#cyber-and-careers

but then got a job as a tester

Anybody work on the Cybersecurity Awareness side?

I was going for a part-time SOC analyst role but after reading this i dont think its a good idea (cuz of work hours as i have uni classes)…..should I focus on writing YARA rules or any suggestions?

As a junior analyst, it's quite normal to work shift work, including nights, weekends and the holidays. Be persistent and you'll see you're learning quite a lot and broadening your skillset. I know people who have had opportunities in the companies they worked on SOC receive promotions to more senior roles there and elsewhere after a year or so

The holiday pay was always nice

Agree with this. It's super common for everyone to get a turn on the least popular shifts in a 24/7 SOC, but the junior associates often have it be a condition of hire that they work 3rd shift for the first 6 months before a shift rotation

Someone please tell me if im being stupid.

Just started as a SOC engineer about 3 weeks ago after being a sys admin for a year and a half. My end goal is to become a CISO and not even having to prove to myself that i can excel as a SOC, i have already started on thinking of some ways to learn GRC as a soc.

I said i saw myself becoming a senior when they asked me where i saw myself in 5 years. Currently have a 2 month temp contract and will get a permanent contract after the 2 months.

Doing a cyber sec bachelor atm and got 2 years more to go. Since i want to become a CISO, thinking of doing an MBA or just do a cyber sec course at a university?

When would you tell management your goal if it was you? and how would you try and achieve it? I know i suck at communication so already planning on joining toatmasters starting next month

I would definitely express your interest in being a lead and eventually going into management. MBAs aren't really great but there are cyber masters that are thought high of for getting into management. I would personally look at the SANS masters

when would you break it? after the 2 months or just asking your manager for a 1v1?

I wouldn't think MBA would be a common fit for a CISO

I would wait til you are permanent but also when they have a career discussion. You could see if any lead type items seem to appear. Usually a team is looking at running various projects and I would definitely try to insert yourself. Generally at my org, there are career discussions 2x/year but it would seem to be appropriate after you become permanent

I would recommend you spend time reading a book called CISO Compass by Todd Fitzgerald. It's not a position you're going to be rushing into. Most people who reach that level have many years experience in multiple roles in the cyber field, as well as management, are on a career track with people acting as mentors, understand the complexities of managing in an enterprise environment and hold many qualifications to demonstrate that
https://www.amazon.com/CISO-COMPASS-Navigating-Cybersecurity-Leadership/dp/0367486024

Don't spend money on a degree unless it's explicitly part of your career path, and even then, it should be the business that pays a vast majority of the progress. The idea being that they pay for it, and it makes you more valuable to the org.
The single biggest skill a CISO has to have is understanding security into a form that is palatable to the other parts of the org, be they technical or administrative.

Thanks mate

Gave +1 Rep to @rugged delta

and yes I wouldn't tell your management you want to be a CISO at this point, but leadership/management can lead to CISO and they could guide you towards that

better not to mention the CISO and say management? and once i get there i can say CISO in the next goal? Looks like a good company and if possible id like to stay there longer and not move because our goals dont allign

lol just answered me. Thanks

You won't be jumping from junior engineer to CISO of a company in less than 10-15, and more likely around 20 years

You are brand new to your career. Saying you want to eventually be CISO involves a LOT of stuff you don't know about that's about 7 pay grades higher than jr soc analyst. Make senior analyst or engineer and then consider if making the move to management is still what you want.

which is why I say focus on working up to being a lead then management

If you try to jump to management too early, it looks like you aren't interested in the technical parts. Most of the really good managers I've had have been pushed there and are still very technical

i love the technical part also but i wouldnt like to stay at technical forever

Also, most people acting as CISO in a large organisation would be aiming to hold the position for 1-2 years in an org they have many years in and maybe do a similar stint as CISO for 1-2 years in another org in the same line of business. It's a career capstone role in almost all cases, occasionally moving into another c-level role for another short stint

Well you have to really understand every aspect of the technical and business sides of a company before you can really make an impact. You'd need to be considered for an executive position and spend several years at that

one thing to remember about being management, as well: your job as a manager is to shield your team from bullshit and unrelated nonsense that would impeded their ability to get work done. The more senior you are, the more you are doing the shielding.

Even technical roles require one to sit in meetings to shield juniors from having to do that

I wish I had a shield

I've got 2-6 hours of meetings a day and then once a month 8+, typically 8 though, on top of all the technical work

It's gotten to the point where if cyber isn't on the topic list or isn't mentioned in the first 15 minutes, I'll just leave

I have no real experience when it comes to management positions in tech or security, but I just traded a position as COO at a company to jump many steps down to a Service delivery manager position in a cloud (VSP) company, with the goal of getting training and education and also time to finally start transitioning to cybersecurity.

But one thing i can share is, leading people and/or departments is rarely the same on the inside as it seems from the outside.. I will most likely never take the position to lead a larger team or department again, perhaps a small specialist team with like minded individuals, but in a leading position as CISO, especially if its a large company, you tend to move very far away from what made you fall in love with a field or type of job.
With that said, and what I guess I'm trying to say is, take your time, dont rush it, the best thing you can do is to learn as much as possible about as much as possible, maybe become a specialist, or a lead and in a couple of years maybe assistant lead or lead of a small team. Becoming a good leader takes a lot of time, and its a complete other set of skills then your profession. And only way for you to become a good leader, is to have a great leader supporting and guiding you.

Take your time, if you are early in your work life, don't focus on the end goal now, enjoy the journey and I'm sure you will get there at the end as long as you stick with it and keep yourself motivated.

Late addition to what people are writing about shield... its very true, the reason i left management is because i ended up hating my job and also not enjoying spending time with the people at work.

and yeah I worked minimum 12 hours per days, most often 16 some periods 18... and NO JOB is worth that.

Thanks for the advice. Going to copy it over and reread it once i start to get impatient again haha

Gave +1 Rep to @stoic cave

also, at C level - its all about money

I would not recommend leaving meetings as a junior. I'm in a pretty unique situation where, even though I'm only 3 years in, I've developed enough trust/rapport with senior leadership on the contract & Gov to pull that.

I've got Junior levels of experience, with a mid-level title, filling senior responsibilities lol

Got a pdf version for me please?

Invest in books 😄 good books are worth paying for

bought 3 just this week

then you can also be that young guy with an actual bookshelf..with books, gonna be a retro flex soon

Hey, that's copyright! We don't do that here

sorryy

lol

noted the book down

i also think Jerome has a very good point - someone has spent their time on that and that is their career ^^

Thanks everyone for all the advice and tips

We talk frequently about the books we've found useful in the #bookclub channel

def gonna start to become frequent here

for the first time since i join thm for a year

got 11 days streak lol

You should verify your account.

!docs verify

thanks mate

all setup

Excellent! Keep up the good work

Hello everyone i have one question . In the future If AI can replace penetration testing job or not 🤔

That's a very complicated quetion that hasn't been fully answered yet. There's lots of discussions going on about it on the web. You should use your favourite search engine

There are certainly tools in development and techniques that help perform a lot of tasks better but we still need humans to direct and interpret how things are conducted

probably yes

but it will not be fully autonomous in our lifetime so don’t worry about losing your job to it

Hackers will always be looking for new ways into systems and AI is already being applied in defensive tasks to some extent too, in order to assist blue teams

Question--
I have 2 years of Tier I/II experience working it helpdesk for a college and I'm working through Tryhackme rn; what certs, knowledge, projects, and experience (in addition to the completion of those courses) should I need/want to have, to break into a position as a junior security analyst?

I'm trying to get a job in Cybersec (ideally remote for a bit for while I'm finishing college) and I've heard different things from different people.

Everyone's experience will be different, you absolutely have a shot at getting the job you want, but it'll also depend on your location, network, socialization etc.
Just start applying to ones you feel are close to a good fit, and keep at it.

Oh sorry you asked what certs lol. I thought you said with certs

Start with Sec+ and a cloud cert like AWS certified practitioner or Azure Administrator - that's usually the advice I give to people starting out

Looking at starting a course in cyber sec CERTIV, any tips? Is it worth it? (Pref if your in Australia)

hello guys.I have completed 35 % of breaching active directory in tryhackme but now i can't join this room for complete all tasks, although i click 'join room' . who can help me?

#site-support

Cool, thanks!

Is Eccouncil's CCT cert worth getting?

Any cert is worth it's gold if you're willing to learn. It's an entry level cert and EC-Council is offer a scholarship for it.

Well, I won the scholarship, so I can get it if I put the time in

Given the problematic history of EC Council, I would not recommend taking any EC Council certs unless it's absolutely required by your org or to get past the HIR filter.

Would you educate me? Idk ab eccouncil's problems.

It's easy to look up

👍

Basically IP theft, really outdated and irrelevant material, entire excuse for bad behavior "oh sorry we had an intern do it"

Lmao

Gotcha
I'll stick to comptia

+1 for not really taking EC council seriously.
I've screened/interviewed a fair amount of people for security engineer roles and those certs are not usually taken super seriously, even by HR people. I'll also say, sometimes a person with a dozen certs and no firsthand work experience can be a bit of a red flag. I don't think it's fair, but there are definitely some people with a bad perception of people with a ton of certs but no experience

That said, if you think you can learn from it, there's nothing stopping you from taking the course/cert. You don't have to list it on your CV if you don't want to

should i put my experience in non-related field on my resume? in a way the skills are sort of related to the other position and I want to show that I'm not so green. Also what if my resume is over 1 page. Is that a deal breaker? (i know 1 pages is usually desired). TIA

Anyone wanna start comptia sec + certification preparation??

Or targetting to crack the cert … i am looking for compnay lets do it manh 🤌

Crack the cert?

I did this when I was starting out in security, and it seemed to work. I definitely see multi page resumes a lot, but I'd try to keep it to one page until you have a lot of relevant work to list

I’m trying to go through that it just now

Okay best aff luch i am also tryna figure out and start but i got some serious stuffs learning sec+

I'd recommend Professor Messer's free Sec+ stuff

Thnx

Yeah thats primary source….

hello guys 🙂

could you give me some advice with certifications?

I was thinking about this cert path, I already have CCNA, now moving to cybersecurity, I have some good knowledge on cybersec fundamentals and a little about pentest
Security+ ---> CySA+ ---> PNPT ---> OSCP

Yes that will give you a broad understanding of both attack and defence sides of cyber. CySA+ is worth it if you're going into a blue team/SOC position. PNPT is good for practical exploration of AD and OSCP and Sec+ are two of the most in-demand certs in cyber. You might find it more valuable to use the PNPT training material in prep for working in pentesting and for OSCP but OSCP itself is still widely considered the premium cert for junior pentesters

hmmmm I see I see, my intention job role is actually red teaming, so should I skip CySA+ and do other cert instead, or just "ignore" CySA+ and study more for PNPT and than OSCP?

CySA is valuable information, certainly read about it if you have the book. PNPT is a reasonably good preparation for OSCP but OSCP's training is quite thorough as well. It's up to you to determine which approach is best but I believe you would find PNPT valuable, since the trainer is quite good at explaining the concepts and skills you'll need to use in your journey. OSCP is quite a pricey cert on top of that, but you appear to be planning on spending the money anyway

Get sec+ first

You have CCNA, don't you?

Yes sir

Hmm I think I'm going for CySA, about OSCP Im planning to take It after PNPT If I find a good job with good salary 😅😅

PNPT is good but check if this is an in-demand certification in your local area

If you want a learning certification focused on red teaming, CRTO is way better IMO

I'd recommend doing a straight up pentesting cert before jumping into red teaming to have a good grounding

Anyone know of some good conferences or conventions for cyber sec in Australia?

Have a look into BSides, they do conferences in Sydney, Melbourne, Canberra and Perth 👍

God send thank you!

Gave +1 Rep to @elfin rune

When people say about the sec+ cert, is that CompTIA Security+? Just to make sure it's the same

yeah

similar to above, what are some good conferences or conventions in the UK? ideally with affordable ticket prices lol

Hey everyone, is here anyone to guide me...

My questions are pretty simple tbh,
Can a simple guy with simple personality become a hacker? (Pentester, cyber security threat analyst etc)

hello, should i focus on web exploitation or all around first?
because in my company we hire 3rd party pentest and most of it is websites, and i can try to learn how to exploit by reading at the report page. but currently i have 0 knowledge on web exploit or mobile exploit.
Thank you

as long as you can communicate effectively with people in order to work collaberatively personality shouldn't be an issue

Define simple

average

okay define average

similar to majority of guys

i'd think ur personality shouldn't matter, as long as you're curious and passionate about learning 🙂

Everybody's different and unique in their own way, and anybody can do it if they put the time and effort into it

I'm a (un)educated fool with cybersecurity on my mind but still no clue.. (bad coolio ref if it wasn't clear xD)

Well, I am daydreaming a bit here but I have a goal or hoping that I could transition over to cybersecurity at some point, my current position is similar to a service delivery role at a cloud company in EU.
However, I recently realized that where I'm at right now wont support that goal, while I'm not chocked I still feel a bit more uncertain what steps to take to be able to make the jump.

Would be awesome to at some point become a cybersecurity engineer, and not sure if that title really tells what I'm interested in but i guess this description is someone towards what I'm thinking:
"A cyber security engineer designs and implements secure network solutions designed to defend against hackers, cyberattacks, and other persistent threats. They also engage in continually testing and monitoring these systems, making sure that all the system’s defenses are up to date and working correctly."

Now to my actual question..

I am fresh but I'm looking for suggestions on valuable projects to self-host/add to my portfolio while i learn. So far I've set up:

• Vaultwarde
• VPN (tailscale - going to do headscale in near future)
• Vlan (segmentation)
• One website (for my portfolio - not live yet) + a wiki to go hand-in-hand with website, explaining my process and steps to set up the solutions.
• Auth (Authelia) with - 2FA, physical key (Yubikey), SSO
• Security Onion (standalone deployed) and very basic setup/scanning atm.
• Homepage (home lab dashboard)
  *Additions
• Pi dns
• Pihole
• Pialert*

some other random stuff.. but yeah - looking for tips and suggestions to more relevant project to be able to show in the future when I'm ready to start looking at making the transition..

addition: two node proxmox atm - waiting to afford thrid to be able to set up proper cluster with ceph.

that's a lot more than what your average person has done, so you're already ahead in that regard

however your description of a "cyber security engineer" is very broad, and encapsulates many different job roles

creating a ctf worked wonders for me when i first applied for jobs, so you could try developing an intentionally vulnerable machine

Yes I know! I'm struggling to actually find a title that is more descriptive towards what I would like to do 😄 but tricky

which part of that description interests you most?

• designs and implements secure network solutions designed to defend against hackers, cyberattacks, and other persistent threats
• engage in continually testing and monitoring these systems
• making sure that all the system’s defenses are up to date and working correctly

And I'm fresh on this journey or, well I've had this interest for long, but just started going b***s to the walls 2-3 months ago

this is just copied from a website, i tried to find something that was short n sweet but as I read it now for a second and third time, i kinda see it's not specific enough

ah i see

Well to give some more context, I don't wanna red or blue team, I don't wanna sit in a SOC/NOC (I'm talking end-goal) - I would like to a part a team that yeah "designs" (architect style perhaps) and then implement, evaluate and to an extent monitor and develop the security systems and solutions put in place.. Not sure if is "one role" or if it is still to wide..

I just know that I will never have the interest or passion needed to become a red team member.. while I'm very confident in that I would do pretty well with social engineering side of things.. But I think where i would fit in the most is in a position where i can be a part of choosing and implementing security solutions and tools.

you might have that responsibility in a startup, but any bigger company they will be 2 or 3 separate roles

alright, so i need to focus in even more - no interest in working for a start-up again, been there done that 😄

I thought most ppl set up tons of stuff 😄 I feel barley done anything - imposter syndrome is strong here :

nah, the majority of people in this server haven't - it's just that the more active people are proper enthusiasts so they all have done that - which is why it seems that everyone does all this crazy stuff

Security engineering is a very worthwhile pursuit. It is similar in a way to systems engineering/IT and you coordinate with a lot of IT/networks/cloud engineers in the doing of your work. I was a senior cybersecurity engineer previously and I learned a lot about the various ways we can secure and protect infrastructure from the policies, procedures, standards and regulatory/auditory obligations to how that translates into selecting, proposing and implementing the appropriate technologies and their configurations for a particular goal. I was part of a team responsible for a number of security mechanisms across a large, globally distributed organisation with regulations and expectations tailored to the specifics of each of those objectives.

Start with the basics. Get comfortable building Linux, Windows and network systems and applications, learn how to harden these systems. Set up proxies and firewalls and authentication systems. Learn about Active Directory and LDAP. Learn how to set up a SAMBA server (this is a Linux file sharing server running a windows file sharing service that can also now act as an Active Directory server in a Windows network), set up DNS servers on Windows and Linux, set up and secure a web service on wordpress, play around with lots of technologies. Get a free AWS account and learn how to configure IAM (Identity and Access Manager) correctly. There's loads of notes and videos and books on all those things around the place.

Imposter syndrome is a real and valid feeling but it'll get easier the more time you spend working with these systems. You don't need to memorise everything, just make and know where your notes are and the resources you use for learning

awesome thanks for all the suggestions!

Gave +1 Rep to @rugged delta

You learn by playing around, breaking things, making mistakes and fixing them. Just go out and have fun. Nobody expects you to know everything on your first day, just make sure you know and show how to learn

alright, well i hang around a lot of home-lab /self hosting servers also 😄 so if i don't run a docker swarm or some k3 cluster/gardener stuff that is making my CPU self ignite every evening I feel behind 😄

probably had a week of network downtime this summer ^^due to breaking thing but yeah thanks for the encouragement!

You'll do fine. You seem to be on the right path. Take your time and enjoy it

I'll try to figure out my next side projects from the suggestions above, I need some project to do on the side while i read and do the exercises in the 3 OTW books I have on the desk, 2/3 of Linux basics done

Just feel the need for a project to do in breaks when the books feels boring 🙂 Just need the dopamine kicks from things like when i finally managed to get Authelia to work with 2fa on a physical key especially together with Vaultwarden.. Mattermost was also a struggle for some reason but the bigger the struggle is the better the feeling when you finally get it working 😄

well only issue with time is I'm not 20 😄 and i have a kid so need to put food on the table so full time job while learning - just need to be skilled enough when I make the transition so I don't have to take to much of a step down in salary, probably the biggest concern atm moving into sec - I could already take a SOC position at a place, or I think so since they more or less offered it to me before, but 100% on site with 30% less salary then current job, hard to explain that to the boss at home 😄

Take breaks, do THM rooms. Give walkthroughs a go but also try your hand at the challenges. Ethical hacking is the funnest video game in the world imho.

unfortunately you're likely to need to take a dip in salary

but after a year of proven experience you can easily surpass what you're currently on

providing you're any good

Yeah I know a SOC position might pay less entering into it from an established role but the paths it opens up can be a gateway to bigger things. Getting to know people in the industry through places like this discord and going to events like conferences/ctfs and such can open up doors for you too. Meeting people at these things can help you see what's out there, where you want to be and what you need to do to get there

I'm fine with taking a dip, just not 30% - It is less about being fine or pride, more that we as a family couldn't afford it. But I know and will be happy to scarifies in the short term for the long term

True, just with a pay cut on top of the 100% on-site.. not very attractive for me. Currently earning 2,5k euro more a month compared to the SOC role I mentioned and I work 100% remote - hell I'm working atm 😄

Well SOC work is mostly onsite because it's not really practical to give every SOC worker a whole bank of screens for all the apps you might need to see on a regular or consistent basis. I worked a NOC in a data centre for a number of years and I had 6 screens showing 9 apps most of the time. It's just the nature of that work and for most people in the field the SOC is a jumping point to a more satisfying role

Yeah I completely understand that, I guess me struggling with it is due to that I am very comfortable with everything except my actual tasks a work atm. It's not like I hate them either, it's just not very challenging. This kinda sounds bad when I'm reading it before sending it - I have a to comfortable situation .. poor me

😄

guess the issue is, how i get to a position to skip the SOC step ^^ Bu yeah just have to keep grinding a couple of years ^^

YeahI've been there. You can occasionally go right into the position you want if you can demonstrate that you have the right skills. Take a look at the success stories from the blog. Check out the Tribe of Hackers books too. They're usually pretty cheap. The author and one of his associates features in all the books are guests on episode 83 of Darknet Diaries podcast. Definitely something worth tuning into to see what goes on in the wilderness
https://tryhackme.com/r/resources/success-story
https://darknetdiaries.com/episode/83/

i was completely remote during my short tenure as a soc analyst

I've done soc type work but was definitely never a soc analyst in the traditional sense. I did infrastructure engineering for a managed service provider before moving into a fully cybersecurity engineering role

I'm currently on Incident Response, but I still do a lot of the engineering work for our SIEM, our whole IR team is fully remote, and we handle all alerting and threat hunting

really, so there might be a way.. just the salary then ^^

awesome, I'll check it out thanks

Gave +1 Rep to @rugged delta

That could be a interesting type of starting position...

I do a lot of incident reporting and stuff atm - not actual technical response stuff, more the writing of the incident report and then later going over it together with minor incidents and service requests from customers in monthly operational meetings and stuff

I think that's valuable, in my case I think I landed my role because I was able to point to past experience even though I didn't have the proper title to match. Writing a cover letter helped too

Well I've worked in different positions (mostly sales and service delivery roles - so not much tech in role description but some in real life)

Sophos - Sales
IAM consultant company so like OKTA was one of the brands we worked with.. sales enablement (in charge of setting up crm and stuff)
Currrently I am at a EU Cloud provider SDM

Had management positions and stuff before but not for me 😄

Well, just have to keep grinding, to be able to show projects and skills.. and with that set, I need to do some actual work and then continue with my books, aiming to get done with OTW linux book by tomorrow and then start with the network one

is it remotely possible to land an entry level penetration testing job? (like a junior penetration tester, if not, what role would you guys recommend me getting into to start that pen test journey)
I’m currently attending a bootcamp and im extremely interested in the offensive side of cybersecurity.
I’m a few months away from completing it and im looking into possibly acquiring either the comptia Pentest+ or the eJPT.

or even both

Damn just spoke to a company about a SOC position - and yeah i can probably get it now or if i read up on a few things in worst case, nothing major I think.. But the work schedule and salary, hard to justify it 😄 I'm gonna have to skip that step ^^

It is absolutely possible to land a junior penetration testing role but you will need to demonstrate other experience. Having knowledge of Windows, Linux, their command lines, bash/powershell/Python scripting, Active Directory, networking and the tools involved is a definite boost. The Pentest+ and eJPT are really an introduction for you to the field but you will likely need further knowledge such as completing the OffSec OSCP, as it is the most widely recognised junior pentesting certification.

This still doesn't guarantee you a job but you should be able to show your enthusiasm for pentesting and cybersec in general. You should thoroughly understand the content of the Security+ (follow the Professor Messer free course and consider doing the exam) and you should have experience doing pentesting THM or another platform against a range of targets. You might consider another cert similar to OSCP if you can't afford it at present. I'm not aware of a bootcamp that can possibly get you up to the standard expected of a pentester in a short period. Some examples of certs you might pursue for knowledge include the TCM PNPT, HTB CPTS, Zero-Point CRTO 1 & 2.

You should certainly check out the OSCP course syllabus and prep book to see what you're in for and search for YouTube videos about other peoples' journeys through that cert path. https://www.offsec.com/courses/pen-200/

You'll learn quite a lot of the knowledge you need following THM's outlined rooms and learning paths

Well it's entirely up to you. I know it's hard to lower your standard of living, especially when there's people relying on you and the hours aren't exactly sociable

yeah, salary is like what I remembered 30% less then what I earn now.. but the hours was the worst thing - the money I could even out with a side job for a year or so but yeah hours makes it impossible.

Focus on the job you want and refine the skills you need for it

still encouraging that from explaining my home lab over the phone to the hire manager is also mentioned L2 and other positions but yeah.. keep hammering them skills

a

b

I work in a SOC and was able to negotiate a daytime only contract, but took a 35% paycut for it

im trying to find a cyber job in which i dont have to take a paycut from a systems engineer job, its def challenging

Alright, thing is it’s already a 30% pay cut before any negotiations about not working shifts

There are a lot of people on my team who transferred from roles not directly dealing with security, I'd see if that's something your company has available if you're trying to avoid a pay cut

yea im hoping the sept surge is favorable. thing is, im doing some security already but its just a gamble of losing the cush role

Well if your duties involve security, even if it's not your title, you should be able to leverage that to help you get a better starting pay rate at another place, with a security title

Who has an internship for soc analyst.... I'm from Nigeria

Someone who always followed the rules he was known to

anyone around? Need to get something off my chest. Just started as a SOC-engineer at an MSP for 1 month now. Not really feeling the tasks and the company and already thinking of looking around again. was really hoping to stay here a bit longer for my next career jump to be big.

I also really struggled before getting this gig and they also knew i had no working experience but still took me in. I really appreciate that but just not feeling it yet. Thinking maybe its too early to judge

Don't make a move until you've spent at least 1 year in that role, unless they shift you internally.

It's not a good look to leave any job within a year, and requires explaining. "I wasn't feeling it" isn't going to be accepted by recruiters. You'll get a reputation as being unreliable.

was hoping to stay 2 years. By the time i would have gotten my bachelors

ok will have to setup a new strategy.

Is it ok to contact a few hiring managers to ask about the requirements for the next role i really want?

so i can preapre for that during the year?

how long have you been in this SOC role?

1 month now

You don't even know how to do that job yet, it's very very pre-emptive to start shopping for your promotion.

I would bet you haven't even completed the onboarding for the company, let alone finished all the internal training

done that. Currently doing IDS/IPS and a bit of vul management

Hey all,

im a frontend-dev who want to branch out to info-sec/cyber-sec, i was advised to get ethical hacker cert as a first step. Is this valid advice and also if so, where should i look to get this cert/course ?
ty for your time fine people

Offsec and comptia are common certification companies with some vast offerings in the area. There are others too, but offsec is very respected in the field

For offensive work OSCP (PEN-200) is a nice first cert to have. For more defensive stuff I dont know much about, but there are certs for specific fields.

And, as far as which cert to get, try to get it in the field u want to be in / are interested in. Infosec is vast. No need to get an offensive cert if you are doing DevSecOps, or in detection imo.

But as far as emplyability, it is a valid approach but it will vary depending on your location. Certs can help u get thru the HR filter, but the "know how" will get you the job (at technical interview).

Im doin a bachelors now too & lookin to find work….what helped u land a job ? Did u have certs or ?

Also did u find work thru linkedin ?

Good morning, I would like to know the best way to start my cybersecurity journey, any tips on the right pathway, or rather pathway that has been tried and tested would be greatly appreciated. What are the fundamentals, I need to focus on to build on throughout the career path?

Hi everyone
Good afternoon

I'm new here and I'm just starting to learn cyber security . Please anyone take me through the basics 🙏

Also new, but what I can say is, no one can just take you through the basics - sign up and run the paths on THM and i highly recommend OTWs books for linux and networking. Other then that depending on your general IT skills/knowledge set up a home lab - did a lot for me.

Thanks alot, looking forward to that 👍

thm has good learning pathways

choose whatever one's best for u

Hello, I am learning to write a personal statement for an offsec position and I need some opinions

I am determined and motivated to fill in gaps in my knowledge as to use a strong knowledge base as a tool to find and secure vulnerabilities. I strive to effectively communicate risk so as to better protect the company and its users.

Too many cliché words like determined and motivated. Everyone else will use those words so you won't stand out.

Instead tell me what you've done and what your goal is. If it's pentesting that's fine.

@tender mountain I would also look at phoning them if you have their number instead of writing. Prove you have good communication skills on the spot

Thank you for the feedback, I'll try to improve it

Gave +1 Rep to @raw current

This just a personal statement for my portfolio that I'm planning to build, like a goal of sorts, but I'll keep that in mind, sounds valuable

I passed my security plus yesterday and I work as a help desk analyst going on 4 months.Do you think it would hard for my to get cybersecurity job or Soc position

eJPT its a good start point to pentest career

?

It’s a good start, but might not land you a job

I intend to complete the Jr path and the offensive and red team, and then get a certificate (maybe it will change the path I will take) but this is the essence and I want to get a job as soon as possible, do you think this is a good path?

Do you have any other experience in IT/Cyber? eJPT is not known to be a cert that can easily land you a position, but will definitely help your resume

No, i'm starting from scratch

It's a career change, but nothing related to cyber/IT related field

From my talks with hiring manager in SOC they didn't have to much req to get in, just start applying i would say but continue learning

Hmm I know people that got a job with eJPT, but it’s not guaranteed. There’s a lot of stuff that an employer like that (GitHub projects, a blog, ctf experience) other than certs, but something like eJPT wil definitely help 🙂

I'll try make some free things like report bugs and relate them (with the owner conception) and CTF and that all stuff maybe some tools using the python path in thm too but just when I finish all the JR pathway think it will be a good start

BTW if I find a possible SQLi in a website what should I do, like I just identify the thing didn't make any thing with that.

@fringe spade thx BTW helped a lot will take some notes to plan

Gave +1 Rep to @fringe spade

thanks for the amazing response! will be taking the pnpt into consideration. i also dmed you for a little bit more information if you dont mind

Gave +1 Rep to @rugged delta

https://www.udemy.com/course/the-complete-ethical-hacking-course/ is this course good ?

are there techniques to make developers not have a grudge against you at work as security engineer / tester

I don't think anyone has a grudge against me at work but I would have one if I were them xD

no

developers will always be mad at everyone

I think it’s more like everyone is mad at security people

we’re just annoying 😄

password policies, phishing campaigns, security trainings 💀

hey guys, I'm getting a free EC council CCT voucher from my organization. I have no idea about it since its a new certification. I have CEH already and a very good knowledge about everything except SOC (🥴)

can someone tell more abt cct

Be polite and point to written policy when telling them no. Get management involved if they refuse or don't listen

compliance is worse

(you know who you are)

Hello everyone, I have almost 2 years of experience as an IT service analyst, I recently recently moved countries. I'm now looking to transition into information security, particularly as a SOC analyst or a Security consultant.I have a bachelors in Computer science and a Masters in Cybersecurity and Digital forensics. I've just passed my Security+ certification and l'm eager to get more. Could anyone suggest additional certifications, something more technical that would make me fit into a SOC or a consulting firm. Also doing this to enhance my job search. Your insights would be highly appreciated.
Thank you!

What's your budget, or will your work sponsor education?

Currently employed … Something not too expensive

Unemployed *

Okay cuz I was gonna say for Blue Team stuff SANS is some of the best education out there, but the price is astronomical

Splunk is pretty ubiquitous and their certs are cheap for basic SOC stiff

CompTIA Cysa+ is also one that's good

SANS is too expensive 😂

It definitely is if an employer isn't paying for it

What do you think about CompTIA pentest+ ?

I have that one. No one has ever asked me about it or asked for it lol

it's not widely recognized as a 'real' pentest cert, it's more about pentest management than the tech side of it

I just got it to keep my sec+ and net+ current

It's basically a multiple choice test about Nmap with some other questions thrown in

What cert covers the technical part of pentest ?

OSCP

there are a few

OSCP is also way more expensive than it was

if it's not on your career path and you can't get your employer to pay for it, don't spend your own money on a cert that expensive

~$500 is the total amount i'm willing to spend out of my own money for a cert that i can justify to work - and if they don't want to pay for it, they can't list it as a qualification during an audit

CRTO is well worth the money for the amount of information and education you get!

CRTO isn't as recognized - but again, unless you have a lot of disposable income you are better off not spending that much money on any cert, especially early in your career

True, still worth the pricetag tbh not to expensive

Right, but it's still not a thing anyone ought to pay for themself if they intend to use it for work

Business value add, that's the only 'real' driver for certs

you can learn all the material without getting the cert through other sources, and i recommend that first.

Nah … defo not spending that much on a cert when I’m unemployed

I’m thinking of doing something covering the defensive side, but very technical
Something that can increase my technicality as a SOC analyst or incident responder, or will get me a Job as a Junior consultant - Forensics and Litigation with FTI 😃

start a homelab and try to set it up as close to enterprise as you can

In my opinion home lab stuff will go a long way in helping you answer technical questions in an interview, but you often need the certs to even get the interview in the first place. That was just my experience

just having the cert will never get you job though - it gets you through the HR barrier, but if someone has really difficult certs without having any experience to contextualize the cert that's big red flag to a lot of recruiters and hiring managers

could you elaborate on that please? how would someone without experience in the given field trying to break into it who put a lot of hard work into educating themselves and getting some certs be a red flag?

certs are part of a professional development path - experience is needed to put what the cert verifies into practice. And in the example of pentesting, OSCP is considered entry level to pentesting, but pentesting is not entry level to security.

It's very common to start out in help desk and move into network or sys admin, then security. SOC Analysts positions can be true entry level as well, but most orgs prefer candidates who have a networking background.

Having a lot of certs or having "higher" certs without experience is a red flag because there may be fundamantal misunderstandings of how enterprise IT operates or ought to operate and those knowledge gaps automatically disqualify candidates. There is also a perception of "cert chasing" which can indicate a candidate isn't interested in doing actual work.

Thank you for elaborating, does that mean that things like say home labs, completed networks, github projects, blogs, etc. don't do much to help back up those certs?

Home labs will give you some hands on experience to actually be able to sound like you know what you're talking about in an interview, and shows you've got a real interest in the subject. It's not a match for real experience but it's something.

because it seems that it's like you said, that you need the certs to get the interview in the first place

My take is: a couple of entry level certs will help get you in the door for an interview for an entry level role like a SOC analyst, but too many is definitely a red flag. A dozen certs and 0 experience looks kind of bad. It's pretty rare to get into a red team type role at entry level and usually involves knowing the right people. Which taking an entry level role can also help make those connections

Practicing home labs will help you to interview, and likely excel once you get the role. If you show you know your stuff you can get promoted more quickly

it does make sense, it's just that switching fields later in life and starting essentially from zero tends to involve taking a pay cut, may ultimately not be doable

Yes that's always tough

What is it you do currently?

been a translator for a bit over half a decade, have my own company

Oh that's cool, what languages?

hi guys im a noob and im going to try to get a career in this field, hopefully all goes well lol

they're kind of niche and would reveal exactly where I'm from 😁 but English and German are two of my working languages

That's cool, I've always loved language. There's a lot of tie in with linguistics and early computer science as well

yeah, some skills you develop are definitely transferable when learning computer science and programming

They don't back up the certs per se, but it's an added thing you can talk about during the interview. Homelabs don't really count as work experience, but they can demonstrate interest and possibly competency

This is false. If you are interviewing for jobs that require certs, you probably aren't experience enough for what the job entails.

Help desk and support desk is a good place to start if you aren't able to get a BS or vocational degree

In my area most entry level jobs still ask for certs

For actual entry level? We're talking tier1 help desk and support? The absolute minimum entry to IT?

Yes, that and/or SOC analyst

At the very least will net you a few extra bucks an hour

I think one of the problems without job experience could be having no experience with necessary IT(security)processes and working with these. IT in a corporate environment can be very complex and is different than having a home lab. IT service desk at the beginning of your career can help a lot, but this is only my experience.

i want to become a real "phantom", which VPN service should i use ?

What does that mean?

You won't be able to and doing so is on the extreme end of paranoia. If you wanted to be a "real phantom" you wouldn't be on discord

i mean a good enough VPN that most of people can find my real IP

Most people won't be able to find your real IP with most VPNs, they'll be able to tell you're using a VPN though

oh yeah that is really stupid question of me

"Most people" won't be able to find your IP anyway. And if your uplink is locked down (almost all of them are by default on the WAN side) that's not an issue

Hey guys 🙂

I'm a beginner and I would appreciate any tips and advice.

I'm planning to get CompTIA Certifications, probably in this order:

ITF+
A+
Network+
Security+

And I was wondering if I should finish all learning paths on THM first and then start studying for CompTIA, or do both at the same time?

I'm spending around 8 hours a day on THM, Monday to Friday.

What I have already finished:

Harvard's CS50
Google Cyber Security Certificate
Pre Security
Introduction to Cyber Security
Jr. Penetration Tester
Web Fundamentals

If anyone has some favorite YouTube playlists, Udemy recommendations, etc., please let me know! ❤️

I got 2 of my CompTia certifications before the THM ones. I felt like THM gave me a deeper understanding of what I learned on my own.

I used Professor Messers YouTube Playlist and Reddit to find study guides

John Hammond is fantastic,The Cyber Mentor is good,IppSec is god,love watching him,john Hammond does a lot of tryhackme rooms,and other fantastic stuff. has for Certifications am in the process of doing my Pentest+

which CompTIA certifications did you get if you don't mind me asking?

A+ first then Security+ last year

oh nice,i think i am going for networking+ after the pentest+,was it really hard to do the A+ first then Security+???

It was about as difficult as a college class. Lots of information about a broad range of topics but thankfully i allowed myself a couple of months of study before taking the exam while I worked.

~2 months for the A+
~4 months for Sec+

I also took an incredible amount of notes and made my own flashcards for port numbers, acronyms, offensive and defensive terminology, hardware types and uses, etc

Differences between similar topics helped me like IOT vs SCADA systems which is what I learned for Sec+ but A+ is a strong foundation for the basic IT stuff and I even got the newest test that started quizzing cloud infrastructure types (DaaS, IaaS, etc)

I think you'd have an easier time doing Net+ before Pentest+

I concur, it helps to have the holy trinity (A+ > Net+ > Sec+) before taking the pen test but its not required. You can take whatever test you like

Thanks guys!

I just read that the ITF+ doesn't hold any value when job searching, so I think I'm going to study the material but skip the Exam to save some money 🙂

I actually didn't know it existed until you asked XD

Lol yeah I'm skipping it

Fwiw I skipped A+ and just started with Net+ and Sec+. I got Pentest+ to renew my other two since they needed to be renewed, but I've had it for 2.5 years now and don't feel like it's really helped me at all. I'm fully blue team though, and haven't really tried to make the switch to red

I'll get the Trifecta just to have that knowledge; my goal isn't only to get a job but to be a professional 🙂 (for the first time in my life) 😂

Experience is what will make a professional out of you

AWS solution cert is good for getting job ?
Because I'm planning for it but idk about the job market 😔

I think so. I haven't job hunted since getting mine, but the Azure one has helped a ton

Azure ?

AWS is widely used, that's why I'm thinking about it 🙁

Azure is also very widely used. Luckily a lot of the fundamentals transfer between the two platforms. I've used both heavily, and now GCP as well

GCP also available,

Going to take AWS then , let's see what will happen

Good plan imo

I’m starting off with the sec+ see if that can help me

eJPT or Sec+ for red team focus?

eJPT is penetration testing which is basically red team

Sec+ is security in overall

I pretend to do eJPT as my first cert maybe to find a first chance at cybersec world and probably will consume lot of content that thm has

Even jr path red team comptia maybe after all those I'll pay the course and voucher to eJPT

Obviously I'll do some github,ctf koth things in middle of this journey but that's the basic

eJPT isn’t that hard so definitely could be done as a first cert

It does not always have the best hiring value tho

I know lot ppl told me that but I think it's the "cheapest" way to try something on LinkedIn or stuff

It's not like OSCP I guess it's 1599$

Yeah the price difference is huge but OSCP gives more opportunities

You could also check out eCPPT

Cheaper alternative for OSCP

So basically eJPT by ine it would be 200$ with course+ voucher and eCPPT it's 749+200 eCPPT voucher

Do you think it's valid try eJPT before and try something? Like if I finish all and pass in 6 months I still have 6 months to try a job or make a "blog" or just grow up on community

You don’t have to take the course for eCPPT

You could learn on THM/HTB

But I’d say that eJPT is a great start, definitely will prepare you mentally for future exams

I took it a few years ago, it was fun

I dont live in USA or Europe and here it's like 95% cert and 5% showed skills like ctf and stuff

Don't know if I can had a 100% remote job from here but probably has something

It’s really uncommon to get a remote international position for a junior, but you might be lucky haha

You never know, some people land a pentesting position even without any certs

Usually you've gotta win a high profile contest or just get really lucky and meet the right person. It's possible but it's a bit of a moonshot

Usually pentesters work their way up from other positions

That's why I want a cert even if a start one, when it became a job that ill get paid I can invest more to get more cert beside the experiencie doing ctf,koth and general stuff

Obviously I don't pretend like eJPT and than I apply on senior things but maybe help on bugbounty programs and stuff would proof that I'm good on pentest and open some doors too

There aren't a lot of Jr Pentest roles available but it's not completely impossible. Being in an area with lots of tech companies will help. It'll take a while to build a reputation as a bug bounty hunter just be aware

Which path you would use if you had to start from scratch?

Start with Security+, look for help desk or SOC roles. Maybe Sysadmin or networking if you get a Microsoft or Cisco cert as well

I'm thinking how to do that to land a job and I think for me the best way would be thm till I get really confident and stuff then try eJPT to start make something about a real job

But I'm not on the area rn so idk

Do you think you can reach sec+ just studying in thm?

I'd definitely at least get some practice tests. It's a lot more conceptual whereas THM is very hands on, so I think a book or video course would help too. I used a book and video course to study

Anyone w/ experience in consulting jobs or engineering jobs and looking for a new full-time role? Hmu

I would post in #jobs-board but I can’t.

Yes, you need to verify your account and also verify with Admins.

To verify your account, follow these instructions:

!docs verify

@distant pier

@distant pier are you #jobs-board verifyer now?

Ah Jabba is here

Well lot recruiters here talk about CEH, that's why I though ejpt would be a good starting point

Everyone says that ceh it's a multiple choice

And obviously the price too it's literally the Doble of ejpt

I've heard CEH is desirable for some countries like India. Here in the US it's pretty meaningless

In Brazil have lot recruiters looking for CEH

Even to more advanced roles

Maybe if he knows that ejpt it's "better" or let me explain at least I could have a chance

But honestly idk where to go

I'd suggest looking for something more entry level

If you can afford it, I'd recommend going OSCP. Otherwise go with PNPT or CPTS.

To start I was thinking in junior or just trainee but red team/pentester because like I rly rly like to much study the offensive part

Tried study some blue things but it's no the same

You should get comfortable with the basics and spend time learning on THM as much as possible with the goal of pursuing a cert eventually.

Or course my initial plan was finish Jr pen path, thant go to pentest+ red team and all other (not exactly that order) but then try eJPT

After all of that and lot and lot CTF koth and practice

It's a good idea to pursue the paths just to learn the techniques in them. The eJPT course is an alright intro but it won't get you a role as a pentester and will just push you to go for the eCPPT. It's fine if that's the path you want to take but the other pentesting certs I mentioned cover all the stuff the eJPT does in the early part and brings you to the minimum level expected really of a junior pentester, OSCP being widely recognised.

Doing CTFs and koth and practice will also help up your skills and you'll encounter lots of other resources throughout your experience. It just takes time

Essentially a Discord Admin would be able to do this. 🙂

After PNPT it's just like OSCP and OSEP?

Or PNPT it's like a intermediate level?

Not to rain on your parade or anything.... but what do you think the value proposition of pentest and red team ops is to a business?

Help improve the health of the company's cybersecurity and reduce the risk of attacks that compromise your data or attacks in general?

CEH doesn't have a lot of value outside of India - I would strongly recommend looking at other options first, as ECCouncil has a history of bad behavior, and their material is largely regarded as a joke. I've heard the practical is different, but for the cost I think better, less recognized certs are preferable.

What's the mechanism that allows for that?

Here in Brazil I see lot asking them too but don't intend go forward with (ceh)

What do you mean by mechanism?
Like the pathway
Planning and etc...?

I just learned I didn't get selected for a job in IT support and data verification. It was a close choice between me and another candidate they said but the only feedback on their choosing the other candidate was they had a "better feeling during the interview". I am just exhausted of constantly applying to entry level part time jobs as a student just to be constantly turned away either cause someone else fits better the criteria or whatever this feedback was that I just received. It makes me feel frustrated and like a failure (I have been applying for about a year non stop the second I find something fitting).

Does anyone have any advice to give? I feel desperate and emotionally run-down

It's the reporting - the entire value of a pentest is in the report that gets turned in. As a pentester, you can expect to spend a significant amount of time writing the report, even if there are very few vulnerabilities or findings.
Being a pentester sounds like its the sexiest job in IT until it comes time to hand over deliverables - if the report isn't well written, the entire pentest engagement is a waste of time and money for the client.

This is normal - I've been through 5-10 different interviews just like you're describing before finding a job, and the job I found was from a recommendation a friend who is more senior gave on my behalf.

Networking is the most important part of job hunting, ask your instructors, alumni if they know of openings you would be a fit for.

Meetup groups can also be a good route to build that network, even if they aren't technical. Cooking, woodworking, any hobby you are interested in can be a good place to start making those connections.

If you are still a student, focus on internships, those slots for next summer are going to start opening in a couple of months if you can get an 'in' with local hiring managers that can take a lot of the pressure off

OK so basically you're telling me to study how to report too?

I'm saying that being a pentester isn't nearly as much fun as it looks like from the outside. It sounds to me like you thought pentesting was breaking stuff all the time - it's really not. At least 50% of an engagement is spent writing the report and discussing and negotiating findings with the client.

Being a good writer is a requirement for being a good pentester, as the entire value of a pentest is in the report. If you hate writing, pentest is not for you

I had a bit of an idea about it honestly I don't care about the writing part (don't get me wrong it's not like I don't want to do it but I don't care in the sense of learning it either) I've been researching some stuff and I even saw some exemplary models of how they are done, in fact I still have no experience and I will certainly need to learn a lot of things about how to report I have no doubts about it but I really want to learn and work with it

Basically saying I want to learn pentest not cracking things for fun

If write report is part of it I'm want to learn it too

Any of the pentest certifications I mentioned earlier require a report as part of completing the exam, as they tend to simulate a regular pentesting environment. It's something to take your time with. Since you're only starting out, spend time doing THM rooms, both walkthroughs and challenges. Take notes about your progress in each of the tasks and the commands/techniques you use, their outputs and you'll soon learn how to build up skills to perform certain attacks. It's a slow road. Don't rush it. Have fun

In Jr pentest path I'm already taking notes like how to ro some SQL injection already had some with burp,passive and active reconnaissance and Nmap that I'm doing rn

When I start do some ctf I pretend to take notes too like what did I do for get like a pass or a user or just a port or just document it

not that it’s glamorous but if you did want to: Elements of Style & To Sell is Human

procedure I used was to email me the posting from their corpo account

💯 I've DMed them to send exactly that. 🙌

Thank you for the input, I will keep an eye open for the summer internship openings and try to make some connections!

Gave +1 Rep to @flat sedge

just passed my net+ 😄 I think i'm gonna go for eJPT next

could I get a net+ role by chance? @tacit bobcat

or any mod

My recommendation, if you can afford it, and you're interested in a career as a penetration tester is to go for OSCP instead. eJPT teaches you a few basics and won't get you a role and pushes you towards the eCPPT. You'll learn all the eJPT stuff early on in the OSCP. If you don't have the budget for OSCP, you might consider the TCM PNPT or the HTB CPTS. Both will teach you quite a lot about pentesting, including how to produce a report.

However, continuing your learning with THM will provide you a lot of the knowledge you need to know in order to decide if pursuing a pentester career is what you want.

hmmm

yea my long term plan was kinda go for eJPT to prep for OSCP eventually

or eJPT -> eCPPT -> OSCP

bc yea OSCP is not very cheap

also this isn't necessarily specifically to get a job, it's more seeing if like the red side, personal goals, and then career potential eventually

because I'm also already working as a security analyst

Well it is ultimately your decision about how you approach it. I would suggest looking at comparisons for the different paths to your goal. Ideally you should get an employer to pay for an exam you need to do your job. I know that's not always feasible but yeah if you're exploring, doing the eJPT to see what the challenge is like and if you enjoy it might be worthwhile.

You might like to try TCM's equivalent PJPT or you could check out his free 15 hours of tutorials on The Cyber Mentor's YouTube channel to see what you think of his training methodology. It's always best to have lots of free and cheap resources before you go committing to a certification path

ye I did do quite a bit of THM a couple summers ago

will definitely try to get employer to pay for eJPT

TCM = The Cyber Mentor, a little bit different 🙂

yea I meant THM

THM's stuff is a really good way to build and sharpen your skills as you learn

I would recommend against paying for OSCP on your own. It's too expensive

DM me proof of cert, and I'll get the role on you

work may be able to pay for OSCP then

need hep

need help with been an soc analyst

Do you all have recommendations for CISSP bootcamps?

Pearson-Vue online resources were the most useful study aids I found

I've been reading the CBK and the study guide (both published by Sybex) while doing another cert too

Thanks juun!

Gave +1 Rep to @flat sedge

I’ve been reading some in the Sybex book for it. My boss is wanting me to take the exam next summer but get quotes for study materials and bootcamps now

IIRC Sybex is the 'professional' arm of Pearson-Vue - I don't remember if it's a subsidiary of PV or Wiley with any real confidence though

Any Threat Hunters in here?

I'm guessing there's going to be an exam refresh next year as the last one was 2021

I found the bootcamp I got sent to for CISSP to be largely useless

How come? Just a bad bootcamp or did you already know most of the information?

i've heard the same from two people

Makes sense to me. Will keep an eye out for a book refresh too then

I'll go looking for better info but I'm sure you'll still be able to take the current version until there's an announcement about it on the isc2 website

And yeah, I like the study guide. The author, Mike Chapple helped co-write the actual CBK afaik and I've used his book on cyberwarfare for academic work too

Hey, so should I put that I did the SOC room on my resume?

Personally I am kind of meh on it. You could put TryHackMe as a whole on the resume under an Extracurriculars section

But it's not experience or education

Or a certification

THM has any room to learn about report things?

What do you mean by report things? Like report writing?

Morning guys … which is more technical, Microsoft SC-200 or Cysa+? For some tryna get into SOC or Consultancy?

You could for example take the report template for OSCP and try to recreate the same style for a THM room

Any company that will hire you for an internship/junior position will teach you how they write reports. They might also use reporting software like PlexTrac or Dradis, so it usually depends on the employee how the final report looks like

The sc-200 is geared towards operating in a Windows/Linux/Azure environment and so you already should be familiar with that cloud environment. The CySA+ is more generalised. Both would require a reasonable level of technical know-how. It really depends on the employer and whether they require the specific skills of each training plan to acquire the cert

Yeah … That’s what I heard … Thanks for the response, very helpful.

Can anyone help with materials or practice questions for the sc-200 ?

Gave +1 Rep to @rugged delta

Nice. This site has every version of mac operating systems emulated going back to 1984. https://infinitemac.org/

Which is more technical…AZ-500: Microsoft Azure Security Technologies or SC-500
Microsoft Certified: Security Operations Analyst Associate

Also which is more suitable for somebody trying to get into information security … I just passed Security+ … and that one was a bit too easy. Need something kinda technical and not too much for someone that hasn’t worked in information security … #Have 2 years experience experience as an IT service analyst

Those are more geared towards Microsoft technologies

If you have access to those technologies, they are by all means worth it but if not maybe you can give more information on what role you’re trying to achieve?

Not a THM room, but I have heard good things about this https://developers.google.com/tech-writing/

https://learn.microsoft.com/en-us/certifications/resources/study-guides/sc-200

SOC analyst 1 or Junior Security Consultant
Thanks for the response @dense dagger

Gave +1 Rep to @dense dagger

A SOC L1 role may be different from a security consultant role, with the former being a more entry level job than a consultancy role AFAIK

True … I just passed my Security+ … a bunch SOC job descriptions in the UK have a Microsoft tool on it which is I feel the SC-200 might be worth it , but NO I don’t have access to the technologies, not yet …

SC-200 is related to Microsoft Sentinel I think

with Sec+, you can get entry level security roles, maybe security analyst role?

Yeah it is

Hey guys, would anyone mind doing a review of my resume? Sorry the margins are so tight, I saved the Word document as a clear image the best I could. Thank you. - Tim

It's a lot clearer if you click "open in browser"

Hi, sorry to say but I don't think TryHackMe qualifies as certifications

Self study shouldn't be put under experience, I'd make a new category like "Personal Interests" or "Homelabs" and like Mknukn said there is a difference between certications and certificates of completion

With the experience section, you don't look like you have any that is actually relevant. Looks like you're studying so maybe an internship would look better there.

@dense dagger @worthy shoal thanks for the advice!

Gave +1 Rep to @dense dagger

With key projects, I understand that you want to showcase the things you've done but these just look like course assessments

Projects should be things like you are doing or are trying to solve or maybe building. An example project would be building an AWS honeypot where you detect malicious traffic against it, visualize it with log analysis, etc.

Looking over quickly, I personally don't like summaries, but i know others do. I think it's what a Cover Letter is for. Your education should have relevant courses. THM is not a certification, it should go under Extracurriculars. Student is not professional experience. Skills should go up next to certifications. Everything you've put in skills you should be able to talk about, in-depth, for 20 minutes minimum.

Yes, I agree! Don't just throw in things that makes your resume look fancy. It might backfire on you.

Thanks for the feedback everyone. What do you guys think of this video? It's where I got the layout for my resume. https://www.youtube.com/watch?v=LFlsDm8w36A

I saw it and didn't watch just based off of the thumbnail and title

These are not projects, more like short courses

Projects are where you apply the things you learn

For e.g., the person outlines Intro to AD, with the knowledge you've learned from that, how can you apply it to a project

One example is to create an Active Directory network, harden this network, see how GPO works, find ways to misconfigure those and try to detect those with vulnerability scanners, etc.

You can even try to set up automation like automating the set up of an AD network of 1 DC and 2 client machines and subsequently hardening them by running a PowerShell script, all fully automated

Then spinning up a new client machine that automatically joins to the AD network through automation

You can of course always start with something simple and something you can do and slowly build up from that.

@dense dagger thanks for the advice 👍

Gave +1 Rep to @dense dagger

Hey, I’m new here. My background is in computer science and I took a security class in college. I’ve been a software engineer for 2 years but I am considering switching into cyber. So far I’ve been on try hack me learning about pen testing. I think it interests me so far. I haven’t been able to understand so far how to gain experience. Is it solely through certifications?

It can be through alot of things

Try applying security into your software engineering role

Before jumping into pentesting, look into CI/CD pipeline security automation, devSecOps, and SDLC for the products you work on - if you express interest, you may be able to help with the client side of a pentest, and you can start to see what it's like from the other side

Can anyone check #bug-bounty and also #programming

This is super impatient and rude. Please do not post and then ask people to go check your question from another channel. Everyone here is a volunteer and gives their time if and when they can.

I know

So I am looking at what jobs I would get out of college and I am confused. All of the entry level security analyst jobs in my area require 2+ years of experience. How are you supposed to get industry experience if you can't get into the industry?

it is usually through other roles in IT

but there is also chance companies hire fresh graduates right at the start

but its a common steppingstone to get skills in IT then transition into a security role

some even start working before finishing uni

Yep, that is also possible

esp. if you perform well at an internship and are offered a full time role

Hi everyone, I'm new here. I am second year cybersecurity university student, and I want to ask that are there any high demand certificate for security analyst or SOC analyst?

This will vary a lot depending on area, company, country, and maybe a few other factors. In general, a lot of companies for security roles tend to list Sec+. But check a bunch of roles in your area and see if there's a pattern. It could be a lot of companies in your area asking for something different

Most will ask for sec+, it is a great cyber security certification to have.

thanks alex and Afrain, but Are there any higher level certificate I can take?

higher level for what purpose?

after sec +, you can take pentest + if you are interested in the ethical hacking domain. Though some people do cysa after sec +.

Splunk certifications are also great for SOC analyst or actually quite a few security positions

if you are interested in blue teaming, you can do cysa.

Do you guys recommend certificate from comptia or Cisco like Cisco Cyberops?

comptia is worldwide, in which i recommend it since the certs are recognized by many companies

thanks a lot Afrain 😇

your welcome

The sec+ exam can be online?

You can take it at home, but you need to install proctoring software on your machine and also completely clear your desk

Imo testing center is easier/less invasive

Need to stay at your computer all through the exam too

So you'd need to ignore the door etc.

testing centers are also very common across the US, it's often faster to use the testing center than to configure your local machine

I dont live in US or Europe so

You can go lookup where testing centers in your country are located on Comptia's website I believe. If there is one reasonably close I'd recommend going there, if not online is of course an option, although it can be a pain as others have said

Anywhere Pearson Vue exists

Hi there,
Is there a German professional here who can answer a few specific questions about the course of the IT-studies in Germany via dm?

@mighty sigil is this your wheelhouse? I thought I remembered you being from Germany? No obligation for DM, feel free to keep the convo here.

I am from Germany, but I am still a student myself, so the entire „professional“ part of this is debatable. Happy to answer questions tho.

DMs are open too, but I will probably respond tomorrow, it‘s late.

Nice, I´m sure you can help me out, the "professional" maybe was not the correct term for what I´m looking for and will include you, for sure!
I´ll hit you up tomorrow.

Works for me.

Your questions will likely be useful for other people, and getting multiple perspectives can be very helpful - i would recommend you ask your questions here as well

Could someone point me to resources about home labs for beginners?

Have you done an initial search utilizing your favorite search engine and/or video streaming platform? I can tell you that there is a ton of content at your fingertips.

Yeah and i found some good ones, just wanted to check this community to see if there were actual like standard things that people go to

Yeah, In know that people might be interested in and normally I would ask any question in public.
But it is a very specific question about lateral entry into IT and the education system in Germany.
Unfortunately, my english speaking/writing skills are not that good as my english understanding skills.
If my questions are answered, I could do a Summary about it and post it on here in english.
Would that make sense?

It's up to you - I know there are a number of people based in germany who regularly check in here. You may find value in getting input from them or from other EU people.

I have questions on cv templates,

• black and white or with some color?
• long detailed paragraphs or concise bullet points?

Black and white with concise bullet points

concise doesn't mean 1 word

Hi all, I just recently graduated with my associates in cybersecurity, I have my Sec+ and google cybersecurity certificates. I’m hoping to eventually end up doing pen testing or reverse engineering and was just looking for some suggestions for good entry level jobs to start building towards that.

Any security job but preferrably something that is technical in nature

Your resume is your elevator pitch to HR and the hiring manager. You want clearly answer the basic questions of 'why are you qualified for the role'

Thank you

Gave +1 Rep to @stoic cave

Mhm mhm I understand, a matter of word choice then

So clearly answer but not long-winded sentences?

yes, you should be able to express what you have done, what you can do and what you are interested in doing

I'll take note of that, thanks

Gave +1 Rep to @pseudo creek

Hey guys got a job interview last week for a soc analyst at a big telecommunications company for a level1 soc analyst in Greece the interview went very good and they told me they would call back to inform me about their decision.Its been a week tho and haven't heard back .If they have rejected me would they have called me?

Have you tried contacting them?

Not yet thought I could give it some more time

But I'm a bit anxious tbh lol

It shows interest if you maintain contact. Usually after about 5-7 business days, if you haven't heard back, it's usually a good idea to send a thank-you note for the opportunity to interview and ask if they have further information regarding the role

Thank you will do so

Gave +1 Rep to @rugged delta

If I haven't gotten an answer by Thursday I will contact them

how does this channel work

We talk about cybersecurity, careers, jobs, qualifications, certs, etc

oh sick, does that mean i could ask for tips and what not

on getting jobs

You can ask for tips about what you should be doing to make a career in cybersecurity, discuss your experience, cv/resume, qualifications, etc.

You should verify as well

!docs verify

lemme check that out real quick

thanks

Welcome

Hi guys … I have started preparing to take the SC-200 … just need some more info, How long should it take to study for the exam ?, are there any downside to the certification ?, also can someone help with study materials?
Thanks. kind regards

I did send you a link I found the other day. There's lots of info there. Maybe someone else knows more about that cert but I'm sure there's lots of other info about it out there. I notice there's lots of books about it on Amazon but these tests get updated frequently so the books may not be current. You would have to confirm that.
#cyber-and-careers message

Ass for how long it should take, that would depend on your own commitment and progress. Self-study courses have their own rough estimates but the differ for each one. Downsides, I'm not sure. I don't have much knowledge about current MS certifications. I'm sre it's advantageous for you to acquire the relevant skills for an appropriate role in your current or a potential future job

hi guys, have problem using Firefox browser on the machine. kindly assist

I am in intro to offensive security page and i cant answer question 2

#room-help

Also:

!docs verify

Is an associates in IT worth it or just straight into help desk?

is a CS bachelors an option?

ayo how do i get a helpdesk job? should i go for a A+, im in college right now and would like to get a job.

Hello guys

A+ is a merit for helpdesk so yeah not a bad choice

Check out helpdesk positions in the areas you want to work in, check out their descriptions so you get a good idea of what is required.

Help desk is entry level so you shouldn't be too challenging

Apply ahead before you graduate as well

@nova flame hello

@glossy dock Please do not post email addresses here

@cobalt escarp sorry, about that. I won't anymore.

Hi guys i am looking at becoming a SOC analyst and was wondering if there are any on here that I can reach out to to find out more about the role and what areas of cybersecurity I should be focusing on? I am currently working my way through the SOC 1 pathway but I would love to speak to someone already in the role to get a feel for things like day to day tasks and that kind of stuff. FYI I am based in Australia if that matters

It doesn't have to be in person it can be virtual I don't mind the method of communication

Hello @rugged forge 🙂

How exciting! We have two guides that might be of interest to you:

https://tryhackme.com/r/resources/blog/become-level-1-soc-analyst
https://tryhackme.com/r/resources/blog/interview-with-soc-analyst

Discord is full of helpful enthusiasts that I’m sure will be able to offer you some insight. Otherwise, we have stories from Hayden and Konstantinos, who detail their journeys and offer some pretty valuable advice!

https://tryhackme.com/r/resources/blog/haydens-success-story
https://tryhackme.com/r/resources/blog/konstantinos-success-story

^ They also might be able to chat if you reach out via LinkedIn (links are in the blogs listed above)

Hope this helps 😃

Thanks for that look forward to having a read 😊👍🏻

What is the difference between being internal and consultant ?
Are the requirements different ?

Hey, i wanna ask. If i want to prepare myself for CRTIA certification, what room or what path in thm should i take?

The SOC1 and Cyber Defense path seem to be in line

hey guys do you thing this certification would be good for someone seeking an ethical hacking job https://skillsforall.com/course/ethical-hacker?courseLang=en-US&instance_id=80c156bc-84a4-47c9-a233-5eafe7bdde82 ?

This is not a certification

It's more like a short course on ethical hacking

understandable im looking through courses that might get me my first job in cybersecurity

Good luck in finding one!

Try to look at SOC L1 and/or security analyst roles

thanks : )

Gave +1 Rep to @dense dagger

why do universities dive deep into things like CBC mode integrity issues and the number theory behind RSA when it just isn't useful

why’s it not useful?

might not be for what you wanna do

but someone’s gotta get into crypto

surely most cybersecurity jobs don't need you to know that sort of cryptography

it’s a part of both computer science and cyber security though

Hello guys, I'm preparing for CEH exam and so far it's not that good as I am reading the book the EC council have provided. I need any video content about CEH to prepare for it. So if possible please provide me with resources! Thank You

Are you in India? Otherwise CEH is not a recommended cert to pursue. It's mostly a plagiarised Pentest+ with a higher pricetag and there are much better certs to pursue

Also you should verify

!docs verify

Yeah I'm in India

just a min

Is there any video resources that I can rely on to learn

Have you searched YouTube? There's several youtubers with suggestions on this

Yes didn't any appropriate ones, they are just explaining what is CEH

I'm not sure of any free resources for it but there are courses on udemy and other training sites with reasonable pricing

Hello, how to demonstrate skills for Penetration Testing, it is hard to get an interview.
And what is the difference between being internal and consultant ?
Are the requirements different ?

Internal - you do pentest for the companies' assets
consultant - you do pentest for clients of the company

in terms of actual testing, it’s the same

the way you go about it will be different though

as a consultant there’s more paperwork involved

requirements are different largely on experience. with consultancy, you need more experience i'd say

Pentest is also 90% report writing, not just dropping exploits

Demonstrating that you're capable for the role typically comes from having worked in other areas of the Cybersecurity Industry

there may be also certification requirements like OSCP, OSEP, CRTO, GPEN, etc.

You can also show that you do things like THM or HTB in the Extracurricular category of you're resume

Right, those typically need to be paired with some form of work experience. They're also too expensive to have someone pay on their own

So consultant has harder requirements than internal?

Not necessarily

I wouldn't say harder requirements. Companies pay consultants for expertise. If you don't have demonstrable and quantified expertise, you are not qualified to be a consultant

I need suggestion from you guys I would to pursing my way in to as cybersecurity engineer and I would like to have suggestions how I can start in tryhack me which path I should take first currently I am working on pre security path also I am in school for bachelor in information technology. But need suggestions from you to improve my skills and how I can achieve my goal

Hi everyone!! Im working on applying for new jobs in cybersecurity that are remote as I am moving soon.
I have a BS in Computer Information Systems and have been working as a Security Analyst for about 10months now but no security certificates. I have been applying for a month and have not received may interviews.
Are there any recommendations you have to improve a resume/cover letter? I have also created a portfolio website but have not posted any projects- any project recommendations specific to cybersecurity?

This is the Security Engineer Intro room. This is the start of your adventure:
https://tryhackme.com/room/securityengineerintro

You can post a version of your resume here with any personal info/company/colleges blanked out and you will get plenty of suggestions. I would suggest pursuing the Security+ at least as an intro as it's well known and on hr radar. Other major certs include CISSP and OSCP but they're more expensive and might take longer.

Applying to cybersec roles can take a while, especially if you're new. Watch this video for some advice:
https://www.youtube.com/watch?v=WRv6OYf5PsU

This is great! Thank you!!
I havent determined a specific path I’d like to take in cybersecurity, which is another one of my struggles. But Im hoping with more experience and online training, I will be able to find the path that fits me.

Gave +1 Rep to @rugged delta

Enjoy the journey. There's lots of scope for different roles in the field, it's a long road and there's always room to pivot

Hi, I have a question, I've heard advice for entry level cybersecurity roles such as being active in communities, building a good portfolio, tips on making a good resume, etc, but what I wanna know is if and when I do all this, how attractive does it make me to companies

Does it put me in the top 70%, 30% how much of an advantage do these tips give?

The best thing you can do is get a degree and certs

Building tools and blogs on a detailed attack/venue/vuln. helps too

Certifications get you a job, a degree will get you higher pay. You can get a job without a degree, but you are unlikely to get one without relevant cert(s).

Interviewing well can overcome a lot. If you can talk shop and speak confidently, it can easily overshadow holes in your resume. That being said, getting the interview tends to be the hardest part.

My company fills positions based on the skillsets we are lacking. If I need someone that can develop test cases against embedded systems or discreet comms, that is what I am going to look for first. The Sec+ is just the barrier to entry, and even that I can waive for 6 months. If you have no OJT experience, but have a solid portfolio of PoCs in that area, I am likely going to interview you.

HR used to require that we interview using the STAR format; which limited the types of questions I could ask and meant unqualified candidates made it in while others who should have been hired did not.

That went away last year and now I can pretty much do whatever the hell I want in an interview that isn't federally illegal. The last interview my team hosted, we asked our candidate to walk us through a hypothetical attack path analysis

Thanks @vital laurel

Gave +1 Rep to @vital laurel

Thank you too @boreal zephyr very insightful

Now I'm more driven to do practical projects and skills

Happy to help. I am online for a bit, if you have questions or anything you want to talk about, I am happy to share my experiences with you.

Actually I am feeling a bit chatty, so if you'll allow me to proselytize a bit, I will share with you my personal philosophy on the industry and what I feel many platforms, like this one, are missing

Firstly, I see conversations on "certs vs. degree" all day long. Its missing the forest for the trees. I see "red team vs blue team vs purple team", just successors to the "white vs black vs gray hat" arguments of the early 00's. Again, missing the forest for the trees.

These are just Fancy Capitalized Terms which represent a concept, but don't speak to anything real in the industry.

What really matters, are skillsets and focus areas.

Most of this industry operates in layers and platforms. Layers, just like the OSI model you have likely read about in school. Folks in the FSD layer live at 6/7, your C programmers and reversing folks live down in the mud and dirt, finding opcode traps. etc etc etc. Then you have platforms. Enterprise IT is a different beast than, say, RTOS/embedded systems, or industrial compute, or weapons/defense systems. Truly, its turtles all the way down.

You need to find your niche. Where do you want to live and work? Foundational IT is important, but so many cyber professionals are so highly abstracted that they often only succeed in engineering roles for a few years before being forced into management to avoid being outclassed by their specialist engineering peers

So you end up with a ton of generalist cyber managers/leads with CISSP and SEC+, and not a single one of them that have any sort of real technical skill. They have the certs, education, and experience, but none of the skillset to execute a solid security architecture.

My challenge to all of you wonderful neighbors, is to find your niche. Develop a skillset that outclasses your generalist peers so that you may eclipse them in both skill and pay. Find your passion in the industry, and stop chasing the minimum barrier for entry.

Do you know any of the sites, like I can't find anything on Udemy

Thanks for sharing ur view on the field, I think I'm too new to the field to appreciate it fully but I get the main points,
so for now I'll be working on my foundations, explore niches, find one I like, specialize in it then if I present it well, jobs will follow, hopefully this is a good implementation of what u described

Gave +1 Rep to @boreal zephyr

Hey guys 🙂 I'm curious about how a usual Help Desk job works. Do you answer a call after a call, or is there a help desk job where I could just read emails in peace and solve everything via email or online chat?

I enjoy helping people; whenever someone needs help, I'm the first friend they text.

But if I could, I would choose a job in IT where I have to answer the least calls.

This was super helpful thanks soo much for sharin🙌

Gave +1 Rep to @boreal zephyr

I'd say it largely depends on where you will be assigned and the company culture

unfortunately to my knowledge it varies per job, some have alot of phone usage some dont. Depends, id say from experience its a mix of phone and email use. @warm hinge all the best

Higher ups would lean towards calls, etc. while other staff might just shoot up an email or message for your help

But if the company implements like a hotline for IT support, you might be taking calls

I just googled ceh courses and one on udemy came up. You'll need to search for the right one yourself

Yeah that's a course for the practical exam.

Ok I'll try my best thank you

Most people just go with the book. It's all theory so you're going to need to read it all anyway, even with a course

Being well placed in ,ational CTF does have an impact for hr and salary ?

It depends. It can have a positive impact with hr and when meeting people at events, making connections can get you a recommendation. Salary generally depends on your experience and qualifications/certifications. Holding a degree or masters might have a bigger impact on your salary, as well as holding desired qualifications, like OSCP or CISSP. The organisation might provide finance/resources to help you pursue these on the job, or they might compensate you for the expense once you pass.

CTFs are good for learning how to apply tools and techniques, as well as figuring out complex puzzles in an environment. CTFs are different from penetration tests though, in that a pentest's objective is to find and exploit multiple vulnerabilites within the scope of an assignment with the goal to produce a report cataloguing and detailing the extent of the risks you encountered; whereas a CTF is a game with an objective such as gaining root/administrator access, maintaining control, finding flags, etc. You're not doing a pentest with the express objective of breaking in and quickly ransacking a target. it's something many CTFers regularly overlook

It is a talking point on a resume and will demonstrate skills; it may give you a leg up over other candidates but I wouldn't use it specifically to negotiate a higher wage. wage is usually DOE so all factors are considered to determine where you land on the pay scale.

thx for the awnsers

Hey everyone :) I want to get into pentesting and my roadmap is currently roughly something like
A+, Net+, Sec+, PNPT etc.

i’m thinking of just skipping the A+,
the a+ core 1 and 2 would take 6 months, then 3 months for net+, 3 months for sec+, and however much time for PNPT

can’t i just save time by skipping 6 months of a+? the course seems irrelevant to my goals of pentesting and i think doing net+ and sec+ in the time it would take of just getting the a+ is much more valuable

thank you :)

also getting a job immediately isn’t my highest priority, i can wait to get my net+, sec+ and something else/PNPT for context ^^ thank you again

Are you planning to pay for all of it out of your own pocket?

I would look at less like you are "skipping over" and evaluate what knowledge and demonstration of expertise you ened to get to the job you want

If you already know the A+ material, there is little sense in doing A+ unless it's a hard to pass filter from HR. In any case, my advice is to look at what the job reqs are before spending any money to get certs.

Is this a good roadmap?
https://youtu.be/8K7iAJ9BNl0?si=YA6WeKNh_V1hv1ZI

Tldw:

• Google cybersecurity
• Learn hacking (in the video they mention HTB but I prefer THM)
• eJPT
• eCPPT/PNTP
• OSCP
• Portfolio projects
• Get a job
• Specialize

rn I'm still a student and doing Google Cybersecurity and THM

I’d say Sec+ is enough to get a job

You don’t need all those certifications and you certainly don’t need to pay for all of them.

If you’re a student, focus on landing a great internship

yep, another reason why i’d prefer to go to net+ also nice profile pic ^^

i don’t know the A+ material really, which is why i’m thinking of looking for jobs past IT support to start with, network engineer or something like that once i get net+ and sec+

I’d say Net+ is enough to get a job as a junior network engineer

You can then get Sec+ to be paid by your employer

i’m gonna try spend those spare 6 months i would’ve spent on the a+ getting a more valuable cert or network role, thank you both ^^

Will do! But in the vid he said for offsec, practical skills is better so dont go for mcq based like the sec+ and go for the ones that test practical skills, whats ur opinion on that

That is true but you also have to factor in job opportunities in your local area. Check if they consider fresh graduates for their pentest teams.

I seldom see a job listing for offensive security roles that hires out of college

Sec+ is not bad at all, don’t look at the exam but rather the course content. You are being trained on that content (which encompasses a lot of security domains) than lets say eJPT and eCPPT/PNPT and OSCP

Ah I got it, gotta tailor it to my local job listings too, thanks man

Gave +1 Rep to @dense dagger

Hii

Have anyone took ejptv2 before? Any recommendations or steps before taking it?

You are still learning so you should focus on that for now instead of certs

The fact u remember this is embarrassing

It was just yesterday

My memory is good

Lmao

Complete paths on try hack me and gain experience

I only need it for that intership ugh , it would increase my chances

Straight jumping to certs ?

I have completed 3 room’s today on the pre security path, nd the progress is insane. I like it

I use to do like 10 rooms a day when i started

Ima complete the rest rn

In start progress is very fast but after reaching high level it will be tough

Cuz u r a Harry Potter enemy lol

Also you are making notes right ?

Ofc i do

We both friends 😀

See my banner

Harry is right there

Good

Brah

At least this motivated me

Verify yourself and you will get a role here for ur level

Stay motivated tryhackme will make everything interesting

My childhood crush what hes doing here lmao

I hope so, after thm i will try to move to htb to enhance my knowledge

Harmony is still my crush

Im talking about harry, not u dummy lol

You can do boxes on Htb

Try hack me is pretty complete package anyway

I know Xd

Just talking about my crush 😒

Whats ur level of knowledge rn?

Still noob

all depends on the type of knowledge you already have.

Yah exactly what a pro learner could say

Not joking , still learning actually there are so much things

But a decent knowledge i will say

You need :
Linux fundamentals+
Bash Scripting
Active/Passive info gathering
etc.

When you buy the voucher you get 3 months access to their fundamentals section within INE.
They go over most of the important stuff that you may need.

I guess pre security path and jr pentest are enough for this

You need to practice ctfs

Cool

Completing paths isn’t enough

Also do retired machines on HTB

Yea +1

It's worth the price. 100%

I know i saw a YouTube video stated the labs and the ctfs we should practice before taking it

After completing paths , go for retired machines on hack the box and watch ippsec videos side by side

Yes yes captain , noted

Do you write blogs ?

Why😭

I use to write all the things i did , like capturing my progress

Not necessary but just a good habit

You are just starting so it’s not a bad idea to blog yourself daily

Um i mean i have tried before but not for cyber , but i will do these stuff on medium

Daily life things ?

Hmm….yes..

Journalist

Good girl

Good habit imo

Keep working hard , don’t compare yourself with anyone in this field

It’s you vs you .

Good luck , enough motivation for today

Thats what im doing, I actually hate comparing

Xoxoxo

Yea it’s better to just not compare

Verify yourself @haughty linden

Uh whyy i have did it yesterday

I don’t think so

Lmao duh

Can you send screenshot here ?

Yes

Nah

Wait

See my profile

I have verified role

!docs verify

Link ur try hack me token

It’s easy

Purrrr

Now im verified

Congrats 🥳

<

Someone who is good at managing projects, knows their infosec stuff & has a masters can secure a Manager level role & earn more than someone who has way more technical expertise than them but works in a role below them…right ?

Managing positions do require experience so obv they will have to work their way up to it

But someone may be able to land one if that’s their aim & they have a masters with a few years of experience?

Higher pay is at the managing level so then ur managing skills become more valuable than ur techincal knowledge ?

obv u will still have the understanding of it but wouldn’t go deep into it

Curious if in my resume I should put THM under training and education, or experience, or a combination of the two? What do y’all think?

@trail solar if you are trying to get into pentesting without experience in IT/Cybersec you are going to have a hard time btw, you haven't mentioned if you have any IT background, but pentesting is not an entry level field. You did mention that you worked in medicine though, so perhaps an IT role at a hospital or the likes would be a good transition for you?

Even then. I applied for an entry level IT role, and I still got rejected.

I keep seeing a ton of jr pentesting roles, and entry level IT roles.

It’s getting very discouraging, and I don’t want to go back to seeing patients.

It could be your resume, it could be HR filtering, there's a lot that can prevent you being seen.

Well you can send your resume here to be reviewed (redact personal information), that may help you a bit, though as juun has just said there is a lot that could be the problem

If you can redact and post images of your resume, there's a few of us here that regularly take a look and provide feedback

It could be that you're either aiming too low or too high for your life experience and employment history

These are two that I’ve been working on

These are two that I’ve been working on

Well since you sent two I am just going to give tips / critiques of them both together. If you have security+ I'd list that under "Certfications" instead of education. Don't rate your own skills like how you have put "basic" in front of them, though you should make sure that anything you list under skills you do truly understand and could talk about for 15+ minutes. I'd put tryhackme under "personal development" like I said before and if you have any home lab stuff that'd be nice to add there as well. Other people can probably give you more advice and help on top of that, but this is just some of my thoughts

First notes: Education is for accredited institutions. Certifications are not education in the same sense. Objective section should be rewritten to clearly state a single objective for what you want to do, if you keep it in. IMO Objective is a section most people should do away with.

Do you have any other certs than Sec+? It's a good cert, but your resume does not say 'ready for pentesting' in any capacity.

Your skills section is a mixture of actual skills and tools. Don't intermix them with bullet points.

How can you relate being an uber driver and medical research whatever to security? it's bad to have a gap, it's just as bad if you cannot justify why those roles contribute to your sucess in your next role.

I'm not really seeing any red flag beyond structure, but the aggregate is enough that I wouldn't want to take a chance on you for a risky position like pentest

For cloud sec, I’m current studying and learning AWS and will sit for SAA after. Should I do the security specialty after that or SAP?

If you're currently studying for a cert, is it proper to put it on the resume? Or just list the skills already gained throughout studying?

I appreciate this, thank you

Gave +1 Rep to @worthy shoal

Thank you

I’d say finish the cert before adding it to your resume

Got it, thanks

Gave +1 Rep to @dense dagger

sup guys, i'm Brazilian but i got a 5 year residence in Portugal that would get me a european citizenship later

let's say that i've got 2 years of experience on SOC roles and i've been studying pentesting and got eJPT and eCCPT but no experience yet, i'd like to know how hard it is to get a job in UK for a foreign that doesn't even live there, i was planning to move or preferably work remotely without having to physically be there, if someone had a similar experience lmk

i've been to Brighton a couple years ago and i loved the people and the climate, personally i don't want to be in Portugal anymore because for some reason looks like Portuguese people hate Brazilians lol

Might need CREST or CHECK and an SC clearance. Not sure how the pentest job market there works but I know those are some requirements for that.

James might know more

Depends on the role, but unlikely to need CTM, and very unlikely to need SC unless it's government (which iirc requires citizenship anyway).
CREST CPSA/CRT or CSTM to get CHECK Team member is definitely helpful, but it's far from required.
Same as with most places tbh: certs and experience are helpful. A degree can be helpful. Showing passion for the subject (e.g. HTB rankings or demonstrations of THM learning / whatever) can be helpful. All depends on the role.

Hi @hushed bone , Muiri to the rescue 🫡