#cyber-and-careers

How do I mix physical and cyber sec into a tangible role that I could list as a career goal

Yeah and just post that you’re learning and have learnt

My understanding of the roles that are out there seem to purely be related to just cyber

What kind of physical cyber are you wanting to do

I'd like to do pen testing, both physical and cyber

I want to simulate being a threat

So I guess red teaming?

Well I did a cyber engineering degree. Did network pen testing last year

No this year I mean

And there is other stuff

Just phone pen testing isn’t an entry level role I’ve been trying to find some myself and they are super rare

I mean that would be a long term career goal, but it's what I would like to do

As far as what I am doing right now though, all I'm doing is being a student, and when I get lucky, some basic introductions at my current job doing some very minor level technician stuff. Taking photographs of racking, identifying access point locations, etc.

Just learn as much as you can and try and get an internship at some point

The goal, last I checked, is to get me some sort of internship at my current job on top of my regular, unrelated job duties. The CTO says we are not there yet.

Just work hard and get your degree first

I didn’t get my internship till i was doing my masters degree

That's that plan. I should still make the LinkedIn though? Just with the basic overview, like we discussed above?

Don't get too set on physical pentesting

It's rare. I'd suggest focusing on jobs with external firms offering pentesting services, and from there see if you can get some physical jobs

Oh, goddamn I am not used to this keyboard

Don't

Wheesht. New keyboard and I'm not used to ANSI. Leave me alone

Ahahahahhahahaha

Yes

Awesome, thank you.

Gave +1 Rep to @vestal egret

I figure it's rare. It's why my focus right now is on cyber. I don't really know if there is a school for "lockpicking and social deception" outside of intelligence services so...

Most folks start out either in a different role (IT / Cyber) then pivot in to pentest, and from there red team. Learn on the job, as it were

My bf did physical pen testing. I could ask him how he got into it

Lock picking I would advise an Amazon order for some picks and practice locks, then youtube videos honestly 😆
Physical pentesting is more than just lockpicking though obviously. I can't tell you a huge amount about it otherwise though -- not something I've had to do at this point

That would be cool if you found that out. I'd appreciate the insight.

Oh yeah, I know, that was just an oversimplification. I already bought a set though 😅

Neat! Just need to practice now 😁

It seems like 70% of it is actually showing up to a building in a Verizon polo, wearing a hi-vis and carrying a clipboard saying "we need to inspect your phone lines, theres ghosts in there"

It seems to be a pretty much ubiquitous hobby for hackers lmao

Help desk would be a good choice to begin your career?

If you must

If I'm doing help desk, I'm doing it at my job assisting the cranky old guy they have on their team and not getting paid $15/hr to do it, I prefer my current pay

for someone who doesn't have job experience

I will do

well yeah tru, then you must

First help desk job I found asks for 5 years experience 🙈

heck

I don't know how that works

😂

It's entry level, howwww

what job can i begin with

If I have 5 years, give me a not entry level job

£291 a month seems to be the average here for this job 🙈

rephrasing it: what job did you begin with

Wouldn't that be like £1.90/hr ?

Yep 😂

My bf tried to get my an it job where he works and they only get 1500 a month. For full time and house prices here aren’t cheap even rent

I don't know what income to housing cost ratios are like in the UK, but that seems like utter garbage

That seems like being a waiter/waitress in the states AND NOT earning tips on top of it

which you can't afford

I’m not in the uk anymore

I’m on 30k just now

I just meant in the context of that sort of help desk role in where I assume is the UK

were you referring to me?

I was looking in Abu Dhabi

yall

Help desk jobs in the uk starts at 25k so I can see

When I look

Never held a tech job. Currently I drive a forklift in a manufacturing plant

Rough

oh so you do cybersec as a hobby

That’s normal salary for recent graduates

are you almost done with your degree?

No, I just started, and actually I just switched majors to give myself a better chance long term

It's why I'm so keen on trying to get hands on, I gotta make up for lost time

I started THM as a learning experience, I don't do this as a hobby

Probably will keep doing THM or HTB long term though

I see..

How long is lost time?

Good luck

(:

about 10 years or so

how old are you

I'm guessing 30+

Not comfortable giving out identifying information like that, but I'm still young enough to make a difference at this point

There's no "late to learn"

One of my uni class mates is in his 50s it’s never too late

and It's never late to make difference

Well that's why I'm doing this, to make the change

I do know that summer internships are things that US undergrads do

Yup, hope you achieve it

I appreciate it, thank you. I'm of the mindset that "I don't have a choice" at this point, it's change or nothing.

Gave +1 Rep to @gleaming remnant

Well for me, I'm trying to facilitate an internship at my current job, but that's down the road a bit

okay seriously what are the best job boards for IT jobs?

huh? seriously? why? arent the others here serious about it?

for IT jobs or cybersec?

open up Linkedin and look what the junior role has as description

Hello everyone, I have a question about a career in cybersecurity. I'm currently undergoing a professional transition, and my goal is to obtain a Bachelor's degree (equivalent to Bac+2 and Bac+3 in France) to eventually pursue a Master's degree in a specialized field of cybersecurity. I've chosen a Bachelor's program and a Bachelor's-equivalent program with an RNCP (National Directory of Professional Certifications) title.

Bac+2:

Graduate Technician in Systems and Networks

Then, for the Bac+3 level, I have two options:

Bachelor's in Secure Infrastructure Administration
Bachelor's in Systems, Networks, and Security Administration
Do you think these programs will be beneficial for my future Master's degree in cybersecurity, even though they don't include programming in C or Python? I plan to self-learn Python and gain practical experience, possibly through platforms like TryHackMe. I'm aware that there is a lot to learn and manage, and I'm open to any advice or additional details you may need.

Thank you for your future responses, and have a great day! 😊

Yes indeed

So what's next..

As a newb, what's next on the agenda after getting done with the Google cybersecurity cert last month and now just passed Comptia Security+. Any other certifications that would be useful to take before starting to look for a job in security... (I'm trying to skip the SOC step, since it's to big of a pay cut from current job and the on-site and shift scheduling wouldn't work for me.

Currently in my home lab (self-hosted) I'm running,

SIEM
SOAR
2X VPN mainly Headscale
Network (7 vlans with segmentation/isolation over stuff like, guest, iot, dev, stage, prod, attacker, target etc). Network Controller, few AP, Gateway,
Bitwarden
Authelia, 2FA, auth and sso with physical key
Reverse proxy
2X websites
Hypervisors
NAS (with raid 60 (raid6+0) 2x raidz2)
Home assistant (mainly to do WOL from outside home network via VPN)
Mattermost
And a bunch of smaller projects to play around with like dashboard (hompage, some monitoring stuff with Grafana and others.. can't remember all now.. Like 20ish apps in containers and) plus some smaller k3s "clusters" if I even can call them that, mostly to check it out.

Setting up Ceph HA cluster atm
Also tinkering with using Keycloak and Keystone and do a openstack project for federation

Currently work for a cloud provider.. but not directly in a technical role.
Dealing a lot with compliance
GDPR
Service Operations
Incident's
Customer SOC (customer contact for security operation stuff)
Incident Manager (rotating job schedule)

So not sure, if i go for another cert.. or if i just take the task of looking over all documentation and and improving on it and making a new resume for cyber security..

Any inputs or tips is appreciated

Well done on getting your Google cert and sec+. Those are both good things to have to show you're developing your knowledge and skills. You should consider the cloud certs for your favourite cloud provider. AWS, Azure and Google all have certs for those skillsets and although they all have slight differences, they're very similar. For instance and AWS Certified Solutions Architect Associate would already get you a decent salary and add to that the Professional level and the Security cert you'd be in high demand and on a reasonably high salary.

There are a lot of cybersecurity roles available also, from security engineer (IT engineer specialising in security, so Windows, Linux, networks, applications, infrastructure etc) to security auditor (ISACA CISA cert) so you would need further specialised training and certification to progress in those roles. There's no guarantee that a particular certification will land you a role but it does show that you're making an effort. Most people do move into a SOC role initially but there are other positions out there. You should absolutely apply to any role you believe you have the skills for

Well, the issue of believing in the skills, imposter syndrome deluxe here. But i would absolutely love to work as a cyber security architect at some point. Might look at the vendor certifications, I just need consider my deep disliking of the three giants in the field.. there is a reason why i today work for a EU cloud provider that actually follows rules and regulations compared to the three giants who shall not be mentioned by name! JK - but I do struggle a bit with it tbh.. Also have considered moving to the public sector and working for a state agency where i live to gain experience, but the salary is an issue there also.
To bad there are no "entry-level" architect certs that is not vendor specific and don't demand 7 years of proven relevant work experience (CISSP-ISSAP)

hey, I want to work as a bug bounty triager for a while, so I can learn more about cybersecurity, and I don't mind working for a wage others will consider low. The problem is that (from what I know) there aren't any BB platforms with offices where I live (Israel), is getting a fully remote job like this a day dream or is it something I should look for?

Do the Solutions Architect Associate for AWS as foundational, it should help and relate to any other cloud provider regarding concepts and best practices.

How to get a job as junior cyber security analyst with no real experience, many people say start with help desk or what ?

bruh can someone help me get a job. i have my security+ and CEH certifications but this is my first time working so i have no idea how to get better results

that or try and get an internship

what skill do we need to get help desk job ?

not too sure havent really looked for those kind of jobs

Just basing understanding of PC and logical thinking, problem solving, basic theory of DNS, DHCP would be nice too

To get a job in helpdesk, you need a decent grasp of IT. Know all the parts of a computer, how to connect to the internet, fixing connection problems, general Windows technical knowledge. Basically the syllabus for the A+ and Network+ (watch the free courses from Professor Messer). That would be a good start.

For cybersec you should probably also know a little more about Windows, Active Directory, Linux, networking, a little bit of bash/Python/Powershell wouldn't go amiss; and the basics of cybersecurity, again, watch Profesor Messer's free course on Sec+. Watching either of these two videos should be a good explainer:
https://www.youtube.com/watch?v=e82g80Kzg4k
https://www.youtube.com/watch?v=8ucrQ6Tj2js

Keep practicing and learning. Make a plan to learn more, consider the learning paths if you're a subscriber, watch those two videos ^^ and decide what you want to do in cybersec. There are lots of different certs and courses out there depending on what you want to do and what your budget is

There are also different kinds of helpdesk. I wouldn't expect a helpdesk that focuses on supporting the company user laptops to necessarily be the same group that manages the bridge for IR, although both are approximately the same level of seniority and expertise

is being a helpdesk improve our cyber security analyst skills ?

It's a good place to get started understanding the scope of user requests and common reasons why security might deny them

Paying attention to tickets is a great waay to start to understand why security needs to exist in the enterprise

Yeah, one example I can think right off the bat is getting a ticket because the laptop closes often after idle and user wants it to stay on.

Hello, I have sent you a friend request, I was fascinated about your homelab. I myself do also host a homelab. Would be intrigued to chat a bit / share tips regarding this topic please.

Did you ask them before you sent a request?

Not sure what a bug bounty triager is, but the bounties that are found are sent back to whichever team (internal to the company) is handling the reports. The company will then more than likely assess the risk, resolve the issue, and implement protections as needed.

Isreal, from my limited knowledge, has plenty of Cybersecurity firms. If you aren't getting any bites when applying, you may need to look at your resume and improve it or you may just be under qualified. If it's the latter, look at gaining professional experience somewhere in the computer industry. ie Helpdesk

Hi guys

no lol

some helpdesks do cybersecurity too

I work a helpdesk, and we deal with endpoint security, and respond to events

Hi guys do you think I can add tryhackme as eduction in my resume

Nope, its not a substitute for formal education

You could add it as a hobby

Ohh ok

I add in my skills

It's not a skill either

It's an extracurricular/hobby

Perhaps as Continuous Learning and Upskilling. Mention a relatable-to-the-job focus area you have improved your skills, etc.

Hello Guys,
I hope that everything is going well.
I'm Motasm, a Junior penetration tester studying Computer Engineering in Turkey.
As a student here in Turkey, I have an opportunity to go to an internship all around Europe through the Erasmus+ program. But to do so, I need to get an acceptance or an offer from a company to get such an opportunity. So if you have such an opportunity available at your own company or at any other company in which you have contacts or working at. And as it's already a funded internship from Erasmus I won't cost the company in which I will take the internship anything.
Don't hesitate to call me back if u can help.
Thanks for your time.

Internships wont/shouldn't require previous experience

They tend to look for juniors and seniors too

Yes, because they've actually gotten in to the technical courses

Guess I gotta up my projects then

Also, don't limit yourself to "cybersecurity" internships. Computer industry is fairly large with multiple subsections

This does not diminish value so please do not take this as a sign of 'it doesn't matter'. It is still something that shows dedication to learn and development.

My new employer has not stopped asking me if/how I am progressing with courses like this.

The next step is a recognised certification

What? I was telling them where it belonged on a resume

TryHackMe does not belong in either a Skills section or an Education section. It's an activity you do on the side, hence it belonging in an Extracurricular section

Yes I know, wasn't intended to contradict your point at all

I've removed the duplicated message in intros and general. One instance of soliciting a job in this channel is more than enough. Hope you find something soon and good luck!

Mine is under hobbies and interests

How important are cover letters?

If your resume is good they then will look at your cover letter. I always tailor my resume and my cover letter.

Yesterday I had a job interview for a SOC analyst role (first grade) whilst not having any prior experience in cyber security.

We talked about multiple points in both my resume and my cover letter.

Ah okok thanks

Gave +1 Rep to @elfin spruce

hey, i am currently in my 2nd year of computer science engineering, i wanted to know will DSA help me in getting a job in cyber field or should i practice CTFs ?

Hi, can I get some opinions about my cv? I am applying for graduate positions/entry level in cyber sec

So I'll review it again later, but I do have a question. Are you actually taking our advice and implementing it? It seems like you are not always implementing recommendations or are going back on recommendations with each revision. I still see some grammar mistakes and the skills section has moved below projects for the past couple of revisions.

Yes of course I am implementing the advice otherwise whats the point of me wasting my time here? This is why I am posting it here if you see any grammar/other issues please point them out and I will change them

I was told to leave skills below projects

.

And iirc you made that edit, but changed it to what it is now.

Are you cross-posting to other discords at the same time?

yeah, i got a few bites but im still in school and the sceduale they wanted was not compatibale with mine.

Yes because I kept getting told different things by everyone

I did yes

What level of schooling?

Need some feedback on a cover letter. Is this too informal?

the red i'm thinking of changing

I would say so, yes. Very much so.

I'm... not actually sure what to suggest there lmao
It doesn't come across brilliantly

Go as formal as you can with it.
Less of the rhetorical questions -- they sound like a cheap commercial. State who you are, why you want the job, why you think you're a good candidate. Be factual. Show that you are keen and interested.

https://www.indeed.com/career-advice/resumes-cover-letters/how-to-write-a-cover-letter
That's reasonable advice imo

Especially the structure.

1. Why you are interested
2. What you bring to the table (background, achievements, skills, etc)
3. A key skill (hone in on something you haven't already mentioned and spotlight it)

I'd finish be reiterating your interest and signing off formally from there.

@undone shore can I get an opinion too please

thank you so much 🙂

Gave +1 Rep to @undone shore

Dear Hiring Manager at X,

Thank you for considering my application. I am would like to express my sincere interest in the recent graduate position within your cyber security program. With a relevant degree and a strong passion for cyber security, I am eager to start a successful career in the industry.

I believe my solid educational background, knowledge of security protocols, risk assessment methodologies, and incident response techniques make me an ideal candidate for this position. My analytical skills and attention to detail enable me to identify vulnerabilities and develop innovative solutions.

I am confident that my technical expertise, willingness to learn, and dedication to excellence will contribute to the success of your program. Please find my attached resume for your review. I look forward to discussing how my skills align with the goals of your organization and making a meaningful impact.

Thank you for considering my application.

Sincerely,
[Your Name]

Gave +1 Rep to @cedar valley

I would suggest going more specific than this (I assume it was meant as a generic example?), but yeah, that's a lot closer to what I would expect from a cover letter.

Potentially, after work

Basically a template, but yeah more professional for sure.

after work

I've never known to you stop, you're always working on something it feels like. 😄

I hate to be charged @undone shore after-hours rates... 😬

In fairness, my employer are big on work/life balance, so I'm usually working on my own stuff after work these days 😆

Thank you, to me it sounds v generic and i feel like they get a million similar applications but I'll try to write something similar 🙂

Gave +1 Rep to @green quiver

Recently a coworker followed a course to write good application letters:

1. Letter is graphically pleasing?
2. Letter starts with a quote about your personality and how,it matches with job description?
3. Letter starts with a quote about the work itself
4. Letter has a 'you' rhythm instead of an 'i' rhythm
5. Candidate is portrayed subtly?
6. Information about candidate is connected to job description?
7. The letter gives insight in that the candidate knows their responsibilities for this role?
8. Letter has short sentences and is statief
9. Concrete language, no vagueness
10. The letter makes clear you have researched the company besides just looking at the job posting

Of these, 2, 3, 4 and 8 are the most important

These are all checks for your letter

Could you elaborate on point 4? Thank you for the response though!

Gave +1 Rep to @coral vault

Yes. An employer needs to recognise himself in the letter. An example:

Do not do:
'I am the perfect candidate because'

Instead do:

'On your website, you say you are looking for X person. In me, you have found such person'

Doesn't that sound a bit cringe?

Or another I-centric:

'I am the droid you are looking for'

Instead a you-centric

'You are looking for a droid. That is me'.

Absolutely

But it works

You can make it sound less cringe. For the sake of explanation I simplify

I see I see, makes sense!

Writing isn't a strong suit of mine :/

How are you going to handle reports?

Learning

🫣

Yeah, definitely make it less cringe lmao

Hope you're not going for pentest positions lmao

A good chunk of the job is writing.
Remember that the "product" of a pentest is the report, not the work. A client doesn't care about the work you put into testing their infra/app -- they only care about the results of the work.

I.e. the report must be good -- it's the bit that makes money, and money is all that business gives a crap about.

@undone shore, @coral vault I've updated my cover letter quite a lot. Would you guys be down to give it another review if I DM it over 😉

Sure I'll have a gander

❤️

Not sure if im on the right channel but how do i teach myself? ive already read the getting-started channel and im on step 5 for a long time, im already familiar with my chosen language and know some networking like the OSI model but im just randomly searching stuff without having a study plan. What should i study first? what order? etc.

This is a recommended list of paths:
#pre-security-legacy-path
#974406074444685322
#junior-pentester-path
#web-fundamentals-path

You don't actually have to follow a path tho

What are you trying to learn? Can you set up your own lab as a starting point?

Not really sure what i wanna learn as of now, but basing off my interest then i lean more into pentesting and digital forensics

Hello everyone, I'm 40 years old and nowdays I'm videogames high school teachers and multimedia graduated. I have eJPTv2 and I'm preparing to enroll to OSCP. I would like to work as a pentester in the future but I'm not engineer. Could this be a handicap to work as a pentester?

Doable but do you have prior IT experience besides being a teacher, maybe as a systems admin or a network engineer.

Not saying that that you NEED those to land a job as pentester but there are seldom jobs which hire pentesters without prior IT experience.

Thnak you so much!

I would definitely recommend getting agood grounding in how to install, administer and secure Windows and Linux to a junior/intermediate level as you're starting. Also helps to learn a bit of bash and Python as you go. You'll pick up a bit of Powershell over time too and it's really helpful if you read and understand the contents of a networking book like Network+, though doing the exam is optional in most cases.

It can be beneficial to read the Security+ study guide and consider doing the exam, as it's a good indicator of your interest in cybersecurity. Be prepared to spend a lot of time reading, studying, trying and failing at really complex things. But trust me, it all helps build your skillset. Penetration testing is an advanced topic in cybersecurity and cybersecurity generally expects you to be pretty competent with a lot of areas of IT. You are going to have to work really hard, forgoing plenty of luxuries for a while, indulging yourself in the wild world of cybersecurity and hacker culture.

I would seriously recommend picking up at least one of the four Tribe of Hackers books by Marcus J Carey and reading several of the interviews in it. Keep an eye on Humble Bundle for cybersecurity bundles and perhaps checking out the list of books on the No Starch website for cybersecurity. There's a lot of info out there, but if you take the above while progressing you'll find it becoming easier, more enjoyable and the kind of thing you want to get into. Best of luck on your OSCP too. You're gonna nail it

Thank you so much! You tips are so complete. Now I'm hard working in THM and HTB but it's interesting about Security+. Thanks!

Gave +1 Rep to @rugged delta

Has anyone here tried prompt injecting resumes? And... Is that considered unethical?

Distributing resumes that have any executing code in them would be unethical, and also probably get you blacklisted from any recruiter that notices it

Roger that - I'll avoid it. Thanks!

😂😂

so none of that old saying. hacking the company to set up an interview to be a pentester

Pretty sure that was never a saying

is TryHackMe Certificates worthy enough to be on the resume?

No, its only a certificate of completion.

It’s good enough to post around social media.

You guys think I should take ejpt or is it not really worth it?

The objective of any of these certs should be to teach you how to be an ethical hacker and to bring you up to the minimum standard expected by potential employers. I think ejpt is a good experience if you're new to pentesting and you want to see that you can manage an ethical hacking path.

However, if you're considering doing the course, I'd suggest for that money that you just go with the PNPT from TCM Security. They've got an exam called PJPT which is similar to eJPT but if you look carefully, you'll see it's just an exam on the first module of the PNPT so you'll have to cover that kind of knowledge anyway.

Another alternative is HTB CPTS. This came out a year ago and doesn't have too many certified yet (<200 atm). It's similarly priced to PNPT and is also quite challenging.

Both of these courses have either prerequisites or recommendations and lessons in things like Windows/Linux/bash/Powershell/Networking/Python basics/Active Directory and these are things you should spend time learning. It's useful to set up a few VMs for these on your own system and play around. Each of them takes a little time to grasp but the courses teach you all you need to know to succeed in their respective exams and are both based on a live network you need to pentest.

The big cert for junior pentesters is obviously the OSCP, and if you have the money for it, it's the most recognised cert on the market. Word is getting out there on the quality of the other two but it's not quite there yet. It is worth doing one of those for the learning experience though

Htb is quickly gaining mainstream attention out here in the Netherlands

I started on the htb one but found it too challenging and reliant on self-discovery for a Total blank slate. That's why I started with thm

They do have a good guide on Linux. I didn't know anything about Linux and it was,a helpful step-by-step into the basics and how to configure your own Linux machine in a secure way

THM is a better place to go for anyone starting out and the paths and modules are very much geared to get you up and hacking machines quite quickly. There's so many free walkthroughs and challenges that you can be up to a reasonable level in very little time and there's a great range of targets from easy to very hard out there

I am trying to get my Linkedin in shape. I really hate the idea of needing Linkedin but it seems its is needed. Should I be posting my "walkthroughs" on there to have content? If so, how often? I am really unsure what I need to be doing on there.

however often you can. biweekly should be plenty, even monthly should be fine, but you should fill it with some content first before monthly

Good Day All, I'm looking for an entry level GRC role. Any links?

I come from Germany and am looking for an internship in the IT sector for next year, abroad for 3 to 6 months. It would be best if the company was also based in Germany so that I could continue to work after my stay at the company. I would like to start my master's degree in October next year when I return from abroad and at the same time continue to work in the company in order to gain practical experience.
Does anyone have an idea where I could do this or even works in a suitable company and could give me something? I would really like to gain some experience abroad, especially to improve my English.

You will probably have better luck on Indeed or LinkedIn or another job recruiter website.

But I often don't find any internships that exactly match my description. It would also be optimal if the company had a German headquarters

You might not find something that exactly matches what you're looking for but companies can really only give you what they have available. You should get in touch with recruitment agencies based where you're looking for work, as they would be best places to help you. the best place, as juun has said would be Indeed or Linked In or another recruitment site. Jobs are posted on the #jobs-board from time to time but there would be more variety there

and where can I find recruiters for internships abroad? They could then look for something that meets my requirements or not?

Recruitment websites in the country you want to work in, would be the most obvious suggestion

Yes, but it should be a company with a German headquarters and the internship should be possible for Germans

I don't know anything about the specifics of job hunting in Germany but I would bet that getting in touch with German recruiters would help

And where I can find German recruiters?

LinkedIn

Okay then ? What I have to search

I‘m from germany and I looked at job openings on linkedin like 3 days ago and there were plenty of internship options

To my understanding, they want an internship abroad with a company that's German-based so they can go back to Germany after and work there, I'm not sure that's even possible

About the abroad thing i think most do that through Stipendien and not directly the employer but I‘m not sure about the specifics. Considering the difficulty of getting a job in this field I would suggest taking what you can, afterwards you can still work remotely from another country

It's a very specific ask at a time when we can't afford to be picky

you mean for abroad?

What do you mean abroad? If you're from Germany, and looking for German internships, you wouldn't be looking for roles abroad (which are rare).

But I want to work abroad

For 3 until 6 months

I would recommend setting realistic goals tbh

This

No, in germany

You won‘t be getting a paid internship abroad

?

That seems like an overly broad statement

That the employer pays his stay

As said here there‘s normally university programs for example for that. The employer doesn‘t pay the stay and everything else you need to live there

Some big companies offer programs but these are for Azubis/Dual Studierende and not just normal interns so people doing a Praktikum

But I'm a Bachelor Student

If you're doing an internship as part of your bachelor's, you go looking for an internship in the country you want to work in and notify your college and check if that's applicable. You then need to pay your rent/accommodation etc. If there is a German company you want to work with abroad, you would need to apply to the job abroad and then apply for a job when you get back, through the company. Companies don't send you on internships to other countries with a job waiting at home when you've finished, generally

Okay i understand

Then it's not easy to find an internship abroad

There's internships in lots of countries, you just have to apply to them in those countries

Okay but where can I find it then?

Your country's preferred job board

anyone here is red teamer or cyber security analyst ? What do u guys do in that job like commonly do everyday

the most common thing i do is application security testing

Hybrid red team and pentest over here o/
Red team component is a lot of infrastructure + R&D day-to-day. Actual engagements are much less common than pentest engagements are (for an internal team anyway), so we spend a lot of time prepping between them. An external red team would likely be a bit busier day-to-day, but also be bigger and have more people working on R&D in the background.
My fallback is pentesting. When there's nothing to do red team wise, I pick up app / infra tests and handle those. Again, that's fairly common for an internal team afaik.

"cyber security analyst" here, varies from week to week. At the moment there is a lot of focus on developing fuzz tests for applications mainly for Windows

I do a hybrid of pentesting, hardening, and helpdesk lol

right now we are actually just doing phishing campaigns on a bunch of companies

I'm a university student of cyber security. I want to to become a red teamer. I did tcm peh course and started Jnr pentesting course. But I'm finding the concept hard. Like in thm the web exploit like ssrf etc. So should I learn blue team first bulid a strong base. Even though blue team concept and tools are different. So should I do it?

A lot of people start their cybersec careers in blue teaming. It's still a very challenging and worthwhile endeavour. there's lot sof resources on THM to learn about these tools and techniques. It's perfectly okay to find these things challenging, they're going to be very tough and you're dealing with lots of complex concepts and information and choosing the right tools has its own levels of challenge. We all start knowing nothing but with work and persistence you can make it. It can take many months or years to become truly proficient

Red teaming is not an entry level role, it's often years into a career before that transition can happen. Would recommend you start with understanding the role of security testing and the requirements to have that role, NIST SP 800-115 is a great place to start with security assessments.

I know NIST is sponsored by the US gov, but it's still a high quality resource, and it's cited by corporations and non-US entities as part of their own policies, guidelines and procedures

Internal cyber security analyst here. I mainly deal with submitted phishing emails to verify if they’re a threat or not and remediating any issues, scheduling/applying patches to devices across the company, handling incident response tickets as they come in (these tickets are 99% false positives or questions that the help desk should have taken care of, and annoying to deal with)

Hello guys, I have been trying to decode this encoded text 5c6a31c7e14571ff96644900bceaf219 but I have not had any luck, could someone please help me.

What's it for? This discord is for the Try Hack Me community. Is it for a Try Hack Me room?

@outer panther use hashes

@outer panther https://hashes.com/en/decrypt/hash

Hey guys, I have an interview for Threat analyst position with a email security solutions company. after many months I got an interview opportunity, Can you please help me prepare for the interview. What kind of questions can I expect?

Have you tried googling for threat analyst interview questions?

yes, I did. But all i am getting is generic cyber security questions.

This is one example I found in 5 seconds
https://interviewprep.org/threat-intelligence-analyst-interview-questions/

Does Threat analyst & threat intelligence analyst have same responsibilities?

Disclaimer: do not use this for production hashes (or anything else that you care about). Good for CTFs only.

I know
I use this site for THM modules

Then maybe specify that before recommending it to someone with a random hash and no background context...

If you knew better, why didn't you intervene?

It's 0701EST
I've got better things to do than to argue with someone attempting to intimidate me

I did intervene lmao

And they asked the question 5 hours before you answered... your point is kind of moot. Someone who responds and provides some sort of input also is not intimidation...

They also did not reply with where the hash was from. We like to know where material is coming from before we provide any assistance

high school

Aye, just for the record, that wasn't intended to intimidate, and it's good to answer questions / help out with the community 🙂

I added context on to your response because the OP, or any other of the 150,000 odd users in here who might see it, may not consider the issues with pasting hashes into online lookup tables.
You responded by saying you already knew that, to which I reminded you that, as someone who knows about security mindedness, you have a responsibility provide that guidance yourself to others who may not already know.
No intimidation / negativity intended, or necessary 🙂

If you're under 18, companies aren't going to hire you for cyber because a) you're under 18 an legally can't be bound by a contract (US similar elsewhere but not always) and b) you're a risk/liability

Also, I'm not sure how your mandatory service works, but doesn't that go in to effect just after schooling?

over here you can be bound from 14, and I am currently in a hiring process I think will be successful, but at a role less cyber oriented then I would hope for

yep, the plan is to work alongsiode school and after it until i got to the militery

I don't see how this works because you're legally an adult at 18. I just looked it up

Either way, the second thing I mentioned still applies. You're young and new and companies see that as a risk/liability in a position that requires a lot of trust

Especially as a bug bounty triager

I can think of a technical writer is something someone can do

even helpdesk needs trust, because they get access to a lot of critical systems, let alone security

An apprenticeship or internship perhaps though

I would agree, but depending on where they are in schooling, their mandatory service could be just around the corner

Won't that still be unreachable since they're under 18

There are internships for high school students

Maybe not in cyber, but there are

mmmmm, must be a western thing

Certainly not in the UK 🤷‍♂️

Well if you are already in the hiring process, good luck 🙂
Don't overwork yourself though

In some countries you can consent to leave school and/or start an apprenticeship at 15, marry at 16 and join the military at 17 but can't vote, smoke or drink til 18

can’t smoke or drink till 21 here lol

Yeah, there are a little more moving parts here due to the differences in Federal and State laws. Drinking age isn't a Federal law, they're all state laws, but the Fed holds highway funding over the States heads to make it 21

Ah but at least the kids can learn ethical hacking and go to DEF CON at a reasonable age
https://www.youtube.com/watch?v=gLlQYOILYhw

internships are illegal here, there is a minimum wage and you are not allowed to work for less even if you wanted.
as others pointed out, even though you cant vote, or buy tabaco and alcohol until 18 (using is ok), you get full legal responsibility at 14, and can stat working at that age, but have to stay in school until 16, most stay until 18, which I plan on doing, while working at the same time.

hiring 17 yo until their mandatory service is not uncommon in the high-tech industry here.

Hello i am 20 and this may sound stupid but am curious in the field of cyber threat intelligence is there a military group or sm like that where i can get hired and i can work for the government lookout and inform about online real time threat uk like it should be confidential

There is no stupid questions on the internet.

Okay

Could you help me with this question

I cannot no.

I'd imagine you'd need SC and certs/degree

Hello, guys! Can you please direct me to any full remote cybersecurity positions that i can apply to from Bulgaria.
Here is my resume:
And here is my linkedin: https://www.linkedin.com/in/lazar-kotrabakov//

Why can't you search on LinkedIn?

I can, I do. Hoped for better/wider reach this way. Thought this channel is for that "cyber-and-careers"?

In the US you can enlist and go for MOS 17C, I think that one doesn't require college

It is, but we're not going to do the searching for you.

Sure, bud! 😉

If you'd like to post your resume and ask the community to give you feedback, screenshots of redacted info go a lot further than the PDF version 🙂

Hi, what do you mean by "screenshots of redacted info"? Can you give me an example of it?

Many people do not want their personal info out there when asking for reviews on a server dedicated to learning ethical hacking - totally understandable. In that case, I recommend taking a screenshot of the resume, and then redacting PII such as name, email, phone number, address, etc.

I was hoping people would follow some code of ethics... Perhaps you're right tho. Thank you!

Gave +1 Rep to @flat sedge

There's a couple of hundred thousand people in the discord, just by normal distribution statistically speaking, someone is going to play silly buggers with any PII that gets posted

Mods do a great job of weeding out the small number of unethical people, but sadly they can't get everyone.

Which is only human, and they can't remove what they don't know

Also, the #cyber-and-careers channel is more along the lines of advice for a security career path, not a job search. Most of us are in the EU or USA, so not sure how much help we can actually give to help you find a job

Bulgaria is in the EU, but yeah, this is more for career and resume advice, not to look for jobs.

I'm also in EU 🙂
Thanks for the feedback. 🙂
I actually have an offer for ISO atm in a logistics company. Thing is ... I don't have the experience required. The VP of the company liked me for my character and is willing to help me learn as I go. I expect to have no idea what to do in 90% of the time. I would love any advice... Also is this a good anonymous version of a resume?

Gave +1 Rep to @flat sedge

Not a huge fan of the format, but it's close? Not sure why your main title section is "Certified in Cybersecurity" though.

The Skills section is also formatted in a way I find personally objectionable - it takes up a lot of real estate for communicating fairly little

There's a certificate provided by ISC2 called CC - certified in cybersecurity. Even tho it's not much It's the highest one I have atm related to the field.

I would put that in the Certifications section

Not in the slot that is usually a Personal Statement

Valid, thanks. How would you improve on the Skills field ?

I do not like the giant bubble style

Give more context??

I would group them by type, then list specific things

like "Programming - C/C++, python, java, SQL"

I also wouldn't list "Cybersecurity" as a skill, cybersecurity as a whole is way too big to be "skilled" at

That's like getting a BS in Math and saying you are skilled in "Academia"

Also in the education section, are these courses, modules or degrees? It's not clear

https://tenor.com/view/roasted-oh-shookt-gif-8269968

Thank you guys!

https://www.werkenbijdnb.nl/vacatures/cyber-security-specialist-e2749

Would love to put this on the jobs board

@distant pier @austere fractal

Hello everyone,

I have a Cybersecurity Analyst interview scheduled for Monday and I'd love some assistance from anyone already working in the field. If you're available, I'd really appreciate the chance to run through some interview questions and get feedback on my answers. We could sync up in a voice channel later today or anytime over the weekend.

any suggestions for getting it jobs while keeping myself private still. I have job gaps due to injuries and no on paper experience in IT. trying to get started.

Do you mean a remote setup when you’re saying keeping yourself private?

IT Helpdesk jobs are a great way to get into IT

Junior roles in software development, system administration, network administration, etc. can also be a gateway into IT

I don't know how to write resumes very well to be honest and the video record portion for basic questions threw me off when Applying to local companies.

There's loads of resume resources on the internet from advice to templates. you can always hide your personally identifying info and post a screenshot of it here

im reading up on it and seems i misunderstood a bit. just trying to get some projects to show i understand security analysis. i appreciate it. any suggestions are appreciated greatly. trying to get a job soon as I can.

jobs are expecting 3-5 years and college time a bunch of crap that doesnt really show in my eyes ability. not sure exactly how to bypass that part.

Most of the things a company lists on a job description are things it would like you to have. The only mandatory things are that you either know the exact thing they're hiring for, or you're willing to or are training for the exact thing

um so how should i approach it. goals supporting my children learning is the least i can do 🙂

Look at the skills a company is hiring for. Get those skills. Get certifications in those skills if it might help you, or at least read the study guides

Practice lots

Thanks . No money for certs sadly.

DM me

I am trying hard to find a position but... i guess i am unlucky so far... need to spam more applications

Guys wanna ask is it cybersecurity in demande on market ?

It seems we are in layoff season, so maybe not as much right now. It is a pretty in demand market for the most part, meaning a lot of job openings, but there is not a lack of applicants

I really feel for you guys in the field. As an electrician. We have the opposite problem. Plenty of openings. Not enough people wanting to do it.

There are a lot of people looking to get on the bottom rung, most of the people wanting to be pentesters. The industry pretty much has a pool of people at the level 1 who want to fill roles such as SOC but second-level/senior engineers and roles in other specialties don't have as many people with expertise. Also, so many orgs have decided the standard for junior pentesters is OSCP, and pentesting teams hold that as a reasonable measure for those starting out. There's a lot more to be done.

So even though there's lots of other better and cheaper certs out there, and even though lots of people say hr will accept any qualifications or experience at that level, that's still a must-have in the role most applicants claim they want, i.e. to be a cool hacker and get paid for it. The industry doesn't just need hackers, even though having the hacker mindset and knowledge really helps you understand the objectives of all the other roles that orgs require.

That's for here. It's not strange to find a lot of people interested in becoming a hacker on a platform for learning to hack

If I look at job postings in the Netherlands, there is a lack of everything in IT.

After being laid off (in the Netherlands) in the summer I've had much more difficulty finding a new job (prior to making a switch to security) as a frontend developer with 3 years of experience.

There's a shortage of seniors or people with 5+ years of experience.

Companies are scared for a proper recession so for them it's more important to hire a more experienced developer who is up-to-speed in a matter of weeks or 2 months max over than hiring a junior to invest in.

Because it takes for an average person 6 months to a year (depending on the complexity of the project) to be properly worked in.

Take a screenshot and cut out all PII, people will be less likely to download a pdf.

specifically am looking forward to getting a remote job

Hey all, did anyone see Marcus Hutchins video explaining that a blog/e-portfolio would help land you a job? What do you guys think about that? Has it helped anyone here get a job? (especially those without any of the hacking certs)

And please excuse my name and profile picture, I was young at the time LOL

I'm not an expert when it comes to CVs, but here are a few items I noticed (take it with a grain of salt though):

1. I am curious to know if this is your first job? If you have, I would still indicate it as work experience is still work experience.

2. The Credly, THM and HTB links wouldn't probably help as much as I haven't seen any employer verifying it.

3. How is your LI presented? I would ensure that it is neatly written or organised.

4. Conducting VAs on web apps doesn't seem to be consistent with being a Freelance Security Content Writer. Same goes with the fact that you've written professional pen-testing reports.

5. I would give less space or emphasis on certifications as experience (as it is only a plus).

1. this is my first job, i have no previous experience.

2. I would organize my LI right after fixing my resume.

3. i do freelance part time just to fund certs and my basic expenses i dont do that full time just a side hobby you can say

thanks for the suggestion i would fix them accordingly

Gave +1 Rep to @fickle grove

As someone who is looking for something new... How does one go about learning that trade? I hear people make good money as electricians

i do have blog and e-portfolio

I believe it does. Any added perk that makes you stand out on your resume is definitely a plus point. Moreover I think it would also depend on what content you're posting on your blog. Posting content like recent cyber attack news will reflect that you are updated on the new vulnerabilities and recent cyberattacks. If you post CTF walkthroughs , it highlights good written communication and report writing skills. So yes, it definitely does help.

The best and the easiest way is to find out which IBEW is the closest to you and go in and talk to them. The other option is to go around your area and see who is building what. Then figure out who the electricians are on that job. Then go talk to them. most companies are hiring no matter experience.

Where do you find freelance work?

I got some regular offline clients through networking

Also Netherlands. Funny, it took us close to a year to finally fill a position for a C# developer for in-house stuff. There have been attempts to find someone to take the first level support out of my hands for four years now. Outsourcing did not work and the few candidates that we got were either VERY socially awkward (not great if you need to do 1st level) or just were not up to snuff. (For now it is on hold as our company was just taken over and the new bosses have to get their bearings.)

I believe we WOULD be willing to heavily invest in someone who really is sharp, willing to learn and then stay with us. But so far... no luck. Especially the younger candidates I spoke to (I do not make the decision, but I do talk to them) it's mostly the work ethics that are a huge turnoff.
Most were entitled, opinionated brats that still don't know squat (seriously could not point out the components on an open laptop) and not willing to (really only occasionally) work weekends or evenings.
Not willing to educate themselves further or take even one step outside their comfort zone - **especially **when you are a Newbie - is a real buzz killer...

But if you are flexible and show you are at least *trying * your best, that would already be a huge plus.

This is sad for me, I was really hoping to one day get a job in Netherlands so I can move there from the US 😦

Hello all! I am looking for internship opportunities in cyber security field. If anyone can help me, I'll be greatful!

Since I'm a fresher with no work experience as of now...it's been very tough to land an Internship, given the current market conditions. However, I'm just looking for opportunities anywhere where I can atleast start my work life journey. Currently I'm in the US (Pennsylvania), doing my Master's in Computer Science.

Heavily depends on really what you want to do internship in, what position are you aiming for, that would probably open up more alleys what to give advice in

Im master's degree on Networking , do i can catch summer security internship

Hello,
I have been laid off from my support role and looking for help to revamp my resume. It is quite urgent I am applying for unemployment tomorrow. Please hit me up. I have never worked cyber but I have plenty of credly badges from THM Cisco and AttackIQ. Let me know if there is any template I should follow. Bit of in a panic right now. Thanks in advance. I https://www.linkedin.com/in/gergoilly

Hi guys! I am a Junior Cybersecurity student. Looking forward for pentesting in the future. I got some Network foundation, CompTia Sec+, been solving CTFs problems from THM and HTB for around 2 months. I am working on PJPT certifications. I am looking for a summer internship but not sure what specific job should I go for. Can you please give me some entry jobs that I can get the most valuable experience from? Thank you!

Entry level Cybersecurity usually congregates towards SOC analyst level 1 type positions

can someonehelp me

nope, that's illegal

https://x.com/teneikaask_you/status/1722280348917104970

I hope this helps someone in need here.

Majority of the ones I applied to and see are security operations and vulnerability assessments

I am thinking of entering a university that has a cybersecurity degree to learn the basics.

They supposedly have relations with hack the box but they do not have any academic group on the page and their study program is kind of strange

Only in the second year do they teach you the basics of cybersecurity, what do you think?

If you know any of those things: Mitre Techniques, Excel (or any other document tool), Yara, Risk Management, any operational models
I recommend adding them in your CV, from experience I can tell that once you have Nessus scan from 1000+ endpoints, you need to actually make it useful

Thanks I’ll def add some of those

No problem and good luck

I received this email what I do now?

Ignore.

Do not reply.

He sent me through my email

It says your E-mail.

But that might be spoofed.

Check the E-mail header.

Any solution now?

looks up who owns the email address. Then email a copy of it to the provider with a strongly worded letter.

Check the header, double check it's yours.

Yes same email address

your tools should grab it wireshark for packet analysis

also check whats running on your webserver how much gpu is used network traffec etc.. reminds me of something involving assembly bit tired so i can recall. Gl

cant recall

Could you please guide me in more detail bcz I'm new in cybersecurity

What 😂😂

Are you sure thats the email sender email and not the display name of the email sender? It‘s pretty common to change your display name to make it seem like it‘s from your address, you might see another email address when hovering over the sender address. Also check in your sent emails folder for that email, if it was sent from your account it would be in there too if it synced

Most of those i recorded you emails are just a scam

It's 100% fake, spoofing the email address is easy

Is it gmail?

Or do you use any other mailing platform?

I feel relaxed to see you guys massage thanks do you want to do anything related to this email or can I take it easy.

Gmail

Thanks a lot

Gave +1 Rep to @fallen heron

Can you also access it from computer, or only phone?

Yes my mobile and pc

If you are right now on PC, I can run you through how to show actual sender

Please guide me

Take the email, and press on 3 dots, click "show original"

Then the things you want to look for are
Return-Path:
Received:
From:

@loud fern check please

Scroll it down, those fields are at bottom, where message content starts

so somewhere in the middle

scroll a little more up

This is a usual scam,

regular phishing yeah

Not phshing.

Extortion.

Is this fake or not please inform me

Sucks that people fall for it

I told you, it's 100% fake

It's a common scam, they've sent the same thing to hundreds of other people

In case you haven't yet done it, change your password.

But yeah, other than that, its a common scam and I wouldn't worry too much about it

Where's the line where you spotted it's fake?

Is it the "does not designate ... as permitted sender"?

I don't detect it being fake, however it is quite common that emails are picked from data dumps and luck is tested

ah okok

Hey guys could you please explain to me what happened

Please

A platform where your email was registered, got data breach 4 years ago, if you haven't ever since changed your password, then they also got your password. Sometimes people try accessing emails from older data-breaches to see if they have any luck.

Okay I got your point do I need to do anything or am I hacked now?

Change your password and enable MFA

Change password to something secure. Delete. Move on, you're probably fine. Probably won't hurt to go change all of your passwords. Should do that from time to time anyway

I wouldn't lose sleep over it this is a pretty common scam

Shouldn't re-use passwords in first place, I recommend getting a password manager

This ^

Proton has a password manager now but I haven't tried it. Should be pretty decent

Is sosalmaghlouth your own domain?

Yes this is my company domain

I can't see your DNS records

I didn't know of this either previously and this is just a result of a quick google search and domain lookup, it seems like your DNS is spoofable because it doesn't have strict DMARC. I wish I could help you to fix it but I don't know more either but this should probably give your system administrators a lead

SPF would had fixed it, email came from IP that is located in mexico

So good thing is now you know your email is fake, bad thing is now this entire server can read your domainname and that it's spoofable so you might want to forward that to IT pretty quick 🙂

@heavy cave If you have a system administration or IT worker in your company, here: https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/ it has also links on how to set them up.

Mexico? I got india, did you use the 103.104.182.0 or another?

Thanks a lot guys you helped me a lot unfortunately we don't have it department

I used 191.107.74.150, those timestamps are not easy to read I swear ..

But yes, Indian IP was tried against SPF

Hey I have changed password and updated MFA now?

Then you are good to go for now in that regard

You are right, its the most top one where the traffic starts.

Ok nice

Notify the person who is responsible for it/registered the domain. It‘s pretty important as a person couldn‘t only fake sending yourself a mail but also could for example send a mail in the name of the CEO

Yeah, right now everyone can send bogus emails with your domain

Sleeps important lolol

Sure sure I'll send an email to the management department about the domain security

just dont show your covix lotion anymore next to your computer, thanks

Gave +1 Rep to @heavy cave

Okay @gritty peak

lotion?

ive redone my cv is this ok

You've scrubbed ALL your PII!

10/10.

ahahaha

but is my cv ok

im trying to make it sound better

Missed your reference to blank out

whwoops

can you send a screenshot instead

yeah

In your Work Experience section, change Ai Engineer to AI Engineer

ok

Strong Analytical and Problem
Solving Skills
shouldn't be separate bullet points

thanks

didnt notice that

is the rest ok

Yeah, it's clear and easy to read, it flows well, you've included engaging descriptions of various work and learning attributes, seems to cover everything clearly anyway

Does a resume template matter? Where can i find some examples of resumes?

I recommend using something like FlowCV

It's important that the layout is clear for a human reader to find all the relevant info at a glance, that info is clearly presented, demonstrates appropriate skills and gets to the point. It's also appropriate to rearrange it to be specific to each job you're applying to

is my coverletter ok?

canva is really good

it gives you matching templates for cvs and coverletters

Can I export it as a PDF?

yes

Oh thank you all

no problem

if a job application asks for other documents could i put my uni projects

Only thing I would consider is using passive voice for the description of your work activities, but I've seen both work, so I guess it's more or less a personal choice

Yeah this looks good to me, good mix of personal, professional and technical

thanks. ive changed it again to sound even better. the tone and professinalism i think is important

You could put your uni projects in but initially they'll usually be satisfied with your uni's certification documents. If they want to see your uni projects, it might be just as well to create a demo video

very true

i only have my honours certification just now

Well if the other documents are still pending, an employer would usually be happy to wait until they're finalised

i means its been sent to my house in the uk im in abu dhabi so will be difficult to get it

Also posting more in likedin to get my name out there

Did they give you a digital document as well?

not sure on the grades section it told me what i got

but i cant log into that anymore

And yeah it's important to maintain a presence in LinkedIn

yeah. just to show people i know what im talking about

been adding lot of cyber people and recruiters

Yeah a lot of colleges have moved to locking student accounts after graduation for security. My college got hacked during my cybersec postgrad a few years ago and my uni has closed down all alumni accounts

my uni got hacked this year

Yeah that's a good thing to do, great way to network. Keep an eye out for local conferences and things too

took weeks to get the sites back up

I will. I just need to find a way to get an interview or ill need to go back home

ive been posting stuff like this

Yeah a lot of our stuff had needed rebuilding. The guy teaching us pentesting and malware analysis is one of the guys who trains the cops about such things so we had all the details before it hit the news. Our healthcare org also got hit by the same group

oh damn

our lectruers information were taken and was gettig sold on the black market

Yeah most of our lecturers in that college also have full time jobs in other orgs. Basically everything is connected in Ireland. There's everyone from MS and Google and IBM to Tenable, Fireeye, Red Hat and tonnes of supporting orgs, government departments, infrastructure, colleges... The hackers had been inside the college network and the healthcare system for nearly 3 months before launching their main attack

damn thats bad

when my uni got hacked loads around the uk also got hacked and what was annoying was mine got hakced the day i had to submit my masters thesis

Wow that's always unnerving. As long as you were able to get it in without much trouble. I'm sure there were some delays and a little confusion

I had to send it on teams wasnt allowed to send it through uni emails ahaha

Yeah our email system had to be shut down as well as our file transfer systems. We got all kinds of extensions for projects that semester. I remember our cryptography exam the next month got changed from a two hour online exam to allowing us to submit it the next afternoon if we didn't get it finished in class

It was open book so it wasn't too tough

id try to send and email and it would just bounce back

We couldn't even login to ours. They let us use Teams but email, file sharing, etc all shut down. Lots of shenanigans but eventually it all got sorted

yeah was the same for me

wonder why people want to attack unis

Easier targets than multi billion dollar businesses. Less security

Think of the information you can get

Less of a budget for security. There has been a rise on attacks on Libraries in the US for this same reason. They dont have the budget to have good security

They're potentially a way in to other orgs too, since there's a lot of mature students and tutors with connections to other organisations too

very true. i thought maybe someone attacked to steal some work or chanage their grade ahaha

yeah

Well ours was a Conti attack, basically a heavily organised criminal group using Cobalt Strike and Conti malware. They did give the gov the keys for the health service computers in the end but were still demanding a ransom

damn

Yeah it was a dramatic situation. The Taoiseach (our Prime Minister) was heavily briefed on it, had huge effects on patient care. But it only goes to show how severe it can get when something like systems security is lacking in any way

Last week a recruiter sent me a cut down job role that looked exactly like the requirements for the Irish Heath Service CISO job 😆 I didn't apply

Damn. Over here the police and the government were involved

Awww

Well I mean, they kind of had to be 😂

Ahahaha

The police yes but the government you know it’s bad when they get involved

Yeah I don't think I'm quite ready for the CISO position just yet 😛

Ahahaha

Can’t wait till I can get a proper job and actually learn something

You're not learning something at this job?

The one you want'll come along soon, you're on the right path

i dont have a job anymore and i barely learnt anything

also hes not paid us for two months

So you learing nothing from that? 👀

I learned something from you working there, lol

Never work for a start up.

And surely you've learnt not to be treated like that again?

oh i have for sure

I was applying for jobs the whole time and didnt even get 1 interview but now im going to do everything to show i can do it

Am gonna push a load of applications out over the weekend. Tonight is for course work and hacking

ive applied to so many. i had one say they wanted to talk about next stage if i was still interested i said i was and they never got back to me

That's fairly typical. Keep at it. Make sure to keep applying for roles there anyway in the future

i will

even if i have to go bacl home to get on benefits till i find a job. i wont give uo

up

Good on ya, don't lose hope, keep learning and applying in your spare time

I will but i do need a job or my money will run out ahaha

but im doing a free cisco ethical hacking cert

That's a good thing to keep up. Maybe do the Google or IBM cybersec course on Coursera too, they're very like the Sec+ content. All the stuff you've covered in foundational cybersec stuff in college

Yeah i have the whole sec+ course even if I can’t sit the exam now

The big certs that are the most widely recognised are Sec+, CISSP, OSCP, CISA & CISM. They also expect you to know other things outside of their purview but those are things you pick up as you go. For some reason los of orgs have CISSP as a junior expectation, even though it's intended for people with 5 years, which kind of indicates it's still just the basics with some other expectations

Well I think the current Sec+ exam is available til next May and the new one just came out so you can do either atm

Yeah I can

I just want to do everything to get into the industry

You're on the right track anyway. Just keep pushing and chipping away and feel free to ask about anything

I will and thanks I will. All the help and advice is welcome

Hello. What are the best bugbounty platforms for beginners??

If you're new to bug bounty, you can learn a lot of web hacking techniques on Try Hack Me. Major bug Bounty platforms include HackerOne and Bugcrowd. HackerOne has a free training system called Hacker101. Also, the PortSwigger Academy has lots of good learning material. You can check out the #bug-bounty channel for discussion on this topic

Hello am new here and still learning, please I need a well detailed link on how to setup a virtual lab for SOC analyst... Thanks

thoughts on data privacy and the intersection between data privacy + cybersecurity?

I was wondering if learning through THM would be enough to start completing bug bounties in HackerOne, and if anyone that has done that could give me some tips about it

As to how I understand it, there is a lot of overlap between the two with information / cyber security managing or owning a good chunk of the controls. You can think of personal data as a subset of confidential or secret data (based on a formalised data classification scheme) which you have assigned a baseline set of controls following a risk assessment and considering applicable legal requirements.

Don't limit yourself in this regard. Try to actually learn how these common web application vulnerabilities work. After the tryhackme, I also recommend Portswigger Labs. We can't say, "Do these and you are ready for bug bounty," as not all websites are the same, but after doing the fundamentals you might have a chance to get a bounty.

Yeah I agree, after all practice makes perfect and some stuff will be harder than the others
But my university studies have been delayed for a few months and I've been thinking to potentially do bug bounty as a side thing to get money sometimes and not a full-time job, but still not sure if it's doable or realistic at my level

It's slow, challenging money

Companies can be slow to confirm and pay even when you bring them something good

It's doable but it will take a lot of time for you to learn and find bug bounties. Also, keep in mind that bug bounties are not a reliable source of income.

You can find guys waiting 6 months and get haggled on serious zero day RCEs....

Hmm
I mean I technically don't really need the money which is why I'm not really looking to work at any job, but more specifically want to get some experience to put on my resume later on
I've only finished the first year of my C.E degree so finding a job related to that is not possible yet, maybe except QA, so I've been thinking bug bounty but I'm still not sure of it

Bug bounty for learning/fun is cool

https://github.com/kurogai/100-redteam-projects

Take a look at these projects. You can put them in your resume.

I just wouldn't think of it as a solid income stream

Don't do bug bounties for money it's a pastime, after all.

Those seem like generally a good idea to work on once I have more experience

In addition, for experience, apply for internships and do some volunteer work.

Also one of my bigger concerns right now is that my specialiation in my C.E degree would be in cybersecurity, so I don't really know how much of the things I'll do in bug-bounty actually apply there, if any.
After my degree I'll most likely have a role related to cyber in the army but I can't know whether it will be defensive or offensive yet, but it'll be for 6 years so I want to get some experience in that as 6 years should be good enough experience to put on resume

I wanted to do that but so far all internships I've seen want me to have finished my second year already, and I'm only starting it right now

Would you say that cybersecurity can blend well with data science / networking, or is it something on its own?

As in for a job

You can do Data Science security

Cybersecurity is a very broad field

Glad to hear as that was my thoughts

Both subjects really interest me and I was thinking they could possibly blend together

yep I'm planning to do AI security

Nice
I don't have any AI in my degree but was told by the army I could delay my service by an extra year and go for a masters degree as well, but in E.E instead of C.E
Could potentially be good but I got 1.5 years to do my research and decide on that
I'm honestly just a bit worried/confused about how broad the C.E degree is, as there are just way too many possible jobs to have that I have no clue which one I want. As a note for that I've always enjoyed programming which is why I used to lean towards the side of data science, but now I'm also enjoying offensive cyber so I'm still conflicted. One idea I've had was to get some certificates (or maybe the 6 years in the army would be enough) to have a pentesting side-job and data science primary job, but after some research I realized it'd most likely be just way too much work to be realistic

Yeah, it's challenging to do multiple jobs that require a lot of time. I'm also studying computer engineering right now. I decided to go for cyber security from the beginning. Even in high school, I was passionately learning about cyber security. Now I'm planning to get a Sec+ and gain some experience in the field. I can't do internships, as they require at least 3 years. But I try to participate in such events as hackathons and post them on LinkedIn. Last week, I gave a cyber security presentation to people who were interested in cyber security.

I know my university actually does a yearly hackathon in cooperation with the army, which in my opinion could be really good for when I join the army to give me a better position and also generally a good experience to learn from.
Last year if I remember correctly the hackathon was about helping the army's engineering team think of a new unique idea/tool to identify underground tunnels and traps inside them without risking anyone or anything valuable, and I know someone who went there and said it was a great experience

I also do wonder if I end up serving 6 years in the army in a role related to cyber, if that 6 years experience could also help me land a job in data science field or would it be good solely for cyber jobs

It might indeed affect depending on the job

Hello everyone! Iam in highschool,can anyone tell me that should i take a degree or pursue security certifications after completing my highschool

a degree will make it a lot easier to get your foot in the door. Even some sort of short term tech school would help land you the first job better than without. You just go from there. Certifications can score you an interview, but a mix of a degree and certs would be the best bet

A degree in computer science specifically, not cyber security. In security, it is really important to understand other aspects of computers, otherwise your understanding would be extremely basic, and you won’t be able to continue future learning as easy imo

Thank you! can you share your thoughts on freelancing in cyber security

Gave +1 Rep to @fluid trench

without prior experience, and without people vouching for your ability and trust, it would be very very difficult. Not impossible… but pretty close to it

Hi, I'm a student in second year uni and recently I've been invited to a CTF where winners (and potentially other teams) have a chance of being interviewed by the sponsors. I'd appreciate any tips I can get on my resume

I also have a bunch of other jobs I've worked and a bunch of awards (none of them really related to cyber)). Should I include those or keep my resume short?

I'd change that phrase "once again, I found myself"

It gives off an impression of ego

Also, don't put an end date on your university... just say 'current' . Otherwise it can look like you left before graduating

This may be a more controversial opinion... but I'd consider whittling down the programming language list.

When I interview... if someone lists something I will ask them questions to validate their skills in what they listed. "I don't know what I don't know" give me a worse impression than "I know what I don't know". It puts me off when people list things they just heard of. Make sure what you list you know solidly. (Actively been programming daily in for a year for example)

It sort of is ego, I'll make sure to change it! Thanks for all the advice, I'll remove SQL because I don't know it know it.

Gave +1 Rep to @vocal spear

Muiri 👀 I caught you

No first person either (sorts out the ego problem and removes a bunch of verbosity). You don't want a CV to be wordy -- that's the cover letter. Short, to the point, don't waste words.

e.g.: kill the satellite paragraph and replace it with another bullet point at the start:

• Contribute towards the codebase for the satellite on board computer

In the entire three line paragraph, that's the only point you're really making there

I would always suggest a profile at the top, and I'm personally not a fan of skills sections at all, although I know a lot of people use them. Your skills should be evidenced by your experience -- stating them outright (especially without backing then up) seems like a waste of space to me, but again, suit yourself 🤷‍♂️
Either way you definitely don't want them to be the first thing on there.

Remember that your average recruiter will spend a few seconds on each CV, and read approximately the first ⅓ of the first page. You need to hook them in that section if you want them to read more.

I would also suggest changing your LinkedIn slug. Seems dumb, but it does actually make a difference because it's an immediate indication that you've taken your LinkedIn seriously and know what you're doing with it. Will also likely make it take up less space.

Other thing that's helped me a lot with bypassing the non-technical HR layer (believe it or not) is my custom email domain. That's very much an added bonus, but it's cheap, easy to do, and looks very polished. Also kinda wows people to whom DNS is magic.

... especially given you already have a donain

It's cool, isn't it

Do HRs spend time visiting your website?

I would also like to see something that indicates a bit more well-rounding at the bottom. Volunteering, Hobbies / Interests, etc etc etc. This isn't an important section (I.e. it goes right at the end) but it demonstrates that you're a person rather than just a job applicant. A lot of orgs really focus on that these days.

Believe it or not, yes lmao
I had that come up in an interview for an internship with one of the biggest tech companies in the world.
Completely out of the blue they started discussing my blog lmfao

Not sure if the actual HR people who processed the application did, but the recruiters definitely did

Can we write volunteer work under experience if we don't have professional background? Any suggestions

add volunteer work as it’s own section

Then I don't add experience?

Depends on the type of volunteer work

Not always HR but hiring managers will. With entry level people it can feel like a gamble. Generally, what we want to see is passion, work ethic, and an ability to grow. Personal projects (of quality) can do a lot to give us a feeling of "this guy/gal is going to run with whatever I give them and soak up every drop of coaching I give them"

If you can give that impression of "I am going to be your top guy/gal in 2 years" you're no longer clawing to get offers.... you will be in the realm of having companies trying to outbid each other to get you to start with them.

I must say... those people are unicorns. I recollect a guy I interviewed for a QA role who had no college degree. He took a bootcamp for QA testers and had limited work experience. He also on his spare time took those free online MIT classes (completing them with tests). He listed C on his resume from the class. In the screening, I started asking him about pointers, how stack memory worked, etc. The guy answered better than many of the software engineers I'd seen. The work ethic to learn that all on his own.... (there were a bunch of other indicators as well) one of the best hires I've ever made. What you do on your spare time shows.

Thank you a lot.

Gave +1 Rep to @vocal spear

You're right, the custom email domain/LinkedIn link is very easy to do. I'll make sure to get on that! For the volunteering, hobbies/interest do I put the ones pertaining to the job, or just the general ones I have?

I've revised my resume, but I'm afraid it's looking a bit bare. Is that expected from uni students or should I do something about it?

Hey- you might wanna check https://github.com/dnl-blkv/mcdowell-cv

The template seems to be good for many and it’s easy to fill it using latex

It’s not too different from yours however it’s more polished and you can use some points from the original about what to add

Will it really matter if it's going to get exported to pdf anyways?

or is just designs wise?

Design wise of course

It’s pdf anyway just an easier way to write in pdf

That’s all but template is good looking apparently some have landed good jobs with it

I’ve done mine this way too and have been taken more seriously (although, slightly) - still in uni too

Thanks, I'll definitely take a look at it

Welcome & good luck

How is Comptia A+ exam?? Is it worth giving?

Also I tried finding previous year questions asked in exam but couldn't find any good website. Do anyone have any idea where I can find them?

You won#t find Q/A online, most certs frown on material being released.

So how can one know what type of questions to prepare?

Probably whatever material they gave out.

From the material given, practice tests, etc.

Thanks @broken idol @dense dagger

Gave +1 Rep to @broken idol

+rep @dense dagger

Gave +1 Rep to @dense dagger

How would you guide someone wanting to become a penetration tester?
For example, I have finished a vocational school as a computer system technician/network specialist
I know basic Python programming and maybe Java
Have explored stuff left and right, have installed and played with various Linux distros
How would you advise someone like me?
For certs or how to adjust their time for a dream job as a pen tester
Or Red Team
My dream job right now is Red Teaming

I'm assuming little to no work experience in IT? I would start there. Look for an entry level SOC analyst and focus on soaking up information as much as possible. Do all the THM and HTB CTFs you can do. Now for certs there is a stupid amount of information on the internet about what certs are worth their salt so just do your own research there

Everyone wants to do the fun parts of pentest and red team, without understanding that the busines proposition in those jobs is from the reports that get written. Rule of thumb is that for every hour of work, there is 0.5-1 hour of report writing as well.

Pentesting is also much higher risk than other security activities, as it often takes place in production environments. Understanding scope and risk is extremely important.
If writing reports doesn't sound like your ideal job, you may want to consider something else.

Hey guys so Current I have a IT support Technician position part time , I’m currently in school. And I want to ultimately land a job in cybersecurity soon wanna work for like good companies should I keep applying while I’m in the job because what happen if I’m able to get better opportunities else where or should I wait till I graduate and then job hunt and just stay at my job to get some experience and get a little income till then z

Hi so i have been offered by two companies with different internship positions
Company A = Risk consulting IT auditing (i think its vulnerablity assesments since the employer asked if i know nmap, etc) in a mid-tier consulting firm
Company B = Security analyst (SOC) in a China security technology firm

I was wondering, which internship should i take? I have bigger passion for blue team than red team (also down for GRC).
PS: Company A and B are similar in pay and fame but Company A's boss has aloooot more certs than Company B's boss

On the counter.

Boss B with no certs could be a better boss.

You should make this decision yourself, and base the outcome based on yourself.

for the internship roles, i assume SOC would be better than IT auditing/vapt if i dont plan to be a pentester in the future?

I have been a Data Privacy Analyst Intern for Coca-Cola for 6 months, then I have been in a networking internship in another company and my last job before 1-2 months was a Junior Network Engineer, working with the AAA technology Cisco ISE

I like writing, essays are one of my favourite thing(I know I won't be writing essays, but gathering and analyzing data is also fun as you get to understand things better)

I have aimed for CCNA, OSCP, Sec+, Pentest+ and Server+

What do you think?

No need for pentest+ or server+ imo

Ccna could be decent for networking

IMO, I'd say Sec+ is the only one worth paying for out of your own pocket

Seems like it’s the best way to get into a job

CCNA is worth it as well I think, since it opens up for more roles in networking if IT experience in general is needed

Hello everyone! I would like to know what is usually asked during interviews for a junior penetration tester position)

sec+ being dod recognized is really helpful too

pls some should help me on how to get verified

You are verified

yes am verified

thank you

If networking is something that interests you and you enjoy, I'd say start with CCNA. If not, then agree Sec+ is a good starting point.

Hope you're having lots of fun

yeah am trying to, just having some difficulty in some room task

Hey has anyone heard of cybernow labs?

This is a TryHackMe dedicated discord so I'm not certain if folks here are aware or have used CyberNow. You may want to try your luck in the #general channel though.

any one know this answer The Linux kernel has over __ million lines of code

Is this for THM.

?j

Yes, answered in a different channel. The room is private though.

Thanks

Gave +1 Rep to @fickle grove

Hello everyone !

can this channel help in finding a job or internship opportunity ?

Hi peeps, need advice on which internship to choose from:

Company A = Risk consulting IT auditing (i think its VAPT since the employer asked if i know nmap, metasploit, etc) in a mid-tier consulting firm
Company B = SOC analyst in a China security tech firm (they recently created this SOC team 3 weeks ago)

My advice hasn't changed.

Pick what you feel like you would need/want.

Dont let others make the choice, you could end up not enjoying/liking it.

i see thanks man

☝️

Getting that first job does boil down to luck to an extent, but I'd argue your knowledge still has value even if you have nowhere to apply it to right now. If you feel like you're "grinding" too much, absolutely take a step back and take it easy for awhile, burnout can be pretty debilitating. Job criteria is essentially a wishlist, it doesn't have to be realistic or attainable - you should still apply to those jobs regardless, even if you don't fit exactly what they're looking for, if you feel like you can do or learn what the job entails you should go for it. If it's callbacks you're not getting, I think networking can be a huge advantage when it comes to breaking into the industry. Go to bsides, conferences, hacking clubs, whatever is in your area

I highly suggest networking and meeting people who are in the industry in your area, it sounds like you already have a plan and know what you want, all that's left is getting that first gig

If you're learning, you're going in the right direction. There is no one path fits all for this type of thing

@brazen owl @brazen owl

Hi guys, what are your opinions on hiring a mentor and where to find any . Thanks in advance.

By hiring, do you mean you'll pay someone to mentor you?

yes i guess

ok, thank you very much

Read books. We recommend tonnes of books about cybersecurity in the #bookclub. Books are widely available and written by experts in their field. Also, pick a course you'd like to do. Do THM machines and walkthroughs and ask about the kind of things you're interested in. It's hard to mentor someone when you don't know what they've done or are doing or want to do

The first few things he says are all you need to know. There's tonnes of free and cheap resources to learn coding, cybersecurity, pentesting, etc. From YouTube vids to books to THM. All you really need is motivation and to work hard. And then once you're comfortable you can start going for certifications, maybe go to college/uni, whatever. No matter what resources you pick, you're the one who needs to do the work so you might as well just start doing the fun things rather than paying for someone to tell you to do the fun things.

GIAC certifications aren't bootcamps. A bootcamp is a training course offered by someone trying to make a buck telling you what you should read to learn a skill. SANS/GIAC training is some of the most valuable training in the industry, however, yeah the price is extortionate

Well if you've got GIAC certs, you're probably doing quite well. THM is great for fun and setting a direction in your career if you're new to the field. It's a great step up from the basics

Well I hope it'll work out for you. There's lots of ways to gain the skills you need in this industry. THM is a great place to start, especially if you don't have nearly $10,000 sitting in your bank account

how to clear cehv12 practical exam at first attempt ??

Review the requirements and practice on relevant machines

Would anyone with a military background/recruiter private message me please. I am a veteran and I'm trying to land my first IT job and after filing 5-10 applications a day on: Indeed, Dice,LinkedIn, Robert Half. I've have no luck, I've been actively looking for about a month now without a single call. I'm looking for guidance of what to do and how to land my first IT job and was curious about someone woth previous military experience due to my resume. Thank you for the help or advice in advance! Trying to land something quick!

If you post a screenshot of your resume with all Personally Identifiable Information hidden/removed, lots of people here would give you advice/recommendations

Thank you! I will remove it when I'm home from work and post it!

Gave +1 Rep to @rugged delta

@cosmic skiff a minor thing, in key skills 'liaison' is with 2 i's

Thank you I will correct that!

Gave +1 Rep to @coral vault

I have managed to complete SOC Level 1 and got my certification. How should I put that certificate on LinkedIn? Specifically, what should the Authentication ID and Reference URl for that certificate be?

Hello guys im not active here but i gotta ask you this question which i want an answer from a professional and an experienced ethical hacker

In todays world is it better to go to university to learn cybersecurity or buy courses, teach your self from youtube and so on, i know that in order to get a better paying job you must have a degree but im talking in terms of skills
Because im really interested but dunno where to start

Good question. We have a blog post on this: 😎
https://tryhackme.com/r/resources/blog/free_path

don't think that's what they were asking

IME, having a degree gets you through a lot of gates, I think a CS degree will be a lot more versatile than a cybersec focused degree, but that's my opinion. As for skills, there's a good platform for getting started right here 🙂

mostly it's all about a will to learn

Seconded

I addressed the second premise when you don't know where to start. 👍 Not everyone is inclined to value a degree the same way.

true, though it hasn't been my experience re: degrees

Where are the links to learn the basics of cybersecurity bcs i need guidance, if you can help me i really would appreaciate it 🙂

Yeah, many variables that influence the choice, which only makes the choice harder in itself. Good to hear all opinions on this as always. 🙏

degree will get the interview, skills will get the job.

#start-here contains a lot of useful stuff. Cybersecurity and information security are huge - Pick a place within IT that interests you, and see what you can learn.

Documentation is kind of terrible in a lot of cases, and there's a huge difference to making something work and understanding why it works.

One of the huge value-adds you will get from a University course of study in an IT Domain (IMO compsci is preferred) is that you will learn how to learn and have a relatively high baseline for potential employers to judge you against. That said, you won't learn everything you'll need, and it will be up to you to figure out practical ways to apply the more theoretical aspects.

Compare that to starting with the practical and having to 'pick up' the theory along the way. This second way leaves a lot more knowledge on the floor, as it can be extremely difficult to understand some of the more "mathy" concepts without a stronger math and science background than secondary school usually provides.

Possibly, one can follow trends, but it also depends on the particular job and the hiring culture. As a hiring manager in the past, I would put more research into work experience than degree. I would agree with you 100% for software developers.

oh if the candidate is experienced, then 100% experience outweighs school, but for entry-level, it's way different

one question, ive seen so many hackers start from an early age which they self taught themselfs about hacking, how did they learn it isnt hacking complex tho?

baby steps 🙂

I didn't really start hacking until I was well into my 30s.

same

well

Lol im actually 17 still in high school

There's no age limit to learning, it's about mindset and exposing yourself to more things.

I've been hacking in the old sense of the word for decades now

im glad yall older cuz of maturity and more knowledgeable

I suspect juun has as well 🙂

Do you know the biggest thing that separates a brilliant high school writer from Mark Twain, or from Shakespeare? It's the library of idioms that the writer possesses. Exposing yourself to more concepts, and to understand those concepts, is what builds the library of idioms for any discipline.

gotta do stuff, gotta try and fail and try again

I've been known to swing an axe from time to time ...

haha ok not that old 😛

hacking has always been about curiosity, and trying to figure out how things work

how can we break the system

OK this application x does y, can we make it do Z?

Was an early mindset.

still is an important mindset

at least for what we do

I liked breaking stuff as a kid

Some of cyber/malware analysis fundamentals are dated, but still pretty relevant

That's how I started when I was around 13/14

you're still a kid 😉

💯

Good question, the early age part is not a pre-requisite, many have started out as network engineers, or developers, or sysadmins, but also with completely unrelated jobs who transitioned into cyber security. The straight-out-of-the-box into offensive security is rare in that respect.

You're hired!

is red teaming a job or a type of cyber security thing

Yes and yes. Red teaming is a concept where a team of penetration testers with specialised skills can perform a number of different types of penetration testing activities, usually involving emulating a real world adversary to various extents, cooperating with or opposing a blue team of defenders in various live and simulated exercises to test capabilities and other things. It's a broad category but it's a form of penetration testing exercise. Check out the Red Teaming path on THM
https://tryhackme.com/path/outline/redteaming

i plan on doing that path cause that idea interests me a lot

i like being the attacker vs trying to fix things or defend against things

Both. Red team is not a junior role or activity though. Be prepared to spend at least 5 years in other roles.

i wanna be decent/good at all of it so thats cool with me

im nowhere near ready for any job like that tho lol still a sophomore

What do you think are good internship opportunity available in our field

On a more astral level: a good internship has a balance between hands-on doing stuff and having time and oppertunity to learn from the pro's

Hello, I'm stuck in task8 partice Time

#room-help might be a better channel to get you the response that you need. Also, can you describe in which part you are stuck at the moment?

Hey everyone! Trying to figure out a possible career switch (external or internal). I’m currently working as a police officer (intervention) and trying to, at the age of 30, follow my dreams.
I currently don’t have a lot of IT experience (at all). But I’m trying to setup a path to change careers into something more remote as I became a dad.
The options I currently have would be internal police and become a part of the compter crime unit and eventually maybe start working in a standalone entreprise.

I am currently trying to ‘write’ out a path I’d like to follow but I could use some advise.

• I am currently doing the THM paths (completed the intro and I’m now on the beginner path)
• I’d like to complete the Comptia ITF and A+ courses.

Any points on this? What should I do after?

I really appreciate the advise. 🙂

Incident Response is probably going to be a good route for you - I know a couple of older officers that have retired from LE and do infosec now. The way they made the transition was to be the IR person for the company.

That’s awesome man, thanks.
However it seems that for the job requirements for the computer crime unit they put up a lot of practical CTF’s which require pen testing. Should I focus on that first and IR after?

Also, anything else you would advise me to follow to add to my resume other than the 2 comptia’s mentioned?

Gave +1 Rep to @flat sedge

CTFs don't usually require pentesting. If a CTF does, that CTF is doing things weird. Usually CTFs have a large variety of flags, some network traffic analysis, some system vulnerabilities, some application vulnerabilties, maybe some AD or kerberos thrown in.

Ok that’s cool. Ye I might have mis interepreted it as my knowledge is currently limited. 🙂
I just like to know what I’m getting into, I’m rather disciplined so having a small track worked out is good for me - thus the question about Comptia etc

I have also heard about the Google cybersecurity course on coursera which is not bad either?