#cyber-and-careers

if you want to get a network+, you can check the free cisco networking trainings

because ITF won't be enough for network+

sorry for my english, i meant after ITF enroll in the course for network+. Not directly try the exam

I would not stand a chance

Don't get a cert just to get a cert. If it's not a requirement for the entry level role you're looking to get, do not spend your own money on any cert.

Certs are part of ongoing education career paths and competency demonstrations in the business world; as such, the employer should pay for certs because it makes you a better employee.

in theory I am in a Bsc for Finance and Insurance

however I always wanted to become proficient with cysec

I do not care about certs I would just like to learn the skills necessary to solve hard CTFs and actually understand what i am doing

.

You don't need certs to understand. Certs are a game for a business to make more money.

and for the HR ofc

you could know what a terminal is

but HR staff doesn't know that

yeah get it

so you can use certs for showing a proof

for now I am just going trough paths in THM

ill see how it goes

don't be afraid reading write-ups when solving CTFs

I usually look at them when I am stuck completely

@warm hinge I do agree with Poizon. And do feel free to reset rooms and go over them again

for now a good 60-70% of answers were my own

Beautiful. I’m going for Finance and CS in uni

Still in senior year

hahaha nice

im in the 1st year

How’s Finance for you?

Please don’t tell me it’s all Excel spreadsheets

started studying it when i was 14

always enjoyed learning about financial instruments and their features and usages

Damn beautiful. I picked up the Wealth of Nations when I came to the U.S, 14 years old

nice

however for now my first year of finane is just saturated with statitics

and Analysis math

best advice I can give you is when you are doing math and stats try to learn them and keep them rooted. They are an ESSENTIAL complement for the subjects coming next

Hello all,

What types of questions shall be expected in technical interviews with DevOps architects?

Anybody located in Florida? I'm looking to network with some cyber pros

anyone know if there is enough jobs in the us for foreigners to get visa for, really want to move to the us because in my country tech jobs or jobs in general pay much with more taxes even though we have free healthcare and stuff.

anyone can give advice as to how to best prepare for a entry info system admin interview?

okay so i'm really curious, given that i'm doing a degree in electrical engineering (though to be fair it's more like telecommunications and IT) what's the best way i can leverage this to get into cybersec as fast as possible and with as good pay/position as possible.

its all with a little bit of luck

yeah but like i am sure like i can aviod a helpdesk job, easily could get a sysadmin, but is there smth more I could do? that's what i'm asking

you're already working towards security

you could probably doing other things while working a sysadmin, apply security while as a sysadmin

security applies to all roles

whether it be development, sysadmin, network engineering, etc.

of course but i'm mostly interested in how to leverage my uni degree to get as 'high up' as possible if that makes sense

If you're good enough and have decent experience it's not too difficult to get a job in the US

Experience > degrees

Ensure you can motivate why someone should hire you as ex. Sydadmin with a degree but no exp rather than someone with experience.

I'd say you are probably overstating it. If someone is in the US currently and has solid, needed experience, they could get a job. If they are outside of the US, they really would want a specialized skillset to be recruited

well basing on you saying uni, I'm guessing you aren't in the US but basically, building up a portfolio is really what you need to do. I'll also say although people crap on help desk, depending where you are, you can get paid pretty decently and it can provide solid experience which will be valuable to you for later positions.

I mean like I said, with decent experience and if they're good it isn't too hard. Two guys from my company have left within the last 3 months for jobs in the US. They both had 2-4 years of experience

and that was in cyber security? I'll say that is pretty rare in cyber, it is more common in things like dev

Yea. Security consultants

and also more common in english speaking countries than non

Yeah i'm talking about going from the uk to the us

yeah that is not impossible especially with so many businesses that do business with the UK, but again there are quite a few factors

i understand but lowkey don't feel like getting a helpdesk job with an engineering degree knowing i can just as easily get a much better paid job (and tbf would probably be overqualified for a helpdesk job anyway)

If you want to work in the US, your best bet is to get a job with a multinational, and then try to transfer to a US office.

I'll say I've been in cyber security for a long time and I've worked with someone in cyber from a different country once in my life

on the flip side, I've worked with lots and lots of devs from various countries

honestly wasn't exactly aiming for the US specifically, but i'll say i'm pretty open to most places ig

as long as i get out of here

why would you think you are overqualified for a help desk job with a degree?

When I was in a GRC role, I regularly spoke to team members on the 6 populated continents - we had a lot of sites world wide, and both security, on site IT, and engineering teams were pretty scattered.

I will say that all IT including cyber are service positions, where you will have to help people, on the phone, in person, etc

well yeah, I do work with people in the UK and various other countries but they are all in those countries, not in the US

I'd extend that to say that almost every job, regardless of IT or not, is really a service job. Every job has a customer, and keeping that customer happy is how you stay employed.

because i have a 4 year degree and a requirement is pretty much no degree?

the same way a masters would overqualify you for a sysadmin i suppose?

not necessarily? I dunno, our help desk positions require you to have a 4 year degree

M.Sc doesn't overqualify someone to be a sysadmin - it's a totally different skillset

hmm fair enough then

Basically companies are going to want to know that you can be able to work with people, work on a team and help desk is one way to do that

What a M.Sc does mean is that hte candidate is much more likely to outgrow an entry level role much faster than what the business sees as being the 'normal' replacement rate

now I said you could build up your portfolio, try to get a non help desk job by showing you have a variety of other skills that may qualify you for other entry level jobs

okay understandable

what jobs would I be looking for though?

and which jobs would i be looking to move into after that?

but I work with a ton of people who used to work on a help desk, they all have great careers in cyber

well what do you want to do?

not exactly sure yet which is one of the reasons i'm asking
i'd just prefer it being technical but that's about it

and really if you want to be in a world of hurt, let it be known by the help desk people that you think you are above them... your life will not be good

no i don't think i'm above anybody

uh

thing is

I think you need to figure that out then, common entry level jobs are SOC analyst, jr sysadmin, jr network admin, help desk

i was very much considering going into a PhD just because i really like understanding subjects to their full complexity and i really want to push myself as much as i can
this is one other thing i'm considering..
it's not that i think above anyone i just like doing as technical and as advanced things as possible if that makes sense

well the academia path is completely different. Like I said, a company will want you to be able to work with people, to be able to provide support beyond being technical.

you'll have to learn the business side beyond the technical side

even as a technical person, security engineering roles are at least as much business nonsense as it is 'real work'

most of the real work i did as a security engineer in vuln mgmt, was talking with other team leaders about whether or not things needed to be remediated

yeah i get that
but i was just sorta... trying to understand what kind of paths there are ig

yeah, you should see how much we have to try to appease customers, like I'm like "hey I'd love if we could totally automate this, do xyz, etc, etc" but then business needs take over

i'm probably not the best role model for that; my path has meandered across operational security including pentest and vuln management, into compliance, into dev, back into compliance

Don't forget all the horrible requests from customers you have to shoot down

"Hey we went to access our reports on an FTP server from the public net, can you do that for us?"

this is US focused but might help you https://www.cyberseek.org/

like, i suspect there's things i will have to deal with regardless of what i choose/go for but at least when it comes to the technical aspect, i just hope i could get into more 'advanced' 'technical' things,
this is primarily why i'm asking, i'm not sure what there is in there and what i could.. pursue ig

CEH in the US?

that is also why i asked abt how i could leverage my degree to get into something more technical as well

eh, lots of job listings for gov positions throw it on there but good luck at getting the job with just CEH

yeah i understand

well it really depends, electrical engineering and cyber security aren't the most symbiotic, but there may be things out there I'm not aware of

i suppose people skills are something one has to work on regardless

it doesn't have to be EE related

Some companies are behind the times. Also, it was on the DoD certifications list for pentester until recently, so USG contracts required it

just suprised considering its reputation

well you said your degree

i mean my EE degree is mostly telecommunications and IT

right, they need to catch up

So,,, networks, system administration and ig some related stuff are in the profile of the degree,,,

still even telecommunications, maybe you could look into satellite related security if your degree covers that stuff

it's just that i don't expect it to be easy to get govt jobs like that

just because i won't have citizenship for a few years

there are a lot of companies that do satellites that aren't the gov

do you have an advisor you can talk to ? because clearly you don't like our suggestions

not really

I gave you a website to look at, told you common entry level jobs, told you that you could look at building a portfolio showcasing skills but obviously none of those interest you

i'm looking at ti rn

i didn't say they don't interest me ig i should've commented on it

i just took them as a given

?? I mean I don't think there is anything else I can provide, you kind of have to to do your research and figure out what interests you, look for job listings if you must that interest you and see what skills they want, even if they aren't entry level

yeah i suppose so
i'll do that

thank you

also, sorry if i sounded 'disinterested', i was genuinely just trying to understand what there is out there and i'm still trying to figure out what i want to do

Hey,
How long does THM usually take to review applications? to one of their open positions?
Thank you.

@clever wagon around 5 years.
Your welcome.

Not long.

Took about a week for mine.

when have you applied and what role if you dont mind me asking?

I applied a few months ago, and I applied for the QA position.

Ah I see because I applied for a certain role mid march I think

I don't know the ins and outs of the hiring positions.

Hello all,

What types of questions shall be expected in technical interviews with DevOps architects?

I am a highschool student

Nope

They live life

I focus on building my career

Online as of rn

But Maybe in the future

Getting certs

Learning more

Basically getting into the field

I am gonna be dead serious with you

if your gonna be teaching High schoolers than you better keep them at a distant

Majority of them arent into well anything and their whole purpose of life is to make fun of the person presenting

so good luck with high schoolers ||@warm hinge||

Right

Not alot of kids are into it but some really are.

hopefully

lets hope for the best

I might have a contact for you

https://tenor.com/view/buzz-lightyear-toy-story-aliens-commander-leader-gif-8386461

Lol

@warm hinge DM?

I've done events with kids and it usually incredibly fun.

As a high schooler, and someone who went to jeopardy style CTFs where I was working in a group and also mentored, I feel the most important thing is that you make sure everyone is doing something, that people are communicating, and also that you don dissappear in the middle of the event, stay with them, if they get stuck and frustrated at something that shouldn't give them that much trouble, give them a hint, also, if they work in groups, you can ask one of them to be the "team captain " who probably won't do anything different from his team members, apart from feeling good and perhaps assigning tasks and making sure not 2 people do the same thing.

Gave +1 Rep to @hazy turtle

I recently finished my CPTS certification, and was looking to grab something on the blue team side of things. I see a lot of security+ on job listings, but the content is so low level that I feel like jumping ahead to a higher cert might be a better idea. Anyone have experience jumping straight to CySA+?

#room-help please 🙏

Cysa+ is basically sec+ but more technical and intuitive

But would it be viable to jump ahead? Would I still end up with situations where employers would demand the sec+?

I’m not sure really

Sec+ is like an entry level that everyone knows. Technically cysa+ is “better” but sec+ may be more well known

So not really sure

Hi, im a university student, from Uk, going into my final year. I have recently passed network+ and now im looking to go deep with bash scripting and maybe alongside do thm/htb? just looking for any advice, routes from some experienced people. my dream would be to have my own company and pentest other companies.

Hi, I just passed eJPT. I want to get my first offsec job. What should i need to pass to get it ?
Should i do PNPT or straight OSCP ?

Not to crush your dreams but the GRC side of running a pentest company will be horrific

Would it be easier if I just work for myself and pentest companies

Or is it the same thing

Im aware in this sector you are very limited to experience as most places expect you to have 5-10 years of experience and I can understand that to some degree but its very hard to get going

Yes it's the same

No that's not correct

Anyone sat the crest crt within the last two years or so?

Can you give me some information then please

Everyone says the same thing?

Have at least a cursory look over linkedin and see what they're asking for. It's absolutely not 5 years unless it's a mid seniority position

Usually a year of SOC is a common route in

I was about to say this.

But it will depend on where you are located. CompTIA certs are recognized in the US, but I don't think they have that much weight in EU.

Good point

nice

good chances

doesn't matter, still apply if you want

Barclays have a tough setup.

have you tried to get in?

You'll need to go a cognitive and general knowledge test

Yes, they declined me and phoned to tell me I was over qualified

what

😂

Because I have more than what they're looking for.

The tests they make you do aren't very short.

I have processes like these

so pointless

just give me the job

It's not a job, per say.

It is a job.

You'll spend so many days in work, and 1-2 days in Uni.

I think Ill just wait until september when the graduate positions come out

do you mind if I dm you @broken idol

Sure.

I know it's all doom and gloom, but you should know that a HUGE number of those applicants are just taking the spray-and-pray approach for any vaguely tech related role...

that is true I suppose

I'm going into my final year of university and I'm already stressing about a graduate job after I finish

I don't want to be the bearer of bad news.

But that position is looking for people who're going in to Uni.

It's a graduate apprenticeship.

it says graduate so that position is for people that finished uni no?

No.

Like I said previously.

They will give you a salary, you'll spend the so much time at the job, and at Uni.

Increasing your salary as you progress.

well I might as well apply for this one that has 386 applicants

What have you got to lose?

🙂

Go for it.

my time =]]

It's a learning experience.

Comptia certs are pretty good there in the eu too

In the term of entries

got a job interview for technical support/ shadowing a security analyst and hopefully get the job 😄

good luck!!!

good luck!

Hello everyone! I was wondering if anyone has any job leads. I’m US based, and for personal reasons, I’m looking for Independent Contractor (1099 tax form) type job. Has anyone heard of any job opportunities like that?

I'd recommend looking on Indeed or LinkedIn. You can also check out #jobs-board.

didn't get it... womp

Sorry. The denial of a job is hard.

Hi, I am currently working as a pentester with a 100% focus on web apps and I am tired of them honestly. I am tired of JWT and cookies and basically the whole owasp top 10.

I know about infrastructure pentesting being without apps but what about IOT or cloud?
What other areas of pentesting don't involve apps or the owasp top 10 attacks?

Most apps within cloud will be web apps

That isn't to say there won't be cloud native services that deal with certain things like misconfiguration and what not but apps deployed in cloud are mostly web, cloud services are mostly web based

What are some beginner level personal projects can I do related to cyber security

own cloud server...
pi hole to monitor dns traffic....
and much more

Does anyone here who tried the CCD training https://cyberdefenders.org/blue-team-training/courses/certified-cyberdefender-certification/ or Cybernow Labs https://cybernowlabs.com/ have anything good or bad to say about them?

Can you be a little more specific 🙂

cloud storage server like nextcloud either on an old pc at home or using a virtual private server that you rent monthly

pi hole is a domain name system server software you run most commonly on a raspberry pi to block ads through dns requests but also lets you see all the dns requests that goes through it which could be really really informative for security purposes as it can help you distinguish between normal and abnormal traffic

Is there any resources I can use to look into that

points at search engines here you go

who can give me some opinions on my cv please?

Post a redacted picture of it here

Hello, i've done a few certs recently, latest being CEH, i do have eJPT too and was wondering what would an experienced pentester recommend going for, eCPPTv2 or OSCP

Do you have any professional experience? Not specifically in pentesting, but in the computer industry or a college degree?

I have network and telecommunication engineering experience and decided to pursue infosec/pentesting

I would just start applying

I wouldn't expect an individual to pay for OSCP, especially at the new price point. Sec+ may be beneficial for contract requirements or general requirements.

ah yes, i am currently studying for Sec+ as we speak 😅, i was just wondering what would land me a job and what would compliment eJPT

Hello to all, I am looking to get into the cybersecurity but my background is as mechanical engineer. So which certs should I get . I am currently learning from try hack me modules.

Depends on what area you want to go into. What are your goals in the cybersec industry? I'm sure other people can give excellent information on that based on what your goals are. 🙂

As going on learning I am interested in penetration testing domain.

Are you proficient with basics such as Windows and Linux OS?

I'd start there tbh.

Yes I am @grand phoenix

With basics

any opinions? I know its not great

Education nearer the top, you're young and it's more important

ok thank you

Probably needs a lot more on what your degree is and what you've learnt

in the experience I would not put the big text, but more bullet points on what you have worked with

This is what mine has, yours will be different

aa I see what you did james you basically put the modules and a short description

that helpful thanks

makes sense thanks

Gave +1 Rep to @alpine marsh

ffs Ive already applied for a job with that cv, I should of asked first

here's mine

thank you, its useful to see others to get a better ideea

I just feel like I got no space to write on mine

Do you have grammarly etc?
There's a few typos and capitalization bits that would be good to clear up

CompTIA etc

nope I dont use it

I'll get it tho

I think the free tier would be fine

Interesting to see how CVs differ so much 😅

I didn't put any skills/hobbies/self taught skills there unless backed up/related to by certification, education or experience

Your university probably offer CV writing support too, worth making an appointment @sturdy scarab

I'd 100% put hobbies and interests that your persue out of work. Says more about you than just what you do for work

yeah I'll make sure to make an appointment

James if you were to start all over again, what would you mostly focus on

Would you learn a programming language first, bash, just go into thm?

Will note that down for next time 🙂

I learnt Python, learnt servers, learnt go, then found THM

And what is your current position if u dont mind

I'm a penetration tester

My dream job😂

just do thm

if you have the motivation do thm

you can learn programming on the side too

i think thm even has rooms on scripting and stuff

does it not?

Probably

@sturdy scarab I started with programming and networking as well, but I think learning programming while learning on THM, is a very good way to learn, I would either learn Python for its simplicity, or bash/PowerShell which you will absolutely have to use for OS related stuff and just general effective use of Linux.

Yes my plan is to start doing thm along with bash

are you asking for a critique or just sharing?

Just sharing, it was to show how different CVs can look like

About me and relevant skills are taking up way too much room. You are still on school, list coursework relevant to the position you are applying for. The two least interesting sections (to the employer) shouldn't be taking up 3/4 of the first page.

So, I had an informal interview at work about the open position in the cyber department at work. I am currently in the IT department and I want to move out and develop my skills. I basically said this in the informal chat with the Cyber Sec Manager and I explained what I enjoy and told him that despite being new to the cyber world, I am ready to learn anything that comes my way and that I like both sides of red and blue team security.

Does anyone have any tips when it comes to a formal interview? From the sounds of things, it does sound as though I have the job, but they’re waiting until the summer. Did they tell me that directly? No, but I just know from the company dynamics that I’ll be offered a position.

All advice is welcome, thank you 🙂

It depends what the job entails. Also one thing I find useful for interviews is make notes, list some major projects, what type of things you've done. I go blank during interviews and notes help

That’s brill, thank you. I thought it would look unprofessional to have notes, but, in reality, it probably looks more professional to have them to indicate to them that I’ve prepared for the interview.

They have told me that the job would entail shadowing a guy who does a mix of things, so, essentially Purple Team behaviours and practices, which is good, because I want to make sure that I develop skills in both the Blue and Red team areas.

Gave +1 Rep to @pseudo creek

how is my cv now

General rule is never to use "I" in a resume, keep it to third person voice.

Also use present tense or past tense but not both. "Gained", "Developed" then "Enhancing software".

Also don't assume readers of your resume are dumb. "Understood the fundament aspects [...] which is important for any system/network administrator". Explaining that something is important to know is assuming the reader does not know. I would also say something else like "Utilized knowledge of operating systems and their design" may be better wording. Try to be concise where possible.

Your certifications section also assumes the reader is dumb. I'd list

• CompTIA Network+
• CompTIA CySA+ (planned to take - [list date])

Also the "Currently studying bash along with TryHackMe/HackTheBox" really doesn't make sense. Like are you focusing on bash right now?

And nothing you list under Projects/Interests is a Project.

Thanks for this. This wasn't the final version I just made changes compared to the last one and I wantwd to get some thoughts. I'll make the changes

Gave +1 Rep to @pseudo creek

how are you pentesting on PicoCTF?

what do you mean how

so you say "Pentesting on websites such as TryHackMe, HackTheBox, PicoCTF"... is pentesting what you are really doing?

that will need modifying as well

Definitely think education should be above experience still. Without experience in the field you are going for, the education is more important

Really good improvement though

Looks much much better

thank you I appreciate that, I'll change it now

Related Education is way too big. List a class with possibly 1 sentence of coverage, and only if that course is relevant to the job you are submitting the resume for. The recruiter won't care, and the hiring manager will ask for clarification if they think something is ambiguous

HI everyone. Is it possible to find a junior role in EU if I am not based in EU? I have one internship experience as a Cyber security engineer. I don't have any of the "big" certs. I have upcoming CEH practical exam though.

How can I fill a CV if I have no experience in any IT industry and no certs?

explain you knowledge and might be help full to describe you home lab and what you know and why you have it and so ?

might i dm you something ?

go for it

I do some much random stuff with tech that I completely forget and don't really write it down and my mind goes blank when I try to remember

If I'm a recent Graduate for CompSci and all I have are a couple of projects, what type of jobs should I be looking for?

honestly, any job. Did your school not have career fairs/career counseling? Do you have a job now? What area do you want to move into ?

They have a Career Counselor that I'm attending next week since that's all they had open, I don't have a job, and I want to stay within Florida.

when I say what area, I mean what field/sub field, what do you want to be when you grow up?

I'm torn between something involving System Administration in IT, or a SWE Position.

can anyone send an entry-level cyber security resume format? I did try finding them online but I am very confused to choose one. please help.

I would aim to search for an IT specific resume format instead, entry-level cyber might be too specific.

It's a balance between choosing something you like and feel like represents you and what recruiters like.

Don't overthink it, just choose one that is easy to read and easy to get a quick overview over your skills/experience/education

I got a cybersec job with a somewhat modified Word CV template 🤷‍♀️

Wow

Is anyone here doing computer engineering in the U.S? I’m torn apart between CS and computer engineering. I do hear that CS is more theory than application. And as a person interested in Cybersec(working to a degree in cybersec) I’d like to get closer on the hardware level

If all THM pentest and offensive modules were completed, would a person be ready to apply for pentest positions, entry or even senior level?

No, and definitely not senior level

I think you would be ready to apply to entry level positions, but only if you keep learning, while and after applying.

You might be able to apply to a junior pentesting position but it would be better if you completed the OSCP (most popular, industry standard, slightly pricey) or a similar level cert like the SANS GIAC GPEN (highly rated, very pricey), CREST Registered Penetration Tester(widely recognised globally), or consider the TCM PNPT, Zero Point CRTO I & II, HTB CPTS <<---- These last three or more budget friendly and growing in popularity in some sectors

which rooms in Tryhackme will be helpful in building a foundation for an OSCP?

I know there is an excel sheet with a list of useful labs for the OSCP (the labs are in a few different websites, and separated by website and free/not free), I can send it to you tomorrow when I get to my pc

https://tryhackme.com/room/bufferoverflowprep

Buffer Overflow isn't in OSCP anymore.

Mb, I'm severely outdated then

do you know mif that room is any good btw, scroobs?

It's been awhile since I've done..

Do it anyway 😄

Oki

Do all the active directory network rooms

then focus on doing lots of rooms whether it be OSCP ish or not. What matters is being exposed to A LOT of vulnerabilities, exploits, priv esc types

https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1097814569

Thank you very much people

is this list for HacktheBox vms?

Yes, it doesn't have THM boxes

No, it has a few sheets, for a few different sites, not only HTB

Hello, I'm learning HTML/CSS atm and I don't think I can get any certifications + I stopped going to school 3 years ago, I'm wondering if there's any way for me to get a job learning something in https://tryhackme.com/, Any advice?

What are you looking to get a job in/as?

If you're starting off in cybersecurity, there are plenty of opportunities and Try Hack Me is a great place to begin your journey. You can check out the Blog, especially the Individual Stories section
https://tryhackme.com/resources/blog
https://tryhackme.com/resources/success-stories

Also, go to #start-here to see where to begin

anything tbh

but at the same time, i feel embarassed to say this. i wanna learn a bit of hacking to find information of some bad people

Alright man, thank you

Gave +1 Rep to @rugged delta

I'll see check it out

@tacit bobcat

It was something, I had as a kid. dont worry 😭

I know it can be hard to find a specific path in the beginning, and the path might change as you go along, but it's good to have an idea of what kind of job you want. That way you can research any required certs or pre-reqs you need.

THM is of course a great way to start but not enough on its own to get a job most of the time

Yeah I'll check the blog and resources out and see what kind of a path, i can take

but at the same time, since i havent gone to school. i dont know if i can get a good job

While school might help (depends on where you live) you can still get a decent job without a degree.

Certifications kind of help you a bit there to pick up the lack of education.

Later on in your path you can also start a blog, GitHub account etc and blog/write/do projects to showcase that you know what you say you known. Just that could put you ahead of a candidate with a degree.

Oh alright, Are the certifications going to be expensive tho? I already have a github account. i just dont know how to put it a good use since im just learning html/css atm

Am i getting in trouble for this?

I'm curious

You can put up notes for example or you could put up portfolio websites there etc. You can Google around for more ideas.

The path you take will depend on cert costs.
Some certs might cost you (sometimes only for exam and no training) 300-500$ each.

Some certs can go even for 1000$+ so for those most people opt to make the employer pay for that.

Oh i see, I'll see how a portfolio looks like and If I had a path, do you think you can help me a bit with the path im going through? I just want a small hand and I'm broke so I don't think I can afford certs now

I think a lot of people here have good advice if you know more specifically what you are aiming for

If you don't have a degree, professional experience in a field within the computer industry is more than likely going to be required. Certifications are used to quantify Higher education/professional experience and don't have the same effect alone.

Alright, I'll ask them once i get the chance

If you keep going further then yeah you may

I'm sorry and I apologize

I didn't mean harm, I meant like government related way

So Certifications are really important, gotchu

I'll see if I can get one

We don't condone vigilantism here 🙂

Sure, thanks for clarifying

Gave +1 Rep to @small copper

I'm really sorry, I'm bad with my words

Welcome and Thank you for sparing me 😭

Gave +1 Rep to @tacit bobcat

Degree and Professional Experience generally weigh more, unless its a contract requirement

Well I won't have a degree and I don't know If I can get Professional experience

I'm required to get a job for professional experience right?

If you have zero professional experience, a lot of people start in IT

Tbh in my country they don't require a degree, especially if you have experience, so it depends on region.

You can gain experience through entry-level IT jobs such as helpdesk

Yeah?

What's helpdesk and How do I gain experience out of it?

tech support

and you learn a lot

You get exposed to a wide array of technologies and build your troubleshooting skills. As you progress you get more and more responsibility and deal with more complex problems and solutions

and even if you can't afford a certification, a lot of people use things like Professor messers (sp?) Youtube videos on A+ and Network+ training

those things should teach you the basics of IT

Ohhhh i see, Thanks for the information

Gave +1 Rep to @stoic cave

What's sp? I'll check it once I'm done checking out the other stuff. Thanks alot man

just my spelling may not be 100% correct there

Ohhh It's alright, I got confused. I thought it meant something

Spelling is correct, just missing a '

What's spa?

Hello guys, I am a cybersecurity student right now , and I am in a point where I am really lost on what shall I study next ( web/ad/exp.dev....) since i am pretty interested in AD but the web is more common for a junior pentesters ect.. and I am facing some other issues tho ... if someone can helping me on choosing my right path, please feel free to DM me
Background : I am a PNPT/OSCP/eJPT holder

I mean hopefully with your certs, you would have no issues landing a job but you are right, web is important. Have you gone through the port swigger academy? Other than that, it may be useful for you to look into various technologies such as cloud and containers

yes and i have some basic web understanding, but i couldnt finish portswigger , i mean studying in depth something u dn like is rly bad... so i am rlly lost

i find like low level stuff is fun tho and i like it too, but it feels like it is something advanced and i shall not think abt it now... so i am rlly lost here

Greetings everyone, With over 20 years of experience in the field of IT, I have gained significant expertise in various areas such as Cisco, Data Center, VMware, and EMC storage. Having worked for leading organizations including VCE, Dell, Cisco, and AWS as a Technical Account Manager, I am now seeking to pivot my career towards the exciting field of cybersecurity. I am eager to reinvigorate my career and am looking for guidance on how to embark on this new journey. Where would you suggest I start?

It really depends on what you want to do; you're probably looking at a significant paycut if you want to do technical security stuff, but you may be optimally placed to manage security ops, threat intelligence, or GRC, depending on how familiar you are with various frameworks.

Hello folks

So i have 2 choices right now which will decide my future

1. Do b.tech in Cybersecurity
   And yes we are a middle class family and can't afford the money for college and also i don't want to see my parents in trouble because of me

2. Online courses for my Cybersecurity journey

I am confused can anyone help me with this please

Well, the nice thing is that you can achieve probably everything in cybersecurity just from online courses and online certificates
TryHackMe is a big part of your journey, you may find many other websites/courses that helps but I personally recommend TryHackMe for learning and practicing, it's has amazing resources and can get you from zero-to-hero

So
Should I skip my btech
As it takes 4 year

And it's an degree

What is the likelihood of companies hiring entry level security professionals with no experience but with qualifications like CompTIA Security+, CISSP or others(If so which are valuable), if most places will not hire with these alone are there many companies out there that will pay considerably less than other companies hiring entry level salary but will accept qualifications only, so experience can be acquired? Else what do you do to land your first job?

Well, online courses can't take place of a degree sadly (from most companies view) but coming to the truth online courses can do even much better that bachelor degree , my university at Jordan is not 20% as good as TryHackMe.. imagine!
But you can play the dice and get better with online courses and do bug bounty and if you were good and lucky* you can get good money out of it, later on when your name become known like on of the top 10 in bugbounty websites like HackerOne companies will fight for you to hire you

Why can’t you go to college and do online courses as well?

Anyone who used THM and got an internship or entry role, what learning path did you take? What was your prior experience/projects or labs

Got my first role which was a part time position with just thm, htb and immersive labs experience

What was your first role? SOC I?

junior security consultant (basically junior pen tester)

I’m a CS student and hoping to get an internship. I was thinking maybe going down SOC path or if they had a vulnerability management path to go down that

Hey, I'll be able to answer this. I'm also a CS student and got an internship recently as a (full-time) security engineer over the summer. My experience has been 1 cyber class project (Linux honeypot), summer research (cryptography implementation), with CTFs and THM listed as extracurriculars (no homelab nor industry exp yet). In my case, I managed to get the interview for where I'm working through directly contacting my university's cyber department (if your university has a cyber department I strongly recommend doing this, or even the CS department — many hours were wasted on cold apps...)
As for which learning path would be beneficial, the questions asked were related to threats and vulnerability analyses, so SOC Level 1 and Cyber Defense were the most applicable paths for the position. Generally, they should tell you which role they're assigning you to and you could ask recruiters the interview style before it happens, which will let you focus on the relevant material for the interview.

Nice what will you be doing?

I remember there were 3 main projects: 1 static code analysis, 1 web centered vulnerability analysis, and lastly 1 network/system analysis, and potentially other projects given extra time. From recall it was editing scripts and reviewing for positive/negative vulnerability results, assessing risk, and securing the systems for each.

What year are you in? Is it in person? How was the interview process? (Ty for answering btw)

No prob! I'm 2nd year by time spent in college but 3rd year by credits (planning on graduating next year), and I got a remote position.
The interview process was pretty tame, phone screen has the usual HR filters (why do you want to work here, what is the general idea of cyber security and its importance). Because mine was very recent and close to the summer, they wanted the behavioral and technical in the same meeting which worked out fine. The behavorial was similar to the phone screen, but a lot more on the resume and seeing how my problem solving methods work. The technical was exactly as said earlier: describing vulnerabilities based on how a program found them, how can we test for it being a positive/negative result, and what do the severity levels mean. Overall, I'd say my biggest takeaways were to relax, be confident and dont panic/second guess, and try to keep it laid back and conversational. I got a call the very next day saying I got the position.

Nice job. I’m working FT in an unrelated field and going to graduate next year as well! I’m just trying to optimize my efforts so I’m not just casting my resume to the wind

Ah I was about to ask what experience you have and what do you want to work as, which along with my experiences on my resume made me go from applying to software engineer to security and it paid off :)
Throwing it to you, what fields of cyber are you thinking of working in for full time, and what experiences do you have?

You know that’s the frustrating thing. SW is so over saturated with applicants esp with these layoffs. Although they also have the most amount of jobs.

I’d like to work in cloud security. After two years I’d like to go for my masters in cybersecurity and become a SME

However a lot of gatekeeping in cybersecurity and people saying it’s not for entry level

That actually parallels me so much it's crazy, right down to the masters. Cloud sec just seems like a really cool mix of operations and security. Also feel you on the gatekeeping for entry level. It's a blessing to even have a cyber department at my school.

Btw cyber defense is labeled intermediate. Is it really intermediate or is it more like if you are brand new to tech you’ll find it somewhat hard?

Nothing in cybersecurity is basic. Most of us would insist on a good understanding of and comfort with Linux, Windows, Networks and scripting/programming with experience in the field in tech support or qa or preferably as a systems/networking/software engineer/admin while you're learning cybersecurity. Cyber defense junior analyst is considered intermediate but there are multiple other tiers and related subfields in cybersecurity requiring more expertise leading from and collaborating with a defensive program. There's a lot to learn

I think showing projects and interest go a long way to getting a position. The thing is there is a lot of competition out there. We get new grads out of college who have had internships for 4 years, have GitHub's, contribute to open source projects, volunteer for cybersecurity conferences, have CVEs to their name and are overall really amazing. Given applicants like that or someone who had no job experience at all, we are generally going to pick the person who has shown themselves to be capable

do the btec at college while doing online resources to supplement your course

Well appreciated it bro

depends where you're from actually. Where I'm from, There's mba graduates riding Ubers. (nothing wrong with uber, im just saying)

hey guys i wanna start my journey in cyber security but i don't know from where to start so can anyone please help me

Welcome, checkout #start-here :)

Brazil?

@pseudo creek can you please review my resume?

Gave +1 Rep to @pseudo creek

If you verify you can post a a redacted screenshot of the resume here.

!docs verify

Thank you

Gave +1 Rep to @stoic cave

Can anyone please review my resume. I'm hoping to apply for a soc analyst level 1 job. I have no experience in cybersecurity.

That's really hard to read

Anyway you could possibly make it clearer?

Look for chatGPT prompt examples and look for something similar like review my resume while comparing it to job description. Hope that help

Click to enlarge

Thank you

Gave +1 Rep to @fiery sable

@sleek sedge I tried to make it a bit clearer.

you could open it in the browser and then zoom in

This is usually the opposite of helpful when someone is asking for help with their resume.

much better, 👍

🙏 will do better next time

No, but i see Mba graduates being jobless is a global problem.

a lot of people getting an MBA without any real thought thinking itll magically open a ton of doors for them. these days every tom dick and harry has an MBA

@flat sedge

@dusky heath Hi, that's not really what this channel is for. If you'd like to apply for an opportunity in #jobs-board please go ahead, but please do not try and advertise yourself as a candidate here

Wow this would be a dream

Apply

what's the worst that's going to happen?
you get a no

Just do it

I cant apply anyway I dont live in Birmingham

• I'm still in university

Birmingham is not a very safe city 😆

@carmine jolt

? what is this remark

Cyber in law enforcement has some pretty harrowing career paths

gotcha, I misinterpreted your comment a bit 🙏 However, this server is strictly PG13, we don't really discuss that kind of thing here

Fair enough, just thought worth mentioning considering that is reason 1 through 999999 that I have zero intention of ever working for LE

valid choice

I got a friend who's working in LE where he studies high tech crime and tracks it down

I mean MBAs without any other experience is not like what people think. It is better if you do MBA after you’ve gotten education and experience in another field. Like what I’m doing, Computer Engineering and MBA

Hey has anyone taken a look at the Google career cert? Think it’s worth it? I’m mostly curious about the automating security tasks with python

Roadmap suggestion for red teamer

Pre Security -> Introduction to Cybersecurity -> Jr. Penetration Tester -> Red Teaming

those are paths available in TryHackMe

Certification

?

that largely depends on what country you are in

I suggest the OSCP if you can afford it

I can afford certification costs
Just want a certification road map

OSCP then

Like which course land me a first job

There is no guarantee a certification would land you a job 🙂

what country are you in? Like UK seems to require CREST but maybe parts of Europe as well

I am in india

I'd also like to take CREST but it seems like outside Europe and UK, it has diminishing returns

but I may be wrong

and India, well some people say CEH is strong there but it depends

your best bet is to talk to someone in India that is in the role you want to be in and ask them

or you can also search for job postings on your local area, find which jobs you want and what certifications they ask for

Any of these approaches would get you an answer

I searched jobs but not that much here I am looking to work in MNC so I want Certificate that is worldwide known

How about this, research about worldwide known certifications then come back here with what you think are good so others could chime in on what they think about the certification/s you chose

OSCP is pretty known

Ohk

is c# too hard to learn as my first programming language

no

I was gonna go for python but maybe c# might be better? any opinions?

CREST or CyberScheme over here yep

You will have an easier time of it if you pick a language that lends itself well to what you want to do with it. If all you want to do is learn how to program, study the mathematical underpinnings of symbolic logic and reasoning.

I just want to know at least 1 programming language as it will make me more employable and its good to know at least 1

so just trying to decide which

it all depends on your goal, python is a good solid language to learn

I had an interview for a SOC Analyst job last week (tue), and have to say, this waiting to hear the results is worse than the interview itself

are there physical pentest firms in the EU?

specifically in the forms of social engineering

there are places that do offer that stuff as a service yeah

...yes?

python

most serious pentest firms offer that type of services

As someone from India and working as a pentester, I would strongly suggest OSCP, it’s getting more recognition here lately.

Wait, Zojja…how you been?

good! how have you been? being awesome I imagine

Hello everyone, are there networks rooms to practice my application web pentest skills?

https://www.imperva.com/learn/application-security/penetration-testing/

You can use the search function on the site for rooms that contain that.

Haha, trying my best!

Hey, Robin I would also like to ask you about the job role of pentester in India, can you ans some general questions to guide me?

Hi! I thought about starting with cyber security as a hobby to begin with, I have a good knowledge of linux, would my next step be okay if I started with tryhackme or htb. But the problem is that the process of learning the tools on those pages is quite long and takes a lot of time, can someone suggest another way to learn them and what should I start with first.

• I was also thinking about watching Walkthroughs of those boxes

many, but firms generally focus on social engineering as part of a red team assignment, not necessarily as a specific test in its own right

You can try to pwn machines and see how far you get

or try to answer the questions without reading through (all) the content

Take up vulns and then use tools to aid you in finding or exploiting vulns for that specific case so you will learn the tools and their usage, gradually.

THM and HTB are great for hobby learning, try out the starting point in HTB first, it's pretty good for just throwing you in there. Then move on to boxes/rooms and watch walkthroughs if you get stuck.

You can use tool walkthrough rooms on THM as guidelines/references, ex you are tying out nmap on a box, look through THM nmap rooms for some tips/ more in depth information.

Thm paths and modules are not paid?

only some modules

you can substitute with google but the core things im pretty sure you can access without

well you can get more details about an tool on google than on thesemodules

i just loose motivation bcs i don't know tools names

how to use them is easy to find

I was thinking about starting this as hobby and maybe later i will decide to take step deeper

yea you can google everything for further depth

its just the entire basis and structure of THM that makes it more simple

such as going in a certain order on how to learn etc

Hello, is anyone here from Greece, athens? Would love to connect. I am struggling getting into the infosec scene here. Also in the UK we used to go to meetups in London called DC4420 is there anything like that in Athens?

I believe there's a bsides in athens in june! definitely take a look there

Good catch @rocky bear , Thank you! I wrote bsides, eventbrite says sold out : /

Gave +1 Rep to @rocky bear

is there conferences/meetups in England around the North-West area

you can look on "infosec-conferences" and search by your country

maybe you find something

where is tat

that

its a web site, there you can look up if they are any events that suit you

"infosec-conferences"

Ladies and gentlemen, I present to you, a very open position

https://www.linkedin.com/jobs/view/3596645753

15k for a full time network engineer

if you are recruiting, please email hydra@tryhackme.com from your corporate email to be able to post jobs to #jobs-board

I want to make a career in Cybersecurity but I don't know which field to go into. Offense or Defence? Can anyone shine some light on which one would be ideal? I've researched a lot and have found that there are more offense aspirators and the offense side is on the rise with the number of jobs but they sometimes are seasonal and on the other side, the defence has more number of jobs than the offense and the companies are willing to hire defence peeps. I'm interested in both so I have the motivation to learn both, I'm working towards some certs but still have no idea which one would be ideal. I maybe wrong with my statistics but please guide me.

when someone figures this out also tag me please

any jobs board for pentester?

#jobs-board

You can always pivot into either direction no matter what you choose.

Do whatever brings you the most joy, though defence/blue team might be easier to get a job in first than offensive.

There is no "right answer"

There is plenty of information about what certs for what role if you Google

Please also observe some certs might be more relevant to choose depending on location, so research roles in your area for that maybe

I would say cyber is such a huge field, I would say that you kind of want to figure out what you like and go towards that but don't worry about getting stuck in one role or another. Personally I like cloud security so I always vote for that but that is neither defense nor offense

is network security also a big part of cloud security?

well its different as security usually is at the host/service level, although you can apply network security controls too

Thanks for the info. I will look more into it, so i dont bother you with the basic questions.

Gave +1 Rep to @pseudo creek

Sup everyone

Question, I’m currently a Sr IT Specialist. How should I go about being a red teamer or pentester?

this might help you https://tcm-sec.com/so-you-want-to-be-a-hacker-2023-edition/

So what should I do before I start looking for entry level pentesting jobs?

What is the standard for entry level shit?

Do you have a degree or prior professional experience in the computer industry?

Just basic IT and an internship in defensive cybersec

Degree or experience? For the IT part

Degree

Associates or Bachelors?

Bachelors

I'm not sure if pentesting would be a direct jump, this is a US perspective, but I'd apply to security centric positions. Get Security+ if you don't have it, realistically it's the only certification you should pay for out of pocket generally. Again in my opinion

Was thinking about it, currently applying for another security job

Is it worth getting some bug bounties under my belt, seems like it might be good resume fodder?

I personally think a Homelab would be more beneficial

Practise hacking your homelab?

Or just setting up the network itself?

Hey guys, I just got my Jr Pentest Cert from THM. I have a solid background in IT. Would I just start applying to Jr. pentesting roles or go for an industry standard cert like CEH?

@stoic cave

I'm not sure if pentesting would be a direct jump, this is a US perspective, but I'd apply to security centric positions. Get Security+ if you don't have it, realistically it's the only certification you should pay for out of pocket generally. Again in my opinion

You received a certificate from THM, not a certification. Certificates are meaningless. What’s your IT background?

Harsh, entirely fair

They're not entirely meaningless, they just don't hold as much weight

Eh, not sure they hold any weight in the eyes of an employer

Depends on your employer

They are still a certification of knowledge, they tell an employer content that you have gone through on the TryHackMe platform. It's all about awareness, OSCP wouldn't hold weight if nobody knew about it, would it?

Disagree. Certificates on THM can be gained by just going through the motions throughout a module. It doesn't actually require the individual to actually learn and use the knowledge they've gained like a certification such as the OSCP, PNPT etc.

It shows your passionate / interested about learning

OSCP holds weight because the exam is known to be difficult and people who hold OSCP typically have a decent understanding of pentesting

I know people who have passed OSCP and their understanding of Cyber is poor at best

I didn't say it necessarily shows what you have learned, I said it shows an employer the content that you have gone through on the platform.

If you complete the SOC Level 1 Path on TryHackMe, it is unlikely that an employer is going to put you into a Soc Analyst role straight off the bat

True but outside of that, what do they offer? Certificates are a nice personal achievement. Nothing worthy of putting on your CV or trying to get a job with imo

Nothing wrong with showing initiative

Are you a hiring manager by chance?

I am not

Certificates don't verify you have actually learned the material, that is correct. As far as putting them on a resume, it would depend imo. Certificates make good LinkedIn posts though. Certifications definitely hold more weight, and 100% belong on a resume, as they verify you have met a predetermined standard set by the issuing agency.

Certifications can lose value though, as we're seeing with EC-Council, if the organizing body doesn't actually uphold the standard or produce subpar material.

Just my two cents, being a former recruiter in another industry. Certificates are 'okay' to showcase in an interview, as long as you have the knowledge behind them. Be sure to offer your interviewer an opportunity to challenge or test your knowledge. Even if you're not certified (yet, be sure to mention you're adamant about achieving said certification), knowing your $h*t can get you any job you want. The moral of the story....knowledge is power.

for the experienced people if were are a CS student looking to get into security ( entry level or internship) how would you use THM to get that postion? i am currently going through the modules/paths in a certain order to help build knowledge

If you have a security minor, take that. Then start applying once you graduate.

I would obtain Security+ as well.

i hear you on the security +. i dont have a minor but theres a cybersecurity cert at my school that many say is not really worth getting unless you needed a bunch of credits to graduate

what positions would be ideal to apply to? i am thinking of entry SOC or better yet vulnerability mgmt type

THM is more of an add-on, would go in an extracurricular category on the resume.

i see

well CS is a lot of theory. except the networking class allowed me to easily answer almost all the questions in the THM networkign modules

I would evaluate who's saying it's not worth it, lazy students who don't want more credits or people that have graduated with the cert and haven't been able to find employment.

i was people from my school's security discord

they usually get #1 or #2 in the national competitions

System Engineering, Network Administration, Powershell/Bash Scripting, Python Development, just to name a few things..

What's the deal with beginner certifications like the Security+ doesn't that get immediately superseded by another certification like the OSCP or whatever else. I don't want to work in the DoD I don't even live in the US. What's the point of doing all these little certifications when you can just pay a lot of money and pass the big boy ones?

(I'm not trying to say the Security+ is a bad certifications, I just used it as an example of a beginner certification.)

You have a big misunderstanding of the coverage of these two certifications

One is a broad certification, encompassing a lot of the security domain. Another is focused in penetration testing

These "beginner" certifications are building blocks for your knowledge and career. Certifications like CySA+ are built on top of knowledge of Security+. Sure, you can skip Security+ and go for CySA+ already if you feel like it but without prior knowledge or experience, it becomes a waste of time and money.

Plus, companies that offer certification also offer re-certification if you pass another harder exam. CompTIA offers this
https://www.comptia.org/continuing-education/choose/renew-with-a-single-activity/earn-a-higher-level-comptia-certification

Also, points to make. Not a lot of people can pay a lot of money out of their own pocket for these big boy certifications. Certs like Security+ provide an entry ticket to HR for entry-level cybersecurity positions and from there, work your way up the corporate ladder

Thanks for explaining all that. So if I get this right, the entry level certifications have value even when you get the expensive pentesting certification because they show you have the foundational understanding of topics not taught in the pentesting certifications. Even if you already know the foundational topics because IT is a broad it's the only way to prove you have the knowledge. Additionally, they help you get the entry level positions that might give you the opportunity of climbing the corporate ladder by getting the company to pay for the certification.

Gave +1 Rep to @dense dagger

I honestly thought people would assume you already know about Security+ topics if you have an advanced pentesting certification.

yea if you just say you have experience etc but no certification it will obviously look worse than if you have even an entry level certification to prove you have this knowledge

then just use the money from the job to either pay for another cert or most likely the company will pay

depends on geographic location and the company usually

I’d suggest not going straight for a big boy cert and do the others prior as you’ll find out things you didn’t know before even if you think you know most

Yeah totally, I didn't understand there utility.

IT is a weird field. Thanks for verifying I understood it correctly 😄

haha yea it is quite confusing

Thanks for the suggestion! So like, I learn both of them, and when I feel like I'm good in them, then the one which is most interesting to me, I can go with it? Or explore, not just stuck to one role but to gain experience?

Gave +1 Rep to @pseudo creek

Yea, learn both as much as you can and whichever you prefer obviously focus a bit more on that side but still maintain the other sides knowledge.

Certification wise specialise in what you prefer

yes exactly. I've been in cyber for a long time, and I'll say I explored a variety of different roles throughout the years

Certificate of Completion shows an area of interest and continuation of learning. They are not validation of skill certifications, so valuing the weight of them in comparing is not a practical comparison. It is perfectly fine to demonstrate the area of commitment to learning continuously on learning platforms on a CV. In the end it depends if they align with the job requirements listed.

Looking around at jobs and I basically get the same money as a C++ developer as a Cyber security guy. I've already been a pro C++ for 5 years. I feel like with cyber security stuff I'm just gonna be starting my career over from scratch getting like 25k a year again. Works work, I don't see my life improving much working in IT when I work with computers anyway developing software.
Might seem crazy but I'm considering getting the certifications out of pocket and doing it as a hobby. I like doing THM and I like taking my hobbies very seriously. Do you think I'm wasting my time studying for certifications I really don't need?

depending where you live im pretty sure in most first world countries your pay will def rise from 25k within a few years and even then thats a little low. its usually around 30k roughly. I'd personally suggest if you're earning good money now just get certifications as a hobby until you feel you're ready and can afford to take a pay drop for ~3 years until you'll eventually have experience to be able to rise from 30k etc and just keep moving up

lots of variables affecting this outcome but I think if you feel burnt out with C++ do cybersecurity as a hobby to know if you will truly enjoy it then go down that route.

That's I've been thinking. I can combined the two eventually like there are jobs for C++ software developer to code security software, I found one today. It's a tricky problem for sure though.
Long term I've always wanted to do something like reverse malware to help stop attacks. I still like the idea of pentesting but I might just stick with CTFs. Regardless, getting an IT certification can't hurt me I guess.

yea you can probably get a software development job relating to security software like you said and the extra qualification is better than no extra qualification

i know in the uk gchq want poeple to code software so

I'd assume same occurs in the private sector which will pay more

Yeah lets do it man! I need a new job anyway, everyone's leaving, it's now a team of 2 people, including me.

Compiling take so so long to finish.

yea that can be a pain

theres a few modules on thm about reverse engineering

digital forensics would be beneficial too

considering you want to deal w malware

Definitely give that a shot. I'm doing digital forensic stuff right now O.O it's super interesting.

Thanks for talking to me about this, it's helped me work out what I want a bit more.

I can dm you a youtube playlist of the basics of digital forensics incase you find it useful if you want?

Thanks, I would love that for sure.

Gave +1 Rep to @lavish berry

Sent, goodluck on your journey man

I am doing ec council essential series now will it help me to get intern in networking feild

?

if you are looking at CEH a lot of people think it is crap. i believe i read it was fading fast from job postings as well

if you dont have it I think network+ might be a better place to start

Ccna

Guys I need an advice from a professional one or some one who is experienced a lot in cyber security

How can I choose my path and focuse on, like in hacking or penetration or exploration

I’m studying cyber security and I’m turning to my third year , I want to choose a path to gain in this path certificates , how can I choose the best path suits me ?

Which internship should I go with to step in the world of cybersecurity?

Like which intern is I networking or technical support, etc

Looking for work in Aus, trying to get back into sysadmin but preferably cyber; not having much luck due to career breaks etc. Starting to get frustrated - not getting call backs or interviews despite having decent experience. I've only worked in IT for 10 months of the last 6 years though

Do you have any certifications or projects? GitHub, blog etc.

Hello guys. I need some advice. Do anyone have experience in waiting and watching seniors do work on servers trial and error ? For several days ? Is it normal ? Did anyone gained knowledge by being patience ? I am feeling like I am wasting my time and burning out. I want to do job in cybersecurity. But here it is difficult to get one. Currently I am working as intern who watcher setting up servers. I am also confused about what to do with my career. I want to work on cybersecurity but is it possible to do freelancing ? I want to quit my current job. But have to pay my bills and couldn't take risk in cybersecurity. (Sorry for the long confusing message also English is not my first language and I am very much devastated nowadays)

Hi I believe freelance related cyber security work would be less stable as a form of income but also you would need a vast amount of experience previously working in the sector to perform at an ability to receive clients, you will lots of knowledge and experience by setting up and managing servers.

I'd suggest to always questions, security related or not as it'll benefit you in developing a deeper understanding for networking and security and to also help you eventually have the knowledge needed for your career.

Actually the iso we are implementing in the server is not booting and it's been days and it's driving me crazy. I couldn't troubleshoot as I am new and just observing the setup from aside. It's the hardware I couldn't understand. Thank you for your suggestions. I will keep that in mind.

Gave +1 Rep to @lavish berry

As someone who has troubleshooted the HW of too many servers, especially no POST, the techs should have a step by step process for testing the hardware to find the issue depending on hardware SKU.

If you're working as an intern, you're going to have to be patient. If they're working on server deployments, they're going to be doing things you probably don't fully understand yet. As an IT admin you need to follow configuration processes, do server hardening and other things as you set up machines. If you're not getting much hands on work, they probably don't feel you have the experience to do it yet and most well-run orgs will take their time to get you up to speed so they don't overload you and also because they don't want to give you too much responsibility or access.

Be patient and spend as much time as you can learning. Study the tech they're using. Ask them what the servers they're building are for, ask them for a lab server you can learn and practice with. Work your way up slowly. It takes time and as an intern you're not yet ready to be unleashed on the world.

As for freelance cybersecurity, don't do it. When doing cybersecurity work for an organisation you need to have proven yourself. Do you have a CISSP or other qualifications? Experience in the field? Have you been police vetted to work in the field? Can you set yourself up as a company and get the insurance needed or have you got a lawyer who can provide the legal backing you'll need? Or do you have any experience working as a consultant in any field? If you want to do freelance, you can learn how to do bug bounties but unless you're really good, that's not going to be a guaranteed form of income.

Any recommendations on how best to showcase TryHackMe progress/work on a resume?

I would just mention it as a personal interest. You can learn a lot from THM, but it doesn't provide industry or academically recognized qualifications - you'll have to demonstrate what you know in the interview process.

aside from doing the above do you guys list rooms/CTF on your resume as labs or something? wondering how to translate what im doing on THM on a resume

I do not

Unless your team placed well on a CTF, I wouldn't put it CTF participation anywhere except personal interests

I put CTF participation as a extra-curricular activity, I don't think it hurts and it could be used as a talking point in an interview

Hi! So I just recently graduated last weekend with a Bachelor's in Computer Engineering at my local University. So this year, my interests completely changed and wanted to go into the Security field. I got hired as an Endpoint Engineer from the company I previously interned at where I perform various tests on physical and virtual devices, deployment, vulnerability management, etc. As my manager knows I'm interested in the Security field, I've been collaborating with InfoSec to do basic pen testing and other security projects. My previous experience before this was working as a helpdesk consultant for 3 years. So, as I recently graduated in CE, in your opinion, do you think it's best for me to simply study for the entry level certs like Net+, Sec+, etc, or continue studying at my University to pursue a Masters in Cybersecurity? Another possiblly I thought could be attending WGU Masters program to get both the masters degree and certs. Ultimately, I lack Security experience and knowledge at the moment and would appreciate if you guys can give me tips on the right path. Thanks!

Certs are definitely a good start and look good on resumes :)

Masters degree will more than likely price you out of entry level positions. You mentioned vulnerability management, to me that's seems like you've already started heading/are in security. If you don't have Sec+, I would obtain it. That's the only certification I would expect someone to pay for out of pocket as well. If you can get the company to pay, even better.

As in overqualified?

Thanks for you guy's feedback! So would you advice pursuing my Master's in the future and start studying for Sec+ first or maybe both at the same time? And if so, I heard WGU can be accelerated, so I'm wondering if I should study there and get 5 additional certs or simply my local University

Masters, imo, shouldn't be on your radar unless the position requires it and the org is paying for it.

A masters is not a "im just starting out" thing if that makes sense. Based off your description, you have professional experience and a degree. Which is enough for getting into security.

Adding Sec+ can assist and I would recommend it as it's often a contractual requirement.

As in you're too expensive

Ah, I see. I originally wasn't really planning to study for a Master's degree, but just that all of my cousins have a Masters in their own field, which I guess I didn't want to fall behind if that makes sense lol. And 2, if I ever want to pursue a Master's degree in the future, I don't think I'll be motivated enough to go back into school. But yeah, my original plan was to simply study for net+ first and sec+ after to learn the fundamentals first.

Guys anyone know a remote internship opportunity for VAPT/Cyber Security Engineer?

Not sure if those positions or roles are even offered for interns

Certifications look great on resumes, especially the most in-demand certs if you can spend the time and money to acquire them. These differ a lot from certificates of completion. Those are perfectly fine to add to your LinkedIn profile as they look good there and show that you're at least progressing.

Most internships will be on-sight and are usually advertised for people completing academic courses like degrees or post-grads or those with professional accreditations and experience in other related roles. It's very unusual for a remote position for internship and even for full-time, they prefer you to spend some time in the office at least with options for some remote time. you'll also be expected to be living close enough to work that you can go into the office under various circumstances. You would need to discuss that with the individual employer

I am facing the same sort of issue but in NYC. Everyone talked up the CCNA but I have had it for about 5 months and have had 1-2 serious interviews. Honestly the key seems to be knowing someone or having a 4 year degree (which I skipped to go into IT right before the dot-com bust hit)

See if there's a way to finish your degree, or maybe consider doing the CCNP. I've done stints in networking and anything above a NOC position generally requests that you have some advanced level of skill

I had a question, at the end of my bachelors, even if I landed a few heavy certs like OSCP (hypothetically), Pentest+ or even CPPT, I'll still get an entry role without the experience right? So I should just go with the beginner certs for now?

depends. its all about luck really

but pentesting is not entry-level in most cases

You’d be looking to get junior pen tester or junior security consultant roles. Getting the certs now won’t hurt

I was looking for a remote internship as a frontend developer in India
Do you guys know of anyone who could possibly help me?

I, personally, wouldn't pay for any of those out of pocket. Sec+ is probably going to give you the best cost/performance ratio straight out of school.

Get the certs you want for the job you want, if you think you're able for them. You can do plenty of training to build you up to the level you need in order to get comfortable enough to approach something like OSCP. As well as that, yeah, Sec+ and CISSP are some of the most sought after. Unless you have a specific need for a particular cert, better off going Sec+, OSCP and then with experience, you can start workign towards CISSP

of course I'd only say OSCP if you know you want to be a pentester, there may be other certs better suited otherwise

I just wanted to reiterate from previous conversations, that you should get the company pay for OSCP. I don't think we should normalize people paying for a multi-thousand dollar certification out-of-pocket.

That'd work as entry level roles, you're right!

Gotcha! But I should study about network+ too while I'm at it, right? Just for learning, not actually giving the exam. Then I'll move on over to sec+ and get it.

I was thinking eJPTv2 then some other certs but most are the suggestions for sec+ so I'll roll with it and the ones you've mentioned in the latter part. So here's how it goes, net+ (for the sake of learning) > sec+ > OSCP > CISSP, is this ideal? I've also heard that the employers play for your certs so even if I score a job, I'll still be continuing to earn the certs. Thanks tho!

Gave +1 Rep to @rugged delta

Yeah that looks like a good plan. You can take your time with the CISSP, as to get the full certification you need to demonstrate 5+ years experience but lots of companies seem to request it as a general cyber cert cos it's very popular. The popularity has the effect of then encouraging more to request it... And yes, many employers do provide funding for training/certification

I would not even do ejpt... I'd just look at Net+/Sec+

Honestly if you want a hands on one, go for PNPT before OSCP. Covers a lot of stuff at an easy to follow level and in good detail. Don’t even need to do the exam just grab the course

You can watch the TCM penteration testing course on YouTube for free on his channel for the first 15 hours of training and see if it's for you

while I'd say this is good, there would be a lot of overlap with the course where they teach like AD, enumeration, web app pentesting, etc.

So going into OSCP after doing the PEH would make you feel like you've wasted some money because some of the content you already know

Can I have some constructive criticism please

@sturdy scarab Putting familiarity with iso 27001 and nist is a very dangerous game

If that CV went across my manager's desk, you can believe you'd be grilled on those

If net+ is just for learning, you can consider searching YouTube for free comprehensive material.

would having tryhackme certificates help get me a job in cybersecurity in the future since it "proves education" or would it just be scoffed at on a resume/application

Thanks I'll takw them off😂

Gave +1 Rep to @quick forum

Hi everyone,

I have some questions regarding cybersecurity. Can anyone guide me?

I am very confused about which path to choose in cybersecurity. I am quite interested in penetration testing and I have fundamental knowledge of how things work, such as networking, Linux, and other technical aspects that I learned from TryHackMe and other courses. However, I am afraid of finding an entry-level job or internship in pentesting. I am confident that after a few more months of learning, I will be able to secure an internship in this field. I am unsure whether companies hire interns or freshers for such roles. The red team excites me more than the blue team. I plan to transition to the blue team after gaining some experience in red teaming.

Can anyone provide guidance on what I should do?

What’s iso 27001 and nist

Google

has anyone taken any of the TCM courses? if so were they worth it?

Yes.

Were they worth it?

Depends...

I paid 98p for a few, and some of the courses didn't really teach me anything new.

So on that front maybe?

If I had paid full price I'd have been disappointed.

anything new - did you have a good amount of knowledge going in? which ones were good?

for instance i was looking at the python courses. i think for both (for me) they would bemostly useless since I have been coding in python for th e last 5 years. maybe the mini projects would be cool to do

Out of all the courses I done.

I really enjoyed the Practical Malware Analysis and Triage, and Practical Web Application Security And Testing.

you could always do the portswigger courses, I’m sure that’ll be very beneficial for you

wait for their PEH course to be updated 🙂

The web application part they teach is very outdated

That's the plan, thanks for the suggestion!

Gave +1 Rep to @silent laurel

They provide it for free or $1 from time to time, buy one and see for yourself. Webapp pentest course is currently just $1 until July.

I think the BOF part in PEH is one of the best intro to BOF for a beginner

I suggest Jeremy's IT lab playlist in Youtube, it's for CCNA 200-301 but it goes in depth, good material for learning.

Certificates, in the case of THM, don't prove anything. They show that the material has been completed, but does not do verification. I, personally, would leave them off the resume. Maybe make a LinkedIn post every once in a while about major path completion.

Great! Do you have any suggestions on how to go about getting proper certification or will I need to go to college?

There are a lot of certifications in IT and cybersecurity. You don't necessarily need a college degree. It's important to know a little bit of networking, Linux and Windows and then to build on that with security training and there's a lot of certs available for those if you want to pursue them. Security+ is one of the most in-demand cyber certs for people new to the field. There are other, more advanced certs as you progress

Ah I see, so I just need to got test for it then! That’s good to know! Thank you!

Gave +1 Rep to @rugged delta

Yes, there's a certification exam for it. There are lots of other certifications you can pursue. A certification confirms that you've achieved a certain standard with a particular technology

Got it! I appreciate it!

I've checked out his content and I liked it before. I'll do that again, thanks!

Gave +1 Rep to @gilded prism

Did anyone answer this? I'm sort of in the same position unfortunately

@turbid schooner not yet bro. I am still finding what to do.

o7

good luck my friend, and ping me if you get an answer. 😅

@turbid schooner alright

This is largely dependent on country. What may or may not be dependent on company is it doesn't matter what you start with, that isn't set in stone. Since you say fresher, I assume you are in India and I can't tell you if they hire entry level penetration testers. If you can, try to see if you can find a cyber group on LinkedIn or similar

They mostly don't hire entry level pentesters in India, except if you want to work as a intern pentest at startups, there's lot of opportunities.

do they hire entry pentesters in the USA?

to set your expectations, pentesting is not an entry level job

entry level jobs are like IT technicians, sometimes SOC analysts, junior developers, stuff like that

an entry level pentesting job requires some years in IT (in my area, they ask around 2-5 years depending on what IT domain you focus on)

*rarely

@dense dagger So should I go for SOC analyst before pentesting to get hired as an intern/entry level. And after having some experience in SOC Analyst, I would go for pentesting.

@gilded prism I am thinking that I should go for the SOC analyst first then pentesting because it might be easier to get hired in SOC analyst. Please guide me.

If you show enough aptitude through various other ways, you can. Also if you are in college, you can get some quasi experience through internships. Some companies will hire entry level pentesters. Also to set expectations, pentesting jobs are like < 5% of the available cyber jobs. Other jobs are just more plentiful.

I'm 20 years old and making the switch from doing construction into IT. I got my Security+ certification in 3 months while working 7 12's. Should I spend my time getting the A+ and Network+ or try to get an internship somewhere? I've been told companies will take me on and pay for more courses, but from what I've been seeing, all the places near me want someone in their 4th year of college. I don't personally know anyone in this field and just need someone to point me in the right direction.

Internships are, more often than not, for students in higher education. You can already make the jump to full time employment in IT. Look for helpdesk roles.

Gain some relevant experience there, year+, and then look at making another jump into a more security centric role if that is what interests you.

Sounds good thanks

The Network+ would be good for understanding how networks work at a basic level. The A+ is really very basic info and there are a lot better books/courses to learn the basics of how computers work. I'd suggest checking out the Tribe of Hackers books. They're a collection of books of interviews with people who have experience in various domains in cybersecurity. They're about $15 on Kindle.

Also, check out the THM blog and success stories that some people have had using THM to learn cyber
https://tryhackme.com/resources/blog
https://tryhackme.com/resources/success-stories

Appreciate it, I'll look into it

Do you include vocational or junior college as higher ed?

Vocational would be apprenticeships, iirc. Junior college, I'm honestly not sure where that would fall.

Higher education, to me, is Undergrad, Masters, and PhD

I see (and have interviewed candidates) from jr college and vocational college for internships 🙂

Oh, cool

apprenticeships are usually a separate thing, and are not tied to education in most cases

there are times where an apprenticeship and education is concurrent, but often, apprenticeships are industry run and not a function of academia

I see. I've only seen apprenticeships in relation to vocational schools or straight up trades

trade apprenticeships are more often than not tied to a union

I think ive come across a couple IT apprenticeships, but I didn't look into them too hard.

My only reference for junior college is for sports, I didn't realize that junior college was really a thing outside of that.

junior college and community college are basically the same thing, it's a regional naming convention as far as i can tell

I see

For us in New England, Junior College was a separate thing from Community College.

Hockey players utilize it a lot to try to get into DI programs and a chance at the AHL/NHL

How much salary can I expect as fresher after doin oscp course? Can I get job just only basis of this certification and relevant skills?? (Not showing my formal education (schooling, graduation))

Do employers care much about the free CC certification from ISC2? Is it worth my time?

Is it free? Does it not require a 50$ yearly fee to be a member of ISC2?

It does.

well, the course and test are free and $50/year is a lot less than most certs

But other certs have value...

I'm only doing it for the course material tbh

I'm not too sure about the value of ISC2 certs, cc @quick forum ?

CISSP is one of hte most sought-after security management certs

it's not uncommon to find everything from higher SOC analysts to CISOs holding it

Hi, I'm looking into studying for the OSCP cert and was wondering how valuable that would be in the industry. I have no previous IT experience or college degree and I'm not sure how credible it is when I dont have professional experience. I find a lot of reviews online about it being credible but I feel like not having a college degree and 0 experience would deter me from being able to find work? Would it be better to start off with a cert like Sec+, get a job as an analyst or something and transition into a pentesting role?

I should mention I'm 19 and I feel like that's a huge deterrent as well due to immaturity

Pentest in general is a fairly high risk security activity - it is very very rarely given to people without a demonstrable history of trust.

I would recommend a jr college or self-study to get started. OSCP has some soft dependencies on understanding some fairly technical ideas about networks and computing before you get to the actual content.

How would you rate your coding skill? 1-10?
Sys admin knowledge and skill? On Windows? On Linux?

I haven't programmed in a few years but I understand basic concepts of it so not 100% sure.

Sys admin knowledge on both win and linux would be like a 6-7

i'm looking at certs because if this career isnt something I end up doing and I switch majors halfway through I don't want to be 50k in debt. If I can garner the necessary or same exact skills in a cheaper fashion than a college I'd prefer that. I have the drive and passion to learn but I simply cannot afford college in the current US economy and my pay rate.

So you have a good working knowledge of GPO and how to apply them to various systems; and you understand, at the very least, the material of RHCSA? A community college absolutely shouldn't put you 50k in debt, unless you do something very very silly with loan applications. Community college is typically less than $3.5k per semester for a full course load.

If you think you have the skills already, I recommend starting as a junior or associate sysadmin

I'm gonna be 100% honest everything I have learned has been through self teaching. I have 0 certs or formal education. My issue wouldn't be how hard I have to work to get there its just how hard would it be to find a job with no professional experience

Does anyone have recommendations for a good Security+ guide? I see lots of options, but would like your opinion on which may be the best.

I might be jumping the gun w trying go pentesting first but its the path i'd love to take

and with this thats 3.5k per semester vs a one time 1.5k on oscp

I appreciate the help and I'll continue to research before I make a decision

I think red hat charges $400 for the RHCSA exam - it's very highly regarded as a sysadmin cert - other popular certs for every level are Net+ and Sec+. A+ is seen as being 'lower', but I think if you are starting on help desk and don't have a background in customer service, it covers a lot more than just the hardware that goes into a PC

OSCP is very likely beyond your current skill set from what you've said

So even if i paid for their learning course it wouldn't be worth?

And, a cert that expensive should be paid for by your employer, rule of thumb is that they add business value to your role so don't pay for them yourself

unless you absolutely have no background and need an 'easy' way to demonstrate basic competency

their learning course probably doesn't cover all the background you need to be successful

it used to have one of the highest first-time failure rates across all IT

I can supplement learning though, correct?

i'd use the whole year to its extent

If you want a have a social life or engage with things that aren't OSCP, I cannot recommend it

alrighty thank you

Gave +1 Rep to @flat sedge

This is just my opinion though; the content has changed since I took a serious look at the content, others who have taken the exam recently may have different things to say about it

Understood just trying to gather info atm

more opinions the better

Hello guys I have an interview with a company that requires "Experience across Windows technologies is key" and I'm quite confused to what that might be as I've heard different answers...

Windows server/AD is what I would imagine but depends on the job, may mean desktop management as well

if its for a security job probably active directory, windows firewall and maybe a SIEM

it's IT Technical Support Analyst for an ERP company

i would correlate what you put on your resume that you applied with and what the job posting has on it. they must have thought you might be a potential hire based on the intersection of these two things.

Internship?

Most internships require you to be enrolled in college

Hey guys, I'm currently an IT technician in Arizona and I'm enrolled in the BS cyber program at WGU. I have my triad, ITIL, and project+ done and should get Linux essentials and Cysa+ in the next few months. I'm also an avid tryhackme player and while I don't have a homelab yet, I do have a plan for one. What should I be doing to make the jump from entry level IT, to entry level security?

What you need to understand is that cybersecurity is not a pursuit for someone with very little or no IT experience. You need a good grasp of real technical things like how servers and their operating systems (Windows/Linux generally) and networking devices like routers, switches, firewalls, load balancers function, how they scale, how things like Active Directory work, understand how complex systems like email function, have an understanding of web browsers and web servers,

The OSCP is considered a highly challenging cert. If you look at the paths people have taken on YouTube, they're generally studying and practicing 4-6 hours or more a day every day for 3/6/12 months depending on their prior knowledge and experience. They usually already have a good understanding of all the things mentioned above and have several years professional experience in IT/Programming with other certs and/or years of academic experience and dedication.

As a beginner, you should spend some time on Try Hack Me, subscribe and do the learning paths and see if this is for you. After a few months of practice and learning you might feel you can start to tackle the OSCP, but it's not a cert for absolute beginners to computing, at least I couldn't recommend it as a first push and employers would be reticent to consider you with just that if you have no other interest in IT or cybersecurity

I had a position as a support specialist for an ERP company, but I think it was a more traditional customer support role rather than analyst and they had a similar requirement. The things Windows related that were apart of the job were troubleshooting issues, knowing how to remotely connect to machines, event viewer logs, restarting services for most part.

hopefully that's what it is because I can work around those things but for example Active Directory I got very simple knowledge about it

You can learn quite a bit about Active Directory on THM

The red teaming path is great for that

hello friends

please give me path for cyber security

hi