#cyber-and-careers

Not finishing high school will severely limit the roles you'll qualify for, and you can expect a LOT of questions about not finishing if you are in the US. Strongly recommend you finish that.

Not having a high school diploma is a huge red flag for hiring, it's such a ubiquitious thing it sticks out in a very bad way to not have one.

I started my career in cyber at a very similar age and I managed to complete high school with maybe not the best grades, but at least got the diploma and was able to go to university and study part time.

I also considered dropping out of high school but it didn’t really stop me from pursuing a career in cyber and maybe it will keep some doors open in the future. I’d suggest not dropping out unless your family is in a really tough financial situation or you’ve somehow managed to start a profitable business that can’t wait until you finish school, but otherwise it’s not really worth it. If you cannot commit to studying full time then a GED (as Zojja stated) or a form of online/part time school might be a good idea, but at least try to finish it.

there are other options, like I mentioned above. You have to be realistic with someone to let them know what their career options are. I mean in the US, often not having a bachelors degree can be a huge challenge. But even for those that go on to get their GED can go beyond as well. Again, not having a high school diploma can be very restricting and those that are willing to hire you can often pay you much much lower because they know your options are limited

they were asking for career advice as well, we shouldn't sugar coat it

at the end of the day don’t hate the player hate the game

Thanks for responding, Yeah I can totally understand that but doing a GED or something online would work out I think so there is that. I wouldn’t start it unless I can ask recruiters and more people I know in my area to fully make a decision I can get behind.

Gave +1 Rep to @flat sedge

Hey there thanks for replying, where I live it was too taxing on me where I couldn’t focus on anything. I might’ve made a rash and fast decision but I intend to make it work.

So getting a diploma is not difficult. If you have extenuating circumstances and go on to get at least an associates degree, it can 'wash off' the stigma of not getting a high school diploma, at least for the first job or two you'll have that aren't retail or food services. Once you've got 5+ years of experience, it will matter a lot less, but I cannot emphasize the downsides to not finishing high school enough.

A huge part of that is the baseline of knowledge and ability that a diploma implies: basic reading comprehension, reasoning, and writing ability.

Most parts of every job are extremely routine and not very interesting. If you can't stick with high school, it makes you much less likely that an employer can trust you to handle tasks beyond the most basic and simple.

Hey, random question, not related to me at all lmfao. If you were to need help with a massive codebase you single handedly built for your employer, and you went to lookup how much to hire another dev and the lowest 25th percentile is more than twice your salary. And, you knew this before, but the management retaliated when you last brought it up, lol. You may or may not have a pending job application with your dream company but the process could take a while. What is your next move? 😉

https://tenor.com/view/congratulations-gif-17725224000272645289

short and simple to understand

I think the answer to this question is re-reading it a couple of times and seeing how you feel/the person that this is related to feels.

I'd look for better opportunities in that position ASAP since you/they already tried to make their case for an evaluation/raise. This doesn't mean giving in your/their resignation before a new job is lined up though, stick it out unless it's absolutely crushing to be there.

Thanks. That’s great advice!

Gave +1 Rep to @vapid plinth

Wait until you get the offer letter for the new position, and then put your 2 weeks in. It's clear the company doesn't value you, and fighting for a compensating match is likely to just cause conflict and bad blood. They don't think you are worth what the other place will pay? Cool, it's not your problem once you have that signed offer letter

Thanks @flat sedge I appreciate your solid advice!

Gave +1 Rep to @flat sedge

hey is it necessary to add like for example retail work experiecne for a cyber internship or just keep things related to cyber on the work experienece section

Do CTFs get seen just like any other training platform?

It's very hard to gauge how "realistic" they are when you are a beginner who doesn't know what it's actually like,
or if competitive events like that are even worth pouring the effort into

I have very little financial responsibilities and can take more risk than some. So I would actually stay.

But I would have been applying nonstop whenever possible & take the first good opportunity I get, since I wouldn't want to end up in the same predicament.

The thing is, I also have enough savings to be completely jobless & easily survive the next 6-12 months. After that, I'd getting really nervous if I still couldn't find a job & start lowering my professional standards if I had decided to quit.

So to avoid having to dip into my savings unnecessarily, I would just apply while still working

hello based on this if i want start a career what do i study currently on THM what path should i be taking , since i find my self scrolling through thm going from aoc to side quest to practice ya am doing stuff but it feels like side quests any advice on what path to be starting now ?

ths is my current progress

Ohh i also only finished pre sec and intro as well

I am going for web fundamentals

I think its fine to choose any if they are easy as we will be completing all the paths, arent we?

dont think thats the goal , after strolling around i believe its more about quality not quantity

Thanks Eduardo!

Gave +1 Rep to @hearty tree

How about I continue with the internship and after it ends do an online high school diploma sorta program, That works right?

CTFs aren't really realistic but some do have some level of credibility, like the Google, SANS and FlareOn ones. But CTFs are mostly for fun.

So how does one get ready and show real life competence 🤔

One thing you can do is create a portfolio. A lot of Cyber Security is less technical work but showing people, especially non cyber people, security concerns. If you can do writeups, if you can explain a technical issue in laymans terms, there is a lot of value in that. That is why I say you can build up your portfolio. If you do a CTF, don't just do a CTF but show how you did it (if it is within the rules of the CTF).

Internships are almost always reserved for students. If you aren't enrolled, you may not be able to accept the internship. Check with the program rep and HR to make sure. And if possible, don't do an online-only high school. Believe it or not, there are human interaction benefits which will help you a lot as a security professional. Most of infosec and cybersec is collaborating with other teams and writing reports that have to be understandable.

Oh I already have the internship ready but I do agree with being in check with my soft skills I can assure you that I’m good there.

where are you from?

I’m from Pakistan but I live in Dubai

This is the recommended order you should do the paths in if you want to cover everything
#general message

i see well since i still have to start , i probably do need a job to support and finance my learning what would be the best job that fits my development and current skills ?

Any entry tech job will be good for getting a start in cyber, you will find topics that interest you more as you gain experience

Doing support/helpdesk work helped me a lot in the start

You don't need a lot of money to learn new skills, it's mostly time and sticking to the tasks and goals you set for yourself. Paid courses or certificates arent neccesarily better than doing it yourself.

It's still discouraging when people say certificates aren't a "requirement". I don't have the time or money for higher education, and certifications are one of the very few methods to learn and sometimes earn college credits for passing the cert exam.

If experience and personal projects are all that's required, then all comp sci grads/students have been tuition scammed.

Well experience is way more valuable than education/certifications as these are usually a requirement for entry or executive level positions, but still you’re more likely to find a job with a lot of knowledge and experience. Even if you had all of the certs in cyber and really good education, but it would not represent your real knowledge and skill, then the chances of getting past the interview process are pretty slim

I don't think we've reached the point where online self-paced learning has surpassed college education, but if that day ever occurs, I hope it would show up earlier than intended.

When people say certificates aren't a requirement, what they mean is they want you to have demonstrable professional experience in a role applying certain skills/tools/technologies to solving organisational requirements. Because people don't easily have ways to do this without work, there are plenty of quality certifications and training you can acquire.

A college/uni degree will always be considered high value but having specific certifications for the skillset they need you to apply is also sometimes a requirement to show you were actually tested in your ability to apply those skills. Passing an exam, however, might not be the most realistic representation of this, so it depends on the quality of the training and the exam environment and if you had other opportunities to practice, such as in a home lab or a site like THM alongisde your certifications.

🤔

And as with most things, the answer is 'it depends'. Some employers (and especially their HR/recruitment departments) value education and certificates a lot more than others. But even without taking that into account, everybody learns a bit differently which means that some people will benefit a lot more from following a set path in a certification or even a classical classroom setting than others.

The company you're working in, the country you're living in, the way you learn best, those are very big variables in this equation.

For me personally I didn't finish my university degree but I've learned a lot by spending some years in university, mostly in general academic thinking and how to approach problems, computer architecture, things you wouldn't normally pick up when doing online challenges or personal programmming projects.

But unless you work in academia or another type of cutting-edge research position, most of the specific courses you get in university have almost no use in cyber security

I've worked in cybersecurity for 10+ years, I've never seen somebody do formal proving of algorithms, complexity analysis, compiler/lexer coding, etc. Sure it exists in some companies and very specialized positions, but in reality 99% of the people work mostly in commercial tools that you learn on the fly, combined with spending time in outlook/excel and meetings 🙂

Hi guys i want a advice so i will start my college over 6 month and it is about networking and a little bit of cybersecurity what can i learn to have a advance on my studie thx.

Check the course curriculum if available. I'm guessing that you will study for Cisco CCNA (Networking) or something similar, for that you can find books, youtube tutorials etc... There is also a program called GNS3 (Network Simulator) that you can use to implement the things you learn 🙂

"CBT Nuggets CCNA" Just search for this. Was a great resource for me when taking CCNA

Thank you!!

Gave +1 Rep to @pseudo creek

so get a soc job is easier ?

Yes

so saaad so saaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad

The problem with pentesting is that without experience you are more likely to break things, so it may be dangerous for companies

yes it's true

Or worse, not see obvious vulnerabilities and miss them in your report, and then the next day your client gets pwned and your company is held responsible

Are there not safeguards in place to prevent against that? CYA seems pretty important

Sure, there are frameworks and checklists that are followed to make sure nothing obvious is missed, also junior pentesters are usually coached/mentored by senior colleagues, and also contractually a pentesting company will likely have a legal disclaimer they aren't responsible for things they miss. But in the end a legal disclaimer doesn't overrule a judge when a client goes to court and claims they got a bad service or product and the judge can be convinced of that.

As a SOC analyst its much more clear if you're lacking knowledge, if you get an alert and you don't fully understand it, then its time to ask somebody in your team to help 🙂

👍 Was referring to being held responsible for a company being hacked because you missed something - I'm sure something going under the radar might happen (albeit rarely) so there must be some safeguards in place for the pentesting company

There are usually clauses for that

Yeah there's a distinction between being personally responsible vs a company being responsible as well

something to consider is that pentesting is about .5% of the entire cybersecurity job market. SOC analyst work may be closer to 5-10% of cybersecurity job market, sot here are just going to be more jobs. Cybersecurity is huge though and there are dozens and dozens of jobs outside of both pentesting and SOC analyst. Just those jobs aren't advertised as well.

Could you name a few that I could look into…I would be looking for entry level jobs as soon as my college timeline permits me.

well that is the challenge, security engineer is kind of a catch all title that you may see. I work in cloud cybersecurity so you may see devsecops positions or junior cloud cyber engineer or similar

there are also various DFIR positions which may work in a SOC, may not but aren't really a SOC analyst position

Okayy, these positions are more specific then compared to pen testing and Soc analyst…right??

I don't know what you mean by more specific. Pentesting is pretty specific. SOC analyst can vary but usually someone who may build, monitor and respond/escalate alerts.

As a pentester I might work on cloud technology or not but as a cloud security engineer I will be focused on the cloud…if that make sense…

true, and a SOC analyst may be monitoring cloud related alerts

Okayyy

Thankyouu!!

There's many different areas in cybersecurity and there is overlap between them, some companies call things differently and smaller companies will have 1 person do the job that 20 people are doing in a larger company.

For example a forensic analyst is a very specialized job usually in a CSIRT (cybersecurity incident response team)

I think whatever role I got for the main/fundamental skillsets are the same, is it true??

not really, like I said, there are dozens of different roles in cybersecurity

Okayy I get it the more specific role I go for the more related or more focused to the techstack skills I will need…

yes commonly people will go from a related field into security, for example networking, software development, it support, risk, sysadmin

but directly going into security is also an option, you will just need to spend more time learning those skills on the side

to make yourself more valuable

in security it's much more common to be a 'generalist' than in other IT fields

since security can apply to so many different areas of IT

This is what I want, I am working on certs to help me with that, CEH(not by my choice but mandate by college) and OSCP(I will have to work a lot to prepare for it but by my choice)

well that is the foundation, often there are a common foundation but not exactly. Like I know some cyber people who have no concept of programming, others are very versed in it.

Okayyy, there are a lots of combinations of skill that could work to get into this industry

I'm pro networking foundation as that is where I came from and have seen how lack of networking knowledge can hinder people

you can't be an expert in everything, but at least knowing where to look things up and knowing enough to recognize patterns or technologies helps massively

google is BFF

Okayyy

is secuirty engineer entry level?

(as well as documentation)

it can be

theres an intership i can apply too

security engineer is sort of an catch-all term

my official job title is security engineer as well

Differ company’s job description may differ for this role…right??

my company pretty much gave everyone in cyber the title "cybersecurity engineer" for a while

but my college degree is comp engineer and i just started so dont have much for my resume but since im still learning id be alot better by the time it starts

absolutely, which is why its very important to understand the role you're applying for, beyond the job title and description

ask what your day might look like, who you're reporting to, what kind of experience your team members have, etc.

Correct me if I am wrong but I should look on the job description and then decide on it and not judge based on the job title

Okayyy

yes exactly

sometimes job vacancies are drafted up by people that have no clue about what they need to hire, and they will just copy and paste something they find

then you might think you're starting to work as a pentester while in reality they needed somebody to check off compliance checklists

That explains a lot

yeah which is why sometimes you'll get someone who says they are a pentester but they are doing vulnerability scans with a commercial product

Okkk

Which is also why I don't trust resume's so much when hiring

'okay you have experience as X but can you show me what you did'

Does internship experience count on resume?? For entry level

if its relevant and you learned things you can apply in your entry level position then yes definitely

same applies to personal projects and doing things like THM

Okayy

much more interesting than being able to complete some college degree that had 1 or 2 courses about security

So a combination of internship and projects and THM would be perfect provided I learned something

and its not just about the hard skills, soft skills like working in a team, producing actionable reports, interacting with clients or managers

that's all useful experience

why im not doing IT i dont think

I might even go the electrical engineering route but comp eng for now

I do have soft skills but all the proof I have for it is from my school days and now I am in 3rd year college so how could i show this on resume

You can use the STARR method https://uk.indeed.com/career-advice/interviewing/starr-method

to describe how you handled a situation/challenge

recruiters/hr people love stuff like that 🙂

which goes back to what I said yesterday in response to someone, you can build a portfolio, show what you've done, explain it and that can go a long way. The reason being is you think companies are looking for technical / hard skills but cybersecurity is nothing unless you can explain it to a variety of audiences

I have heard of this but it’s for the interview round…right how do I apply it to the resume(the thing that will get me an interview) that what I think

you can use it to describe a role you had, or a project you participated in, etc

Do recruiters actually spend time looking at our portfolio??

Ooooo that’s useful

I don't know about recruiters, but I do a lot of resume reviews and if someone lists a link to their blog/whatever, I'll look at at it

Okayy

And if I post like videos explaining projects or maybe a thm lab on LinkedIn will that be of any value??

Videos might be too much of a challenge to their patience 🙂

but thats my personal preference

I mean that is branding/marketing yourself, it could definitely build yourself

but yeah I'm not going to watch a video in general if I'm reviewing a job applicant

but on the other hand it might make you stand out between other candidates

you can do video + writeup

like imagine John Hammond, he built a following, he is well known, you get to that level, its pretty easy for people to know you and know your work

but thats years of videos

So much helpful advice @cold dawn @pseudo creek
Thank youuu

Gave +1 Rep to @cold dawn

oh and don't insult your recruiters intelligence hehe, like saying you blog frequently and have a vlog etc, and then they check it out and see you just started it 1 month before applying and it has just 1 or 2 entries

they will see through that 😉

good luck

Okkkayy

Thank you!!

yeah thats why I'm saying build a portfolio, over time

I have 1 year before I start applying so 💪

anyone know of a good training resource for the CISSP other than ISC2's own material? youtube is especially a shite-storm of 👨‍🦯

Hello? anyone up here?

I need a little career guidance

Better to just ask your question then ask to ask, someone here will surely be able to give you advice/guidance

https://dontasktoask.com/

I think itpro.tv have some, haven’t used it, but have used some of their other content and liked it

Behind a paywall though, but they sometimes have free weekends

Hi guys, I am a sixth-form student (16) looking to go into a degree apprenticeship. My aim is either software development or cyber security. They do not expect you to have knowledge in the field, however for my applications I would like to establish almost like a 'personal brand', representing my passion and dedication. I don't expect anyone here to know anything about degree apprenticeships ect. , but I was wondering what your guys' opinion is on what try hack me learning paths, modules, or individual rooms would help me stand out as being enthusiastic about solving people's problems and protecting tech users (which I genuinely am). Thanks for any replies in advance.

if your just starting out and like development , learn python - other than that on thm click the learning book and look at the paths , pick a "beginner" one

also check the pinned messages - lots of good stuff there

thanks, i know python at a level where ive made some discord bots and also basic C# but developing those skills is a bit annoying because ive never been formally taught it lmao

Gave +1 Rep to @orchid crater

https://tryhackme.com/hacktivities

^^ start there

i was thinking of doing intro to cyber and then jr penetration tester , i am 5/8 way through googles intro to cyber specialisation (which i know sounds stupid because how can it be intro and specialisation but thats just how they categorise it on that site). i find different resources take a different approach to cyber so dont mind doing multiple intro things

Hey Moss, I’m in somewhat of a similar position, I’m 18 (final year of college actively hunting a degree apprenticeship), my honest opinion?

Varies on where you are knowledge wise and what resources you have available too you. One thing I heavily advocate for is self-study and getting your head as stuck in as you can.

One thing I’ve noticed, when talking to peers is they don’t know where to start, so I reccomend finding what role within IT you WANT (end goal: wether that’s red team operator, CISO, or technician) than doing as much research what you need to get you started and find out behind that and so on and so on.

Some standards I would do on THM:

• Complete Beginner Path
• Intro to Cyber
• Pre Security (I think?)
• SOC L1 (Most Degree Apprenticeships in cyber security are Blue team 😉 )

I’ll double check what other ones there are and send them across. Look at other platforms like HTB (Their Sherlock track thingy challenge ma Bob, is a wonder), and what tools there are to practice.

I’d look at Cisco packet tracer and get to grips with the CLI on there, YouTube has some great challenges and labs - Maybe useful if you know networking.

Also learn python is a great language regardless, but also look at other languages like bash or powershell

final year of college at 18?

for anyone in the field who does cyrptography? is it something blue teams do and is it given to a specific team? also what types of jobs require that knwoledge?

Started it at 17 (Turned 18 last month)

you are finishing in two years?

you started at 17 and finishing it now or are you currently in college

college in the UK, 2 years long

before uni, apprenticeship ect

thanks a lot for the detailed reply

Gave +1 Rep to @soft eagle

Wdym so you get your degree in 2 years?

No

You get a diploma

Or A-levels

University is where you get degrees

my ass. in digital electronics engineering was 2 years

wdym your ass ?

so its before the degree

https://en.wikipedia.org/wiki/Associate_degree

for us, your college is called university

and our college is before university. you can go to sixth-form, sixth-form college, or college, all slightly different

this is after 2 years. You get an associates degree at a community college. People go to community college because its cheaper/easier. They then transfer or attempt to atleast transfer credits to a 4 year university to finish the degree

@hushed escarp thanks!

Gave +1 Rep to @hushed escarp

Here in the UK we have college at 16 till 18/19 then Uni from 18 onwards (dependant on ages and what you do etc) 🙂

in the U.S i am aware its different

outside

No problem at all, my DMs are wide open and am happy to help

interesting we have hs from 14-18ish and then 18-22 is college/uni

We have secondary school which I think you start what 12/13ish and don’t finish till 16 > College > Uni (if you want) however you don’t have to do college if you meet X requirements

so im in a similar boat but just turned 19 in my first year of college/uni

but i dont think a degree in IT/Cyber is worth it most of the time. So much information can be learned outside of Uni so i think its worth it to learn something similar enough but harder to learn outside

me personally

its funny bcs here theres lots of routes to high quality education while young like u can get a scholarship into a private school or get into a grammar school, but for some reason (at least where i live) they never advertise that to the normal kids - even the extremely intelligent. its like socially barred off if that makes sense

My name is Matthewi'm french turned 20 a couple months ago i have a system and network diploma it's called a bts in france i thinks it's comparable to a associate degree in united states i'm gonna start a master on cybersecurity in 4 months and i'm just trying to get a maximum of knowledges on tryhackme to start my master with a certain advantages , i'm trying to land a red team kind of job after i finish my master , i'm actually finishing the pre-security on thm and then i'm gonna attack on the jr penetration tester one , do some people could give me some advice to ensure that i'm on the right track ? sorry for my bad english , my principal language is french .

https://tenor.com/view/gigachad-chad-gif-20773266

People’s English when they say English isn’t my first language

i was thinking my english was kinda bad but thanks you i feel better about it now

There is a recommended path here. While it has both red and blue team components in it, learning the blue team aspect will help you to be a better attacker and vice versa.

#general message

i just see it i will work towards it appreciate it thanks you

@cobalt escarp

Spam

Done!

[BANSPAM] I cannot DM merry1881#0!

Hey guys i have a question

I'm currently working as an Electrical project manager, I'm looking to breakthrough to Cyber security but my job is currently very mentally demanding and I don't want it to affect my studies as I have to take a lot of my work home with me. So my friend has offered me a job as a Surveillance Security Officer at a large Casino.
It will be only short term as I know I should be entering an IT field. But I'm wondering if this is an acceptable step into the right direction of developing a "Security Mindset" and does it translate into in the field effectively. Any help would be appreciated, Thank you.

You did electrical engineering?

Mm no

Currently an electrical project manager @royal zenith

Just a certificate in electrotechnology and licensed

what is the recommended cert pathway for joining cyber? - currently a web dev wanting to change fields

should I do CEH first or go for OSCP? the first seems expensive for what its worth, but is it sought after by employers?

Depends on what you really want to achieve

CEH is sought after in my area but is generally regarded to have low quality materials and a really bad org running it. OSCP is an expensive entry level pentesting cert but is also sought after by HR.

If youre a web dev transitioning into security, what work are you looking for?

I'm not too sure yet tbh, I kind of want to try both red and blue, but I'm not sure if I'm expected to specialize at entry level or kinda sorta do a bit of both

if that is what you meant by what kind of work lol

I understand, do you like for your work to be a bit close to web dev experience?

not necessarily

but understandably there is a lot of work in web, so I'll go for it if I can find work easier at the beginning

okay okay. i will almost always recommend going blue team and securing an SOC or Security Analyst role.

This gives you room to learn more about cybersecurity while also being exposed to new things. Also, its a lot easier to transition to roles like penetration tester, DFIR and Threat Hunters from these roles.

If you have some infra and cloud experience, I’d recommend DevOps, maybe DevSecOps. This ties up with your web dev experience but generally now the Application Security and the whole pipeline.

Application Security Engineer is something you can also look at. How to securely build software, manual and automated testing, and working with securing the application from start to finish.

Okay, I'll check these roles out, thanks

and what certs do you recommend getting as basics

also, does thm and htb count towards experience?

All these roles wouldnt generally need certifications but things to look at for SOC or Security Analyst is the BTL1 and CCD certifications.

Cloud experience is generally good and if you want to certify, I’d suggest either certifying with either AWS or Azure.

Experience on the resume? Most likely no. Maybe as a hobby but its something to talk about in interviews.

Okay, thanks, I will probably have more questions later

Alongside the ones that Mknukn mentioned, CompTIA certs are also good for entry level roles, you might take a look at Security+ or Network+, these would stand out in your CV

Ok ty

Ok

Ok k

How does one gain knowledge on the cloud

Most cloud services have free tiers to try things out, usually for a limited amount of time or resources. Also there are lots of courses on coursera/udemy/etc. about cloud computing and security

Cyber security enthusiast right here.

go on aws they have courses

microsoft learn is great for azure

I haven't used it but the AWS skillbuilder has some free stuff

And also THM and HTB have cloud security paths

It wasn’t a question for me doing cloud security or computing just don’t really understand it.

AWS does have a free tier - just need to shut down all boxes every night (i forget the hours but you get X many per month before you get charged) - really good to just poke around and learn

Only available to businesses on both platforms

The AWS free tier gives you one free Linux and one free Windows box with 1 year of uptime each (750 hours each per month)

I think I saw a LinkedIn post saying that THM now permits individual access to the AWS Learning Path for a separate subscription.

Not certain if its a beta test though.

Well it seems to be available for £329 or $375 for 3 months

So like the name implies I am assuming an EDR system only picks up on things on an endpoint. So since the name specifies "endpoint" is there a system that detects activities before reaching an endpoint?

You mean like network activities? No that's not the job of an EDR.

No not network activities.

Then what do you mean ?

idk, that's why I'm asking lol. I just want to know if there's something before an EDR?

ok IDS and SIEM was what I was looking for.

Well IDS or at NIDS do look for suspicious network activities.

yeah. So since a server is not considered an endpoint, would you deploy a IDS to monitor those servers and leave the EDR for endpoints?

I can't really advice on how to deploy your defensive solutions in the optimal way, but I don't see why you can't have an EDR agent running on a server. At very least according Microsoft and Cloudflare, a server is also an endpoint.

oh lol. and nah dw lol im not deploying anything I'm just asking trying to understand what different solutions aim to do.

Servers can be considered endpoints. A db server would definitely be an endpoint, but a VPN server might not.... Depending on context and how a team interacts with it.

Most blue team jobs can be done remotely.

what is (on average) the most lucrative sub-discipline within cybersecurity?

sales 😂

Like in most fields: management, so CISO.

whats the best university degree to persue, assuming id like to eventually enter the cybersecurity industry by the end of it all? I hear that people are very skeptical of Cybersecurity degrees offered by Universities due to the lack of depth they seem to have.

Computer Science or IT with a cyber focus

a local university where i live offers a bachelors of computer science, with a major in cybersecurity, would this be ideal?

but realistically you would learn most of cyber through independant study

so cs with a focus on secuirty?

I think so? The cs degree requires that a major be chosen. This major then has units that must be completed every semester. I'm assuming that's a cybersec focus

i have the option of going Software engineering major or Cybersec major

sounds right. just check the curriculum and ask people who have done the degree what they think about it.

👍

How would you guys rate the difficulty of the mathematics taught in a Computer Science Degree?

I have recently taken an interest in the cyber field , been doing web dev the past year. Are certificates like CompTIA , CEH absolutely necessary if I would consider applying for an entry level job in this field?

No I don't think it's necessary, especially for entry level job and personally I don't see CEH in a favorable light. It might help you to get more visibility but it's just one mean among many others. In my company, I know recruiters often look at activities on HTB or scores on Root-Me.

gma

Oh , thank you for the clarification~~. All of these names came popping up and it was overwhelming. I will be looking up Root-Me once I become more familiar with everything.

Gave +1 Rep to @mental widget

guys im just wondering. do ethical hackers need to do programming?

yes, for scripting

No

although, for basic attacks, you can likely find scripts online

But knowing programming will definitely help

I think its a little more than just helpful...
esp in regards to job scale hacking

I know a lot of great pentesters, who are not very good at programming

interesting

Knowledge on computers and the way things work will always help regardless of what you don’t

Knowledge is power

thanks guys

yeah but programming is very hard you have to think like logically and find patterns like idk man its intimidating.

Thinking logically and finding patterns is crucial for cybersecurity and pentesting specifically

yeah but programmins seems very hard like more hard than any aspect of IT

It depends upon your current qualifications, knowledge base, and skillset.

Without some basic programming skills, how can you tell if the magical exploit you found on a russian forum isn't just going to just run the malicious payload on your own computer?

There's huge difference between competitive programming and scripting to automate things/run exploits. You must know how to read/write scripts in different languages. Strong hold onto one or two specific languages like python, bash, etc.

Understanding code and writing it are 2 completely different things

You don't have to reach the a developer's level of proficiency, but having some basic programming skill are necessary, even if it's just to fix some public exploits or read code to spot malicious scripts.

You still need some basic programming skill to be able to fix/customize public exploits. And no it's not different, if you can understand the code you can write, tweak the code at some basic level. You obviously don't have to be able to write some high quality code like developers.

True, but it is still a very basic level of programming, possible to learn in a few hours and not really “doing programming”. If you can write code from scratch that’s great, but it is not that important as some may think.

It’s the same with learning (not programming) languages, it is easier to read text from a language that you may not know, but speaking/writing usually requires more practice.

There are no URLs in that message.

So it matters if one has an IT background or not?

Certs are not necessary for entry level jobs. However you should be cert ready.

Will keep that in mind!~

hello i have a doubt what hardware component system(laptop,pc etc) used to convert the digital signal into analog signal whether is it for wired data communication or wireless data communication?? does the NIC and wireless NIC is responsible for that or the modem?? if you dont able to understand my english sorry for that i am not that fluent.

modem

yep, modem converts between analogue to digital

to get into cyber, no, if you can obtain the skills but you already said you were doing web dev? that is great experience to pivot to various aspects of cyber

hi could I please get some opinions on my cv? I am graduating soon and looking to apply for graduate roles

Hi there,
I am filling my resume and i would like to add my "Profile badge ID" in my resume which is created thanks to Word. How can I insert this badge in my Word resume ?

Thanks,
Regards

Yes yes, one of the reasons cyber field interested me was because it gives a deeper insight to how websites actually work behind the scenes. I am looking forward to learning more~~

anyone have cyber security project please give me

Depends on the school. But I rate them high enough for me to drop out of college.

I went back to college in my mid 20s for a second degree. This time in Comp Sci. And I was never good at algebra, but good enough to pass. The school I was going to required Calc 1 and 2. I passed pre calc, but tried twice to pass Calc 1 and couldn't do it. Ended up dropping out since I was paying for everything out of pocket or through loans. No point in wasting my money anymore. At the time I thought I had to have a degree to get a job, but that was very wrong.

pre calc is arguably harder than calc

thats besides the point tho i am aware

It was rough. I just find I don't deal well with imaginary numbers. And the teacher wasn't the best.

Statistics I could ace. Same with Geometry

I'll be 40 next month though. I'm at a very different place in life and career.

lol 19 so i just finished calc1

good, although i do advocate for college, its never the end all be alll

I ended up going in to teaching for awhile and I enjoyed it but the pay wasn't there. It was nice to spend time with family and my son though. And now I write curriculum for CySec in K-12.
But I want to transition back in to the industry so I want todo that in the next 3-5 years.

Even as a teacher, I didn't tell my students that all of them needed to go to college. If anything I'm not an advocate for college.

I think this is a genius approach to is though.
https://www.youtube.com/watch?v=Hab7xorie1o

If you are motivated and can self study there is no reason not to load up and get it done.

I think she has a lot to learn. Initially, a web dev can make a switch to web app, API pentesting. But she will be very limited with that skill-set. Passing certs, with her knowledge tested, will boost confidence in her abilities and showcase her expertise. It will also add value to her C.V. and enhance marketability.

what do you think about it!

The only entry level cert I know, that has decent marketing value for both HR and hiring manager is the OSCP, but this thing costs an arm nowdays. And it won't give you a free pass either (I had the OSCP prior getting into the industry as a pentester and I still had to the technical challenge, the report writing and the interview). IMHO there cheaper to showcase your expertise for entry level job or get a confidence boost.

Hey everyone, so I got a company that reached out to me for a position I'm not sure if I'm entirely qualified for, and really could use a double-check on if what I'm offering matches up to what they want. Its a Network Security Engineer role, but most of my experience is around webapp and security controls, building interop between services, data enrichment, SIEM stuff, and of course, incident response. The job appears to be more related to firewall rules, gap analysis, network architecture and log analysis

Its not like I can't learn it and I do have some knowledge in the domains requested, but my concern is I'm not sure if what I offer lines up with what they want

you think you could pass the basic (know tcp 7 layer model , know what a subnet is , know what routing is ) cisco test ?

I'm pretty sure I could, but I haven't worked on the Network Operations side of the house.

here is the thing - it's not the tools or the job , it's the knowlage - if you understand what a device is doing , it's interface (using the tools) is just a matter of sitting down and playing for a bit , but if you dont understand basic networking your gonna have an issue , talk to them , tell them excatly what you are capable of , ask them what they expect and talk through it with them , thats how you will know if you fit - you got the tap so you have the on paper stuff they want - it's just do you fit with the company

If I had to take the network+ right now, I probably could pass it with minimal effort.

I don't know what they are going to ask me though, and I only have an hour to prep

thats the Network part - now the security engineer part - be prepared to answer questions about fw setup and other notwork "hardening" practices - like i said , talk to them - you sound like you got it (speaking from someone with constant impostor syndrome , you may be the best person they have ever interviewed )

and the point is - you shouldnt have to prepare - it's scary but you may find you know the answers to their questions - or admit that you dont know but know how to get the answer

The Security Engineer side is the bulk of my experience. I was the primary owner of many tools, I wrote automations and integrations, I built dashboards, and I handled incident response

dont put too much into titles - they are flexable and somtimes are used more of a pay scale than a description of the job

one companies devops engineer is another companies ci/di pipeline administrator.

💯

Hello, im a high school student (18 years old) and next year i chose to do "Internet of Things, Big Data, Machine learning" in a university here (3 years) to then do "Cybersecurity and AI". Do you think it's a great choice for a good working carreer or not? Tell me as much as you can please, even personal experiences.

@mental widget I acknowledge what you're saying. But OSCP isn't the only industry recognized certificate for getting into cyber security. It's a good one for hacking/offensive security though, along with CEH.

get the basics in - networking , a bit about how hex works , maby pickup python - BUT you will most likely be taught all that the first for months - it sounds like a good path

you think cybersec won't die in the next 15 years?

CEH is basically a meme in the industry

my first job was in 91 and it was a thing then so......

CEH is controversial, you may impress HR but but much less the hiring manager.

keep in mind , the internet started as arpnet

There's also the PNPT (which I'm studying for)

not at all, like all things, it will change

cybersecurity was barely a thing in '91... like the things we did in the 90s was wild

Much less brand recognition.

but it was a thing - very differnt than now - but it was

more linked to phone company hacks than web ones - but most colages had a connect to somthing - a ton of bbs's

lol now i wonder if renegade bbs would even run an anything anymore

i don't know honestly, i'm kinda fought inside:

1. informatics and IT will mostly forever be a part of our lives and so cybersecurity since, in front of exploits there is a solution/fix to that.
2. i'm scared that something will overpass cybersecurity like we know it today...

well hacks are hacks, info sec was more a thing in 90s and earlier than cyber security. And just because they were connecting things, doesn't mean they had people employed to protect such things

IT changes all the time, you just have to change with it

like my job today? didn't exist 15 years ago

jobs that existed 15 years ago, don't exist today

what do you think about my path in university mentioned above

.

but the job you have today may not be the job you have in a year or 2

things change - think about an auto mechanic - from what i have gleaned from people i have talked to - motor cooling , transmissions , electrical systems and energy absorbing breaking may not be the same V8 engines they learned on , but just as challenging.

I dunno, are you in the US or a different country? that sounds like a very odd course of action. Will you be studying the foundations of said things?

I mean it's well recognized. I know it has limitations. They have improved though. CyberQ labs and the booklet is good if somone can parse that.

Italy, and i'm looking now to buy TryHackMe premium to start

but it's different, comparisons are never good

well recognized in India, not much elsewhere

either way things can go bad

that is why learning the foundations is pretty solid rather than chasing the next big thing

Haha! That's valid

May be they can pick CompTIA

thanks for this @orchid crater appreciated

Gave +1 Rep to @orchid crater

also history of hacking is mad interesting for me

Checkout darknetdiaries podcast. There're lot of stories you'd like to hear about.

thank you

My point is that you could showcase you expertise using cheaper than certs, while certs are not useless (I still learnt a lot by completing the PWK lab for the OSCP), I don't think it really gives a decisive edge over those who don't have cert, at least at entry level for pentesting (can't really talk for more senior positions).

Also the problem with CEH is that due to the past "issues" of EC-Council it bears a stigma that it's quite hard shake off. I can't tell about how good or bad is their learning material or the lab but for something that is supposed to give you credibility with its brand, it's quite a problem, right? (It's also about just as expensive as the OSCP if I'm not wrong).

here is the real thing, CEH, as horrible as EC-Council is, sounds like its a decent cert. And yes those that keep up with things, think they have a stigma but you are in a bit of an echo chamber with CEH. You get a manager who knows nothing about Ec-Council or CEH but hears you have an "ethical hacking" cert? they may think that is good. Not all of cyber is invested in pentesting as those that are interested in pentesting are so it is possible to have someone not aware of CEH/EC-Councils rep

Agreed! Hands-on skills and fundamentals are must.

I have seen the material it's very limited, but not bad as people claim to be, because for pentesting they have another certification. And there's one for networking. From what i can remember they're selling it for $500 with 6Month/year long lab access. And $100 for the proctoring the exam.

That's true

To be honest, if you were in the situation of facing a hiring manager with no knowledge about pentesting (which IMO wouldn't be a good sign if you are looking for an entry level pentest position), you could probably sell him any pentest related cert. I'm not disregarding CEH learning value but as marketing product, the fact it does have such a stigma and that such "echo chambers" exists is already in itself a big red flag for me.

Well the learning value aside, I was more concerned about the marketing value. Are you sure about the pricing? I have seen conflicting post on r/CEH, most of them seems to suggest around 1100 USD. Maybe they have different offer, but I'm not sure what the difference between them.

I'm just talking in general within cyber, not specifically an entry pentest position. CEH has no learning value but people don't know that except those that know

okay, fair enough if it's not for a pentest/red team position

They often go 50% off from every now and then, may be that's why.

I would avoid EC-Council unless it's required for your job

They overcharge, have questionable material standards, and they have shown that they are less than ethical

Guys any cyber security project ideas for beginners

Search on thm
Finish the paths ...and challenges

Fine.. but i need something to mention in my resume kinda project

U doing bug bounties?

nah.. im kinda newbie. just learnt some basics in kali and networking nd started using thm. I need to do some projects for my university and to mention in resume

Set up a webserver then attack and defend it.

Do you know any programming language?

This may sound dumb but how to do that

Ik python

Google how to set up a webserver. It's easy. There are a few ways you can go about it.

You can experiment with the book "Black Hat Python", if you're familiar with python. May be it can inspire you to build something.

You can get certs in programming for free online. Learn how to make your own keylogger etc. good stuff for any resume.

Sure guys. I'll see through that

And I have this doubt. Im really new to these stuffs. Ik basic network and kali and solved few learning rooms in thm. Confused about the path I'm following. Am I missing something or things I need to know?

How is your fundamentals?

I saw some yt videos on fundamentals. Ig i covered the basics

Any suggestions on fundamentals and things to cover

Hey these days i am sending my resume to companies but not getting reply by email
I am using ahref hyperlinks in my resume for linkedin, github, certification, and my projects.
Should i stop ya ng these hyperlinks? As this might be giving their filter software hard time and might be filtering me out, is this a possibility

Write a script that implement some simple mitm attack like arp poisoning and exemple of exploitation. Then document remediation solutions to prevent such attack. Of course keep in mind to only use the script on your own system while testing.

Suree.. I'll try that out

That's not as impressive as it may sound to be honest. If you think forging ARP packet manually is hard, librairies such as scapy make it quite trivial.

Okay.. so i can use python scapy for forging arp and any ideas for that detection and remediation part. Should I do it using wireshark or arp spoof or something

For testing debugging purpose you can use wireshark on both side. For demo you can do a netcat to start a connection on the victim host and intercept the connection on the attacker host. As for remediation documentation look for it on internet.

Got it. That's really helpful

Hi there, I have a career question. I recently completed my A+, N+, Sec+, PM Certs (for work), and thm 5% over the last year. Its going well. In my country degree's are a big upper hand so I started a BSc IT last year and its going really well. I have to choose my elective for the remainder of the course. Im sort of torn between 3 of the 4 electives. They would be Programming, Network Engineering, Emerging Technologies. In terms of what im taking my time to get competent at in the long term it would be Malware Research. Im leaning more towards Programming. Emerging Technologies is more Data Science/Analysis/ML driven. Networks looks good because of Computer Architecture and Server Technologies. Any feedback would be appreciated. Thank you.

hi

What is the command to open the Registry Editor? (The answer is the name of the .exe file, not the full path) cant solve this qstion i alredy write regedt32.exe but didnt take the answer the hint is
Refer to the command in MSConfig

Are you sure you wrote it correctly ?

Thank you for replying now it’s working 🫠

If i'm into cybersec will i need a 3d printer?

Its not neccessary as far as im aware

it's not really related at all

maybe pentesters who also do physical security need it for niche uses

not really

Ok thanks guys

And what do you think about raspberry pi 5? I'm looking to buy it for pentesting with some antennas

just use ur computer man

Only if you intend to start a Youtube channel. Then you need the 3d printer as a background prop.

salam millət. Kibertəhlükəsizliyə başlamaq üçün proglaşdırma dillərini öyrənmək şərtdir?

Hi! I’m a college student and I’ve really fallen in love with cyber and thm and the like. I’d love to make it my career, and I’m considering changing my major. However, I thrive in an in-person work environment, and I’m worried that all positions in this field will be remote-only. Does anyone have any experience with this? Any tips greatly appreciated!

I’m ngl remote only is something you usually have to look for.

@heady moon most jobs are hybrid.

Hey there! This server is english only 🙂

i have the experience i just cant find a internship that dosent care about GPA

i hear so many people land remote jobs

Can we add any CTF experience to work experience section in our Linkedin Profile ?

Did you get paid for the CTF?

No

There you go.

meaning???

Ctf isn't work experience as it's not work.

Any alternative then besides a job can we add there...

Not really.

Work experience is work experience, it's nothing else.

understood thanks...

but if we get paid can we put it in the work experience like a cash prize or voucher...

Honestly I would say no in my opinion.

No?

It's still not work experience.

understood

Which one, yagi antenna?

I know most people here are on the more technical side, but how would you approach getting a job/ experience if you are interested in the physical pen testing aspect.

Usually physical pentests are an extension of red team engagements, so it is usually done by more experienced individuals. It depends on the clients needs as every physical audit will be different

with the esp8266 module

If you wanted to explore this niche then I’d recommend reading on social engineering (Kevin Mitnicks books are my favourite), testing out tools like rubber duckies, maaaybe learning lockpicking but only if it is legal in your country and I also never heard of anyone having to lockpick on an engagement

Testing physical security (like picking door locks, tailgaiting, social engineering, etc) is one part of a Pentesting project, only if your client wants. Everything is equipped with technology now a days. You can't avoid the technical side of it. You might wanna read more about social engineering, security testing and pentesting fundamentals. @fringe spade is on point here.

I'm curious about what you gonna do next, after buying all that stuff.

If you guys need a good website for locksport, sparrows has some really good gear. I just got the repin kit off there for 20 bucks and repinned a 30 dollar set to make it more difficult. I do it passively when I watch things

wifi pentesting

If you want good handmade picksets though, there is a french fellow on IG called Killermaru, he makes some pretty amazing stuff in the picking tools departement.

i searched a bit around and people say that wifi pineapple is a must-have for wifi attacks

No it is not, but it is reliable. You can do professional pentesting with $30 cards

A raspberry pi might be an overkill haha

whats a good kit to start?

or some cards names

A good kit is a good mindset.

I like the Alpha AWUS036NHA

Its really easy to set up and use, but I don’t think it supports 5GHz networks undortunately

But the AWUS 036ACS does both bandwidths

Also good

And cheap

I wouldn’t buy too expensive gear first as the “better stuff” should be provided by your future employer

and what about a rubber ducky?

Lol yeah you can DIY a pineapple yourself (much like with most of the other hak5 products)

i heard that with some diy and a arduino nano you can make it

Much much cheaper

Yes

Best way to do it imo

raspberry pi?

Sorry?

to build the wifi pineapple

diy

You can also use a Raspberry Pi, but it’s pretty expensive and big

I mean, sure? But like Verety said probably a tad overkill

Arduino’s are veeery cheap (sometimes a few dollars) and these will do the same

!@106802244329955328 you've had experience with the physical side of pen testing right?

Goddamn discord

@dense dome

since im really into electronics, where should i get and which parts should i get to get started with pentesting (rfid,wifi....)

I believe that is called breaking and entering 😆

PING

Legally no, you'll have an agreement with a client

Hahahaha what in the world

please tell me your profile photo is actually you

The client will commission a contract with you to test their physical security measures and normally their security guards too.

I know, because I do it as a part of my business, obviously I have a good lawyer who writes the contract and decent insurance too.

No it's a random man from the internet /s

I feel catfished

but the meme remains in tact

Meme?

PONG

My latency isn't great

Nor is mine

airplane wifi is rubbish

You 30,000ft up in a metal tube rn?

your name is thm wide boy and your photo is a thicc looking cop, its a meme right?

hello

I am indeed

It's not a meme, that's me at work, and I am very wide

You military? Private Contract Security?

No, they don't really have any courses in uni that teach it. They teach the concepts, just not the hands on. I don't where I would go to even start getting experience.

Oh that was directed at wide

I wouldn't expect them to teach it in uni, but I'd be interested if any did

If you’re really interested in this topic then it’s usually learned while working in a company that offers pentesting services.

Unis do teach pentesting but I'd say it's pretty rare for them to teach the physical side. There are courses for it on udemy and cybrary but I'm sure there are specialist courses for it too

I'm sure they teach pentesting, just not the physical side is what I meant

Definitely true. Not even sure there was a more than a mention of the physical side in my pentesting module. The project for that was purely network pentesting

i think the physical side is more hands on training on the job with an experienced team

a clipboard , hardhat and reflective vest and most office buildings wont bat an eye

Man i wana move to las vegas, the IT salary there is like 10k USD a month entry level.

the cost of living there is also a lot higher then most places

yes youre right

Just visit it for DEF CON

Can more than likely say that's categorically false. Gross income would be 1.2 million a year

You'll need to go through @tacit bobcat for this. We have a jobs board channel here #jobs-board

Oh cool thanks man, will do

No longer hydra, it's the discord admins

cc @distant pier then

My bad

@stoic cave it's 120k which is pretty good for entry level.

not me anymore, but yeah Tim, or Lorestil

ha for cybersecurity or general IT?

I'm planning on building my portfolio site. Can anyone give me some URLs of portfolio websites so I can get an understanding what it should look like? Doesn't have to be good, appreciate all kinds of portfolios.

Hello i need a job in portugal for entry level in the field of cyber security any help please ?

@sacred wharf

Your best bet is to look on your countries job board of choice.

For both. To make 10k a month you'd more than likely be the CEO or in the C-suite if it's a larger company.

Do you have any data to support this? It's definitely possible for a couple of positions to pay that much but I would not say it should be expected or the average.

yeah you right 120k a year is more for software dev. damn why does programmers earn so much more than us IT people.

i was thinking the same… was like “i want that job”

lol

Wait, I'm an idiot.

To correct myself, it would be 120k a year, not 1.2m. I can't do basic math. Certainly a salary that's achievable in the computer industry, but I would not say average entry level. Anecdotally, I live in one of the most expensive areas in the US and I didn't start at that.

Lol

I corrected myself below. Its different factors like the jobs being in high COL area, FAANG pumping up the average with their monstrous salaries, etc etc

120K=$60/hr and ive seen contracts as 50-60/h but they are not entry level - more than a few full time positions at that level (it's what im looking for atm) but you need lots of exp

I wana live in Las Vegas one day

bah - not me - humans should not live in a place like that - the colorado river is a mess because of that place

I mostly like the desert and those las vegas houses, not really the casino area.

the real issue i have is that it's 100% dependent on technology - if the electric goes out it's bad - not bad like it would be in the middle of the country where you can live without , but bad like no water , no fans or air condition - dont care how good you are - people do not last long in the desert

Generator

You're next to death valley. The place is fairly austere and almost inhospitable

good point

it runs out of fuel and ...

buy more fuel lol

let them eat cake , got it

Which requires technology lol

And you'd need a fairly large generator to run all the things mentioned

Probably requiring concrete pad large

alright i get it yall can stop destroying my dream lol

lol

you can walk to lake mead , could acctully survive there as long as the damn is in place , even if the damn were to collapse the col river would still be there

fish , water , some trees here and there

and the further up the river you go the better your survival - well the grand canyon has a few dangers , but nothing like the open desert.

you guys watch too much survival movies, relax theres no apocalypse happening anytime soon lol

hey! im just planning - all that fallout training couldn't of been for naught!

hahaha

fun fact - Bethesda gave a premiere copy of the game to a kid who mailed them 2000 bottle caps.

thats cool of them, what was in the premier copy?

was like a collecters edition , in a metal lunchbox etc

can we chat about this in another channel cause this is for career stuff only i dont wana intrued with other topics lol

no on else is talking so i dont think we bothieing anyone but i need to concentrate anyway 😉

what you doing

https://tryhackme.com/room/linuxprivesc

oh thats cool, are you on a streak on THM?

ya - trying to see how long i can keep it going - also i have told myself im not going to do the ctf's untill i finished one or 2 more paths 34 DAY STREAK

oops caps

and ive done a little of everything

ahhh i see youre more tryna be a pentester than a soc analyst

it's more like ive got 25+ years in IT and i would rather do the fun stuff like finding cool tricks than what for me is normal paperwork , staring at logs and charts to find the differences - so when i see a room of "how to abuse apache" i jump in , after a while some of the paths start to fill - i also hate windows so that has guided the path (he says as he is typing on his windows box)

lol got ya

hmm .. you not verified https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

dont get your THM stats when i click your name

Keep in mind that most of pentesting is writing the report

yeah i havent been using it much cause i joined just to see what its like but i decided to purhcase pro first so i can do it without feeling gimped then il get back on.

Anyone here major in engineering and works in cyber now

If you've got questions, just ask.

That’s my question lol

Wonder how many people have done it

That's a question to ask a question though

No

Alright

https://tenor.com/view/spongebob-spongebob-meme-trying-challenge-brain-damage-meme-gif-24318458

Me struggling not to ask a question to ask a question

I have a close friends who did his third MSc in cybersecurity for engineering

Wdym masters in cyber security for engineering?

Like cyber engineering*

No, in data centres, telecoms, office buildings and other buildings and sites where things get done, airports and sea ports, etc.; and there is a lot of engineering hardware. Things like heating systems, air filtration systems, data suite cooling systems, electrical generators and such. These days these machines all have computers in them and are connected to networks and those networks are connected in some way back to other places in the world. He did a MSc in the cybersecurity of that

So electrical engineering bachelor?

That’s interesting

the target breach was through smart air conditioning

In a place I worked before we found the coffee machine was running a version of Linux with a major flaw and could be connected to over bluetooth or physical/wifi network. We didn't have it on the wifi or the physical network but nobody had it documented as IT equipment and nobody had a security policy for it. It was promptly replaced

That sounds about right. It's amazing what you can sometimes find if you war-drive your office

It was an OT Hack, yes

Not sure what qualifies as smart though

Reminds me of the make-coffee.sh script

It wouldn't have gotten on the network anyway because of the dot1x we'd implemeted

https://github.com/NARKOZ/hacker-scripts

You can reference the Purdue Model to get a better picture in your head of how things should be setup

Separates things out in to levels, level 0 being the lowest meaning things taking action on the process, to level 4 which is the organizations IT environment

Basically you don't want anything from levels 0-2 talking to anything in level 4

You should have a DMZ between 3-4

Yes very important to have proper segregation in your networked infrastructure

what kind of engineering? software? mechanical? chemical?....

anyone have a good list of practice questions I can refresh for a security engineering internship

that I can test my knowledge against or whatever

anything not software or cyber more on the physical aspect. just interested on why and perhaps how people did it

my spouse did it but they did it in an unusual way... they basically created a job for themselves, told the company "think we are lacking this ability" and they hired him

lots of the engineering fields can pivot to cyber/IT without a lot of work

well I wasnt an engineer but I worked in accounting as an auditor first. I found a post-bacc CS program and studyied the crap out of security concepts and created a bunch of proof of concept projects. I was able to get a security job and now when I am putting my resume out there I seem to be getting a good amount of interest with companies requesting me to interview with them

once you get an engineering degree most jobs in tech are usually avaible

then you gotta start working on your security knowledge. i used THM a great deal. I think its an awesome platform

probably harder to pivot to another engineering industry unless its an electrical or mechanical or even computer trying to get into biomedical or aerospace

once you have the general knowledge you should probably pick a vertical to focus in

yea ive been doing thm for fun possibly to get a job in it but studying computer engineering rn thinking about a possible change to electrical

but I think the biggest thing I've seen with people is they will say "I AM VERY INTERESTED IN SECURITY" but when you ask them what have they done about that interest. it is more often than not - a big nothing

oonly thing is wouldnt be a smart idea to move away from computer engineering and science if i want to have a carrer in cyber

no it would not be smart

because you are still gonna have to pick up the foundational knowledge that you would have picked up in school

not saying its not possible but you are gonna make it much harder on yourself

trying to make the most of my vollege degree but ive seem to come to the fact that if you really want to learn something you really are going to

people have to learn how to learn

and make it the way they get dopamine

ive been putting large pieces of text into gpt 4 and asking it explain it , cut it into bullets and then summarize it

has been learning alot of the secuirty concepts easier and made understanding concepts in other rooms easier

then ill write notes on it

i feel like if you are a computer engineer, there are not many jobs you wouldnt be able to get

can get 99% of software jobs, and 75% of hardware jobs

so why entertain switching to electrical engineering?

obv should focus and be proffecient in one portion but the latter is always an option

feel like software is self teachable

you're missing the point though

like why should i sit infront of a proffesor and learn it if im just going to go home and watch someone else teach it

school is there to teach you the fundamentals and the degree will be an HR filter in some places

even if you had a great professor you are still going to have to do outside studying

of course

60% prof 40% by yourself ideally if the prof is good

i dont know a single person who only took what they learned in school and kicked butt in the job market

yea i agree school is definitly not enough

yeah so if I were you I would stick to computer engineering

you will have more options aside from just software or hardware

wdym

you will have foundational knowledge to get into other areas of computer science such as security

because you will have gone through the fundamentals to understand other topics like security

electrical engineering too if you learn enough on the side. the degree would get you in the door buit you would have to learn 95% of the concepts alone

i agree

what would fundamentals of sec be

like network fundementals?

i found roaming around linux command line fun

thats one aspect. operating systems and secure coding principals are another

why would you learn electrical engineering and then ON TOP of that have to learn stuff from a different field

especially if security is your interest

that does not make sense

crazy text wall

can i have the honor of sending a text wall

i understand electrical engineering has a bit of overlap with CS

but its not the same

yea i agree

its your choice if you want to literally double the amount of studying you want to do then feel free

i just plan on learning alot of the stuff anyway

god willing

but being a CS major there is already so much extra work on your own already

im trying to chop it up

no need i get the gist

anyway thats all I wanted to say

im comp eng so 75% hardware and then 25% software , programming lnaguage concepts and operating systems

but yea i understand what you mean

i dont know if you are even looking for advice at this point or wanting to justify your decision

ive said my peace

just explain comp eng incase you thought it was cs

i did not think it was CS

thanks for your input btw

@blazing wyvern you know c++

?

yes

ive written a custom shell in it (essentially what bash is) the basic functionality and it used forks to fork off otherproceses. it was almost 1k lines long

one of many projects

what do you think are best projects one can do for sec engineering or just comp sci in general

ive seen general talking about flipper zero and being able to create your own. i think it would be a cool project for both hard and software.

seems like overkill. id find a subset of security that you are interested in and build a smaller project(s) on that

have multiple projects on your resume vs 1 giant one. easier to finish and manage

and then talk about all the subdomains you have touched

Thanks bro

Gave +1 Rep to @blazing wyvern (current: #457 - 9)

what would some of those concepts be?

Networking, CIA triad, encryption, hashing, least privilege etc

Just to name a few. If you take the recommended pathway pinned or general or somewhere that’s a pretty great starting point

Hey freinds

I'm a new user

Welcome

#start-here

Hey guys what are some good colleges in the US for a cyber sec bachelor’s?

I’d suggest Computer Science degree, as knowing more about computers will make Cyber was easier to come onto

agreed - get the basics - on the flip side it give you more options than just security - you never know how you feel in 10 yers

great advice! Thanks!

Gave +1 Rep to @orchid crater (current: #145 - 43)

I’m kinda bad at math or rather I don’t enjoy it a lot, that’s why I thought cyber sec is easier

Maybe I can ask a few devs at my moms work but I know I sorta don’t like development

Computer science is the best degree for cyber

It opens more options, yes.

I studied comp sci and never did dev work

Can second what everyone else is saying. Get a comp sci degree and not a security degree

More options and more favorable when job hunting

What are you guys thoughts on ecpi university

I keep on getting ads on em

And there cyber security course

alrty ill try my best at discrete math lmaoo

meh I wouldn't let discrete math scare you. its a dumb proof math thats not that hard.

Seems certs are worth more than degrees these days

Hey folks, quick question

If I'm looking at the security engineer career path, what sort of certs should I shoot for

the certs worth their salt will require background knowledge and possibly expect experience with that. a degree opens the door for internships and getting that experience while giving a foundation

(I'm already in a computer science degree, for what it's worth)

security engineer is a vague title and can mean a lot of things depending on what you're actually doing. what do you want to do? if you are unsure Security+ is not bad to have

That's fair

security engineer at one place can mean something completely different somewhere else

Uhhh

I have a degree and a years experience and I still can’t get a job 😂

Hang on lemme put thoughts to words

In fairness, the market is kinda doodoo

years of experience in what and what degree?

Years experience in ai in the cyber sectors and a masters degree in cyber secrutyu

Security

either your resume might need revamped or w/e you are at the market is shyte. well its kinda shyte everywhere but picking up

@waxen elbow if you are unsure you cant go wrong with starting off in the blue team. while in school you could land a SOC position and that would look REALLY good for when you apply to other positions

Primary goals (vague as they are)

• Designing, building, and maintaining architecture & systems (security and otherwise)
• Risk management/mitigation

I’ve revamped it about 30 times 😂

TL;DR I want to basically merge dev/sysadmin and security and mostly build and maintain stuff but in like

A security context

I've heard a lot of stories about needing to be on 24/7 for that which is kinda why I avoided it

I’ve found some free certs to do even Cisco have a free ethical hacking course

does your university have a SOC?

Uhhhhh

think

try to join that

you dont need to be on 24/7

That's going to be a no

you might have to work a shift

The first things I got looking for both the acronym and its full term were sociology majors and campus safety

Which

completely unsurprising

what?

SOC = security operations center...

Yes!

I know!

That's literally what I typed in to the search!

oh ok I see what you mean

Anyways uh

To illustrate

but yeah you dont need to be 24/7 they have shifts and you can try to get on one that fits your schedule

That would be good

Heck maybe I can add that to my linkedin searches

cyber is hard to break into. SOC is a good chance to do it. it will look good on resume and you will get direct experience

My school has such scuffed security architecture that a kid in second year was able to exfil like a BUNCH of student data

Oh and they have a 15 character upper limit on passwords and security questions 🙃

It’s just trying to find a Soc job thay doesn’t ask for so much experience

yeah but what im saying is you can use that to move further along

I’ve heard help desk jobs are a good way in as well

Also everyone say networking is a great way as well and getting to know people on the industry

You've priced yourself out of the junior and associate roles with the M.Sc - it's going to be a tough, because you will need to target mid-to-senior roles, and you don't have the experience for it

No apparently it’s PhDs that make it difficult to get jobs

i would avoid help desk if you have another choice. some people wind up getting siloed and pigeon holded there

Most I’ve seen as for masters or bacholers degree

are you in the US or scotland?

Uae just now

ahh i cant speak on what the market is like there

Graduate jobs here are only for uae natives sadly

yeah ive heard that

Even back in Scotland I tried to get a job last year couldn’t get one even tried retail job which I have tons of experience in and nothing so I had to go back to uni for the student finding

Funding

sounds rough

Think Covid messed up every industry and all the layoffs as well

I chose to go to a junior sysadmin role with a lot of desktop focus. I have a lot of freedom, and our senior guys are some cool older dudes. I worked security for 6 months where metrics were more involved than a service desk position. Quantity over quality creates a terrible product, and you're going to miss something if you're padding stats. Got out, stress free, do a little tryhackme on my downtime in my own office.

I have 2 certifications and 7 years of experience, no traditional education. I sent 2 graduates in a room to swap out 2 computers on a project. 1 a CS master's graduate and the other a security graduate. Both came back to me and asked "what do we do?" after I gave clear instructions. I went "what do you mean?" They replied "yea we don't know how to do this." I looked at both of them for about 10 seconds and said nothing, took both computers, swapped them, hooked them up myself.

A test is a test, but if you can't do the thing for your job I do not care how credentialed you are. I've also had a new hire, tier 2 network engineer on the phone with me needing to add a network printer. Wanted to test out connectivity super quick. I said "pull up the terminal and ping this address." He goes "what's that?" I'm like goodness gracious there is no way he doesn't know what I'm talking about. "Yea bud pull up your start menu, type cmd, ping the printer." Ok, but where do I find that?"

I almost fell out of my chair. Your location is important too. Get your cert, degree, w/e, but you must absolutely work on your own sandbox and equipment at home and add that to your resume. I've only been asked maybe 3 times about my education, and that was in my earlier days. They see what skills and activities I put on my resume instead, and we go over that. You should be actively doing something and taking notes on your own time, and I promise you that you WILL do better overall.

Certain times of the year are hard to find employment due to quarterly budgeting too.

I wasn't finding anything in August, college graduates came about and it's a quarterly month. Mid September-October came around then BAM the emails and calls rolled in like Tony Hawk.

I say all this from experience of course, hope someone finds it helpful to hear from somebody who's more self taught and comes from a different background.

That's a new one. Network engineer that doesn't know what ping is 😄 I've had similar experiences with folks that only used windows before. I had written labs for Ansible and I wrote something like "Using your ssh client, login to 10.10.10.10 and do y". And someone asked me what an SSH client was... I did not expect that.

Sure bud, no way a network engineer new hire or no didn't know how to ping via cmd or terminal.

where please?

https://skillsforall.com/course/introduction-to-cybersecurity?courseLang=en-US&utm_campaign=writ&utm_content=intro-to-cyber-get-started-button&utm_source=cisco.com&utm_medium=referral

There are free basic foundation courses in Cisco as well

TYSM

hi

Seems too hard to comprehend right? You'd be surprised.

Hey all, I'm likely interviewing for a role as a (IT Sec) Vulnerability Engineer 2 in my company (corporate), and I'm currently a IT Engineer 1 -- just wondering what sort of questions I may be getting for this role? I know that we use QUALYS, but that's about it...

This is wild

just type in google ethical hacker cisco free course

I am in France, just in case. I am in 11 th grade and I will have to choose a school to be pentester. My grade arent the best 😅

I am just willing which school u coukd advice me to choose. (Worldwide or France)

thanks i found it someone else gave me

Gave +1 Rep to @vestal egret (current: #336 - 13)

What type of certs are there

My profession is QA Tester / Test Automation Engineer. I started THM to learn Penetration testing as well. My employer likes certificates however. What certificate do you all advice me to start with?

First, need to understand the different kind of degree and your objective

There are many different kind of degree. They are all useful for different kind of thing (here the 3 main one);

• computer science (Bac en informatique/science de l’informatique)
• computer engineering (ingenieur informatique/genie informatique)
• software engineering (ingenieur logiciel/genie logiciel)

For cybersecurity, computer engineering is probably better, cause you learn low level stuff, networking, OS, CPU, assembly, compiler, etc…Quite good fit for cybersecurity, considering many of the stuff in cybersec is about exploiting some low level detail/bugs. However, will need to learn some introductory level cryptographic stuff

Computer science is more about the theory behind algorithmic and data structure, thus why heavy focus on math, AI, cryptography and also some compiler theory.

Software engineering is more about how to do project management, making manageable code, clean code, doing software codebase that can scale up, etc… AKA you need to build big software and you don’t want the code to be a mess you usually have some software engineer behind it

Both computer science and computer engineering can end up in cybersecurity, but in both case you will have to learn some extra knowledge to overlap both degree

Also, what I just said about those 3 degree may also have regional difference. Some different country may have different curriculum/focus for those degree, so first, compare the main degree available in your region

do they like certificates or certifications? there is a difference

I see I will read when I get home

So how do we find a job in a seemingly saturated field?

I keep reading stories, and running into people, that have applied for countless jobs, for months on end. Sadly, most of these people have not landed a single interview, despite their best efforts. It's a bit discouraging, to be honest.

I was told that cyber sec was a hot job market, and companies are "desperately" looking for people to protect their data. But I have seen the complete opposite.

Thoughts?

The tech market in general has taken huge hits in the last year. Cybersecurity wasn't hurt as hard as other sectors but it has been hurt in terms of less job opportunities but that doesn't mean there aren't any.

If you aren't getting any interviews, either your resume sucks or you are applying to the wrong jobs, or both. Companies are desperately looking for experienced cyber folks but even the experienced cyber segment has slowed down compared to 1-2 years ago.

Keypoint ; Company are looking for experienced people

So need to get some experience, and being able to promote that experience on your resume. Getting experience can be as simple as doing ton of CTF, event, certification online, etc... But the most important part is to promote it correctly on your resume

And of course, every region has different job opportunity... maybe your region don't have the right kind of opportunity

this is misguided, ctfs, events, certifications are not experience. But just because it is difficult to get your foot to door doesn't mean its impossible

A good way to build a resume is to have 2-3 project/major important event you did, and you elaborate a little bit on those.

Project: Designing Graphical accelerator on FPGA

• Designing at RTL level
• Advanced hyper pipelined design
• VHDL
• Developping testbench in VHDL

Could be a major competition you did, where yet again, you resume some major accomplishment/skill you developped

well you kind of have to scope it to the country...

I mean maybe if you have nothing else but project descriptions should be short. If you can link to a github or something, that is better than having an overly verbose resume

Also, having a blog/github, with ton of project, writeup, documentation, etc...

that may even complicate it... but yes, you apply, look at the qualifcations, make sure you meet them

And in an interview, it is not a bad thing to bring some documentation about a major project you did (like schematic/UML...), like a 1-2 page with big diagram/high overview of your project (no block of text). So if during the interview you can talk about your project, you have some visual help. But should be short, and if the interviewer want to ask more question, he will do... As long as the project is related to the field you are trying to apply of course

or she will ask

but basically when you go into an interview, you should have notes on various projects so you can describe. You shouldn't be trying to show them diagrams.

Be able to talk coherently, is what zojja is saying 🙂

yes... I always write notes of projects I've been working on, because I'll say you my mind can go blank in an interview

Ok, so about GitHub. I was advised to create a portfolio for GitHub. But I have no idea what kind of portfolio I should create, or where to start.

Write some code useful to others

publish to github

repeat

or do a writeup, post to github

In one of my interview, i did bring all my RTL diagram of my graphical accelerator i did on FPGA... the interviewer was impress, especially when he was asking question about why I did that, how that block work, etc.

100% of my interview always landed in a job. But also have to admit that back then, it was easier as an internship to get a job, cause when a student looking for an internship, you are cheap labor

interviews these days are often online, not always in person. Realistically you can show your work in your portfolio

But yeah, industry also took a major hit ;

• Big corporation working on too big project with big ambition, and now economic don't go as well as planned
• Video game industry very affected by that, like 20-30% of the workforce has been cutoff
• Most of the industry affected by this, video game is just the most visible part of the iceberg
• AI revolution
• Many basic support job, artist, and programming job are being replaced by AI cause cheaper... Trying to stay on top and always learn new skills, and aiming at less trivial thing for AI, like software engineering (doing software architecture) and low level stuff can help
• Unsure how it affect Cybersecurity yet
• Depending on your region, some demographic have lot of workforce entering market, while in other region, many people are retiring, thus different region have different trend

Have experience they value, be a citizen of the respective country, don't talk about it on the internet, etc etc

The application process for the Agency specifically states not to mention that you've applied to anyone

People aren't being replaced by AI. AI has been supplementing tech for about a decade.

"heavily suggests"

There is a cut in many place, where Programmer + AI = we need less people to do the same work

At least, thats what many manager want to believe

Do you have any specific examples?