#cyber-and-careers

Purple team my favorite

i applied to hundreds to places, was given a chance at an interview, blew them away in the technical interview, and got the job

Niceeee u talked about the labs/rooms u had to go through and the experience u got from the box buh

until which level at THM we can start to find a job ? (remotely or offsite)

It depends largely on the role you are applying for.

That's going to depend on other factors such as previous professional experience or having a degree

THM is in addition to those things, not the primary factor.

Thanks you @fickle grove @stoic cave. Thats true.
I will put some efforts first for couple months, assess myself and will ask more specific question.
really appreciate u guys prompt responses.

Gave +1 Rep to @fickle grove

+rep @stoic cave

Gave +1 Rep to @stoic cave

Please review the rules. Unsolicited friend requests are prohibited

I will not be accepting

ok noted. please delete it.sorry still new.

Were you looking to upskill or were you trying to get into a completely different career?

@jovial cosmos are you currently looking for a job in cyber?

change industries completely

Woah! That’s cool! Would you mind sharing what industries those were? The one you changed from and the one you went into?

Yeah trying hella hard rn to find an internship/ entry role applied to like 20+

Anything worthwhile instead of going to uni?

(The question really is, is uni worth it?? And if u already know the stuff, how do you get a job without)

You need more than just knowing the stuff. You would either need to get a degree or get some certs or do a bootcamp

Anyone from Germany who know a good Bootcamp?

is Security + valuable?

yes its what im studying towards. jobs seem to want certs more than degrees

thank you and goodluck to you. I wana buy the textbook and learn from that for the Security+ exam.

Gave +1 Rep to @vestal egret

good idea. the latest version of sec+ was released this month

Is anyone who is having a cyber security job , so i can ask him some questions?

There’s a lot of us here, but sure go ahead 🙂

How i do know which path to choose ?

And which cer should i get first ? Is Google Cert good ?

cert

i am in the middle of Google CS cert myself and i would say it is a great start

It is your first one ?

Yeah, I have been always interested in CS field so i know a thing or two about it but even the absolute beginner can do it with some effort

Wonderful!

I was a bit scared going into it because as I said it is my first cert in this field so i didn't know what to expect from it but I am enjoying it so far so i can only recommend ^^

You could try the one that seems more interesting at first and then change into another path. A lot of people move from blue to red team and vice versa so it shouldn’t be an issue. You could also try and take the CompTIA quiz to give you some ideas.

https://www.comptia.org/content/lp/red-team-vs-blue-team-which-are-you

Wonderful! Thank you so much for the advice!

yes lucky we didnt do it before that date. now the new one is valid for 3 years right.

guys am i right in saying blue team is easier to get into as a soc level 1 but a pen tester requires much more knowledge like programming and stuff?

Pen testing is not every level

This is partially true, penetration testing is not an entry level job, mainly because you have to be familiar with maaany concepts in order to audit companies. Also it is worth noting that not all pentesters know programming, but it is certainly beneficial.

Blue team/SOCL1 often requires less knowledge, therefore it might be easier to get a job/internship as one and then move onto the offensive positions.

thanks guys.

In fact, most pentesters don't seem to know much in the way of coding, let alone professional programming / SDLC / DevOps / etc. It's a more niche area.
Extremely valuable to know though

Hi everyone i was hoping to get some advice on where to find careers to start my cyber journey and if theres any courses i can do to make myself more appealing for companys?

check online job boards like indeed and linkedin and courses well its entirely dependant on what area of cybersec you wana get into.

i went from cutting and producing granite countertops, to security incident response, and consulting

I am struggling to get my first cyber intern

it’s really difficult to break into, I just got really lucky, but people have spent a year or more applying and improving their resume to land even just an IT job

Need some guidance 😩

How did you manage that currently trying to switch careers aswell started with sec+ and tryhackme to learn but no idea where to go from here?

start applying to lower IT jobs like Helpdesk, maybe system admin or Network Operations Center jobs, those will build a good professional foundation

Or try and get an internship

Youre 100% right. I always hear start off in helpdesk so you can learn how the whole systems of IT work then and only then you can secure those systems.

seeing things in the real world is way different than you’ll ever practice yourself

What if you got “you can do both” as the answer for which team suits you best?? 😅😅

I got that one as well xD

yep thats 100% right and helpdesk is kinda fun imo

It makes me so confused 😩😩 I’m already indecisive how tps am I supposed to choose when a test can’t even choose for me?? 😹😹

well you can still just do a coin flip then 😛

that will settle it 😅

True or a spinner lol

Just do both haha. Especially in the beginning the content is pretty much similar and can be used in both cases

So basically be a purple team?

Kind of, but usually it’s more for people that have real experience in both fields

Learning new things won’t hurt you, I’m mainly a penetration tester/read team operator, but I’ve done some threat hunting and it helped me understand how to make it harder for the “good guys” to detect my attacks

It works both ways

yeah purple team is too much work

you cant be a soc analyst and a pen tester, way too much required in each role.

Makes sense 🙂 always good to understand both sides for just in case ^_^

I think you're misunderstanding what "purple" roles actually are

I’m actually reading an article about differences of red and blue team and it also explains what purple team is at the end of it. Just so I can get a better understanding of differences between them all. 😅😅

Yeah, the teams exist because people like putting things in to boxes

An example of a "purple" role would be someone on the companies internal pentest team, who after an engagement, works with the blue team to resolve issues that were found

ok thanks for the clarification.

or someone in my case that does pentest vuln consults, and does Incident Response in between engagements

thats cool derek.

you really just got your job just by doing tryhackme?

I mean it’s where I learned everything security and IT on the software side

thats awesome man.

do you also do programming in your job?

very little. usually powershell if anything

scripting

yeah im learning Linux.

the google IT support course had a good bit of Linux commands.

in you guys' experience, what are the most common tools / knowledge request (and required) for junior pen test roles?
I'm guessing linux, scripting, web/networking are kinda obvious. In terms of tools though? Burp, Metasploit, network scanners/packet sniffers, and..?

idk if stuff that's all automated like Metasploit which you can learn in like 2 days is even considered though

@vestal vector I'd be looking for someone that can execute an SLA without affecting my daily operations. I would be looking for someone that can negotiate an SLA and a testing environment that does not affect my availability. I would also be looking for that person to be part of a team that can be efficient and succinct in their testing and reporting without breaking my stuff. I would expect an executive level summary of results that would allow my team to correct our deficiencies without causing incident in my production environment. Test and Evaluation events aren't just about skillsets.

Of course I would expect you to know how to run Metasploit and NMAP. But can you do it professionally and report your actions in a manner that allows my internal team to action it?

Get a GPEN or OSCP if your looking to demonstrate junior pentesting skills, but skills alone are not the only consideration when choosing an outisde T&E team to do a thorough evaluation.

how brief should i make my work exprience on my c

cv

how should i get into ethical hacking with little experience? can i get a job offer for having no degree but some experience?

experience seems to be favoured more than a degree

I think so. Yo do nothing with your degree

can you please recommend me cyber bootcamps

me too

Bootcamps are a waste of money in the vast majority of cases

what's better if bootcamps are not worth

The very platform in whose server you're currently in, and there's other platforms and course vendors depending on what you want to learn

I started taking junior penetration tester on tryhackme

That's a good start

Thanks. but I think penetration testing need alot of experience. what do you think?

Gave +1 Rep to @fallen heron

It does need experience, it's not an entry level job that you can stumble your way into, most people start in IT or on the blue team and pivot to pentesting later on

I was thinking to take the blue team. I hope i will find it on tryhackme

There's the SOC level 1 and SOC level 2 paths, plenty of content for you to go through

Thanks alot bro.

I stop on sql injection on junior penetration testing... that's why i need easier path first

what about you experience @fallen heron ?

The goal is pentesting for me, but for now I'm just learning as much as I can, haven't made the move to cyber yet

great keep learning

you too!

I say go for it, you will be getting exposure, experience and also a chance to start building a network. Even if it's introductory and for beginners now, they might go on to becoming big names and it would prove invaluable. Also, you can keep looking for something in the meantime

If you're ever interested in eventually pursuing team leading/skills development/project management etc. it will be a huge plus to have had the experience of holding "courses" or teaching students certain topics. It's of course not the same to teach a junior at a position, but the skills will translate over. It will also prove that you have a firm understanding of public speaking and the major soft skills required of employees.

Those are the big benefits in my eyes, and of course the exposure, you having to learn things to a higher level just to be able to teach them will greatly benefit you in the long run.

True

so in practical terms, what do you suggest someone should do to get started and get hired as a junior pen tester -- outside getting those technical skills with certs or whatever else

it's interesting that you consider blue team more entry level than red

is that general consensus

If you want to be a junior pentester, you need to understand a lot of technologies and tools. Having the skills to pass the OSCP or similar cert like TCM PNPT or HTB CPTS will go a long way. OSCP is the industry standard that hr departments want to see on your CV.

As for blue team, it's still very challenging but it's usually much easier to be hired on a blue team with a good understanding of IT or programming. No skillset in cybersec is really beginner but you can get up to speed far quicker in blue team.

Red team/pentesters can afford to be very picky with who they hire because there's lots of people looking to be professional hackers but not as many up to the level required. You should read some of the Tribe of Hackers books that discuss various roles in the field

1- System Admin 2- Network Admin. Both are equally good at their jobs. Which one would reach their target faster to become a elit hacker?

i see, i'll check those books out too

i mean now i'm nowhere near considering doing OSCP but i'm kinda trying to understand better how it works to get those entry level roles

Usually you would need to have a good understanding of Windows, Linux, Networks, maybe programming/scripting to some extent, depending on your background. You can pick those up as you go along. Getting a job in a support role or in IT or QA could help you along and then you could go from there. Getting certs is beneficial to show your understanding, but also spending your time actually using those systems helps too. Getting a particular cert is no guarantee of a job or even an interview but it can help

Hey there all. I've enjoyed reading previous posts about all of your aspirations, dreams, and experience relating to OffSec. I've got a self-imposed deadline to pass the OSCP within 9 months from today, but I have limited experience working with red team tools. One of my concerns is getting more familiar with networking. I'll be watching through Prof Messer's Network+ video series and reading through some CCNA material... if anyone has any advice on the aspects of networking I should focus on please feel free to DM me. See you in the rooms

Network+ should be enough to understand what you need to for OSCP. Spend a little time on Linux and Windows foundations, understand Active Directory and push for it. You should be dedicating about 30 hours a week study to it if you can. Good luck

Excellent, that sounds doable. Thanks for the insight

Gave +1 Rep to @rugged delta

I'm taking CSI Linux certification course what else would I need to get other than the initial course to find jobs in that specialty without going to college

Focused on osint now and taking my time with the rest

Hey all I was reading some interesting comments. I wanted to ask if there’s a good path to take to try and be ready for OSCP? I’m interested but a lot a bit scared. Is there a path from tryhackme, build off to another platform etc to build enough knowledge to perform OSCP?

btw OSCP is the hot cert and all, but what about comptia pentest+? I guess it's easier than OSCP (?) but it should still be valuable for pen testing jobs ?

It does meet the DoD requirement, but its not at the same level as OSCP.

DoD requirement?

For US-based jobs, mostly government contractors

oh you mean it works towards getting a job in the government as well, like sec+

US-at least

it's not a practical exam, it won't teach you how to pentest

this had got to be a mistake ahaha

Lmao at how demanding job requirments are nowadays i would be shocked if it wasnt.

Dubai plus 23 years = makes sense 😂

It said thay then below said 1 year 😂

They be juking for real 😂

Ahahah

best are employers who wait til you have a new job in your linkedin bio to tell you they wont take you... oh and yea, we decided that 3 months ago, but we tell you now .. coincidence? xD

Ugh that’s annoying

is this job site?

probably meant "2-3 years of experience... ", but then again, there are job posts looking for CISSP in entry-level roles.

makes sense

I’m assuming it means 2-3

since 23 is such an odd number, and for a junior position… no

I’ve seen weirder ahaha

Hello Does Basic networking knowledge is enough to start career in cyber security ?

To get started? Build your skillsets. Tryhackme is a great place for learning the tools, techniques and processes. Hackthebox is also great. Find some industry folks you respect and follow their work. I personally really appreciate Travis Goodspeed's work, but there are tons of folks in the industry doing really cool stuff. Engage in your own projects, build stuff, break stuff. If your still lacking foundational skillsets, find those key areas where you have knowledge gaps and fill them. Make a portfolio to demonstrate your skills and technical writing ability.
As others have said, red team tends to have pick of the litter and is a smaller community overall. Although, I think blue team is much more difficult to excel in without technical depth and breadth in a variety of areas. The type of work you want to do should also be a factor. Enterprise is a different work load than say ICS or the defense sector. A great entry level job is SOC analyst but as with any industry you just really need to be persistent in applying for work and consistent in your studies.

Concur, Pentest+ is largely academic. OSCP is a practical exam that simulates real world engagements. eJPT seems to be the EU preferred cert, and OSCP or GPEN are well-regarded in the US. CySA+ is gaining traction and has some simulation, but is also pretty academic.

thanks for the advice

Gave +1 Rep to @boreal zephyr

so in terms of value for getting employed/in the job market, OSCP would be the best, and Pentest+ the worst out of those?
Something like OSCP > GPEN / eJPT > CySA > Pentest+ ?

it all depends. pentest+ is valuable on the legal side of things, while OSCP is more on the performance side of things. best thing would be look at local job postings that interest you and see what is asked for the most

It depends on what the org is looking for. Additionally, certs are more of a business requirement than a skills measurement thing.

Additionally, "getting employed" is too broad to answer succinctly. There are lots of paths in to IT and infosec, but many of them require a candidate to have additional background. It completely depends on if the org wants someone who thinks they know a lot already, or someone they want to train up in their system; there are advantages and disadvantages to both approaches.

I got a message from a potential employer in July that I was being considered for the next round. 3 weeks later they got back and said they decided in June I wasn't being considered

dang 😮

So the meeting in June where they decided who was being considered, they decided to not consider me but to string me along. Other opportunites out there

Any chance you'd be willing to namedrop the recruiters at that company? I want to know who to add to my blacklist

That is horrible

Name and shame.

I would like to know also, we have a few contract recruiting companies and I would be more than happy to dodge them if they acted like this.

It's also fine if people are uncomfortable sharing that info - for smaller communities, it wouldn't take much to get a bad reputation

Hi, I see on alot cyber security or SOC jobs that say the requirement must have at least 1 year at IT Jobs experience, and what do u guys think the best job to start career in cyber security field ?

Most people start IT jobs in a helpdesk or tech support or QA if you're a coder, possibly junior sys or network admin if you have the skills/qualifications

Hi all,

Do we have any Security officer/information security officer or a CISO around here?

If you have questions, just ask.

Got my first interview for a security officer role. Already passed the first round with the Manager and now with the CISO. Not sure which kind of questions to expect and what to ask a CISO.

I wouldn't worry about it. Was the first round technical?

no not much.

was a bit more about getting to know each other

and about the company and my task

Ok, so that was the 'cultural fit' questions. Next round is probably technical, if there's a 3rd round it will be personality

if this is for a junior role, it'll probably be 2 rounds of interviews, not 3

yh. Said i will be working close with the CISO so next round is also getting to know him.

They know i am a junior

How big is the company, if you can say

Like startup, hyperscaling, or full-on enterprise

based on their LinkedIn between 200-500. In 9 different locations

The big thing with the CISO is don't overcommit your answers. If you cannot demonstrate how you know it's true, don't say it

And be able to talk about anything and everything on your resume, especially for things within a security domain

yh manager gave me a tip. Had some experience with ids/ips so manager said he was curious about it

be very clear about where that experience comes from, especially if it's primarily a homelab context

Hi all I`m looking for Cyber Sec jobs in vulnerability , Threat etc. having 3 + year of exp. let me know.

What's the best Linux cert should I start with?
LPI ones or Red Hat ones?

I have an LPIC 1 certificate.
But I'm also curious to hear what the others have to say.

If you're interested in a role as a Linux engineer, the RHCSA and RHCE are the top certs to get. If you're new to Linux and need an introduction, reading the LPIC1 study guide can be a good intro prior to pursuing the Red Hat exams. These exams are practical, in that, you connect to a Linux machine and make changes to it and others in a network.

The LPIC 1, 2 and 3 certs are also rated quite highly. They cover both Red Hat and Debian-based systems. The LPIC certs are multiple choice with some practical components but are still very challenging.

Other options are the Suse and Oracle Linux certifications but they would only really be beneficial in an environment using those particular distros. The Linux Foundation certifications have declined in effect the last few years and only tend to focus on junior level knowledge.

If you want to learn Linux as a beginner from the perspective of a hacker, I would recommend Linux Basics for Hackers by OccupyTheWeb, available from No Starch Press. Also, No Starch generally produces a Humble Bundle collection of hacking books around Christmas, so worth keeping an eye out for
https://nostarch.com/linuxbasicsforhackers

RHCE is quite a bit more difficult than RHCSA - would not recommend it unless someone already has an entry level, practical, linux admin cert. Ansible is certainly good to know, but I think the linux has to come first

For sure. The RHCSA is a prerequisite for the RHCE. If you know your stuff and just pass the RHCE exam, you won't be certified until you also hold the RHCSA. You also need to pass the RHCE before your RHCSA certification expires (so a retake would be required if that's the case)

RHCE has also substantially changed in the last few years as well - it's no longer the "build an environment from scratch" cert, it's now the "maintain a large environment using ansible" cert. Not sure why when there's already a RH cert specifically for ansible

Yeah there are several Ansible certs. Probably for people who want to just do Ansible training who already have practical experience in RHEL but don't want to go the RHCSA/RHCE route or have gone there and have specific needs/deployments. They're not RHCA certs anyway

I think one of the other RH Ansible certs is an elective for RHCA

Hi buddy,
I have been working to learn cyber sec from about 1.5 yrs
I am preparing for OSCP after 1 year

Please someone can guide me and be my mentor for the journey 🏆

I assure the journey will be very joyful and full with surb knowledge we share

Hello all I am new to this discord and I am currently a senior in college and working full time, I have been trying to get a entry lvl position in anything cyber and I have had so much roadblocks due to experience or degree can anyone help me point me in the right direction in finding a job?

There is no magic answer that anyone here can provide which would help you pass OSCP, or find a job in cyber. There is a long, long history of questions in this channel with excellent answers that can help you on your journey and forge your path. Ultimately you must be responsible for your own success. If you have specific questions about the industry or interviews or something else career-related that is not a vague, open-ended question I will do my best to answer you. I can't possibly answer what you have asked in any meaningful way.

Hmmm would this be specific enough what could be the best entry level jobs for someone with 0 experience in the industry? @boreal zephyr

Help desk is an okay start. SOC analyst is also an option I see a lot. Sysadmin can be a tougher jaunt but it isn't unsual to see new grads fall into entry level sysad roles.

It is very rare to see new grads or those without certs/exp enter cyber directly.

pentesting is especially hard. it is a smaller community where those hiring usually get pick of the litter in terms of skill and experience sets. Lots of people are eager to be "hackers", so it attracts a lot of folks.

You must understand that "cyber" is an extremely broad field. Some people are supporting Enterprise networks, some people work ICS systems, some defense sector on isolated platforms, etc. Pentesting is a job, as is forensics, network defense, product security, reverse engineering, human factors, and so on. To say "get a job in cyber" is like saying " working at a work place to do a business". In order to succeed you must specialize and focus on the areas where you want to work.

I would not put an enterprise network defender on a task where I expect them to perform test and evaluation on an ICS system, or platform IT, like an aircraft. The skills are not translatable.

is this design too much for a cv

Just worried about the design or the content? Im not a design person but I am available to offer feedback on the resume content.

@vestal egret

Any advice would be good. cant seem to get any interviews just now and trying to redo my cv till something works

Give me a few, okay if I post the notes here or would you prefer a DM?

dm would be goof

good

thanks

kindly recommend me cyber security internship job sites

i tried some jobs on upwork but too much competition there

Google

Sorry for asking before searching on google

Is cyber security analyst and SOC analyst are the same thing ?

Depends on the role but usually no. An SOC analyst works primarly in an SOC environment. A security analyst may have broader responsibilities on the organization. This can include vulnerability management, security auditing, application security, etc.

Anyone who has made a mid career change from a higher paying job to cyber security?

Hey hey!

🛠️ TryHackMe Career and Skills Development Outreach 🛠️

The TryHackMe team is looking for feedback on the challenges and experiences our community face when searching for a cybersecurity job. If @exotic sand reaches out, it's because we'd love to hear more about your experience.

Cybermo is 100% a real TryHackMe staff member and you are 100% awesome for helping us out 🙌

No I understand that I’m just finding it difficult to find a way to get into anything that that could add experience to my current skill set if that makes sense

hahaha, I can’t help but think I’m the reason for this message lol

Hello everyone,
I'm currently working as a cloud security lead and thinking about transitioning into penetration testing. I'm planning to self-sponsor for the OSCP certification, not with the expectation that it guarantees a Pentester role, but to learn the fundamentals (I have been a Tryhackme user since the past 3 years, not very much active these days). Unfortunately, my current employer doesn't sponsor certifications.

As I explore potential opportunities in the Indian job market for penetration testing roles, I'm curious about the prospects of securing a full-time position even with the OSCP credential. If anyone has insights into the Indian job market, particularly in the realm of penetration testing roles, I would really appreciate your suggestions.

It does not guarantee a pentester role. Do you have any previous work experience or education in IT?

I have bachelors in CS and been part of a cloud security team for the past 3 years now.

If pentest is not part of your current duties, it's unlikely that any employer would pay for that cert.

I would recommend convincing your company to join the pentest team, then make the argument that it's a value-add for your current clients.

I don't think we have a dedicated pentest team but however we do have a red team and they seem to be focussing more on going through pentest reports performed against our client from other vendors rather than actually doing red teaming/pentest activties themselves. I am not sure how that works.

What are some good starting jobs for just getting into cyber security?

SysAdmin, NetAdmin are direct roles into cyber, help/support desk is a very common first role if you don't have a degree

Any tips for what to put on resume? To help stand out for those particular jobs?

The truth

@frigid turret here

If I wanted a pentesting job / internship

the OSCP is best for entry no?

OSCP is the entry pentesting certification, but pentesting is not an entry level profession

im grinding rooms in tryhackme atm

If you search through this channel you'll find a bunch of messages with regards to internships and their purpose

ok thanks

like cybersecurity analyst

then pentest

I am currently in cybersecurity, but my internship was an IT internship

Widening your net to more than just pentesting/cyber/"cool guy job" is important

Leads to more opportunities

Ok 👍

Then should I get the comptia sec+?

Security+ is the only certification I would recommend someone pay for out of pocket

I think I can do the exam in two weeks after my exams

ok nice

I would wait though

You still have a bunch of school left

I need a job by next sem or the summer tho

for my school program

depeends on the future role, current job, and a couple other factors - good rule of thumb, but there are other foundational certs that someone without an IT background should know the content of before going for sc+

Again, you don't need to bring anything to your internship besides yourself pretty much

Ok

Don't be brain dead and be a sponge (meaning willing to learn)

hi, I'm trying to get a job in tech too, I'm doing tryhackme and also the google and coursera cybersecurity certification program, I've completed 2 certificates and I also have a Splunk certificate, but I still can't find any opportunities even as a help desk, tips?

Yes, to add additional context, They're in university for cybersecurity. I guess I shouldn't assume that people had/have the same level of knowledge I did in school.

im not in cybersec lol

my compsci ass just can't compete

with others in my program

well im in a double degree

so business as well

two universities

Ah, I thought you said you were in cybersecurity looking for an internship

well im looking for a job in that field

I wasn't compsci, juun can probably provide better advice in that regard

also maybe someone can help moreless with her question

ight

But expanding your internship search is still a must

I thought y'all were ignoring me 🥹

CompSci is (in my opinion) a much better place to start with cybersecurity from. Curriculum has been largely standardized, there's a lot more variability in what you get with a security degree

I would take a look at your resume. If you want, you can redact the personal information and post it here

yeah let me just censor some stuff and ill send it

Could be applying to the wrong roles, it could be that your resume doesn't pass the HR filter.

You're going to need to verify to post images

Screenshots are preferred, please don't post a file

like a docx or pdf

lol security mode

It's not !verify anymore is it?

can't get virused

i think it's /verify <token> to the bot now

where is the verification

how can I do it

it's more along the lines of PDF and docx files can contain metadata what could dox the author..... i'm less worried about poisoned PDFs in the containment VM i run discord in

I have a screenshot

Looks like the bot is down?

rip

RIP

I'm just going to send the txt then

guessing they don't have dms open

DM that bot I just pinged with /verify <token>

done

DM @crude sphinx and make sure you have your DMs open

It should respond

I have my dms open, I sent the message no response tho

I did it

Hey guys, im new, nice to see you all and glad to be here!

Im currently looking for some advice if anyone has any:
Im a cyber security student who has an interview for a co-op opportunity on the 30th for a Junior SOC analyst, any insights would be appreciated !!

nvm

Boom

there u go

First of all, congrats and how did you get that interview omg?

that's a long profile but looks good

Its through my school resources - the program includes a co-op and Im doing fairly decent in GPA ? Im not really sure how actually maybe Im lucky ?

thanks

Gave +1 Rep to @frigid turret

Impressed me, idk if that says much

i think you are lucky

are reps automated?

lol

Well even more so why Im looking for guidance then! I want to keep the luck running !!

lmao 96+ avg in hs

in uni I'm just trying to pass

bad studying habits

What roles should I apply to with my exp?

is there a technical test in your interview?

thats also impressive but Ive also hear a lot of the same from most of my classmates - post high school is a whole new world

I have really intense study habits, to the point I barely see my social circle lol

I just hole up and procrasinate

I honestly don't know - they know I am a student and the interview is 30 minutes through zoom

I joined some more clubs in 2nd year uni tho

I need co-ops

Its one of the main reasons i joined this program - i just didnt realize it was independent and the student is responsible for finding the co-op which is not ideal but ill take what i can get righ t?

doesn't your school help u

lol

I think what I would recommend you to impress them is that you do a really short certification with Splunk to show them that you know the basics of a SIEM tool. I made that certification in a day so I think you can handle it

it's free btw

They HELP with supplying postings to apply to but they havent gotten a deal with any people in the industry, does that make sense ?

my school helps you a bit with the applications

idk

THANK YOU exactly the type of advice I was looking for actually - google: splunk free certs ?

Gave +1 Rep to @dense tendon

https://www.splunk.com/en_us/training/free-courses/overview.html

well yeah they will give me advice on resume building, cover letter, interview tips etc but if we dont get a co-op thats fine with them

I think the rate of co-op for this program is 20-30%

https://www.splunk.com/en_us/training/certification.html?

this?

3

yeah

You guys aree the best

tysm

my program used to be 100% until tech layoffs

its now like

50-60%

ohhhh i didnt take that into consideration but

better than our rates lol

mind you its like the 5th year this programs been running ?

university of waterloo

compsci and engineering

man we're close - im at fanshawe college lol

are top in ours

cyber security

ight

im looking to go into comp sci after degree tbh

is that what youre taking ?

my mom wants me to go to health

LOL

but yea im in compsci and business

merged program ?

double degree

dangggg

two unis right beside each other

good for you - that must be a lot

eh business is boring

and dumb

grading is inaccurate

lol i can see that - comp sci is good though yeah ?

yea

inflated or deflated grading ?

except for proofs math

Our math avg

is a 64

lol

that even sounds weird - isnt all math proofs ?

well ig

calc is pretty much just proofs

that wouldnt be a pass for us lol

60 is a pass for us

cuz its hard

anywyas guys i just had some time to reach out here but I need to go get some stuff done, i thank you again for the advice and chatting ❤️

actually now that you say it is either 60 or 65 for us i cant remember zz

can't complain tho cause engineers will have an outburst

but idk if its cause its hard - just cause fanshawe likes monies

if we say we have too much work

yeah i can imagine lol

its alright if you have time management

i can iamgine that as well

talk later ciao for now

cya

https://discordapp.com/channels/521382216299839518/707992725646999553/1178640311677878344

Same goes for @quiet rampart - a TryHackMe team member looking to explore and improve our career and skills development support 🙌

Thanks again!

Gave +1 Rep to @quiet rampart

hey eveyone, i heard that here i can find red or blue teaming career roadmap (i think), can someone say is this true or provide links if possible?

Excellent answer, it's much more clear now.
Thanks man!

Gave +1 Rep to @rugged delta

Hey 👋 !
We're looking for THM users who would be happy to have a chat with us about your experience in getting your first job in Cyber Security. We're looking to find out more about any challenges you may have faced and how we can better improve that experience on THM!

If this sounds like something you'd be interested DM @quiet rampart @exotic sand or respond to this thread

🕗 Takes about 20 minutes
💬 Option to chat on video call or online chat
🎁 And as a token of our appreciation we're offering a £20 Amazon voucher.

Of course, learning Linux just for the fun of it is a great thing too. There's tonnes of free and cheap resources on the web. William Shotts' book, The Linux Command Line can be downloaded freely and legally under a Creative Commons licence from the book's website, for instance https://www.linuxcommand.org/tlcl.php

There are lots of other excellend books from No Starch Press, O'Reilly, Wiley and others on all kinds of tech topics. Humble Bundle is good for that.
And of course there's tonnes of stuff on YouTube and other sites all over the web. Over The Wire is one great example if you want to go a little deeper after tackling the Linux rooms in THM https://overthewire.org/wargames/

I am looking for my first entry position in cyber

Open to work

Top AppSec Job Interview Question 12 #interviewquestions #interviewready #technicalinterview
https://youtube.com/shorts/GOyUxCm1Qjs

I like the No Starch Press books. Cyberjutsu is great. Chapter 13 is available online https://nostarch.com/download/samples/Cyberjutsu_Ch13Sample.pdf

Yeah I bought Cyberjutsu when it was in early access and it has been in few humble bundle collections so I have multiple copies

Hi everyone! I have only 1 question to you guys, can you tell me please, would I be able actually jump into SOC junior position, after going trough the "Pre-security", "SOC Level 1" and "SOC Level 2" paths? I finished Pre-security already, but after surfing in the web watching some videos about SOC carrier, question on interview... I feel myself so unsure that I would be able to do it, so I want someone to tell me if it's really possible, or after finishing these paths, I'm still need to learn pretty much to become SOC junior?

I feel like there is so much need to know And it's gonna take years for me to learn everything

I am not very familiar with th SOC paths but what I did in the other paths was, to repeat them.

I did allot of CTFs which also hgelped allot to use what I have learned

help to know cyber security

You want to know cybersecurity?

What do you mean?

#start-here

hello, question for the group, I'm lookin at pen. testing. more on the physical side. my background is in locksmithing.

under the paths?

good to know, as for red teaming, your recommending to take that pathway and then apply to company's?

im not there yet on my journey im still working towards it

im 2 down and working through the complete beginner path now

hmmm creative.

well wont go into detail not a problem

i have been in the trade for 12yr and counting. creativity is not lacking, how ever going dwon this path i dont see any opneings or adverts. why is that?

ah then red team as stated before.

then hold on are there go betweens that handle these kinds of red teamers?

middle men?

thats solid

hit

so, as in paths you would recomend would be complete beginner to then jr pen test to finaly red team on the paths?

possibly with comptia pentest+?

as for finding jobs aka work with teams, im getting that unless they know you or you know them then you might has a led, but its unlikely.

all paths or the ones i outlined?

well that's why i asked, its a very long road and i have already specialized in 1 aspect hoping that would be to get started and work with a team and learn as i go. now i think on it that might not be the best decision for any team. simply put i need more to be done just to keep the going.

thank you for your input and helping me keep on track.

The easiest way to get into cyber sec is to hack your way in 🙂 networking and exploiting peoples vulnerabilities to worm your way into a position you couldnt have gotten otherwise. every company has a cyber security team, and im sure most of you work for companies. make friends with higherups and ask whose the SOC and head of cyber for your company. they want to see you grow most of the time and will help you. thats all the advice i can give. I got a spot on the security team at my place of enployment after showing intrest and putting in effort to get onto the database team by learning mySQL(youtube) and going through comptia A+ course in college. its possible guys, its nowhere but up from here 🙂

I dont even have the A+ cert i just took a class and passed with a 97/100. It was good enough for my higherups so they brought me on and 3 months in i was asked if i wanted to join the sec teamto be a sponge during meetings and its been freaking awesome

thank you i will! my brother just left for work so its time to get hacking 🙂

Can someone tell me a perfect roadmap that I can follow and play CTF chanllenges

I don't think there is one as this would vary depending on your experience and interests.

Ok ....got it umm.. actually I had completed my graduation in Information Technology. Now I want to make my career in Cyber Security specially in VAPT. I had the idea about the coding side but this cyber security side is totally unexplored to me. consider me as a beginner

I'd say just jump right in and enjoy. I'm a beginner myself.

If you want to learn more, you can begin by going to #start-here

Use the linux rooms first to get a general understanding of the system and then do some basic web security easy boxes

Use filter difficulty set to info

I have no experience working in Cyber, about to start OSCP learn one by xmas. Not hearing good things about the course but obviously it looks good on a resume. Anyone have any ideas something else that they consider a big thing to put on a resume.

I am aware that having previous experience in IT fields is a good one, but trying to avoid that if possible. Though I am keeping my eye out on helpdesk jobs etc

Thinking to get involved with some JS projects if I can and seeing where that goes. Getting some powershell down, and PHP

Just starting to think about crafting a CV and seeing if people have suggestions

If you’re interested in web stuff then maybe BSCP from Portswigger?

I have the attempt, bought it for like £10 last year on sale

that might not be the best cert to start your cyber journey

but now i see that you have to own BS Pro to do it

Im working on CBBH atm

Ive been learning pentesting stuff prob around 1-2 years now

ah ok

You can use the trial version iirc

I meant more that i have no experience job wise

ah ok will look into it

Most of the labs can be completed without Burp Pro, it’s only a few functions so the trial might be a good option just for the exam

from their site. But will see if its possible with their trial.

Finising up CBBH now then working on CPTS, from what I hear it will make the OSCP stuff seem a lot easier and the course material a lot better

It is possible

You could also try the OffSec Proving Grounds before starting the course. I found these really similar to the OSCP exam and lab machines.

If you can finish cpts you can easily finish oscp as well

Is it the cases that boxes for OSCP are sort of RNG as to which you get, and some are kinda...broken

Yeah im getting the L1 so will have proving grounds. def will make use of it

Heard about people that had to reset boxes for things to work properly

Haven’t done it myself yet

I just hear a lot of people get OSCP and then struggle to find any work still. So im just considering what else would look good on a CV

Afaik the job market in us is not good right now

I did hear some are easy and some are stupidly hard, or at least stupid logic to solve it

So need to make yourself stand out

In UK here, but prob more or less the same

Blogs/writeups, stuff like that

If you get the bonus points you just need the ad set and root 1 box, or 2 footholds

Why is the market not so good? any ideas? On one hand I hear they cant get enough testers and then that the market isnt good

saturated now you think?

Many layoffs I’ve heard

I’m eu myself, so can’t really speak on it personally

Same

From reading around they say yes and no haha. I think you can. I will just contact them and find out

But looks likely that you can

You can

https://x.com/PortSwigger/status/1461736254794518533?s=20

The market for pentesters is over saturated and more companies are realizing that their current security solution isn't secure at all, or even non-existent. I had an interview with an offensive tester a week ago, he told me that companies are less willing to pay for a pentest as they already know their infrastructure is probably vulnerable, or they have no idea what to do with the results of such tests. That's why risk assesments and hiring security consultants are usually the first step they take before even considering a pentest.

Thanks for clearing it up 👍🏼

Gave +1 Rep to @stable flint

Gonna bugbounty for 6 months and make myself £1000 then

https://tenor.com/view/money-rich-gif-25596211

Sounds like a solid plan 😂

consultancy and analyst are the better and more stable option within cybersec rn, feel like pentesting is a bit of a hype that's dying down as smaller companies are starting to look into security more and realizing that a pentest isn't going to help them

pentests are a very important part of security, and iirc hipaa requires some I think? but yeah, a lot of companies are realizing their budget needs to cover more blue team stuff

though big companies NEED pentests, and are still paying for them

Oh definitely!! What i'm seeing here though, is an enormous increase of small companies working on their security. They make up 99.9% of all companies in my country 🤯 hence that the market for pentesters is a lot smaller than for blue teamers. Education in blue-teaming offers a lot more job security here

yeah, and it is a lot easier to get into blue team then red team positions for the most part.

I don't know about red team, it is very nice and all. I got OSCP, OSEP and Im able to get into red team/pentesters jobs, but Im going to work as a dev because it pays more.

still my passion is in red teaming

very true

You think OSCP is worth?

Im about to start learn one in Dec

well considering buying it on discount anyway. I know the course material etc isnt supposed to be great but do you think its worth the time for its ability to give your resume a little more....Jazz

Was also looking at OSWE but seems web pentesting is kinda a secondary requirement to normal pentesting

I think it is very worth it. You will get a strong base for web hacking, penetration testing and red teaming concepts

Also many people in HR know OSCP

I can't talk about OSWE, but many people talk good stuff about it

OSEP, I have never came accross people in HR who know that certificate unfortunately

I think that goes for most Offsec certs other than OSCP

but I learned a lot from it

Yes, which is a shame

In my country if you want to land into cybersecurity jobs, you need to know people

Im in UK

Should be way easier there

Why is that?

It is the european country with the biggest tech market

tech companies market value

I live in the south of europe, and here, most companies dont care about cybersecurity or don't want to pay very well

Good to know. Im just going to try and get OSCP next year, but finish CPTS course first. Try and build a good resume, network and get involved in anything i can

Italy?

OSCP is worth it for HR reasons, however I have heard time and time again that the content is too gimmicky, and doesn't relate to real life testing

My friend is in Naples and it sounds pretty bad

and its soo expensive

I took it last here, and some concepts were nice, but if you really want to get into todays landscape of cybersecurity, you need to go further

I intend to finish CPTS first. Im sure OSCP will teach a lot. I just hear the course isnt designed that well, outdated and staff arent all that helpful

go further? Can you elaborate?

defenetly getting to know people will help you a lot, especially people who are already working in the industry

I can't speak much on it, cause I havent done any of it. I plan to try and get it paid for by my company in a year or two

CPTS for learning and OSCP for HR, kinda my POV

also have all the course for CRTP

but i dread the powershell

PNPT is also great for learning AD, just not a huge HR filter for it yet

Eh, the exam is a bit CTFy (and not reflective of IRL, although at least it has AD in it now) but the course content is okay.

From the knowledge I got from OSCP I was not able to exploit AD networks in the real world. But from the knowledge I got from OSEP and Pro Labs I was

The 300 level certs are a whole different beast. They're awesome

Yeah i got PNPT on a sale but not done it yet

This exactly

OSCP you mean?

Yes

It's basic, but gives you good foundations

My learning from PNPT allowed me to exploit AD irl in assessments, but at a basic level

thats what i heard. But im seeing CPTS getting very good reviews and in depth AD

Yeah, I hear good things about that as well, but it doesn't have the HR backing yet

I had a friend who did PNPT, and it is deeper than what I learned at OSCP at the time (december last year)

It's a balance. You're UK, so on one end you've got CTM (all HR, zero actual use), and on the other you've got things like CRTO, and presumably CPTS

oh for sure

Keep seeing CREST too

CTM being check team member. Not an actual cert, just a shorthand for any of the certs that can give you it

or is that CTM?

Yes, CREST is one route to CTM

ah ok

CPSA/CRT are the CREST certs which combine to allow you to apply for check team member status

It's HR gold

But the certs themselves are useless for learning by all accounts

OSCP, when I did it, it had a bit of everything, I learnt buffer overflows, I learnt a bit of AD, linux, sqli, xss...

So i should be checking that too then

You know if OSCP holds much value in UK?

If you're wanting a job as a pentester, yes, you absolutely should

If you're not confident in your ability to do the job, OSCP would be a better bet because it's a good balance of both learning and HR filter

I mean, I've yet to be rejected from a job with it on my CV 🤷‍♂️

(UK based)

thanks for the advice 🙂 Its what I needed

Im unable to get those certs, I took some CCNA certs, but I hate studying for them, you don't learn aything for real

Really? CISCO is supposed to be really hands on. Huh

so Ill look to go OSCP then CREST and work on anything I can in between

But yeah, CREST is supposedly shite. I'm due to be forced through them soon for work, so will let you know

Ha please do. I did take a look and seemed a bit like the pentest + kinda thing

the lab part was not that bad, but the theoric part was just memorizing stuff

Yeah, that's a good plan. If you're still feeling weak on AD, I'd also highly recommend CRTO. It's got more industry weight than CPTS (for now), and is again pretty dang good. Gives you some cobalt strike xp too

Ah, yeah. Lot of networking theory to pick up for those exams

I was looking to CPTS more for their course, just to learn it really. As it seems any easier and far better resource to learn from that the OSCP material

then OSCP AD should be a lot simpler

I don't know about more advanced exams, perhabs they are great. I don't know if I would take CCNA again

I have CRTP but that is certainly not....friendly

By all accounts it's great for learning, although bloody expensive

I do a degree on the side, so student discount

£8 a month i think

Come to think of it though, all those cubes are probably less expensive than Offsec stuff these days

For the full course

Wait, they're doing it as a course now? Thought it was a case of take yourself through academy then buy a voucher?

Huh. They are too

if you got student email you get CPTS and CBBH path for 0 cubes

Well, that's a great deal

if montly sub

are certs from htb worth it?

Hard to say. They are pretty cheap and may be worth a lot more in the future, but not job wise

They're getting good reviews content wise. Not got much industry weight yet, although given HTB reputation that'll probably change reasonably quickly.
Haven't done 'em myself though, so 🤷‍♂️

Im certainly considering doing one, who knows what they will be worth in 2 or 3 years

they got a new path coming out too

advanced webapp stuff

I mean, for 8 quid a month you can't go far wrong. Lemme know how it goes!

Sure thing, Im 90% through CBBH

htb academy is the best, I used it to get further knowledge into active directory attacks

it is really great

then will make a start on CPTS

even the modules that cost 50/100€

Thats the new path that will be out soon

Oooh, I'm liking the look of that

Be interesting to see how that stacks up against OSWE

Might see if work fancy paying me through a few of these

Ha should def give it a go

I bet that HTB in the next years, will be rivaling offsec

Some of these modules are already out

Will take a while for that to happen, if it does. Look at how long EC Council are hanging on for, despite being an absolute meme in most places

But they're certainly trying

Perhaps if it was pentesters hiring pentesters

It is always psychology people doing the hiring

We need more hackers on the hiring side

OSINT, address them like their mothers

Prob the case for a lot of jobs really, people hiring that dont really know the role they are hiring for

Ive never dealt with it. All my work has been friend of a friend etc.

or i was being hired by the head of the team i was applying for

All the good jobs I found is also friends, or like you I contacted people higher up

If I had to go to HR, RIP

Ha im sure we'll have to bite the bullet sooner or later.

Do tryhackme learning pathway certifcations help job wise ? also I am just starting out in cybersecurity. What learning path should I follow to land a job as a penetration tester?

They're certificated of participation, I'm not knocking them, they're a great way to show you enjoy learning in your spare time.

I have no idea where that impression comes from, whole path can be done for 2 months of platinum as in 2x68=$136, then it's $210 for an exam voucher, it has about 10 times the content of OSCP, it's everything an entry-level pentesting course should be

Yeah, I'm not sure either
Might be from academy in general being expensive.
Had a look at the course prices and they're really dang good

yeah, once you get into the tier 3 and 4 modules, it can start adding up quickly, but for their cert paths, the prices are pretty amazing

Aye, for sure

Hello, I'm currently studying Med but I'd like to move into cybersecurity . Can someone help me figure out how to do that? Also, any resources to understand the different certifications etc would be very helpful

I guess the first question I should be asking is
is that even possible? to go from Med to cybersecurity?? T^T

One of my friends went from real estate to cyber. It is possible you just need to get some certs or do a cyber boot camp it’s a good way to get in

Oh okay thanks :DD is there any particular bootcamp or any works?

i would do some research to see what there is

I found one but the fee is 9,500

If you are serious about it. It is defenetly possible. Given that fact you are a student you can get HTB academy pretty cheap

Do the pentester path there it is really good

you will learn a lot

Explore the content there

great, I want to move from cybersec to med ! lets swap

damn but well i guess something gotta be sacrificed

ou i'll check it out thanks :DD

Gave +1 Rep to @kind glade

Yeah

easiest way to do it is we switch identity documents

if you study med im sure Elon will need bio-cybersec department soon

time to polish up my cv for that then

I'm counting on you elon, please give me a job

yes ofc! i know someone who did acting at uni and still got into cybersec ☠️

Are there any psychology majors here? I really want to get in tech, but I was afraid that I wouldn't be smart enough to pursue it.

prob good at social engineering?

I have a teammate who graduated psych, became a cook at a department store, became a sales manager, and is next year going to become a SIEM engineer.

If you can restart a PC, you can get into tech

That's awesome! Good for them. It's nice to here how people from different backgrounds break into the tech field.

80% of the job is figuring out a nice way to tell your end user to reboot a device or a pc when they're being an ass. So if you have some people skills or psych skills, it's very useful

I do! I have a lot of experience working with difficult people, so this isn't an issue for me.

My current job involves customer service, too.

Highlight this as a skill and you're golden.

any cyber threat intel folks here?

a fellow sleep token fan as well?

absolutely!! my top on spotify wrapped

very nice. and I am primarily cyber threat intel if you had questions

awesome man, Im also cyber threat intel - been so for almost 2 years. Trying to figure out what's next for me in terms of advancing CTI skillsets

Hiii guys

what I have typically seen happen after a foundation in CTI is specialization. For example, if you have a background or interest in software development, you could specialize in malware reverse engineering, exploit development, etc. But, it really depends on what you find interesting. that's why these CTF challenges are great, because it will help you figure it out!

Yeah true - I think that's what I'm struggling with the most right now is not knowing what I want to specialize in. I have pretty big interest in dark web / fraud threat intel so I may explore that more, but I want to get exposure to various things to see what peaks my interest the most

There's definitely a place for that! Best of luck 🤘

Thanks brother!

Gave +1 Rep to @silver pebble

I dunno if I should go for ethical hacking and pentesting

I love hacking

Never worked with it but there's always the non-sexy part of it

The biggest part of the pentesting is the reporting. Unfortunately the hacking part is just a means to an end.

Hey reporting is sexy

Not everyone's cup of tea though. If you don't like taking notes you're probably going to have a rough time

Hi all, I am currently working in Technical Support and trying to switch to Cyber Security so if you have any recommendations of what are good tools for job search and developing cyber skills please share that. I am in Toronto, Canada so any local advice would also be good.

#start-here and try LinkedIn/Indeed or another job search site to see the kinds of skills required

Hello. I have a question regarding career as a white hat hacker. How or where can you start looking at job opportunities for entry level?

I would check LinkedIn! I would also try and get at least 1 cert. if you have a comp sci degree that is also good

Out of interest, How many of you guys are in the cyberSec/infoSec business? Anyone?
And, also, those who aren't, who is aiming for that?

hey, I am also in same position, if you find and recommend something connect to me..

Transferring into a non-technical position next month and I will be allowed and supported to develop for a technical role

i have some hacking tools and i want to test it but dont wanna hack anyone, where can i do that

Setup your own environment and test it out there.

I am

You know any discord channels etc that may be more based towards UK pentesting? or is it best just to ask in the usual places?

For what purposes, sorry?

@thorny knot @quick hatch you may have a look at technical support jobs supporting FW's, IDS's/IPS's, EDR's, SIEM's etc

Questions about resume and skills etc. Advice on things I may need to do and best course of actions to try and move into pentesting

its fine here, just didnt know if there was a more country specific resource

no! there is not one. you can make a thread if u want but you'll get a lot more help just asking here and specifyign UK 😄

Thanks for the advice 🙂

Gave +1 Rep to @rugged sable

There is actually a UK cyber jobs board discord, although I've never really interacted much with it. One sec, will see if it's still alive

Looks to be. I make no claims to how good this is, and am not affiliated with its leadership, but can probably send you an invite if you want it. Drop me a DM if so

Hey, any advice for CV templates? Need to write my CV and not sure what template to go of

(I'm familiar with LaTeX)

I recommend flowCV

I liked the look of this one

I used Jake’s Resume, and it worked out for me

Yeah this one?

Thought it looked a bit cramped

I like the second a bit more

the second one is definitely better, the first one just wastes a ton of space and messes with the margins

yeah mine was way more empty lol

Never heard of it, will take a look ty

Gave +1 Rep to @fallen heron

it's got lots of different templates and allows for a ton of customisation, including one like the template you posted

Okay cool, no margin then

AwesomeCV

I use it, I think Juun uses it*, and overall it looks great

*not 100% sure, may be misremembering

Cool thanks!

Where can I get daily prize raffle? I am done Day3.

Is this for the AoC event? Can't recall if there is a daily prize raffle, but you do earn raffle tickets for every question you answer correctly.

There is indeed a daily raffle in which a single user wins, winners are just announced in #1174347459116417054 chat. The most recent announcement was for day 2 and can be seen here. #1174347459116417054 message

boss, what on Earth is this?

Scarlett Danger. She is a spy rapper hacker

What made you post it in here?

Top secret

😎

@opal holly

Good morning guys, was reviewing some of the resume templates posted above and was wondering, as a person with no former work experience in cybersecurity/networking/computers, what should I put on a resume?

currently doing a level 3 cybersecurity and networking college course.

Hi guys should i do Comptias Network + before security+?

Read quite a few feedback that Network+ was harder than Security+.

ahhh dang but its still very valuable right. networking is a big part of security.

I might be wrong but I think the 'official' ordering is A+, N+, S+ because N+ builds some fundamentals for S+. It might be more difficult because it is more technical

thank you.

Gave +1 Rep to @obtuse yacht

As the son of a kitchen manager, what I really lacked was dealing with pressures. There are always surprises in the kitchen. As in IT

I would recommend against using a default template. Instead create something unique that shows employers that you have gone the extra mile and actually put in some effort.

Creating your own template is not a bad idea but don't get carried away making it too 'unique', cv's often go through automated systems that extract information from them and 'creative' formatting can cause them to get parsed incorrectly.

Good point. Make it unique, but try to keep it minimalistic.

A+ is definitely good if you do not have an IT background.

it is, but it also depends on which area of cybersecurity you want to specialize in, i wouldn't bother getting Network+ certified if you don't want to work in something very close to networking

how about for soc analysis?

Net+ has a lot of relevant and valuable information. I wouldn't count it out. It was the most difficult of the CompTIA exams besides Project+, and I just finished CASP

Hi, not sure where to post this but I was wondering if any of you guys know about PenTest internships / entry level jobs. I’m about to graduate university with a degree in IT, and I’m continuing to learn about PenTest concepts and tools. Would be nice to get hands on experience with an internship or entry level job.

Remote work ideal but I’m in the NYC / NJ area of the US. Willing to relocate if the job is good enough too 🙂

its not mandatory, if you have basic understanding of networking then you can directly give security+

pen testinng is not entry level

Any detection engineers in the house?

How can you get experience when there is no entry level jobs?

You have to start of in blue team and work your way to red

So basicly start at Junior cyber security analyst

Yeah

Get an analyst role you’ll learn a lot there then work your way to pen testing

You could also start with other IT positions like a system administrator or tech support

Yeah or help desk

Even try and get any internship with a company and express you have an interest in pen testing

Help desk to analyst pipeline is real

Working way to the red appears tough if you don’t have a mentor or someone holding your hand especially as an adult who switch careers and perhaps working etc

Anything is possible is you have the passion and the drive to get there

Agreed

A mentor can definitely help, but I personally think that this Discord channel can be a great substitute for a mentor. Lots of great enthusiasts here 🙂

I started as IT support and began taking on my own security projects until my boss made a security role for me

I did the same, but the role existed, just was filled. Well they opened an extra spot for me lol

If you have a question, just ask

hey guys i am new to cybersecurity can you guys give me some tips?

I am new to cybersecurity. I would love to get in and start a remote career out of it, but all the bootcamps and colleges require financing. What is a cheaper options that you all trust and or have experience in ( google, couresa,etc.)?

Not a big deal but I passed by ISC2 Certified in Cybersecurity exam (CC) and wanted to share it with you fine people!

https://tenor.com/view/happy-dance-its-time-to-party-gif-16879614411325569925

Congrats!

what certs should an cybersec engineer have?

Depends on your tech stack

Skills> cert but (security+) prob

The exam wasn't too difficult but they definitely try to trick you so I would suggest getting a strong understanding of a number of concepts. What really helped me learn this was purchasing 6 practice tests from Udemy, which only cost something like $13?
What was really nice is that the practice exams don't just give you the answers but explain why it's the answer and why the wrong answers are wrong.

@warm hinge Make sure you understand what RuBAC (RuleBased Access Control), MAC (Mandatory Access Control), DAC (Discretionary Access Control), ABAC (Attribute-Based Access Control), and RBAC (Role-Based Access Control) are and their differences
Know what the ISC2 Code of Ethics canons are
Know what the IR framework steps are https://www.crowdstrike.com/cybersecurity-101/incident-response/incident-response-steps/
Know what each attack is and how it works (worm, virus, cross-site scripting (xss), DDOS, APT (advanced persistence threat), Phishing/whaling/spear-phishing, MitM (man in the middle but is being renamed to 'on-path attack'),
The list goes on but if you take those practice exams from udemy, it'll go over all of those concepts in greater detail and more

I also recommend asking yourself a question like "How does a XSS attack happen?" and if you can't answer that yourself without any help, then research it, youtube it, write it down, and try again

Goodluck!

Gave +1 Rep to @burnt sonnet

y'all reccomedn the pentst+ from CompTIA

?

What should someone include in their GitHub depository?

I'm thinking of sharing some successful lab tests, are they worthwhile for increasing my chances?

Going back to topic discussed earlier today and a little yesterday. I went straight into pentesting after college. It can be done if you really know your stuff already. I hated it and got out but that's just me.

Just putting it out there though that it certainly can be done, just not typical.

it depends but I would say go for it

I'm very new to this field. I recently got my first computer. so would you guys suggest me from where I can start.

#974406074444685322 message

Is CHFI that hard once you finish CEH?

Guess so, later all

Anyone in San Antonio have some insight? I'm moving there early next year

Anyone in the UK got any insight on the Crest certifications? Don’t hear about them from anyone online but seen a bunch of jobs ask for them in the uk

Crest is a must for pentesting.

The beat person to ask would be @quick forum

But they're reply may br delayed.

I mean, it's not a must, and James hasn't done any CREST certs

They're one of the routes to CHECK status, which is what you need to provide pentesting services to anything linked to government in the UK. Many other orgs also require the pentest teams they hire to be CHECK certified as a gold standard.
Consequently, businesses providing pentests as a service often require CPSA & CRT (the CREST requirements for CHECK team membership) as a pre-requisite for hiring.

By all accounts the certs themselves are absolutely fricken' useless, but they're unfortunately necessary from a regulatory perspective.

The other route -- which is what James did -- is CyberScheme. CSTM is their cert which also allows you to apply for CTM.

As you get more senior, there's a good chance you'll need to be certified as a CHECK team lead, which is supposedly quite a lot harder.

Important to note that this doesn't apply for internal teams though. Many of them may wish it as a base standard, but CHECK status is only required if you're providing the service to a corporate client. If you're working internally there's no regulatory requirement to have it, so many teams don't bother 🤷‍♂️

https://tenor.com/view/comendo-mastigando-gif-11079610887514586452

I thought he had.

Is it something else in CHECK he has?

He has CyberScheme CSTM which has equivalence to the CREST CPSA/CRT combo

I.e. yes, he has CHECK team membership, but not via CREST

Right. 🙂

I could really use some advice regarding my resume, is there anyone who'd be willing to have a look at it and let me know what I could improve? I'm primarily targeting Cybersecurity Engineer and Cybersecurity Analyst roles, but I'm not super great with resume-building.

no, its very different

While waiting for folks here to give their advice, you could also head to the TCM Security discord as they have a dedicated channel for resume-help.

I believe there was a cheating scandal to do with CREST, which is why an alternative like CSTM is better - But James would be able to provide a lot more information

I don't think I have the link to that, I'll look it up

I can't recall if there was a rule against it (promoting other discord), so can I just dm you the invite?

I found it on the internet, we're good, but thanks for the offer 🙂

Is this the one involving || NCC || personnel a few years back?

Possibly? Not entirely sure

Send it here with redacted PII

Blammo

Can you send it as a screenshot ?

I'm guessing this isn't the total page because there's no Security+ and eJPT

I put them all on one line cause the COMPID doesn't change. The link supplied is to my credly where this is all listed.

I didn't want to two-page it

I like the way you phrased your 1st job more than your 2nd job. There's more detail into it as how you were excelling (e.g., setting up the POC environment which saved around $40K-160K) but in your 2nd job, there's none of that.

Because the second job didn't really give me a lot of hard numbers to work with, plus I signed an NDA

I suppose I could calculate some rough numbers I just don't want to be accused of lying

Gotcha on that

I think one thing I'd do is move up the certifications upward

Then push down other info (maybe Skills) downward

Maybe mention your certifications only once (as you have it on top and bottom of the page)

Also, on the Python Automation Guru, if you can add a concrete example to support it as you only mentioned automation in both your jobs, but not sure if both used python?

They both used python and were primarily around log and data injest, deduplicating it and cleaning it up to be useful to the SIEM. I also made several command line tools.

The other big thing I did was turn a commercial IM platform into an incident response platform allowing people to respond and action alerts without having to leave the app

You can relay this during the interview process then.

Thank you. I will have a chance to do a CHFI course for free along with the test, so figured why not. Just haven't met anyone thats taken it.

Gave +1 Rep to @slender maple

Hi All,

I’ve done Bachelor’s in Science in Information
Technology.

I’ve done internship for 8 months as a Vulnerability Assessment and
Penetration Testing.
During my internship, I actively perform Basic VAPT on servers and web applications. I also gained experience in generating
comprehensive reports. Furthermore, I managed and monitor BitDefender and ManageEngine for Security enhancement.

Guys If you have any opportunity for me please let me know (VAPT/Soc)

Thankyou

Hey, this might depend on culture, but I believe putting python automation 'guru' in a cv is not that professional. 'guru' level is i) a highly subjective term, the level required can mean different things to different people, and ii) I see it used more often in a casual, informal manner (this is quite likely due to its subjective nature)

just my two cents, other opinions welcome

apart from that, looks good to me!

Yeah I've gotten plenty of feedback and I've made quite a lot of changes. I appreciate all the input.

I also have an interview today in 3 hours.

thats great!

goodluck!!

Gonna need it. Definitely nervous.

remember to control your breath!

may help : )

I apparently also had 2 other jobs I didn't list that gives me another 3 years of experience that I just overlooked because it didn't have 'security' or 'engineer' in the name. So my resume's reached two pages T_T

good luck!

when people (in US) talk about cybersec salaries on youtube etc., like people earning 150/170/200k+ a year, do they refer to their yearly salary WITHOUT taxes or before taking taxes out. Like generally speaking in US.
a 200k/year salary is probably gonna be something like 140k/year post taxes?

-- also do senior devs/programmars earn more on average than cybesecurity specialists? I was always under the impression that csec guys would be the big earners in IT, so even more than devs, then again you read people talking about senior devs making 500k/year working at FAANG which seems an obscene amount (if they truly earn that much)

FAANG earns that much through total compensation (stocks and other things), not raw salary*. The work environment is also horrible.

*always outliers

#infosec-general message

You have Federal, State, County, and Town Taxes to take in to account. At the Federal level, you're paying 24-32% iirc

Then you add whatever your State Tax is from your taxable income, etc, etc

you aren’t going to make that much post tax most likely

so a 200k/year salary is something a like net 140k or so

generally speaking

ish, yeah

which is still a lot, but not 200k

but can cybersec specialists also earn that much after X years or with some specific roles?

or devs in general earn more

You can make as much as your skillset allows

There are always averages and outliers

to me (non-US) it's still a crazy amount i'll probably never seen in my life lmao

Devs, I think, make more at the start

which positions would you cover in cybersec that let you earn crazy amounts like that but also require A LOT of skills though?

CISO?

I would be happy just to have a job in cyber in general.

i mean, in which direction would you go after growing skillsets over many years

They don't necessarily require deep technical knowledge though