#cyber-and-careers

you never pass an audit, you survive it

you have to be emotionally divested from your job and work to be successful in compliance

But still, pentesting is my goal for now but maybe after a while lets say after 5 yrs, I could pivot to CTI or something else, most likely blue team

Ask yourself this: Can I be perfectly happy being paid absurd amounts of money to dig ditches all day every day? If the answer is yes, then compliance can be your jam

IMO start with CTI and blue team then pivot to pentesting.

mmmm i get that, its a lot of work just to make the compliance stuff be passable

More availability there, and it gives you time to build the necessary trust to not put an org at risk during a pentest.

I've also been thinking about this but I'm way in too deep, im already on my OSCP course

One of the most accessible frameworks for compliance is PCI-DSS which is still nearly 300 requirements; it's a pass/fail audit, and failing any of those requirements with insufficient controls means that the org can fail the entire audit

Yeah, ive seen those. Especially interested also with GDPR and how its super strict

Right now i focus on vulnerability assessment and some pentesting on application security but also wanna know what you think I can pivot into

and not just pentesting in general

im not thinking of leaving yet but also thinking of how I want my career to be and planning it out i guess

GDPR is different, as it's a regulatory thing to be able to do business in countries that have adopted it. Many frameworks are adopted based on industry, not by country.

One of the more ruinous clauses in GDPR is that if a company expects to do business in the EU, they absolutely have to adhere to it.... if they don't, the fines can be pretty ruinous. Say, for example, a company doesn't even expect to do business in Germany but has German citizens working for them in the US. That company, under GDPR rules, is expected to adhere to it.

Jurisdiction in that kind of case likely won't go any where unless the company is also doing business inside a GDPR-required country.

If you want to look at blue team, you could do vulnerability management. Part of that is ingesting pentest results (internal and external) and opening dialog with product owners to remediate findings

Yeah, ive read that there are some companies that are pulling out of Europe because of the strict regulations

It did happen; part of that was the company wasn't doing enough business there to make the GDPR requirements feasible for the company

I'll try looking for similar jobs here in my country just to open my options

vuln mgmt is usually a senior role though; splunk + wireshark is a good place to get a start in a SOC

I'll get into those, maybe do some religious learning on blue teams through THM

splunk has, from what a i hear, a very nice free ceritification

it is free though, so it's extremely accesible and I don't think it has a proctored exam. But in the SIEM world, it's about as good you will get without paying through the nose for product-specific training

I see people recommending on focusing on one security domain and learning a lot of it first, what should I do in this case?

yes

Yeah, the catch with the free version is ingest is limited. I think it's only 500MB of data a day? At least it was when I used it in Uni. Then they lock you out if you go over.

much like computer science, go deep in one area and you will be surpriscd at the cross applicability in a few years

I need some advice on my masters program. I have my bachelors in computer engineering. I have a day left to make a decision, between UMD and USC, in cybersecurity.

how much work experience do you have? Honestly for masters, it won't really matter, it mostly matters that you have some work experience before you get a masters

Just have about a years worth of exp, 6 months in data warehousing and 4 months in infosec

ill be an international student for my masters, mainly doing it because of the lack of opportunities where im from.

USC
https://catalogue.usc.edu/preview_program.php?catoid=16&poid=21332&returnto=6360
https://mage.umd.edu/cybersecurity

UMD^
Just linked the curriculums

So you will be doing it in the US?

yup

well Los Angeles will be a lot pricier to live than Maryland. But a lot of the contacts that UMD and employers near UMD will specifically want US citizens

but on paper, the UMD program looks better to me

Yeah, that's something I was wondering about, In LA would you say the job opportunities would be better considering im not a US citizen?

Honestly, I don't know. I'll say a lot of jobs in the Maryland, DC, Virginia area will be specifically supporting the gov in some way which will want a US citizen. There are less of those types of jobs in Los Angeles and instead you have financial, entertainment and some other institutions

Alright! Thank you so much for your perspective, it was really helpful!

Gave +1 Rep to @pseudo creek

There are still a lot of government-contract jobs on the west coast; IIRC JPL is there, there are several DoD projects based in that region. Cybersecurity specifically might be a bit thin in comparison to other engineering programs but they do exist

Yeah I'm aware, we have a few offices ourselves but it is way less saturated

I just didn't want people to get the impression that the only place to go for fed contract work is DC 🙂

Ahh got you

JPL, the shipyards, LM has a massive facility, Vandenberg, PNWL, Lawrence Livermore, Sandia (Cali), SLAC, Lawrence Berkeley, etc etc

I'd say every state in the country has gov contracts

For someone trying to get into a security analyst position, what would the top three skills/certification/qualifications be outside of high level certs and government clearance? Like, what do the algorithms filter for when applications are submitted?

Saw this on my LinkedIn some of ya’ll might make use 🙂

oof... I'd say whoever made that is pretty questionable but what do I know...
You don't need a linux cert, Server+ isn't useful. PNPT is more equivalent to OSCP than eJPT. And in fact, I'd say ignore any of the INE certs.

Do not get Cloud+. You do not have to be comfortable with powershell to go down the cloud security path. And AZ-104 / AWS Certified Solution Architect Associate is more useful than either of the cloud certs listed.

Yeah I saw it and thought to let people know and make their own minds. I’m personally heading towards PNPT and some COMPTIA (A+/Net+)

I think security analyst is broad but if you are looking at something like SOC, I'd say Splunk is pretty critical. Security+ is a solid cert and covers a good breadth. And I always say throw a cloud cert in there.

yeah I just think it is bad information. who posted it?

Can’t remember, one of my connections reposted

JavaScript be like: 😢

Ima probably go down the network pentesting route as I hate (with all respect) Web and API testing

OSWE and GWAPT are very different

I'd say OSWA is more close to what GWAPT teaches

its hard to avoid web pentesting if you are a pentester as all apps these days are basically web

True, Ima focus on network but get some web app just in case then

What are your opinions on BTL1?

Thanks, I've got sec+ and CySa+, which stack into csap. I was just looking for the next step. I guess network or something cloud would be good, maybe a OS cert too

Gave +1 Rep to @pseudo creek

Hey, would really appreciate if someone could answer my questions:

1. I was thinking of taking Sec+ cert, i have background in IT and currently studying CyberSec aiming to be an Ethical Hacker/Pentester. Could anyone tell me if its worth or should I just skip to C|EH (I know its a basic cert)
2. About the Google Cybersecurity Certificate, is it worth it?

It depends what country you are in but... Security+ has way more value than CEH and 2. No

Although someone did say you get 30% off the Security+ if you do the google cyber certificate so that does have value

Appreciate the answers

I personally would skip ceh. Companies are starting to realize that it’s an overrated cert, at least what I’ve seen

Thx, appreciate the answers

Yea, maybe i'll do that

I would still recommend oscp since that’s widely recognized

Thats my plan in like 1 year

Really wanna take it

Cpts from HTB as a more realistic environment. + I’ve seen multiple people say it’s harder than oscp

Also got that feedback

I did eJPT, doing eCPPTv2 right now since I’ve already bought it

Will probally take it after OSCP

If I knew I wouldn’t have finished it by now, I wouldn’t have gone for it

eJPT is also in my plans, heard it wasn't very good unfortunely

EJPT is good for basics

Was a very easy cert for me since I practiced a lot before that already

Was very active on HTB, got pro hacker back then

But took like a 4 year break

The only thing it helped me with was pivoting

Want to get into HTB after i do everything "relevant" in THM

HTB is way harder right now

Could you tell me how did you practice ?

I’ve bought the platinum subscription on academy now, saving some boxes to buy both the cpts and cbbh path, and then buy some of the interesting modules

Like I’ve said, did many HTB boxes so had a very solid foundation. Worked through all the course material and did all the labs

Was afraid of the exam since I didn’t do any before that

But it was extremely simple imo

But that was ejptv1, I don’t know how difficult the v2 is

Yea, i think that its better to start thinking about certs in July or something

Really appreciate the convo

There’s many ways to practice now

Yea, almost too many

HTB academy is my best recommendation, tcm and thm courses would be second

Also heard about that, even for preparing for OSCP

Proving grounds I’ve heard was fairly comparable towards oscp

Yup. I’ve seen multiple people say cpts is more advanced than oscp

So my plan is to finish cpts after eCPPTv2

So I’ve built a solid enough foundation for oscp

Think that is something that is still kinda advanced for me. Not rushing anything, I'll take things at my pace

I of course don’t know your foundation

But there’s many sources to practice compared to years ago

Would consider myself intermediate, not really a beginner

Which is great

EJPT would be easy for you then, it’s very foundational, at least that’s what it used to be

And cpts should be a nice challenge, and much cheaper than other certs

Yea, i'll see

Im more of a hobbyist, perhaps will turn it into work someday

I received a job offer for Junior Pentester, and i'm waiting for a response but tbh i think that i don't fit yet

You should take it either way! I’m sure you’ll learn a lot on the job

I did take it 😁

That’s great, congrats

Now waiting for a response, the HR manager said that the process was on-hold, so i guess i will have to wait some time

Ahh alright. How did you get the offer?

Randomly through Linkedin

what do you mean? like did you interview and such?

Yea, did a little interview on Teams

Not a extensive and asking technical questions yet

so do you have an official offer? or are you just in midst of hiring process?

and reason I ask is there are a lot of scams out there, people asking for SSN and/or money, so when you said the offer was through LinkedIn, I got concerned

Ah I see. If it’s a trusted entity then that’s great! Many people would be very happy to get experience as a junior.

Thank you to everyone that reviewed my resume

Sorry for the late response. But yea, initially I also thought that it was a scam but no. Its a legit enterprise, it has a physical facility

I'm very happy. Will be even more when i get the answer

For me its like those scenarios where its too good to be true. So yea, i'll have to wait

Understandably! Hope for the best

#cyber-and-careers

For someone starting in this field is ejpt considered a good entry certification ? Would you choose another one instead ?

I would say Security+

Thats interesting, im finishing up the isc cc, that seems to be lower than security+, before i move on to the next one. But i would like something more pratical than those.

I wouldn't say ejpt is practical. Security+ is widely recognized

It does teach the basics

Well it is a practical exam

• it has labs, at least it used to have labs

But true, sec+ is a good choice

I thought it was supposed to be super basic and was multiple choice

What if I skip security+ and get something else.

I think thats true, they are multiple question but you need to perform pratical stuff to find out the answers...(like crack some hashes to find out a password) or just guess i suppose

Sure, what is your overall goal?

The core goal is to get really good. To make it more career focused, lets say work at nVidia's cyber security division. It feels like doing everything properly is slow, if you know what I mean? I don't want to work as a help desker.

Well that is very focused but what kind of role?

I mean, do you have any prior professional experience or a degree?

Either, sometimes both, are more often than not required to get into security roles.

It is basic

And multiple choice

So that’s correct

True, I was following some who did work for Nvidia as an RE, she was extremely skilled but she had quite a few roles before then

But to answer those mc questions, you need to apply what you’ve learned in a practical manner

I did it years ago

For basics it’s good, not for getting a job or anything though

Something like this would be the end goal or a job like it: https://nvidia.wd5.myworkdayjobs.com/en-US/NVIDIAExternalCareerSite/job/Israel-Tel-Aviv/Senior-Developer-Relations-Manager---Cyber-Security_JR1966593 developing something that's used in defence would be cool.
Or the DFIR that responded to the LAPSUS$ group, not sure they are hiring right now though.
Pentesting doesn't sound as fun as shutting down APT groups attempts to do anything.

Not sure if being a C++ software engineer counts but I've been doing that for 5 years. I also have a CS degree but it's not the best.

Well I mean it lists various things you would want to know

That's just example, I don't live in Israel. Thanks for helping me.
I think from our conversation I see that all the career advice is mostly generalised stuff especially all the YouTubers who give a path into security. What I can instead is take a more specific actions to get me role I want, based on what I want and where I'm currently at. That's given me a lot of motivation.

Gave +1 Rep to @pseudo creek

I'd say Security+ is still a solid cert for any cyber role. Splunk has a few certs that are useful if you want to go into detection. Also www.DFIRdiva.com will have some useful information as well

Good day house

I'm new hear

I am new in cybersecurity looking for connect

You are welcome and I’m also new here

Totally, I'm actually learning Security+ stuff, it's pretty solid, it's adding and reinforcing a lot of the stuff I learnt in the SOC 1 path. Thanks for the suggestion of other certifications I will give them serious consideration.

Gave +1 Rep to @pseudo creek

Thanks for that site rec!! What an awesome collection of training resources! 💖💖💖

Gave +1 Rep to @pseudo creek

Can someone please give me some quick advice on this?

• Manage the system - what system? what technologies?
• Undertake tasks outside of my job - what tasks? why are they useful?
• Activate cards - what?
• Create dashboards - what technologies?
• Analyze data - what technologies?
• Add new users to the platform - this could be worded better and condensed into smth like "user management"

Experience trumps education, it should be first if you are currently working in industry. If you have not yet graduated, it's fine to list the school with the annotation of "expected graduation xxxx". "Analytical Thinking" really isn't a skill. How would you demonstrate this? In academia "researched" has a very specific meaning; if you didn't publish a paper in a real journal, I recommend not using that word. Try to condense every subject into an elevator pitch. Every category is a bit busy.

hello everyone i'm new in Cyber Security.I've knowledge about Computer Hardware,Basic Network,Basic Python,Basic Linux. I want to improve myself but there is many fields in cyber security i don't know how and why should choose a field. I can't pay CompTIA certs because it's expensive for me(i live in Turkey).Which field is beginner friendly for Entry level job?

What do our experienced fellows think about Google new CyberSec cert?

Just the same as the new ISC2 CC cert but has more coverage of different topics

Good way to study for Security+

It's also not a certification, it's a certificate of completion

Going for an AWS Cloud Practitioner cert, what do y’all thing about it?

it is pretty basic, don't spend too much time on it... usually a couple weeks of studying, you should be good

depends for what you want the cert

Lovely to hear. Thank you pretty much

Gave +1 Rep to @pseudo creek

Well, it would certainly pair up nicely with my sec+ cert. whatever I use it for my cybersec knowledge and practice on cloud computing and servers, or get a sec-oriented aws job

generally you'd want to go for AWS Solution Architect associate to really do any work on amazon

yeah and find some home projects to do with it

So the cloud practitioner is like the A+

the test it self is more of memorizing for what is which service used

its more like 'what is cloud'

Oh alright

Well thanks y’all for telling me. I will definitely check out the Architect solution

……….

Also, as I’m finishing my highschool(Graduation in a week), which job titles should I go for with my sec+ and THM “experience”? Should I go for a helpdesk position and then build off of relations and networking there?

sure

Azure you’re the best Community mentor (No shadow thrown on Shadow)

I just agree to whatever people say... 🤣

Here’s a birb I saw for you

Ty, hard to tell if YouTubers are being paid or nah

well youtubers do get money

the biggest benefit of the google cyber certificate is you get a 30% off Security+

I’m working through it rn personally. Doesn’t look to bad to be fair

well I mean, you can watch all the videos for free, I'm not saying its bad, but for job value and what not, there are better ways to spend your money (unless you plan to get the Security+ then for value, seems like a decent value)

I got it sponsored through a charity soit is fairly good and am looking at Sec+

just remember overall, certificate of completion do have limited value with employers

It's only 44$ tho

in my country thats like atleast 10 meals

Well considering a course like Security+ being 4 or 5x more pricey, Google's one looks a way more valuable when you relate Price-Value

It's not a certification though, as Zojja has mentioned.

Certificates != Certifications

and you can audit all the material for free, if you don't plan to get the Security+ certification and use the discount, then it may be best to just watch all the videos/do exercises and not pay for it

The price of a cert is generally not taken into account. A certificate can be granted for anything, in the case of the Google one, it's for completing its course. By the way, it isn't $49, it's that per month. They reckon the average completion time is 6 months and that's around $300.

In their FAQ, they say it would help you prepare for the Security+ but not that it covers everything including in the Security+ so you might still need a book or a course or to use Professor Messer to make sure you cover everything needed for that one.

The certificate is just to show you've attended and finished the class. It doesn't measure your ability to understand and use the information the way a certification like Security+ or SSCP would. A certification is created by a certification body and generally they would be validated by qualified professionals and specialist organisations in the industry. While I'm sure Google does have excellent security people in charge of the course, it's not a qualification

they also recommend you take 6 months to finish it, but sure you could blast through it in a month... if you take multiple months, it is more than $44

With all respect but how can someone take 6 months to do it

They estimate a few hours a week. They realise people have other things going on in their lives (whoever these people are need to identify themselves )

You can definitely cover the SSCP or CISSP in 30 days if you work at it

I'd say the same for Sec+

also it depends how much you already know and how in depth you try to learn the subjects

Considering the 30% discount and the fact that they cover Sec+ exam topics, it's defo worth the time and money if you can do it in 1 month

well you could also go through all the videos/exercises and what not for free, then go back and pay for it, take the quizzes

to ensure it only takes you 1 month

Why don't you pay a month for it, skim read through all the topics taking down notes, then go through your notes and revise and then rebuy it again as zojja said

Or just go on Professor Messer and prep for the Sec+, then take that...

but there is a 30% off Security+ coupon

which is why it may be worth it to pay for it

I'm not saying that Google Course is better than Sec+, i'm saying that it prepares you well, review Sec+ topics, and also gives you that 30% discount

it gives you a 117$ discount on Sec+ while "Studying" for it

Yeah but you'll probably spend that on the course anyway. It's entirely up to you how you do it

I think that Security+ is too theoric, i've heard that Google actually has labs and stuff, I think that it prepares you better for a real situation

Yes but Sec+ is really in demand by hr and recruiters and lights up your CV/Resume

I've looked at the Google labs, they weren't very impressive

but its just a way to get you thinking

repetition helps with memory... I wouldn't consider it a failure

Gave +1 Rep to @pseudo creek

Hi everyone, I am new to the security field. I am an internship at a company that distributes security solutions. My task involves researching and implementing security solutions such as firewalls, IDS, IPS, PAM, SIEM, SOAR, WAF,... from various security vendors. Could anyone give me advice on which learning path on TryHackMe would be suitable for me? I have already completed the pre-security and Introduction to Cyber Security part. Additionally, what other areas should I focus on to enhance my skills for this job? Thank you in advance!

I got the ISC2 CC today! The test was actually quite a bit more challenging than I expected. Probably should have studied harder but I still passed! 😄

There is a theory called the Ebbinghaus Forgetting Curve that suggests that even after 20 minutes of learning something new we have retained only 50% of that knowledge and that after 1 day it is only 30% (you get the idea). Simple repetition won't necessarily cut it, particularly complex topics like compsci. The best route is to go for deeper understanding. At the end of the day, are you able to clearly and concisely explain the topic you are learning about to someone else who hasn't learned about it? A good test is can you prepare some questions based on the topic itself? Source: Was a teacher for 10 years

Usually failure is the best teacher 🙂

Spaced repetition is key for concepts you can quiz yourself on, apps such as Anki flashcards track this for you.

You dont need to remember every single thing for Cybersec so take good notes you can go back to when doing practical things, such as a challenge room.

Find out how to Google things and figure things out. Like what do you do if a command fails?
Do you have a methodology for approaching challenge rooms etc?
Can you summarize a concept you learned to someone else?

I think you should focus on learning how to learn before you progress more into your learning path.
Figure out what works for you!

Note everything down!!! when you forget something, this (your notes) is usually your first point of recall

and one thing to remember is you aren't expected to know/remember everything off the top of your head

It's always good to remember the fundamentals and basics, but to be honest your gonna have Google with you most of the time - mastering the skill to research is worth a lot more

I’ll be talking to a U.S navy recruiter today about cybersec jobs in the Millitary

Don't rely on ChatGPT. It's often very inaccurate or absolutely wrong and you'll have to validate everything it says. And don't use ChatGPT to do your assignments or make your notes

Best of luck with it. Their training should be top notch

Thanks mate. Although I’m aiming to srr if they have a good full-time study while working and gaining experience programs

Gave +1 Rep to @rugged delta

just follow the one rule... all recruiters lie

Of course they do. They’re business brokers for the millitary

even if you test high enough to go into a cyber role, there may not be an opening (or others tested higher) so you could be placed elsewhere

I mean a U.S submarine was just recently hacked by China

Meh

But yeah still

It will take me like a year to het where I want

one benefit of navy is all the ports are in pretty decent areas, even Chicago aint bad

like Army cyber is A++ but you can be stuck in a desert

IMO if you want to be on the cutting edge of cyber and the military is what you want, Air Force academy is probably your best bet

^

I’ll be checking both the navy and the millitary

yeah Air Force then Army is how I'd rank them

I've heard some good things about space force as well, but nothing really concrete

My counselor said I seem like a fit for the space force💀

Athletics, smart, curious💀

I know she’s trying to push me

since Space Force is new, I haven't worked with anyone there yet

I’ll surely let y’all know how the session goes and take it with a notch or 2 down

Can someone give me some advice, I really need advice from experienced people to know what to do next... Thank you very much!

SOC Path 1 -> Cyber Defense

I wanted to express my gratitude for taking the time to respond. Your advice have been extremely valuable to me.

Not sure where to post this lmao. I am looking to build a new setup. What makes a strong build for pentesting? What should I keep in mind when putting it together

#infosec-general probably but a lot of RAM and a very good CPU

beefy GPU if you want to get into cracking

Okay thanks!

Gave +1 Rep to @dense dagger

I come back with updates

Not worth it for me

I’m better off attending conferences and joining a team near me

The recruiter was a beautiful guy, very chill and cool and professional

Hey I have started to hunt for jobs ( i live in India ) , how much salary I could expect as a fresher

And does it really necessary to get certificate like ceh and other for freshers like me , coz I can't afford the certificate yet

To become a pen tester(hacker) what are the steps to become one?

If you want to learn more about ethical hacking, visit #start-here

🥲

hi

is it cool to ask for some help/reffer or like recommendation(?) from a cousin whos been working at same company for like 10+ years that i'm looking for to join? @pseudo creek

yes, I'd give them your resume, tell them what you are looking to do and ask if they could keep an eye out

thanks, i am kinda shy to ask like from him haha, hope everything will go well with me

Gave +1 Rep to @pseudo creek

Hi, can i post a link to a free webinar that will talk about cybersecurity career ? i just found it and would like to share

Y’all have your pick at my first cybersec resume

I have no official job experience so I leaned heavily on the rooms and challenges I did on THM

It sounds like you are about to continue on here, where it just abruptly stops

Consider possibly changing it to something like I am also pursuing a degree in Computer Engineering at university.?

You’re right

It sounds cutoff

Other than that, I'm not qualified at all to review CVs but I can already see subtley and Zojja typing away!

It's not an email, it's a resume, don't start your intro as one

It's a good start. A lot of orgs are looking for people with Sec+, but you don't have any other real world or academic experience yet. It might be worth your while to do some form of tech support or QA to start out and maybe get some experience working in IT along with some other Windows/Linux/Cloud skills.

I'd recommend you take a look at the Tribe of Hackers books for a little advice in how to round out your skillset

Tribe of hackers? Sounds lovely. I also don’t mind getting a helpdesk job as my first step but I’d like to try out my chances

Living on the east coast U.S if that helps

It's a set of books from Wiley. They're reasonably priced on the web and frequently show up as part of a Humble Bundle collection

Resumes are supposed to be impersonal, basically write about yourself as if you are writing about a plant in biology.. state the facts, don't use I, trying to get out critical parts in a concise format

Hmm I do get you

Might be worth finding a hackerspace nearby and getting hands on with some things, building a home lab, etc

Make it less of a letter to a friend and more of a report about yourself

I can actually make it shorter and easier to read with this. As well as jam more info in there

I’m definitely looking at attending conferences this summer

Search for a resume sample on the web and style yours the same

Thanks y’all. This was actually helpful. You can keep picking at it all you want

BSides is pretty small and in a lot of cities worldwide. Then there's big ones like Def Con. You might need a group or a parent/guardian, especially if you're not comfortable or experienced with these kinds of things. A local hackerspace would have people and facilities to guide you and talk about the ins and outs of such events

I could take my sis with me she’s pretty much into tech(computer engineer) but I went to a navy recruiter alone yesterday so I feel good

8 days until graduation

I think you should definitely discuss it with your folks and not just make decisions based on what you hear from strangers on the internet

Thank you all for this

Alright y’all, updated version

This is ugly. "Pentester/Help Desk Analyst" is not a real thing. Is this supposed to be what your current role is? Is it what you want to do?

If you are currently enrolled in a university or vocational education program, that should be the first section if and only if you don't have any IT work experience.

Is the "Projects and skills" section just a bunch of rooms you've done on THM? Do you contribute to upstream projects? What original projects have done that demonstrate some amount of skill and knowledge?

"Education" and "Certifications" are not the same thing. Break them into different sections.

This is one of the most eye bleeding "skills" sections I have ever seen. Just list a few things you can talk about intelligently, this kind of ranking would put your resume in my 'do we have any other alternative candidates" pile

Noted.

I still have 8 days until I graduate highschool and get a job for the summer before uni starts

What that geometric background is, I strongly recommend you remove it. Most hiring managers that i know will not see that as a favorable presentation.

Don't provide stars for your skills

Pentest is also not entry level, even for security. If you want a pentest role, you need to structure your work in such a way that you develop the skills and knowledge for it. Doing a few rooms on THM on the Jr Pentest path is not enough preparation.

Everyone has different scales

I’ve also been participating on CTFs, will organize and list those

Back to the drawing board we go

Use something like AwesomeCV

It's fine to list that as a personal interest, CTFs you participate in are not Projects and they are not Experience.

That resume is really blinding and honestly a jumble to look at

Yessir

Moose is being much nicer than I am.

Can you really put "enumerating open ports" as a skill?

I wouldn't be too proud at being good at phishing.

Lots of wasted space here, no reason to have a 2 page resume, never ever use a grading system for skills

I’d suggest not having entirely lowercase skills next to ones starting with capitals as this makes the cv entirely look off, and like others have said the rating of skills probably isn’t the best thing to do .

Got it. I’ll revert to using the first resume while I make a better one

In fact, wait

Wait

Sorry for that. Need to do proofreading

hey tomorrow is my interview for intership

any tips

my first interview

Be cool, calm and collected. Make sure to know about the topics that you've listed on your resume to hold a conversation regarding them. I would say try to be more relaxed since you're talking to another human and try to play off them and what they're saying. If they are more lighthearted and playful, try to match the energy.
Keep in mind that it's an internship, and that it is okay not to know something regarding a subject. I'm sure they will appreciate it that you know your limits. Although, don't outright say "I don't know" rather try to articulate it in a manner where you might have heard of it in X context etc. Internships as far as I've seen heavily rely on your character and will to learn rather than you showing that you're the most experienced person they've seen.

^ yep, I found that the interviews that I did well on for my internship search were really dependent on sounding passionate about my projects and in being interested in the work thats done at the company, as opposed to just knowing everything technical.

🥲 they give more priority to applicants with certificates like CEH , in this situation what should i do

i feel more confident after the interview btw

i really want to know whats the alternate of costly certificates

Smaller companies potentially. But there isn't really an alternative. Those certs are often asked for because employees in that role need it to tick a box for compliance

what if i have really good exp from bug bounty , then they will ignore the need of certs?

Maybe you can offer to pass the exam within x months if the employer sponsors it if you are confident?

that seems helpful

I’ve seen job ads requiring comptia security+ but mentioning that the cert can be acquired within 6 months of joining

oooh

Doesn't tick the box for compliance unfortunately

You'd need to do the cert at some stage. Sometimes/often companies will offer to put you through the cert

that i know i have to do it but for a fresher

As Ninja said, if it's due to compliance issues, it doesn't matter whether you can prove you have knowledge or experience through bug bounties, but if it's a checkbox for "experience", then yes, you could make your case through bug bounties/challenges/CTFs. (of course, they're not on the same level, you need to pitch yourself very well)

If I had to take a stab at it, it's probably not due to compliance since they called you to the interview knowing you don't have it. Either way, glad the interview went well!

plus having a cert is totally different to bug bounty

you could easily stumble across something in a bug bounty, but that doesn't show that you actually know any of the knowledge - finding a simple XSS (even though its impact might be high) is not the same as proving that you have the knowledge for everything on that cert

I’ve been thinking about going for another certificate. Should I go for a a CEH or the eJPT?

I really wanna take eJPT because it’s practical but I heard the CEH has more recognition

honestly, I'd go for the PJPT...

CEH is really only valued in India and I think you are in the US, right?

Yes, I’m in the U.S

I didn’t have the slightest clue CEH was only valued in India

Also also

After applying to like a dozen jobs

I got past HR and I have interviews coming up

well it had some value in the US for a while but its a meme cert really at this point

that is awesome

I do see

but honestly, look at this, now that this exists, I wouldn't go anywhere near the eJPT https://certifications.tcm-sec.com/pjpt/

Wow

Just wow

Guess this is the nest step after Sec+

Yeah the TCM certs are really good quality. You can do the first 15 hours of his penetration testing training for free via his YouTube channel to see for yourself

Also I do feel pretty happy about the practicality. I guess it’ll feel pretty similar to doing network rooms on THM

do you have the PEH course from TCM?

You can of course, go right for the PNPT but the PJPT should give you a good grounding and the confidence you need to pursue the PNPT afterwards. Of course, the OSCP, SANS GPEN, HTB CPTS, Zero-Point CRTO I & II are all good options to pursue

CRTO is amazing, only one that has training for Cobalt Strike

I'd like to do it after CPTS or OSCP

I’m looking at the course curriculum.. I might get it within the coming week or so

Giving whichever one you choose a few months of hardcore learning would make it well worth it

I'm going to spend a couple of months on CPTS over the summer and then get CISSP when I'm back working

TCM is changing to subscription model so not sure how much it will be after

Only cos CISSP exam is €1200

for PEH, the AD content is good but the web app content, not so much

It shouldn't be too much different. They'll probably have multiple monthly/yearly options

I reckon the AD and other minor stuff are what I’m not solid on

Still alright although

There's lots of AD stuff in THM's rooms and networks and each of those exams is considered a good source of knowledge for learning AD

if you buy the PJPT cert, it comes with the PEH course

I got the PNPT, comes with PEH and 4 other courses

difference is you can buy the PNPT voucher with or without the courses, PJPT is not that way

Yeah, that's true

And PJPT is probably a good stepping stone before going for PNPT

In any case, the training is good, I would recommend it

Does anyone have any experience with GIAC certs and which ones are worth anything to employers? Browsing their list of certifications is nuts, there’s 50 of them. I know Cyber is broad but that seems crazy excessive

https://www.giac.org/certifications/

They're really well respected. I know here, GPEN seems to have some weight

Not sure I'd pay for one out of my own pockets though

@low wolf I just jumped in here, but Ive got a friend who does recruiting for a marketing company in charlotte. A long time ago I asked her for help with my resume. Her best piece of advice was to keep it short and sweet. I got rid of my cover letter, got rid of these HUGE overwritten Homer-esque epics lmao. I narrowed everything down to job history, education and skills. No giant in-depth paragraphs in MLA formart like a book report lol.

@low wolf She told me that most interviewers and recruiters will just glance over resumes. They dont wanna spend forever reading, they want a TL;DR lol. Thats the best advice I have for you

Charlotte? Oh mate I do live in Greensboro

Thanks pretty much for this piece of info

Oh get out! Im currently in jacksonville nc (i hate my life so much here.) but im moving back in 2 weeks.

Of course may John Hammond be with you xD

Oh no I’m not leaving NC, especially Greensboro. Pretty much one of the best cities in NC. Many corporations are opening their offices here

Having seen Tennessee and whatnot

@low wolf LMAO I didnt mean "get out" as in leave. I meant it in surprise. Im coming BACK to charlotte. I miss it, plus my school is there and my job

Ohhhhhh

I have the chance to go to UNC Charlotte but it’s not worth it considering A&T

My best friend is doing his CS over there at UNC Charlotte

Yeah. Ive got a friend working for Duke Power in IT. Kinda a project manager but hes really a Sr Analyst. I just gotta get some certs and finish one more year of school and ive got a job with him

My man, best of luck buddy and your couldn’t spend a better time without your friend

Dude UNCC is lit! Plus the lightrrail goes from UNCC all the way to south blvd now. So commuting without a car is viable.

Especially at the same workplace

Thank you thank you. Same goes to you man. As long as you, and I keep our nose on the grindstone we will get what we're after

Man I know, but I plan to do a year in A&T in Computer Engineering and transfer to NC State

UNCC indeed is lit

Yeah he would be my boss! A&T is sick too so I cant knock it. Funny, myfriends aunt is a UNC alum, so when I finish my degree, I'm going for my maters at chapel hill(with her recommendation)

You care if I add you as a friend?

Btw do you know what’s the most exciting thing for me?

Oh sure that would be lovely

I might be doxxing myself but

Hahaha

What

Toyota is opening a batteries factory like 20 mins away from my house

Gotta love NC

As well as Vinfast

HAhaha. As if gboro doesnt already have all the Gasoline for the entire state

That Vietnamese electric cars company

Gboro for the win

<(-)>toyoda

FUCK it didnt send right

<(* - * )>

the eyes supposed to be closer

I get it

I wish to go to Japan and just learn what makes them this industrious

I’m not into Anime or anything

Just, what is it in their culture that makes them this hardworking and innovating

Sorry for prolonging this conversation if you have anything on hand but A&T really pinches above it’s weight. My older sister finished her Computer Engineering Master’s there and a guy in her class got hired straight out of the gate with $52 an hour. A screw ton of companies recruit from A&T

If you’re a good engineer from A&T they’ll just pick you right off of the bat

Oh hah it all good man I'm just working on the "crack the hash" box rn. Stumped on the 4th hash rn lol. But dude Ive got nothing bad to say about A&T. Honestly NC education system is big trash, but our universities and colleges are worth their weight in gold.

I can somewhat answer that. I blame it on their traditionalism. Look back at what brought up samurai's and their ideals during feudalism. Without going super in depth, from an outside looking in perspective thats what I wanna assume it comes from

This is pretty normal pay scale for a senior role.

The role might be senior-level cant say for certain but the guy was a fresh graduate

Pretty impressive

Does having beginner certs mettar at all after you have more advanced certs? For example, will getting the PJPT before the PNPT improve my chances of getting a job if I only plan to search for one after PNPT? same with PNPT and OSCP?

And eWPT before eWPTXV2?

And eWPT before eWPTXV2?

This question is one I struggled with. I wanted to do eJPT to make it seem like I know my shit but in truth, very few will hire someone as a pentester without valid credentials like PNPT or OSCP

So I just went ahead and do the OSCP

Why? Two things.

1. It fast tracks me into a job related to VAPT
2. It has big recognition among HR

And eWPT before eWPTXV2?

I do not know much of the syllabus of eLearnSecurity certs but personally I do not like them and the company that manages them.

So if I can afford it, go for OSCP straight away, if not, go for PNPT, avoiding begging certs regardless? Also, just curious, what's wrong with eLearnSecurity?

discord being weird

For me too, sending and getting doubles

And weird delays aswell

INE in a nutshell. Quality has gone downhill in some cases and I believe that the course purchase is separate from the cert purchase

So if I can afford it, go for OSCP straight away, if not, go for PNPT, avoiding begging certs regardless? Also, just curious, what's wrong with eLearnSecurity?

PNPT is a good starting point. It has a harder AD environment (by some testaments) compared to the OSCP exam and overall has a better exam quality of life (5 day engagement with 2 days report writing + presentation vs. 24 hr exam afterwards a 24 hr report writing)

But OSCP is more recognized as a certification. You do see PNPT every now and then in job listings (Heath shares some of them on his LinkedIn profile) but in my area, it's not listed at all. If you are planning to apply as a SynAck Red Team Member, OSCP helps you pass the initial stages but PNPT doesn't if you also don't have the PRCP which TCM also offers

IMO, if you have a job and your company can pay for it, get OSCP. Else, get PNPT.

I wouldn't get PNPT seeing as it doesn't move you forward

Why do you think so?

No recognition

I understand, right now the only certifications I can think of recommending that is "affordable" would be CRTO

But they are vastly different in course content and what they offer to teach

CompTIA isn't bad

I'd say it's more of a learning cert than a HR cert

Certs aren't really very budget friendly. I'd probably look at applying for smaller companies that could fund a cert and are less likely to demand one

Security+ is good yeah I can agree with that

Security+ and CySA+ are what come to mind when I would recommend CompTIA certs that are security related

Pentest+ also, but iirc 8570 is changing so I'd probably do some more research

Mkukn isn't in the US (not that I believe)

yes am not

its mostly either CEH or OSCP in my area

I mean PNPT seems like a solid cert but it is still only on a handful of job listings (in the US), but again I think depending where you live, you can build an online portfolio which talks about things you've done, includes scripts/writeups/etc and that can go a long way

There are plenty of orgs trying to come out with more affordable certs. TCM's training platform is going subscription model but so are so many others but his certs are gaining traction from organisations and pentesting teams. CRTO has some good rep already, speaking to people in various roles closeby and they're reasonably priced.

Even the HTB CPTS is gaining some traction over the last 6 months, though the pricing model is a bit confusing, they require you to complete all course modules (not necessarily a bad thing), and the suggested training environment is part of their premium&advanced tier pro labs, a separate, additional subscription to their regular platform... Like PNPT, it's said to be a little more intense than OSCP. You get 10 days to complete the pentest and submit your report

Hi , compTIA Security+ ? Or network+ ?

¯_(ツ)_/¯

Also guys , if any can answer would be much appreciated .
What would you suggest to do first ? SOC L1 or Cyber Defense ( I completed pre-sec and Intro into cyber security )
What's more , what would be the first certificate to try getting first outside THM?

Similarly to the question I asked earlier, but slightly different, does having any of the "basic" compTIA certs(A+ ITF+, Networks+, Security +) help when searching for a pentesting job if you have Pentest+/PNPT/OSCP?

Ive seen people say cpts is harder than pnpt

For example one guy said:”PNPT was super easy after the CPTS, I was able to complete it in a day, didn't even go through their course (which I hear is good too but HTB modules are more comprehensive). They are different styles of exams, pro labs probably closer to the CPTS. Everything you need is in the modules but make sure you truly understand the material”

For those saying to look at job postings in your area to know what certs you need, based on this posting I should get 10k$+ worth of certs I guess

(Not including the degree)

And get oscp twice

one or more

I know lol, just found it funny that they listed so many certs

I mean it looks like they put on a wide amount of certs to cover a bunch of bases. I don't see that as a bad thing

No, Security+ is a good addition but those certs are used more for entry level jobs like A+ and ITF+ for help desk and technician, and Network+ can be closely related for network-related roles. Some off the top of my head include Network Engineer, NOC Engineer, Networ Analyst, etc.

What role?

Security Reasercher/pentester I'm not certain

These are desired certs. You don't need to have all of them but if you had one or more you would stand out

Pretty conscious that I am just another floater in the sea of entry-level applicants. Considering I would like to go into blue-team roles. Any advice on what I should pursue or how I can change my application next to set myself apart? Been trying to lean more heavily into my experience as a teacher but not sure if I should be grinding away with the job applications or make changes or pursue some training etc. Feeling pretty dejected at the moment but don't want to give up hope as I am actually loving all the learning and knowledge i've been gaining so far. I am based in the UK and yet to hear back from anywhere, I know its a numbers game but it would help if I am moving in the right direction :bigcry:

Is graduation necessary for cyber security
I am currently doing thm paths, and preparing for eJPT or CEH is worth in contrast to degree

Ok, so you need a strategy for getting a blue team role. In order to work in cybersecurity, you have to consider that training and learning new things will be a constant presence in your life, there is always more to learn and understand. This can include platforms like THM, books like those from No Starch, Wiley, O'Reilly and others, courses and certifications, networking with other people in the field, etc.

I would suggest getting one of the Tribe of Hackers books (Blue team might suit you best). It's a collection of interviews with experienced people in the field with advice for your career. Also check out the THM blogs that have Individual Stories. Plan to complete rooms in the paths and aim to preserve your streak for as long as you can but don't worry if you drop it, you can do better next time. Also plan to take time to read a chapter of a cybersecurity book frequently. Include books about certifications, technologies and other general books that discuss the real world threats and solutions. See #bookclub for suggestions.

Check out and find cybersec news sites. Some good ones include The Hacker News, Dark Reading, Hack Read. They give you a view into what's happening in some parts of the world. If you can find a cybersecurity or hacking conference, consider going, as long as it's in budget. They're good fun and you meet interesting people, potentially opening up opportunities and giving you a sense of where to go next.

Most importantly, have fun

https://tryhackme.com/resources/success-stories

CEH has some traction in India but in most other places the company that provides it has damaged their reputation and as the cert is multiple choice, doesn't really teach you how to hack/pentest. The practical followup isn't considered much to go on either.

The eJPT teaches you the basics of hacking but INE, the company that owns eLearnSecurity has a reputation for poor quality learning material and the eJPT contains information that's included as part of the beginning of all other reputable hacking certs.

The OSCP is one of the most valued certs for new pentesters and has an excellent reputation due its challenging course and learning methodology and so it can be a little bit pricey. similarly, SANS GPEN also has an excellent reputation but their courses and certs are usually outside the budgets of even a lot of potential employers. If one will pay for it, you should do it.

If your budget is constrained, there are a lot of recommendations for TCM's PNPT. It has a growing reputation and a reasonable price with excellent training and a reasonably high challenge level. Similarly HTB's CPTS, a newish cert in the field with reasonable but confusing pricing structure. Zero-Point's CRTO I & II, likewise have reasonable pricing, with the intent of helping more people learn the skills comfortably and easily.

As for graduation, if you are doing a degree in a related field, it will likely benefit but most employers will encourage/expect you to pursue certification as well, as it is expected you will be learning as you go

Hello everyone, I’m a cyber security enthusiast trying to break into the world. I have been studying in my limited free time (as I have a young daughter and a full time job) on tryhackme. I have been looking at beginner level courses, and am interested in ISC2 certified in cyber security or the comptia security+ cert. Does anyone have any idea which would be more beneficial for me to complete? The isc2 is a lot cheaper, in fact the first time test is free and a lot of recruiters deem their certifications to be upstanding for a role in security fields. I’m in the UK if that makes much of a difference. Thanks for reading and any advice is really appreciated!

Neither's really standout
ISC2 is only really bjg because of cissp

Which one are you looking at, SSCP?

Would there be any other that you recommend for entry level?

In the UK? Few and far between

The isc2 ones is just called certified in cyber security 🙂 isc2 CC I think

I'd say Sec+ is a good cert, I'm just not sure how far it goes now

I’ve been told by a friend who works in the field that sec+ is a good start, maybe I should concentrate on that instead

Are you aiming for pentesting, analyst, or something else?
Or not sure yet?

Ah cool, looks like that is their entry level certification. 🙂

Not entirely sure, I’ve been working through the jr pen testing path on THM and it is fun, but I really like the look of security analysis and realllly like the idea of digital forensics too, it’s early days for me at the moment

Yeah it seems pretty decent, free of charge for getting people like me on the right track, but if it’s not really recognised by employers I’ll think I may stay away, need to do some more research into it first

Sec+ is nice and wide, but I'd probably hold off until you have more of an idea of what you want to do

Thank you so much!! Will have a look at all that!!

Gave +1 Rep to @rugged delta

Yeah I’ll definitely get sec+ done at some point, but you are right, need to hone in on a specific route

Is cysa+ a good certification in the uk for a student?

It depends™

Whats been everyone's sort of experience of looking for jobs? I feel like im going crazy applying to hear nothing back

Market isnt the best rn

Lots of opportunities available in Sweden so my experience has been pretty good 🙂

Im in London looking at entry level and I know I am bottle of the barrel but it sucks seeing 200+ applicants for every job 😦

Don't look at the amount of applicants, there is no joy in that kind of self-torture

Just make sure you are presenting yourself in a quality manner

Maybe list/do some side projects that can set you apart? Like a blog etc?

What would be beneficial to look into? At the moment my CV is essentially structured: Certs and Education: Security+ , Primary Education BA (Hons)

SKILLS: Incident Response and Forensics, SIEM (Splunk) and IDS Systems, Threat and Vulnerability Assessment, Network Traffic Analysis, PowerShell, Windows and Linux, Office 365, Firewall Management, IAM, Phishing, Cloud Security, PCI DSS, ISO27001

PROFESSIONAL DEVELOPMENT AND TRAINING: SOC Level 1 and then my professioanl experience as a teacher (obviously all expanded)

I'm just conscious that employers just look at my lack of actual work experience in the industry and just move on to the next one

Wouldn't projects make up for lack of work experience slightly?

Just made a GitHub account!

God I guess my coding experience begins now

It really depends on the project. Projects for a course/certification would rank higher. Projects from a recognised book in the field... Personal projects, only if they were at a very high standard. Even better would be a support role, qa, IT, programmer etc... Ideally you'd be enrolled on a course or doing some form of certification

But then it's likely many other people have also done projects from the course/certification/recognised book in question, so I guess a mixture of both personal projects and course projects would be ideal

Having a website to present the projects on would likely help as well along with things listed above like blogs.
However I did just join this server barely an hour ago and just woke up deciding to look into cyber security so my words hold very little weight and should just be taken as suggestions not advice.

Yes a lot of people might have the same projects done but they'll be able to show that they can do those things. Most of the work you do will be standard work in that field. Demonstrating that you can do the standard work is what gets you a job

Also..

!docs verify

Don't need to be coding to use GitHub ^^

You can put up mock phishing reports

You listed SIEM as a skill, you could put up guides on how to detect/ run search queries for a certain type of attack or ATP

You listed PowerShell too, how about putting up some useful scripts there too?

If you are working towards any cert put that on the CV too as in progress

Have any useful blue teaming notes?
Slap that on too

Firewall management?
How about you put up a lab with firewalls and write a how-to guide for it so you can display your teaching skills

You're actually amazing, thank you for this advice!

Would you recommend just slapping a link to my GitHub in the communications bit with email address, etc?

Yeah I did that when I was applying for jobs

Maybe i'm late to the convo but i still wanna ask this... Would probally consider myself as a Intermediate in the CyberSec/InfoSec fied. Taking a Cybersecurity degree separated in 2 years (1st year - basic things, blue team stuff, sysadmin things, network security and etc, etc.
2nd year - ethical hacking, red team and etc). Currently almost finishing 1st year, in like 2 months, and after that i'll get 1 vacation month. And during that 1 month i wanted to take atleast 1 cert.
At first I was thinking of taking Sec+ but i skimmed through the contents and did some practice tests and questions and saw many YouTube videos, and I think that I did pretty good for someone that didn't even studied for it (even though that I know that the exam won't be like that). And I thought that it was kinda basic considering my knowledge (not trying to sound superior or brag or anything), about things that I already know and too Blue Team, so I didn't really "found myself" in it. Also talked with some people and a friend of mine who works as a Pentester and has CRTP and CRTO said for me to take CEH Pratical instead of Sec+

Now I would be very pleased to hear your opinions, considering that i want to work as a pentester/ethical hacker maybe someday as a Red Team Operator (who knows )
Its something that i've been thinking for a while, and so far can't compare what others have been saying

[I'm sorry, that ended up way longer than I wanted]

CEH Practical is useless imo

There are way better certs to have

Sec+ is good to have, regardless. It encompasses a lot of the security domains and is one of the best certs for entry level security practitioners

If you are in a country that values CEH, it would be good to have so you get your foot in the door more often but outside of that, it doesnt offer much. The content afaik is lacking in quality and this is the CTF version and useless tbh without the CEH.

Having CEH and CEH Practical makes you a CEH Master, which I think is still not worth it but the only value of CEH Practical is its the step for you to get CEH Master

For certs to recommend, the industry "standard" I would say for penetration testing is OSCP but it is a bit pricey

CRTP is focused on exploiting on prem AD and CRTO is focused as emulation of red teaming

Yea, I mentioned before but i'm planning to take it maybe next year

I also know that, who knows if i don't take it in the future

My thing with Sec+ is like I said i thought that it was kinda basic, too much into blue team and there were some things that I don't like (governance and compliance), so I really don't want to take it just for the sake of getting attention from the HR

I'd say its not too much into blue team. It teaches you the fundamentals that encompasses a lot of the security domain.

Governance and compliance is also an important pillar of cybersecurity as companies do employ risk based vulnerability management

Understanding how these security domains work is key into being a good security practitioner

Look at it from a pentester's perspective, after finishing the assessment, there are cases where you report these findings to execs and non-technical users

Conveying this in a proper manner and showing them the risk of a vulnerability can inform them to make better business decisions on how to move forward after the assessment

I think that the cybersec degree i'm taking teaches what Sec+ teaches and more

The fundamentals, the basics

Its to your decision on what you want to take. You can try to look at CySA+ as an alternative if you believe Sec+ is not worth it.

I think that i would get the Sec+ cert and course, udemy courses and study guides if i wasn't already in the cybersec/infosec field, or maybe not even in IT or if the job i wanted was in a different "area"

I prefer to get a pratical cert because the theory and knowledge I already have. And tbh it would be redundant for me to get a cert, just to get certified that i understand something.
For me certifications aren't everything, and shouldn't define what you know or not, because i know people that know so much and work in the field and don't have any certification, degree...

I don't know if i'm making myself understood, its not my intention to seem disrespectful, superior or like i'm bragging

I do understand what you mean but its also these "theory and knowledge" that you say that also plays a big role in cyber decision making. If you feel like the contents of a certification is already something you know, you can of course try and take their harder certifications.

For practical certifications, you are already well on your way. If you want a learning certification, I suggest the HTB CPTS while you are in school as you get the cheapest option as a student.

Plan to take it, but first i gotta take some steps before getting into it

But yea, appreciate the convo

Hi all, kinda new here. I have a question, I'm ~~very ~~bad at coding (maybe not too bad but I suck), can I make it in security and/or networking?

Hi, I wanted to get into a blue team and was looking at doing some good certifications in getting a job. After CEH what could be a good certification that can help me in getting a job in blue team. Please pour valuable suggestions.

Get rid of the attitude and learn!
I thought I didn't have it either until I changed my mindset.

You can still somewhat make it in Security/networking but you are making it harder for yourself

CEH not recommended unless your area for whatever reason recommends it

Sec+ net+ Cysa+ is a good starting point

BTL1 - is a practical exam that taught me alot but not as widely recognized, so maybe only for learning if you can afford it.

Hey guys, I have a question...If I have studied the content of an industry certification and gained its theoretical and technical skills such as security+, eJPT, eCPPT but can't afford its cost, so how could I mention this in my resume?

Have you done the official training or equivalent non-offical training?

eJPT and eCPPT official training from INE website but Security+ from a book

So you didn’t do the certs for eJPT/eCPPT?

yup

Then you could mention it as PTS and PTP course I guess

thanks dude, but in which section

Gave +1 Rep to @worldly whale

Education probably

is it a good idea to create a professional development section and add it in

Employers will need verifiable skills, so I think it will be a struggle if you just leave it at "have studied etc". You might put a nearby future date where you plan on taking it by but also be honest.

You could extract the core skills these courses teach and put them into skills section. That being said, mention only the skills you are pretty confident of.

Skills need to be mentioned in the context of the work you've done, the certifications you've completed etc. Listing training you've completed helps but only if you have other relatable qualifications/experience. And as has been said, having an intended completion date for a course gives confidence that you're not just listing objects from a course

Is Splunk the overwhelmingly most used SIEM out there? Is it a safe cert to pursue

It is used for a lot of things, it is a pretty safe bet to go after a Splunk cert

Sweet thanks, and also should I complete BLT1 before Splunk or vice versa? Is there any advantage to the order or does it not matter

Yes absolutely

yes!

I have a question. I'm a computer scientist working as a systems engineer. with benefits I make low 6 figures. If i wanted to get a security+ and start to transition over to cybersecurity would I have to take a paycut? edit: please @ me if you reply.

Should I get an OSCP or a Security + to start?

@thorny light have you decided which part of cybersecurity you're interested in?

Honestly not really, other than something more offensive related. I've really enjoyed red team and the jr pen tester paths. I know there's positions like network security, red teaming, pen testing, blue teaming. I know about some other positions like malware anlaysis.

is there a good resource that outlines the different jobs in cybersecurity, a little deeper than red team and blue team?

There's a room on the different career roles

Security+ would be a good thing to read, even if you don't do the cert but intend doing others. The cert itself is highly in demand for cybersec positions all over the world. Check out the Tribe of Hackers books. They're sets of interviews with people in various roles in the field. The OSCP is one of the most highly demanded for junior pentesters and is going to take a lot of preparation and work

the careers in cyber right? That's how i've figured I'm aiming more at pentesting / red teaming.

okay, ty

Gave +1 Rep to @rugged delta

https://www.cyberseek.org/ through some research it looks like this will be helpful

the specific roles

so I guess I'm aiming at Cybersecurity Specalist -> Penetration Tester -> Cybersecurity Engineer

These roles have different focuses, for e.g as penetration tester you'll be doing offensive stuff, while as a security engineer you'll likely be doing defensive stuff

Oh, I was just going off the website I linked

Cybersecurity Engineer is typically a catchall and changes depending on the org

Let me see if I can find something online

Trying to place roles in a specific order is also going to drive you insane due to every org being different

I started as, and still am, a Cybersecurity Engineer

@thorny light this one might give you some clarity. https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/

Red teaming, Malware Analyst, and pen testing seem more interesting to me right now. I think my current goal is to become a red teamer

Now again these have slightly different paths and interest areas

Just keep in mind that red teaming is super niche and requires a lot of prior experience

would I be looking to try and get a basic junior pentester job first?

It's not going to be an immediate thing, and will take time

that's my understanding, pentester -> get exp -> red teaming

It will mostly depend on your current skillset and how much effort and money you're willing to put into

Nope, bad idea

You have to be a fit for red teaming

It's kind of hard to explain

See you have a 6 figured job right now, as a junior pentester you'll be earning a lot less plus it could be a bit constrained

6 figure including benefits, without benefits I'm a little under

what would you recommend?

They don't want "pentesters" per say. They want individuals with specific skill sets to fill out a team who then work together.

Could you jump into a voice channel?

The ability to think outside the box

To use video games as an example; they need a support, a shot caller etc

yeah

It would be much easier to explain there

Let me see if I can find/am allowed to share the presentation that will explain what I'm talking about on the red team stuff

Looks like it's not public

red team has specialized goals, like steal a certain file on a certain server

whereas pentesting is more general, no?

Pretty much, also beware that any job advertising as red teaming without requiring prior experience is essentially a glorified jr. pentest role to sweeten a position. 😄

yeah, I know enough about red teaming to know it's essentially a full team trying to emulate an actual hacker/hacker group. A junior won't have the skills to join a team like that.

I appreciate the advice everyone. Thank you for your help @distant pier @unreal plinth

Gave +1 Rep to @distant pier

+1rep @unreal plinth

+1rep @unreal plinth

A for effort. 😄

+rep @unreal plinth

Gave +1 Rep to @unreal plinth

There you go 🥳

somehow shadow memorises a lot of bot commands in their head no problem

Have a look at this cert roadmap: https://pauljerimy.com/security-certification-roadmap/

Try to research these certs and the skills attached with them. Also try to find your niche area (networks, web apps, social engineering, etc)

Gaining new skills are what you should focus on and also look into the transferable skills from your current job.

That roadmap is all over the place. A lot of certs are listed with equivalency to a lot of certs that should be lower or higher and lots of certs that should be the same level just aren't listed that way. You need to find the certs that suit the role you aspire to and create a track yourself, modifying as needed or advised by experienced people, especially colleagues or your employer as to their needs...

.

I know I came in hours late to this conversation but, there is no better way to display the practicality of what you learned from your cert, more than projects. Do projects that are related to the skills you learnt in your cert.

You got a Net+ or Sec+ certs? Go harden your routers and most importantly, write a blog post about it on Medium or Wordpress

Or do what I did, and get yourself a casual wireless cam, and try to exploit it

^ would be a nice PNPT project

I know there seems to be a general disdain for including THM in the resume but given I have no other practical experience I am unsure what else to include (starting to work on some projects now) for someone transitioning into the industry, how effective do people think this section is? PROFESSIONAL DEVELOPMENT AND TRAINING
Security Operations Centre (SOC) Analyst Course TryHackMe April 2023
•Utilised the MITRE ATT&CK and Cyber Kill Chain framework in simulated environments to map and analyse attack patterns, identify adversary TTPs, and devise effective defense strategies.
•Conducted network security and traffic analysis using tools such as Wireshark and tcpdump, enabling detection and investigation of simulated network threats.
•Initiated incident response through use of SIEMs such as Splunk, enabling complex query construction and anomaly detection in security logs.
•Identified threat data and digital artifacts using various digital forensics and incident response tools, such as Autopsy and Volatility, leading to the successful resolution of several incident response scenarios.

Honestly, I know it's hard if you don't have experience but TryHackMe should only be a couple sentences max on a resume

Well, I might be wrong and I know I am to a degree, but, well, using a tool or a protocol/technique a few times might make it not worth mentioning it. I did mention my rank on my resume for like 1 sentence and I gave my THM profile link. That’s about it. For the sake of flexing it. But it would be impressive if you setup a cloud home-lab with AWS’s free tier and demonstrated those skills over and over

A soft-meme to look at after all the feedback

Until the number of challenge rooms you've completed far exceeds the number of walkthroughs you should probably keep it to a couple oif lines at the very bottom. Maybe include your overall rank and country rank. I just say Top 1%, Top 50 in <my country> (These can be seen on the Leaderboard section under the Compete section)

hey guys, in which order should I do the modules/ learning paths of SOC Level 1, Cyber Defense and Nmap?

I wouldn't even put that much. I put it under Personal Interests, and just list it as "Ongoing security learning and education: THM, HtB, OTW, picoctf et al"

Yeah that's fair too. I don't include it under education. That's purely academic and completed certifications

Agreed, that's why I put it under Personal Interests - as security is only included in my current role as part of the "Shift Left" paradigm that is the current hotness.

Is there any possible way to work remote from different country?

that is a pretty loaded question. There are various labor laws that have to be adhered to from country to country so it gets tricky. I've heard even in the EU where they have made it easier to do, lots of companies still have their own preference and are relectunt to hire outside their own country but within the EU>

If you have a niche enough skillset and experience, a company may seek you out and work out some arrangement to do so. I will say it is pretty rare.

I think pretty rare is underselling it - if you want to work remotely for a company based in another country, a very typical route to do so is to apply for a local office of that company, get the job, then request transfer to a role in the country you want to work in.

yeah but you are still not working remotely

and yeah pretty rare meaning like nearly impossible... the people I've heard that have done it were extremely highly skilled and experienced.

Lots of extremely specialized knowledge - PhD level at the minimum

I'd say it's nearly impossible for Junior roles, people with 3+ years experience can definitely land a remote job working for a company in a different company, at least in Brazil it's very common to see Developers working for American companies for example

Although idk about Cybersecurity

Not quite that simple - a company usually has to have a local-ish office that the employee can be assigned to. It has to do with taxation of wages and reporting and such.

and there are some generic exceptions like, THM is a UK company with at least one American on the payroll, HTB is a greek company with at least one Canadian and American on the payroll, OffSec, I don't know who is paid and who is not but they are in the EU and do have some employees outside the EU. For each of those, they are also internet communities where people who were hired were very active in the communities.

it wouldn't surprise me if there were quite a few companies in Brazil contracting out developers to American companies. Like Juun said, they often have to be established within the company and then contract internationally company to company.

I keep hearing on youtube that networking on linked in and going to events is one of the better ways to get a job in infosec. Is this still true? this feels to me quite luck based and out of date? Im just curious on if people feel this is the case

not to get a job but just to network generally

hello guys can you tell me a roadmap to become soc analyst ?

do you recommend ejptv2? would I be able to secure an entry level position with just ejptv2 and no degree

ejpt is very very basic, I doubt any employer would give you a job based on that.

If you have the budget for it, get the OSCP, otherwise, there are alot of options, right now I'm looking at the PNPT which is much cheaper and still somewhat recognized

It's still not enough though, and I wouldn't recommend anyone paying for it themselves. It's too expensive.

Which one?

And you say that, but we are talking about getting a cert before the first job, so who will pay for it?

Since you don't have a degree, you're going to need professional experience. As of right now, I'm going to assume that you have none in the computer industry, please feel free to correct. A common starting point is in IT, does have to be IT though, and then moving to a security position from there. Sec+ is your baseline security certification.

I don't think PNPT has very much market recognition yet

Certifications are used to quantify your professional experience. Wasting a bunch of money on certifications, and not having previous professional experience and/or degree with internship(s), just shows that you can take a test. OSCP, with the price update, is too expensive to really recommend someone pay out of pocket. I understand that a lot of people want to get into pentesting, but you can't "skip the line" so to say. It's a niche field within Cybersecurity that generally requires previous professional experience. Cybersecurity itself also generally requires previous professional experience to get into as it requires a degree of trust.

I think in general you need to be more open to getting an entry-level job as a person not pursuing a degree. You can't just replace 3-4 years of education with a certification (to each their own of course). I've gone down the no degree route (took 2 years of college then stopped), got a job as QA, started learning about Cyber Security and Pentesting while working, transitioned to Support and after all that landed a job as a pentester/security engineer. I can't say that getting OSCP, CPTS or PNPT could've replaced all that for me, but of course, different strokes for different folks.

Gave +1 Rep to @stoic cave

Those who have either Azure or AWS certs what made you pursue one over the other?

az900 is free ;/

Are you sure? I thought both were $100 USD

you can it for free if you attend a training from microsoft google it

also sc900 can be free

Did they not discontinue that?

No need to be rude. I did research before I asked and saw nothing on Microsoft's official training site.

Same here, all I managed to find is this:
https://trainingsupport.microsoft.com/en-us/mcp/forum/all/is-microsoft-no-longer-offering-free-exam-vouchers/187e0d99-e761-4bdc-ae8e-2705baa6a28c

hey i have a question to ask

i was studying html/css for a while (i know the basics but it really got bored)

i want to get into cybersecurity but i have no proper path

i cant copy paste damn

the thing is https://tryhackme.com/paths

it says no prior knowledge needed so i dont know to know any programming knowledge for now or?

is this something lese

im just really scared to get into this without any knowledge of a programming language i need to know

You don't need in depth programming knowledge. Learning a little about scripting can help, but the paths do a good job at teaching from the very basics to more advanced things.

Start #pre-security-legacy-path and continue from there

so its okay if i like start studying from the website right>

will do

i dropped out of school so yea its a bummer about a degree

what do i do there?

Just follow the path.

alright, im sorry

just overthinking a bit

It's all good. If you are still confused what to do I'm happy to try to help you understand 😊 it can be intimidating at first

thank you means alot, you wont mind if i ping you when i need to ask something right?

Gave +1 Rep to @tight tapir

Not at all. I may not be able to reply right away but I will whenever I have time.

@sinful scroll I am finishing the last chapter in course 1 today!

Some thoughts… the material is high quality and easy to follow.

Foundations was a bit underwhelming as far as content, I wouldn’t pay to get the cert, but do it under the free trial and try to finish before it’s done.

Going to try the professional one next

If you are fairly familiar with cybersecurity space, maybe finished your first tryhackme box? You could finish the foundations and clearly understand it in under 12 hours of focus

It's not rude to tell someone to Google it, that is your name, so unless you are saying whenever someone reads your name you are rude, he wasn't rude

I just looked at the microsoft training site as well and don't see anything saying its free (only $100). There's a major difference between telling someone who's googled and done their research to "google it" v.s. someone who didn't research or only looked for less than a minute.

if you look for their webinars or sign up for their webinars, they will usually mention a free voucher

but yes, you'd have to know that. Usually it is mentioned on Azure forums and such, harder to find on google

Sure thing! I am still finishing the foundations course. I am on week 4 but I got there in a couple days. I do have a background though because I am a software engineer. Week 4 seems like it will take longer because it has actual activities and not just quizes on the material.

The course is pretty sweet though, they incentivise you to work ahead a lot by constantly giving notifications of how many days early you can finish it.

Hey guys how's it going? Just need some recos based on your experience for starters like me. Planning to take this Path Sec+ Cysa then Pen+ is it a good foundation in your opinion?

I am not sure why you're inserting yourself into a situation that does not involve you, but alright. There is a difference between the two. Asking someone if they have conducted a query with their favorite search engine is not the same as "Google it". One response is definitely rude.

My name is DidYouGoogle, which is read as a question, not GoogleIt, which is a statement.

Tbh, no, you assumed the intention of the person was to be rude instead of informing the person that you took their expression as rude

Not all of us come from English speaking countries and might express ourselves differently (and also take expressions differently) there is no reason to assume anyone is trying to be rude at first hand

Looks like Fortinet still has free training and certs. I'm not sure how many people care about Fortinet certs but it must be at least almost as many as however many people care about my expired Check Point Certified "Security Master" and other hilarious tales (remind me to tell you someday about that one time I managed to convince everyone that I qualified as a "specialist" on the "blue coat / crossbeam x-series appliance" whatever that even is)

https://training.fortinet.com/

Hey y’all, I do plan on getting into cloud with Azure. I do have my Sec+ as well as some IT experience under my belt. Is going for the Azure Administrator a good move for my first cloud cert? I’m well aware of AWS and I gave it a go, although it’s kind of confusing for its naming conventions

Yeah that should be fine I think. The cert alone is where people with no IT experience find out what "entry-level" actually means in cloud (it means cloud-entry-level not IT-entry-level) and other niches (like security lol). But if you already have experience with working tickets, troubleshooting in general, and especially if you've been able to touch any enterprise stuff, that seems like a place where you can benefit from cloud associate certs. With Sec+ I think you wouldn't be wasting your time if you also started on some security track stuff for cloud. You already have that foundation, just have to translate over and maybe fill in some gaps if you haven't dealt with virtualized networking/gateways/multidomain management w/e

also https://expeditedsecurity.com/aws-in-plain-english/

Hey guys, just finished Pre Security & Intro to cyber pathways. I have the choice between Intro to Pentesting & SOC Level 1. I'm super interested by ethical hacking, but wouldn't it be wise to go for the SOC level 1 pathway to have a better understanding of cybersecurity before juming into pentesting ?

I agree with this, that way when you get into pentesting, you have some form of understanding with how blue teamers detect IoCs and how pentesters can avoid getting detected

Lovely to hear. Thanks mate! I did take a look at the various comparisons between the two and I’m going for the Azure Admin then the Solutions Architect(Azure). Especially that Azure already uses Active Directory and whatnot

Gave +1 Rep to @static heron

Hey guys, does anyone here do bug bounty? If so, how does one start, and is it a good way to gain experience you can put on a resume?

Look at the pins in the bug bounty channel

Oops, my bad.

What about learning attack first then defence?

Because I chose this Path and wanted to know if it's the right way or not

it's also okay. pentesting is just not an entry-level role (some jobs require 2-4 yrs experience in other jobs like SysAdmin, Security related roles, etc.)

also, there are more entry-level blue team roles (SOC L1 analyst for example) than red team related roles so having knowledge of blue team roles help immensly when you are breaking into an IT position

also, there are more transferrable skills with blue team roles than red team roles imo. for example, a SysAdmin can use knowledge of blue team roles to set up log detection, vulnerability management, etc.

It's very valuable for both sides to understand what attackers and defenders do and how they can try to subvert their opponent's strategies. For a Red/Blue operation, the Blue team doesn't need to be informed of a planned engagement in every instance (such as emulating an APT), but some forms of operation should be collaborative with communications specifically requesting the Blue team to inform if they detected particular actions by the Red team and then the Red team modifying their behaviour to test whether their actions can still be detected.

The whole concept of Red/Blue engagements is preparedness for a targeted and prolonged attack by an organisation who might maintain presence in a network for days, months, even years without detection or removal. Red teams train for persistence, the same way an organised group might.

These APTs, Advanced Persistent Threats, have been recorded being in networks after several years of covert espionage, data harvesting/theft, leaving traps and maintaining multiple access points. One APT was only discovered when another group of hackers, less well organised were caught breaking into an org that had been penetrated years before by a foreign government, who had plenty of backdoors across the infrastructure

Hello all, I've been a member of THM for a little under 3 years now and have learnt a lot from it and have always learnt something new with every box but as I have recently started working towards my eJPT and am studying a BSc in Cyber Sec everything has slowed down a lot. In my eJPT all I have really covered is brute force, msf, nmap and some other basic tools here and there and my degree hasn't really touched cyber yet.

I was wondering if in a pentesting role will I develop my own scripts and use real exploits (not just sit and pray for a brute force to work on every single audit). Or should I be looking at another career path? I really enjoy programming and so just using other people's tools isn't really something I want to be doing. Preferably I'd want a job where I can find and exploit vulnerabilities and also be able to develop or identify patches alongside that after detecting a vulnerability.

it sounds like you are interested in being an exploit developer, which is a completely different job than a pentester

What's the difference between the Cyber Defense path and SOC Level 1 ?

I feel like the former is more practical and the latter a bit more theory oriented. Is it correct ?

The latter is newer, and includes foundational frameworks and threat intelligence modules. 🙂

Thank you! I'll stick with SOC Level 1, then 🙂

Gave +1 Rep to @distant pier

I'm pretty much in the same boat. but this has been a very fun way to learn

thats good to hear lol, goodluck

Hey guys, i am currently working as a junior cybersecurity engineer, i don't touch any machines, all i do is read docs and make docs related to our systems. The first time i touched a linux machine was when i did my masters degree, so im not that strong in technical things since i didn't have much experience and practice, of course TryHackMe helped alot. But now i realize i want to be a SOC analyst, im currently doing the soc related path on TryHackMe. Question is do you think i should stick to being a cyber engineer or do i make that switch to be a SOC Analyst, and get more hands on experience?

Also which certs could i do or which resources are good for soc ?

Thank you in advance for any advice/help

And tbh i learned from THM more than my actual degree, it's surreal

Doing the blue team paths on THM will give you a very good basis to further explore the role of SoC analyst.

When it comes to certs BTL1 is considered to be pretty good with a practical exam.

Thank you for your reply

Gave +1 Rep to @lavish vigil

A medical representative enters from punjab to Sindh and may visit 2 or 3 or 4 or 5 or 6 cities and returns to Punjab he shall not visit any twice write a program in C++ to find out options for largest and smallest routes for n cities such that n=2 or 3 or 4 or 5 or 6

And array, factorial, switch also use

Help me to complete this

Is this homework?

Project

Write Program

I know its little bit lengthy

Buddy if you can solve this ill give you $1 Mill :)

https://en.wikipedia.org/wiki/Travelling_salesman_problem

You've just stumbled into a very famous unsolved problem

But I don't know how to start this and adjust factorial, array, switch etc

We don't help with homework

The problem as presented is actually solvable with bruteforce in a reasonable timeframe; the difficulty with NP complete problems is that ensuring the best solution takes exponential time, not linear time

talk to your instructor, this is literally their job

@sleek sedge I don't won't your 1 mill I just need help

@flat sedge if he helped us so what I'm doing here

Sorry can't help as juun said

Ah gotya, finding an efficent algorithm

You don't know about it how to solve this?

*optimal

Again, talk to your instructor. Instructing students is the job description.

well technically an efficient algorithm could still be exponential time no?

also i'll move to #programming

Think about what the asymptotic analysis means

just got here, but this can be solved with a bit of slime mold

quick question i have for you guys
i have enough resources to learn about cybersecurity field i wanna do job in next year in cyber security domain so what should i learn or go with?

I think this can only be answered by you.

"Cyber security domain" is such a massive field.

What are you interested in?

i didn't work in any company before how can i know that which work suits me most well...?

Have a look around on THM, see what takes your interest the most, then go down that route

you mean THM Site?

Yes.

!website

Unlikely that you'll get a job in security in a year if you're coming in from no prior experience in IT or having a degree. Just a heads up. Not impossible but still

hi guys
what kind of paths/modules you think will give the best set of tools for integrator ?

Is it bad to put harmless examples of "not warranted" exploits in a portfolio?

Like I scraped a coding bootcamp, or I used an injection in a video game, or I used XSS on a college "snake" leaderboard 😂

Admitting to a crime in your portfolio isn’t advised

Scope and legal concerns are a really big part of pentest work.
If you're actively giving examples of unethical and/or illegal work, that's a red flag.
Have a look into responsible disclosure

I worry that I'll be bored in uni from having experience in the content already, did anyone else have this who went and if so - what was your experience like

What are you majoring in? One of my coworkers (very skilled pentester) is a compsci major and he very often talks about how he finds the coursework really helpful. I think it depends on the syllabus?

BSC Cybersec in computer science

It depends on the coursework, lecturer, uni but I'm sure there will be a lot of material that's new to you

Maybe, I just get bored easily if I'm not challenged enough

You will likely find a lot of the content early on isn't very challenging but you will see a lot of new things too. If there's a course you're already very familiar with, you'll know you won't struggle so you can focus on getting high marks there very easily while also having time for your other pursuits

Many computer science programs don’t go into networks in very much detail. If your only goal is to land in cyber security, I would change to a more IT based course. If you have other software interests as well, stay in computer science but maybe take some classes on networking and system administration. Could even minor in IT management.

I dropped out of uni and got a full time position as I was already working part time in security while attending uni

The course itself was terribly outdated as are most cybersecurity courses at Uni. Dropping out was the best decision I could of made tbh

Thanks for the advice everyone :)

To clear any confusion, you're saying CS as in Computer Science, yes?

CS specifically means Computer Science and not Computer Security

I assumed they meant computer security

I edited to make it clear

Huh, I'm suprised they don't go into networks very much?

The course at a uni I just visited is moulded around CCNA (First year modules iirc)

Computer Science is theoretical and is a solid degree. They likely supplement specific activities with electives

Well it depends on the school!

Computer science in the US is an accredited degree.. meaning that it has to hit certain standards to maintain "accredited" status. It does not require much regarding networking because it is more focused on the theory behind programs, as far as I know.

Honestly I think the best path into any field is to get an entry level job whatever it takes, and learn from the people in the field. Professors tend to not work in the field much and have very little relevant experience. Just my thoughts.

You could save a lot of money if you have the motivation to just get certificates and work in IT or as a security analyst while they pay for your training.

Helloss

Guys if you get accepted in coursera financial Aid, when you complete the course do you get the cert or not?

Yeah you get cert if you apply for all the parts of the course

It's about the theory of computation, which includes networking. Much of the networking stack is built on and pulled from CompSci topics. There isn't much need for it in a CompSci degree program, because 99% of the non-implementation specific networking stuff is covered in discrete math and algorithms classes.

my CompSci program had a whole networking tract, it was the basis behind me getting my first job as a network admin.

how much if the networking track was system agnostic? my experience with networking wasn't much more than a single class with a smattering of other use cases for network progamming layered on in other classes

the way my program worked is there were 5 or 6 tracts, you were required to take the beginning class in each tract but were required to take 4 classes in 2 tracts. I chose networking and AI

so it was basics of networking, network programming and network simulation. Nothing was specific to a particular technology, like we didn't have cisco routers or anything but rather we might've had a simulated generic router

I think it was 2 network programming courses of different focus but its been a long time

that actually sounds way more practically useful

And you sure have to pass the tests, they actually awarded me the certificate after completing the course.

My IT degree (almost 20 years ago) had quarter of the course on communications technology, highly product agnostic. Linux was a whole single page in the first year course book for computing.

I'd done a previous college course with tonnes of networking, operating systems, photonics/electronics, programming, maths and a whole module on Unix (it was actually based on Red Hat Linux but we had some SGI machines to play with too), and loads of other cool stuff

being comp sci, we had nothing on any specific operating systems, other than how operating systems worked but also I did not do the operating systems tract (so not sure what they went into if you did)

all our programming was done on unix systems though until the last year where I took an optional AI class which had windows programming

(but should also note, I'm also old 🤣 )

We had lessons on MS-DOS, Windows 3.1, NT 3.11, Win 95, Novell Netware and Unix/Linux. At the time our college network was operating a mix of IPX/SPX and TCP/IP in various places because many parts of the world were still transitioning. At the time, IPv6 was just around the corner (only a few universities, gov/mil & research operations were actually using it). Then Windows 98 came out and ME.

We also did programming in C, 8086 Assembly and Visual Basic, as well as learning HTML and CSS was pretty new. The programming course my friend was on covered Pascal and some other archaic language but nothing as indepth as what we had. At that point.

yeah our school only taught us one programming language, the rest were up to you to figure out... it was Pascal 🤣

we did assembly on motorola chips as they had macs but they didn't have any courses on HTML or web anything

The degree I did after that covered C++ (basically like what I'd done before in C, I got 100% in all those assignments) and some COBOL. Had to buy a COBOL package and book

most of our programming was c/c++

My final project in my first trip through college was to write an IPX/SPX network scanner. I couldn't find any info on how to do it. My tutor gave me a copy of one a friend of his did in college in Germany. All the code and comments were in German, and it was written in Delphi

I neither speak German or program in Delphi

we didn't have anything such as a final project but I did a research project, written in C which was using machine learning to do predictive analysis based on cancer studies

Oh that sounds interesting. Most other people in the class had projects like 'Build a functional Windows Server' or develop a simple network-based game. That Windows server project was completed over a weekend so they re-did it with a Debian Linux server. One guy built a Beowulf cluster and got a job working for a company who had a cluster here and one in Malibu. He used to fly between the locations every couple of weeks