#cyber-and-careers

But you have to be an associate of ISC^2

looks like it is 4 years + BS does ccount, I thought it was masters

From a realistic perspective, how hard is it to get a well-paying career as a pentester? What do I need to know to do so?

That depends. Do you have a degree or previous professional experience?

Pentesting is a niche field within Cybersecurity and Cybersecurity itself isn't an entry level area within the computer industry. It's going to, likely, require a degree, professional experience, certifications or a mixture of all three.

And is HIGHLY dependent on your location.

@stoic cave If you have advice on how to become a cybersecurity engineer or have any resources on the matter that you could redirect me to, I would highly appreciate it. Thank you.

Gave +1 Rep to @stoic cave

Everyone's path is different. I went to college, did an internship in IT while in school, and then was hired at a different organization after graduation. I joined the enterprise computing club in college, had multiple degree capstones, and a Homelab. All of these things can be put on a resume if you display them appropriately.

I've noticed that network security engineer and cybersecurity engineer are very very similar, if not the same?

I wouldn't say that

Falls under the same spectrum?

not really

network security engineer usually deals with network security devices

cybersecurity engineer is a broad title that can apply to a variety of different jobs, some orgs use it for someone who deals with security devices / implementations...

I would considered a cyber security engineer when I was helping internal customers design their environments to support their applications

In Mr Robot when Elliot says "I'm just a tech" 🤣 What does he exactly mean?

not sure but my guess from the context is that there are people that are techies (deal with the technical aspects) and those that deal with the business / management aspects

I agree.

I didn't think of it like that until now.

Elliot is a security engineer though, he could be a network technician though.

With his skillset, wouldn't surprise me if he was in the networking side of things

a network technician to me is someone who would deal with routers and switches

@stoic cave Do you have any certs?

Security+ is the only mainstream professional certification I have. I have some other job specific stuff that's really only for where I currently work.

🤔 🤔 🤔

What?

Nothing wrong with just having Sec+. Not sure what the 🤔 is about.

My first cyber cert was CISSP and I had been doing cyber work for a few years by then

Yeah, I got my Sec+ a year ish in to my employment

I purchased a voucher in college but then just procrastinated. Definitely would have made my job hunt easier

Me too. Took me 13 years to finally get around to it

I live in the USA. Started working in tech again within the last year. Current role is I.T. at a seaport. We'll have crazy crunch time, and then a lot of down time (like right now), i.e., paid to study.

Hired with no certs, just had taken some I.T. classes while they were free for me. "Green and trainable" is what the manager wanted from me. Right place, right time, no prior contacts in this industry.

Since hired, I picked up Certified in Cybersecurity from (ISC)^2. Probably will knock out a bunch of CompTIA: A+, Net+, Sec+ for starters, and then later on CySA+, Pentest+, and Project+. I have mixed feelings on all of those, but they do transfer over for credits to a cybersecurity degree at WGU that I'm interested in.

Hard for me to know what's truly necessary, I guess, but I want to get some experience, collect various feathers in the cap to get passed the hiring filters, and hope to keep moving towards credibility in research, malware analysis, and some bug bounty on the side.

So what do you actually wanna do? what type of cyber roles do you see yourself in? Does your company pay for training?

I would say you don't need A+. I'd also say Pentest+ and Project+ don't have much, if any, value.

Personally, I'd say get Security+, then look at some of the cloud certs (choose either AWS or Azure, either is fine). Then the rest of the certs would depend on what type of role you see yourself in. If your company happens to pay for SANS then score. If you are looking to get a degree, I would look at the SANS degree over WGU if you could.

looking for a tech co-founder

for what?

"world famous quartet looks for three additional band members"

Company will pay for nothing, unfortunately. SANS would be great, and I was looking at their offerings, but that won't happen at this salary. Perhaps some other time.

I am interested in working as a SOC analyst for starters. From there, I would like to see how I feel. I could see myself developing an interest in malware analysis, bug bounty, or penetration testing. Any of that feels far away right now from my current role, but it's a lot better than being an Uber driver, which is where I was last year.

Fullstack development

can you describe why you're looking for one, what it's all about etc.

i have a startup idea

need a full stack dev

you're not selling it that well 😄

To me it sounds he wants to split the money 50%/50% all he does is give an idea, and that's it, which is apparently worth as much as developing a startup on your own

yup, which is why he isn't selling it that well, we get to hear nothing about it

i will be helping in development and takiing care of marketing, sales outreach managment finance and all

and why would we join in?

tbh, I would say that you will not get any sales, if you're this dry... 😄

No issues

If you don't want to join

Thank you very much

but you haven't even told us about the product, why would anyone join in when you haven't told us what we are joining in on?

sorry only to that person who is interested

well, I am interested in hearing more about it

Thank you so nuch

Much*

Hi yes that’s me, shoot me a DM

the SANS degrees are definitely cheaper than stand alone courses. I think for SOC analyst, I'd look at the Splunk certs and possibly Cysa+

Why would u suggest SANS over wgu?

because SANS is considered top tier for cyber security, their certs are thought highly of. Only reason to really go to wgu is if you are trying to get that HR checkmark that you have a degree.

So ur suggestion would try to be to get a job that would pay for the SANS degree?

well yes but also GI Bill will pay for SANS degree and a SANS degree isn't much more expensive than any other degree

Gl bill?

that is for people who have been in the military

I'm having the same gripes about SANS lately. I'd love to do their masters after I finish up this WGU cyber degree, but they don't allow loans (federal or private - unless there's a private servicer I don't know about) and $850/m is just not gonna happen on 35k/yr

that said- if I'm STILL making 35k/yr after I finish this degree that's gotta be a "me" problem. These certs are worth something lol

About to start my Bachelors in Cybersecurity at WGU. Any advice? Anyone have success in attaining a job afterwards?

I wouldn't worry about a masters now. Get some experience and many companies will pay for a masters

Oh, the masters is less of a need and more of a want. I joke that school is my most expensive hobby, since knowing myself I'll be in it forever. Hell, this cyber degree is my second bachelors, and the year between my first and starting this one I was miserable. I'm addicted lol. I am in the field already though, so getting a company to pay for it would just be a plus.

I got a job shortly after starting the program with just the ITIL and A+. Essentially helpdesk for some specialized hardware, but getting a job in the field is already not an issue. I'm just hoping getting one that pays well will be easier when I've graduated.

My best advice is just to accept the grind. Lots of memorizing, lots of making yourself focus on boring things, lots of eye rolls and deep sighs (if you're me lol) but if you can remember to appreciate the ability to accelerate and lack of assignments, you'll do fine. Since so many classes are just passing certs, youtube is your friend. ALWAYS read reddit guides for a course before starting, it can save you weeks of studying.

yeah but the thing is... if you don't have experience in IT / Cyber, a masters can actually hurt you getting a job

I'm already in the field.

ahh ok solid, then try to use whatever tuition assistance your employer offers and have at it

https://tenor.com/view/hell-yeah-brother-hulk-hogan-nodding-hogan-gif-24483409

Good idea. 👍

Guys is being involved in IT sec (like doing CTF/having own projects going) important in getting a job in the field? I'm on the verge of getting an IT sec masters degree, but I'd rather not have anything to do with it when I'm not at the job.

Thanks Tim!

Gave +1 Rep to @distant pier

It definitely looks good for your resume or to have a portfolio

hello everyone, I was wondering if I should include on my resume that i'm currently pursuing my sec+ and net+ through a accelerated course. is this allowed or would it be unnecessary since I dont officially have it yet ?

there is no right or wrong

Thank you for your input!

Gave +1 Rep to @craggy seal

of course 🙂

I wouldn't, unless you have already scheduled the exam and expect to pass either before the interview or very shortly after, but I don't think there's any rule against it for comptia. I know with CISSP you can't mention it.

thank you sm

I'm choosing career path for this fall, what do you guys think pays best / has the most attractive career path?

Cloud & infrastructure specialist
Information securityspecialist
Backend developer
DevOps engineer
Fullstack developer

Pick whichever you get the most enjoyment from

Right now I'm too green to know, but I still have to pick a topic 😛 what would you pick?

I'm leaning towards information security / network administration but I have no idea if I will like it or not

How do I get a cyber security job

Do you have any prior professional experience? A degree?

No just starting on thm

You're going to need to build your professional experience or obtain a degree. A common starting point for those looking to get into Cybersecurity is IT. Helpdesk level 1 roles don't require much in terms of qualifications to start.

If you have the means to obtain a degree, I would consider it. Those with degrees get paid more than their non-degree counterparts. With a degree you also have access to internships and the ability to skip experience requirements, in some cases, into a Cyber role.

I would have to start at help desk and work up

good thing about starting with help desk is that you see all the wild mistakes people make regarding their security in the wild, and we're not talking mock-scenarios but real data that people are utterly careless with

I'm very careful personally

what certificates would I need for helpdrsk

None. Helpdesk Level 1 is absolute entry. I wouldn't expect anyone to have certifications at that point.

So just apply

Correct!👌🏽

Yes, but for some help desk jobs comptia ITF+ or A+ can be useful.

After googling it it seems that there is no tech companies where I am

Some will require A+

That's easy though right

what country are you in?

Murica

are you able to move?

I mean I'd look at nearby cities see what jobs they have, you don't have to work for a 'tech' company per se

No I don't have any money

how far away is your nearest major city?

I mean when I started, I think I had saved up something like $2k which went all to a down payment on an apartment and I had a loan for a car that was secured by my job offer... (and I moved to a pricier area)

This is the only job I found and it's an hour away

I would apply! Do you have a car? any way to get there?

should ask "Did you Google?" how far he drives, I definitely had a few years where I had to drive an hour each way

I don't know how to make wifi accounts

they can teach you

It doesn't mention training here

ok then don't apply

but any job will provide some training

Should i get this a+ first

I drive 124 miles each way for my job, if the position is something you love doing.
and it doesn't hurt asking if they take in unsolicited applications for a junior position where you can get taught

i'll just say that if I only applied to jobs I qualified for, I would've never had a job

Well it says this position is responsible for all technology

me too

basically if someone puts out a job listing, it is a wish list

no more truer words than that

Is the a+ test hard

dont sweat it, i'd say you dont even need it

I'd work towards getting it though

but not every entry level help desk job will require it

but if they're paying out of pocket though...

still... I mean without a college degree, you need something to show on your resume, and lots of companies will require A+

that is true

is there a govt certification in the US for tech support

or vocational school

nope, and vocational schools are usually very $$$. Some community colleges will have vocational programs

and most states community colleges are also $$ so loans are usually required

😱

like I live in one of the few states with free community colleges

My community College is like 7k

damn everything sounds expensive over there

pretty much, if you don't live in a state that values education, it can be very very expensive

Are people really this dumb?

one of my simulation questions was a lady didn't know what a ROUTER is

like what

if you don't do networking / know networking, yes you may not know what a router is

wow

PS, compassion and understanding is something you will want to express in any customer service role... which IT (cyber included) is at its heart, customer service. If I was a hiring manager and I heard you say someone was stupid for not knowing XYZ, I'd automatically disqualify you from a position

Of course I wouldn't say that at work lol

You'd be surprised

At work, I try to assume nothing. A lot of the requests for service I get from people in the office at first sound catastrophic: "the database doesn't work at all, all of the cameras are offline, no clerks can perform their job because there is no network audio", or something like that. It usually turns out to be something simple, like someone not using their correct login, or using a faulty configuration.

Definitely best to never mock a user's knowledge, even if it feels like a simple or avoidable mistake. With I.T./field tech positions, I feel like most of this job is learning how to talk to people that don't understand computers, and a smaller part of it is actually understanding technical problems.

Computers are so abstract; a person can spend twenty years behind a keyboard and never know any command prompt or terminal commands.

It's this kind of attitude that will kill your career in any IT role, not just helpdesk.

Keep in mind that everyone has a different background, and it's best to not assumptions of competency or knowledge especially when dealing with triage and tier1 support.

Any advise for someone who wants to switch his domain from technical support engineer to pentester or security researcher?

Hey guys, I am currently looking for a position as a SOC Analyst or a Junior Penetration Tester, does anyone know of anyone hiring for those positions atm? I'll be graduating this month with my Bachelor's in Cybersecurity. I would appreciate any advice.

It is possible

hello

Hello 🙂

are u fine would you help me out in ethical hacking

@tacit bobcat

Is having 2 simultaneous jobs bad from a resume standpoint? Like does it look like a red flag for an interviewer

Why would it?

Well, off the top of my head I'm thinking less commitment time on their side, non-compete problems (but this is more of a legal issue)

If you have a good enough reason for them I don't why not.

I have two jobs on mine, but then I was at one job for > 10 years.

That person would be more prone to burnout in that state then they don't wanna deal with those types of situations

Can you add up the cumulative years of work experience if you work two jobs simultaneously ?

Can you add time if you run two stopwatches at the same time?

You could 🙂

please i need some one to help me learn ethical hacking

You can go to #start-here. Has all the information you need to get started.

So, I don’t have a background in IT. My background was in healthcare. I worked as a medical assistant for 22 years.

So far, I’ve completed Complete Beginner Learning Path, CompTia Pentest+ Path, and I’m about to complete Junior Pentester Path. I know I still have a long way to go.

I’d like to know if this is enough to move forward with filling out applications, and send out my resume, to potential employers. I’m looking for an entry level position as a Pentester.

If not, can you share with me ideas that may help me finally get a job in cyber security?

You can start by subscribing to Try Hack Me’s platform. Start off with the Complete Beginner Path.

Hi everyone, is it possible to receive any feedback on my resume? Is there something I need to change or could improve? Thanks for the help 🙂

I would move the work experience above certifications and education. Also, not clear what role you would be targeting. It’s not terrible, I would assume you are looking to stay in IT Security, it does seem to try to loosely match many different security roles, which could work against you.

As someone who's played with ModSecurity, I wonder if that's big enough to be a project? It's pretty quick to deploy with CRS. Probably the same with the Nessus if that's at home, as it's straightforward. Siem and IDS also, they just plug into each other, plus a span port?
I'd want to see something a bit more involved or more detail if those projects were more involved

I'd also put AZ-900 in the certification if that's the azure one you got

A complaint from my boss when we were hiring recently was that a CV had nothing about you, what you're like outside of work or as a person

As someone in the US, that is such a weird complaint to me. We view resumes as a way to decide who to interview and then we ask interviewees to tell us about themselves. I don't know if Canada is the same but I've definitely seen resumes from Indian and Middle East where it seems like it is expected to put hobbies and interests on a resume / CV

I get asked to talk about myself, even though it's all written down.

"we have seen your detailed profile on LinkedIN, now send us your CV too"

I don't wholly disagree, we used the resume as a starting point including personal interests.

Only exception I think of is interns but like if someone crochets, mountain bikes, enjoys video games, etc aren't things I expect to see in a resume nor would influence on whether we would interview them.

yeah, I see it as showing well-roundedness and a place to start the personality interview questions

I also see it as a way to introduce bias so I'll say I'm wary on it for that front

are you looking for job roles? I don't know of any sites that talk about entry level roles specifically, there are a few that discuss IT / Cyber roles

Yeah … Job roles

this is from the US Gov but they have worked to define various speciality areas and job roles within those areas https://niccs.cisa.gov/workforce-development/nice-framework

Can I apply from the UK

these are generic roles, not jobs. Are you looking for open positions?

Yes … Open positions

sorry I'm not aware of sites that list open positions in the UK

Oh alright … Thank you

Someone's mentioned gradcracker before

are there any entry level roles? im working on my Comptia Sec+ and Pen+

You guys do know linkedin exist right?

cyber security is dead

linkedin is dead

Lol, so what isn't dead?

devops is alive!

Check #jobs-board for job listings

So is cyber security, and linkedin..

https://tenor.com/view/hot-take-uma-dose-de-vitamina-c-podcast-luís-manuel-nelson-pereira-gif-25679813

Hey everyone,

I've been in the bug bounty and pentesting field for the past 5 years working with the largest card provider. Although my employer pays for my certifications, I'm looking to learn and pursue new things. I'm currently torn between two options:

1. The red teaming path through cert-based learning, which includes CRTP (in progress), OSCP, CRTO, and OSEP.
2. Career transitioning to DevSecOps, which involves CDP, CDE, and CDL (practical DevSecOps).

I would really appreciate any suggestions or advice on which path to take. If you have any personal experience in either field or certifications that you recommend, please let me know. Thank you in advance!

Hey everyone I was just wondering if there is a way to add your TryHackMe certificates to your LinkedIn profile and if it is worth putting on? I figured it was considering it shows an interest and a skill learned in cybersecurity. Trying to build up my resume so I can get my foot in the door as a SOC Analyst. Recently finished my cybersecurity school from Thinkful and getting ready to take my Security+ exam soon too!

You can make a post about getting the certification of completion, but try adding value to the post.

You can download them, then upload them manually on LinkedIn.

Oh, I though he asked about it in the social sense, not the in technical sense

I assumed they meant with how you can directly share badges/room completions to LinkedIn.

Yeah basically upload it to LinkedIn. I’ll try on my computer if not I’ll atleast mention them on it. Thanks a lot!

Gave +1 Rep to @broken idol

Has anyone taken CCT and how would you rank the cert?

which cct

EC-Council CCT

Generally EC-Council certs are only useful in India

that is true of CEH, i'm not sure the other certs they have are of value even in India

👀

Has anyone here applied for jobs at Tryhackme? 🤔

hello everybody my name is yassine and i'm a beginner in this domain and i wanna share my humble plan or roadmap:
compTIA A+
CCNA
Security+
eJPT
are this roadmap is verry comfortable to be a cyber pro??

what is your overall goal? what country are you in?

i'm from morocco and i wanna to be a big ethical hacker

i have a 16 years old!!!

your best bet is to find some one in your country who is doing what you want to do, sometimes you can find others in your country on LinkedIn.

yes i know but i prefer the americans because they are better than moroccans ,also for developp my english

the best certification free for blue team?

everyone with the staff role

3alam khour

hhhhhhhhhh le vérité 3chiri

English only, you know this, because you've read the rules, right? @clever topaz @olive bramble

okay okay

It's my personnal opinion but the "compTIA A+" and "Security+" are more aimed toward noobs who have no prior knowledge in IT. In EU I would not waste my time on both cert.

Hey @quaint flare --- just pinging in channel in case you don't get new-DM notifications (I turned them off a long time ago, had too many)

(for future mods bc going offline: see #jobs-board post that says to DM -- not unsolicited)

I just want to say, thank you THM, I scored a SOC position thanks to THM ❤️

#jobs-board or from learning on thm?

learning and putting my THM profile on CV

nice. even if you don't learn a damn thing, thm/htb/etc are good conversation topics at the very minimum

(not saying you wouldn't learn ofc, just more than one benefit)

able to talk about CTFs and stuff, something to build a rapport and sound normal and productive lmao

did you do any certs before hand?

nope, I do hava a lot of work experience tho

not in infosec tho

hmm may i ask what exp?

2 years command center, 1 year python dev, 1 year linux admin, 2 years cloud engineering

god damn thats huge exp

congrats man you deserve the job

would you advise people getting some other exp(like with cloud) before getting into soc or other cyersecurity ?

oh cloud is for sure useful, especially since everything is moving towards could

Do you mind me being in touch with you, I won't bother you much just a few question from time to time?

sure, feel free to add me

but it's so necessary for know the components of the computer and the basics and secure yourself

Congrats! Very impressive experience. What was your first IT job and how did you get in without certs or exp? I'm trying to get my first IT job. Leaving retail after 20 yrs. I have an ejpt v1 cert and working on my compTIA A+ just to get in the door. Any advice how to start?

yes, first job was Command Center in IBM where I got recommended by my friend when I was 19

Have a great day people !

Hi all, I'm going to graduate in CS (Bachelor's), what path is the best to follow in Europe? Comptia Certifications are not the way right?

I think I'll study at least the exam topics of these, without paying for the exam

The CompTIA books are worth reading for whichever topic you want to cover and freom an elementary perspective, having Network+, Security+, Linux+, CySA+ etc can be good to demonstrate a basic comprehension of a topic. Having the Security+ is a widely recognised HR pass. Also OSCP, CISSP and a few other certs are widely recognised in the cybersec field in Europe since there's a lot of US orgs in Europe and a lot of European orgs associate quite closely with US practices, along with European regulations

hey

need help with Blueprint

room

For help with THM rooms, #room-help is the best place to receive assistance

thanks

Thank you for these info.
After the degree, my plan is to study for A+, get the CCNA cert and study for Sec+

Gave +1 Rep to @rugged delta

A+ is a very basic certification about how computers work and what the parts are and what kind of parts you generally find in a computer these days. If you have a degree, it's not really worth your time unless at that stage you don't know what computers or operating system are... The A+ is really aimed at people who want to start a career in the computer industry (like getting a call centre job) but who don't have the means to take a college course. Look over the Professor Messer content to see if there's anything you don't understand

The CCNA is a great certification to show you really do understand networking skills to a practical and entry leve professional extent and so you could potentially configure/troubleshoot basic routing/switching queries so it's definitely worthwhile.

Sec+ is absolutely widely recognised as a gateway into the cybersecurity industry so would be worth doing

Perfect, looks like i made a good plan. Wonder when would be the best time to start using THM. After these certs?

Start using THM as soon as you feel ready. It's quite different to just studying for a certification. It gives you interesting lessons in all kinds of computing and cybersecurity skills, as well as the joy of hacking from the perspective of a new starter hacking as a hobby or for fun all the way to preparing for certifications or just for fun. There's lots of objectives for casual hacking, whether it's for fun, learning, CTF (Capture The Flag, a type of hacking game) or realistic or exam-like scenarios.

THM lets you hack systems that, in the real world, could land you in serious legal trouble so you can treat it as a fun hobby or something with career potential or both, like many ethical hackers

Nice! Thanks for the replies and for your time

!docs verify

Consider verifying your THM profile with discord. Instructions in the above URL. Enjoy your journey

Any tips how to find some IT interships in EU?

You just go onto job sites and search for internships. Most of the time, an internship is intended for someone who is close to or in the process of completing some form of specialised training (college/university/trade school etc) or has recently completed some form of educational pursuit in the field and is well versed in the profession, perhaps even possesses many of the skills of an entrant into the profession but needs to refine their skills before being considered fully employed.

If you're doing a course of some kind, they'll possibly have an internship program that can facilitate with resources/advice etc. One thing I'll suggest is to only take a paid internship, not an unpaid one. They want you for the skills you have in order to shape you from a student into a professional. They should pay you like one.

I am during my Computer Science degree, I sent a few resume during last few days, do you have eventually some tips about my resume, or recrutation process?

You have in pinned messages CV tips, info and help in the discord

Okey, thanks

[newbie Rant - question from a studentt]
I am starting off investing time on THM, now on carreres in Cyber and now its asking for subscription. Should I try out the available free stuff first or go for the subscription?
I am a student so ofc the 6 something pounds matter to me ^^

stop copy pasting

Well if u cann give me link to a similar thread or an answer, would be nice

i apologise for quick commenting

Would be interested in the same question. dm me and maybe we can connect. Would you advice me (student to student) to take up the premium or try the freebies on THM first?

actually i entered into a random cahannel upon entering some random command and i just saw you type for a sec and then booowallah you sent a 3 liner

had me quessing

3 lines so that maybe its easier to read. I myself hate reading long lines

Hey, you're not a mod. Please don't try to be one.

Anyone got any advice for the CRT?

I would try the free rooms, eventually you may feel limited, there are some great subscriber rooms

Can I add you up too wouldn't bother you much?

feel free

Hey would you guys mind rating my resume?

And im looking forward to getting a remote soc level 1 job. are there any other platforms except- linkedin & indeed where i can apply for remote soc entry-level jobs. And how much are the chances of getting called into an interview with these skills mentioned above.

even if i get called for an interview how much salary range should i expect?

im willing to do 3 months of internship just to gather experience.

thanks in advance

N.B: i dont have any academic degree

heres the pdf incase the image isnt visible

Ah, you done Dante.

“Courses completed but haven’t attempted exam” is kinda useless

yeah was preparing for the cpts

Also, not the best idea to post your email address on here. Just a tip

Number 1 problem with this resume for me is that it’s just a list of courses you’ve done without anything to show for it, outside of Throwback and Dante (and a lot of people might not know what those labs are by name), and then the Cisco certifications.

i do have certificates of completion of the courses it seems useless to put em there

Employers don’t care about the courses you’ve done tbh. outside of experience they care about your knowledge and legitimate certifications

and there arent a lot of practical things available for soc level 1 related jobs

Make tangible projects with the knowledge instead of just saying you completed the courses. Write a full pentest report for throwback or something. Make a homelab and put some documentation or automation up on GitHub. Do some malware analysis.

thanks

There are plenty of things out there that you can do to make the things you know sound stronger on paper

would you mind suggesting me some projects that might help?

• Full pentest report for Throwback or another lab (if they allow it)
• Homelab with stuff like Splunk or ELK in it, with documentation
• Malware analysis of some new samples circulating
• Rewriting a broken exploit from exploit-db into something more usable
• Writing your own C2 implant or just a meterpreter-style shell, bonus points for YARA rules with the project
• Making and hosting a blog website where you can post write ups to challenges and teach others about stuff you know (not just copying and pasting THM answers like 99% of the ones I see online)

I could keep going but I think this is a decent start

Reports/write ups showcase technical and communication abilities, homelab is a practical showcase of your understanding of networking and common server applications (e.g. web service, Splunk), and code projects on GitHub show some level of development skill, which is nice to have in any role.

thanks for your suggestion really appreciate it

Any ideas how to recognize your path in IT?
I thinking about:
-software developer
-some stuff with Network
-cyber security
-some stuff with GNU/Linux systems

Maybe this questions seems very dumb, but i cant recognize on which field i can focus, co im learning all of it at once 🙃

Are you in college?

Hello, is it a good idea to get a software tester job for some time before becoming a penetration tester?

Hi! I am about to have my first ever proper job interview (previously only had interviews for internships) and I am not quite sure what to expect. Some details:

Its for a junior penetration tester position with a very large company.
This is all in EU.
They are only asking for a degree in Computer science or related field, master and professional certifications are listed as advantages
No working experience requirement - which is good cuz I don't have any, not even previous internships (thx covid)
I graduated with a masters in computer science (previously did a BSc hons in cs as well) took a break and then self-studied using tryhackme (was recomended by the professor who taught the cyber security module)
Its gonna be a remote video interview (if that matters)

What should I expect on the interview? What will I be asked and etc?
I tried googling info about penetration testing job interviews and a lot of them say there might be practical tests. But I am not sure if that would be the case here considering they pretty much dont expect any experience in the field.
Also most results in english show info for US and I am not sure how it might differ for EU.
Thx in advance.

Yes

Thanks 😄

Gave +1 Rep to @pseudo creek

What year are you in?

😆

给力

Second

Any one have idea about how to find internship remotely in cyber security. On LinkedIn I am not able to find any proper opportunity.

Remote internships aren't common, for fairly good reasons

about this

do u guys think this is the right order to take certs:
CCNA —> Security+ —> OSCP

i wouldnt get CCNA if youre not gonna focus on anything network related

Pentesting (outside of webapp) is cery network related. There's so much market share for cisco devices, employers like it.

I get that but I see certifications as a way to build value in your current job or next one

Yes. Ccna does that.

Yeah, if one is applying for a network engineer/analyst something role

or something that dabbles in networks

Nah, I really disagree with that, as do many employers.

As a pentester covering infra, you goyta know routing and switching and networking

Popping network devices too

Isn't that also possible with just pure studying and hands on practice

yes but so is everything

you don’t need osed to know how to exploit dev

but it proves to an employer that you know how to to a certain extent

nor network+ ?

i get it now Thanks @quick forum

Gave +1 Rep to @quick forum

i think that it's important to take it in my country, they don't really like when u say i only know how to exploit web apps as Ninja said, i would rather take it cause maybe one day i would switch to a Security Engineer which requires more knowledge about different areas right?

@wooden tendon Can u please help me?

i need to know if it's important for me to take CEH/ CCNA , i'm currently preparing for Security+ and after i would take OSCP

idk if i would be losing some important info in CEH

as basics

Yes many thanks for ur response ❤️

Currently at work on a short break so I wont spend a lot time discussing it rn. But from a technical perspective CEH is dunked on by most industry professionals as not being worth it. I wouldn't get it unless specifically required where I live.

sure i will be waiting till ur free

CCNA I dont know much about tbh.

kk, just CEH is not necessary to take before security+ and OSCP right?

cause i feel like i would be missing some info idk

But I think if you do sec+ and oscp, you get a job and the job will help guide your progress from there

I did OSCP without any priors

Was enough

Amazing

Well thank u so much ❤️

Gave +1 Rep to @wooden tendon

Be curious, learn lots. Your mindset and research will make the difference

I go back to hacks now 😄

gl ❤️

CEH doesn't really teach you anything you can't learn through actually learning penetration testing and doing the OSCP. Unless you live in a place that values it (India and some East Asian countries) or it's listed frequently on job posts. EC-Council has tarnished their reputation with their past inappropriate and misleading behaviour. It's a very expensive theory-based exam. The practical is a very expensive practical exam that penetration testing teams don't take seriously.

Skip it and go OSCP if that's in your budget. Or else get the HTB CPTS or TCM PNPT or Zero Point's Red Team Ops certs or a combination of a couple of those as they seem to be getting traction in the community in various ways

K thanks alot 🙏🏻♥️

Gave +1 Rep to @rugged delta

hello

any one available ?'

If you have a question to ask, it's better to just ask it here. People will answer it when they get a chance

suggestions for a roadmap in security

It really depends on what you want to do or what you already know/understand. The books I suggested to you in #bookclub and the content on THM are great places to go. It is a journey, a career path, with lots of different opportunities. You might also enjoy some certifications for Linux, Windows, Cloud, Networking etc on your journey.Take your time and be curious

thanks very much

Where I can learn practical with full understanding? Is there any platform available?

Practical what?

Practice penetration testing or pwn or reverse engineering or misc operation with fully explanation how to do and why do that way..

tryhackme.com/hacktivities

and go to Practice.

Sorry sir but I want any opensource resources

Then make your own, if you aren't using and aren't willing to use TryHackMe this is the wrong place for you to be.

Hey guys, I'm applying for some opportunities in the cyber security domain in my country, and I recently prepared my second resume, added an experience, some skills and a project section, this time I want someone who can R(oast)eview my resume and provide me some guidance if possible.

Thank you

I would personally ditch the paragraphs of information and replace them with bullet points and not write in first person. Another point I would consider is to not "talk down" your projects like you do the GrammarlyAlternate one. "However, it doesn't work exactly like" doesn't feel right to me in a CV/resume

If you can post it as an image and not a download, you'll get more eyes on it.

Any recommendation for basic DevOps courses?

And maybe recommendation for DevOps cert

Yikes got booted from the “learners institute server” for sharing a cyber security scenario that is difficult to defend against. Anyway. The guy seem like he kicked me after mentioning a DoD tool called “Yellowjacket”

Dunno. I guess I’ll keep my creativity to myself

Most traffic analysis issues are hard to defend against

All I needed for this scenario is a Rat box and remote access hunting camera

SMH. People are easy to hack. You don’t even have to break the law

The best hacking tool in the world = Being a nice person

wat

wat (2)

wat (3)

ok y'all stop, this is the #cyber-and-careers channel,try to keep it on topic

Hello i wanna ask question i am currently living in 3rd world country so,i don't even get electricity 4 hr a day.And,i don't think there are many cyber security jobs either.what i wanna ask is i am planning to take at least ejpt exam and one of isc2 exam after finishing next 3 path in tryhackme.did that make me get at least intern ?or what do i need more to get at least intern or jr pentester.Thanks a lot for giving ur time by reading this

If you're starting out in cybersecurity, I would suggest skipping the ejpt and going straight for OSCP if it's in your budget. If it's not, you should consider the HackTheBox CPTS and/or The Cyber Mentor's PNPT and/or Zero Point's CRTO I & II courses.

If you're going for ISC2, the mostly widely recognised one is the CISSP. If you pass this, you need to demonstrate 5 years of cybersecurity experience in multiple domains to have the full certification. If you're a new entrant to cybersecurity, ISC2 provide the SSCP. The CompTIA Security+ is equivalent and as widely known or moreso than SSCP as a beginner cert.

You should consider verifying your THM profile. Follow the link here:

!docs verify

Perhaps take a look at the Tribe of Hackers books by Marcus J. Carey. They have a series of interviews with cybersec professionals in different branches of the profession on what might help you the most in your pursuit of a cybersec career

If you want to get an internship

Oscp is nice

But what makes you get the internship

Is documenting your learning process
Show that your committed to learning more
The sites are great as some give badges for your linked in I think

But don't get to caught up in what cert you need the most important part

Is being proactive in your studies
Using your boxes as a means to get your documentation down

These things also help

I really need help in finding a path in cyber

I'm in my first year university in Canada

and I'm currently taking computer science but I want to change degrees/universities to something more cyber focused, but there aren't very many good ones

honestly computer science is usually the best degree

Should I continue in that?

I personally would

I strongly recommend it

Computer Science will give you the math background to understand everything you'll touch.

I would recommend you be sure to take electives in databases and networking for sure, if there are security or security management electives, take those too

I don't know about Canada, but Cyber degrees tend to not be consistent and seem to focus too much on specific tools which may be out of date by the time you get out of school

A software testing class would also likely help a lot

because there's a lot of crossover between software testing and security

very similar mindset

Ok, thank you guys a lot. This makes my decisions much easier.

The more math you have, the faster you'll advance as a general rule.

People with less math understanding end up doing the more routine oriented jobs, from what I've seen

Being good at discrete math and understanding how to formulate a proof go a long ways towards being convincing about the necessity of certain things; IMO it's much easier to make the emotionally convincing argument, so I spend a lot less time learning rhetoric oriented towards that side.

I'll also throw it out there that Zojja actually has a security role, and I do not 🙂 So any advice she chooses to share should be given more weight than what I have to say

Just another question for after the undergrad, would I need to take a masters to focus the scope in cyber or are there jobs that will integrate me into that field after my undergrad?

No, both of your feedback are so valuable thank you so much

Gave +1 Rep to @flat sedge

I wouldn't do a Masters in Cybersec at all.... If you are going to do that, I would wait until the company pays for it

It's a value add for them, because they can sell your MS to customers or to BU, you will likely have some requirement or equivalent on your promotion path

the only MS in Cyber I would value out of the gate is the SANS one. All the others are academically rigorous at best, but light on practicality

I see, just a final question what would be the kind of job/company I should aim for after an undergrad degree to integrate into cyber

While you are getting your degree, find internships

internships are the single biggest hiring decision factor for recent undegrads

or an IT job at your school works too but internships are even better as they are an 'in' to companies

Yes

Even if you don't land a job with the company you intern for, it's very valuable to get the 'corpo lite' treatment

otherwise it's such a huge cultural shift going from academia to corporate shillling many people struggle until they figure out how to flip that business monster switch

I can't thank you guys enough for the advice, this helps so much!

Hardware start with repairs
Network start with laying fibre cables and setting up networks within a isp
Systems - try help the schools it teacher manage the network and systems

It's all little steps part of a bigger puzzle

Due to IT & Cybersecurity being so large it makes it very difficult to decide where to sink your time & resources into

I think maybe take a step back & try mind map out the cybersec field so you can understand yourself

As people brreak into this industry

Web Dev
CS Degrees
Network Engineers
Hardware Engineers
Recovery Specailist
Sys Admin
Software Engineers
Android & IOS

But each role plays a crucial part in certain fields

I found that this was very very useful

Azerialabs

The labs mainly does ARM Buffer Overflows which is android and IOT devices

But their are some rights ups that are really good

https://azeria-labs.com/the-importance-of-deep-work-the-30-hour-method-for-learning-a-new-skill/
https://azeria-labs.com/paradox-of-choice/
https://azeria-labs.com/the-process-of-mastering-a-skill/

Also try figure out the "field" that your certification your pursuing is taking you

For example

The most popular offensive security certification is the OSCP

However a big part of this focus is around networks

They have other exams which are focused on Web Apps

& other for windows exploitation

Its much easier if you have a goal whether its a cert or an exam to follow

Then you can see what skillset areas need to be filled & focused on

Because cybersecurity is so large

Doing abit of everything is good

But at some point you need to focus on 1 thing

Please avoid posting walls of text.

No problem I shall do so

I'll try summarise my posts in future

It comes across as preaching and is not a preferred way to interact with others in the community.

No problem I'll try summarise and focus on the main points

Just trying to help others

Imagine everyone following this approach, it will destroy actual conversation. 🙂

also it helps if you focus on the questions they were asking, not generic stuff

Just an FYI, in order to get an internship you typically have to be in an undergraduate or postgraduate program.

And it doesn't sound like they are in one.

An apprenticeship would be more what they are looking for or an entry level job in the computer industry. Something like helpdesk in order to build that professional experience.

also for someone that has power for 4 hours/day probably 1) OSCP is cost prohibitive and 2) would be impossible to take

Yeah

What would be a starting postion for me to get into cybersecurity but on the healthcare side cause I know help desk is one route given how most people start in the cybersecurity industry but I was wondering when applying for jobs like how should I search it, in terms of key word essentially I want to do something in the healthcare side of cybersecurity

I mean if you are in the US, you can search for cyber security and HIPAA, not sure about other countries

I'm based in the US yeah I know about HIPPA and such but I was wondering if you or anyone know like how to get started in Cybersecurity but on the healthcare side

If not no worries

Do you have any previous professional experience in the computer industry? You can also search by industry on LinkedIn definitely and I believe Indeed.

I don't have any professional experience previous. I'm just getting started

Do you have a degree?

Would a healthcare help desk or healthcare IT Help desk would work

I have a high school diploma and will be getting my associates degree in Cybersecurity in May

Hello

I don't have enough budget and i don't think i can pass that yet i guess i just seriously started my cyber security journey like 3 or 4 months ago so i am totally beginner but i kinda feel like i am progressing alot by learning from tryhackme so rn i will have like real world experience intern/entry lv job/jr pent etc.as long as i get experience i am fine i guess.and i am currently 3rd yr in cs degree and it become hiatus cuz of some political situation in here.I heard if i can get some cert i can apply for intern.That is why i wanna take some cert exam for beginner/advance lv

I cannot speak to the efficacy of an associates degree, maybe juun or Zojja will have some more insights. Based off my current knowledge, and this is an assumption on my part, I would presume that it would not fully check the degree box for some employers. Healthcare has extremely strict regulations and as such, they will be looking for individuals with the skills/experience to match, especially in Cybersecurity. Helpdesk is an option as little to no prior professional experience is required. If you're wanting to move into security, it's going to take a while, and I would recommend getting Security+ as a start. Is there any particular reason you're silo-ing yourself to just Healthcare?

I'm not sure if your situation is different employer wise, but requiring thing such as certifications is uncommon for internships. You are not expected to know anything and it's designed for you to learn while working in a professional environment.

Yes I'm planning on doing a minor with my bachelor's degree once I Transfer to a university in July. I always had a passion for health care and I just wanted to broaden my Cybersecurity interest into healthcare. Cause I know that within this field you have to keep learning is not stable like medical fields are for example nursing, and other medical fields so I feel like doing something in healthcare and using everything that I have learned so far from my associates cybersecurity degree I feel like I can use something to use

If that make sense

I mean I really wouldn't worry about it. I've never worked in healthcare and get recruiters in healthcare. When you look for IT helpdesk, you can look for healthcare environments but wouldn't limit yourself there

I see

Yeah I'm open to work for other industry as well is just I'm going to do a minor once I Transfer so I was wondering whether or not to stick with healthcare or go explore other industries within cybersecurity

like I said, I'd apply to all sorts and see what interests you, its not like you'd be stuck in one industry if you don't like it

Yeah

Thanks

You should read some of the success stories on the THM blog to see what experience people had and their path to a job in cybersecurity
https://tryhackme.com/resources/success-stories

hey guys! Just got a question here. My buddy is actively working to get into cyber security and it inspired me. I've always been a bit tech savvy but haven't applied myself with career pathing. Today i'm starting somewhere atleast by building up some resources. Right now i'm in the military and am getting out next year. My MOS(Job) is already in an IT background but its just a fundamental level, i.e. I can obtain Sec+ Net+ A+ and CCNA with this, which i'm going to be jumping on soon. However I was recommended to get into OSINT + THM from my friend, so I'm in an interesting playing field right now. I am wondering what would be the focus for this? OSINT goes quite hand-in-hand with learning and research, so If the dream is a red teamer or blue teamer, it would be super sick applying a strong background. What would you guys recommend?

currently, my workflow is messing around with OSINT. Did my first CTF on THM which was super cool and tragically long considering no knowledge of Kali beforehand.

But, i need to strategize my time wisely and soon.

It would be nice to know what to prioritize exactly.

Certainly continue with the certifications. A+ if you have no other knowledge of computers. When learning cybersecurity you should have a good understanding of Linux, Windows, Networking, some scripting/programming awareness. You can grow these as you learn.

Sec+ is good for learning about lots of areas in cybersecurity and is widely recognised by employers. If you're considering doing the CCNA, do that and avoid the Network+. CCNA is far more thorough and practical and is widely recognised the world over as the standard for junior network engineers.

The knowledge you gain on THM will help a lot on the path to learning cybersecurity along with books written about all kinds of areas of the field. Check the link I posted above about success stories and pop into #bookclub to see the books we talk about

@rugged delta thank you kindly subtle. I have some weird knowledge of computers I will say.

Gave +1 Rep to @rugged delta

Weird as in I'm a gamer, so i've messed with config files/server plugins

but my job side i've done imaging over PXE, worked with pUTTY for changing interfaces off of switches and routers. Worked with encryption settings and functions. So I'm adamant with BIOS, recovery tools for PWs, AD

its kindof a strange spot

That'll all go a long way learning cybersecurity. There's tonnes of free stuff in THM and if you subscribe you get access to a lot more. It's a lot of fun

so subbing is worth it then eh?

😄

80%ish is free. but def worth get sub

sounds good, ty

sometimes I feel like I just need a mentor hahaha

also... rly nice background you have

thanks bro

😄

for every thm thing on website here is channel to ask q and so. so help come relative fast

hell yeah

ill get down and dirty with it soon

just need to be more proactive

just make sure to read #rules and #start-here also is nice of help

There's lots of advantages to subscribing, like faster target machines and a faster VPN, full access to the AttackBox machine and all the Learning Paths, Networks etc. You can access hundreds of rooms and use some of those features on the Free tier.

I'm currently on Free Tier but have done loads on Premium the last few years, certainly worth the price, if you decide to take it. There's lots of people in here who'll tell you what's worth your time, attention and money when learning cybersec and I've definitely found it worthwhile

I feel like I couldn't justify getting premium until I've finished most the free rooms

That's fair too. It's really your choice

Hey y’all, So I plan on double majoring in Finance and Cybersec in uni, what kinds of jobs would that get me?

My question would be why are you double majoring in those specifically? what are you trying to do?

Well, I do really love finance/economics as well as Cybersecurity/Infosec. And I reckon pretty well that I can find a job position that combines both in some ratio

I'm not sure about that, I mean fintech is always looking for cyber people but you don't need a finance degree for that

and I'm not in the finance area but possibly auditing would have a mixture of finance/privacy

Well, I definitely should do in-depth research and talk with my counselor if I could. I’m not even sure whatever the certs will satisfy me on their own. Thank you pretty much

Gave +1 Rep to @pseudo creek

What Positions are likely to be opened for me if i have Cisco CCNA Cert?

Do you have any professional experience in the computer industry or a degree?

No I'm an undergraduate

Paths are keeping u focused and is so organized Also there's couple premium rooms that i wouldn't really like to miss, definitely worth it i come here to the server everyday saying how much i love THM for the info and help it gives as it is A beginner friendly

Omg typing on the phone is so hard

Network Engineer/Administrator/Analyst, or a NOC-related role

Systems Administrator

I am an undergrad from robotics background. I would like to explore the basics of cybersecurity and stuffs.

How can i do that ?

A Network Admin, it requires only CCNA? Cause if it's In depth Network Related then it's better for me to get a Cert in Security such Sec+ and Looking For A security position

THM is a great place to start and it's beginner friendly , u Can learn so much about Cyber Sec in THM

Most Of the Rooms Are Free, but if u wanna be more Organized and unlock premium Content u can Subscribe

it depends

sometimes, i see job postings with Associate Network Administrator

or Junior Network Admin

or Network Administrator I

aha i get it ty

Gave +1 Rep to @dense dagger

You can check out the features of THM. Go to #start-here and explore

How hard is it to go straight to a master's degree from college? (UK)

Looking at Southampton CS for cyber which requires A*AA or AAAA

But in terms of the workload and course, much difference between masters and bachelor's?

i didn't think you could without a bachelors

unless you mean an integrated masters?

I think it's an integrated masters?

It's 4 years

Fwiw I wouldn't recommend a masters. It overqualifies you for most roles, it's usually something you'd persue after getting some practical experience

Mkay, they don't offer any bachelors courses specifically for cyber

In my eyes that probably means it's a compsci or similar BSc followed by a masters year which is cyber... I'd check the syllabus etc very carefully

The course is accredited by the British Computer Society and is one of just 3 UK integrated master's degrees to be provisionally certified by the National Cyber Security Centre (NCSC).

yeah it's integrated masters

Does anyone have any knowledge about the application testing career side for

Android / IOS / ARM Devices

Hello, I had CCNA in 2019, I have a bachelors in computer science started masters in information communication and dropped out in the final year currently studying for masters in cybersecurity till July 2024, because of the trend in cloud I have started online course on awe security. My goal is to break into the cybersecurity industry as cybersecurity analysts I am 29 and have limited field experience I fear I’m getting too old and late any advise and suggestions I humbly welcome them. Thank you.

Since when discord has recording lol

Definitely never too old to learn, i see THM is a great resource to get into Cyber Security as it's very beginner friendly and walks you through every info with a great way to understand the smallest details

And Good luck in your journey, the discord here has such an amazing Helpful community so if u have anything to ask about feel free 🙂

Thank you

Gave +1 Rep to @dusk oracle

np

It's never too late. I started as cyber sec analyst past year and I have fellow workers 35 years old in the same position with me. This is a field which grows amazingly the last years, so it's never late

Thank you

Gave +1 Rep to @austere drum

Have you been applying?

Anybody know a good position in tech for somebody with 17 years marketing experience and now a sec+?

Is it recommended to get a masters degree before getting a job in cyber, is it okay to get the job while doing the master's degree or is it recommended to do it after some experience?

Look at GCHQ Degree apprenticeships you work with GCHQ and get a honours degree (Bach Degree) and they pay you 22k/Yr for three years to do it.

Admittedly it’s down by Bristol ways to a degree, so you may have to move.

@warm hinge

That’s UK reccomendation ^

Tbf I'm not even in the UK

Just apply and see what happens

Apply for what exactly?

Jobs

Jobs, constantly

Don't wait for a doctorate to apply

There are no rules

This progression isn't linear like this than this, it is more like hopping around and a little bit of luck depending on who you can convince, at the end of the day every employer has a different vision for security

And what they deem important

Some just want you to have networking knowledge, no degree, hands on with an EDR, at most basic level, stuff like that

Some are more traditional

If you feel like security analyst is too hard to interview for maybe try a few helpdesk roles

Point is, apply

Sooner you apply, sooner you interview, sooner you can talk to the hiring manager about what they want in a candidate, sooner you can align w the job description

Sooner you can do things to complement the skill set

Yeah I was just making sure whether it would be a bad idea because I rly want to do a masters degree

Somebody out there will say its a bad idea, but will that stop you?

Just trying to get others opinions

I mean I still have some time until masters but

At the end of the day, there are two sides to every story, I personally think a masters would be diminishing returns but

Collecting opinions ig

When are you planning to do it?

Yeah but don't base your career off of other peoples opinions

And I mean masters more related to cryptography

Give or take two and a half years

Still undergrad

Idk I understand wanting insight

You can definitely get a job until then

But I think its something to be careful with

You will always find someone with a different opinion and that means that strategy might have an integrity issue and run you in a loop if things got dodgy and one person suggested something that ends up setting you back

Its a tough call that an individual has to make, career moves are tough, at the end of the day it is mainly getting a right person to give you a chance

bruv he is just asking to see other people opinions and he will decided for himself

That's understandable, its just good to be cautious when time and money is on the line

I don't know any better rly

So..

Well at the end of the day that's why we share ideas back n forth, we are all learning

Society brings up society

So by all means ask people, come to your own judgment, and stay determined

What were you going to get a masters in? What's your goal?

Cryptography i think

That's at least what I'm set on for now

A lot depends on what country you are in, in the US, it is generally a bad idea to get a masters before you have work experience. Other countries may feel differently

Huh damn i did not know this

Well isn't that why you are asking?

I mean I'm in Europe and I plan on staying in Europe, just moving a different country but inside of the EU

Of course!

Yeah so it may be useful to ask for the specific country and maybe someone will know

yea i mean if you want a specific degree for the knowledge, the power is yours, so long as you have the money, but for a career standpoint, there's not much holding you back other than the employers you come in contact with and whether they decide to give you a shot or not

some employers want degrees, some don't some employers want certs, some don't, really just depends who gives you a chance

Uni is v cheap in Europe

Like 400 dollars a year in Germany for example

how long would it take to get the masters from where you are right now

The living prices are the only problem

what's the time cost

It's 2 years after I get my bachelors

And probs 2 years for a masters

so like 4 more years from now?

A lil over that

But ye

so we'll say 2028 you have your masters, you start applying with a masters

what's your target job title,

might want to see which jobs would be looking for cryptography masters

see what they're paying, account for an inflation rate, and see what that could estimate to be in 2028

and then ask yourself if it's worth sinking 5 years for it

Honestly I have no specific targeted job title

I just like learning stuff

i dont mean this in any way, but I feel like a lot of people, including me at the start, we're driven by this sexy idea of cybersecurity, but with no clear goals. You need to get a clear idea for a career goal sooner rather than later, very specific target, so you can start searching the job description and equipping yourself for it

that is, if this degree is so you can get a job

if it's just for fun then disregard

maybe take some inspiration from this search

https://www.indeed.com/jobs?q=cryptography+masters&l=&vjk=9d5ead0706016d1b

This is an interesting one

https://www.indeed.com/rc/clk?jk=6e5acda374c7032d&fccid=aaf3b433897ea465&vjs=3

190-285k is a nice range but you also need to subsidize your cost of time and initial cost for the masters degree

Masters degree itself doesn't cost much here it's probs at most 4k

But yea time is the only difference

but how much money would you be sacrificing for all that time you're putting in

What that 2nd one doesn't say is a principal architect is 10+ years of work experience and often 15+... plus that job range isn't much for a place where it costs 4 million for a starter home

LOL

Ur not wrong

yea plenty of things to consider

what is your bachelors in, vlamb

Communications engineering

networking stuff?

Networking is probs the most common thing you'd see here so ye

I joke abt being a tcp/ip stack engineer

kk picture this, how confident are you with networking? you start applying for network roles, you get your bachelors, either you get a job before the bachelors is finished or after

but you start getting experience in the network role and then you can pivot into a security analyst role as you get experience and decide whether you still want to get that cryptography route

all this is betting on chance but I feel like a network -> security pivot is easier

I mean not too much rn but like I do take system administration and other classes that are related like next year

do you have an IT job atm or any in the past?

No not rly

no worries, honestly might not be a bad idea to go thru this course for the networking concepts, see where you land, dont even have to take the cert test unless you want it

i'm going thru it myself

https://www.youtube.com/watch?v=H8W9oMNSuwo&list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ

I alr have had classes when it comes to netwkrking

this will give you a networking edge and from there you'll have a really strong foundation

Like as far as understanding basic protocols and stuff Iye I alr did stuff like that

I did some latency analysis in networks and some related stuff too

nice

but remember, foundations are foundations, a strong foundation is important

you want to know this stuff like the back of your hand if possible

again, depends what you want to do

But I can't say I can configure a router or a network

That's what I can't do

this course uses packet tracer, software made by cisco, that lets you emulate configurations and stuff, it's a learning tool

so you can get the hang of it with little to no start costs, just a computer and a packet tracer download

I mean I'll be doing that stuff in uni too tbf

Probs soon

yea true, your call,

But like by next year I can easily apply for a sysadmin tbh

but like, what are you waiting for

... Some issues w parents

ah, sorry to hear

It's a long story but they are way too afraid I'll

Leave uni if I get a job

So they are trying as hard as they can to stop me

It's so annoying

Which is why I'll probs do it next year

what's wrong with leaving uni if you get a job

Ask them

what is the point of university, isn't the end goal to get a job?>

Rly idek

And I wouldn't even leave anyway

i mean, assuming you have had the job for say, a year or two, you'll have enough experience to pivot anywhere after

of course would be wise to finish the degree but there are plenty successful without one

It would be a spectacularly dumb decision for me to leave given my grades rn but they rly don't get me one bit

Still i have to get an internship at least to be able to finish uni

It's a requirement

So like

nice, sounds like a great opportunity there

I'll try getting it next year and be like ye I'm basically done I need to do this

And I will

Until then I'll just be learning cybersec stuff ig

yea i mean, you can take as little or much time as you want but I don't see any downside to getting a headstart,

the networking course i sent you, believe it or not, meshes into cybersecurity very well, there's a lot of overlap

not so much on the cisco device configurations, but the network foundations you can apply anywhere

Fair nuffs

I mean

i mean, freedom, you can do anything you want

Ig i can see why you're saying the thing abt the masters

Ig i just don't know enough abt what stuff there is

but yeah, google around, it's fun

Like I can easily stay a sysadmin though but

I def wanna push myself as much as I can

It would be a little

Underwhelming to stay there, for me, to say the least

yea my mom was Level 1 / Level 2 helpdesk for maybe 20 years

Cuz like I believe I can do much harder stuff which is why

Given where I am rn

she wasnt really happy with IT but it just sorta worked

Fair enough

But like, yeah, some people grow complacent, that's not a "bad thing" per se

but, if you dont have the passion, it will definitely hit you

I mean, idk if my mom is genuine when she says she hates IT, but, she says it from time to time because of her experiences

makes it hard for me to share my successes with her

Yea it really isn't bad

everytime I share my IT passions, it reminds her of her resentment

That sucks =/

yeah it's an unfortunate scenario, but, can only pray about it and seek to accommodate, find the middle ground

I'm so sorry

nono it's fine, it's something to grow from

Oh but you definitely have people here to share the passions with :)

seeing the things in the moment can be hard but it's important to spend quality time with people you love

particularly finding the striking conversation that everyone can laugh and relax about

not particularly overwhelming or draining

lol yeah I've found ways to accommodate my needs

thank goodness for the internet

I guess we wouldn't have jobs to find otherwise either heh

Internet sure do be a nice place

lol yea

The point of university is to get an advanced education in subjects a typical school is not equipped for. It trains you to have a deeper understanding of a particular set of disciplines, primarily learning how to be astute, to be able to identify good and useful knowledge, to be able to document and report on your discoveries in a meaningful and accurate and impartial way and to become specialised in a particular field and a particular subject within that field (or in multiple fields).

The fields that university teaches are frequently those needed by companies and governments and other organisations to do the work they need done but sometimes they're subjects that are interesting for their own sake, i.e. not everything you learn has a profit motive. This is why you can study the arts or music or any number of other subjects that allow exploration of realms that are interesting... That is, learning more about the universe (and some of its complexities) and adding that to the vast wealth of knowledge humanity has unveiled.

If you get a job and you're happy that you no longer need uni, if that's your determination, that's entirely up to you but you have to consider what opportunities you might miss out on and decide whether those are something you can live without, whether a future opportunity you find interesting hedges on whether you have a degree and what value that has to a potential employer or whether it will give value to you as a person at some point in your life.

I was considered one of the 'smart kids' even as a young child. It led to me being bored and unengaged in school and I didn't make the most of my first trip to college. A few years later in my mid 20s I went to a university and finished my bachelors degree while working full time and it opened up a lot of opportunities.

Since then I've learned a lot about many things and I really treasure my knowledge and the joy I have in things like Linux, networks, the cloud, cybersecurity, artificial intelligence, drones and more widely biology (my best subject in school), genetics, complexity science, astronomy, physics and maths in general... I've gone back and done two postgrads, one in IT management and another in cybersecurity and I'll likely do one in AI in the coming years but more opportunities keep opening up.

I was never good at languages other than English but I'll probably take time to get better at a couple of them that I've learned bits and pieces from. Some of the subjects that I've touched on are ones with incredible potential to discover things. It also means that I can ramble for hours about esoteric topics but most of the people around me have no knowledge of or interest in most of what I have to say.

What you get out of life is entirely your choice to discover and put in the effort and work on. If university isn't something you want to pursue, that's just fine. There's lots of ways to find fulfillment in life. Infinite avenues to explore. If finding a job and making money is your thing, that's your thing. Do it wholeheartedly. But know there's always opportunities to do other things too

very nicely put together

Thanks, that's liteally me just rambling 😛 One of the other things uni has granted me is the ability to parrot incessantly through my keyboard whatever thoughts entre my head. It makes college projects easier cos I can usually have a first draft of a paper in hours, leaving a lot more time to do the fun things in life 🙂

Gave +1 Rep to @fleet rain

No, in the US, it prices you out of entry level positions. Wait to get some professional experience and then have your employer pay for it.

James covered UK perspective

@warm hinge from what I've seen you're from my part of Europe (Balkans), the whole "cybersecurity" area is pretty new, so honestly, Master's won't price you out of anything, and we're not that rigorous when it comes to salaries dependant on education (used to be the case where it was extremely difficult to progress in any field without a high school/college diploma, but that attitude is dwindling). Companies will gladly offer you lower salaries despite you offering a Master's in the field.

As for the dilemma with your parents and education vs a job, I completely understand both sides, I think the best middle ground I could think of is an internship with 4 hour work days rather than 8, and proving to yourself mostly how you can handle that situation side by side with school and see where you can go from there.

Assume I'll move to like Germany or smth though

Thanks for the feedback both of you

i've been on THM for a month and i'm close to finishing the first 5 paths, but i don't have much direction with what i study

i want to take the security+ cert soon, but i'm not sure which paths are best for studying that

also i'm not sure what to do after

what are some good rooms to do before going for security+?

I think the networking basics rooms and the cryptography rooms are pretty well-revolving around sec+ content

i've done all the network fundamentals covered in the pre security path

what path are the cryptography rooms in?

I don’t know any paths with encryption rooms but you could try “web application security” and “cryptography for dummies” rooms

thx

Sure mate

you might use search bar and find something that fits you needs

I’ll also take my sec+ in a few days. I’ve been scoring well on my practice exams

are there any free sec+ practice exams?

I started with Examcompass. They offer exams for each objective on the comptia list. But A week ago I bought me a practice exams packet on udemy

Comptia produce some practice questions. There's an official practice test book on Amazon or other bookshops
https://www.comptia.org/training/resources/practice-tests

Hey guys, I’m just a bit confused, are SANS NetWars just CTFs? I got signed up for one and watched a video of a demonstration but it was a bit confusing

NetWars is part of the SANS cyber range, so they have challenges at various levels, according to the site... You might find it fairly challenging depending on what you're supposed to be doing or your level of training but you'll probably get better direction in a SANS forum
https://www.sans.org/cyber-ranges/

Yeah, I appreciate your perspective. My reason for saying "what is the point" was more so in response to his parents being concerned he'd drop out of university if he got a job, since, to my perspective that would be the WHOLE POINT of going anyway. I could understand job stability as one of the factors for that concern, but if someone has enough experience from one job, they'll be able to pivot. The hardest part appears to be getting in, once you're in, you're in.

Of course there are certainly people who go to Uni just to learn something for fun or to be more knowledgable, rather than to end up marketing it, so I guess that means there will be lots of different opinions

I recommended taking the $25-30 plunge for the professer messer exams

https://www.professormesser.com/sy0-601-success-bundle/

Hi all, just wondering if anyone has any advice for me on how to get into an ethical hacking career

You wanna learn about it,
Find the path you wanna go down,
be great at that path and work the hardest,
After having impressive skills and certs youll get offers automatically.

Alright, thanks

I wanna be the very best
Like no one ever was
To catch them CTFs is my real test

bounties are my cause,
Hackermon gotta hack em all.

Lol

learn the fundamentals

of networking

if you don't know the fundamentals of how software and hardware you might want to go over that too

can't hack something if you have no idea how it works, not very well anyway

can't secure it either, again, generalizing - there's an extent, but you won't be able to do either of these skillfully and calculated without fundamentals

@livid solar

Also, do a job search for pentesting, ethical hacking jobs, and look at the job description to get an idea of the skillset you will need

map out your path to align with a specific job description

there's a lot more defensive jobs than offensive jobs, so keep that in mind. ethical hacking / red teaming is not an easy feat in terms of the job market

i've heard people get junior pentester positions but that is very rare and definitely not common

Alright, this is really helpful, and I will definitely keep in mind, thanks!

of course, your dreams are possible, not trying to shatter them, but it will take work and discipline

and passion

i'm still on my path myself, so, we're all learning

I do have a reasonable understanding of some networking and IT it's just I need an overview of what I need to do to achieve my goals

So thanks

yeah of course, go on linkedin or indeed and search some jobs

read the different things people are looking for, take note, expose yourself to some key words in their listings

and then you'll be able to start searching for specific things to learn in that list, for example, if a video says "must be able to triage incidents" you can start to look into what that means

then you can build on that, understand, and start practicing

Yeah

that's just one example, but, aligning to an end goal will ultimately help more than keeping things super broad, as the broader and less specific, it's not as targeted

I Also got a question, I'm currently working on a Company in Portugal, i Just finished my CyberSecurity Associates degree and i got Security+ (And Currently pursuing CCNA Networking degree)
I'm Brazilian and i miss my country a lot, i wonder if it's possible to work remotely for a European/American Company while i'm living in Brazil.

it is possible but it will be a lot harder to find one and secure one

Uhh did someone tag me here?

does it make sense to go to graduate school for cybersecurity in the US

google says that formal study is useless, but if i want to work in the US would it be better to study there first

so that you can perhaps work there for a couple of months if the employer wants you to

Well, not really, you could get a degree anywhere from western Europe and work in the U.S, as long as you show that you know stuff on the interview or on your cv, they’ll take you in. It only matters to have your degree in the U.S if you want to pursue higher education in the U.S

ok

someone told me that if you are currently doing a masters in the us, they will be able to see you around and take you

since you're in the US physically, whereas if you're in Europe Asia or Africa you can't physically try out the job there

Now I don’t know about how credible education quality is outisde of Germany, France, U.K, and other western euro countries

is that a valid concern

Not really, just networking

We live at an age where I can show my profile to CEOs

Just, connections irl and online

i see

actually

how good is my education quality, i study in singapore

I just got an internship with a software company in california, I live in NC

Singapore? My man you’re already good

hope so, it was really funny the other time round

I never met or saw or heard of those folks

They saw my profile

there was this guy who asked NUS students and UT Austin students which university is better

everyone at UT Austin said National University of Singapore, everyone at NUS said UT Austin

Wow

I mean yeah, American universities are so fantasized

because my university has honestly not a lot of hands-on content

You spend 1 year of your CS degree learning about humanities and chemistry…

ive been to berkeley and you really get a lot of practice there

Well, are you doing CS or any IT?

CS

If we’re talking about one of those IVY unis, then it’s worth it to go to the U.S

also, is the position remote

i mean i can't work legally in the US, but you can

@sand terrace I’m doing a double major in Finance and Cybersec and I can’t tell you how obsessed I am with Singapore’s state-capitalism and their LVT

Yes

o

honestly i wanted to say something about the inequality here, but i don't know anything about economics

so never mind

I know a guy who graduated in marketing from the U.K

He works here in the U.S and he’s your average guy

But yeah no, Berkley is an actual fun and useful place

yes it deserves its high ranking

you could say that my university tries to game the university world rankings

I know unis take in a lot of international students to boost their ranking

then the administrators masturbate each other to the US universities lower than us

Well yeah, it’s a game of popularity

yeah this too, i heard in china they take in some students from god knows where, they get kicked out after scoring 20% on their classes

They promise them that experience and learning about foreign cultures and stuff, meanwhile the international student doesn’t know a tick of English and doesn’t know how to have fun and adapt to the environment

They end up broken(morally)

yeah im not personally sure about that but it sounds entirely plausible

Usually to get hired in the US, you need to be in the US. The exception to that is if you have a specialized skillset that is needed by a US company and they will find you or else you work for an international company and transfer to the US

so thats why lots of people who want to live in the US come to school in the US

hmm

ok sure

on the flip side, masters in cyber aren't very useful in the US unless you have experience first

ok, hope to get experience first

I see, so I myself am about to take my sec+, is it even worth going to uni to study cybersec if I can learn everything with certs?

well are you talking a bachelors? or masters?

A masters

a masters is really only useful when you want to move to a management position or a lead position

Considering that I’m taking finance too

I see

what about remote work

is it a thing to work remotely for a company in california without being in America

not really, very few companies will allow that.

again if you have a specialized skillset that a company can't find elsewhere and they really want you, they may work with you

i see, does anyone know about perhaps the possibility of getting a job in Europe

if im not from there

Most first world countries have a requirement that you're eligible to work in the country that office is located in.

That is typically due to citizenship or a sponsored work visa.

i heard that Canada is more popular for people to go then America atleast heir, i wonder why is that?

I'd say not anymore, Canada is basically slowly drowning on their own shit, You just gotta see how Toronto Changed to worse in the last 10 years

i mean the province

i see

for a long time, it was the favorable exchange rate

Does anyone know if it's better to go to college or focus on taking courses on the internet?

depends largely on your country on whether college is emphasized or not

People often go to college just to find out what they really want to do with their lives.

i am from BRAZIL

thats a poor reason to go to college

yes LOL

Most parents are very influencing their children to go to college

and often the children only enter because of the parents

did you go to college?

yes

do you learn a lot of things there?

yes

where do you study or studied?

in the US, at a public university, but I'm from the US

you must have studied a lot to go to a public school

university*

thank you very much for your advice

Anyone in here working as an intel threat analyst or network security analyst?

I kinda disagree with that. College is a great way to discover yourself as long as you understand that you're not just there to complete a course. The intention, the spirit of college is to help develop you as an individual, to encourage exploration outside the bounds of your classes and to figure out where you want to be. Of course, there's no guidance on this and there are no rules and most people aren't going in with big dreams and intentions outside the usual fun of finding friends, getting up to mischief and buying expensive hangovers. Speaking of which, I'm off to buy one right now 🍻 😁

views on this : https://twitter.com/davegerryjr/status/1648687275625119744?s=20 ??

it really depends what extent... like community college in the US is a pretty good way to try some things out, figure things out, I just wouldn't recommend someone go to a 4 year to do that

Eae blz? I would advice you to take the "Engenharia da Computação" course, it will teach you a lot about Networking, which maybe is the most important thing if you're starting you cybersec career, and it would also give you the engineer title, that helps a lot to get jobs in some countries, take a look to the course classes and see which one will teach you what you really need to know about cybersecurity, (idk if i'm allowed to speak Portuguese so i sent it in English xD)

hello guys i am looking for a job or internship as penetration tester (remote) anyone can help or recommend someone? Thank you so much

Have you considered bug bounting?

I wouldn't look at bug bounty as a job