#cyber-and-careers

I mean Data entry like Administrative typing jobs No Medical I have an Aunt who does that she has a Degree plus she has State Certifications

Ok well ask her then cuz if you see anything online about remote data entry, it is 99.99% going to be a scam

I found some jobs which I applied to took the typing test but I need to be at 45 wpm or higher for the job thats why I was going to do data entry.

Plus I did Data entry in High school

I mean.. that was the 80a/90s...

But if any job asks you to send them money, bank account info, etc, don't. Also if it asks you to download a program and run it, don't

Ok I will do my best research about all of this thank you.

Gave +1 Rep to @pseudo creek

Anyone else has taken CRTP? How long do you recommend in Lab Access?

I can say I could probably allot at least 2-3 hours per day (excluding the weekend sometimes)

Hey there 👋 everyone

It will build on the foundation of pentesting for sure. 🙂

You could get a decent career in cybersecurity via cloud computing. A couple of AWS/Azure certs already puts you well up there and adding cybersec skills would make you even more appealing. Just a suggestion. Don't give up. You could knock out a couple of cloud certs and the cpts by the end of the year

Can I get these certs from AWS

If you have no cloud experience, I'd suggest doing the Cloud Practitioner course but skipping the exam and then going to AWS Certified Solutions Architect Associate and then Solutions Architect Professional. AWS provide their own training but I used a platform called A Cloud Guru. There are others.

You can get a lot of experience learning cybersecurity skills here in THM. I've learned and practiced lots of cool things here before going for my postgrad in cybersec

Ok sounds good I will get into looking at this right away hey would it hurt to take the Cloud pratitioner exam

Sure the Cloud Practitioner exam is worth giving a go, the knowledge isn't too technical. It's easy to absorb and quite enjoyable

Thank you for this advice I will try to stick with this I do believe it helps plus I feel THM has helped me to understand more about ethical hacking.

Gave +1 Rep to @rugged delta

Excellent, enjoy the journey, chat here with the community, they're always willing to help out

Hey, I started learning and practicing cyber sec a year back and I stopped learning for a few months. Now I am starting my journey back after researching is cybersec really for me. The issues I'm facing right now are firstly, I need to re-run those modules that I practiced because they are kind of faded in my memory, and also I have a hard time dealing with web apps, be it anything about web. Its not like I don't want to learn about web app sec, its just I get irritated or maybe frustrated when I sit to learn about web. Someone please advice me how to proceed.

Welcome back. If you want to re-run something in THM, each of the rooms has a Reset button in the drop-down on the upper right of the room. You don't lose points for resetting a room but you don't gain double points for completing it a second time but you can repeat a room as often as you feel you need.

Web apps can be frustrating but getting over the hurdle and into the rhythm of understanding them just takes a little bit of work. I'd suggest starting again at the basics and taking it slow, mix web app study in with other areas of cybersec so you don't burn out. Try the burpsuite rooms. I've found them fun and engaging

Thank you

I have a question for current workers in the field.
Is it good to start in cybersecurity in a Big 4 consulting company ? If yes why? If no why ?

I mean if you get an opportunity, grab it

But is it good ? From a career development perspective ?

Yes it is if you get a relevant position on the company

dude any cyber security job is good don't over think it

Yes and no. Big orgs mean you're likely to be a very small cog in a large machine. You're less likely to have room to grow and develop your personal skillset. You will be expected to just get on with a job and likely forgotten about thereafter.
But it does obviously look pretty good on a CV.

Personally I would think it's better to start smaller, grow, get your feet under you, then step into a large consultancy at a slightly higher rung of the ladder. Do that for a year or two to get the CV boost, then head elsewhere with the experience.

Do you think job hopping hurts the tech industry?

Personally? I'm not sure -- it's not something I've formed an opinion on, be that from lack of time in the industry, or just not thinking about it.
As far as I'm concerned, I just look for the best next path for myself -- if that's with my current employer then awesome, otherwise, look elsewhere. Professionally speaking I reckon that's what we should all be doing.
Remember that life is for living -- we only get one. Work should be a means to an end, not a central part of that life (and yes, I'm a workaholic, but I know that, and am working on it).

If the tech industry creates a culture where switching jobs quickly is the best and easiest way for an employee to get the best deal for themselves then that strikes me as being a problem with the industry, not the employees

yo are there ant cyber security experts out here ?

Yes. Next question

is there a chance you are looking for a job ?

cause i have been looking for a guy like you forever ...

you couldn't afford us

Job hopping might hurt the industry in that companies might be less willing to properly train you as they anticipate turnover to be high and keep the onboarding training to an absolute minimum in a supply-starved industry.

Yeah, someone I know who's been in the tech industry also said that

But also in my mind if companies want people to stay, they should always give competitive salaries and benefits

Not when someone's about to leave

I'll say it definitely influences hiring decisions for some companies... I mean it really depends, if you are at 1 place for 3 years, another place for 1 year, then another place for 3 years, thats not bad compared to 7 years, 7 different companies

I'm always willing to listen to recruiters. Is this for an actual role in a company you work for?

I don't think job hopping hurts industry; I think the corporate attitudes that are the root cause of job hopping hurts the industry.

Typically a job doesn't get difficult until the 1 year mark. year 1 is just learning the job, year 2 takes you through 90% of the difficulties with that role.

Yes , we have several developers but we currently search for cybersecurity experts.

If you'd like to post job reqs to our jobs board, you can verify your corpo recruiter status with @tacit bobcat

you might want to be more specific on what you want like country, pay, etc, etc.

with a call ?

the country doesnt matter but preferably from Europe id say and pay is currently negotiable (dm)

well it'd probably matter as EU salaries are typically lower than US but if country doesn't matter, there tend to be a lot of people from Africa/Asia looking for remote positions although you will want to provide details as to what you want, how many years experience, etc, etc

needs to be an expert , the more years the better .

wow, like I have 20 years in cyber but I wouldn't say someone with 10 years is better than me at specific jobs

@hard wraith In addition to that, there is also very commonly a regulatory requirement that a candidate be able to work in the country that their assigned office is based out of.

If your company is willing to sponsor a candidate for a work visa, that will help you to recruit internationally, but that will also cost a lot more than hiring local.

im looking for a cyber security expert who has experiance in projects and things that he can show rather then time
reachable , preferably from EU and easy to negotiate with . plus preferably older then 18.
and more specific app and website security

This sounds less like a real job and more like a 'we have a cool project, help us monetize it' thing.

anyone who is looking for something of this kind dm me , if you want more information dm me but only if you are actually into it👍

no , i am looking for someone who is in the same level as me , since the company is currently small then i ask for something that is at the same level , i just understand it and honest about it . it is just a maintained security of a website and an app and adjusting to every update ,( for a startup)

If you can ballpark $160k USD a year, I'd be willing talk about what the specific role entails.

Can't forget benefits

imo it's a problem with jobs in general, not just the tech industry

or, idk if i would even call it a problem really

Agreed

I mean, personally I would call it a problem.
I would much rather work for one company that pays me well (rising with my marketability and inflation), has good benefits, respects (or enforces) work life balance, and gives me work that keeps me from getting bored.

But I accept that I may be looking for a unicorn lmfao

ah i was thinking job hopping from a monetary persepctive

In the end, businesses are out to make money. Employee satisfaction and compensation is and never will be the ultimate goal

because as long as money is involved there's always gonna be negotiation and businneses always wanna pay as little as they can

ye

Pretty damning indictment of the human condition in a nutshell lmao

I don't disagree with you, Muiri. But the reality is that businesses as a whole are optimizing for short term gains, not long term value. It's one of the driving factors of the recent tech layoffs; are the huge tech giants that have laid off 50k making any less profits than 2 years ago? Most likely not. But the easiest way to 'make' value for shareholders is to reduce overhead which means cutting workers.

Oh, absolutely agreed. All about money

Perfect example of that actually

Laying off employees -- some of whom may have been there for years -- to increase short term profits

Not even profits. What the heck would you call that

And the reality is, the most expensive 'workers' go first. It's not upper management who goes, it's workforce.

it is profits, revenue doesn't increase. What increases is net profit, because overhead and expenses is reduced for the same (even slightly reduced) sales

Fair

One thing that companies have almost completely failed to realize is that loyalty goes in both directions. Want an employee to be loyal, beyond the typical employment contract stipulations? Then stop giving the minimum possible in compensation and benefits.

It's something that seems to get lost as a company grows. I know plenty of tiny companies that really value their employees, but the more they expand, the less it seems to matter

IMO a lot of it is driven by the 'going public IPO' culture. And, the more management is separated from daily work life, the worse it gets the faster it gets. Once management forgets what its like starting out, culture going downhill accelerates

Aye. Seen that one first hand

So basically I'm sorta stuck and don't know where to go. Like, sure I know some C++/C/Python, have used linux a bit, learned some networks wtv wtv, and all that but I don't know what I want to do,,, i honestly just feel lost. It feels like there's an overwhelming amount of things and i dunno what exactly what to... do next.
I haven't really worked on any projects at all, ever, it feels too overwhelming. If anyone has any advice please please give 😭
I am mostly focusing on my student related activities, and i'm doing smth tangentially/closely related studying comms engineering but,,, yeah

feeling like i'm not moving anywhere

I've been thinking maybe I should try expand my knowledge of C++, maybe learn some hardware maybe... And I just rly dunno

You've misplaced the Hegelian head with the Marxist one. 😂

hi

Hey I am trying to get started with coding /programming/ cybersecurity but I’m not sure where to start or begin

#start-here is a good place to being learning in the space

hii

hey ppl anyone is search of a cyber intern

So as an update, I got the job. Thanks xD. And I really need to work on my note taking skills, I kept going back to the application and reimplement the chain of attack just to get the missing evidences lol.

Gave +1 Rep to @rugged delta

Yeah Obsidian is quite nice, I recently moved to Logseq which is still local Markdown but closer to a database of bulletpoints. It’s all outline styled.

This and the fact that it makes a new “Journal” entry every day that you use as your scratchpad/launchpad for more notes is perfect for how I take notes at work personally

Realistically though it doesn’t matter what note keeping app you use as long as you have a system that works for you

I prefer Trilium - even if it is an electron app, there's a lot to it that I like. Supposedly you can even spin up a server for it and have multi-user tenancy

@modest flare Please do not promote your events without asking moderation before hand

Are there any particular certifications related to MITRE Attack and Cyber Kill Chain?

did you google cuzzz

Nah, they just posted across multiple discords instead

I love using roam research, its very similar to loqseq

Do you have any targets / goals you want to achieve? bit hard to give advice without specifically knowing what your asking for

well the initial idea was just broadening my knowledge/ finding something fun to do / improving my programming skills
although, as far as things i'm interested in, it's definitely networks and related stuff

i mean kinda because i just,,, wanna get good at something

all I can say is

1. don't let imposter syndrome get to you!
2. cyber is obviously a huge field, id personally have a dip in many areas and see what interests fancy you. then you could ask in #resources for some specific resources for it to learn or any other questions, you say your interested in networking - I presume you know about net+ https://www.youtube.com/watch?v=As6g6IXcVa4&list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G
   I've also heard good things from https://www.oreilly.com/library/view/networking-fundamentals/9781838643508/
   and https://www.youtube.com/watch?v=qiQR5rTSshw ...in terms of actual careers, I can't answer that but im sure somebody else might be able to give you a few pointers for networking careers

and https://www.scs.stanford.edu/10au-cs144/

thanks for this
i'm not sure yet if i want to do a career fully in networking, or cyber, or anything specific, not yet at least. I still have a lot ahead of me before i get there, i just thought maybe there's some good general skills one could improve and stuff for a career later ig?

Gave +1 Rep to @sleek sedge

I know you got some suggestions, but just to add my own experience. Try not to feel to overwhelmed, it’s a huge space and it’s impossible to learn everything. At the beginning dipping your toes into a bit of everything is a good idea to see what you like and grasp the fundamentals, but if there is something you really hate learning, don’t put too much pressure or force yourself to learn it, unless it’s for an exam, etc. Once you experiment with many areas you will understand what you enjoy and you will naturally gravitate towards that. For example for me I studied networking, systems and worked in the space for a long time, and even did a lot of programming but never really felt that burning passion for it. Info Security is now what gives me that burning passion and is what I love learning about, in all areas. Once you find that fire you will feel more direction and will expand your skills! What I’m trying to say is whatever you do, you don’t want to do something that feels like a chore!

so im currently about to finish my degree in IT and had been contemplating a few things since i want to move into a specialization.

Penetration Testing
Security Software Development
Threat Intelligence Analysis

so far I've broken down my goal into these 3 roles and wanted to get some clarification on the following:

1. do the roles have further breakdowns i should know about given that alot of information in cyber is generalized when it comes to roles

2. what would be suggested certs to get with the degree for each of those roles so far im thinking about comptia's security+ since it seems to be a standard

3. since i'm coming from a software engineering background im wanting to still program where possible what would that look like in each of those roles

Pentesting -> Red Teaming
Security Software Development (this just sounds like software development but for security-related applications)
Threat Intelligence Analysis -> SOC -> Threat Hunter

This is not necessarily their order but I know these types of roles exist in cyber

Software Development can still be in any of these disciplines but i think youll find that most in security software development lol

You can use this certification roadmap
https://pauljerimy.com/security-certification-roadmap/

I can only comment on the list of suggested certs in pentesting since thats where i aim to be

lol thats good to know i basically used chat gpt to try to find roles in cyber where progamming was used often since i don't want to stop programming but i really want to specialize and i used to do a fair bit of penetration testing fair while ago but wasnt exactly easy to get answers towards how to progress business wise

OSCP & CRTP -> OSEP -> OSWE -> OSED is my current lineup

thats a huge help thanks heaps

OSCP focuses on pentesting and using public exploits to gain access
CRTP focuses on the Active Directory deeply
OSEP focuses on pentesting with AV bypass and other techniques
OSWE focuses on whitebox application testing
OSED focuses on exploit development

what had me unsure is howmuch was actual software development in pen testing and analysis in comparison to automation

current cert breakdown i had done up was

Penetration Testing:
Tools: Metasploit, Nmap, Burp Suite, Kali Linux, Wireshark, SQLmap

Programming Languages: Python, Bash, PowerShell, Ruby, Perl

Skills: Networking, Operating Systems, Scripting, Reverse Engineering, Social Engineering,
Web Application Security, Cloud Security, Mobile Security

Certs: CompTIA Security+, Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN)



Security Software Development:


Tools: Git, Jenkins, Docker, Kubernetes, AWS, Azure


Programming Languages: C++, Java, Python, JavaScript, Golang, Rust


Skills: Algorithms, Data Structures, Object-Oriented Programming, Distributed Systems,


Security Protocols, Cryptography, Penetration Testing, Agile Development

Certs: CompTIA Security+, Certified Secure Software Lifecycle Professional (CSSLP), GIAC Secure Software Programmer-Java (GSSP-Java), Microsoft Certified: Azure Security Engineer Associate




Threat Intelligence Analysis:


Tools: Maltego, Shodan, VirusTotal, Recorded Future, IBM X-Force, ThreatConnect
Programming Languages: Python, R, SQL, Bash, PowerShell


Skills: Data Analysis, Data Visualization, Machine Learning, Statistical Analysis, Information Retrieval, OSINT (Open-Source Intelligence), Dark Web, Incident Response


Certs: CompTIA Security+, GIAC Cyber Threat Intelligence (GCTI), SANS FOR578: Cyber Threat Intelligence, Certified Information Security Manager (CISM)

most of this was information i fetched from chatgpt so your input's helped alot

yeah CEH is shit, i dont recommend taking it

the security software development kinda looks like DevSecOps role

essentially seems to be

honestly still kinda stuck between which out of those 3 i wanna go hard on and focus on building skills/certs for once i finish my degree

I know this has probably been asked a million times but how can/ are the ways to get a low level analyst job? On ever job requesting it asks for a degree and numerous years of experience.

Apply and show your skills

Most companies use software to screen CV's, you can utilize tools such as LinkedIn to scan your CV to ensure you have relevant keywords present to pass that (don't lie on your CV though obviously).

When it gets to the recruiter actually checking your CV, they'll likely spend no more than 5 minutes reading through it, in which time you want your skills, experience and personality to shine through.

You don't necessarily need to have lots of IT experience, I've seen law enforcement, nurses, etc. break into those type of roles due to transferable skills they've got.

Whenever looking at a job ad, you should look at the desired skills and ask yourself whether you posess those (aim for more than 70%).

Applying for jobs is very much a numbers game, keep track of those you've applied for and reflect if you're constantly getting rejections as you may be doing something wrong (your CV may not represent you correctly for example).

SOC Analyst should be good at triage, that's one key skill you want to demonstrate

I want to add to this, first, minimum years of experience is not actually a thing in most companies, it just means "do you know your shit". Also, in your resume, show, don't tell, for example, instead of saying your a "team player" which doesn't actually mean anything or prove anything, show a success story of you working in a team, (this is relevant for hard skills as well). Also, if you get rejected after an interview, thank the interviewers for the opportunity, as hiring is a 2 side process, and ask them for feedback on your interview, not all will agree, but those who agree will help you tremendously. Regardless of if they agree or not, this will make them more open for letting you have another chance later, and also try to find and fix your mistakes on your own.

Gave +1 Rep to @vivid flume

Fully agree with this, definitely demonstrate skills, rather than just listing them. I often review CV's where people just rattle off random words thinking they mean anything when they don't

You can post a redacted PNG of your resume here and get plenty of eyes/advice on it

(I didn't know where to post this, so please forgive me if I posted it in the wrong channel. If you let me know, I'll re-post it in the appropriate channel.)

Hey! I hope everyone is having a good day. I was just wondering if I was on the right track to learning Cybersecurity. So far, I've learned Computer Systems and am now studying Networking at university. However, I intend to retake Computer Systems in the future and earn an A+. In addition, I am following Nathan House's "The Complete Cyber Security Course" course on Udemy. I'm learning Java as part of my university course, but I also want to learn Python, Rust, and either C# or C++ (I know, a lot of programming languages). Is there anything else I could do or improve?

Off the bat, is your experience actually you receiving money for your work?

Experience on a resume is a very specific thing

I'll go more in depth when I get back. Busy currently

I wouldn't add getting a 6.5 out of 10

Maybe have a dedicated place for hard skills

Not just add it at top

Can someone also check my resume?

Okay i'm no expert but "fixed the router a few times" doesn't sound that professional

Your skills are all over the place. There is no concrete way of evaluating your proficiency.

In your Education area, you can expound on relevant projects you've done while in that school.

Management, Finance, Marketing, and Accounting are irrelevant when you're trying to apply for an IT position.

How do I show the proficiency of the skills?

Informal Experience can be changed to Projects you've done in spare time. This can be like an Active Directory home lab, a blue team cyber range, etc.

You can apply it to projects to see correlation

Ooo that makes a lot of sense, what are some projects to show off Linux and Windows knowledge? I cant really think of any

Let's say you have a web-based video game. You can host that in a Linux VPS for e.g. that's available on AWS. You can provide your Github for coding projects you've created.

Then you can say, you set up firewall rules and related stuff like fail2ban to avoid your VPS being attacked. Kind of like building in a defense-in-depth manner.

For Windows, you can point yourself to doing Active Directory home labs or things like setting up Windows PCs for a local internet cafe and connecting it back to their management interface.

Ooooo

With your own VPS, you can simulate yourself as an attacker trying to pentest your server.

(within AWS guidelines ofc)

Just to see what you can improve within your configuration

This can also be done within your AD Home lab

That definitely sounds impressive and fun!

Is there a way to add tryhackme knowledge into the resume, or try to stick to mostly projects like the one you said?

Certifications create credibility. Despite what others may say, they do help in particular in the absence of other things. As @dense dagger has stated, projects also provide a means to build and show experience, and creating a blog to demonstrate your efforts such as walkthrus can add credibility as well. I'd go as far as suggesting getting involved in your local DC group or other security groups. Make a presentation that demonstrates or talks to your experience and interests. There are many ways to demonstrate proficiency, even beyond these.

Congratulations! Well done on getting the job

This resume is very disjointed. Target your resume to each job you apply for, showcasing the value that you can bring to the company in that role. I would recommend replacing "Informal Experience" with something along the lines of "Personal Interests". Unless you were compensated for doing work, it doesn't count as experience.

A resume or CV is the first contact a potential employer will have with you, remember that you need to put your most professional front to face that first gating test.

At least 3/4 of the skills you have listed are completely untestable or not demonstrable to an employer. Do you have a git repo where you can show source code you've written? Do you have a git account where you can show your contributions to upstream projects?

Education is strictly for completed programs and degrees. Saying you learned unreal engine in a course is not going to be useful for a helpdesk job. If you are still in school, it's enough to list the institution, starting date and expected graduation.

I don’t really have any contributions to upstream projects or anything, I’m still in high school so I don’t really know what to put in education, what can I replace skills with from tryhackme?

is the GREM cert worth to have? Or any good in europe?

At the stage you're at, no one will expect you to have a massively complex CV with tonnes of experience. Don't try to pad it out with crap (e.g. fixing the router...), just list the stuff that you feel is important for the specific roles you are applying for. At this point I'd imagine those are probably internships?

Agreed with everything Juun said.

I would also suggest opening with a short personal statement. Move your education up to immediately after that -- usually you would put experience there, but in this case education is your strong point. Once you have experience, put that there instead and shift education down.
Again, you're in high school, so list your grades, and mention the relevant skills and how they are beneficial (i.e. don't just say what you did or that they "can help me use it in IT", tell the employer how those skills will be useful to them). Similarly, don't just list what you've learnt -- give the skills meaning. Once you have a degree(s), knock out the high school grades and just list the highest level of education.
Any certs you have can go in there as well.

Experience next. Knock out the "Informal" -- the bullet points make that fairly clear themselves (speaking of which, add bullet points to mark the sentences rather than just new lines).
You can knock out the "On my own" too -- what does that tell anyone?
Same as with education, list what you did, and more importantly, the transferable skills you have obtained. Don't waste words. Don't write filler content. Just short, to the point, what you did and why it is beneficial.

Skills as an outright section is a bit ew on a CV in my experience -- @flat sedge may disagree, if so, listen to him 😆.
You should be demonstrating your skills through your experience, rather than just listing what you know.
If you want to include that as a section, do the same as with the others. Cut the crap, just list what you can do but back it up and explain how it's transferable and useful. e.g. "proficient in linux" tells us nothing (and can also be merged into one bullet point with the windows on the next line).
That section, if included, should almost be a summary of your experience and education -- a bullet pointed list of evidenced points summarising what you can offer to the organisation. Personally I've never included it and been absolutely fine, but 🤷‍♂️

Oh, and formatting. As Juun said, this is their first impression of you. Neaten it up. Less white space if you can avoid it; you want it to look busy enough that it looks like efficient use of space, but not so busy that it's hard to read. Little splash of colour is usually okay, but that can go either way (personally I avoid it).
More importantly, the different line widths in the section separators looks... interesting. Follow standard design principles as far as you can -- you want to draw attention to the important points (which should be your name, contact details, and a hook -- i.e. a bio -- in the top third of the document because that's all the time you're gonna have before they discard the page if you fail to draw them in), then guide the eyes further down. Nothing disjointed, nothing that'll disrupt what they're seeing.
Bullet points are your friend there. Short statements are easier to digest than prose.

Slightly old copy (last one I have pre-redacted), but here's an example:
Bit of whitespace at the top to draw attention, then heading straight down into the personal profile.
The latest copy has the education section shifted and experience straight underneath as I'm not looking for a grad job now

Ok thank you!
So I see some things I plan to change now, the skills section either delete it or try to make it correlate with something like a project to show and not tell, leave less white space around, take away the useless stuff and add a personal bio

Gave +1 Rep to @undone shore

Also big thing it looks like is to make projects in GitHub and leaks it there,

The only problem I’m having now is that I have a lot of empty same I don’t really know what to do with lol, I’m trying to think of projects I’ve done but not much is coming up, guess it’s time to learn some more, question to everyone though is there a way to add tryhackme stuff? Like completed ctfs or your rank or anything of the nature involving here?

I personally wouldn't add it on my resume

Maybe talk about it on an interview or post about it on LinkedIn

I think that if you have some projects that required a lot of work then it might impress the employer. If they’re just “Hello World” in C then skip

Howdy everyone, I was asked to post this here.

I am an absolute beginner who is just starting out in my college courses, experience with THM, studying for an A+ cert to get started, and studying Python. I just wanted to see what might be a good fit for how I should approach studying, and how I can inject lightning into this whole thing so that I might get as much experience and knowledge as I can; not to seek a shortcut, merely to stop being a warehouse worker in the middle of the night.

My understanding is that the gold standard in the industry is hands-on experience, and I am willing to intern at my company on top of my normal job duties to gain additional experience, just so that I can get into a cyber security position quicker. I was wondering how I might go about balancing all of this, and what else I can do to learn, as I am worried about my current strategy of focusing on one subject. In the beginning, it was just THM rooms. I then got into college, and all of my focus shifted to the classes, which then stopped me from doing THM rooms. I have recently decided to add A+ study and Python into my focus, but I am worried I am not doing it right.

I just want to not be a warehouse worker, and break into systems I am not supposed to at the request of the owners of said systems at various firms and institutions.

If you focus on one thing at a time, you just need to make sure you finish it before you move on, e.g. don't move from doing TryHackMe if you are 70% done on a path.

If you finished an advanced path I would add a short sentence about it, seeing as you are still in high school and don't have work experience e.g. "Finishes Offensive Penetration Tester learning path and all pre-requisites on TryHackMe (175 hours)
If you have a certifications section I would add it there (after the other certifications)
If not, put it in the education section.

And I wouldn't mind going over your second draft of your resume.

Ok from what I’ve seen is that I’ve gotten learn more and do some more stuff to add to my resume, so I have a new question for all any profesional in this field, if you were fresh out of high school at 18 what would you do to get to where you are now?

I think I will need to revisit the Pickle Rick CTF room then...

When a room is added to a path it is added for a reason, if it is in a path you already completed you should definitely do it

There will always be more things to learn, the key is to be focused on a subject until you know it well enough for your goal. If you know what job you want, learn the relevant info for it, if not, learn skills that will be useful in this field regardless of the job. In TryHackMe, the pre-security, introduction to cyber security, absolute begginer, and web fundamentals are all paths that are usefull regardless what job you will go into, by the time you finish them, you should know what interests you most and what direction you want to go in.

Go to college/university

I'm curious, what difficulty would you give OSCP?

In what scale of reference?

erm, I haven't taken any certificate before, so I don't really have a scale for reference.

But I would say, in comparison to the network rooms in TryHackMe, without the guidance, maybe?

It was the first one I sat -- that was before the exam changes, back when it was still 5 isolated boxes. Not sure how the AD networks compare in the new version, but I can't imagine they're massively difficult given the level the coursework teaches to.
PWK teaches technique, but OSCP assumes technique and tests methodology. If you're comfortable managing your time and efforts, and have done the coursework then you should have as good a chance as anyone.

How difficult it is will very much depend on your prior experience and your mentality going in, as well as how you respond to the pressure in the exam. Between the proctoring and the time limit it can be quite overwhelming.

That said, it's a lot easier than the 300 level certs, so 🤷‍♂️

I see, wait, what certs are 300 level?

OSWE, OSEP, OSED (making up OSCE³), and I think OSMR is as well

Yeah, EXP-312

I see

Alright, thanks. my next goal would be OSCP then.

good luck bro !

GL!

@undone shore I am learning towards the burp suite certified practitioner, are there any other web pt certs? And how do they compare to port swigglers one?

Only one I've done for web is OSWE, which is very different from burp suite certified practitioner.

Great if you're interested in source code review and white box testing though.

what are the recommended cyber security certifications for a degree student with no long-term work experience?

Depends on what you want to do, but here are some examples:
Security in overall: Security+ by CompTia

Blue Teaming: BTL1, CySa+ but I would suggest to focus mainly on certs for technologies used by desired companies (AWS/Azure, Splunk) etc

Red Teaming or Pentesting: Pentest+, eJPT, eCPPT or OSCP

Thanks! for the CompTia certs, would you say Network+ would be good to have too?

Gave +1 Rep to @fringe spade

Yes, it would be valuable as a starting point, but it is not really security focused. You could look at some sample questions for Sec+ and see if its okay, if so then skip Network+. CCNA is also an interesting cert in terms of networking that I often see in job openings

what's a good cert for the theoretical side of infosec?

I'm confident in my technical skills but I think I lack the theoretical info that would make for a good higher up in infosec

CISSP looks very interesting however I don't have the 5 years work experience within infosec

A degree in CompSci or related IT usually takes the place of the true entry level certs.

Certs have ongoing business value, if you have a degree an employer should absolutely be paying for those.

Ah i see thanks for the info! I’m currently a compsci degree student however tryna do anything I can that may better my CV in the future

Gave +1 Rep to @flat sedge

Security+ is a broad cert, useful in the US, less so in other countries. A generic cert would also be CISA cert (not sure usefulness outside of the US)

Yall have any of them entry-level jobs

Please verify your recruiter status with @tacit bobcat before posting job reqs, please. As a recruiter, you can also post to #jobs-board

You may email me at hydra@tryhackme.com from your corpo account with the postings

Any ideas on a good entry level project to add on my resume if i'm applying as a SOC entry level analyst?

would you guys know of or recommend any IT internships for first year university students?

For this summer? You needed to start applying for those in january.

whoops, I had no idea. Could I still get some recommendations for next year then?

Ask your professors and career center; also look for recruiting events and job fairs held by the university, it's a pretty common thing and you can make some good contacts.

I have actually done all of those but the answer is always that they are looking for 3rd year to 4th year students.

I'm also new to the concept of internships as well. Back home we only had informal work which was almost always referred

Can you find them at conferences?

Update on projects: I found these:
-Build a Home Lab
-Conduct a vulnerability assessment
-Analyze malware samples
-Monitor newtork traffic
-Participate in CTFs
-Write security policies

Also gonna check out cyber mentor, i think he created a full blown Active Directory

Should I consider acquiring practical knowledge and skills from a local institute which is about 4 months in duration. Or should I prepare for certifications like security+ CEH or something similar?
I am an engineering student interested in cyber security and i am a novice. Please reply ASAP

Major topics Covered in the course

TCP/IP, L2- Switch and MLS configuration, L3- Router configuration, NAT, ACL
Active directory, RAID, Server Roles - DNS and DHCP, Zones, Security Management
Samba Server, Apache Server, Email security - SPF/DMARC
Information Gathering using - DNS, SNMP, SMTP
Port Scanning using NMAP
Evading Firewalls and IDS
Nmap Scripting Engine (NSE)
Port Scanning with Hping3
Operating System (OS) Fingerprinting
Port Scanning with Unicornscan
ARP spoofing and MiTM
MiTM with Ettercap
DNS Spoofing with dnspoof
Using MiTM with driftnet to View the Target’s Images
Using a MiTM attack to Spy on the Target
Using Ettercap to Alter Messages/Packets
MiTM attacks, Hijacking Software Updates
Buffer Overflow Exploitation, Fuzzing its Development
Working with Exploits: Using Exploit-DB to find Exploits
Password Cracking – Beyond Brute-Force
VAPT using Metasploit framework
Website indexing using Burpsuite
Web scrapping with python modules
Network sniffing using Wireshark

@cerulean fjord read what I wrote in #general but also read what these folks have to say

I'd have job hopped more I think, I didn't go to uni and still don't regret that decision. I did stay too long at some jobs

Did u go the normal route of help desk then?

I started working at an electronics shop selling PC's, laptops etc. The only IT experience I got there was installing Windows as an extra service.
I then did an internship as part of college where I studied IT, the internship was at a computer repair shop where I was removing malware, building PC's etc.
When I got my diploma, the shop wouldn't hire me so I went to work on the helpdesk of a major ISP.
I then moved to another country, worked in a warehouse for a little bit until I found a job at a large corp where I scheduled visits for engineers and ensured they got the correct parts etc.
Then I found a new internal job for their managed service department and work as a systems admin for their clients.
I then found a new job on the helpdesk for a software company, where I learned a lot about SQL databases. Whilst working there I dove more into Cyber Security, I did security assessments on the software. The company appreciated it but didn't think they needed someone fulltime to do that.
I then found my current job, at a consultancy company where I now do cloud security

That's a summary of my 10+ years experience. I think I stayed too long at the software company, I should've switched to cloud sooner

That’s super cool!

The moral of my story is that you don't need to go to uni, work experience is way better than textbook experience

Yeah, I hear that a lot, can you give me any advice on getting a help desk job? I’m just about to be out of high school and was wondering if I can start there and how to.

The comptia A+ cert is good for an IT help desk position

You need to build up a good foundation first, otherwise everything will fall apart.

Learn basic computing, networking, security, application, scripting principles.
Focus on getting better at triaging
Develop a customer first attitude

I'd say for me those were my top 3 things I focussed on when looking for helpdesk positions. On the job you'll learn how to properly listen, how to have difficult conversations, deal with management etc. Never stop learning, keep your eye on the prize which is the field you ultimately wanna be in.

Beware that Helpdesk positions tend to be entry-level, and thus there may be ALOT of competition. You need to stand out and a little luck

Ok last question, besides the A+ cert the guy above said, is there any way to show those skills besides having experience?

I tend to use my CV for that, when I write about my previous jobs I try to showcase my skills there. I actually haven't got a single IT cert 😅

Here's an example from one of my helpdesk roles:

Netherlands. Investigate reports from clients pertaining to the software and liaise with other business
units depending on the nature of the report. Utilize monitoring software such as SQL Server Profiler and
Procmon to diagnose software issues. Liaise with client's IT department for environmental related issues
such as insufficient permissions or network related issues. Write custom SQL queries to diagnose issues
caused by corrupted data. Create custom reports utilizing SAP Crystal Reports so that clients can
monitor performance and utilization of assets managed by the software. Document complex issues so
that other Analysts can refer to this should they encounter it and share this with the development team
to provide a fix. Automate troubleshooting steps to increase productivity across the team utilizing
PowerShell and Batch. Test the security of the software during my downtime and report security
vulnerabilities to the development team.```

A recruiter can easily read this in under 5 minutes and they can see immediately what I have done for that company

i swear recruiters prefer bullet points of your exp

cause they are too lazy to read a paragraph

It's easier to ingest information in a bulleted form than a paragraph

It also removes unnecessary fluff that you'll see in paragraphs

walls of text are a good way to get your resume in the virtual trash

Yep

Is there such a thing as too many bullet points?

yes but no bullet points is too few

noted thank you.

Gave +1 Rep to @pseudo creek

Yes, 3 bullets is a good amount. Over 4 starts to get cluttered

noted thank you

and don't bullet point everything

This is how the professionals do it: https://www.theladders.com/resume

You've pointed me to there before, I have it bookmarked. 🙂

yes and don't try to get fancy, no pictures, no columns, no color blocks

Oh no, my last resume was just plain black and white text.

I have an open position as senior incident response/pentester on the purple team at my company, can I post the job here?

If anyone’s interested feel free to DM, I’ll give more info tomorrow. Fortune 100 company, most likely remote/hybrid position and will be like 130-170k base

You'll need to talk to @tacit bobcat in order to get the recruiter role. Then you'll be able to post it in #jobs-board

How does the burp suite practitioner certification compare to other web certifications(eWPT, eWPTXv2, PSWA, OSWE), in terms of marketability and difficulty? Also, are there any other certs in websec I should know about?(offensive web focuse)

Hey how can i get in contact with the admin teams at TryHackMe

the #site-support and #room-help are great start

please email me at hydra@tryhackme.com from your corpo account with the details of the posting to request access to the jobs board. Thanks

Gave +1 Rep to @quaint flare

depends on what you need

@tacit bobcat is kali linux debian 10 or 11

good question, shall we ask google?

Already did , it shows 10

But its old one

that's an older article

Yep

That's why I asked here

https://www.kali.org/docs/policy/kali-linux-relationship-with-debian/ says it's based on debian-testing, which to me implies at least most recent

also this probably isn't the right channel tbh

But do u know the answer

I know that answer

Tell me then

and the correct answer is probably 11 with heavy modifications

U means if i am using kali 2023.1 , i can install program based for debian 11

I encourage you to read https://wiki.debian.org/DontBreakDebian

especially point 1

But it doesn't tell anything about my question

yes, it does. it says do not mix repos from different sources

Can u explain

if it's in the debian repos, it's also in the kali repos

So it means i can download virtual box based on debian 11

On kali

why is your kali not in a VM already?

I want to use it as my main is

Os*

that's generally not recommended

Kali is a specialized distro and also has the bad habit of breaking fairly easily

use a more mainstream distribution as a mainline and virtualize the kali

I also use Kali on virtual box, but i wanna install it on my second laptop to check some things

I just want to do some research on kali as a main os for some months

https://www.kali.org/docs/virtualization/install-virtualbox-host/ try this?

if you want to research you'll need to be prepared to search and read the docs. lots of docs

I think there is a easy way that is just dpkg

I will do it

Hey everyone 👋

British student here looking for some work experience that is required for sixth form, was just wondering if anyone here would be able to any insight or knew any available ones? Having some real trouble trying to get a place.

How are you currently trying to find placements? Have you asked the IT department in your school first?

Yes ive tried asking my IT department & phoned multiple cyber companies in my area - none are able to

What are y'alls opinion on the OSCP 2023 update? https://www.offsec.com/offsec/pen-200-2023/

Hi all have a question if no schools for Cyber Security that I have done are good enough for me to even get a job. How about I offer to pay a Cyber Security company to train me for a entry level job in the field of Cyber Security I will not fork out anymore money to these BS schools who claim to get me a job for the price they charge. What you say I would pay you to train me.

I think you already asked this question?

My answer will be the same, don't do that.

Why these schools a re a joke

Scrolling back, Juun and zojja gave a lot of good advice.

Its Comptia Certs which I have studied for and got no where

how about the Google IT Support Course its supposed to be beginner

I would stop trying to throw money at things until you come up with a solid course of action.

I read the Google IT Support I could land a job atleast in HelpDesk

I am trying to finish the THM Jr Pentester Course

You don't need certifications to get a job on helpdesk.

If you write your resume properly with your customer service experience, you'll do fine.

Ok thats not what I hear in the US but ok I will look into this

You're listening to the wrong people

Well I am about to stop studying this stuff and get trained for a job and start working right now I am sick of IT and Cyber BS I cant keep waiting to get a Cert or degree or whatever to get a job if I have to do all this then the job probably is not worth this much effort.

There are a lot of IT jobs that do not require certifications, it is not common in the UK to see a job that asks for certifications from what I recall.

Obviously, especially for engineering positions, they will want experience or certain skills, but not certifications.

Oh no I am in the United States of America

sorry

Zojja and I gave you a lot of advice. My answer won't change just because you waited a few days and asked again.

Gave +1 Rep to @flat sedge

And both juun and I are in the US

Would you say CTF challenges can be helpful on a job application? Seeing how I can't get any experience without getting a job, and I am really struggling to get a job with no experience, do you think there's a better way of highlighting my interest in Penetration Testing? P.S. - I do have over five years as a Software Engineer, but it appears to be mostly irrelevant to recruiters as far as I can tell

Yes when applying for junior roles I’ve been asked about my experience in CTF’s

what types of jobs are you applying for that they would think software engineering is irrelevant?

I mean if a job asks for 5 years in cyber, and you apply for it, yeah I get that

I apply to anything that you would consider Junior, so no experience or up to a year

I only have one that I can put on my CV confidently, but I’ll keep participating in more popular ones, thanks 😄

Gave +1 Rep to @fringe spade

Hello Azsure Zojja what study material would be good for a beginner trying to study for the CompTIA Security+ / Network + exams should I get the material from CompTIA website

Professor Messer on Youtube. Google him

Ok thanks

how much should i priorotize getting a degree for making a career in cybersec?

Are you still in school? Do you have professional experience in another sector of the computer industry? Any industry certifications?

i am going to finish school

bout to enter a college

in sha allah

i am looking for blockchain or cyber sec

Degrees help as they let you skip certain things towards the beginning of your career and put you in a higher earning category than your counterparts who don't have degrees

Computer Science is a good all around choice as cybersecurity programs really haven't matured yet.

a bachelors in Cs?

hmm

well i think it would be fair to assume that i can talk about blockchain as well

IMO cybersec programs belong in vocational training, not academic with only a few exceptions. It's one of those things where I think academia and research is a highly specialized discipline within the security domain that absolutely requires a very solid grounding in EE or CS

blockchain still hasn't demonstrated that it does anything better than traditional banking, and with the recent coin exchange collapses and shenanigans, i hear a lot of whining from crypto bros about how they need FDIC backing and regulation

how much of my career in blockchain will be dependent on cryptography ?

Why are you so set on blockchain?

well , one reason is that it has demand and is having potential

and , a lot of free space for developers

but sure i dont know if thats the right path for me

this is just my opinion, but blockchain doesn't actually create or provide value as a product. Future value is created through new "investors" throwing money into it, and that's part of the definition of pyramid or ponzi schemes

be wary about buying into it, as it doesn't actually have a value proposition that is measurable

is it undoudbtable that blockchain is only for cryptocurrency ?

or does it serve other non-crypto purpose ?

as well*

@flat sedge

blockchain is great for non-repudiation. But what about the scenario where bad data gets inserted into the blockchain? How should one recover from having malicious content be part of the immutable chain? This question is the origin of the etherium split, and I don't think that computation cost for the next block is worth it compared to traditional storage and monitoring solutions.

I'm sure that someday, someone will come up with a novel use for it that is a good solution, but I am convinced that day has not come and I'm doubtful that it will be in my lifetime.

It has a lot of potential to be a fad just like everything before it as well.
Become a well rounded individual

well, a craze about something is far more incorrect for the assumpion that it will be a failure rather its a medium to presume about its success, why are people so agaisnt it then?

soo asgainst *

against *********

I don't understand what you mean.

I don't understand what you're trying to say either

i mean everything i talk about blockchain, i get to hear that its all just a craze and will go down the hill just the same way it got up the hill. Why?

everytime *

Because it doesn't have demonstrable value.

Also because a LOT of the current use is driven by hype and marketing

how so, its being in use in the p2p network for many transactions

It's currently a buzzword.

already

hm

It seems a bit pointless to ask for advice and then disregard it in my opinion

I need some sourcing on that. Which p2p network? What kinds of transactions? Eventually the cost of calculating a transaction block becomes so large that it has to be measured in years.

umm , i guess for sourcing , i just have heard so.

Eg, mining a block in bitcoin is as likely as winning the lottery.

ik it has tons of risk

You're missing my point entirely. Risk is high, that is true, but it's not the focus of my critique.

nowadays not all crypto currencies use mining though

there is the proof of stake model instead of proof of work model that is getting decently competitive

where someone puts a lot of the crypto currency in a wallet and stake it making new blocks and getting paid for it that way instead of the traditional mining

what this has to do with cyber and careers is not something shadow knows though

are there any coins using proof of stake? Noises have been made about it for years, I haven't been in the loop on staking for years.

peercoin was the first.... etherium kinda does it nowadays

Looking into how staking works, it is a more reliable way to 'get' a block credit, but it doesn't actually do anything to reduce the computational cost of creating a block.

it is at least not mining which just waste compute cycles and power to no end ¯_(ツ)_/¯

I get that. It's still significantly more costly, and in effect the decentralization fails because the gas costs are too much for 'casual' validators to get into the game. That's my reading of the long-term impact, I expect that as proof of stake expands, the minimum stake required to become a validator will rise.

It means there's not a constant burn of energy, it cuts back significantly in wasted effort at least

2022-09-15 seems to be the date etherium switched to proof of stake

Am I missing something? That 'saved' cost is mostly because of the non-compete for block production

and yeah agree that the minimum staking amount if you wanna do it yourself instead of a pool is stupid high

You're not spinning processors at max trying to hash stuff

Instead you're staking your coins as the attack resistance, you're saying "this is the agreed state of the network and I have so much faith in this that I will stake my currency on it"

The voting power isn't hashrate, it's now how much you own.
How much of a hypercapitalist nightmare this is is another discussion for elsewhere

That doesn't seem like much of an integrity boost, to be honest. But yeah, I agree. It's starting to devolve into Ayn Rand fantasy world stuff, so I'm willing to shelve it

Yeah it's not so much for integrity

Both ways are vulnerable to "51%" attacks, where you control 51% of thr voting power (hashrate, coins)

oooh that would be fun against etherium... just imagine how much money 51% of all etherium is

You don't need 51% of all etherium, just 51% of a voting pool for a validator node 🙂

true pools throw wrenches that make the 51% attack a lot more possible

Validator nodes need to reach consensus, no? Hitting one node shouldn't change the consensus?

Accounting for malicious validator nodes etc

I thought the point of proof of stake is pay the gas fees to become a candidate for transaction validation?

Honestly not a clue

Anyway this isn't the crypto channel

@lament fossil tl;dr you need to have a robust plan. If the fad goes away, you'll be out of luck.

A good plan accounts for things going wrong

not just wrong... but the worst possible way it can go wrong

prepare for the worst, hope for the best 😄

i need help hacking roblox

@quick forum ⬆️ wanna have some fun???

:hammer: Alexa <3#3816 has been banned.

guys i am trying to clear my ip adress history by using the windows CMD 'cmd / k ipconfig / release ' but i am not loosing my internet access after running command. Loosing access is an indication that youre history has been cleared on the network. The access can be secured by running the same command except that you give 'renew' in place of 'release'

can anyone confirm if not loosing access works just fine too?

As far as i remember this is for DNS not ip address history.

also you are if i'm not mistaken, i see your command is cmd / k ipconfig / release

that might also be the issue, as there is error in your syntax

DHCP.

woah. sorry bout that i'll correct my notes !

Dynamic Host Configuration protocol!

the way i did this was ipconfig /release than i did ipconfig /renew to reassign

This is on my home network not corpo*

ayooo James good to see btw

So since ninja mentioned DHCP, this doesn't clear your IP history , rather it reassigns a new IP address

And my notes also say DHCP

shoulda fact checked myself before impulsively responding

@dim wagon This isn’t the place to sell things

sure, feel free to DM me

i'll take a look if you dm

Okay to post a redacted resume on here ?

sure

So, this just releases your current DHCP lease, and then "renews" a new one. But it's just tied to your machine. So your router will just give you a new IP, this does nothing to change your externally facing IP address.

If that is what you want, a new local IP, then you're doing the correct thing, though some "smarter" routers will just give you the same IP back because its the lowest in the range and free lol.

If you're trying to change you internet facing IP, this will do nothing for you.

Sounds good. It's not the best redacted but here goes. Still working on a couple domains

My strongest suit is customer service as I've been in customer service and sales for going on 12 years

Also have strong marketing fundamental skills which I didn't add

I redlined this resume to be more targeted towards cyber security and IT positions

whats the difference between the ip address thats being changed and the facing IP?

From the way I understood it is, your facing IP is your public IP address that goes out on the internet. Your Dynamic IP "the IP that can change" is your local internal private IP address that doesn't go out to the internet

I think you can disable DHCP by configuring your IP from Dynamic to Static

You are mistaken, the dynamic ip is your face ip

Someone's public facing IP address can be dynamic or static, depending on their ISP

Generally, home routers are configured to have DHCP

why y'all talking about DHCP in a careers channel?

The IP you're changing with that command is simply the IP your DHCP server has handed your PC. It's a local IP. Your internet provider has also assigned an IP to your router. When you communicate out to the internet your router uses NAT to swap out the private IP of your machine for it's public IP and send the request. When it gets a response it reverses that and send your machine the packet.

That's a good point

can you take this convo to #general or #infosec-general

Yep 👍

👋 Does anyone know how hard it is to get CKAD after getting CKA? Is it a case of study for a week or two extra and you can get CKAD? 😄 (Kubernetes certs)

They're completely separate exams covering different aspects of the platform, the security one is different as well

Hey all. I'm planning to try to pivot into an IT / infosec career next year. I've just finished sec+ and wonder if doing cysa or pentest+ as part of a general base of certs is wise? I'm fortunate to not be in a mega hurry so want to build a decent resume in lieue of industry experience. My initial plan was net+ sec+, some cloud (azure) certs and then CRTP or CPTS maybe. I wonder whether being in the comptia groove means I should push on and do one more?

I think that CySA+ is a decent certification (for blue team), and it has a lot of overlap with Cisco CyberOps Associate. It's also a stepping stone towards CASP+.

PenTest+ isn't a good certification, because it's all theory based, with no practical element. E.g. you need to memorise the various arguments for nmap, but the exam doesn't ask you to actually run a port scan against a target machine. If you want to actually be a pen tester, you'd be better off with eJPT as a stepping stone towards OSCP or similar.

Ah great! Thanks, exactly thr sort of feedback I was hoping for. In terms of what my specific career goal is I'm still a bit fluffy, hence more "generic" aims. I do a lot of CTFs and in an ideal world enjoy the idea of red team / threat hunting (enjoy offensive, find global cyber politics and apt activity fascinating) the reality is I'm older, moving from a different industry and would need lots of experience before being considered in that realm, so even just starting SOC etc seems likely.

Gave +1 Rep to @rugged nimbus

Any good CISSP podcasts/audio books to listen to?

like for studying or for funsies?

Studying. I wouldn't say it's very fun lol

I'm studying from a book now, but looking for something for car rides, etc. for supplemental learning

maybe ITProTV? I think the guy from them does a CISSP prep

I'll check it out! Thanks

Gave +1 Rep to @pseudo creek

I was wondering if I could ask your guys's opinion on something,
is the quality of life in cybersecurity lower than careers like software engineering?
i keep hearing about things like uber firing their entire security team after a breach.
I also hear a lot of stories from people in cyber who constantly get ignored by their managers.
am I only seeing exaggerated stories or is this what really happens?

It really depends on multiple aspects. I would say that both software engineering and cybersec can be stressful.

Software engineers are very often laid off (recent 6 months for example) and they are also working overtime. This will mostly be influenced by the company you work at.

It also depends on the specialisation, most of the time SOC analysts will experience more stress than penetration testers, due to the nature of the job. Also, there is a reason why the OSCP exam has very limited time that can influence your stress, but such situations can also occur in other niches even outside of IT.

I get ignored a lot by managers during auditing but tbf, its how the security is also setup in the company. If the company has a strict security, they will also comply

so cyber can be tough because sometimes you are looked at as a hinderance to work. Unless you work at a company doing cyber, you are also considered a cost adder. Now the good thing is that overall a good cyber security program can reduce costs, support a company's efforts and all that. You can get managerial support , you can work for an org that values security. I'd say software engineering sounds super stressful to me, cyber can be stressful but I'd still choose cyber if I had to choose all over again

Yeah for sure, a lot of people see us as a blockage to their normal work

is it doable to find an internship in the europe or the us

i don't mind paying for the visa

so far i applied for a few positions and i got hardly anything

You don't pay for a work visa. You have to be sponsored by the company you're working for. Internships are also for students in higher education, so undergrad and postgraduate studies, generally.

If you're looking for an internship, looking in your local area is likely the best bet as relocation is typically rare.

really

H1-B is the typical work visa that companies look for. I've never seen this visa designation before, so I can't provide insight.

yes that's right, h1-b is for full-time work, this is for an internship

Also, it says non-immigrant, which likely means you'll have to leave

H1-B is all work, not just full time. The difference is you can persue a green card at the same time and stay in the country.

yeah my bad

how hard then is it to get an internship in general

if i already have one internship experience

Idk, I don't know enough about the J-1 visa but it seems the applicants can be taken advantage of

I only did one internship

Then got a job after I finished my degree

In the US, you generally have to be enrolled in a US university/college to have an internship. Also looks like a J-1 visa is a foreign exchange visa (aka you come here to live with a US family / go to school for a period of time 3-12 months or so). Usually companies coordinate such things and take lots of $$$ for such things.

oh also looks like J-1 visas can be used for things like if you are a professor / researcher from another country, you can come here to work temporarily

aha im not a professor or researcher from anywhere

take lots of money? you mean the company pays a lot of money?

yeah it is for some very specific purposes

the company collects lots of money from students in order to go to school here (and vice versa)

yeah i do not mind

also do i have to be very good to get an internship in the US

im really lazy, i spend days not studying

well that is for going to school here temporarily, not for an internship

you couldn't work here, only few instances of the J-1 visa allow you to work (like I said, a visiting professor / researcher)

hm?

i went to summer exchange on an F-1 visa though

so basically it is a cultural exchange type thing

so think of.... things like, a camp counselor for the summer with little kids

it has some very specific use cases

eh?

doesn't it say intern right there

I will say that tech internships generally all require you to be enrolled in a US university or college

or am i mistaken

oh

yes, but there are different type of internships

i see

like hotels and other hospitality orgs generally seem to use J-1 internships although looking at them, they also seem to require you to be at a US university/college

anyway, you could look for an internship that does sponsorship, that would be the first step, there is a website that has various internships it looks like https://www.globalinternships.com/intrax/search-internships

just be careful and don't get scammed

there are no IT internships,

well that may be your challenge

Gonna leave this here for people who ask if it's worth adding Tryhackme to skills or education in CV or Linkedin profile or whatever. These plusses from the screenshot are from a JD i got for Managed XDR Analyst job...

Top rank?

What would you count as a top rank?

Especially when you can get top % with Google.

It's also not experience, which is the main knitpick when it comes to THM/HTB on resumes

It's fine to put it in an extracurricular category

Both of you are right, i guess that maybe the experience that you could get from these platforms and i guess that if you would have the opportunity to somehow prove some of the knowledge gathered from this that would actually count.

I mean if i would have an interview with someone and he would have this TOP ranks on a platform like this i would try to understand what did he actually learn from them, in general, to have an idea if he actually achieved those top ranks with google as Scrubz said.

I started kind of newbish and i am still considering myself a newb, i am also very overwhelmed sometimes because i also work in the field and unfortunately i had to learn and deduct most of the things on my own, with exceptions of course. And i relied a lot of google, finding things including walkthroughs for tryhackme rooms to find things that i simply didn't understand or didn't work as expected.

But did this only to understand not to just Copy Paste the answers or something, so i guess it matters a lot also how you use google for this...

i mean i still use thm while im doing a test

as like a "reference guide" for some things

so as long as you understand shit you don't need to have everything ready off the top of ur head

experience maybe not but i don't see any issues with it appearing at education, you are actually learning something, you are educating yourself on the cybersecurity field, how much will you learn and how good are you actually gonna be after in this depends on the individual of course. I personally would consider this more valuable than some of my acquaintances diplomas and certifications obtained with different schemes, money and so on... But yeah, this doesn't mean that everybody should post these in their CV or whatever, you should analyze yourself and your skills before considering a position, job...

Cooking. I'll respond once I get to read your messages in full

ehh no worries, sorry for the wall of text anyways 😄

It's not formal education

yeah no, i clearly understand that, maybe throw in a courses category in the CV or whatever, extracurricular education as Google said, but it's still a form of education. If you actually gain some knowledge, practice or if you actually learn something from it that's another story, but this is valid for formal education also, regardless of the certifications and diplomas you have...

The issue with putting it in education, is that education as a resume category means formal learning and degrees. I would have no issue with someone putting THM/HTB/other labs in 'Personal Interests' or 'Other Learning' but there is no degree path for THM.

THM lacks the academic rigor of higher ed

And if you list unaccredited learning platforms under Education, hiring managers and HR are not going to give you much in the way of benefit of the doubt

yeah i understand and in most cases this is valid because the usual pattern in a resume for education is formal, so yeah definitely it doesn't belong along with university degrees or similar, but i think it would be suited for other education categories, like course or whatever

I guess? But the state of hiring is that the Education category has an expectation of in progress or completed formal education. Ad hoc education doesn't count for this, as there is no proctored exam or other applicative measure that can be accredited by an organizing body. Part of the value of a degree (regardless of the major area of study) is the rigor and broadness of the degree path.

There's not quite a guarantee that the candidate knows everything that the degree says they should know, but the likelihood of coming at least close to that bar is much higher than another candidate without a degree. It's exactly like that misunderstanding a few days (maybe a couple weeks) of someone who took a masterclass type of learning course from a vendor and didn't understand that isn't the same thing as a Master's Degree from a University.

Yeah i mean didn't actually think it so in depth, it clearly makes sense what you are saying. I was referring to it in a more general way, like some bonus courses, achievement or whatever they would be categorized as, education related also but considering you already have other things in there also, like the things mentioned by you...

I get what you're saying. But there is an expectation in the corpo world of what belongs on a resume, and deviations from that standard is going to do you a huge disservice in finding a job or moving your career forward

I for example, besides the technical college and law university that i have finished and besides some courses that i gathered along the way, i have 0 certifications in cyber and been working for 3 years now as a soc analyst and got a lot of job offers without having these things in my CV and linkedin profile. How many of these offers ended up in a new hiring? None... How many ended up with a interview, quite a few and most of them were rejected by me because of various reasons.

In my case, i could get hired on a new job without actually having a formal education in the field and i actually brought up tryhackme and other platforms at interviews and some of them were interested in this. But i am aware that i was lucky also to get the soc analyst job without any proper cyber experience in the first place and that i am not the norm. And i am pretty pretty sure that things would looked totally different with some formal education and certifications so yeah, i understand what you are saying.

Good talk anyways juun, these conversations make me think and try to focus more in getting at least a security+ or whatever kind of exam/certification because i really run away from them, never feel prepared enough and this is kind of dragging me down...

The impostor syndrome is very strong in me and even if i hate to admit it, the lack of formal education that you guys are mentioning is a big part of what is sustaining that syndrome 😄

You don't really need formal cybersecurity education for a SOC analyst role - background is super important, and being able to relate previous work to some aspect of cybersecurity is often enough to get your foot in the door. Once you are in, it's a matter of being self-driven to learn and to figure out the silos and webs of what's connected and what's not and why.

It's one of the reasons that it's common for sysadmins and netadmins to make the jump, but many backgrounds have relevant experiences

yeah true, i mean i didn't get this position out of the air, had a lot of IT background even tho not related to cyber but yeah, you are right. Still tho, it's kind of time to certify some of the knowledge i have gathered, for my own boost of confidence that i would 100% get from this kind of experience 🙂

Still haven't gotten hired for an IT role... I've been told my resumes are good, I have the education and certifications, and I have a job history, even though it's in an unrelated field. Going to try a job fair in a couple of days, see if I can't get some face to face input. Meanwhile, I'm back at my old job... w/ a paycut despite how many years I've been there. LOL Better than nothing and it pays the bills for now.

Good luck and keep pushing. It can be tricky to pivot but persistence pays off.

What certs do you have? Just curious

have you been getting interviews? usually if you are getting interviews, chances are your resume is fine. It is also a tough time out there right now, lots of companies laying off

When do you think things will stabilize

I've been seeing the attrition rate also go high after the lay offs

this may take a few years, the dot com bubble took about 5 years to stabilize

CompTIA: ITF+, A+, Net+, and Sec+
Just took and passed (ISC)2 Certified in Cyber Security exam last week, but don't have the cert yet.
Hoping to add Linux+ to my list by May.

i don't think the current layoff situation is the same; when the dot com bubble burst a lot of startups were suddenly not able to get the investor funds they were relying on to keep the doors open.

Most of the layoffs I've heard about haven't been driven by shutting doors, those companies are likely to continue to exist, and will realize their talent deficit in the short term.

Just mostly the recruiters... Then I don't hear anything after that. I've never been a fan of recruiters. They don't really know anything... Just pretty faces with a list of keywords to look at and pass the buck.

maybe drop a redacted resume here? I mean you should be getting interviews if your resume is fine.. recruiters talk a lot of shit

but lots of companies are downsizing, I mean from the dot com bubble, lots of large companies downsized as well as small companies drying up

it took about 5 years or so for companies to start growing again, it was a slow growth

fair - i still think that the downsizing is more shareholder value games than driven by any real business need to reduce workforce. AFAICT the market hasn't shrunk, and sales aren't down enough to run a deficit overall. I'm sure there are exceptions, but none of the big tech companies lost actual money in the FY quarters running up to the layoffs in Q1

yeah it could be, I see a lot of cautionary moves by businesses ahead of what they think could be a downturn but then they do things that could cause a downturn

For the most part yeah but some are great. Tip: if you find a good one, keep in contact with them

That and everyone has an opinion (professional or not) about how a resume should be or what it should contain... so you end up trying to please everyone and you still end up nowhere.

I thought I had one or two... but in the end they weren't as helpful as they seemed to be.

All things considered, if you have to listen to an opinion on a CV, Zojja is a pretty damn good choice to listen to.

I meant no offense on that statement... just an observation based on experience.

That's what I've done so far and it's with the help of a friend who is a former SOC manager.

so your resume is your resume, I'd just make a few suggestions. I've done a ton of resume reviews for all level of cyber positions, so I've seen a lot of good and bad resumes but you can take what advice you want and leave what you don't.

You are someone who has 13 years of work experience except that isn't seen until the 2nd page. Generally hiring managers may never get to your 2nd page so you have to make your first page strong.

1. Your first page is your most valuable, you can save a bit of space by right and left justifying your name / contact info and removing the line.

2. In the US, it is kind of a toss up on whether to put a summary / profile but if you are a job changer, it is pretty important to let someone know why you are applying for a job. What your goals are. You really only need 1-2 lines to do this. Unsure if you are in the US but other countries seem to favor a summary / profile at the top as well.

3. Education - So a question is... are you in the process of doing a CCNA course or did you already do the CCNA course and then didn't get the cert? I'll say adding something where you were trained for a cert but then didn't get your cert is more likely to hurt you than help you. I would move your education section to the very end as it is less critical than the fact that you have job experience.

4. Skills - Generally what is like to be seen is what you can actually do. So slightly verbose sentences can help you a bit here inserting various tools. Like you mention incident response but what tools / methods have you used regarding that? You mention O365 (which is now Microsoft 365) but what can you do, can you administer it? An example would be something like "Network analysis using wireshark". "Configuring Cisco routers and switches", etc. And there are going to be a few things that I'd drop such as Virtualbox and PuTTY. I would say you could even put "Understand cyber security concepts including Risk Management and Cyber Kill Chain" but those are kind of iffy as things to put on a resume.

5. Soft Skills - This is where I say that this does not belong on your resume. Generally a resume should have objective items and subjective items should be left to an interview. If a company chooses to interview you, they will test your soft skills. And basically everyone tries to list soft skills.

6. Work experience - I hate to say you need to spin this but you need to elevate your work a bit. Instead of "Create help desk tickets", what did you actually do? Did you work with customers to determine possible next steps? Did you work with customers to determine possible direction regarding issues and concerns? And I'm going to say that "Quickly and efficiently coordinate the processing and delivery of urgent needs of customers" doesn't seem to make sense to me. Are you saying that you coordinated with customers to determine their issues and worked their issues to resolution? One thing you have to consider here is why would a manager hire you? And really tailor your experience section to try to add as impactful as possible responsibilities. Also no need to list 40 hours/week, that is going to be assumed.

7. Professional development. So you list a certification here, why isn't that in the certification section? I would nix your 2nd line and just list the certification in your certifications. In general, you can list "Continual cyber security learning on TryHackMe.com" but I wouldn't dedicate more than 1 line to THM.

TLDR; re-organize your resume a little, ensure that work experience is on first page, get rid of soft skills, move education to the end, and lastly, use some power words for your work experience.
This link is great for action words to use in your work experience.
https://www.themuse.com/advice/185-powerful-verbs-that-will-make-your-resume-awesome

I actually have more than 13 years of experience, but because I work at my current job for at least 10 years, I don't bother putting anything before that as I was told anything after 10 years isn't necessary unless it's related to the job applying for. My job isn't IT/Cyber Security related, so it's at the bottom where my education and learned skills are IT/Cyber Security focused so it's at the top. I completed a Technical Certification program in December, but due to covid stuff, they don't do the graduation stuff. All I have currently is unofficial transcripts. We're waiting to hear back about when we should be getting the official certifications. It was called Cisco Certified Network Administrator when I started the program.
I can't list that I have the ISC2 certification because I don't have it and per their organizational guidelines I can't really explain that whole thing... it's like an NDA type of situation, same with I can't share a lot of details about my job because it's HIPAA regulated stuff.
I had a summary explaining my work history and my goal to switch careers, but I had a bunch of people tell me to get rid of it because it's not something people care for anymore.
Skills - I had them verbose, then was told "You don't need to say this, it should be automatic." I've also had it as "Microsoft 365" and then was told "change it to O365" I also had "Configuring Cisco routers and switches" but was also told it would hurt me because they may not use Cisco products. I even had the same statment for the Risk Management and Cyber Kill Chain... except I worded as "I have basic understanding of...." and they said "Remove that."
Soft skills - I've had friends from Europe show me their resumes on how they got their cyber security job and they included soft skills.

As for the THM stuff, I was told to be specific on what I completed as for professional growth.

So you can see why I'm having a hard time with my resume... I just want it to be specific to what I know and can do, not decorate it like it's got to have rainbows and unicorn farts. LOL

I work in a highly regulated industry, you don't have to give specifics about your job, you can be generic and also show what you did. Again, a certification includes a test, are you saying the program you did is giving you a CCNA without taking the CCNA test? And for ISC2, you can say "Associate of ISC2".

I mean I'm just giving you my feedback as someone from the US, who has helped other people get their resumes into shape and successfully gotten jobs as well as someone who reviews dozens of resumes every year for a large multi national company. Like I said, your resume, is your resume. You don't have to take any advice from me you don't want to

it doesn't hurt my feelings at all, but I'd say your resume is probably below average of resumes and that isn't based on your experience, it is based on really not telling a good story

its certainly not the worst

The CCNA isn't actually for the CCNA... it does involve coursework related to CCNA. It's a 1 year technical certification from a vocational school.

I would probably frame it that like "technical Cisco networking training" or something similar

The certification is for the program, not specifically CCNA. I understand the confusion as much as anyone else because the program is called CCNA... and there's an actual certification.

Yeah, that's what I tried to frame it as... again, got told to remove the technical part.

but its a certificate of completion right?

Yeah, it's basically what it is...

I completed 1 year of technical training.

hands-on technical training.

That was my summary to help explain the education.

I wouldn't do that, I would basically add something indicating your goals / interests

you don't need to explain the education other than be more explicit in what it is but maybe because it is blacked out, i can't tell... I just say if I see CCNA, I think of the official certification

Well you did say show a redacted resume... I redacted everything that would give away any information that might potentially hurt me, which was names of companies and my own personal info.

yeah but again, would employers understand it isn't the Cisco Certificated Network Associate?

Well it's too late for me to make the changes and print out for an updated resume for tomorrow because I'm broke, don't have the time to find somewhere to print out the resume and go to the job fair as I have an appt scheduled. So I'll just have to hope my social skills work for me in explaining why I suck at resume building.

Don't take that the wrong way. I appreciate the help.

well good luck at the job fair, I'd definitely be prepared to talk about your goals, the program you were in and your interests, I didn't know you were going to a job fair, I just think overall you could do a few tweaks and get better feedback overall

I'm just in a bad place... of course any help I can get is greatly appreciated.

Again, thanks for the help you provided. I'm going to get to bed so I can get enough rest to be prepared for tomorrow.

I agree with everything zojja said, with the addition that Skills shouldn't usually be an entire page. Can you summarize that into 3-5 lines, then proceed with work history, et al?

I also wouldn't list every distro you've worked with, if you are deeply knowledgeable within the ecosystem of 1 distro, that is cross-applicable to pretty much everything.

I have a question for some of the experienced resume reviewers.. I am trying to change careers into a cyber security job.

I have an IT related education (5 year apprenticeship) as and IT Infrastructure tech. Although it is about 6 years old at this point.

In the meantime I served my time in the military though not in something IT related. I have however been learning through THM, HTB, TCM and various CTF's over the last year.

My question, how much work experience would I keep on my resume, as it is not relevant for the job I am applying for?

Also, if anyone want to take a look at my resume that would be greatly appreciated.

Your work experience should stay. It shows that you were employed and doesn't leave a huge gap where people ask questions. You can post a redacted PNG of your resume here to be reviewed.

In relation to the above, if anyone have ANY critique or suggestions I am open for it. I am not very experienced in resume making😅

I'll take a look at it later, it's really blurry on my phone

Thanks a lot!

Gave +1 Rep to @stoic cave

Maybe these are more readable.

Try to get it to two pages max if you can. There's a lot of wasted space at the top of the first page, for example. Skills could also be in columns (although I question the point in having those in at all, personally), and whitespace between experience entries could be reduced.
I would suggest shoving skills down under experience at the very least -- ideally your experience should evidence the skills, in which case why include them?

Equally, don't add things if they don't add value. For example "turning dissatisfied customers into satisfied customers" says nothing -- it's just the expectation of what they job includes by default. Say how you did that and how those skills are transferable. That goes for everything else in that section too -- you need to show how each bullet point will be useful to the company you're applying to. Make every word count.

And remember that a hiring manager will look at the first ⅓ or so of the first page, so that's where you need to draw attention. The profile is a good thing to have in that space (which you've done), for example, followed by whatever you most want to draw attention to. For most people that will be experience, unless you don't have relevant experience, in which case education is common.

Three pages is a big no-no for various reasons (two at least can double side, three pages are just gonna get lost).

Alright, off the bat, three pages is too much. You should shoot for 1 page, which can be done by improving your formatting. Going from top to bottom:
-Don't put a position title for something you arent
-dont put your address
-don't put a personal number (website, job specific email, and linkedin are good)

• I personally don't like paragraphs, some people here do. I am of the opinion that if you want to write, write a cover letter
  -skills should be hard/technical skills. nothing soft so remover communication and fast learner. Everything you put in your skills you should be able to have an in-depth technical discussion for 20ish minutes.
  -Rename work history, Experience. have no more than 3 bullets per entry and try to relate your past experiences to the position you're applying to. Also, since you were in the military, you never actually changed employers. You should have the military as your primary bullet, the position as the sub-bullet and the unit or just the geographic location as the location. Not to sound too harsh, but your bullets leave a bit to be desired.
  -Education should really be accredited institutions, there is some wiggle though. I don't think that the NCO course belongs, at least at this stage, because civilians who aren't familiar with the military won't know what it is or care.
  -Languages don't need to be on the resume unless the job posting asks for them

Once you fix the formatting, repost, and i will give it another run through.

Thanks a lot! I will look at it today and hopefully reupload a better resume😅

Gave +1 Rep to @stoic cave

Thanks a lot for the insight, I will try to incorporate this in my resume today👍

Do you guys have any suggestion how to do show tcp/ip knowledge on your resume, like making something or anything to show you AXTUALLY know it?

Tcp/ip knowledge is not useful on its own, so it'll be hard to demonstrate, maybe something that requires it is possible, like writing poc's using scappy, or pcap analysis, advanced Nmap use also requires tcp/ip knowledge.

Ok ok, just asking because a lot of the job qualifications are saying that, thank you

Gave +1 Rep to @hazy turtle

Hey everyone, I came across this video and found myself agreeing with a lot of the points covered. Give it a watch if you're still struggling to find a job in cyber security https://www.youtube.com/watch?v=U2SOb7rQzwU

@stoic cave @undone shore I have now updated my resume if you would give it another look.

I was thinking of removing the short paragraph and moving Skills down so my experience is all on the first page. But I'm unsure as my last 6 years is not relevant to IT or security.

Looks a lot better to me. I would personally shift the skills down but leave the opening "hook". There are different schools of thought on that (that opening paragraph isn't as common in the states as far as I can tell, but everyone I've spoken to so far in the UK and Europe has found it essential). Up to you where you want to go with it, but it gives you a great opportunity to put in something to grab the attention imo

Experience is looking a lot better with the evidenced bullet points. That said, if you can avoid writing in first person, do. Again, not sure about the states but that's a big no-no over here. Comes back down to the whole "make your words count" thing as well -- short snappy bullet points are more impactful and easier to read than long form.

The gist of it is a lot stronger though imo

first person has no place in technical or business writing

Oh good, we agree with the Americans 😁

The other thing that's often requested over here are links to things like LinkedIn, your website, a portfolio, etc.
I would suggest using some of that blank space in the header to include those if you have them.

Agreed with Moose on not putting an address, although I would personally keep the personal mobile number. Makes you easier to reach if they want to speak to you synchronously. Again, different schools of thought.

you do? 🤣

Rarely 😆

Nah, there are some culture differences in this area for sure, but from what I've seen of y'all discussing it, things are largely the same.

yup

😄

except y'all like 2 page resumes over there

Yeah, it's weird.
Tbf, it's a "1 page if you can but 2 is okay"

our hiring managers are just too lazy to go past 1 page most of the time

That ^^^

We have the expectation that a hiring manager will skim about the third of the first page before deciding to read it properly or discard.

If they're hooked by that third then they will probably also read the second page. If not then you've lost them anyway.

so @worthy heron what are you goals

do you have tech experince, and do you have any type of degree?

no am just straing out of school

okok

straight*

i have exp in python and web developing

do you know what title you want to be

okok

i had a job to create a fished website

I dont recommend saying a crime in here

so I would delete that

rq

as a project

would you like to do offensive or defensive or both?

for cyber

under supervision of our cs teacher

okok

can we talk in dm?

go ahead

Thank you! I am from europe so I would like to fix the first person issue. But honestly I dont know how to rephrase the sentences really. Would you be able to give me an example?

Gave +1 Rep to @undone shore

Sure, off the top of my head with the last bullet point (AD):

Managed user privileges, group policies, and Domain Controllers. This helped to develop a fundamental understanding of security principles in active directory environments.

Most of them are a little more complex, but the same principle applies: reword it to be impersonal but still indicative of the skills you developed.

Alright, I think I get the gist of it👍

First point in customer service:

Used a thorough understanding of the product offering to answer customer queries quickly and efficiently.

Things like that

Yeah, thanks again👍

Np!

@undone shore I've done some more editing now 🙂

Now to try actually writing a cover letter as well

what's OT?

organizational skills**,** eager

ah okay

should be

an OT
then

Ayoooooooo

@topaz forge are you in the US by chance?

The reason I ask is because 'Robert Half Solutions' They are based here in the US and are a recruiting company that works like an employment services company strictly for IT people in the US

I was a bit weary at first of posting about this on here BUT when i received my second interview offer, I was actually surprised

Feel free to check them out and give them a call, I believe they work internationally. Their main goal is to get you a help desk role under the IT and Computer Science umbrella. Right now they are actively searching for another job and have another interview lined up for me. Sadly i didn't get this one and was beat out, but there are many others that Rober Half submits and refers my resume to.

www.roberthalf.com <-- not sure if i can post this link but here goes

Here's the resume I used. I don't have any certs. Feel free for any feedback anyone may have

I tried making it more intoned with entry level positions as I lack my certs there of

Yes, I'm in the US... And I've tried Robert Half... Can't even get anyone to take my call. I've even applied to several job openings that didn't require much experience. Ive also had people I met say they tried to use Robert Half for IT jobs and they weren't helpful at all... Waste of time.

Yo i had the same problem! So maybe try a different recruiter from Robert Half that is what I did and I ended up talking to someone else and this gal helped me out a lot. I just looked at their website and they are internationally. So what I can do for you is see if the gal that I am working with now can reach out to you ! I'm going to talk to her and send her an email tonight !

Cool, thanks!

Gave +1 Rep to @little reef

I'll be working security this weekend so if I don't respond right away or anything, that's why.

Not sure about it being a waste of time! I literally lost my second interview part because my background literally just got back yesterday and the company ended up hiring within

Already had two job interviews and one I failed because I didn't answer Active Directory questions properly nor did I know about AWS

AWS is my next project.

There you go! I'm going to contact Taylor for you and see if she can reach out to you

I'm going to ask her if okay for you to email her

She's actively looking for other jobs right now for me

Cool, let me know!

So I think you could do better here. One thing is, never use I in a resume. I think you could clean up your about me but also don't oversell your experience.
"IT professional with an interest in obtaining a cyber security position. "
"Understanding of cyber security principles and technologies including identifying, analyzing, and mitigating security risks"
"Actively developing skills through online learning platforms such as TryHackMe and HackTheBox. "

I would nix pretty much everything else from your about me.

For your experience, you only list Windows OS here. Is that primarily the experience? Any IOS or others?

And really I'd give you TheMuse link too to really try to figure out how can you transform some of your experience to sound a bit more... formal...
Like instead of troubleshooted/troubleshotted... I'd use things like "Analyzed systems to determine issues. Formulated a plan to remediate issues. ", etc, etc
https://www.themuse.com/advice/185-powerful-verbs-that-will-make-your-resume-awesome

and if you have any writeups of THM / HTB or other, I would definitely include a link to those as well.

Wow! That is insightful and worth reckoning! Going to redline this a bit more and repost here soon! Definitely what I needed to hear. Thank you tremendously

Thank you

Gave +1 Rep to @pseudo creek

and also your last job on there, you don't really need to list, guess it doesn't hurt but generally over 10 years isn't necessary.

Makes sense. Gonna remove. As well as HTB since I don't have write-ups on there just some for THM

Just use ChatGPT my friends

I think that should be a little more nuanced than just a downvote tbh.
Using ChatGPT as a tool to refine aspects of a CV or suggest improvements to wording/grammar would actually be really helpful in many cases.

Using it to just write the damn thing, not so much, but as a writing aide it's superb.

it could potentially but again if you don't know what a good resume or a bad resume looks like... and with ChatGPT's nature to make up stuff, you have to be cautious

I haven't tried to see how well it would do, but it might be helpful to implement the feedback you guys give here like "make this sentence impersonal and use an action verb" or something, of course not to write the whole thing

@topaz forge Just received confirmation. Okay to DM you deets once I get to my desk?

Sure!

which resume do you think is better? also, I'll be glad to receive any advice.

Hey Bullet! I tried sending you over a DM but couldn't (maybe due to privacy settings) I have adjusted my privacy settings so that you can send a DMs directly if ya like. I have contact info for you.

Says only accepting msgs from friends.

Go for it now

Will red teaming and pentesting still thrive as a job

Why would they not?

I'm from EU so I might be different where you live but I don't like the way your formated your CV. You can use "canvas" to make a decent CV without spending too much time on it. When you say, "I have used", it may sound like you spend only a few minutes or an hour on it and you don't have any handle on these "tools" and "languages".
Most companies in EU have no clue about "tryhackme" or even what a CTF is, so you will need to explain what they mean and taught to you. I find your "work experience" irrelevant to the job you’re applying to.

What about the second resume, do you think the formatting is better? By the way, this isn't a CV, and I added irrelevant work experience because I'm 17 and wanted to show that I can be in a workspace.

That is also the reason work experience is at the end, and since it's still one page, I think It doesn't hurt me

The one on the left is far better than the other

Look at the resumes on the left, then compare it to yours: https://www.canva.com/design/play?type=TACQ-j4WGew&category=tACZCki4tbY&locale=en&ui=eyJHIjp7IkUiOnRydWV9fQ&layoutQuery=cv&analyticsCorrelationId=5417813c-afac-45a4-9fff-3f0eed51d3fd

Which one? There are many

it should start to pick up now that cybercrime is rising through the roof.

competitive market, small-medium sized companies cant afford in house pentesting teams, cybersecurity firms dont usually hire tons of pentesters and if they do, its always a senior role.

Over here where I live the job market is pretty good, even with the layoffs, it all depends on where you are willing to work.

what're good things to focus on if i want to get into cybersec (say redteaming or security research) - currently studying communications engineering, learning on THM,
what should be some skills i should pick up, projects to work on during university etc.?

For awareness, both of the listed possibilities are more on the higher end of the experience ladder. If you're coming in with no experience, you're going to need to build that. As far as side projects, a Homelab is pretty much a must. Continuing with THM is good too.

Are you afraid of ChatAPT? 😄

i am 100% positive that Sysadmin, Networktech and Security will never not be sought after

you can heavily reduce the need for all 3 with automation

i hope we get replaced by ai

Is this dependent on the degree of education on certs? AKA if you have a masters/PhD in cybersec + certifications

is it any easier to get into it right off the bat or?

Oh and speaking on experience, you mean, experience on a job or?

I wouldnt say that

Mostly on where you live and what salary yo expect

Theres also issues where you dont get hired bc youre "overqualified"

but its more of a "your expetience is lower than your education"

Say if you lived in Thailand, or somewhere else where cost of living is low, being a bug bounty hunter is quite luxurious as even a tiny bounty of 50$ is alot there, and bug bounties also look good in your resume.

I just hope the automation costs a ton so I still have a job floating around small-medium sized companies

LOL 😄

not really, cloud environments have it built in, terraform / ansible can easily be done at the small scale

Do you mean like Cognito and things like that?

or security solutions and EDRs?

well I was talking about just automation in general, like CloudFormation and such, of course cloud services also have security services

like how you can basically build a server and deploy in minutes vs it used to take a week for a system administrator to deploy a server

or you can set up a network using SDN

mmmm i get it

especially with load balancers

Amazing it spins up multiple stuff to handle with the spike of requests then simultaneously takes them down after the traffic also dies down

In the old days, how was spike in traffic handled? did people provision multiple stuff with just the foresight that there might be some spike in requests

stuff crashed...

or you had to order multiple servers or possibly just started filtering out some traffic if you could

mmm, i get that

I guess the technology now is amazing, imagine being able to spin up a VM, then when theres high traffic, it automatically spins up other VMs to handle that

uh,,, so what is one even supposed to do then? there's no way to win?

it's a little discouraging

get IT experience like help desk, sysadmin, network admin, etc.

then ask for a certification like Sec+ etc.

I would definitely talk to someone who works in cyber in your country to get a feel for the requirements

I think the misnomer is, people think cyber entry level is well, entry level. For college graduates. Its not. There are people who do get in but theres a lot of factors that get into that. A lot of people do pivot to cybersec after some time.

Eh

that doesn't seem worth it especially knowing i could probably get a job as a network engineer though

Yep, that works

As long as its IT related

oh,,, so just have any IT experience lmao

nothing specific

that's funny but

fair

companies work in weird ways

that was weird. meant to just post one

If anyone would, could you please C&C this cover letter. I'm looking for honest answers 🙂

Is there a blue team equivalent to CTFs?

I would say CTFs also implement a lot of blue team challenges often. Forensics, Crypto, Analysis challenges, atleast I would consider those blue as well.

Huh, haven’t seen any Forensics ones, do you have any recommendations?

PicoCTF2023 had some, and a few Danish CTF's had them as well. I'm not sure if there is any current running ones.

You could try PicoGym however, they have soooo many challenges to choose from. And you can sort by category as well.

@undone shore @stoic cave I am specifically looking at you guys. Your input has so far been invaluable 🙂

Thanks! @south tulip

Gave +1 Rep to @south tulip

Honestly I think I've seen more CTFs with Forensics rather than without, so if you just keep an eye out on ctftime.org, I think you'll manage to find some that interest you (disclaimer I do not frequent CTFs so it might be just a coincidence)

I really appreciate the tip, I really need to get more experience in Forensics and Malware Analysis

HTB and THM has a bunch of incident response and forensics CTFs

so wait, if I want to do cybersec research, with hopes of getting into it as fast as possible (after finishing any uni related activities) what is the best thing to do?

and things to focus on?

Getting a job somewhere in IT, while still learning reaserch

I guess that's unavoidable, what are the thing to focus on learning it though?

You can do independent research

A lot of people do

Ok ok ok ok, right

that's helpful

is there any place i can learn more about things i need to learn though before getting seriously into it or?

by that i mean specific skills etc?

You can get certifications for specific ones

Lets say if you want to do offensive sec research, you can learn the fundamentals through the PEN200

A lot of people also do exploit development research, you can learn that through pwn.college for example

Cyber Threat Intelligence, maybe through MITRE's training

I believe the course is free, not the certification

You can do code reviews of open source products and see where there are vulnerabilities

okay that's perfect

just one more thing

as far as programming and other related stuff goes i should probably focus on web apps?

that depends on you.

You can look at certain libraries and see their vulnerabilities

Like for e.g., a pdf converter library and you see that there is some insecure deserialization vulnerability which can lead to RCE

Hmm i'm guessing i'm asking, is there something best to stick to in the beginning? Like a first step or smth

Stick to something you know.

honestly C/C++/Python rly

and mostly basic python so

i doubt what i know is particularly useful but idk

well i guess for now pwnchallenge it is

don't have many options rn rly

what should ı learn for being pentester

what is your current IT knowledge?

actually nothing ım a student of management information system students and ım in first grade

ı understand computers but ı dont know any coding language

build a very strong foundation before you think about ethical hacking... learn linux, windows, networks, protocols

study about automation and cloud

then you will be able to start thinking about breaching a system

yeah ı started linux ı can use sqlmap but this is my all knowledge about ethical hacking

how can ı improve my skills

where can ı learn

well, it's just my personal opinion, but: without knowing what you do, i mean really knowing the protocol, the network, etc. you can get yourself into trouble very easily

i'd suggest to learn the bare basics beforehand

what kind of basics can you give me some examples

which subject ı need to study for being a pentester

linux: build a server infrastructure with sql, http, php, cgi, firewall, ACL, identity management

learn to build a proxy

windows: learn about AD, domains, NTLM, events, event viewer, automation of the services

networks: protocols, terms and so on

thank you for tips you helped me a lot

in parallel you can play with CTFs

there are great rooms on THM

or you can go an look for some beginner CTFs

does being in top 1 percent help with jobs

Nope

Concrete experience through projects or work is what helps

top 1% of what
hackers? maybe

thm? nah

is the former provable? probs not

being in top 1% just shows that you are dedicated to learning, so i'd say it's more of a metric to measure yourself

lowkey

having a green THM is probs more important

gives you access to the advanced channels too

wait wait what does?

Being max level

OH DAMN

how much XP is max lvl?

!docs levels

you can totally get to max level with walkthrough rooms

damn that's a thing

wait wot

damn ok it's just 20k

so i'm more than 20% there

and they are totally entertaining

on THM, no, top 1% of hackers dont need to ask that question in here I dont think :)

Though the certificates you get on THM can help signal to potential employers you're eager to learn

People often have years of experience and exposure to environments before they move to that side of the house. Expertise in how things are actually done is really important. I don't think trying to rush things is a good idea. Learning on the way is part of the journey to the destination.

If you'd like to learn more about pentesting and ethical hack, #start-here provides excellent resources to get started.

On THM, no. The percentage is calculated based on the total number of users, some of which are inactive. Your actual place is more important. Top 50 would be impressive, but idk how much of an effect it would have on the resume. You also have to remember that THM does not count as professional experience, which is the most important thing.

Not sure if I like the format, I'll find one of my old ones as an example.
-Your greeting is too informal.
-Not a fan of "a little about me".
-Going to sound harsh but I don't need to hear about your family.
-Punctuation/spelling/capitalization/grammar needs to be reviewed. I understand you're ESL, but iirc, you had English on your resume so you'll want to make sure whatever you put forward is rock solid.
-"I'm hoping..." sentence is a no and needs to be reworked.
-Last two sentences should not be there.
-Signature is ok, but there are more business focused endings.

Overall, I think that you need to make it more professional. I felt it was too loose for a document that you're sending to a potential employer.

I suppose... It sorta makes sense too

is there any specific things i should look to expose myself to? certain parts of the field? (i mean the non security side)

being a sysadmin is usually good

anything else?

a developer role can get your feet wet with application security

network engineer/admin

any IT role can transition to a security counterpart for it

experienced professionals are hired regardless of their THM status 🙂

True, tho I got hired as a medior security consultant based on 1 year of doing it audit work in addition to grinding THM on top of 70+ hr thesis weeks

Do anyone know the best way to get your foot into the IT world like entry level or internship opportunities?

Are you in school?

Internships are typically for people in higher education, ie undergraduate or postgraduate studies. If you're not in school, it would be called an apprenticeship and those are slightly different.

You can also just apply to helpdesk level 1 roles as they don't require much, if at all, experience.

and as always, job requirements can vary widely depending on country

what country/region are you in and which field are you looking to get into

cause saying you want to get into IT is as general as saying 'i want to become a scientist' (this is not bad, just trying to zero in on your ambition)