#cyber-and-careers

I hate sales though in case you can't tell lol. I would rather be a part time office assistant or something over sales.

If I accepted an offer for a Hybrid position, is it possible to negotiate for a schedule where I come in on site only a few times a month or get it to be Remote?

If you accepted, your negotiating power is gone for the most part. You can ask about expectations on what it means to be hybrid

Now if you haven't yet, you can ask for it to be fully remote or a few times per month but they can deny it

I agree with Zojja. Your on-site responsibilities are part of your contract, and once you've agreed to take the role it can come across as disingenuous to add additional conditions

It's Hybrid, but the scheduling is client dependent.

if it's client dependent, you go where the client wants to get paid

that's all there is to it

It's just an offer letter.

Because it's a Defense Contractor.

I'm thinking I could do a schedule where I come in a few times a month via plane, stay in a hotel for as long as I'm needed, and work from home for the rest of it.

oh you really need to talk to them about this plan as your work site needs to be approved. Some will have a requirement that you live within X miles of your home facility

unless you are a traveling consultant or very senior, that's still pretty rare

Hey all, I'm new to TryHackMe, my background experience is in IT and Networking, I'm looking to learn then practice offensive pen-testing with the current company I work at, any advice on the best path-way on tryhackme website seems there is JR pen-tester or Offensive Pen testing ? as of now I'm starting with complete beginner covering Linux and networking which seems easy enough.. for now !!

I can't speak to what will be best for your career, but the Jr. Penetration Tester path is probably what you want to do either before the Complete Beginner path or alongside it
It offers a more thorough and holistic introduction to the tools and techniques you'll use as a pentester imho
You won't miss anything by doing it this way. As long as you are comfortable using Linux, the Jr. Penetration Tester path will hold your hand sufficiently.
Since your background is in IT and Networking you probably don't need them but if you want to start at the very beginning the pathways you'd do are the Introduction to Cyber Security and Pre Security pathways.

(While I am fairly familiar with all the paths described above, I'm still pretty new so if someone more senior here disagrees with what I'm saying, defer to them)

Does your current company already have a pentesting team, or is it their first venture into the field? Have they got adequate security policies and procedures in place? Have you/they discussed the possibility and/or has it been discussed with legal?

Penetration testing is a challenging role to get into. The paths on THM are excellent for beginning your journey but you'll need to get comfortable with a lot of the other boxes as well. Reading books on the topic, learning about and following a certification path and/or a relevant academic path would be beneficial as well

Anyone willing to go over my resume and give advice?

Post it here, redacted as appropriate, and then everyone can advise

If you accepted the offer, the contents while not legally binding, are meant to be honored by both parties. Trying to change something that was agreed upon after the signing can be seen as, and kinda is, bad faith. If it's a defense contractor you're likely going to be in office 3 days a week, always depends though. If you're placed onto class work, expect to be in 5 days a week.

Also, expect them to say no or just flat out rescind their offer if you do this

some defense contractors do have 100% remote jobs but the jobs are listed as such. Hybrid jobs usually mean 2-3 days/week in the office

Interestingly this side of the pond, there's processes in place for WFH on offical and Secret marked material

not all jobs require you to view / have access to secret material

but they still may require you to have a secret clearance... because

Yep same over here

So yes, those jobs do exist and I've come across those but they seem to require the clearance but not actually handle classified material. Seems like they're utilizing CUI and it's many categories. Actual class material handling is much more likely going to be the 2-3 in office as you mentioned, but could be full in office depending on which contract you get put on.

yup, it really does depend on the type of job and material, if its 'just' CUI, could be fully remote but then again, may not be.

but also if you are dealing with external customers, they often like to see you face to face especially defense customers

CUI definitely grinds my gears insert Peter Griffin

Hey guys ! I'm currently 19 Preparing for PNPT and then OSCP
i want to work as a pentester .. Would that certs be enough if not
where should i start from , what jobs + certs should i go for so i can be hired as a pentester later in life .

India likes CEH

Sec+ is a good entry level security cert, in general; help desk and support are very common entry routes into IT.

is there any jr or assistant level roles for freshers?

Hmm , I really wanted to save my time so i can get a job

I wanted to move to any other country and start a good career

"Saving your time" is usually a waste of more time than just doing the work to get there.

how about bug bounty?

Yeah that can be done .. It's good money but not a stable income TBH .

not income but can give confidence + exp for later job role

It doesn't make sense to compare internationally like that, cost of living is so different

Compare it to other roles in the same country

I agree , So i should accept any job role after my certs or during my certs if possible and get Experience letters from the companies i work so i can build trust and finally get a job as a pentester somewhere ( as in any other countries company )

Around equal to a Network administrator ( if you are a senior Pentester) .

Mostly people don't give a single f about security so they just want to have a reason to think they are safe .. and you have to be that reason so they will pay accordingly

buddy u have to see other things like cost of living

It's normal living .. It's not about money for now .
i have few years to work on my career

Already spent around 2 years in this field

2 years?

Yeah first year i spent most of my time learning linux , Proscanating if i would be able to do this shit cuz i'm not going on the path where everyone is going ..

Started THM around a year ago

About to complete it in 1-2 months

and then get PNPT .

No one in my family or around me knew anything about computers , neither did i had anyone to guide me through anything . so it's kinda been a slow journey

ur life is like mirror

fr

Hope you are doing good now .

Goodluck out there

I've been curious about something lately. I've looked up "freelance malware analysis" and haven't found much. I'm new to the cybersec scene professionally but I've been in IT for a few years as a programmer. Is there any reason this couldn't be a thing for people to make a few bucks at here and there? Similar to how there's freelance web developers who just make websites for a few bucks.

Malware analysis isn't really a beginer level skill.

It's more common for malware analysis to be PhD academia or private researchers working for extremely large orgs

Was gonna say, if you are competent enough in analysing malware I dont think you'd be freelancing?

competency doesn't enter into it - it has to do with who has resources to make it worthwhile. academia does it because it can publish papers for novel techniques related to the field, orgs do it as a survival. For smaller orgs it usually isn't worth it, re-image from a 'good enough' golden image. Large orgs also do it because of the APT factor. Small orgs are much less likely to be targeted by persistent threats, so it's relied on that a vendor is able to provide 'good enough' protection (like crowdstrike, carbon black, etc)

there are quite a few independent researchers but not paid... there are paid people that work for companies that specialize in malware analysis and then there are people who work for individual companies doing malware analysis. Any company that is going to pay for malware analysis, they are going to want a fully comprehensive service. They can sign up for various services and get answers within hours for pretty low cost.

I got a cybersecurity sales position. Selling ZTNA and things. Can i leverage that position to get a more technical role within or outside the company ? Thanks

Does anyone know what it implies to be a cyber security graduate, and what you'd do in a job? I'm thinking of going into a career of cyber securitty and forensics but I don't fully know what it involves on the job? If someone could tell me their experiences or anything, i'd appreciate it. Thanks

A cyber security graduate implies you've graduated university with a batchelors degree in cyber security

Job wise? Almost anything

like in a firm you'd be justt managing employees to ensure they dontt get hacked or protect he companies info?

As a graduate wirh a batchelors, you're not going to be a manager

There's a large number of cyber security roles

yea im more confused on that part to be honest

i just dont understtand whats coming for me after i graduatte

if you want to go into forensics, your best bet would be to start as a soc analyst

oh which your responsibilities would be analysing alerts to figure out if they’re false positives or legitimate attacks

there are literally hundreds of different jobs within cyber security, summarizing that is a lot

this is aimed at kids and its a pdf but its from the US gov going over various possible careers https://niccs.cisa.gov/sites/default/files/documents/pdf/career profiles5.pdf?trackDocs=career profiles5.pdf

thanks a mil

Gave +1 Rep to @pseudo creek

this has some more details that could also be useful https://www.wicys.org/resources/nice-workforce-framework-wicys-video-album/

for 12 hours

😄

worst part about that

when I did forensics work, I didn't do any alerts.... we would image/analyse systems and analyse various associated logs

those who did forensics was a different job completely from those that reviewed/created alerts

facts

I'm trying to excel at it in order to reduce the time I have to do shift work

it's very hard on the body

lots of time for THM tho

Hi guys, i am from Brazil, and im using tryhackme a 3 months, im doing the red team tasks, but im lost about the path which i should go, I want a goal as a certificade or a job, somebody know where i should go ?

The Red Team Path is a higher path which teaches about red team engagements which covers lots of topics that are higher in level

I would suggest you first finish Jr. Pentester Path as it's more in line with learning the ins and outs first of penetration testing

To be precise, the certificate (or to be even more precise, a certificate of completion) only certifies that you've finished the learning course. What you should be looking into are certifications. That said, there are a few you can take which I believe you can use money for. CompTIA's Security+ (look at the price for emerging countries, there are different price points if you are in Brazil and if you are in the US, I believe its more expensive in the US) is a good all around certification which you can use as leverage to land your first job.

That said, TryHackMe is a learning platform. It's hard to say if you will get a job from just learning TryHackMe without actually practicing it and understanding the course content. It's not impossible but it is better to look at it from a realistic POV. Try to supplement your learning with projects to which you can apply the knowledge and skills you learned and this would improve your resume tremendously.

Hello team, Good day. I've been assigned as the lead for our upcoming Vulnerability Assessment and Penetration Testing (VAPT) initiative in our cybersecurity department. While I have a solid foundation in pentesting knowledge from platforms like TCM Security, Hack The Box (HTB), and TryHackMe (THM), I'm seeking guidance on how VAPT works in real-life scenarios. I would greatly appreciate any advice, recommended resources, and important documents or prerequisites that I should study and prepare for.

thanks

Gave +1 Rep to @dense dagger

So I'm gonna say this sounds like you are setting yourself up for hurt if you don't have practical experience. My advice would be to possibly look for outside consulting to get your company started. If that isn't an option, are you saying you don't have vulnerability assessment/testing right now? that would be your priority over penetration testing. There are a variety of products out there and companies are pretty willing to work with you to set up their product if it is a decent size company. Otherwise you may flail a bit. At best, you'll have a rough start, at worst you could take down some of your company's critical systems and deal with the results of that.

Yeah, will collab with another company(something like consult, support). We're also looking at tools like rapid7, ridgebot, etc. Anything you would recommend?

do you have a vuln management process?

I'd recommend completing the beginning 2 courses minimum in google's cybersecurity professional cert. It will get you familiar with a pretty uniform way of conducting audits and get you familiar with some other things that you would like to include in your reports. You could finish those two courses in <5 days with your level of experience. These guides are tailored to blue team, but the concept of an audit would be very valuable to you.

Create an inventory of assets, prioritize them, understand the risk if compromised, and have an understanding of your companies security surface. All of this will be important later when you provide information to stakeholders.

Hey guys, do any of you guys have a paper I can read or video essay i can watch comparing all the jobs/niches of the cyber security fields, with average salaries/what you do in the role/what certificates you need to qualify for the role? whenever I look up specific jobs all I'm really getting is salaries and I'm looking for a bit more then that, thanks!

are you in the US?

I am

have you looked at the THM careers room?

It doesn't go into too much, but its a start https://tryhackme.com/room/careersincyber

so CyberSeek has a ton of info if you are in the US. I thought it had salary but I don't specifically see it here
https://www.cyberseek.org/heatmap.html

This talks about some career areas at a high level
https://www.cyberseek.org/pathway.html

This is all related to the NIST framework, this talks about careers, this is aimed at kids but is pretty good
https://niccs.cisa.gov/sites/default/files/documents/pdf/career profiles5.pdf?trackDocs=career profiles5.pdf

And this goes into more detail
https://www.wicys.org/resources/nice-workforce-framework-wicys-video-album/

I'll say generally for Cyber Careers, the pay doesn't differ a ton from job to job for similar levels

Thank you so much! I really appreciate it!

Gave +1 Rep to @pseudo creek

Thanks!

Not yet

The 2nd link has information on avg salary once you click a specific job title

its also hard to do average salary in the US because that counts NYC and North Dakota

thats what you should look at first before looking at tools

It'll be helpful if you could provide resources

What do y’all think about the PNPT? I do have the time and money to go for it now and spend time on the training they provide. I know what y’all would say but should I go for it considering any other options?

There are just too many options after the Sec+. From the pentest+ and the CySa to the PNPT/PJPT to the CEH

It's good but there is limited recognition to it

That is the only reason I haven’t went for it yet. I do see how practical and applicable it is but it’s not widely recognized like the CEH and whatnot

CEH is meh imo

Ah screw it

CEH is big in India

I’ll most likely go for the PNPT

I don’t wanna Jinx it but I believe it will become more popular over time

Do we have a role for the PNPT cert ?

as long as you can sell yourself to employers, it will help

We may have to update our brain banks on this one. Was told by someone in India in a different server that this wasn't true anymore so idk

Ehhhh

The OSCP is the most widely recognised junior pentesting cert on the market at the moment. SANS GPEN also highly rated. PNPT is gaining some recognition from prominent companies and gov/military orgs.
A certification will go a long way but you really have to be going into it because you like that kind of work and you aim to get good at it and want to provide your skills

Yes. I did take a look at the PNPT’s curriculum and all and what it teaches. And I’ve noticed that all the reviews have the “very applicable/practical/in-real-life uses”

At the moment it's definitely more of a learning cert than a HR cert

Yes there's almost certainly advantages to the training TCM provides but you'll find a lot of places will then go on to ask, "So do you have the OSCP?" or "When are you doing OSCP?", thinking it's the holy grail of pentesting knowledge. Knowing lots of people who've done it, including someone who got a job with OffSec after he did it, it is very challenging.

The market for certifications has broadened the last few years with the rise in OffSec prices creating a gap at the bottom and PNPT does seem to be getting a lot of favourable reviews as a learning process

Market's broadened and eLearn kinda flopped

Not a lot of options at the lower end for practical certs

Well INE really cut the legs out from under eLearn. I enjoyed TCM's udemy course and he does give a chunk of it for free on YouTube as well. TCM and the other entries at that price level are working hard to gain traction

Well, I’m not really concerned about the OSCP as I’m going for computer/Electrical Engineering as of now. So I’ll be getting a tad bit into the hardware side of pentesting which is a ton of fun! And a university credential in engineering is pretty solid

INE made so many steps in the wrong direction, they basically killed all the progress that eLearn had made and crippled the products

Yeah INE produce such generic training, it was hard to keep following their path. I liked how eLearn had built a range of courses. I got access to mine a short time before the takeover so was on the eLearn platform rather than INE but then started my postgrad

I think the PJPT is a substantial substitute for the eJPT but I also think if you're in that price range for a cert, why not just go with the PNPT as it is, or one of its contemporaries?

I thought the same thing once the PJPT was released. Yet to see a reason to get PJPT and not PNPT

I do like the rate they're producing courses and expanding the range of certifications. It does seem though that every training provider, once they get big enough, feels they should be a cert provider too

The OSCP has a reputation for being a challenging experience from the learning through to managing your time and producing the report. Other providers are also tending towards more realistic exam environments. OSCP's 'Try Harder' philosophy is intended to encourage you to not be so reliant on automated tools and to explore other methods to get the job done. With 24 hours for exam and 24 for the report, it's said to be an intense experience.

Other providers are aiming to give you a more realistic sized network and timeline. For PNPT I think it's 5 days for the pentest and 2 for the report; CPTS is 10 days total and other providers are doing a similar thing. There's plenty of reviews and opinions for courses and certs via your preferred search engine

My friend is a pentester (junior) and he does each pentest in 2 days (including reports), so I would say oscp is fairly realistic apart from the fact that most people "crunch" more for it and "try harder" for it

Not a general tip but if you completed the Google cybersec course you get a discount price towards the Security+ by compTIA. If you do decide for the Sec+ then I’d absolutely recommend Professor Messor either on his Youtube channel or on his website

don't post in multiple channels

damn, 2 days 💀

will keep that in mind

thanks bro

there are a lot of orgs. Do you happen to be a woman?

so I'd look at some orgs like ISC2 and other local cyber security orgs

Just curios, and for women?

There are a variety of orgs like Diana Initiative, WiCYS, Womens Society of Cyberjutsu

Good to know

I know people have said that they found their local ISC2 meetings to be extremely useful for mentorship / finding jobs / etc

Hello guys, I'm a CS graduate and currently in the web dev field. I'm interested in starting a career in Cybersecurity and was wondering how to start, which certs to go for. Also, will it be possible for me land a remote job once I have one or two certs? I'm not from EU or the Americas

Usually remote jobs are harder to get into, especially as a junior. I also think it is easier for juniors to learn and adapt to the job when it us on-site and they can actually meet their co workers. Also, #start-here

You should probably learn info that is relevant to all of cyber security until you know what role you want, then go ahead and start learning and getting certs for that role, when you get to this stage, ask around to see what certs are valued most in your desired role.

Comptia A+ is a good place to start for certs, or google cybersecurity professional is pretty good and preps you for Comptia Security+. I would only suggest comptia A+ if your CS program didn't cover networks and network protocols in much detail.

Hey guys, just a question about progression, Im currently working in a SOC, any steps you would recommend for a jump over to red teaming?

learn red teaming skills, if your company has a red team, see if you can do stretch assignments with them or at least ask if one of them can be your mentor

Tbh Id say my red teaming is stronger than my blue haha, were currently looking at opening up active defence stuff and its looking like i'm first in line so that is hopefully gonna involve some red teaming stuff as well, do you rekon I just stick at the thm rooms for now then? @pseudo creek

the THM rooms are a very good start

Is it worth bothering with the A+ in your opinion? Or straight to the Sec+?

If you already have a job in SOC, I don't think the A+ will help you

Do you think A+ is worth it if I've been a data manager for years and am currently doing Google cybersecurity/Security +? I've been watching some of the study videos and got a book from the library and it's interesting but I'm very intimidated by the amount of material it covers and my ability to pass two tests about it heh

Taking A+ really depends on your level of basic computing knowlege. What is a motherboard, differences between x86 and x86_64, really basic networking, etc

I would say I know the basics but not all the details. I did tech support for awhile but it was in the mid '00s and I mostly ended up being the one that fixed everyone's corrupted databases and didn't get into the actual bits and bobs much.

no shot he's doing pen tests in two days including reports lol they're vulnerability scans 100%

it's troubling, many people in IT (even in security) have trouble telling different vuln management activities a part

i think in large part, because of the overlap of scanning and pentest

yeah cuz i'll say I can't imagine writing a report would take less than 1 day

If a report gets written in a day, I'd have questions. I just had to write a report covering 70ish hours of work I did last week, and it was a crunch to get it out in 3 days.

Yup. Imagine spending £5k+ for a test only to end up getting a beautified Nessus scan report

And then taking into account the internal QA process and then the amendments you make from that. 3 days minimum typically

I mean, I've never been a pentester but I had to do evaluation on SaaS products, after compiling my filings, it usually took me 3+ days to write a report

when I was doing internal pentest, I would take 2-3 weeks to perform the technical work, and another 1-2 weeks to write and tune the report for the stakeholders

that is an incredibly long time for reporting

I think that's a reasonable timeline honestly

Especially if you're an external company, you want to make sure everything is buttoned up so the org paying for you doesn't feel shorted

Every stakeholder cared about different things, part of that was generating multiple versions of the report to emphasize the bullshit everyone else wanted in their report. It was tedious and moderately awful, but it was the only way to make any progress with remediation.

They are graybox pentests.
The team lead talks to the client and gets a tour of the application, asking questions and coming up with ideas on the way. Then the team lead hands the application off to one of the workers, gives them a tour, and tells them his ideas.
In the following 2 days (8-10 hours a day) the worker tests the team lead's ideas as well as think of ideas and look for vulnerabilities themselves, as and write report (usually around 9000 words, but templates are used).

It's mostly for compliance I would say

so testing a single web application?

hello

can anyone here guide me to become an expert in cyber sec ?

with resources

i just dont know where to start and what is the best resource

#start-here

Pretty much

Many pentests are limited in scope due to their target and requirements. The range of tasks a pentester can engage in include anything from vulnerability scanning an internal company website or application to pentesting an app on a server all the way up to a full scale red team operation emulating real APT activity continuously over several weeks, months or throughout the year, depending on many factors

Sometimes you just get a sample to test, especially if the tested company wants to save money. It’s usually like a group of a few computers, servers or other devices which take less time to test than a whole network. Is it reliable? Not really, as there still might be some misconfigurations and vulnerabilities on other devices 🤷‍♂️

Well it's up to an organisation to perform their own risk assessment and due diligence to determine to what extent something is to be tested and whether the results are sufficient. This does not absolve them from their regulatory or standards compliance obligations and it certainly doesn't indicate the level of protection they have against real threats

Yes, unfortunately even though there are regulations security regulation in different parts of the world, companies will still try to save money 😄

Kind of a weird question but does anyone know what formatting is best for your resume to get pass the ATS?

LaTeX does pretty well from my understanding

I use AwesomeCV

Hiii

Hi 👋 I'm looking for a new colleague in the position of a SOC Analyst. There is the requirement that you MUST be based in either Germany or Poland. Drop me a line if you're interested.

@distant pier @vagrant canyon @austere fractal Who should users verify with to get access to post to the #jobs-board ?

Typically, we ask that people not recruit from here until they've verified their recruiter status and gain access to the #jobs-board room - nothing against you or your org, just that it really does help weed out the scams and other "opportunities" that aren't really jobs.

Let me check and get back to you

Aah I got ec council cct certificate scholarship i need some opinions on it before I pay for course

I'm not a recruiter, I'm a security professional looking for colleagues. Sorry if this is not the right place to post offerings.

yes its nice

Just wanted to know which pathway to take, just don’t want to start at the very beginning cause I have my CCNA and already know the basics. I wanted to get more into pen testing

I also plan on taking the comptia pentest+ exam

Does anyone have experience or know the ec council Network Defense Essential, Ethical Hacking Essential and Digital Forensics Essential. I got a deal for 200 Cad, is worth pursuing. Currently a second year comp sci student wanting to get into Cybersecurity

I wouldn't pursue anything ec council unless possibly you are in India

#junior-pentester-path followed by #pentest-plus-path then probably

YIKESSS, I am in Canada. So Oh damn

Better to pursue sec+? Would it be bad if I do sec+ without doing net + or a+? Or should I do net + first ?

I think Security+ is pretty solid but I also don't know the Canadian job market

Difficulty wise, would it be better to do net+ first then sec +?

that is generally the recommended path, both are solid certs

If I wanted to start a career in Cyber Security and I only have a Bachelor's of Science in Comp. Sci., how would I start?

Are you currently working? Just Graduated? Do you have a minor/concentration in Security? Do you have any certifications?

Just Graduated 2 months ago, looking for work.

I have no Certifications yet.

I graduated with my BS in Comp. Sci., and I'm just nervous because I'm not finding any jobs or anything.

At least applying, when it comes to networking, I actually do pretty well.

It’s a tough time right now. I’m sorry for you.. it took me 5 months to find a job after I was laid off and I have about 4 years experience and my degree.

Best advice, talk with people personally. Find a company you like and DM the ceo/cto about an entry level opportunity directly. They love the initiative and you get past HR and recruiters looking for every possible reason why you aren’t the best candidate.

Also talk with friends, many of them won’t be hiring because their teams just had layoffs, but that one that will is the key.

Thanks, I've noticed I've had a lot of success talking to recruiters directly.

Gave +1 Rep to @echo fractal

I almost got a job 2 weeks after I graduated because I talked with some recruiters at an event a club I was in had.

I know it's just a matter of talking to people, but how do I talk to recruiters for companies where I see the job posting online?

I disagree with you on the DMing part. Cold messaging can be seen as annoying and isn't really helpful when they aren't a part of the hiring process. That and they aren't typically "public facing" like recruiting. Leveraging your alumni network is a better alternative.

It took me about 3 months and some change to get a position out of school in 2020. I probably sent out about 100 resumes and got 3 interviews. I wouldn't stress and would advise you to continue to work on your resume and not utilize the shotgun approach.

if the role for the target is actually recruiting, it's not so bad. And being polite when reaching out to someone to ask for advice isn't necessarily obnoxious.

I would say that joining a local meetup group for a topic (such as linux or toastmasters) is a great way to network and make contacts with people who may better ability to tell you who to contact.

Did I word my response weird? I was going for DMing employees that aren't involved in the hiring pipe. DMing recruiters or anyone listed as contacts is totally fine imo

No, I understood that. It's a little weird, but it's not necessarily bad. Asking someone you don't know about their job can be very off putting, so someone asking how to get started from total strangers could very defiintiely be mis-interpreted as a phishing or social engineering campaign.

Yeah, I can understand that.

I'm thinking maybe I can put a new project or something down on my Github and Resume.

Question is, don't know what.

I wonder if I'm just not good enough.

i'm doing a good project rn

soc analyst home lab which u attack with a different vm

https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro

@mellow lily here it is if u wanna take a look

Oh hey, thanks.

Should I try a project around Embedded Systems?

all up to u dawg

I just want to try designing some fun software project.

Anything you’ve done demonstrating skills relevant for your desired future role.

Gotcha.

Maybe a problem with my Resume is that I have projects focusing on different things.

That's not a problem

Post a redacted picture of your resume here.

Make sure it embeds, people don't really like to click links here.

Hiya. Once I have completed the appropriate courses ect. How do I search for jobs that allow/require tryhackme as a qualification

I cant seem to find any on indeed

TryHackMe is not a 'qualification'

Do you have any prior professional experience or a degree? TryHackMe is an extracurricular activity that is done on the side. It is not a qualification and does not act the same as a certification. This is due to THM not verifying you know the material or that you did it yourself.

what do you guys think about IT Pro TV to learn courses to get certifications ? is it a good platform to learn ?

i have never heard of it

IMO you will get more value if you study with a small group of friends, especially for entry level certs

Well, still I probaly need some courses to follow I think, I'm trying to get the CompTIA Security+. idk if you guys would have an online course to recommand for to pass this certif ?

oh boy

yea thats the IT Pro TV I was talking about

There is a free youtube course from Professor Messer

Oh, ok thx. Do you need to maybe pass the Network+ certif before doing this one ? I have very little knowledge in networking.

Sec+ makes the assumption that one has comparable knowledge required to pass Net+

hm okok, so network+ should go first

no, it just assumes that you have comparable knowledge required for Net+

You dont have to actually take Net+

yea, but if I have the knowledge required for Net+ I might as well pass the exam

If you want to, my only issue w that is you have to pay for it. I know people that have never taken Net+ but have passed Sec+

If youre paying/asking your employer to pay for a certification, be sure there is a return on your side

Yeah for sure, having to pay for it sucks and if you feel like you would pass it but don't want to spend the money then just skipping the exam can be worth it for you.

But I know that personally speaking I will need to pass the exam just to not have any doubt in my mind on either or not I had the knowledge to pass it. I need to have the confirmation.

If youre gonna pay for Net+ then get Sec+ afterwards, imo, the value of Net+ diminishes as it got superseded by a higher level certification. In my local area, security positions, Net+ is not part of certifications they look for.

If you feel that way, then its worth it to take Net+

SEriously though, don't pay out of pocket if you can convince your current employer that it will enhance your ability to do your role.

I'm a student ^^ don't have an employer yet, but my school is more of a general type of school and not focus 100% on cybersec, so I need to work on my free time to get those certif, and like I said, I need the confirmation just to have this peace of mind

Your school may have a program to help subsidize the cost of certs - be sure to ask

at the very least, you may be able to get a workstudy or internship at the schools IT department that may help offset the costs

If youre a student, you should focus more on networking with other people and finding internships to increase your value

didn't think of that ! Ill ask, tho its a private university so I doubt they will, but thx

Gave +1 Rep to @flat sedge

yep, I have an intership in about 6 month that I need to find, so having those certifs on my CV would also be a good thing

heard it could take up to 6 month to get one of them, I hope it won't take that long for me 😒

How long do you guys think roughly it'll take to study for net+? A little bit of experience in networking. I think I'll take like an hour a day to study. I do know that everyone studies differently

Thanks !

3 months is not unrealistic (depends on how fast you learn and where you are now, how many hours you put in etc...) but faster than that you have to ask yourself if you are really going to retain the information you are learning

Definitely a good thing but for internships, certifications are not a hard requirement

I'll have about 44hours to put into into it per week, with 2 years of studying computer science as a bagage, wish me good luck lol

That's great, make sure you know the most efficient way for you to learn and then go for it.

Just make sure you retain the information ( a recruiter/employer should be able to ask you questions in the future relating to content learned and you should be able to answer)

yep, I always take notes, using obsidian to organise it.

last question tho, would compTIA A+ be a must before going for net+ et sec+ ?

Not in my opinion no

alright thx! I guess thats more a certif for ppl with no IT experience

I have a first class honours degree in computer science and have done some penetration testing as a module and a module on cyber security ICT.

But still it seems hard without COMPTIA ect

for sure for sure, but i feel like if there are things to learn for the other certif that I dont know and that are in the A+ I can just learn them on the fly

wow thats nice, not there yet but I'll try for this year

I used them for my A+. using them for net+ now and professor messor. they have virtual labs and test. not bad if you plan on studying and then taking the certifcation exam soon after

So I've been watching videos about SOC analyst positions, info sec in general, etc. and my main concern is that so many people seem to have a bachelors in CS or something related to IT and i only have my associates in CS with a track in info sec(graduated in Dec 2022). I just got my A+ last month working on net+ and then Sec+ before starting to apply for Cybersecurity positions. I'm currently a "IT Support specialist" (my job title). My main concern is.. Will I not be able to secure a interview without the bachelors??? Am i hurting myself for not being in that pool of canidates with bachelors?

Also, any tips on homelabs? I downloaded packet tracer and oracle VM but without preset questions to go off of i dont really know where to start. TYIA

I personally used it for A+ and Net+ as a learning source, in addition to Professor Messer's videos and Jason Dion's practice tests. Using all those, I was able to pass on my first attempts

you can 100% get a SOC Analyst position without having a Bachelor's. I went to college for 2 years and am 1 class away from an associates, and just landed a SOC analyst position, also coming from a background as an IT support technician. it does require very intentional work, but definitely can be done without holding a degree.

Hi Friends

I am working in IT and preparing to get into a cybersecurity role. but whenever start something I feel i am not on the correct path to get into cyber security role.

I know basic of Microsoft and networking

any recommendation on where to start and finish? I am happy for entry-level entry-level SOC or pen testing

anyone here faced same challenge, or any mentor here

👋 I'm giving a talk at Blackhat about one of my tools. Which one should it be? https://github.com/bee-san , what would you like to hear about? 😄

link to github b/c you can see my tools 💀

Ciphey

Ciphey 2.0 when!?

Now 😉 https://github.com/bee-san/ares

Here's the blog post https://skerritt.blog/introducing-ares/

Ares is 8445% faster than Ciphey 😄

Ohhh

I literally just turned off my machine just now.

I'll be adding that when I get in!

On*

not as many decodings, but is faster 😄

A race is thing which is not made from bikes
A Race is a is fight in our own TIMELINE
So learn work practice no questions

Hey! Does anyone know if there’s a particular set of skill (cyber related) that i can learn which will allow me to earn a lil but consistent income on websites such as Upwork ? Not there yet to get an actual job (studying and doing bachelors) but lookin for some side work atm…thankss!!

It’s ok if the skill requires alot of studying…im ready to put the work in

Ares or Ciphey 😄

i LOVE your profile

Thank you! 😄

Gave +1 Rep to @rugged sable

Huh?

I would get a part time job in your local area if you need consistent money. Those sites and bug bounty can not be relied upon for stable income

Start from networking

Never ever trust be in on your own

Are you trying to contribute, or just saying things as they come to mind?

No brother its not about money

I didn't say it was, blink twice if you're being held hostage

👁️

Ill die because i called u my brother

Tc

🙏🏻

Is this in response to a question someone asked, or are you just saying things?

Things are different when it comes to emotions idiot

Are you sure you want to continue being rude?

And Jayy, don't try to instigate please.

My sincere apologies if i hurt i called u a brother and i should and must be loyal

Was not my intention, sorry

Sharing is aways caring

Always

No worries. No warnings for anyone this time, just please use your best judgement and if you don't have something to actually contribute to a dicussion.... dont' derail with random stuff.

Loyalty is a two way street remember

My apologies sir

Forgive me

U r an indian

oh my god my printer works over wifi

this is so weird

i cant believe it worked first time

im never ever going to let it go

Has anyone interviewed with Amazon AWS before? There's a chance I'll be offered an interview, but I might pass because of how daunting their interview process appears to be.

Most big corpos have multiple stage interviews

Every mid- and senior level position I've had that was an external hire, I had at minimum 3 interviews

Recruiter, Technical, Personality

The whole "answer all of our questions in our special format and it must relate to one of our 12 commandments" thing is really throwing me off

Doesn't help that I don't have too much interview experience.

That's usually screening type stuff to make sure you know how to read documentation and relate that to a specified output

any recommendations for passing Sec+ asap. also how much weight does it carry if you already have entry level exp and a CS degree? TIA

how soon is asap?

Studying abroad & they dont allow part-time jobs😭 Working online is the only option..thanks tho!

Whatever is most expeditiously possible. I just don’t want to waste time or over master stuff or learn any fluff

fairs

i myself watched all prof messers vids on 1.25x (you could watch on 1.5x to save a few hours), touched up on anything i didnt understand with a sec+ book by gibson, then got practice exams from dion

im taking sec+ myself

depending on ur knowledge u might not even have to watch the vids, u can just get some exams and fill in any gaps with google or a sec+ book

dion's exams have detailed explanations for each question too so that helps a lot

Would mike Myers and dion be enough?

probs yeah

might wanna go check out the exam objectives too

n tick off whatever u feel comfortable with

just to make sure theres 0 gaps in knowledge

I am working in IT and preparing to get into a cybersecurity role. but whenever start something I feel i am not on the correct path to get into cyber security role.

You'll be fine, either way it's an experience!

May I ask what some of the things are that you have started?

Is it a reasonable certificate from your point of view?

It's not recognised

I'm currently searching for an entry helpdesk/user support role and need probably some kind of windows certificate for that purpose. Has sb. a recommendation regarding windows certifications?

the only windows certifications i know are of the cloud-based ones

https://learn.microsoft.com/en-us/certifications/windows-server-hybrid-administrator/
https://learn.microsoft.com/en-us/certifications/exams/md-102/

IMO, A+ is the closest to what you'll get for a help desk certificate

Thanks. I just need some kind of guideline to get the knowledge asap and can prove it with the certificates

Gave +1 Rep to @dense dagger

Is there anywhere that lists the pay range for the THM jobs posted in #jobs-board ?

I don't think so.

Frustrating. I wish it was mandatory for all jobs to have to include at least a range. I hate wasting my time applying for something only to find out it will barely even cover rent. 😢

They can correct me, but I think the last position posted was £40,000

Hi all, I'm looking for my first job in cyber security and I'm really struggling to get my foot in the door. I'm based in the uk (London commutable) and I've applied for over 300 jobs now, with maybe a dozen responses and only 2 interviews. Both rejected because other candidates had more experience. I've got a CompTIA a+ and CySa+, and I'm learning on tryhackme, codecademy and immersive labs. Does anyone have any advice?

Do you have prior professional experience? A degree? Also, submit a redacted copy of your resume as a PNG here. You need to verify.

!docs verify

A shotgun approach for resumes is also not recommended

You need to tailor your resume slightly to each position

No, i have a business studies degree, I'm trying to change career paths. The only it experience i have is 2 years working the helpdesk.

How would I get started in protecting crucial infrastructure?

I am have one year left for college(Degree Cybersecurity) Is there entry-level for NERC CIP ?

GICSP is your entry level iirc. It doesn't really go into NERC CIP specifics though, that's a different SANS class.

In order to get started, once you graduate, look for jobs in OT security

I appreciate your answer.

I will say, if you end up in an environment like the electric grid, I would make it a point to ask to go on ride alongs with the line crews. It will help bridge the community divide and you'll get to see how things you're defending actually operate

Is there a safe and trustworthy way to upload a resume on here for review? I suppose I could link a Google docs link but I know some people may not trust it.

You can redact PII and upload screenshots 🙂 That is the easiest way we can all agree is least likely to be malicious

@flat sedge awesome thank you!

Gave +1 Rep to @flat sedge

@flat sedge will uploading a .png file directly to this chat work, or should I upload it to something like photobucket or imgur?

You should be able to upload directly

@flat sedge thanks 🙂

Gave +1 Rep to @flat sedge

For someone with a bs in Comp sci, a masters in cyber from a very well known name brand university. One year experience security engineering. MCOL and the basic cloud certs. What would be salary expectation?

Itll depend greatly on your location

Medium cost of living, let’s use Austin Texas as an example.

Based on cost of living adjustments from a low cost area making 80k/yr, Austin sets the bar at about 130k/ yr.

That's not taking into consideration any other experience/soft skills you have that could play into a company wanting you on their team. Nor does it bring in benefits that may supplement.

Also, this should be Hella low. But figure as a baseline it'd be a good idea. Up only, from there

Damn 130k/yr sounds great for just starting out even though I have a little experience and a decent background

hello, im taking the foundations of cybersecurity google course. if anyone has any general tips to help this course go smoother or even advice on notetaking it would be much appreciated

I would advise you to learn how to use a notetaking app like Notepad++ or Cherrytree or Obsidian and organise it by chapter. Read a topic, write a small paragraph and copy any commands in there and to a separate tab for commands. (This comes in handy as a reference later as you can easily modify the command to suit other environments).

I'd recommend you make a habit of scheduling at least 2 hours a day and stick to the schedule (even days you don't feel motivated; a little activity will re-motivate you, that day or the next).

Have a physical notebook and just write casually in it about the things you're learning, your feelings/experiences, what you liked and struggled with, what you've learned today and what's ahead. Use this notebook to also scribble down diagrams or whatever random thoughts you have. Have a read back in it at some point over the weekend when you have a few minutes

Sir I am using GitHub repo as note taking because I learn Linux and cyber security from virtual box and bidirectional sharing in not working

If you have any suggestion then pls help

I just finished the Google Cybersecurity Certificate. I used google Docs to make notes. To be honest, the courses were a lot more general than I expected. The most important notes I took were on which topics I need to delve further into. Good luck and feel free to reach out with any questions.

If that works for you then you're doing quite right. It can also demonstrate to a potential employer that you are learning as you go

Thanks for the tip on Notepad++. Just downloaded it. Was never a fan of Cherrytree for some reason.

Gave +1 Rep to @rugged delta

No worries. Different apps suit people differently. I use Cherrytree for some things but it is a bit convoluted in its own way. I've heard lots of good things about Obsidian from several regulars here but yeah Notepad++ has always been comfortable for me

is it possible for me to get an internship in the EU as someone not from the EU

i am willing to pay for my own visa, i don't speak any EU language other than English at a decent level

I'm new to coding (c, python) how can I find a job where I can work remotely for free and gain experience and add to my CV or should I develop my own project

what type of job do u want

hey can someone help me with how to build a cv . I don't know what skills would be relevant to add to my cv or can I get a reference cv

Thank you @cerulean hemlock and @rugged delta I will make note of these tips

Gave +1 Rep to @cerulean hemlock

Open source software

To be honest, I'm not sure, I made websites for myself and some games I play, now I'm making plugins for some applications.

I was actually thinking of doing something like fasterthansight, what do you think? I can also make a mobile application.

I ment contribute to open source

I'm taking this right now too! I take all my notes in an actual pen and paper notebook because studies show that the act of physically writing something down can help you remember it, even if you don't ever refer back to it. I find that to be the case for myself (ADHD, nothing is real if it hasn't been written down 😅) I am in the 3rd course (networking) and have found it all to be fairly straightforward so far. I hear it gets more difficult in the 4th course as things get more technical.

Has anyone transitioned from working as a network administrator to a penetration tester? If, so what struggles or road blocks did you encounter?

GL for all applying to the Technical Support Role

did you apply? 👀

Many companies provide internships, but these are usually provided for people close to graduating, or recently graduating from college/university courses in the country, with residence in the country. Almost all internships I've seen require you to be in the office 5 days a week for the duration, so you would already need to have residence in the EU.

You would almost certainly need to have a job or college place prior to gaining access on a visa unless you can demonstrate you already have the money you would need to live in that country for a minimum of 6 months with no risks

It's up to you, potentially with help from your recruiter and the local embassy in your country for the country you wish to enter to meet the terms for staying and working there. Each EU country is a separate and sovereign state with their own laws, and while travel within the EU is possible for EU citizens, you may need further authorisation.

English is spoken as a second language in several EU countries and many other EU citizens speak or understand it, but most countries would require you to have proficiency in their official language to take up most jobs. Some countries have well-developed integration programmes while others expect you to have fluency to some extent, and also a particular job might have more or less stringent requirements.

Sorry to be that guy, but seriously Google it. Plenty of references out there.

My tips are don't put your picture in it and don't rank your skills. Make sure you can prove you know what you say you know.

The company I work for does do remote internships. It's part of the necessity here though, since many of our teams are distributed worldwide; it's not uncommon for team members to be in NA, EMEA, and SEA.

Maybe I did, maybe I didnt

I considered it.

but I have zero experience.

Except helping out in the Discord, but that doesn't count.

Ooh! That's kinda cool. Most of the ones I've seen tend to be for people living/working in a location my employer and others has a physical office and yes, there are certain concessions made, orgs can be very facilitating a lot of times.

Hey guys, how long does the google cybersec-cert take?

I've done customer service for mc server hosters as a freelancer. So 🤞 along with technical support for a cloud gaming company as a volunteer on discord

It's up to you. They suggest spending 7 hours a week averages 6 months

They reccomend a couple months if I recall

Oh ~ i see ... how hard is it?
Maybe is should start with it aswell xd

Not hard at all, Im working through it myself

Good look with it :)

If you did though, your a college student right? How are you gonna work full time

They suggest it covers all the topics on the Security+ exam to the same extent. While it's not recognised as so by CompTIA, it should be quite substantial. I haven't done it myself. While it doesn't provide the same level of credibility as a certification like Sec+, the certificate may demonstrate to potential employers your interest in the field if you also demonstrate a pursuit of other skills/accreditations

Not me misreading full time as part time... dam

Oh~ I see. Thanks for the detailed answer

Gave +1 Rep to @rugged delta

You should read their FAQ but you can access their course for free, I believe. You only pay for the certificate

How much is the cert?

I think you'll stil need to pay to access

1 month free access if i recall

It's a 7 day free trial

obviously it shows you that only after you've made an account 🙄

How does that not surprise me

It took me 4 weeks without feeling rushed. I had some background knowledge so some courses felt like a review. Not difficult to pass.

I'm not logged in there atm. I bet you could cram it in 7 days

You can apply for financial aid and audit the courses. The only thing you can’t do in audit mode is submit weekly tests and Python labs. After auditing all of the courses I did the 7 day free trial. Submitted all outstanding items and ended up getting it for free.

I saw some people do this. You don’t really retain what you learn that way but it’s doable.

Ok. Thanks for the tip :)

Gave +1 Rep to @cerulean hemlock

The objective is just to get that certificate. If you want to learn something, I'd suggest the Professor Messer Sec+ course or a Sybex book and a bit of graft

Obviously if you're serious about learning the content and gaining the certificate, I'd encourage you to work at it and pay for the full experience. As for certification/qualifications, Sec+, CISSP and OSCP are the primary ones you should aim for to get through HR barriers. It also helps to hold a B.Sc in a relevant field.

I often recommend Marcus J Carey's Tribe of Hackers books. These books are a series of interviews with experts in their respective zones of cybersecurity. He's a former NSA cryptologist and is featured in this episode of the Darknet Diaries podcast:
https://www.youtube.com/watch?v=JemCG7y_2kc

is it true that cyber sec pay way more because the bootcamps (trying to singup)tell me if I do the course and then get 10 certs, people will be throwing jobs at me
or its fake dream ?

Not sure if this is being facetious or trolly, but no, that's not how it works

You should be very wary of sites trying to sell you bootcamps. It's always a good idea to discuss whatever courses or offers you're considering here where people with experience and knowledge of the most effective training methods are available to help you

Do you need to commit for at least 6 months

I can do 5 months max

That seems a little odd. Why can you only commit to 5 months? Generally an internship is a gateway to a full time position with benefits and pension and healthcare and funding for training and a chance at a stable career. You're essentially undertaking it to start as a full time employee of an organisation and after the internship they'll want to pay you to be part of the team, develop yourself and progress in life

They're essentially paying money to train you to fit in to their organisation, understand the culture, develop professional relationships, build a portfolio, earn trust, learn new skills and technologies and ways of functioning in a complex environment

My current internship ends in October and the school term starts in April

Yes things are different in Europe since I'm not getting any benefits

So why are you looking for another internship? Are they giving you the option to continue as a regular employee? You should query this with your manager/supervisor to understand your options

My current internship is red team stuff, and I want to learn blue team stuff. in order for me to go to the client I need an OSCP which I don't have

Have you asked if they'll sponsor you for this?

They won't

But it's more of I want to do other things and not just pentesting

I've applied to all the internships in my country, I could try again but still

Well you should discuss this with your boss to find something that's more workable, because a company that wants to employ you will usually have a training budget. If you're already interning as a pentester, you should inquire as to their training programs and recommendations. If they want you to have an OSCP, you should ask them to confirm in writing that if you acquire it they will give you a full time position.

Or else, yes, apply to other internships. Consider finding your own funding for certifications if an employer won't support you. Also, OffSec does have a blue team cert they class at the same level as OSCP. OffSec certs are expensive, somewhat prohibitively so for some students, as they market their certs primarily to organisations for their benefit

Preparing for the OSCP can be a huge time and energy commitment. Their subscription programmes are tailored to facilitate people to undertake the course over a year and many people spend 4-6 months if they're fully committed

In addition to this, an internship ia usually intended as an educational experience, to give the intern a sampling of tasks that the type of role is involved with and does. It's basically 'how to adult in a corporate setting' training that is not possible to get without having work experience.
Internships are tryouts without commitment on both parties, as the corpo culture may not fit for the candidate as well.

Is it worth it if I plan on self studying cybersec and work as bug bounty hunter as a part time job in the future? And software devloper as full time?

What do you mean by worth it?

Like devoted to study cybersec

In college or something

Or I should just go for a full time career

IMO, having a full time job is better than doing bug bounties. Most of the time, you won't find anything or if you do, they may have already been reported by someone. I also wouldn't classify bug bounty as a part time job, since it follows a bounty system meaning you don't get paid if you don't find anything worthwhile.

Sorry in advance if my words are confusing

Doing bug bounty on the side is something that others have been doing and something you can follow, esp. with skills in software development you can try to think in terms of a developer and find bugs that way.

You can study cyber security but it is very broad so you can pick a niche like application security (since you mentioned you wanted to try being a software developer) and be really good at it. After that, you can apply these concepts practically such as Secure Coding Practices, Dependency management, ensuring the pipeline, etc.

After that, I can think you can transition to an application security type or a DevOps/DevSecOps role after being a developer

Hmm interesting

There are many opportunities you can get into cyber security, DevSecOps and Application Security are just two branches 🙂

I didn’t know these possibilities before. So is it that it won’t be too difficult if I become a software develop and then move to a cybersecurity related job position in the future

I can't say for sure that it won't be too difficult but there are lots of options you can take to get into cyber security, its not just "red team" and "blue team"

Thanks these are really helpful information!

hello everyone

Hello, hope you are doing well.

Hello, i want to take some community suggestions on how to pivot my career to cyber security at a senior level. I have got 2 decades of experience in infrastructure (networking, linux/unix, development, cloud, DevOps, k8s etc). Recently i have been doing DevSecOps, k8s security & secrets mgmt. I have always been partly responsible for security for the services i have built/managed, my personal interest is towards OffensiveSecurity. Currently i plan to just do CISSP/OSCP and then focus on my areas of interest (Web/API/K8s/Mobile/Cloud). I am open to feedback/suggestions

CISSP is a good next step, OSCP is only useful if you want to add pentest to your career. Do you have any experience with compliance? FIPS 140, NIST SP 800 series, NIST CF or any of the ISO frameworks?

Also bear in mind that if you want to do threat emulation security work, the value you bring is in the report not in the exploitation - at least 50% of your time is going to be spent on admin and report writing, not breaking stuff.

Hey guys quick question. How long do you think it would take to study for a CCNP? A lot of jobs in my area seem to be looking for that cert

I currently have no certs, just 1 year IT exp and was considering what to get for my first cert

it’s not impossible without networking experience but it’s quite unreasonable to go for ccnp without it - it may get you past hr checks but it will become evident you passed the cert for the sake of it in a technical interview

go for ccna first

Okay thank you for the advice

Gave +1 Rep to @static tide

One more question, how much is the exam?

that is a googable question

Okay i heed

No question is a dumb question unless you can google it.

anyone who's done the masters in cyber, have you found it makes up its value? just finished my bachelors degree and in an it manager role atm

aus based if that helps

what do you want to do?

i never ended up getting a degree

what part of aus?

Here's a job ad in Texas. Its a govt civilian job which is highest job security, but pay is generally low.
Check out this job at Air Force Civilian Service: https://www.linkedin.com/jobs/view/3658095546

I'm not sure where that number was pulled from, but that's extremely high for just about everywhere except NYC and a couple of places in Cali as entry. Entry according to glassdoor is around $75000

Hi guys, I always had a passion for cybersecurity and hacking. came from electrical engineering background mixed with some electronics and microcontrollers programming. had basic classes in java and c as well as AVR assembly language. Now I want to dive deep in cybersecurity. So, I enrolled in THM now about 80% in the pre-security path. I am also taking the ISC2 certified in cybersecurity course and planning to get that certificate. I have the linux basics for hackers by OTW. My focus now is practicing in THM and studying for the CC exam. I have the next 20 days that I can make a deep focus and study about 8 hours a day at least for most days. What do you guys think? Is THM a real deal? or should I change my path to do some HTB? (for experience proof in CV) which I just discovered. I am new to this career and I feel like I am a bit overwhelmed. After about 30 days, I will have less time to spend studying for about 5 months. I would have access to study for about 3 hours a week (in best case s***rio). The end goal is to land a good paying job in the field.

My experience is anecdotal but I have completed a few leaning paths on THM. I also had some good personal projects. It definitely helped me land a security position since I was able to speak to so many things and incorporate them and how they relate to my personal projects and technical questions I was asked

My, vision is "NO.. fired! >:_)

Once I grasp the fundamentals and the hang of it, I am planning on doing some HTB machines and documenting along the way. Also, I have the OSCP lab manual that will help me get the through some hardships. I actually read some books in the past about pen-testing but never practiced. I would just skim the topics until I get bored. I need to work on some of personal projects I guess. Thanks a lot

Gave +1 Rep to @blazing wyvern

The "YES.. hired!" phase now please. we will come to that later

some, reducted. :{ i read, EVERYTHING.. and what did i know?
(Nothing.. )

same here but trying to paint my coming days with some vibrant colors. Plans are nothing if were not put in action. wish you best

that's a good plan. THM is a great start. But dont undersestimate the amount of stuff in the learning paths. The SOC training path is pretty beefy with a lot of stuff. But it is very good IMO!

Now I am more keen to take the SOC path. I am as thinking of jumping on Jr pen-testing path after pre-sec. Hmm

Hello! is there a niche in cyber that’s really popular right now that i can focus on ?

Or is that not a thing

I think the thing is not doing whats popular, but doing the things before they get popular

if that makes sense?

not an expert BTW but someone has said that to me before and it seems to make sense to me

Focus on whatever interests you, regardless of popularity.
Makes learning and working with it much more enjoyable

I think you can cover more ground faster with THM. As a "complete beginner" HTB is probably too much. That being said some of their HTB Academy Modules are really good and go more in depth and are more challenging than the THM rooms. HTBs monetization is pretty weird though, so I'd say start with THM and once you feel comfortable try some easy HTB boxes (which are known to be not that easy)

It does…less competition the better ig

Thank you. this is helpful.

Gave +1 Rep to @proven dock

I have not get into the soc room

Idk anything about it

And here is offer for analyst post

Should I apply for it

I don't think I am even ready to face interview

Sorry they ask me directly

If they asked you, go for it
Plenty of prep material available just a Google search away

Idk how they think.i am perfect match

😵‍💫

Doesn't hurt to hear them out

What could go wrong

Hmm

I will try

The only regrets in life will be the things you didn't do/try

Should I start doing soc now

Idk your previous experience, analyst != SOC

But little bit of analysis maybe needed

Then what work will be there in this jobs

Well, my current job position is Cyber Security Analyst, and I do look at SIEMs, but I also do pentests and incident responses

So like, it's up to the company to explain to you what it encompasses, the job position titles and responsibilities vary everywhere

So if I want to prepare for interview for this role , what are the key things I should focus on

Rn

Well looks like they think you have experience in Automotive cybersec?
If you have that you should focus on refining/refreshing any knowledge/ prepping for questions regarding that

Also prep for any soft skills questions in case it goes that far

Everyone on the cpts channel on htb who's done both says the cpts is harder, the target network's bigger, more realistic. You have 10 days to do the pentest and present the report

i agree. its also more thorough with its modules and has a lot of information to digest. even the first module which teaches you about the legalities and required pentesting documents is very thorough

Yeah I had a brief read of the first module the other day. Starting into it properly in a little while. I'm not a big fan of the pricing structure but the content is pretty good

Please don't encourage fraud.

To get the student discount, the domain has to be from a registered domain name that is either a TLD of .edu or else from a known institution othat uses a different tld. Claiming to be from an organization without being a member of that organization can be fraud.

It does check the domain. If its not registered in their database, you have to apply for it via their support page.

Isn't that still fraud?

You're taking advantage of a pricing system by lying?

They have a list of acceptable domains and if your domain isn't on the list, you need to verify it with them and they check the credentials
https://www.hackthebox.com/blog/htb-academy-cpe-credits-and-student-subscription

@vapid plinth greetings to you. I am currently a part timer under a software company in their cyber security department.. will like to know more by following you up because I intend to do this full time in the nearest future and need guidance pls

I can't use gobuster on ubuntu pls help me house

I got a question for people who used THC a lot since I'm new to it, is anything from this picture similar to the stuff you can learn in THM or are those different areas of cybersecurity?
It's my university's cybersecurity path courses which I'll most likely do in 2 years but probably gonna learn through THM as a hobby for the time being, wondering how similar is it gonna be to THM tho

hey does anyone know of any companies in the UK that look at hiring STEM grads to train them up in cyber/ethical hacking? I know PwC had a grad programme based in Cardiff and I was wondering if there were any similar opportunities out there. thanks!

Verilog, Automata and Computability, Advance Logic Design, Integrated Circuits and Digital Circuits, Algebraic Structures are not in TryHackMe afaik

Hmm interesting
Would you say this subjects are still good to gain knowledge for the cybersecurity industry?
I haven’t checked but I’d assume those courses teach defensive cyber and not offensive, yet if I could learn both would it be a big benefit for me or would it be better to just choose one of those to focus on?

They are more electronics engineering, digital circuits, and math.

I'd say pick a niche and start being very good at it if you want to learn cybersecurity

So it'd be better to choose just one?
And yeah it makes sense it's more about hardware and such since the degree is computer engineering

But is there a job position which involves both what I'll learn at this courses and offensive cybersecurity? Since I'm going to learn both anyway not as a hobby, but one through my degree and the other through military service, so might as well check out if it's a good idea to combine them in the future

Also you're talking about the speicifc ones you're said above, or all of the courses in the image?
Since I'd assume the course "Attacks on Hardware" might be offensive cybersecurity?
And by the name of them, specially the elective courses I think some might be connected to the more digital side of things but I really am just guessing here

Yes but its a very niche job

what does niche mean?

Very specific/specialized job

Is it good or bad 😂

In terms of career opportunities, it might take a while

Hmm is it worth it at the end? As in, better salary etc?
And I will get the 5 years of military service in a cybersecurity, both offensive and defensive position, and this stuff are very respected where I live so it might help

What comes to mind are embedded systems/software engineer or being in a dedicated research team that focuses on hardware exploitation.

So the job those courses would prepare me to be at is related to creating hardware and software systems secure from attacks?

Not sure which second specialization to mix it with honestly. I could pick data science/engineering, something called like “Technology and Hardware”, or networking.
Which of those would be the best to combine with cybersecurity and also leave me the opportunity to be a software developer / engineer?

There will always be security in any role you take

Yeah but I meant which of the 3 other specializations would work good with cyber? I am needed to pick 2, 1 is cybersecurity, other is one from the 3 I've said
I'm kinda leaning towards data science/engineering since I think it's related to machine learning and AI which really interests me, but I know networking is a huge part of cybersecurity (maybe some of the courses I've sent earlier have some networking?)

I took Verilog as part of logic systems designing and PLAs (Programmable logic Arrays) that are specific hardware that you design using the verilog language to act as a special purpose computer that does tasks very quick as I recall and I remember that they are considered faster that microcontrollers. I think that the mandatory classes are electronics engineering/software engineering classes. I was doing electrical/electronics engineering. The elective classes are meant to arm engineers from the cyber threats that are related to hardware systems in the engineering field since cyber crimes are heading toward even power plants and any electronic devices. I personally did not have the chance to study any cybersecurity classes but I bet software engineers did since the work on the low level programming area which can't be seperated from the system's hardware.

I see, honestly sounds interesting
My degree is in computers engineering and not software engineering but I like the sound of that cybersecurity path, it sounds interesting to me and opens a new perspective and approach to cyber threats
I think as much as networking is very related to cybersecurity, taking the data science path could also help with it since it is also about databases, which are thinks that you need to protect as a part of cybersecurity defense
Currently I'm probably leaning towards going to the Cybersecurity and Data Science specializations but thinking to learn every one of the 4 for a little while as a hobby to see what they're about before I choose

My biggest problem about finding a job in the future is that I don't know what I want honestly. Been coding since I was young but lately discovered other areas of computers which really interest me too and I was thinking to maybe have 2 jobs, 1 for coding and 1 for cyber, but I'll have to look into how time consuming each job is going to be and such things to know if it's reasonable to do that.

You are right. Computer engineering makes more sense than software/electronics. If you want to grasp an understanding of a picture about networking, check david bombal on youtube and cisco network academy. They both offer tons of value content. From a personal perspective and experience, I found out the university degree gave me only some tastes of the specializations in each field of the major studied. Time allocation and consumption is still of my scope and hard for me to know. Hope the Best for you. keep open and learn

and enjoy along

Once I pick the specializations I'm definitely going to self learn back home as well
Also, I did notice 2 things -
Some of the mandatory courses seem to be shared between the specializations, so I guess they are basic courses required to do first, and the elective ones are most focused on the specialization itself
And, the document I was seeing is apparently from 2018. It only have 2 specializations out of the 4 and quite outdated info, probably because English is not the native language here or I just accessed an old version of it accidentally
I'll try to find an updated version in english and see if there is any noticeable change in the courses, maybe there are new stuff that are better or worse there

I couldn't find it in English sadly, seems like they only posted the updated one in my language, but it looks like some of the courses that were in the image I posted before are now mandatory courses unrelated to specialization, which I will learn very soon (for example algebraic structures, automata and computability and most of this type of courses)

The updated Cybersecurity has the next courses (might not be the accurate name since I'm translating):
Mandatory: Introduction to cryptography, Cryptographic protocols and communication security, Introduction to Secure Hardware Extended

Elective: Distributed computing, Safe computing, Safe hardware design practices, The basics of cryptography, Advanced topics in hardware security, Cryptographic proof systems

Not sure if it's better or worse, but from their names they do look a little bit less hardware focused?
Overall it looks like they just removed most mandatory courses from the specializations (not just cybersecurity) and put them as normal courses during year 2 of the degree, and added way more elective courses now, which I am required to do a total of 12 instead of 5 as well

You're welcome to ask anything that's on your mind, I'll gladly answer if I know or can point you in a better direction, I would prefer it if you ask here unless it's something sensitive, so other people can also see.

Hey all, is there any way I could do freelancing/part-time work in the cyber/IT space as a minor? I have the knowledge and practice, but not a high school diploma, which many of the positions require.

I've tried reaching out to some local companies through email, but to no avail.

If you're a minor, you can't sign a contract, which is an issue. Bringing in someone that young is also a business risk. Your best option is to get part time employment at the grocery, local stores retail, etc, and then start applying once you're 18.

Okay

Right, and that's an issue

A contract is supposed to be binding

Even if you could sign, the business risk would increase, and workplace insurance would likely go through the roof

Workplace as in business insurance

Where?

Arkansas

in the US

They're trying to introduce child labor?

am I able to post links here?

I mean I started legally working at 14, and all protections still apply in the case of Arkansas according to the news

have an article on it.

Yes, but people generally don't like to click on them

Okay. Essentially, it rolls back restrictions that were previously put in place to verify a child's age.

Yeah Massachusetts, where I grew up, you could start working at 14. The dumb part was that you had to get the schools permission

Hmm, I didn't see that part

Oh OK, you're putting multiple states actions together

Arkansas is only removing a state form

Iowa is meatpacking, Minnesota is construction, and NJ is expanding work hours

you live massachusetts ?

Not anymore

can I find a cyber security job at mass state easily?

does anyone know if i can land cyber security job as a ict supporter just by doing learning path and practice on tryhackme?

Hi

It will be harder to just use THM.

Definetly not impossible.

THM doesn't hold up much value on a CV tbh even though it's a great resource for learning and getting som "hands on". How do you prove you know what you say you know? THM doesn't do this, while a cert, blog, projects on GH or exp might at the very least indicate it.

Def belongs under like "hobbies" or extracurricular activities on a CV though.

Better off trying to research what the type of position you are looking for is asking for (this depends on location too) and networking with people who have been/are in that position

is this role is for fresher or for exp guy

coz it ofc look like for exp person but it is offered for fresher post

7-10 years of exp sounds not like a job for a fresh person

true

idk why they even ask for fresher for this job

Responsibilities of a experienced, pay of a fresher

so if someone got into this field on any post , will they go to work directly for main project or will company teach some stuff .

and if they teach some stuff for rookie , how long this teaching usually go

Depends on the company. I've seen companies having a shortage of skilled staff geographically and instead hired freshers with potential and trained them for up to 6 months before they touched anything (and kept training after that ) .

Anything with "Lead" in the title is a senior role, not for entry level.

@stoic cave Hey so when you said Certificates are nice but they're not experience, aren't the Certificates the only way to eventually land a job and gain experience?

Or what else is there to do?

By completing Security+ and PenTest+ I'm going to prove that I do have the knowledge

Big difference between certificate and certification. A certificate is something that's low value and can be acquired easily for either time or money; it's typically seen as a certicate of completion (such as a udemy course). A Certification is an accreditation that one has passed a proctered exam that has a more rigorous requirement to achieve. Sec+ for example is a certification; the THM Jr pentest path issues a certificate.
Does this difference make sense?

Oh I didn't know that thank you! Is it a good idea to complete both CompTIA Security+ and PenTest+ ? @flat sedge

If you are looking to get into a junior pentesting role then sure, it could also help show knowledge for other security based roles

specific ones like that and the cysa+ are for analyst specific

I'd take any job in Security to get started, but If I could choose, I'd choose Pentesting because It's fun to me

Yeah it can be fun but dont forget that a lot of people want to be pentesters, it is the most saturated role right now.

/sought after

Okay so at what point should I choose between an Analyst and Pentester? After I complete the Sec+ and PenTest+ Certs?

Honestly apply for both junior pentester roles, SOC roles, junior cyber engineer roles. I personally have had to apply to well over 500 companies for the temp role I am in now.

The basics such as having a good resume and networking go a long way in this field especially in the beginning

Wait so I can be good enough to get a job in both roles? I thought I'm gonna have to be an expert in only one of them

In the beginning you dont have to be an expert to get a junior role or analyst role. eventually if you want to become a senior or higher level in any of those you will need to specialize

"expert" in cyber is often over used as there are too many different fields you can get into in cyber.

so like you said earlier you enjoy pentesting then keep getting good at that

but i'd say in the beginning any experience is better than none

Wow that's amazing, I was afraid that I'm gonna choose one field and maybe regret it later

They are two very different positions and typically done at different points in your career.

Pentesting, typically, requires a decent amount of prior professional experience.

Yup, put it in better words than I could have

So Analyst first, pentester later?

Analyst is typically earlier in your career, though there are a wide variety of applications and some have very experienced people

Analyst is also super broad

Okay then I'll finish the Google Cert, THM learning paths, and then I'll start learning for Sec+

I would also recommend that you refrain from trying to define a linear path career wise

Life throws curveballs and you also don't want to miss an opportunity because it's "outside" of your "path"

Very true, thank you so much.

Gave +1 Rep to @stoic cave

Not as entry level. If you aren't in industry, sec+ is a decent enough cert. But pentest+ is about pentest management, and if you aren't already working I would not be particularly favorable of a candidate who had both of those certs without other qualifying factors.

Depends on the analyst. SOC analyst is entry level, compliance analyst usually is not.

Right

I need to work on my wording

Is getting a pentester role in the beginning of your career not possible at all ?

It's possible. But extremely unlikely. It can be more likely if you have a BS or equivalent, with coursework and projects emphasizing pentest ability and knowledge.

Understanding scope and risk is absolutely essential to pentesting and straying can open the company and even yourself to both criminal and civil liability.

Even experienced pentesters can end up in bad situations, google the Ohio courthouse physical pentest from a few years ago.

Yea that does makes sense

Will do

@flat sedge So becoming an Analyst should be my main focus now?

(To get my foot in the door)

I would suggest going for any entry level role; some orgs may require experience to be an analyst. Support desk is a very common first step if you aren't willing to get a degree.

Best of luck to you @warm hinge. I've personally struggled very hard over the last year to find my first gig. Primarily because I can't accept the pay cut to take a helpdesk role. Seriously, how are people working these jobs in this economy? lol

Thank you, I want to skip Helpdesk as well.

Gave +1 Rep to @pearl panther

Personally I think I would thrive in such a role, especially with the mentality of it being a stepping stone. There's a lot of learning potential there, and it's truly "hands on". But honestly, here in the PNW (Portland, Seattle) the going rate is something like $16-$18/hr. Maybe someone younger could do that, but I'm trying to make a career shift with kids and a lot of existing expenses. It's just totally unreasonable to me. And quite frustrating to say the least lol.

Yeah I completely get that

Sorry everyone I'll get off my soapbox XD

Is it possible to get into an entry level job without certifications?

Hi people! I'm going for the CRTP certification. Anyone have any good recommendations of rooms and machines that I should do? (Mostly AD based rooms)

Yes it is. I landed my first role (security analyst) with no certifications. I am however almost done with a CS degree, had a bunch of good projects and have gone through a few learning paths in THM. Most importantly I answered interview questions in good detail/accuracy and was personable so they could see liking to work with me.

A big key was that aside from school I was doing a lot of self-learning which helped me speak to a lot of things and showed ambition

your first job will be a company taking a chance on you. The more you prepare yourself the smaller the chance/risk becomes and the more likely you are to get hired

All of the AD networks

Names? Links will help me more but names will do good to 🙂

This entire module, Holo and Throwback

https://tryhackme.com/module/hacking-active-directory

The whole red teaming path would likely be useful really

is the ComptTia A+ worth?

I want to get a entry level job in IT while being in school

Useful for helpdesk entry level IMO
And for Datacenter Technician roles if you have any DC near you

I’m just tryna get out of fast food man

Yea I’m thinking help desk

If you already know some IT you can already apply, or at the very least look into roles and what they kind of want in an helpdesk employee even B4 A+ cert

Thank you bro

Gave +1 Rep to @vernal sleet

Really appreciate it

How much do i need to spend time on self-studying for an entry level job with no certifications?

Entry-level jobs are lenient with requirements, esp. with knowledge

A solid foundation on networking, Linux, Windows is good enough

Hello everyone! What are you learning paths or modules you suggest or recommend to start cyber security career? I want be red teamer , i have CCNA certifications, working for it over 6 years for now!

Comptia pentest learning path and red teamer path should be your go to

Hi guys, I am confused what to tackle next. Jr. pen-test path or SOC level 1? when I took the career test, I got incident responder. Is it time to choose red teaming or blue? or can I then specialize in both? I am also interested in hacking and exploiting web applications. Is that blue teaming or red? I kinda have the idea that if I chose blue, I would get hired faster. What do you guys think?

I don't like to defend organizations, I would love to break them when I get the chance. Does it mean that if choose red, no companies would hire me and I would work freelancing? I think I don't have a clear idea about the job stability of a red teamer

what? are you talking about doing illegal hacking?

I will say there are more blue team like jobs than there are red team like jobs and red teams may want you to have previous experience

You need to know how a defender thinks in order to pick holes in the defences as an attacker.

Also red-teamers aren't allowed to just "break stuff"

And like others have mentioned blue team roles are more common, it's not a bad idea to get blue team experience before moving into red teaming.

You can definitely specialize in both (and you need to either way have basic knowledge of both) , if you have time go for whatever is more fun for you

I would not look at it as how much time do I need. Look at it as “I am going to set aside X hours each day to learn” as others said knowing networking is the first priority. Do the pre-security and intro paths on THM. Try to actually learn the content (esp networking) as it will massively help you with all other material. Don’t pass the exercises just to pass”

I would not do illegal hacking:) I was trying to explain my mentality and the likes. I heard an HR recommending blue for entry level because of the job vacancies and requirements. I would love to beak stuff by permission though.

makes sense

is there such thing as part time when it come to IT entry level?

Because i want to do school still

That sounds like an internship

non paid?

That depends on the company that will be taking you in. Some internships are paid but some are also not

You should not be taking an unpaid internship

Unless it's through your school and is something like a work study. Typically those count as credits

@stoic cave yea i need something paid lol

?

Work in the field for a couple decades and keep up with the changing landscape.

How do you maintain the self-study discipline?

If you are in the US, do not take an unpaid internship. Even as an intern, you provide value to the company and deserve to be compensated.

Has anyone in here successfully started there own cyber security business?

I just do a little bit a day. THM helps because it keeps track of your streak and gives you badges. A little bit a day and you will be well beyond those who "just do it when they feel like"

Y'all I got a job thanks to all this omfg its overwhelming and crazy but I love y'all holy shit

wow congrats Kushi!

👏 well done

Yes wanna hear the craziest part?

tell us 😄

I got CTO second day

Small startup with a lot of capital and I have tons of work to do but it's real and it's happening I've been wanting this since I was like 12

lots of responsibility, keep calm and good luck

Yes Im learning that quickly but boss basically said I'm partner cus he likes me so much lol

So, really thanks tryhackme and I hope y'all find something like I did

Omg

Omg congrats!!! That is amazing!!

I'm just curious did you guys take the SOC Path or the Pentesting path? Anyone know which field is easier to land a job in. Ty

If you put in the same amount of work in both, there is nothing stopping.

Welcome to cyber.

Don't base your profession in which is easier to land a job in.

Choose something that interests you, and then go from there.

Thank you, I've just heard SOC Analyst is a lot easier to land a job in.

Gave +1 Rep to @broken idol

I took the SOC path and it helped a bunch getting my Security Analyst role. Soc has lower barrier to entry and a good place to cut your teeth. Use that to springboard yourself to where you want to go. It is possible to get entry level pentesting but there are just less red-team jobs than blue-team jobs generally speaking

Got it, thank you for the response!

Gave +1 Rep to @blazing wyvern

Sure thing. Also good to have projects on resume. And learn soft skills on how to answer questions. You will do fine as long as you know its a marathon and not a race. A little bit of studying each day will go a long way. GOOD LUCK YOULL DO AWESOME!

I honestly appreciate that a lot, Ty Ty

Gave +1 Rep to @blazing wyvern

Does anyone have a roadmap for becoming a mobile pentester? Or Advice on how they became one.

Hi guys i want to work with Pentest area do you guys have a recommended pathway to suggest for i follow and start to work as a junior or smth in that area? (pretend to do CEH in the future)

Who's PHP Server? Are you doing THM content?

Are you trying to change scores and marks for coursework?

what are the bare minimum requirements to get a Red Teaming job?

human with a pulse... some jobs may have more requirements than that

Role requirements are different for every organization. Red teaming is generally seen as a more senior role, and requires knowledge across multiple domains.

So, here's a funny story.

I saw a colleague giving an interview for the role of cyber security analyst. He faked his resume and funny enough, he was caught during the interview and got scolded by the interviewer for that. It was so bad that i had to leave the room because i was not able to control my laugh(me and few other friends).

He got the job by the way and has been working for past 2-3 months.

I have cleared 3 rounds of tests and 3 interview rounds. Got an email that i got the job. i was promised to get the offer letter by June back in March 😂.

Still no signs of offer letter but clear signs that i won't get one at all.

It hurts when someone who has no idea what service commonly runs on port 80 get's a job and you are sitting at home jobless sipping coffee.

How the hell did they let them go like that lol

Only god knows the answer to that 😂

Hi guys, I just want to introduce myself I am Quran King-Mcfadden I am trying to find a role in cybersecurity as. I have two certification under my belt I believe I have the skills and knowledge to get a role as an analyst but I've been having a difficult time with getting hired. Do you guys have any additional advice for me I'm open to any ideas. And also I want to increase my connection on LinkedIn here the link to my profile for those who want to connect with me https://www.linkedin.com/in/quran-king-mcfadden-78795a23b

how come your LinkedIn doesn't have your certifications? Do you have a resume that you can redact/share here?

I also sent you a LinkedIn request

I thought I had uploaded it on my profile but I will be making some changes once I get time I'm a bit busy ATM. But thank you for the request I really appreciate it. @pseudo creek

Gave +1 Rep to @pseudo creek

| When you personally know the recruiter|

Hey folks If I happen to launch a rotational program in cybersecurity, which teams will y’ll recommend? Thank you and appreciate all advices!!

Hello guys, I'm an ex maths teacher (37). Currently doing tj-null's list to obtain oscp in order to transform my career into pentester.
I know doing OSCP is not enough to get a job and people will have prejudice against my age. So what qualifications would stand me out? Or what do you suggest me to do till I pass oscp?

What country are you based in?

Turkiye but I'm willing to have a remote job.

Keep going with what you're doing, get some practice on the OffSec Proving Grounds, follow Youtubers who have successfully passed the OSCP in recent years.

Also, due to the nature of cybersecurity, it's usually very difficult/impossible to work from another country and most organisations will require you to spend some time inside their physical offices

Proving Grounds are the closest you can get to the real exam 🙂

Thank you @rugged delta and @fringe spade

Gave +1 Rep to @rugged delta

Join a Big Four company audit. Job will suck, you’ll overwork and chances are your manager will be an assh%le, but after two years you will be able to navigate the industry better and will find a job you want.

There is a problem with ageism though and I don’t have a good advice here.

I rented my other home out to a former math teacher who is now a program manager at Amazon.

not a bad way to go

Hello guys, I'm new here, trying to get prepared for SOC interviews, does somebody have a big list of interview questions to share with me please?

My goal is to land a SOC role as well in about a year when I graduate. What certs/exp have you done to prep yourself for the role if you don't mind sharing?

My advice is pretty straight forward. When you are in interviews, I would focus on how you think through a situation. Tooling and nuances with organizations come through experience.

As a hiring manager, I care a lot about folks that want to learn. The folks that have a drive to learn in their spare time and live in technology. Folks that are down to helping others, care about working as a team, and just want to learn things.

No certs but almost done with CS degree. Working on Sec+. Have good knowledge of networking and security. Be able to explain what you would do in situations. Be clear and detailed in your answers. Work on soft skills. Be someone who is always learning. I have few pathways completed on THM

hej! computer engineering vs IT, what should i go with for my basic diploma (am a total noob (high school junior w/o any computer background n all) n want broader exposure but lol idk much bout the fields except i find the content of the darknet diaries interesting) can smn please shed some light on dis?

hello guys, i am 17, from Lebanon, a country in ASIA, i do bug bounty hunting mainly, discovered bugs in apple, harvard, ranked #4 on IBM last year, have good list of achievments, did pentest web for a company contract based deals, i do have also knowledge in network pentest etc

Looking for any internship or opportunity
thank you, have a good day friends !

Hi guys, would love some feed back! i just got my A+ and am in school for cybersecurity, but i have no work experience in the IT field. should i apply to some random helpdesk job, and if not help desk, which job? or should i try and apply to a junior cybersecruity position?

You will not likely get a cyber job with A+ alone. You are going to need to supplement your learning with other things. Its fine to take a helpdesk job while you keep learning and then make the jump as soon as you are able

thank you!

Gave +1 Rep to @blazing wyvern

So I’ve been a Cyber Technical Writer for about 2 years now and was concerned what career progress there is besides it? Would it be smart to pivot towards Threat Intel or GRC more?

be careful with those girls!

Hey guys, I'm looking for some general advice, tips, and tricks in Cyber Security.

I don't have a degree, I finished CS50, I'm in the middle of the Google Cyber Security Professional Certificate, And at THM I completed Pre Security, Intro to Cyber Security, and I'm in the middle of Jr Penetration Tester.

Languages: Python, C, HTML,JS,CSS, SQL

I study around 4 hours a day, and up to 8 hours on weekends.

Do you guys have any advice like which area to master first, or what to focus on the most, and any tips in general?

im almost dead on the same position you are, everyone says that you will never "master" anything in tech because it changes so much but you can definitely specialize in the field you like.
For me i didnt like programming because ive never been very creative and I'm looking for something more freelance where i can work on my own projects with the time i wish to spend working. which lead me to bug bounty and thats what im focusing on learning. i havent looked at python code in weeks but im sure it will be handy in the future.

long story short, the answer to your question is within yourself, all you can get in advice from others is what the road looks like but nobody can actually show you what you will see.

Impressive! I basically watched a lot of TV at 17, not much else.

girls rarely ask me for my number, but it has happened in the past

I don't see networking in there, networking is a solid skill as well as general OS (Linux and Windows)

Are THM certs recognised by employers?

Unlikely, they're certificates of participation.

Putting time and energy into learning about cybersecurity should be recognized by employers 🙂 So i'd say it counts.

Certificates accumulated on your linkedin profile might demonstrate that you're completing courses but employers want to know if you really understood what you were learning. A certification from a recognised certification body makes a better impression. A college degree can help. I'd recommend reading one of the Tribe of Hackers books, or at least a portion of one. They're collections of interviews with industry pros who know what to look for in potential newcomers to the various roles

thank you !, remember age is just a number

Gave +1 Rep to @royal thorn

rn i am just looking for interns or something to develop

Need advice, Got offer but HR says

third-party verification service to authenticate employment history even after you have officially started the position
Seems rather invasive
Should I accept it or it is a redflag

Is this a position with the government?

No, fintech shartup

They should be the ones calling your previous employers going by your references and you should have references from your past employers and/or particular managers (some companies don't allow the managers to give personal references and they're managed through hr). I'm guessing the verification service needs authorisation from your previous employers and you personally to have access to your information. Sounds pretty dodgy. The only third party an employer occasionally needs to verify your background is through your local police, who would only tell them if you have any convictions

Gave them the reference and backcheck alreday done and soon have start date

They want to do it again later down the road when start working

That's a bit unusual but I suppose validation is a thing. Seems a little invasive. You should ask your new boss for all his previous work experience and a background check too

I may not accept this since look rather uncofortable with this