helped them sell a lot of routers, switches and firewalls over the years.

I held Cisco and Juniper certs and have worked with all kinds of networking kit over many years. They realised that training was a huge benefit in getting their kit and platform into networks in all kinds of organisations the world over

A lot of orgs will save money on other providers' devices. The core of the network is almost certainly going to be Cisco 80% of the time but once you understand networking, any kit can slot in once you know the interface

why would you assume scrum isn't what you need? Knowing agile practices is huge in IT and yes, in cyber security. Our cyber security teams all use agile processes of some kind and it is much appreciated when entry level employees already have some knowledge

I believe our SOC and red teams usually use scrum, meanwhile we use kanban

@atomic vigil I agree with Zojja. Having a basic understanding of common team organization processes and approaches is very, very helpful. To be honest, there is no such thing as a 'good' organizational practice. Every approach is a mixture of activities, balancing oversight and metrics against getting work done.

Part of schoolwork is to teach a bit about how working as part of a team functions, and agile practices (scrum in particular) are very popular ways of organizing a team.

CCNA is just part of the degree, the professor says that the certification is well respected due to it's difficulty, and cisco's market share, and basically guarantees you a job locally if you get that cert.

I was wondering if scrum was used elsewhere, IE security, which is what I am leaning towards, so thanks for the heads up!

Hey fellas,

I currently work as a L2 Help Desk Specialist I got a quick question, I had studied for the Net+ but I never took the the exam and I am now studying the Sec+ and I will be taking that exam. I want to be able get my foot in the door for the cybersecurity industry. I don’t really care for setting up networks but I do understand how information travels across the network.

Is it still possible to land a job with just Sec+ or would employers want to see some networking side projects? I also understand that having a Sec+ Cert. wont guarantee me getting a job just like any other cert, but are there any other certs/projects I should do to make myself a more marketable candidate?

Depends on the employer and what the job reqs you are looking at are.

Your first task as a prospective employee is to get your CV in the hands of someone who can do something about it - that means getting through the HR filters.

Thank you I appreciate the insight. I am not sure which what part of the industry i’d want to specialize in. I just know I want to learn all of it. I find it all fascinating to learn about and how its always evolving, but I wish I knew what my end goal is. I want to eventually one day investigate some crazy organized crime, but then im left with wondering what the road map would be to be able to be in that position.

Gave +1 Rep to @flat sedge

Law enforcement. Independent investigators do not lead very stable lives.

RIP

@flat sedge If you don’t mind me asking, is your current position in the cybersecurity industry and how did you get to where you are today?

My day job currently is not security. I went to school, and found myself out of my depth in the marianas trench of compliance.

Ahh okay. What would your ideal career be if you could choose?

I haven't figured that out yet. I move around fairly frequently to try my hand at different things. I've done dev, pentest, compliance, platform consulting, and now QA.

I too tried my hand at many jobs

People sleep on EJPT but i think its a great certification.

its good if you're new to pentesting in general

I wouldn't pay for it with my money and if work buys it for me, I'll try it

But once you do Jr. Pentester path and Wreath, you've pretty much touched all their syllabus

Think of yourself as a business, if you buy some X cert, what is the return of investment to you? what is your business justification on why you should buy it?

Cause all employers see is a shiny bit of paper ;)

Employers are like magpies for those kinds of things

It's always a toss coin when dealing with employers, whatever gets your foot at the door is good enough

honestly, elearn had a lot of promise, based on a lot of recent stuff in the past couple years, I cannot personally recommend any of their stuff to anyone

how are jobs like for reverse engineering, it seems like a very niche market

what are names of the jobs which are more beginner/junior level if not more then equal to IT audit and IT compliance? in other words, what do u call any same jobs as those or even lower

sry if question is confusing, pls let me know if you want to clarify

job titles vary and it also depends on country... in the US, you might see auditor, GRC analyst, security analyst or who knows what other titles

I have heard some mixed answers but is security analyst a entry level position?

It depends on the company. My company has no entry level job titles, every job title can be junior or senior

And I’m guessing junior is the entry level

Thank you!

Kind of but there are companies like mine that won't put the level in the job listing and we don't use 'junior' but something else... so you have to read the job listing to know

Interesting…

Thank you again

are grc analysts for fresh graduates? if you or anyone knows, what are jobs related to grc analysts that are for fresh graduates? if jobs such exist (very junior level jobs related to infosec)

job titles are weird. most of the titles in my area are security analyst and engineer but they pretty much do the same stuff (cough cough management cough cough) and tries to cover a wide area of security

I don't know about where you live but in the US, we do hire GRC analysts out of college

It's a very broad subject.

It is a good idea.

Gave +1 Rep to @broken idol

I want to learn cloud security, can anyone tell me where to start and help me with some resources

that depends on you... do you know anything about cyber security? If so, I'd pick a cloud (AWS or Azure) and look at studying for one of their certs, such as AZ-104 for Azure or Certified Solution Architect Associate (CSA-A) for for AWS. If you need to learn the basics of security, a good place to start is looking at the material for Security+.

Cloud Security is really the ability to know enough about security and enough about cloud to apply security methods to cloud

You do need a good understanding of computers, networks, operating systems, virtualisation, security and the cloud in order to really do cloud security correctly. Security+ and one of the cloud certs Zojja noted above. The cloud security certs themselves are a good follow on. THM will teach you a lot about security. I've used A Cloud Guru to learn cloud tech

Yeah ik about security, I'm even preparing for security+ exam, thanks for the reply

Gave +1 Rep to @pseudo creek

Thank you for the guidance

Any opinions on the PNPT cert by tcm?

its good

is there anyway to get an entry level pentest job in uk. I've trying for 3 months now. Everyone is asking for 1 year industry experience atleast. I have around 6 months of internship experience & I'm eJPT certified. Am i doing something wrong? If no one willing to give me a change where the hell I'm going get the required experience?

Networking is a good way.

Currently a senior cloud infra/devops engineer with about 15 years exp. looking at moving to infosec, think it's possible with enough effort and training to make the switch to at least mid-level position despite no industry experience? The hardest part about a career switch is the idea of dropping back down the ladder :/

sure, I work in a cloud security group and we hire into our group, people come from security backgrounds and cloud backgrounds.. I think if you look at something like Security+ and start getting versed on security, you'd put yourself in a good place

Hello! Did somebody here have done OSEP?

Are you already working in cybersecurity? Have you considered a post in a SOC or a security engineering position? Pentesting and Red Teaming roles are some of the most competitive roles in cybersecurity. You're not doing something wrong but perhaps consider advancing your certification to OSCP or something approaching that level like the TCM PNPT or the Zero-Point CRTO certs or even the HTB CPTS. In pentesting, you need to always be demonstrating improvement and there's a lot to learn at that level.

Some people have done OSEP. I'm sure they'll mention it if they drop by but from all I've heard, it's a great next step in your progression and the OSEPs I know personally would recommend it. You've done OSCP so you know what's expected of you

It's possible, but remember that pentesting (and offensive cyber security generally) are not usually considered entry level positions. Traditionally they are where you would go after spending however many years in dev, QA, SOC, GRC, etc. It might be worth widening your net for a little bit. Do some time in a SOC, for example, and build experience that way. That's a really common way into it, and also has a bunch of benefits in terms of gaining IRL experience from the other side (which is A) invaluable and B) pretty much exactly what they're actually hoping to see in offensive candidates 😆).
Good luck! 🙂

Hi all, I'm new to the THM community. My employer wants me to transition into a new cyber security position, which is something they've never had before. I am also assisting in developing some of the competencies around this position since it is novel for them. I am trying to figure out the scope of this position and what would be ideal for the company. Based on conversations I have had with some managers and the new security director, we are looking at creating our own SOC with the possibility of doing our own in-house pentesting. As part of trying to figure out the competencies for this position; I am trying to develop a road map for myself on what I should focus on learning so that I can make this transition . Any suggestions would be appreciated!

oh also about my background. I have about 7 years experience as a system admin and 3 working on a help desk. I'm pretty proficient with using Powershell and have been tinkering around with Linux as I know this will be a key area to know for this position. Been looking at doing the SSCP, but from previous chat's I see a lot of people go with Sec+ as a starting point.

Hey, I'm an American college student attending WGU and I'm looking for a job. I have no work experience except for fixing people's computers under the table but I do have my CompTIA triad. I'm more than happy to start in IT as I understand that cyber isn't entry level but I'm having trouble finding a job that will accept someone with 0 experience. Any advice?

I would say try sites like HackerOne, TryHackMe, Hackthebox, Portswigger etc and add your scores and progress to your Linkedin profile. Show recruiters that you have experience through other platforms and if they don't want to hire you guessing it is their loss. If you have CompTIA certs it would be quite easy for you to find a junior pentest internship opportunity though. if not you could try freelance through HackerOne and Udemy however that would be much harder to do.

Thank you!

Gave +1 Rep to @minor dust

How much experience would it take to be able to actually make money through HackerOne? Could I actually be useful as someone who's pentest experience is limited to the easy learning paths on tryhackme?

It really depends on the company tbh and I don't really know what you specialize in. It would be nice for you to sign up for it and look around anyway. You show interest in your field and recruiters like that. There are a lot of things I don't like about HackerOne myself. If you come across a vulnerability that is not in the scope you ll never get paid. Even if the finding is within the scope, the company might say that the finding is a duplicate from someone else and such. I would still advice you try it out and see if you like it but be aware that moneywise it is not the easiest to make much income.

Starting off a cybersecurity division in your organisation is a great idea and something that usually requires a lot of learning and expertise. You say you have a new security director, they should be well versed in the needs of an organisation with respect to cybersecurity. Firstly, SSCP is a worthwhile goal and is equivalent to the content of Sec+. CompTIA, the producers of Sec+ are great at producing introductory certifications in various aspects of IT. ISC2, the people who produce SSCP, specialise in certifying cybersecurity professionals to a higher level of expertise and gaining and maintaining the SSCP and progressing towards their other certs, such as CCSP, CISSP and others is worth pursuing in your cybersec career.

Setting up a SOC and performing penetration testing are two jobs that require an experienced team to coordinate. It might be worth your while to explore various cybersecurity consultancies that can help with assessing the organisation's security posture and helping to formulate a well managed security plan, as a SOC and penetration testing, while necessary, work best when you have in place a functional security apparatus with the appropriate standards, policies and procedures to manage your statutory and auditing standards compliance.

Penetration testing in-house is only something I would suggest to a well-established organisation with the proper regulatory support and experience. Relying on in-house penetration testing in an organisation that is only setting up a security apparatus means you likely won't be equipped to adequately and correctly perform the duties needed. The same is true of SOC duties. Many companies will hire and consult with third parties for these tasks

Building a security apparatus is a necessary means to ensure your organisation meets the needs of your customers and investors.

Thanks for your reply, really appreciate your insight! The one thing about our security director is that the experience he brought was more for physical security and policy making, with a very limited understanding of Cyber Security. We are an avionics tech company and he held a security position with an airline so his experience in aviation industry is what got him in. He will lean on me from time to time to explain stuff on the Cyber security side of things for the company. I definitely get that for the SOC and pentesting, we are a small company of about 70-100 users and I'm just 1 of 2 guys supporting the corporate IT side of things at the moment. Hoping as we start to grow as a company I can push for us to hire more ppl for a SOC.

Gave +1 Rep to @rugged delta

and from what your saying as a starting point, I should look at sec+ to get myself up and running then look at SSCP as long term goal.

With respect to certifications, going for Sec+ or SSCP are equal in their value. Both cover a great deal of information suitable for someone learning cybersecurity foundations. With respect to founding your own SOC, there is a lot of preparatory work to be done and it would be a good idea to consider an outside company to manage your SOC duties due to the complexity of such an operation, until you are comfortable and capable of performing those duties in a compliance-grade manner. Monitoring and maintaining your network are of course valuable goals. Best of luck with it

Yeah, speaking with my security director we both agreed on this and may try to push to least bring in a resource that can help establish a soc and that I can work with while I gain experience. Thanks again!

Gave +1 Rep to @rugged delta

If you'd like to post recruiting links to our #jobs-board please discuss the matter with @tacit bobcat first.

Guys i just landed a Jr. PenTest job in my country hahaa

I DID ITTTT

congrats

thank you

Gave +1 Rep to @maiden thunder

Hey guys, I was applying for some security jobs and I noticed an intern job for Brainnest, then I got a mail from them that they went with a different person but I can sign in for a training program that's 149Euro. I mean.. i'm pretty sure this is a scam but.. is there any chance this might be legit?

I've made my research online, mostly reddit and all I got is mixed reviews so far

Hi guys, anyone having problems connecting to THM vpn today?

ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server

Issues with the THM VPN belong in #site-support. Also, I'm fairly certain that error, the part you clipped out, tells you exactly what to do if you want to connect.

yes i tried it but didnt get it to work at first, but now it works, seems like many had the same problem.

totally sounds like a scam

How hard is it to get a job in physical pen testing?

Oh Lord.
Is this, uh, something you have done before? Because the fact you're asking for founding partners in the THM discord would suggest not 😆

where should I look?

Oh Lord indeed lol

Do you know what goes into setting up a pentest in a safe, legal manner?

I was going to figure it out along the way

The main thing is - can you get paying clients?

Then you're almost certainly going to end up sued and/or prosecuted, depending on location.

Would highly recommend not going this route until you've got a fair few years in the industry.

For the record, that process would be to sit down to scope the assignment with the client over one or more sessions, then get a lawyer to draw up a legally binding contract to formalise the scope and absolve you of responsibility for likely risks.
You would also be advised to have insurance for more serious risks.

It's... not a cheap process, nor is it something you want to screw up. One misstep and you're in serious trouble.

I see

If you're absolutely set on starting your own business offering pentesting services, then by all means go for it -- but make sure to do a lot of research and consult with legal experts beforehand 🙂

And yes, as monokhrome says, you then also have to find clients looking for external tests, which means you need reputation before they will consider you for the contract.

I was thinking maybe Cyber Sec Consulting is more doable

Consultancy you're less likely to break stuff, certainly lmao.
Still need contracts (albeit likely less rigorous ones) and insurance, but you're unlikely to be prosecuted under computer misuse laws.

Same problem with reputation though

Can i work from home as a CEH hacker.. as a fresher as intership

If it were me, I would personally go work for a consultancy and build up a rapport with clients there. Get myself known in the industry for a while, then switch to starting my own business, go big on publicity, and reach out to those clients who already know and trust me to see if there's anything I can do for them.

CEH. Ew.

Are you asking if it's possible to get a working from home internship?

Cehv12 practical.. i am a beginner..

Yep

Point taken. Thank you Muiri

Np 😄

😅 okh .

Lpt will get me work..

Are you based in India (or wanting to work there)?

Yep in India

HR and job postings love CEH for some reason

Okay, so CEH is (unfortunately) actually a fairly good option for you from a HR perspective. Just be aware that from a practical point of view it's... not the best (largely outdated, often wrong). Not to mention how scummy EC-Council are.

That said, the Indian job market seems to love it for some reason, so get it, then forget everything and go learn from an up-to-date, accurate source lmao.

In terms of jobs, are you asking about internships or actual employment?

Thank you Muiri.. got it.. if i have to do level up my skill will LPT certificate work for it..

Because OSCP is tough so i am thinking of learning step by step.. and gain some experience in pentesting as CEH intership

I am asking for intership work from home..

That's another EC-Council one, right? Again, I have never heard anything good about their training. When they are brought up it's always just a case of "get them for job applications if you absolutely have to, but learn elsewhere".

If you're looking for something along those lines that would work as a stepping stone into something like OSCP, the CompTIA offerings are a decent idea from a training perspective (no idea how good they are for hiring in India I'm afraid, but they're well respected internationally). The ELS eJPT cert is also often viewed as a good stepping stone to it, although INE are having issues of their own from what I hear.

Or employment if this doesn't work for some reason

Ohk..

That said, for you specifically as a student, you would be as well learning from your course and from industry.
Remember that certs are only one of the ways in. Industry experience is arguably a much better way to learn. Personally I've found both to be useful.

It sounds like you're on the right track looking for an internship or part time employment. That's what I would suggest doing.
If you need CEH to get past the HR stage of applying to internships or employment in your area then (and only then) it is definitely worth doing.

Internships with working from home is a more difficult question I'm afraid. Many companies don't like you working from home at lower ranks -- especially in training positions like internships.
I'm based in Scotland, so my experience is biased towards where I am, but personally my internships were both hybrid -- mostly working from home, but sometimes needing to go into the office.
You would need to check the job postings in the area where you want to work, because it will depend entirely on the company and the overall industry culture for the area.

Thank you..😄 now i am clear...

No problem! 🙂

Is there a learning path or certificated course path to get started as ethical hacker and bug bounty hunter?

Hei, would recommend watching david bombal on youtube. Got many good videos about how to start, but its more about "you" need to figure out what you like, then "This is the way to go". Good luck

mhm i see thank you

Gave +1 Rep to @round path

but aren't there any certified courses?

im in collage having that certificate in my resume could be helpful, i think

@round path

Well i like this video: https://www.youtube.com/watch?v=jtLfX5_Lu84 if you want some beginner recommendations about Certifications. But again, this cost money, so would recommend you to do some study about what the different fields are, see if you like it with some free content and if the jobs are open in the field you go into. Specially for you as a student, to get a starter job in the career must be priority 1 right?

Video above is about Cyber security, not so much about Pen testing. But again he recommending doing some pen testing no matter if you go into security or not.
(Prob a lot i left out here. Im no expert in the field, but watched alot of content about this ).

Looking for some help. Master in Computer Science with Security+ cert and top 1% on HTB. looking for a SOC analyst role. Currently bartending. Thinking about taking the CEH even though I hear the cert isn't great for anything except getting past HR. I have a small SIEM for my home network and my web server, but other than that I have not SOC experience. My IT experience was a job as a Systems Analyst that started as an internship and moved to part time when I was completing my Masters. I finished in 2018. There's a gap because I had a family member who was terminally ill so i took care of them. Moved cities and couldn't get hired so I've been bartending since about 2019. Any advice or is this a thing that's "damn, that sucks" kinda thing?

Don't go for CEH unless the jobs you want demand it (and think twice about whether you want those jobs if that's their gold standard...). Unless you're in India where that seems to be quite widespread.
You've heard right there 😆

Certs that are applicable to SOC seem to be quite sparse afaik, although there are a few sites offering labs which are supposed to be really good. @ancient prairie would be a good person to speak to about that point if he's willing

If the selection process is anything like that for pentesting, the homelab should work very well in your favour, so maybe stress that. The other thing to look at is likely your CV. If you're not getting any bites on it at all then it might be worth getting someone to look it over, just in case there are weak points that can be tightened up with it 🙂
The gap probably won't be helping, so I'd personally suggest filling that with "Full time carer" or something like that if you haven't already. Just something that suggests you haven't actually been unemployed (even if that is actually the case).

Also, cliché advice though it is, it might be worth looking at other roles which can be used as stepping stones to move into SOC (or even potentially to move into cyber). Helpdesk gets bandied around a lot, but it's definitely a way in (assuming they don't think you're overqualified for it with an MSc) 🤷‍♂️
Tech job is a better position than non-tech job

With a Masters in CS, I'd be looking for mid to senior security engineer roles, analyst roles are going to be way underemployed unless it's a data science role

I think degrees might be given more importance in the states than over here tbh, but yeah, MSc they may not be looking for entry-level candidates

Which would put you in the unfortunate position of being excluded from entry-level positions by your academic credentials, and excluded from mid to senior positions by lack of industry experience

MSc will definitely price out or overqualify for entry level - the risk for the company is that the role will be outgrown way ahead of schedule, so it's a cost of replacement issue.

There are definitely firms that will lack of experience but that's usually a 'paid with a title' situation (my first 2 years in industry, actually )

Very different across the pond from what I can tell

Regardless, there'll likely be a degree of that wherever you are 🤷‍♂️

My first year, I was a senior infosec engineer and I was being paid roughly 65% of market value for that role because of my lack of experience

So it's possible, but be aware that those environments are..... inconsistent in their quality

Although may be the best way forward

Worth a try just outright not listing the MSc on the CV as well. I know a couple of people with PhDs who switched industry but struggled to do so with the PhD listed.

Like, don't hide it if they ask in interview, but also no need to put it on the piece of paper you use to highlight relevant experience that you want recruiters to use to judge your skillset on if it's detrimental to you 🤷‍♂️

Suggest me some tryhackme rooms that are suitable for me, I am a Student of Robotics and AI, currently in 1st year

you can try #878393611929129000

Hi guys, I'm new to the THM community and would like to ask which fields is the best for an entry role in cybersecurity – consultancy or in-house?

both will have entry roles, I've never been a consultant, other people have never worked in-house

@undone shore Thanks for the advice. I dont really want to do CEH and I know its literally a line to get through HR. I would rather do the eJPT because it sounds like it would be fun and be more of the kind of stuff I'd like to do anyway. I've applied to a few non cyber jobs as well. Helpdesk, Sys Admin, jr developer things. Even though I feel like these are roles that have an overlapping skillset, they do have enough of a jump where I feel like i'd be taking a step back from working in cybersecurity. That being said, i apply lol. That also being said, if I dont list my MSc, i feel like i have no credentials to really bring except a 9 month internship and Sec+. Either way thank you so much for your response.

@flat sedge agreed, I'd like to be doing more mid level stuff, however pretty much every job is looking for 2+ years non intern experience in either cyber or IT in general. I still apply if it looks like im qualified, but I hardly hear back from anyone. Also, I'm down to take 65% pay for these positions. Honestly, I've applied to internships as well, but most of these are for current students. The whole situations is pretty lame. Also, thanks so much for your insight.

Gave +1 Rep to @undone shore

do companies hire for compliance in cybersecurity for entry level applicants? am graduating from college in the spring w/ a degree in poli sci and am looking to enter technical role a few years later but want to enter the industry in the meantime, ik that compliance is a big aspect of cyber and seems fitting w/ my degree but am not sure if it is something people hire for

yes some companies do

Hey! Im currently debating on getting a OSCP cert if anyone can dm me and I guess answer some of my questions I'd highly appreciate that!

I meant actually ask your questions here lol

alright lol

Asking people to DM you isn't going to lead to success

just wondering how the OSCP process works

There are many people who probably have similiar questions. It's always better to ask publicly, as you'll get different perspectives.

The full process can be see on Offensive Security's Website

thats right, im sorry I just prefer private conversations but I will avoid it in the future to get everyones opinions

Just a question that I couldnt seem to find an answer is that once purchasing the course is it a collective of video courses?

like pen testers academy?

Does the Soc 1 path correspond with any certs? BTL1 or Cysa+?

do you have any info on what companies tend to do that? or what keywords/terms to be searching for?

Videos, a PDF, and a hosted lab environment

• the OTL these days

Lot nicer to follow than the PDF

A recruiter contacted me with this job and the title was quality and control officer. Thought the tasks were like an ISO(info sec officer).
My end goal is CISO and wondering if this is a good step.
Doing a part-time cyber sec school and got 2-3years left. Currently work as a sysadmin

**What are you going to do
The function is very versatile. In this new role you analyze, coordinate and control all business processes. Your contribution raises awareness among colleagues, giving them an even stronger focus on quality, security and privacy. They work according to ISO standards 9001, 27001 and 27701.

Your activities:

You make risk analyzes of all business processes;
Based on your analyses, you propose improvements, record them and implement them;
Coordinating, supervising and conducting internal audits;
Drafting quality plans, standardization & advisory reports in consultation with internal stakeholders;
You encourage colleagues to contribute to the processes and the quality of the organization;
In short: you are the central point of contact when it comes to quality, risk analyzes and process improvement.**

This sounds much more like a governance role

haha everybody is saying different things

htb is saying Continuous Improvement Process

ISO standard inclusion makes me think that this is a compliance-alignment role, to ensure processes and policies meet the standards

ok. And the job title?

never even heard of it before. Hope i can change their mind to change it maybe after i join

which job title would better fit these tasks?

Titles are largely meaningless outside of the org; the same title at two different places may be wildly divergent in daily tasks

True

Gonna go for it

Thanks

Gave +1 Rep to @quick forum

larger companies and companies that tend to be beholden to compliance requirements so think banks, health insurance companies, defense companies. I would search "GRC" as a keyword or you could search specific compliance programs such as 800-53, CMMC, HIPAA, PCI

Security Compliance role for sure. 🙂

Thanks mate

Gave +1 Rep to @distant pier

The title isnt catchy. Would it be a good idea to ask them to change it? It will be a big step for me but thinking on accepting it and change the title later on hopefully. Never heard of this title before lol

Q&C is more encompassing, as it also includes quality, risk, and privacy, instead of only security.

ok nice thanks

Def gonna do my best to get it then

hello

job titles very rarely align with what you actually do day-to-day or are vague enough to be all-encompassing and thus don't really matter much - when you move on from a role you can call your previous title pretty much whatever you want

e.g. my title is Senior Security Analyst but almost exclusively deal with Threat Hunting and Detection Engineering

so ill probably put this role down as Threat Hunter/DetEng/SOC Analyst depending on my next move

I agree as a Cyber Security Engineer that has done financial planning/budgeting

Hey quick question. I'm going to be a CS student soon and I'm interested in both cyber security and software engineering. What kinds of things can you do within cyber security that deals with software engineering?

If i am not wrong you can search for DevOps

Detection Engineering uses a lot of the same principles; we have build pipelines, sprints, code-versioning and testing, product lifecycles, etc..

Thank you!

Gave +1 Rep to @ancient prairie

Using red team tactics to improve your software's security, knowing the common pitfalls in secure coding and avoiding them, proper logging and monitoring of your software to detect strange and unusual behaviour, among others.

Hi guys, question, if i wanna pursue a career being in SOC, how would i begin learning ?

Any help is appreciated

Depends on your experience to date. I would recommend the Paths on THM, Intro to cybersecurity, Pre-security, Soc Lvl 1, Cyber Defense but also learn about the attacker side. Have a good understanding of networks, Linux, Windows, read the Tribe of Hackers Blue Team book, consider getting Sec+ or SSCP, CySA+ certifications. There are a few Blue Teaming specific certs around these days but companies generally have their own guidance in what they want in a blue teamer/soc analyst. You should look at the job descriptions for SOC/Blue Team positions and if you're happy you have a good chunk of the skills they're asking for, you should apply. Most companies at the stage of having a SOC are organised to some extent and will have a training/progression plan

Alright, thank you so much

Gave +1 Rep to @rugged delta

Thank you!

Gave +1 Rep to @tacit bobcat

thanks for this!

Gave +1 Rep to @pseudo creek

Thanks for info, even if it wasn't for me. I'm going to look for the book.

Gave +1 Rep to @rugged delta

If you want advice about books on any topic, hit up #bookclub

I got a question, do I need to take maths in senior year of high-school or in grade 12 to apply for a degree in Bachelors of cyber security. Currently I have taken computer science, business studies, marketing, English and sociology in grade 12

You should query the college you plan on attending but most IT/cybersec/comp sci courses require a good foundation in maths. If you're studying cybersecurity, you're going to be learning about software engineering, cryptography, networking and other things where an understansding of complex mathematical concepts is a huge benefit.

The courses also usually have their own modules to teach you the mathematics you will be using throughout the course but having a strong foundation is a good idea. Maths really is only as difficult as you want it to be for yourself. Start simply and build up your skills as you go

Is there any way without A level maths and instead getting some certificates through courses or exam relating to math

What courses or certificates do I specifically need to do if I didn't take maths

I think you would be better off talking to a school counselor in your school/where you want to study

Well I don't know your circumstances or country. You're better off speaking with your school and the college you want to go to about what you require

Ok thanks for the info

I need to go in cyber audit domain. Where I want to start?..

i didn't take math ij highschool, but i do have it as my university subject. depends on the curriculum.

Hello, looking for advice or assistance. I have recently been looking at getting a job in cybersecurity but have been getting a lot of rejection based on my experience and knowledge being too little for the senior positions everyone needs. I don't have a Bachelors degree but do have an Associates and a lot of certifications related to IT. For example, I have all the CompTIA certs from the CYSA+ and below, the eJPT, ITIL, and an AWS cert. I also have a year and half experience as a tier 2 service desk technician. Right now I am working on the OSCP to solidify my resume in a way, and since I already spent the money on it, at the very least I am going to be doing that. However I would really like to get on the ball in terms of finding opportunities and people interested in someone like me despite the lack of education, aka Bachelors, and senior level exp. Just trying to find a door or connection to help get me started. Any help in this is appreciated. I was out of work from assisting with family matters, but now that is behind me and am free to move anywhere in the country for this (U.S).

'senior positions everyone needs.' There are no junior or entry positions?

OSCP is a good move

None that I have seen, I have been looking for awhile now. 6 months. It might be the area I am in in but hard for me to know more that what is in my current living area. Hoping maybe someone knows something I don't in other parts of U.S.

Hi, I’m a little over a year out from getting out the military and am currently trying to get an associates in cyber security. My knowledge is minimal in the field and haven’t gotten into my core classes yet that go in depth with the field either. My goal once I get out is to move back to California (LA area) where I hope to find a job as a cybersecurity analyst or engineer. Does anyone have tips for me? Certain certifications I should try and get before I get out? Watching certain content creators?

Oh what course did u take in uni

I love to slove ctf give me some suggestions for my career

Security+ is a solid choice without knowing what you want to do. Once you get a better feel, there may be able to figure out what other certs would work.

Hey guys, I'm looking for summer internship in UK (remote would be perfect but can relocate for few weeks) strictly in cyber/pentest/incident response.
3rd year of cyber security and forensics student (Scotland). if you hear anything let me know! thanks

Can i get the security+ cert without CCNA or network+? I have solid network knowledge

Yes. You need just basics of networking and ipv4 to get sec+ don’t need cli config knowledge or protocol config on routers / switches. Although that should be next on your cert list to maximize your security knowledge

Sec+ makes the assumption that you have equivalent background knowledge to Net+. If you have that knowledge, you're good to go. If you don't know networking, things could get rough.

I had an abnormal number of PBQs on Security+ and 75% were related to networking in some way

Greetings all… looking for some feedback and suggestions… i am a hospitality professional working in Sales for a All inclusive resort and looking to change my career into Cybersecurity.. i was network plus certified many years ago so i have understanding of networks because i needed to update myself i have recently completed E- Councils 3 course Essentials and i am more than half way through the Soc1 learning path and will complete as many of them as i can.. im interested in a Soc analysis job or pen testing… i have also signed up to take the soc comptia certification in March i also have Global MBA any suggestions on what other certifications i should work on? How can i convert my experience? Looking to learn, network, join bootcamps and or internship…. Looking for an Entry level in.. let me know.. thank you..

Splunk is pretty useful as well, they have a variety of certs

I’m in a similar boat.

Thanks

Will check out Splunk

Cool what paths are you taking

In school for IT and Cybersec. Planning to take Sec+ by the end of next month. My issue is I don’t have much professional experience.

Yea understood

I just updated my resume and would like to post it but not sure if this would be the proper thread. I have been working 3 years in a NOC and have my Security +. I'm looking to get an entry level SOC or incident response position.

I currently live near both Tampa and Orlando FL and would prefer a remote position but I am flexible.

Is there anybody here who is a 17C or 17E in the Army or National Guard? If so, can you hit me up? I'm trying to join the reserves after AD and have questions about it

Hey there, this would be the right channel 🙂
Just make sure you get rid of any personal information, so that nobody here can doxx you

And keep an eye out on #jobs-board for any roles, where I work we've got an office in New York and Houston but no security related positions open there right now

Okay thank you. So would having my email and just the city and state that live in be okay to leave there.

Hie

That's your choice, personally I'd get rid of that too and just keep the content there. I'd probably go as far as removing companies and using maybe generic names such as "health agency", "finance company", etc.

I believe what you're looking for is some feedback on the content 🙂

Hi Everyone, I'm new to this Discord and I'm sorry if this is out of place. Just let me know and it won't happen again but I want to mention that I am looking for a job in cyber security. I love doing CTFs, I have a growing portfolio(https://brendanfrisby.live), and enjoy collaborating with other people on projects, or just meeting people who have the same passions as me. Feel free to reach out. I'd love tips, mentorship, to be a mentor to someone newer, or any connection in the field I can make. bfrisbyh92@gmail.com, Thank you!

Hiya, so I have a doctorate in pharmacy (no bachelor's, weird program). Haven't been getting calls for IT or blue team jobs, but got one callback for a GRC role. Thinking of doing WGU's BS in cybersecurity and information assurance to make myself more marketable. It comes with 14 certs and foundation in python, SQL, Linux, project management that I could possibly add on to my resume. I already have Net+, Sec+, and CySA+ so I plan to transfer them in for credits towards those classes. I'm pretty set on getting a bachelor's to add on to my home lab projects and networking.

Question is, is it harder to seek other tech job opportunities with a cybersecurity/info assurance degree compared to getting a BS in comp sci/cloud computing/IT if I end up not breaking into cyber (i.e. data science, sysadmin, programming), or does the degree type not matter as long as I have projects, a GitHub, decent performance in technical interviews, etc.?

hi guys im new here

im just starting in my career how to get get started

The degree looks quite promising. It seems quite a comprehensive degree course with a variety of skills relevant to many areas of work in the field. A lot of the information is related to foundational certifications in IT, but there are a lot of criticial skills taught in the other courses you are able to undertake. The skillset outside the certifications is worthwhile but the certs themselves could be pursued and acquired much more affordably without subscribing to the university's program, and most people pursuing foundational certs would generally endeavour to acquire a handful. Being able to demonstrate competency in the areas covered is critical and having a bachelors' qualification is highly advantageous when job seeking, though it isn't essential. Also, holding a BS in cybersecurity wouldn't necessarily exclude you from other IT roles, as there is a lot of crossover in various fields, and it demonstrates your ability to learn, adapt to and perform on a variety of skillsets.

Holding Net+, Sec+ and CySA+ already would give the impression that you have a certain level of comprehension so it might be more beneficial to pursue more challenging certifications, such as the OSCP & CISSP, both currently industry leaders in certifications or other specialised certs in the field.

You might like to read the 'Tribe of Hackers' books, each a collection of interviews with experts in the various fields of cybersecurity, discussing several ways to progress your plans to working in the industry.

You should consider subscribing and using the Learning Paths, as they are full of advice and recommendations for learning in the field. Learning about Linux, windows and networks is highly beneficial and progress into these areas can be made as you go

Hey all, good day. So I have a practical assessment for a junior pentesting role in two weeks. Is there anything I can do to prepare? The assessment involve breaking into a server and get some flags. I've been using TryHackMe for awhile but I'm still nervous about it.

A lot of the time, they'll ask you to do something similar to what you learn in THM, perhaps using a box like from Vulnhub or another platform like HTB. When you're doing the job, you should be thinking of it like a penetration test, and not a CTF, even though the box might be a CTF-style challenge. You should be able to evaluate the target by scanning for vulnerabilities, testing each vulnerability you find, exploiting any vulnerability that gives you access, escalating privilieges and documenting your process so you can write a report showing your findings.

Unless they specify that they just want you to get the flags, you should be able to show, or at least discuss your process and why you were or weren't successful

I see, alright thanks. This is my first practical assessment so I wasn't so sure what's the mind set I need. Well guess it's time for me to do some HTB.

I'm sure they'll give you all the details and a scope, in the meantime, practice will help

Alright, thanks. 👍

Gave +1 Rep to @rugged delta

When doing boxes on THM or another platform, you should get into the habit of taking notes, screenshots and reporting as it makes the whole process of transitioning to true penetration testing much easier. You'll learn and be encouraged to use those methods when prepping for certifications, as well as working on a pentesting team

I see, alright. I'll start doing that. I normally just store all results in multiple text files. Which resulted me to get confused sometimes with what info I have and what else I can do. Thanks again.

There's many good note taking apps to make the process easier. CherryTree is one that's installed on Kali by default but there are loads of other options. They allow you to include screenshots and notes, command line output, etc. They let you do things in stages and document your progress and thoughts correctly so you can compile a report more easily and accurately. Having a screenshotting app like Flameshot makes precise screenshots really easy. I use a Linux host and VM. There's Windows and Mac equivalents too if they're your platforms

I see, alright I'll try to get use with the note taking apps. I did used obsidian before for uni stuff . But I've never used CheeryTree before, so I'll give it a try. Thanks.

Gave +1 Rep to @rugged delta

Sure, use whatever you're comfortable with, whatever fits your workflow or helps you adapt your workflow in a new direction

I do plan to write/find some script beforehand to help me with the assessment.

Sorry it took me so long to reply - subtlety has said a lot of good things already though, so I can't add much. As far as degrees go, in my opinion the most well-rounded BS you could add to your resume is Computer Science. It's foundational to all IT disciplines and will provide you a lot of domain-generic knowledge that you will have to learn to apply to the specific domains.

General purpose IT degrees tend towards practical IT skills which you would get through work-sponsored certifications and tasking anyway. I won't say it's useless, but it narrows your career options significantly.

Having an account that contributes to FOSS on a git forge (such as github or gitlab) is useful to demonstrating competency, but it's no replacement for actual experience in industry.

Be prepared for a substantial pay cut going from your pharmacy job to IT, at least for the first couple of years.

Hey guys, Can anyone suggest a good resume modification or writing app for me

best way to get a job imo is to go to conferences and/or volunteer at them. If anyone is looking for some great talks, free workshops and paid trainings that isn't aware of it yet, We are throwing a hacker conference at NASA in Florida in April. https://www.hackspacecon.com/ Gonna be super fun!

In this field, I think it's quite typical. If you do cool things under one alias, you want an employer to know that.

Any tips for transitioning into Penetration Testing/Application Security from Software Engineering? Specifically, going through the first step. I've had a few interviews with companies in the past and I would always complete the technical interview without many issues, but many times my CV doesn't even reach that part.

I'm guessing that non-technical recruiters just don't see Security job experience and discard the CV immediately. I've highlighted TryHackMe + some certification work as my "first" job and that has improved my response rate, but other than that, recruiters seem to be my biggest hurdle here

Also, any other source of jobs for Europe other than LinkedIn? LinkedIn seems spammed to death and any entry-level jobs have 200+ submissions

https://flowcv.com/ i used this one yesterday, best one i've found + it's free for ur first one

Gave +1 Rep to @quick forum

how easy is it to work from abroad as a junior in cybersec?(im not sure in what field i want to be in exactly)

i mean should i find a job nearby?

Hello everyone, any tips/recommendations on how to find a part-time job as a L1 SOC analyst (remotely)

Quite difficult due to compliance etc

Which certification can anyone recommend that sits between entry level and professional, I feel security+ is entry, although I finished the curriculum, but I lost motivation to write it, Looking for something a bit higher for a Cyber Security Analyst role.

If youy feel you understand the content of the Sec+ but you haven't completed the certification, it might be a good idea for you to undertake your Sec+ exam so you can demonstrate to potential employers that you do undertand those concepts. You can continue along the compTIA certifications like CySA+, Pentest+ etc or maybe you should just make a break for the OSCP and put in the several months of effort required for that. You would be expected to have 5+ years experience in cybersecurity to attain a full CISSP cert and you have to demonstrate that you're working to maintain it over the years after that fact

so I am a bit confused , Taking Sec+ now would mean I am going for an entry level position, I have a Masters in Cyber security, which makes getting entry level roles a bit harder ...I might be wrong tho

go for OSCP then

There's not a lot in SOC certs, CySA+ is the next logical step

im looking into getting an entry level soc analyst job or something similar. ive got no experience or degrees except like a couple basic certs like Introduction to Cybersecurity and Cybersecurity Essentials from cisco. im planning on getting sec+ and building from there, but should i get A+ as well? i dont think i would learn much from it but idk if its worth it. any help is really appreciated :)

You could do A+ in the future, but for now id say focus on network + / ccna and Security +

If youre already aiming for Sec+, it feels like wasted money to do A+ also

thank u 🤍

hey, not career related but
My university community (ENUSEC: Edinburgh Napier University) is looking for a sponsors for upcoming event "Le Tour Du Hack". Thought maybe i'll drop it here to spread the word. Thanks!

https://ltdh.enusec.org/ltdh23-cfs.html
brochure ^

Do you get taught by Bull Buchanan?

yeah, haha how?

Just wondering.

Lol.

I can't remember if he still taught or not.

I should have just checked his LinkedIn.

popular man.. or you've been thought by him before?

I've met him, not had the privilege of being taught directly.

However I do use his website as a reference or learning.

@final patrol This would be the best place to ask

okaay

so

do pen testers have to go in an office or they can work only from home too?

Bit of both, with some on-site stuff

Different companies will run different rules

i wanna move to Norway, but first i need to find a job there

and i was wondering if i could work remotely until i can move out there

International remote work is very rare

You'd be a huge risk to the company

oh so its not a possibility

here comes the other problem lol

there are lots of sites for jobs, but idk which one would be the best

Never say never 🤷‍♂️
It's unlikely

it's still a possibility, but not very probable.

if you're looking for a job in a specific country, find out what their local job sites are

if its rare in general, how would they hire a junior without much experience?

iirc, Norway is one of the harder countries to get to as well

ooof

Because they hire people who have the right to work in the country of operations

By being a non-citizen, there are many hoops the organization will have to jump through to hire someone who lives in a different country

hmm

then i will work here, in my home country until like my mid 20s and then i will move there

I think you don't have to be a citizen per se, but being a resident would likely be requirement

Talk to the embassy to get immigration requirements. It's not as simple as "im going to move"

Depends on the country and the job listed, but having the right to work is a must

honestly, the best way in seems to be to go and study something in that country

In the US, that's an H-1B Visa

If you're not a citizen

visa sponsor jobs for the states are kinda rare tho no?

there's no visa requirements within the EU, EEA and Schengen as far as I'm aware

"it is quite easy to move to Norway, if you have a valid reason for settling in the country, such as a job or school to attend to" google says

well im in the EU but norway isnt

I know, but it has very close relations with the EU, pretty much the same applies

you don't need a passport or visa to go there

oh okay

thats cool

Talk to the embassy

Google and information from discord is not how I would go about getting the necessary information

If you came to Norway to look for work, you can stay here for six months. You must report to the police no later than three months after your arrival in Norway. If you have not got a job within six months, you must leave Norway.

hmm okay

Based on this, I assume you're young enough to be able to find a course or something you'd like to study as your way in. Overall, you need a good plan if you want to move somewhere, do some research on the official government websites on how to go about it. The Nordic countries tend to have very comprehensible websites about it.

well im only 15, i like to plan ahead lol

that's great, studying there might be your best option

so like going to uni there

yup

i didnt really plan on going to uni, but if thats what i have to do😅

education in Norway is free

oh right, i forgot about that lol

now i have to research how bachelor's degrees work there

damn moving to another country is hard af

research is your best friend

you have time, it's doable

okay

thanks for your help

you're welcome

what entry it job would yall recommend applying for to be able to transition into cyber-security from there and also gaining fundamental knowledge?

One question I am enrolled in the Jr. Pentester job role path with THM can it help me really get a job as a Pentester

hey i have question guys
I really want to working in the USA
my profile

• south korean
• working at cyber security area 2 years (mostly web hacking)
• if i had OSCP(if.. not yet i have korean some computer certificate)

can i go to for work in USA?
I heard many places cyber securerity area in USA cant work as foreigner
BC security clearence

so can i work there as a pen tester? or red team?
and also i have very interest digital forensic area so this area also same??

i asked ppl but everybody different answer
and finding pen test job harder than developer much much hareder i think

if i cant i want change my career to developer(gameing or web, desktop app programmer)....

anybody can help my problem??

Work for an international company that has offices in SK and USA. After you've established yourself, you can request a transfer to a US office. That is going to be your easiest way in.

well just i think change my career to developer thats much much way easier than this cs area 😂😂😂😂😂😂

I'm not from or in the US, but know that if you wish to work in tech as an immigrant on the relevant visa, you'll only get in if that company is unable to attrack talent from the US already. You'd have to be an absolutely amazing unicorn for that to work, and as you mentioned you cannot get the relevant security clearance due to being a foreigner so you'll likely be unable to work government contracts.

Companies like google tend to hire lots of foreigners but as of recent, they've had massive lay-offs so those people will have to leave the US soon since the company needs to sponsor their visa.

You should seek advice from employment lawyers who specialize in US laws, they may be able to assist you otherwise what juun said could work for you. I've worked for companies with offices in the US and have had colleagues transfer over.

hello everyone i have bought pen 200 (oscp) and i am doing pronving grounds play and practice before this i have done good amount of ctf machines on hacthebox i have experience and i will gave exam in 2.5 months so i want a partner to study with me but not beginner if anyone interested so please message me 🙂

Anyone here, who can review my resume for the Entry-level Cybersecurity Major, Please let me know over the DM. Thank You so much for the consideration.

well i think devloper or programmer 100000times easier going to US than this cyber security job
i gonna change my career
cyber security no future

with good enough tooling basicly all jobs disappear

I think juun's advice is your best option. To say there is no future in cybersecurity is also false

well maybe actually can happend what he said like i have to got competion award and high qulity certificate like oswe but
programmers dont need much higher lever like that
so programmer better if you want go aborad like USA or etc
cyber security job much much less number vacancy than develpoer and need security clearleance thats true

I am going to disagree with all of that

I'll go from the bottom up. You dont need a Security Clearance to work in Cyber Security. As a foreign national, it's not impossible, but it's unlikely that you will be able to attain a US security clearance. Cybersecurity is in a huge deficit manpower wise and has a large number of vacancies. Both developers and security professionals in the US are encouraged and sometimes required to have a University degree. However, both positions can be achieved without that requirement by bringing previous professional experience from a different area of the computer industry, like IT. I'm not sure what you're referring to when you say competition award and OSWE is a very specialized certification that's not at all required for security.

well whatever dude i dont care
i never saw cyber security ppl going to usa in here korea but only very some rare ppl like who defcon winner go there for work
besides sooooooooooooo many normal level developer and programmer go there and working
and if you want to say something show me proof
youre not even live usa and not working in cyber security comany HR parts
so i totally disagree bro

Alright, calm down @gaunt inlet if you’re not here to have a mature chat then leave the conversation.

Moose is most definitely in the United States and has a very firm grasp on the ‘ins and outs’ of Cyber law.

What are people's thoughts on someone with absolutely zero experience with Cyber Security on taking a Cyber Security boot camp as a way of getting started in the career? Specifically, the University of Minnesota Cyber Security Boot Camp program. It is 24 weeks, and although I understand it is not going to make you an expert- but from the research I have done, it will generate very good professional networking and experience. And also introduce the core concepts of Cyber Security, and per the program, prepare you for CEH and Security+.

If you don't suggest it, what do you truly suggest for getting into the career? My background is located in the intro section.

As a general rule, if something, with a straight face, lists CEH as a sensible goal to strive towards, it probably ain't worth doing.

CEH is abysmal. If the bootcamp is holding that as a gold standard then it's a pretty good indication that they are very out of touch -- i.e. probably not worth wasting the money on if you're after up-to-date training that prepares you to hit the ground running.

Looking at your background, I would suggest focussing on the broader part of computing first. Build up a strong foundation -- understand how common technologies work. There's no point in learning the motions to break things if you don't understand how they work.
On a similar note, it's worth remembering that cyber has traditionally been am "advanced" topic -- something that you go into after years of experience as a sysadmin / developer / etc.
That is changing now in a sense, slowly, but don't be discouraged if you struggle to find anything directly in cyber to begin with. Same lines as above, build the basic experience, then use it to pivot.
Resources like THM and HTB are great for the cyber knowledge. Not sure about the foundational stuff (I got it from my degree and experimentation, personally), but at a minimum I would suggest finding topics that interest you, reading up on those, then pulling the threads from there.

You're also very much correct to mention the networking. That goes a long way in this industry. If a boot camp gets you that then great -- personally I would recommend sticking around the online communities and going to conferences though 🤷‍♂️
Building up contacts is a very valuable thing though, both from a hiring perspective and just from being able to bounce ideas around. No one knows everything, so having friends with different skillsets can be mutually beneficial

Thanks for all the insight, Muiri. There is certainly a lot to learn and explore with this career. I'm only kicking myself for changing careers this late in the game! lol. But life goes on. I'm certainly taking advantage of the content that THM has to offer, however, and completed some of the foundational information. Definitely got some learning to do, but I feel as if the content is not completely over my head which is nice. The other benefit I can see from doing this boot camp is, based on my research, is towards the end I notice that the former students (did some LinkedIn snooping) have used the CapStone projects they completed to help establish some credible experience. I know that would probably be difficult to do without some sort of program enrollment.

Basically my debate right now is whether or not to do this cyber security program (which I can't use VA benefits for and is $8500 for me with discount for military), go back for an Associates Degree, or try to learn and soak up as much as I can with free online resources and pursue a Masters (which I CAN use my VA benefits for).

Do you have an undergrad degree already? If so, use the VA money for an accredited program to get a degree - IIRC you can use that VA money for the SANS masters, or Bachelors if you don't have a degree.

Yes I do. A Criminal Justice Bachelor of Arts.

IMO boot camps are cash grabs, and the quality varies too much to be predictable

That is definitely what I've been reading from the online research.

Can't say I have heard of the SANS Master. I'll look into it!

Look into the SANS Masters degree, it's actually a fully accredited Masters degree in the US. If nothing else, that should skip you over most of the entry level roles straight into mid or senior level.

Criminal Justice probably gets you a foot in the door for GRC; it's not always technical, but it is infosec and you will be able to contribute to the implications within compliance and whatnot pretty much on day 1.

Np 🙂
Don't worry about being "late in the game" -- plenty of folk switch over to cyber much later than you are 😄

And yeah, whatever Juun says here -- especially for the US job market -- go with that 😆

Depending on what you did with that CJ degree, you may also be a good candidate for Incidence Response policy and procedure as well

Formerly a Police Officer 🙂

Yeah, look into Incidence Response and Triage roles as well

Switching careers due to a young one joining my life.

Changed things a bit! haha

A lot of former cops who don't know anything about technology can get into cybersecurity on knowing IR really well

Haha yes. That is definitely an attractive part of the cyber profession for me. Many times there was not much I could do for people when it involved cyber crimes in my past profession.

SANS Master. I will look into it though! Thank you. Anything else I should look into in the meantime aside from furthering my knowledge using THM? 😉

Triaging an incident is one of the most important and least understood aspects of a mature cybersec program - being able to guide an org through it is instant value

Understanding that security is always basically loss prevention helps too🙂

i didnt talked to you bro lol i already calm down
if you want say somthing need proof not your inside of head imagination

That attitude certainly won't help in your job search 🙂

Check out the SOC Level 1 learning path on TryHackMe. 🥳
https://tryhackme.com/path-action/soclevel1/join

aren't you the guy that had a mental breakdown when you couldn't complete the "Eavesdropper" room ?

Alright, let’s not start arguments

Looking for some advice. I'm transitioning from IT to pentesting. I have 20+ years in IT, with the last decade as a Systems Manager for a small CS research organization. I've completed the Jr. Pentesting and Offensive Pentesting paths in THM and currently working on the Red Team path. I've been applying to entry level positions for few weeks now and haven't gotten any interviews as of yet. Thanks in advance.

Certainly will! Thank you!

Gave +1 Rep to @distant pier

Hi all, I am a cybersecurity engineering major in Texas; I wanted to ask what you all's advice is for improving myself and how to better sell myself to companies out there for an internship and ultimately a future job?

I am attending a community college, majoring in Computer Science. I would like to eventually land a job in cyber security. It is the aspect of CS that interests me the most. My local university that I will transfer to after obtaining my associate's of science does not really offer a focus on cyber security outside of a certificate and perhaps an associates of applied science. So, that being said, there is another university (New Mexico State University) about three hours south of me that does offer a bachelor's of cyber security and focuses very much on networks and linux and the whole shebang.. Even cloud, which is something I am interested in. So my question, is should I stay with UNM and get my bachelor's of science in computer science and then focus on cyber with my graduate classes, or should I make the move to the other college in order to get a bachelor's in cyber security specifically? Thank you for any and all insight you may be able to offer me.

You think helping users on r/techsupport is something I could put on my resume under something like volunteer work?

How can I effectively show my skills on TryHackMe on my resume? Assuming I have no cert and very little work experience.

So a BS in Cyber is going to have to evaluated on a case-by-case basis; look at the curriculum and decide if you are willing to limit your starting roles to just what the topic covers. In my opinion, a CompSci BS goes a LOT further with employers than a comparable CyberSec degree.
If you do not have employment experience in a domain, I do not recommend going for a Masters in CyberSec right away. It will price you out of the entry level jobs you need to advance.

I may have a placement working in a cybersecurity company doing:

• Blue Team (Including helping with their SOC)

• OSINT and Enumeration for their pentesting

• Migrating them to the cloud

• Automating workflows for them

Thank you so much for your advice, @flat sedge. I am much appreciative and will continue diligently working toward my CS goal. Thanks again.

Gave +1 Rep to @flat sedge

Seems like a lot for a single role

If you're saying you have placements for these things, I would talk to @tacit bobcat about putting it in #jobs-board

feel free to DM me and I'll give you the procedure to post on the jobs board

Nah I’m doing them homie 💖 it’s one placement for me

oh ok

sorry for th emisunderstanding

No worries homie

I am wondering the same thing

hey quick question: Im looking into applying for some pen testing jobs after graduating this summer and I want some certification to help me stand out- is compTIA Pentest+ the best for that or is it kinda outdated now? Should I look into eJPT or something instead?

thank you!

Gave +1 Rep to @sly elm

has anyone here took the eJPTv2?

By graduation, do you mean from a university degree? Do you have IT experience already?

Pentester roles are often not an entry level job

The "best" certifications to break the HR barrier for this is OSCP or eCPPTv2

By "best", I mean in a general sense on what HR copy pastes and posts on the job ad. It might vary depending on your area

I’m graduating from a university in CS so pen testing isn’t something we really learn but i kinda want to go into it now. I’m applying for a job that starts with a 6 month training program but I still want to stand out in the application process

I understand, the job is pentesting related then i assume

hey, how do i make up for the lack of experience when im trying to get a job in the field like a cyber security analyst? and is there any other options besides helpdesk to get said experience or can i make it with another entry level job in the filed?

hey
anyone can give me crazy project ideas which can i implement for my final year academics project?

Quick question for anyone willing to answer. I have a degree in software engineering and want to pivot into cyber security.
I Just recently got my sec+ and am looking for IT help desk roles since thats what everyone suggests. However, even help desk roles seem to be a bit hard for me to land. They want someone with experience which I do not have

My question is, what can I do to boost my resume?

I am also currently applying to a bunch of jobs on USAjobs, but it seems unlikely I will land one.

What is your current/last job?

Was a flutter engineer

What worked for me was networking

I know some devs that transitioned to App Sec after a while

What type of security are you looking for?

okay ill look into that

thanks man

i am interested in cyber analyst and blue team stuff

malware reverse engineer would be great but thats much down the line

Security Analyst is very broad from my perspective, I guess to put it in simple terms, we do all security related stuff for the company

Blue team is much more concise and in my area, there are a lot who hire people with <2 yrs. IT experience for a SOC role

Hello last night I took the CEH exam and failed it. Should I study some other Certification I would like to be a Pentester. I took a test on THM that suggests I should go for Cyber Security Analyst.

it largely depends on your country... what country are you in?

USA
I am doing the Jr. Pentester job role in THM

in the US, if you want to do pentesting, OSCP is the primary cert for that

oh ok thank you

should I still do the Jr. Pentester in Tryhackme

sure, it is good

cool thank you

Gave +1 Rep to @pseudo creek

Thank you.

Gave +1 Rep to @sly elm

Can I put a @duck email address on my resume? I don't want to start getting tons of spam to my real email.

you can

but are your replies going to hit their spam filters

Really? I never had that problem before sending to regular gmail accounts.

it was a question

to consider

Do most people put their primary email address and give it out to everyone?

Probably. I have my own domain though and made an address specifically for job stuff

Looks professional and I really don't get spam

Realistically, you just need to be cognizant with where you are placing your email. Throwing it out willy nilly will lead to spam.

Do you run your own email server?

spf records

had issue with my company starting up with email too its easy to fix

one second

you got a _dmarc rule setup? as well

No, I let ProtonMail handle it

set a txt record to @ v=spf1 a mx ~all

or

you can link it to your ip's which is better

I have a free Proton account, and I have been thinking to upgrade so that I could get custom domains as well.

Hey all, would a data analytics/data science/data engineer position be a role that is seen as IT experience? Or would someone already in that job role need to start from the bottom at help desk?

I am just curious since I know some can work as database admins too

Yes it could be seen as IT experience. As long as you're able to demonstrate in interviews that you have experience with and knowledge of the tools and processes you used and knowledge of the role you're applying for. Also helps to have cybersec certifications

if you study in IT college or something like that, i'll pass my final paper idea; A framework to mapping, recon and pentest the college network. Of course you will need auth for some parts, but i don't think it will a problem.

As first step, make a checker to see if machine has a log collector or agent for SIEM.

s

i just wanna add to this

make sure to get approval *from the right people*

just asking your inst. isn't proper approval

In this day and age, due to the complexity of modern college/university networks, and their integration with many systems provided/supported by proprietary orgs like Google, MS and others; you will likely need to escalate to the head of your department and the board of ethics; making this an incredibly complex and undesirable project proposal.

You're dealing with environments and systems full of resources that need to maintain compliance with legislation and regulations far beyond your comprehension and it would involve legal and ethical review, background checks, etc.

If you want to do a cybersecurity project, you would be better off picking a topic for which you can review the literature, expand upon it with your insights, create a private network to emulate the environment you want to review (only needs a handful of computers/VMs) and provide investigative and reproducible results in a scientific manner

sure, when it comes to this topic, always a good idea keep a proof of you are allowed to make anything about it. On the one hand, you will help the college in a way, however, you don't know who their will react about your actions.

PS: My english sometimes can be creepy, once time i aren't fluent . If its hard to understand, just say for me to reform the message

If you don't know how they'll react, you don't have authorisation. You will need to escalate, in cooperation with your tutor. If it isn't something you can provide inside the scopeof resources they provide or you can operate in your own environment, you probably shouldn't be doing it

In cybersecurity, we're trying to understand complex situations involving how criminal prganisations operate, and emulating these actions to attempt to understand and prevent those actions. If you do something you don't have clear legal recourse to do, you can be liable.

honestly not that difficult to get in touch with people, even if it might take an attempt or two
just gotta know what people to talk to and how to frame things -- being able to have a proper conversation helps as well

I had a couple occasions where I was put in touch with legal as well to make sure things were done right

You're completely missing the point. subtlety has brought up a LOT of very cogent points that must be addressed. Just saying "honestly it shouldn't be that difficult" doesn't have anything to do with the complexity of a university network.

The biggest problem imo would be figuring out who actually has the ability to sign off, but you can always ask the admin that

wat says u

in best scenario, your tutor will help you and try to convince others staff members. In my case, i can make my properly server to make whitebox operations. but following the first idea of scenario, the college network is the best Black Box scenario for your presentation.

oh yeah that's a completely seperate conversation -- that's a very complex topic
I just meant purely on the authorization side, figuring out who to talk to

otherwise, he just say to you forget and make a generic social media. :\