#cyber-and-careers

I am in the Netherlands. I open applied to the cyber command and the personnel department spread my resume. I got 2 offers, not hands on technical but they pretty much select for people that have 'affinity' and then they develop from there.

Basically having done THM landed me the job because it showed a willingness to learn

I was already military though so it was an internal application.

I think there is an european country where you are selected to serve the army where they put you through an extensive course and then you are selected to work. Is it the Nerthelands? I don't really remember

@jaunty shell how long will it take you to learn what you need to learn? That's what you should be asking.

This sounds more like Norway. They get more applications than they need. It's not the NL

Hii
I need some answers regrading job i am like rlyy into red team thingss but the thing is might be my not enough dyor but jr.pentester sr.pentester r the only red related when it comes to job ! Is there any things higher than pentester when it comes to job n it's related to red team stuff

red team operations, a.k.a, threat emulation

i work the helpdesk and my only cert is a+, but i'll get my net+ when i have the 200 dollars to spare

what's the next job i should look for if i'm on a security path?

i like my job but i don't make anywhere near what i'm worth

Get your Net+. then consider Sec+ or OSCP or a blue team cert like BTL1. You should take a look at the Tribe of Hackers books by Marcus J Carey. They're interviews with pros in several different roles and they give hints on where to go

Sec+ is the plan for after Net+

I found the Carey books online and I can read a PDF between work calls

Thx

Got any specific ones to suggest I read first?

Please don't discuss piracy here

Never considered that site a piracy site tbh

Good to know

provides access to copyrighted works, such as PDFs of content from Elsevier's ScienceDirect web-portal. Publishers like Elsevier have accused [redacted] of internet piracy. it's on their wikipedia page

It might be a piracy site but it was a lifesaver for me when I was a broke college student

we aren't excusing piracy here, read the #rules

if anyone know any ctfs plz dm me

Ctftime.org has a list unless you are looking for something suited to your requirements.

Looking for any help/advice I have a 2 hour interview next week. For a junior information security analyst
Any help is appreciated

what does the job description ask for?

Hey has anyone worked in grc how is it?

Do u actually do incidient response ,triaging , monitoring security , and the most common task write reports, vulnerability management??

This is it

so possibly look at some of the splunk training online, the SOC path at THM, maybe look at DFIRDiva.com as she has a variety of resources on IR

+1 for DFIRDiva.

so that isn't what GRC does, they are doing compliance related tasks. Trying to determine if systems are within compliance, how you can do that is a variety of ways. There are automated tools as well as self reporting from stakeholders

and since it directly mentions it, I would refamiliarize/familiarize yourself with wireshark

Ok tyvm for the tips. I appreciate it

Hello. I am currently being interviewed for a Junior Security Analyst - SOC role in company that has 24x7 monitoring and that means working shifts. Do any of you work in similar fashion/worked before? How was it and how long is it managable?

Typically this is shift work; you'll work 4-5 days a week, and it will be consistent

So you say that one week I will same same shifts and next time I am gonna have 4 night shifts for example?

no, your shift is your shift

I've never worked shift work but I work with people who have. Their shift is consistent unless an opening comes up for another shift and they request it.

Can confirm

And ti's very common for companies to run a 24/7 SOC out of mulitple locations - so the 3rd shift may be during the day in the other site's location

Oh. I see I see.

Thank you!

Ahh I see

Can I combine AI and cyber security?

Definitely

You'd be surprised how many places actually do.

Malware-Bytes is a good example.

I can't wait for an ai cybersec revolution where companies replace all the cybersec employees with ai and then in the process create a trillion separate vulnerabilities

Imagine if all ethical hackers would have to do is sweet talk the cyber security ai to get full access to the db

Like an actually harmful DAN prompt

The whole AI thing going on is an overhyped, over marketed shell

And has gained traction because people who don't understand what current LLM d, are being introduced to it. I literally had to endure a 2 hour 'briefing' by someone who all he did was present the 'wow gotchas' from current models. He blew a room full of people out of the water... Except the cadets from the military academy who were tech savvy enough to see through his nice glasses and slick hair.

They started talking countermeasures to him in regards to AI identity theft and he had no serious answer.

This to me illustrated why it has become so popular... It's magical space fairy dust for people who don't know computers and tech

/rant

Tbh ai isn't all that impressive

I mean everyone remembers talking to cleverbot

It's just cleverbot upgraddd

And it's in such an early stage

Also chatgpt is terrible at math

I feel like there's a massive ai bubble in tech stocks

the slightly concerning thing about AI is that it will confidently give you incorrect or misleading information,
at least in programming

just because it works doesn't mean it's the solution

AI = IF ELSE IF ELSE IF ELSE IF ELSE people be like Woah that thing going to take our job

so AI isn't going to take our jobs, AI will supplement but you also have a fundamental misunderstanding of AI

that's not actually my opinion I just wrote 2 things about what meme makers do and what most people think lol

I think most people who think AI will take our jobs also don't understand AI

that's true

also the funny thing is things I've read about deep learning, even AI researchers are like "hell if I know how it works"

but most models we see now days are probalistic models, giving the 'best answer' but you don't know if that best answer is like 30% confidence or 98% confidence

Hackers will always out smart AI. Hence the need for us. This will never change.

Hi all. I'm currently majoring in software engineering and this is my 2nd year. I'm planning to pursue a career in cybersec but I don't want to give up coding in my career as well. I heard some jobs like Cybersec Engineer but I really don't have any idea what they do, I'm pretty new. Basically I want to combine offensive security with my programming skills. I'm also looking for internships these days so I'd really appreciate if you guys can help me out here and give some ideas. Which positions should I aim for?

Thanks a lot.

hey, how can i improve my skills except ctf platforms? do I need friends-pentesters with experience to gain new knowledge?

Actual work experience

There is one other way.... Companies that have a responsible disclosure statement

That said, it requires a measure of discipline and discretion

does anyone have an opinion about Linuxpath.org to prep for Linux+ and Red Hat certs?

Anyone have advice for an interview for a Security Engineer role?

I've never heard of them. Their prices are very low but I don't know about their course quality or anything. Have you looked at online reviews?

Have you got the spec? Most security engineer roles are based on systems or application security, implementing security infrastructure, engaging with other teams in the org to facilitate. When I was a sec engineer I worked on multiple SSO technologies, Wifi security and other things. Knowing the core tenets of Sec+/CISSP is beneficial, networking, operating systems, applications.

A lot of it is based on designing and following procedures and policies to manage and maintain and upgrade particular systems. The main points are to implement secure functions to help manage and reduce risk, maintain standard ways of operating and appropriate security controls. Things like 'least privilege' and 'appropriate access' are common phrases

Check out these questions that might be asked too:
https://www.tealhq.com/interview-questions/cybersecurity-engineer
https://resources.infosecinstitute.com/careers/cybersecurity-engineer/cybersecurity-engineer-interview-questions-and-answers/

Okay so a lot more breadth instead of depth?

okay cool, I know everything on the second one so that's good at least 😆

Well the depth will come in the particular applications and processes you engage with. Ask whether they use things like NIST or ISO standards, talk about the CIA triad, etc

Will do, thank you!

Gave +1 Rep to @rugged delta (current: #23 - 337)

Best of luck 🙂

Also, make sure you learn as much about the org as you can from their website, check their wikipedia page, your favourite search engine, and when given an opportunity, ask appropriate questions
https://hbr.org/2022/05/38-smart-questions-to-ask-in-a-job-interview

It's a catch-all in a lot of orgs. The posting will tell you more, but expect to do many things.

I do everything from tech edits, turning the screws on systems until I break them and then triage and write recovery processes, requirements mapping, installation of stuff, etc etc

I couldn't find any reviews on it. Which seems shady. And it's always pushed on reddit by the same user. And the price is very enticing. Feels like a potential scam.

Well if you can't find reviews, there are lots of other resources. I used to use A Cloud Guru. They're a company that specialise in cloud training but also excellent Linux training too. I've had plenty of friends who did their Linux certs through books like Sybes for Linux+ and LPIC, or one of the great Red Hat training guides as well and there are other good exam guides too. There's also probably good courses on Udemy but I'm not sure what's best.

https://cyberskyline.com/events/crowdstrike-cyber-challenge-uk saw this and thought i'd post here since top performers will be considered for internship or job opportunities

was wondering if there's anything like this for grads, from other companies and such

Hello Guyz, I’ve recently got a exam voucher for eCPPT and now I’m looking for exam prep materials. Can you suggest me any udemy/youtube series for it. Thanks!!

Does anyone have any pointers for getting an entry level position in IT? When you live in the middle of nowhere.

@worthy wren look for remote jobs. Plenty where you can work from home.

I have been looking at those. It just seems that all of them require 1-2 years of experience. I am just finishing school and just starting to get the basic certs.

A lot of jobs will state that they want certain amounts of experience. Apply anyway. Those are just things the company would like you to have. Apply for helpdesk positions, tech support, even call centre work. Government offices, healthcare, industry, companies... Check out LinkedIn, Indeed and other recruitment sites. Look for local recruiters, because they'll know the local industry and be happy to help you

Hey so much you sent out somthing way back and I decided to save it because it was very good

What do you mean by set up splunk

A lab to setup your own installation of Splunk. https://tryhackme.com/room/splunklab

Oo thank you

Gave +1 Rep to @wise island (current: #428 - 10)

The following thoughts:

The public environment is sometimes very tough and slow (in Germany).
Ask yourself whether you see yourself in technology or rather in management in the next 10 years. Hiring managers are usually clueless, why don't you ask your direct superior what everyday life looks like and how you can develop over the next few years?

Gave 1 Rep to so_much_for_subtlety (current: #23 - 339)

so_much_for_subtlety ur advice is always the best top 1 community mentor by far

So I've been asked this a couple times in interviews but it's the question of "out of the 3, what is the most important in the CIA" is there an actual "right" answer or is it more just seeing the thought process of the interviewee and they're categorical rankings

prob a trick question since u deliberatly take off from each one to balance them 3 towards specific project needs

I passed my CySA+ exam this morning. I credit all the hours spent on TryHackMe for preparing me!!!

I think they are trying to see your thought process although I'd probably lean towards availability

Noted... noted...

i just noticed u were CM too, in my mind u were a moderator

so we have two top 1

I was joking, subtlety is awesome

🥇 🥇

Hi

I have a relatively high position in another career path, would a recruiter even take consideration of that when looking at my resume

I’m an electrical project manager and electrical engineer

yes

most definately

Okay, I’ve never journeyed outside my field at all so it’s a bit nerve racking knowing I’ll be starting from zero again

I did it. I didnt give up my full-time job (in an unrelated field) while studying security stuff. it can be challenging but just remember its a marathon not a race. It works out because you can still have an income and you wont have gaps in your resume along with showing that you were able to manage your time between studying and working.

@tawny onyx

When’s a good time to start looking for jobs? I’m currently studying at college, should I just go for it now so I can make the most out of my studies or should I wait till I’m done?

Of course something entry level but would I even be considered now?

I’ve got a very “send it” type mentality and it usually works out for me but again I don’t know much of the outside world lmao

depends, what kind of jobs are you looking for? do you have a fundamental understanding right now of security? you can send applications whenever you want but its good to do it more intelligently and targeted IMO

i don't know what you know right now but lets assume you dont know much at all. I would go through the recommended path pinned in general. Blue team side has way more jobs so i'd focus on that. If you have a decent knowledge of networking and complete through the SOC1 path and build some projects I would start applying

you should be able to land a job in a SOC or some type of internship if your resume is good at that point

once you have that job and start building that experience it will be much easier

don't look to rush through this process. take your time to understand things and make sure to study each day. there are a lot of people that go hard and then burn out and get discouraged

That’s fair, to be honest since day one of what I currently do I’ve not enjoyed it so when I began to study this I’ve loved every second of it so I’ve really thrown myself into the deep end

And just want to learn as much as possible

Which is why I’m interested in finding a place that can train me hands on

So I don’t know, I guess it’s more about efficiency of time

I’ll take what you said and really think on it cause that is some good info

Can someone please throw some light on how to get a job after completing CISM without experience. How to build a career after CISM to land a first job. Please pour your valuable thoughts, this will really help me.

CISM as in the one from ISACA? What kind of jobs are you looking at?

Yes, its from ISACA. Any relevant job role for a person to start the career with Cyber Security. Also i have completed CEH.

hello, where can I get the CEH certificate? I tried searching for it but I could not find the official website for it, I would appreciate your help.

Did you pass the exam?

nope, i want to do the exam but couldn't find the official website

Hello, is it possible to get an entry level job in pentesting, as a second job ( i work as devops) inside europe (remote). I want learn staff even for free with good mentor. So i am curious if its possible.

? The official website is like the first thing you see when you google "CEH". That being said I would not recommend the cert unless you are India

I am looking for a part time Cyber Security job anywhere in London. I have a Level 6 (Bachelors) degree in Cyber Security. Currently, I am enrolled in university where i am doing a level 7 degree (also in Cyber Security), I also have CEH-Practical and eJPT certifications, soon I will have eCPPT and CRTP. The majors are Penetration Testing, Web Application Testing, Malware Analysis and Digital Forensics. If anyone can help in anyway to get me a job, that will be a great help.
Thank You
Linkedin: https://www.linkedin.com/in/muhammadyqb/

dont waste your time on CEH. its expense and silly. it somehow makes itself onto job postings but the actual hiring manager wont really care about it. although some government positions like it

Hello… I am a recent masters graduate in cybersecurity and actively looking for a full-time job… Can anyone suggest whether Security+ or Cysa+ has more weightage to get a job?

Sec+ is probably going to be on more job posts, but I would look at some listings for the roles you are trying to get into and go from there.

I am searching for an entry level job as a cybersecurity analyst or cybersecurity engineer or information security analyst or security analyst I etc

security+ is better

Definitely look at the requirements. They may screen you whether you have the certification.

Is it better to apply for internships or just go work at an IT Help Desk job for a Cybersecurity major (no exp) ?

only knowledge and no work untill ur rly good

A IT help desk is good if you have no experience in the field or you don’t have a degree in IT

Does IT help desk come under cybersecurity field

Internships are infinitely better than help desk

Have my interview in a few hours 😦

easy

Prioritizing being comfortable and confident --> all else
do ur best but dont try to do more than that
rememeber its not the end of the world if it doesnt work out as expected

easy game

Ok thank you 😊

Gave +1 Rep to @blazing wyvern (current: #397 - 11)

what are some things I should say during the interview to stand out in a good way?

some questions related to the office or environment lifestyle where u posture as a colleague and anticipate urself as such and some joke on somethin simple u witnessed abt the company or casual events

Hey there!

I’m on the hunt for a RedTeam expert to join a prestigious European Institution in Luxembourg. If you know someone who’s up for the challenge and willing to relocate to this beautiful country (think castles and cycling roads), please let me know!

P.S. If you’re a RedTeam expert yourself, then what are you waiting for? Apply now!

apologies on the late response, but a question piratesoftware who lead me to this site said to ask as the very last question is:

" If you were to hire me today, how/where do you see me impacting the organization most effectively?"

He said this is a bit of social engineering as it makes them think about you in the position already

thank you this is what I was after

20 mins before the interview

haha

*fingers crossed!

Good luck @sturdy scarab

I have interview later for a non-IT position, but would be a job that'd afford me ability to continue to learn hacking skills and set myself up long term to get a job hacking in the Government I hope.

Good luck I hope you get it!

I would like to work as remotely as possible. Which cyber security positions would be ideal for that ?

an ex of mine works 95% remote, occasional work trips/conference. it's def possible.

a lot of it depends on country, company work culture and somehwat job position. I've worked fully remote for about 8 years, I'm in the US though working for a company with a strong WFH work culture

@sturdy scarab How did the interview go? 🤞

Thank you so much. Would you say their position is more red teaming/blue teaming oriented ?

Gave +1 Rep to @obtuse orchid (current: #1978 - 1)

Thanks, can I ask you what kind of job you're doing ?

Different positions in cyber security will probably have an easier time going remote than others

I work in cloud security but I work with a lot of people who also wfh in various positions. GRC, Blue teams, Red teams. Basically unless you need to work near a data center (such as firewall admin), then you can work from home in cybersecurity

nice thank you so much !

OMG I JUST FINISHED IT

that was actually 2 hours

2 hours interview, wow!

yep its possible

Or if you are forced to be on-site due to sensitivity of the systems

well true

Hello , what do you think about the aws training ? Should I start with the aws cloud practioner ?

whats your end goal?

i'd prefer to just jump straight ahead to the AWS Sol Arch

Honestly I don't have a clear end goal in mind ,but my direction is cloud security

then I'd say do AWS Solution Architect associate

Thank you 🙏 the tryhackme training is not that good?

Gave +1 Rep to @pseudo creek (current: #14 - 464)

for AWS? an employer will be looking for a certification.

and an understanding of AWS that Tryhackme doesn't cover

AWS 😦

(personal experience 😂)

thats alright, keep hating on it, I'll continue to get paid for it 🤣

I'm glad someone is!

Thankfully, I'm done with it now.

my record was 4 hours for an accounting position. ooof. How do you feel it went?

I feel like it went good

I was so nervous they asked me about the difference between encryption and hashing and i forgot how to explain encryption💀

But then I calmed down and did good

They didnt ask a lot of questions I prepped for

Why don’t you like AWS?

Most people don't like how AWS makes up odd names for stuff, that'd be my guess

I like my bank account

I don't like the amortization cost vs owning hardware

Well there is that. It can be useful and cheaper if you do it right but most companies don't

I think there are definitely use cases where it makes sense.... that said, I also prefer perpetual license + maintenance sub vs any kind of XaaS cloud

it's my hot take that any company that needs cloud should invest in employees that know a product like openstack

But companies use cloud and I'm gonna take advantage of that for my career

yeah, i can definitely get behind that idea

Open stack has also been a nightmare

But there are reasons to maintain your own internal cloud like service as well as use external clouds

I've heard it can be challenging, so far my openstack exposure is mostly talking to red hat consultants who've been doing it in DoD for a long long time

Of course red hat is going to advocate for it

it's one of those things i'd like to do, but the hardware reqs are a bit onerous

RH isn't the only consultation biz for openstack though; canonical and google both have their forks as well

The problem I have had with vendor consultants in general is they will advocate for their products at the expense of the company

So you need people internally that are aware or else you will be screwed

yeah, agreed

vendor lock in is another one of those supply chain issues that I think is often misunderstood and under-valued by purchasers

anyway, I'm glad we are dumping Openstack, don't have to deal with that anymore. but we'll see about other stuff, once our upper levels find cost saving measures, vendors find way to jack up prices.

I always laugh at the IT managers who act all shocked at the MS price hikes after they are fully on the MS stack

Hihi!

I like to understand how everything works, so I'm learning a bit of everything,, but my biggest interest is in incident response. I'd appreciate if you guys could answer a few of my questions:

1 - Should I focus solely on it, or should I study it all, pentesting, SOC, etc?

2 - are there any certifications or things to go after to become an incident responder?

3 - Once I feel comfortable and ready to get a job, should I try to get one specifically in incident response or should I get any job in security and try to migrate?

Thank you in advance!

if you want to do incident response, then do incident response. Cyber is a huge field and you simply can't do everything. Also look at DFIRDiva.com, her website has a ton of resources that will answer stuff better than we should

and Ill say any job in cyber is better than no job in cyber. So I would go based on opportunities

Thank you for the reply!

Gave +1 Rep to @pseudo creek (current: #14 - 465)

Thank you @royal zenith

Wondered if I can give myself rep

// wrong channel, nvm

living the dream *-*

yeah MS does have better names. but i find that looking for resources on how to do stuff etc is a lot easier for AWS (maybe because it has more market share) people wind up creating more content

aside from John Saville idk anyone who goes through MS cloud security stuff properly. I guess there is MS learn

why is aws so popular and why not others than amazon and that provide same service
litterally called the aws path for a reason? and not just cloud path

They were the first to bring stuff out publically with EC2 instances

ok

Azure was like 4 years after

ah ok

nice

Gave 1 Rep to kj_007. (current: #370 - 12)

play around with things like FTK Imager. It’s a free forensic drive imager, and I know a few companies that use it because while free, it works great

What would be a first cert to go after?

depends. what are you looking into in the security domain?

does your work offer training?

whats your current workload?

Sec+ is a good first cert for aspiring to break into cybersecurity but i dont wanna suggest that without more context f

Something in the red side. My background isn’t in IT I was more just learning because it interests me and now I want to have something to work towards

I'd say HTB CPTS or CRTO 1 if youre looking for something to study

Thanks I will look into these and see which I like better 🍅

Gave +1 Rep to @dense dagger (current: #23 - 339)

It is impossible to learn it all well early in your career. My advice is start off with IR. They have the most jobs and you should be able to get a job in a SOC.

Go through the recommended THM path in general and focus on the blue team side.

After you have gone through the early paths and completed the SOC1 path you should know a fair bit about general security stuff

For certs don't go crazy on trying to get as many as possible. Get security+ and get a Splunk certification.

Make sure you network with people to get your foot in the door. This is very important!!

Once you are comfortable you should focus on a vertical in security. Security itself is a large domain and its good to get specific experience so that you have a direction and can have skills/experience that correlate with what a company wants.

Don't try to be a jack of all trades. If you like IR then learn stuff around that and how to automate stuff and make your team/company life easier. You can then land a security engineer role.

Hope that helps

There is this great internship offer by one of the biggest firms in my country in defending industry and one of the fields they offer internship in is Network Systems and the other one is Information Security.

They require C, C#, Python, network programming skills and data communication knowledge in Network Systems.
They require knowledge in cyber threat intelligence, malware analysis, threat hunting, EDR, XDR, SIEM, SOAR, MITTER&ATTACK Framework etc. in Information Security.

I'm a 2nd year software engineering student and I worked as a backend developer to this day. I have experiences in network programming mostly and developed many projects in that field. But, I decided to pursue a career in cyber security for the last 20-25 days I guess and I don't think I have enough knowledge about the topics they require for Information Security field.

Here's the question:

Should I risk it and go for Information Security anyways or should I go for Network Systems as it is far more guarenteed? I'm a bit concerned because I want to build a career in cyber security and I want to work as an intern in this field as well. Should I keep looking for specifically cyber security internships or it doesn't really matter? What do you guys think?

Thanks a lot.

Apply to both if you are able. If you don't apply, the answer is automatically no anyway

I can apply to only one.

the Network one is more guaranteed?

Yeah

Id apply to that then. Networking is a HUGE part of security and it will only massively help you when you are ready for another internship or job

it will look good on a resume for Security roles. trust me

Yeah that's what I had in mind. Thanks man.

NP. good luck. You're on a great path!

I tried every possible field in software engineering over the years from game development to front/back end web development, from AI to freakin' minecraft server programming and I never felt this way. I think this is the one lol haha. Thanks for kind wishes, good luck to you too!

good

Hey everyone I have just started in cybersecurity I know nothing about it . I have just joined some cyber security courses on course ra from google . please tell me how can I go further and can become an advanced ethical hacker

That is a bit of a broad question. A good start is looking through the pinned messages in this channel to get some pointers

Be consistent with your learning. If you learn better doing hands on, try a platform like tryhackme

THM is phenomenal for learning. Which is prolly why your in the discord, but if you wan’t to start #start-here: here has all you need

I would recommend going CPTS or the TCM PNPT before considering CRTO as you need the foundational pentesting skills before you go into red teaming, and also CRTO focuses on a particular framework to conduct testing. You should also consider the CRTP and CRTE from Altered Security as a different red teaming methodology.

All of the above are around $500 each. And then of course OSCP, if you have the funds for that, is a widely recognised pentesting cert with very good recognition from hr departments and the clients of pentesting companies specifically requesting pentesters hold it. You should of course, have a good understanding of computers, operating systems (Windows/Linux), networking, the basics of Bash/Python/Powershell (you'll pick those up) and an interest in figuring out puzzles and problems

Hello guys, has anyone used DVWA on kali? Need a lil clarification

What is it?

If you have a question, just ask. Also, #infosec-general is likely going to be the better channel for this.

I want to know to access it (DVWA) so I can practice with it

Have you conducted a query utilizing your favorite search engine?

Thanks i will look into the CRTP and CRTE as well.

Gave +1 Rep to @rugged delta (current: #23 - 340)

Hello, question. What are your guys thoughts on the CEH certification?

If you're in India, it's considerable but I don't recommend it due to its reputation

I don't think it is worth it

EC-Council is not reputable?

Well depends which country your from, In India yes as they will ask for CEH, most other companies probably won’t care about CEH, from UK/US I haven’t really seen much ask for ec council accreditations

Thanks. My understanding is that it's just an HR requirement and a checkmark that you have it.

Yea mainly it is just a hr filter

Heya, I'm almost done with my education so I've started looking for jobs in Cyber. I'm very interested in the blue-teaming field, analyzing incidents with SIEM Software, the basic SOC Analyst kinda stuff. But now I read that most SOC Analysts work shifts. Is this generally true?
That would be a deal breaker for me. If it is true, can you guys recommend jobs in cyber that don't have shifts but go in a similar direction? I'd appreciate any feedback!

I haven't seen a shiftless SOC job offer in my country, and to me it makes the most sense that it would be in shifts unless certain SOCs don't have 24/7 monitoring.

You could look into joining a security team of a specific company rather than a SOC, but be wary of the job postings as job titles aren't very meaningful as Security Engineer responsibilities can mean a lot of different things to different companies for example.

How common would you say are companies with a SOC that work with the follow the sun model?

Afaik, with limited exposure, but plenty of friends in it. For SoC, not very common at all.

A lot of this may depend where you are. There will be SOCs that do a follow the sun model and have work in other countries to maintain a 24/7 SOC. This is what my company does.

Also when you apply for a job, you will know what shift you are applying to so it's not like a surprise or something they can change on you without a discussion

Done!

i doubt you've heard anything, but let us know how it ends up!

The existence of most SOCs is predicated on a 24/7 monitoring requirement. Usually it costs way more to staff on call in comparison to full coverage shifts

So how realistic is it to apply as an SOC Analyst and ask for a dayjob kinda shift?

from my experience they're all like this to start with, then you can work your way up to a level 2/3 analyst where you may get a regular 9-5

you can give it a go but expect probably 75% to say no, and then the other 25% to reduce the pay

thanks for the info! that means there's a chance at least... 🙂

not yet but I will try to remember to write in here if its good news

everyone asks how to be this how to do that but nobody asks how to be hapy

do what you can, do what u love and never worry too much

sun is up there everyday

maybe the how to be happy-part is directly linked to those kinda questions...?

ye

Usually you'll end up on 2nd or 3rd shift as part of the rotation - it's unfair to keep someone on 3rd shift forever, so expect that rotations are common and it WILL be your turn as long as you are working primarily in the SOC

in one's mind

I supported a SOC for a bit that wasn't 24/7 but then added people in other countries to make it 24/7 but that was after I switched jobs.

Afaik that's normal for decently sized operations
Most SOCs that advertise in my country say that they do shifts, but only from 6am to 6pm

2x6h or 12h shifts?

I don't know, but I am pretty sure that 12h shift is illegal here
I guess they added the timeframe to make sure people know they don't expect them to work late shifts

Where is "here" ?

EU area

That's a pretty big area.

Is some countries You can work 12 hour shifts, but must have 11 hour breaks between shifts

does it happen to not have to do anything special beside watching for 10hours straight?

i worked 12h shifts here in bosnia but thats in a factory

and yeah i cant imagine sitting and watcing a screen for 12h straight

xd

If you’re „self employed”, which is quite a popular option in IT theeeen yeah even 16h shifts sometimes happen

self-employed, running a 24/7 SOC by yourself? Doubtful

You can be contracted for another company and be billed by hour

very smart vertey thanks for info

Thanks (sry for ping, /giverep is against the rules)

Gave +1 Rep to @fringe spade (current: #299 - 15)

It’s really popular where I live, you usually get more money and freedom, but in exchange for stability as you’re not protected by law as much as an employee

nice

It really does depend. Some larger companies do, as has been stated here plenty, have staff in locations around the world so staff aren't working unsociable hours (at least not as frequently) and there are opportunities to grow and learn in various other roles. I was speaking to two such companies in my hometown about them doing this exact thing for their orgs

Hey guys, could i get opinions on my CV here for an degree apprenticeship?

or is it meant for another channel?

pm if you would be interested to help thank!

Sure, you can drop an image of your CV here, but you will probably want to redact all PII before you do it

Several of us regularly review resumes

Hey all, I am looking for a job and I am based in Malaysia. Anyone aware of good opening?

I have interest in cybersecurity to go into IT industry ,should i join as a web developer and then gradually join into cybersecurity domain or is there any direct way to join my dream domain , please help me by replying my message or direct message 😄

This is all a diceroll. Sometimes companies hire new graduates en masse, sometimes it’s super hard to get a security job, let alone an IT job.

You can definitely do other IT sectors first before transitioning into cybersecurity and it def helps but its not always the same case for people.

No Iam asking can’t i join directly to cybersecurity domain as a fresher after my graduation

You can get a cybersecurity job directly but it's usually quite challenging. Most people get a job in some other area of computing/IT and grow their skills/experience first

What I said was its a diceroll meaning its possible but you gotta be lucky.

how can we learn hacking ifwe know java

You're at the right place. Read #start-here and start doing rooms on TryHackMe (:

Is there any market for someone who can read and program in assembly language?

Studying 80x86 currently.

yes but generally only for system on chips kinda stuffs

is there lot of innovation in that? or is it mostly maintaining and constructing the same equipments

then again reverse engineering how things work from assembly is also very common in the cyber security space

electronics are involved too right

That's where i was thinking about going. Just not sure how to get the binary to reconstruct

For my use yes. To reverse engineer products to understand the source code.

nice

Source code = easy access

i want to do the same

:❤️

Embedded systems !!!

Engineer and programmer

It is also a niche within security/penetration testing

Might be fun

I saw a job listing for an embedded penetration tester

Hey everyone, I'm eager to dive into the pentesting realm and already have the Google certification under my belt. With the chance to do internships every four months as a part of my school, do you think it's best to lean towards blue team roles for now, while keeping up with my red team studies on the side? Appreciate any advice or insights you can offer!

I would say go for everything, take what you can get

Any certifications I should do that could help me? Or are projects more important?

well I would say Splunk is useful for both red teams and blue teams, mostly blue teams but also other parts of cyber use it too. Knowledge of a cloud environment would be a plus. Security+ is a solid certification

Ok thanks

Hi Tavleen, I am not a cyber sec professional yet but looking to transition into the profession. That being said I am an established professional data scientist and I find the same pitfalls in data scientist/data analysts roles that I do in cyber security. Certifications are great and can show a lot but companies care the most about experience. I would say that getting experience is worth a lot more than any certifications.

Prioritizing internships is definitely the way to get yourself to standout.

well yeah, that is why I say go for any and all internships, don't limit yourself.

Additionally, many companies will help pay for certifications once you're in the role even as an intern.

^^^Bingo

The thing is how do I standout as a beginner to these companies

By any chance does your school have a career fair or networking events where these companies would visit?

Sometimes but as my school is really competitive for internships, it’s hard to stand out

I completely understand, what I am getting at is meeting them in person and going to these in person events can help you standout a lot. Putting a face to the resume helps a lot.

Ok I will try, thanks

Don't be afraid approaching the recruiters and asking questions and presenting your resume to them at networking events. That is their whole job and why they are there. I have been to so many of these events where people hang back and don't say a word to any of the recruiters and then wonder why they didn't get an offer. An entry level resume is super generic but if a recruiter knows your name from speaking with them, it will give you the "stand out" factor you are looking for.

Where could I upload photos for my CV as I don't have permission here.

verify your THM account with the bot

Thanks, here is the CV any criticism is welcome

• Add things like LinkedIn/Github links to your header if you have them
• Try and not use personal pronouns in your resume
• Add bullet points for your jobs and talk about what you did in said jobs (trying to relate this information/skills to whatever jobs you are trying to apply for)
• Don't put soft skills in your skills section (interviews are where you will display those)
• Categorize your skills and maybe expand on them a little bit.

are we able to post job things here?

our organization is looking for an engineering workstream leader.

before i post anything more, i'll wait for approval.

I'd ask for permission to post in #jobs-board if I was you

Talk to one of the discord admins to vet your recruiter status

this is just a one off position. I work in web3, not really a recruiter. but whats the best method to contact admins? I know dm'ing is usually not okay.

Font sizing is a little too big. Be sure to include bullets for the tasks you were responsible for in each role. My bet is that you are pretty young, so don't stress about not having a lot of relevant experience. No need to use first person language in your summary or any other resume-like document; it's about you it's absolutely implicit that everything is from your perspective.

also, did not have job board on my radar at all, thanks.

I don't particularly care for Summary or Objective sections when I am reviewing resumes and CVs for potential candidates, I want to see a history that is applicable for the open position. If the background doesn't match the role, I need to see other things that link why you are applying.

azurezojja i like this new pfp

ur kind toughts on this ? :https://medium.com/@assume-breach/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
how accurate /10?

I'm not a pentester and don't want to be one... you could ask a pentester what they think

sory for ping mistake

ok ty

This is... Interesting. The author is definitely running into (let's be fair, well-known) problems within the field. Crunch, high demands and high competition is prevalent.

But the thing is... He is complaining. That's all. He is unhappy with his limited experiences and is basically not happy with being new and inexperienced in a competitive field... What did you think it was going to be like? The cool and flashy stuff doesn't much happen at the junior level.

It also seems like he didn't start off with a great firm. But instead of gaining experience and trying for another, he quit. That is fair enough, he found his passion in another discipline.

All this time the only part of the industry he looked at was corporate consulting, and that's not the only place where there is jobs. He also generalizes and reduces the entire 'sexurity field' to just pentesting

It's all in all not a well-thought through statement he's making

I'm not saying he's wrong, I am just saying he comes across like he found a problem, went complaining about it and didn't have an answer when people asked him 'what did you try to do about it yourself?'

I see, Thanks for that 👍

Gave +1 Rep to @coral vault (current: #991 - 3)

IT looks like the author got over his initial emotion and wrote a sequel: https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

The days of getting your OSCP and instantly having an interview at EY are long, long gone.
Lol, as if working for a big4 was aspirational

It might be, until you actually start working there - maybe that's why he was so focused on consulting

Did you write the article

consulting sounds like a horrible job although I've worked with plenty of half assing it consultants

consulting is a good way to get into the industry - the problem with consulting is that many vendors aren't invested in consultants being good, just in getting paid

https://tenor.com/view/dool-days-of-our-lives-soap-opera-galen-gering-rafe-hernandez-gif-11631428

Please don't self-promote here.

Sorry I didn’t know it counted as self promo for it

And usually we frown on those kinds of surveys due to the potential for privacy abuse; it's not personal, it's a thing we've had problems with in the past

You are welcome to ask specific questions about specific types of roles though; that's one of the functions this channel exists for

I gotcha, no hard feelings, just thought it could be a good spot for people to drop some wisdom on but I gotcha ☺️

And they didn’t give me a name for the role yet because it’s a new position that they’re creating but essential it’s for a graphic designer and they want someone with a cybersecurity understanding: they told me think entry level questions because I just need a understanding of the framework so I’m just trying to gather some potential questions they may ask today in addition to come key terms I should brush up on

security is so big, it's not going to be possible to give you an overview of everything

when you say "the framework" that's not really a thing we can make sense of; there are many cyber- and info-security framworks, varying in requirements from extremely technical to very high level and abstract

Hi all,

Newbie aspiring red teamer here.

I have a lot of experience with Microsoft but zero with AWS, so I figured I would try this learning path out. I was wondering if this learning path would be enough to go and get an AWS certification afterwards for my Resume/CV. Just a bit of cert background, I have the COMPTIA Trifecta and the CySA+.

Please let me know what you think.

Thanks.

the AWS path on THM doesn't relate specifically to any of AWS certifications. If you wanted an AWS certification, I'd get an AWS certification

When you say you have a lot of experience with Microsoft, is this with Windows, Active Directory, Azure or other appliications/platforms? AWS is the largest of the big three cloud platforms (AWS, Azure, Google Cloud). Most people going into AWS would learn the Cloud Practitioner, Solutions Architect, Developer or others before moving into the more advance certifications like Security or Networking.

The path is a good introduction to the platform and some of the technologies and you can learn a lot on your way to being an AWS engineer. You can check the AWS certification site and the below certification paths document. There is also a lot of free training content included on their skill builder, which I'm starting with this week.

https://aws.amazon.com/certification/
https://d1.awsstatic.com/training-and-certification/docs/AWS_certification_paths.pdf
https://aws.amazon.com/training/

I have also used a great platform called 'A Cloud Guru' to learn AWS, Linux and other computing skills over a number of years.

You can check out the official Try Hack Me page for the AWS Path to see how it can help in your learning and prep, including an FAQ which discusses AWS certification
https://tryhackme.com/r/attacking-and-defending-aws

I will say as a former fan of Acloud Guru, I have found it mediocre in recent years. I much much more prefer Adrian Cantrill's courses for AWS.

Thanks. That was an awesomely well detailed reply! Yup been working as windows admin both on prem and 365 cloud/azure etc. I just finished the very first aws 101 room. Their naming conventions are so ood and not intuitive for me lol

lots of people like Stephane Maarek on Udemy

I haven't used them in a while but I always found the labs they adopted from Linux Academy pretty good but I might have to check out Adrian Cantrill's stuff too

you'll get used to them but yes they don't name stuff intuitively

Adrian worked for Linux Academy, he has extensive labs but you do have to use them with the free tier account

Yeah they name their stuff as if they're packaged products people can discuss in planning and progress meetings 😛

I've used my free tier years ago but I don't think basic AWS use is too expensive for a month or two

@weary mulch , judging by your reaction you've had a few of those 😛

yeah I'll say Adrian advocates for creating a new account when starting a course. I also do have sandbox options

it is sad how ACG gutted Linux Academy, I let my subscription slip this year because I didn't find the courses worth the time

Yeah I used to have a really cheap annual sub, about $200 and they had a similar offer last autumn at some point. Was almost tempted. I would love to play with cloud a lot more

And now we have a channel for you to discuss all things AWS path https://discord.com/channels/521382216299839518/1204873513387688026

Oh nice! Thanks for sharing that. I didn't see it before under the learning paths

good luck! I haven't done that path but I've been working in cloud security for about 7 years, primarily AWS but some Azure and soon GCP

Thanks. I hope I can finish it in 3 months before the payment expires. It was a bit pricey for me

Best of luck on it and I'm sure you'll have a great time. It's estimated to be about 40 hours of content and I'm sure you'll have some replayability and testing to do as you go too

Thanks 🙂

Do you think there will be badges added to that learning pathway? I haven't seen any

Though it isn't a big deal as I could just share the completion certificate on my LinkedIn

Trying to hint to my job that I want a raise lol

I think it's just the certificate at the moment but the platform is regularly updated and upgraded with new features

Hey guys, just wondering how impactful is a criminal record when looking for jobs in cyber security

FYI it was a for a fight and it was 7 years ago

No prison time

Depends where you are and what the handling of the records is, changes based on location

@tawny onyx Blue team would probably be ok. Red team maybe not. Depends on if you can get security clearance. I would give that a go first.

Hello all, I am currently taking my Cybersecurity bootcamp and towards Comptia Security+ certification. As a person that has no experience in the industry (I come from Bio-pharma), is it feasible to obtain an entry level position preferrebly in red team or on the path to red team with just the certification? (CA resident)

Security+ is good for learning the basics of cybersecurity. Pentesting/red teaming is a highly advanced role where you need to understand a lot of technologies and the tools needed to interact with them. You should understand a lot about Windows, Linux, Active Directory, Networking, some scripting with Python/Bash/Powershell. Most people have some experience in IT, perhaps desktop support, qa, system administration, software engineering and usually go for a role in blue team/SOC. Sec+ is a good first security cert to pursue but certainly won't train you for pentesting/red team. You should spend a lot of time learning pentesting on Try Hack Me and here we also discuss other resources/strategies to help you puruse your desired role.

Security+ will also give you an idea or overview on the different roles or specialisations within Security so you'll have a chance to look at what area you want to dive into.

one thing I'd ask is what interests you in red team specifically?

hi i am looking for ROS developer ...anyone?

https://dontasktoask.com/

@weary mulch if you want some low risk way to every so slightly dip your toes in AWS waters. You can always do the badges on AWS Educate (it's free) and you'll get a digital credly badge for your efforts. after that you can signup for something like cantrill. his course is MASSIVE for SAA but its only like 40 bucks

if you go the Mareek route its jsut to pass and get the cert vs cantrill gives you way more stuff and considerations. I am just about done with cantrills SAA and nothing has cost me money (except me choosing to register a domain name)

I haven't delved into anything cloud-related. Is the content there quite extensive?

I was thinking getting the AZ-500 (for Azure related things).

the badges dont take long on AWS Educate. But its a free way to learn a few things and get an idea of what its about

Hey thanks. I'll check it out

AZ500 is gonna require some knowledge before you take it. I think people recommend doing AZ900 -> AZ104 -> AZ500 @warm hinge

idk what your cloud exp is but I would stick to one CSP first before mixing and matching any certs or knowledge. once you know one there will be decent overlap just slightly different and diff names for similar servies

I learn very quickly, so it's not an issue I like challenges.

Where I live, the primary provider is Microsoft Azure.

Got it.

I'm beginning to delve into Azure (AD and so on) and AWS pentesting.

My background is completely different; it's not even related to the cloud. There is a lot to learn.

https://tenor.com/view/spongebob-ight-imma-head-out-bye-gif-14924635

I always start with the hardest, I learn very quickly that way.

Thank you so much for the insight! Understandable red team would require a lot of know how and experience. I know this would be something that would come later down the career track. Are there resources out there that can give me an idea on how to plan my career path in Cybersecurity that would eventually get me to that point? There are a lot of certs and specializations available out there and its a little overwhelming to know where to start aha

Gave +1 Rep to @rugged delta (current: #23 - 343)

Thank you so much for the info! I'm excited to see what this field has to offer!

I would say the challenge of it excites me. I find trying to find exploits and testing defenses in security systems in order to make it better very intriguing.

I would suggest learning Linux, Windows, Networking and a little bit of Python while you're playing around with things in THM anyway

Is cybersecurity becoming oversaturated

No

Mediocre talent can be found everywhere.

Not exactly sure what you mean by this. Anyway, to expand on my "no" cable, there is a deficit of personnel in the Cybersecurity space.

The influx of mediocre talent saturates the market, creating the perception of oversaturation.

If you're truly dedicated and enhance your knowledge, you'll excel. There's indeed a shortage of both talented and passionate individuals.

I went to a talk today with an FBI agent as the speaker and he mentioned that the job market has become oversaturated. And wehn evry application I find asks for 2-5 year experiance it appears that way.

Just don't be average.

I have to agree that there is a lot of untalented individuals trying to break into the in the idustry. Not trying to be rude towards them but it is true.

There you go, it's just the truth.

Do you have a career in cybersecurity or networking?

I am currently a student who strives to excel and be above average (to put it like that).

I aim for cybersecurity.

Yes

Me too, cybersecurity is what I enjoy doing. I have a full time job in water utilities so my time is limited haha. I would say I am top of my class but I just need to decide to whether or not to leave my job and find some sort of entry level position. Even that is hard. i could take try to get a gov intership but I dont really want to get doxed up the ass by the fbi/nsa for that lol

Not really sure where that agent is coming from, especially when they struggle to keep talent and units manned.

he gave us a fake name, however he was in the fbi and is retired now

But overall, there is a lack of personnel in the space that will likely never be filled.

And that's not because people are "mediocre."

In my limited experience so far, I've noticed that genuinely passionate and talented individuals are quite rare. However, I believe that by working hard and making sacrifices, one can strive to be exceptional despite the challenges.

Like genuinely very rare.

Many are.

In simple terms, having a few certifications and basic knowledge in cybersecurity doesn't make you a specialist in the field. True expertise usually takes years of dedicated learning and hands-on practice. I've been interested in cybersecurity since I was 10 years old, spending about 10 hours a day learning, and still, I'm far from being a professional or specialist in the field. It takes continuous effort to improve, and I'm not even close to where I want to be.

Like I am still extremely far from being called a specialist/hacker/professional.

At this point, I don't even associate cybersecurity with my name because I hold the standards so high. A cybersecurity professional is someone who deeply understands many facets of the field and constantly pushes their knowledge to the next level, no matter what. It's about continuous improvement and mastery across various areas.

ok

but can u hack

Some free advice, acting superior to others isn't a good look and the cyber community is much smaller than you think. Having drive, to push yourself, is good but once you start putting others down, calling people "mediocre" when you yourself aren't even a working professional, is just arrogant.

Have a good night y'all

This is cybersecurity, it's serious. You mess things up it's on you.

whats mediocre talent and what's rare give, us mortals, examples

It is true that many people are in it for the supposed "money". That is what makes them mediocre. How many peopel are reading TCP/Ip illustrated before they go to bed, not many. i enjoy the proocess of becoming profecient. I just need to make a sacrifice and focus on what I know I want to do.

Hack what?

bcz the fbi guy is definitely some gouvernance cringe speaker guy

generic speech

You get it.

a secured network

It's very vague.

like a third world country datacenter

egypt or

russia

or just my pc

Never tried and never will. I do HackTheBox a lot if that's what you are wondering.

if i use os hardening and basic stuff from thm even

Goodnight.

yeah the fbi guy sounded like a noob. Just sayin lol. I could tell by the way he answerd questions.

everybody talks abt the market but i mean

villagers have a lot to say as well about finance

i know they speak from experience and factual stuff they experience

but yea

idk who here is an expert on "the market"

any stats?

or is it a feelings knowledge *-*

I would consider myself an uneducated expert on the market. I have been investing for a couple years.

i know nothing myself but i cant bare these philosophical takes

well informed definatly, misinformed perhaps

rare talent and mediocre, what do u mean by that

like the first dont know how to code malware himself and the second does?

Isn't it embarrassing that someone who isn't even a professional sees cybersecurity as an elite field and values it so highly? I see myself as a beginner at best. Yet, some people with just 1-2 certifications think they're specialists.

one example

Dude, you studying freaking 10 hours a day since you're 10?
And how old r u now

A cybersecurity specialist is someone who possesses extensive knowledge across various fields and continues to learn and adapt.

Between 16-22.

and the mediocre one?

only one fiel

wich one(s) for example

Individuals who obtain just 1-2 certifications (that's literally their knowledge at best) and believe they are specialists often pursue cybersecurity solely for monetary gain, lacking genuine passion for the field.

yes that's true

and the one who is a specialist what real network can he hack for example

all of them?

For pentesting yes, assuming it's possible.

I agree many people get into cyber sec just for money. Not because they are actually passionate about the field

Exactly.

I dislike it when sincere individuals with genuine passion are discouraged by the influx of people who lacks appreciation or enthusiasm in the field.

They see 1-2 influencers saying : cybersecurity is the next big thing so do this and do that.

a true specialist can look at the network and have a thurough understanding of exactly he can and cant get away with (when it comes to hacking)

I totally agree.

the protocols and how they operate. this is not something many have

me included, yet anyways

Surprisingly, when you tell all those people about the OSI model they are clueless.

I mean remember, these are cybersecurity professionals.

Anyway, my advice is just be above average genuinely stand out.

That's what I am doing and will keep doing.

even in the finance industry teh professionals are not as knowlegeable as you expect them to be. they are just titles

Some people think learning some basic tools makes them a professional hacker. While they don't even know how the OSI model and TCP/IP model works

Exactly, it's script kiddies times 10.

Very few individuals genuinely appreciate the art of mastering their own field, or perhaps they simply don't hold themselves in high regard. Personally, I find it embarrassing to claim expertise in something while knowing very little about it.

Many jump right into pentesting but they don't even have the hacker mindset.

We gotta agree that nobody can know everything it's all about learning something new everyday

Yes but people lie a lot, not everyone though obviously.

I believe I may be experiencing the Dunning-Kruger effect (doesn't make it wrong though).

pentesting is what one should do after having substantial knowlege. It is not something to do first, in my opinion

Unless you genuinely have talent, I totally agree.

And even then those with genuine talent have a lot of knowledge.

So what you said is true.

What's Dunning-Kruger effect?

The Dunning-Kruger effect occurs when a person's lack of knowledge and skill in a certain area causes them to overestimate their own competence. By contrast, this effect also drives those who excel in a given area to think the task is simple for everyone, leading them to underestimate their abilities.

Ohk got it

yeah that is so true, with so many things hahaa

Definitely.

Sometimes it's pretty bad not going to lie.

I have noticed in a lot of people around me, people either have years of experience, or they have a lot of theoretical knowledge. The people who have theory usually stop gaining theoretical knowledge after they get experience and then they think they know it all. What they're essentially doing is brute forcing their way through a career. It's just that through experience their wordlist is very good

Then someone comes around with around 2-5 years of experience and they are an absolute powerhouse because they actively combine the two... Then they get shut down by old timers who feel threatened.

At least, this is what I have seen a lot in government

should I focus on gettting a university degree in cyber security or in computer science and engineering

Either would probably help, but you could focus on Cyber Sec if that's what you want.

ok

Is it necessary to make a contract document for clients to sign when freelance developing? If so how do I make the necessary documents?

You hire a contract lawyer. The documents are there to protect you and the client, you don't want to do it yourself if you don't understand the law or how contracts work.

And yes you definitely need a contract

Hey guys, Im working on a project atm, where I am creating a complete package service for small (to medium sized) businesses, to help solve their cybersecurity needs. I am still brainstorming what kinda issues a small business could face regarding their cybersecurity and what additional services I could offer. If any of you got any ideas, I would really appreciate that!
Thanks for all the answers in advance🙏🏻

Yes that does tend to happen.

When I encounter people who feel intimidated by the prospect of being surpassed they generally are not aren't very skilled at what they do. Personally, witnessing someone smarter and more competent motivates me immensely. I'm inspired to learn from them, to understand their ways, so I just ask a lot of questions and delve deeper into the subject. After all, the journey of acquiring knowledge is never-ending.

Does anyone have any advice on how to prepare your resume for a job fair? The employers who will be in attendance have not been shared with us, so there’s no way for me to research which roles they may be hiring for. Is the best approach just to match my resume to the role I hope to have in the near future?

Gather information from them, hand out business cards. If you bring a resume, tailor it to be non-specific and broadly applicable.

Unless there's a specific job you KNOW you want talk about there, don't bring a job-specific version to the fair. That said, it's more than likely that if you express interest, you'll be given a link to a job req and it's very likely that any resume you give to someone will be trashed at the end of the day

the job fair people usually don't have any input into hiring, they are there to represent the company in a public setting not to hire people

some job fair people will tho, it really depends

Some yeah, but most of my experience is that unless a company sends at least an actual tech person, they are there to evangelize and not really recruit

Thank you both! I’ll take this into consideration and have a generalized resume prepared for best-case scenario.

If I want to get into CyberSecurity and learn more about the field , anyone got resourses or places I can look at?

#start-here

Ok, thanks

Gave +1 Rep to @stoic cave (current: #20 - 377)

Most companies these days will do the bulk of their recruiting through their own application system on the company website, through LinkedIn/Indeed or have recruiters. The jobs fair might have a portal to upload a cv where potential employers can grab a copy after you interact but I usually treat job fairs as networking events, as well as places to get new pens and kitschy things like keyrings, puzzles, stress balls, camera covers, etc.

It's a good chance to interact and make connections. A lot of organisations then may choose to meet with you at their own hosted events. Frequently they'll have their own open days or similar a short time after a recruitment fair. A chance to make a company presentation, have a chat, share a beer, see if you might be a good fit and potentially introduce you to your future teammates

Hi people!

I am doing bachelors in cybersecurity. Currently, I'm in my final year. I want to pursue my career in cybersecurity. Any tips on how to get started.

P.S. I know basic stuff of cybersecurity as it's my major.

I have an associates degree in cybersecurity and have been doing IT for about 4ish years now. Current position is a state IT job(pension) where i make $46.5k a year with ~$3k raises every year, just got an offer to teach software development & IT at a High School but I would be likely taking a $1.5k a year paycut and get a slightly worse pension but do get summers off. the teaching position also does offer free college but its only to get a bachelors in education, not a CS related degree. Im torn on this because I feel like I could teach for about 2-3 years, get the bachelors degree, and have teaching a coding class experience on my resume but I don't know if people will see that just as teaching experience or if they would see it is software development experience.

i could also theoretically make more money teaching since I would have summers off to work another job and I have a friend who said he could probably get me on doing some eletrical line man type of work down in texas during the summer and rough estimate on how much I would make doing that is about $5.5k for 2 months(not counting food costs since i couldn't really cook staying in a hotel) so lowball is about $4.5k, so itd only be an additional $3k a year

also have no idea how much i should be making, im in ohio. every IT job listing I see the pay is about $19-$20 an hour so i am doing better than that but not by much.

I’ll remember this the next time I need a new pen or stress ball. Gotta work on my nerves more than anything else I suppose. I’m still getting used to networking solo. 😮‍💨

This is strictly based off my own personal experience, but working in a school was the most difficult job I’ve ever had. Thankless and poor pay. I can’t imagine employers would consider your teaching experience as software development exp.

Well networking is really a chance for you to show your best side. Some of these events are a little formal, others are semi-casual. Wearing a suit isn't always needed at this stage, usually just whatever's fashionable, sometimes you can get by in jeans and your favourite hoodie. Then it's just about being confident, or at least somewhat open to conversing with people in a professional manner

yeah pay isnt great and it is pretty much thankless, 100% a great example of 'why are we paying for IT?' when everything works and the vice versa of it

Well if it's your first IT job, you should probably aim mostly for entry level positions like tech support or qa but never hesitate to aim higher if you feel you have some of the relevant skills. Most of the details on a job posting are things the employer would like to have, so if you don't have 3-5 years experiece and a comprehensive understanding of 17 languages, a dozen sysadmin skills and all the other skills they want, don't worry abou it. The core skills are the ones you focus on and you can learn anything else they really need you to on the job

site they have some lesson on goes down? they get mad at me that i cant get that 3rd party site back up because they have a test that day, "so what youre saying is you can't help me, got it" the proceed to call my boss and put in complaints. everything is working and im not slammed with work 24/7 and running around, teachers tell me we should just outsource IT because they saw me making coffee or tea.

Sounds like a place you need to get out of

i dont disagree but for right now its easy work for more money than other places pay. its kinda boring but i know how everything works there and keep it all running so i dont really get many complaints. i am looking at switching at some point because $49k doesnt seem like enough to live comfortably off of and i want to make more

As a college student, should I even attempt to find a paid internship or should I just finish my degree and apply for entry level jobs? I've heard it's very difficult for students to find one in the US.

Well it's always advantageous to consider your future earning potential and to take advantage of how you already know the ins and outs of your current job. This should give you ample time to plan and do study in the field towards a new position

i feel like where i live is screwing me, theres just no decent well paying IT/CS related jobs near me but i am also just in ohio. wasnt too bad like 3 years ago when a house averaged lke $150k-$180k with a low interest rate but now its over a quarter million at a 10% interest rate. then theres the energy costs, food, etc. all going up too. feel like low cost of living is rapidly disappearing but the pay is still set to match a low COL.

You should take advantage of an internship opportunity if there's one available, and only consider paid internships. While you're on the look out for those, if an entry level job comes up that you can apply for, then go for that as well. You should base the jobs you apply to on the skills you have and tailor your cv/resume to each job specifically by highlighting skills and experience in particular areas for each role

Well there is some truth to that but you should definitely be improving your skills to be able to offer a potential employer what they really need. The cost of living has certainly gone up all over and so, being able to show your value to other employers is a good way to garner better pay

what sucks is im on the high end for IT pay in my area, like top 30% on average

Well you'd have to way up the potential salary vs cost of living in a new location. Going to NYC you can frequently get jobs paying $100-150k but then the cost of living is very high right now and while it's a large number, you're still talking only a reasonable standard of living

My main issue is I don't have any skills and I don't know how to get them besides pen testing. I'm gravitating more towards security engineering in terms of my specialization.

what ways of checking the COL and salaries in areas do you know of?

i tried figuring that out before and got myself in my current position lul

get a Computer Science degree

it is more versatile and you can learn on the side the security stuff you need

Well pentesting is a skillset you learn a good deal of through THM. Also going for certs like OSCP (most popular and widely recognised pentesting cert), Security+ (Most widely recognised general knowledge cert for entry level), CISSP (Widely recognised cert for people with 5+ years experience), and there are several others.

You should really spend time learning and working with Windows/Linux/Networks and other tools like bash/Python/Powershell and you'll learn a lot of tools and techniques along the way. Being a good sysadmin is very important if you want to be a security engineer. There's a path for this in THM. Having a computer science degree is very beneficial in your quest but not necessarily essential if you read and work hard to learn

Glassdoor, LinkedIn, various salary reviews, there's plenty of sources on YouTube, etc

its a good idea to start from a broader knowledge base and then start to specialize when you figure out your area of interest. you can use the THM learning paths to see what you like

i used to think I would like red team stuff the most but over the years (for me) blue team is so much cooler. Purple team is the best of all IMO 😄

Oh, sweet. I was also curious about certifications too, so I'll grab those when I can. I definitely should have looked at the learning paths before asking lol, there really is one just called security engineer. I'm going for a Computing & Informatics degree so it's more focused on cyber stuff.

Yup, I've learned a lot of the fundamentals so I'm trying out more specified rooms. Most likely going to stick with Blue Team stuff.

Well the paths are certainly a good introduction to various roles in the cybersecurity field and you would definitely benefit from spending time with each of them. The main purpose of following the training paths, or engaging with other Walkthroughs and Challenges, or in pursuing a particular certification is in the training, learning, engagement and experience you get, so your mindset towwards these things helps.

Many courses provide certificates of completion, the same way the paths do. And also, training courses are developed to teach you the skills you need to pass the exam and hopefully sufficient knowledge to understand how to do things in a job or when pursuing your hobbies. Many people do spend a considerable amount of time learning how to do various things with computers just for fun, such as building Windows/Linux machines and learning and using various programs, learning ethical hacking, taking part in CTFs and other challenges such as the machines on THM or perhaps engaging in bug bounties to learn and engage with real-world systems, potentially with a chance to earn some rewards.

Hey there . I am currently in my second year of University , pursuing my bachelor's degree in electronics and communication , though my aim is to get into IT particularly into pen testing and other aspects of ethical hacking . I am currently studying network fundamentals and plan to get an overall grip within a few months . How should I go about things ?

Also , yes , I plan to become a part of a red team , so I might need some guidance and a roadmap . If mentors here could suggest something , it'll be appreciated. Thanks

Is it worth sending my resume for a position I’m absolutely not qualified

I'm a student planning to get into IT security that wants to start learning and saving up for certs, I have been looking at the ejpt, security+, network+, and pjpt,

My question is, are any of these, or other starter certs memory-based/practical-based/good starting point? I plan to be internship ready by end of year

Any help is much appreciated, thankyou : )

The things they ask for, do you have at least some of the requirements they're asking for?

yes

Minus the 4 years of experience in the fields

lmao

If you have some/most of the requiremnets apply for it, you never know until you apply

i agree wit every1

and black

Security+ and Network+ are memory-based imo since its a multiple choice exam but tackling it in terms of memorizing things is a bad way of doing the cert. Opt to instead learn the course content so you can use sound judgment when tackling their questions. eJPT and PJPT are both practical but imo are a waste of money.

some coutries include college years in the experience or smthing

like if i tryhard active directory administration for a few months its just like i got 1 full year experience its so meaningless

knowledge is all u need and the rest is casting

Hm okay, so from this I feel like I should study for and save for security+ and network+, but two questions,

Why do you think they're a waste of money?

Should I also be doing projects to show my ability in using tools and following methods?

Essentially overshadowed by their "industry standard" counterparts, the eCPPT and PNPT. They are seldom in job listings and its like taking a pre-certification for another certification.

If you're actively working in an enterprise environment, then yes.

@ancient prairie

How bout their content? Does it cover more than what thm already gives

THM covers most of their content.

I have an associates degree currently, would it be beneficial to get a bachelors or just get certs? It’ll be about $12k - $16k for the degree or I could get a dozen certs for less than that

But then there’s also the flip side of me having to pay a few thousand to renew those certs like 4-5 years down the road or it being a waste if I let them expire vs a degree that lasts forever

I am still a student but would you say you feel confident in your technical skills?

This question is crucial because, regardless of what you achieve, without strong technical skills, both paths become useless.

Yeah I’ve been doing sys admin stuff for a few years now, including managing a small towns IT infrastructure. I just want more money at this point and to not be roped into hell desk(at least tier 1) anymore. I also have to compete with a ton of remote workers who moved in over the past few years and might’ve gotten laid off and they have fancy big name companies as experience on their resumes.

But if you don’t have what the job listing says you don’t even get an interview so I need something there to land me the interview, from there I’m confident. I’m just trying to figure out what’s financially a better choice.

Check private messages if you don't mind.

I'm assuming you are in the US because I don't know of other countries that have associates but who knows. Does your employer provide tuition assistance? I'll say if you are currently working, which you indicate, I would probably focus on certifications

please ask people to DM before you DM them per the #rules

I rarely ever dm but sure.

what certifications do you have now? if any?

None at the moment, I let them expire during Covid unfortunately because money got tight. Kept losing jobs and places I went to went under, had to just take whatever because I also didn’t qualify for rent protection

ahh I get ya. whats your overall goal? what certifications did you have?

They do but it’s a 10 semester hours a year, turns a 2 year program into 4 years and there’s a lifetime max of about 35 hours so the last semester is only half paid for. Books, fees, and whatnot are all also paid for out pocket by me. Better than nothing but it isn’t great.

A+ and network+ so not many and not that hard.

There’s a HS teacher position open that I was reached out to for and it’s a software development/IT class at a vocational school. Pay would go down unless I can negotiate it higher in the interview which I don’t think i can but I’m going to try. They offer better tuition reimbursement but I believe I have to get a degree for teaching, which doesn’t help me too much. It’s a free bachelors but in a totally different field.

I’m also mixed on it because I don’t know if it’s going to look good on my resume or continuing IT instead will look better. I can see people seeing it as software development experience or just seeing it as teaching experience.

I mean I think it would be seen as teaching experience, if you want to go into IT education, that would be the kind of thing to do. I'm surprised a teaching position doesn't require a Bachelor's though

Welcome to the teacher shortage lol

I mean teachers usually require BS/BA + teacher certification, schools tend to waive the teacher certification in time of shortages

Career tech teaching positions just require a degree(doesn’t matter what) and a few years experience in the field of the career(extremely loose, digital arts counts for the software development teacher position) and then it requires you just enroll and get the BA in teaching within 3.5 - 4 years

I think it’s normally a touch stricter but if you come in halfway through a school year the require BA that gives you a teaching license is extended til the start of the next school year. It’s still bad, the starting pay is $46,500 which is probably a big reason as to why it’s not been filled. Been open for 3 months now.

Subs still get to charge absurd rates because there’s not enough of them too, I’ve seen subs charging $30+ an hour and if there’s no other subs available, the school has to take it. You need a body in the classroom.

The sub that’s there now has probably cost the school like $13k at least and they aren’t learning anything in there and are probably going to fail the state tests.

Good system, I’ll stop myself from going on a rant lol.

but honestly, I wouldn't take it unless you want to go into education. It could be good experience to work for an education company

Thank you and sorry for the late reply. What are training courses? Paths like CompTIA Pentest+?

Gave +1 Rep to @rugged delta (current: #23 - 346)

Guys

Am new here

Your graduation has not happened yet, the graduation should be estimated or expected

So, should i add "Pursuing Bachelor's Degree in Computer Engineering"?

or like 2023-2027 (Expected)

In the profile you use a "they" pronoun, then switch to a "he" - I think it would be better if it was consistent

Oh yeah i just noticed, thank you

Gave +1 Rep to @sleek sedge (current: #13 - 475)

Hello , is bug hunting worth it ?

That said, you'd also be better dropping the personal narrative mode entirely imo @gleaming remnant. Keep it as an objective statement:

Actively pursuing relevant courses and possesses a solid understanding of fundamentals* to contribute effectively. Devoted to continued learning and staying up to date on the latest trends and advancements in cybersecurity for ongoing professional growth**

* What fundamentals? This is a slightly meaningless statement.
** Maybe try to split this up a bit

I see, thanks

I do change the profile depending on the job description

So they'd find what they are looking for

Mind if I ask what position your trying to get

hey guys, is anyone hiring? I'm a 17 years of experience in backend development/management, 5 years experience in blockchain security auditing and just started my way into a offensive security.

I'm very analytical person if so

Cybersecurity Internship

Are the eCPPT and PNPT worth it?

if i want to be a hacker....where to start

#start-here

but what to study first

or where can i take lectures

Ooh

#start-here

Anyone?

i like this pfp too

knowledge is all ur need

prove it with ur own means

Got it now, thank you, I'll continue to learn more

Thats actually pretty burden relieving 😅

Id recommend cpts, or at least the path. Would overprepare you for oscp

hello everyone, this is my first day using discord as i was recommended the platform by a buddy of mine who received some help regarding a career path in cyber security. I am currently pursuing my masters in cyber security and was wondering if anyone would be able to give me some advice on how i can tailor my resume to hopefully land an internship in the field. I do not have any experience in technology however i began working on some entry-level projects recently to gain some hands-on experience with some skills that are required as a foundation for beginners. Can someone please help me? I would seriously appreciate it!

Check the pins first since it has some info about resumes/cover letters

thanks reflex

Gave +1 Rep to @tulip pawn (current: #802 - 4)

Hello everyone, I'm finished thm soc analyst 1 path and I'm still new in this field. Is there any path do you recommend me to try or keep going with soc analyst 2 ?

Which field within cyber are you after?

I'm undecided which field I have to go after but I will try junior penentration tester when I'm done with soc analyst tier 1 path. So far, blue team is so fun to learn.

There is a recommended order of completing the paths -

#general message

Hello together, i am since 4 years in Blue Team and build up a lot of Security Systems and defense Tools. Was a good time but I think about to change to Red Team. Both Red and Blue are makes fun, but Not Sure if internal pentest All day is also a good step to go. Any advice?

is R&D stressfree? and how good do u have to be, any special requirements at all even?

good

do what's fun goin forward

Depends on what you mean with stress. There is definitely some stress with stakeholders and the pain to find actual results within the research you're doing.

I distinctly remember someone who was interviewed in DarkNet Diaries and they were able to land an associate research position in their university after graduating and their main job was digital forensics research.

@dense dagger thanks

Gave +1 Rep to @dense dagger (current: #24 - 342)

thats so cool, never heard of associate r&d

I'll up the question. Maybe there's some interested

Hey everyone, I was offered a job as a junior security analyst after a long 3 interview process. I have an informatics systems and informatics bachelors degree. Prior to interviews I did not have the network+ , Google cybersecurity cert , and the 2023 tryhackme cert that I’ve just received. The salary range is 60-65k. HR has sent me a final offer of 62k. Should I accept or try to counter offer again?

personally I wouldn't counter offer again.

final offer is final offer

I would accept it. Get some experience and then either try to move up / bargain for more salary should your skill-set be able to justify it, or use the experience you gain to move somewhere else on possibility.

Thank you I appreciate the advice @pseudo creek @loud fern

Gave +1 Rep to @pseudo creek (current: #14 - 466)

Mike, Do you have prior experience or you get 62k offer as a fresher?

No prior experience besides a 3 month IT intern. I believe I just did well during behavioral interviews and they liked me better than the other applicants. I had 2 behavioral interviews and the final interview was technical with scenario questions and events they’re dealing with

62k is a really good offer if you don't have any prior experience

In which country?

From the jobs I have seen, the most common one I see is anywhere from 38k+

All depends on what role you have

Hi everyone, can I get your take on how I can get back to work in the field? I have one year experience doing help desk-like functions (we didn’t have a proper help desk or ticketing system and I was the only onsite IT person) and drafting IT policies. I was interested in building a career in AppSec so I accepted a Software Dev apprenticeship that lasted one year. After the year was up, they let go of all of the apprentices, and I’ve since had trouble getting work in IT again.

What kind of roles should I be focusing on? I’ve had some responses to Associate Cybersecurity Analyst jobs (only after reaching out to others on LinkedIn, not positive resume is making it through ATS) and consistently hear nothing back when applying for Help Desk, Jr SysAdmin, or entry-level NOC roles.

I guess Im trying to get a good idea of where I have the best chance of ending up, and which roles I should focus efforts on. My Bachelors degree isn’t in a related field and I’m based out of the US for reference.

Edit: currently hold Security+ and associate cloud cert.

@warm hinge depends a lot on specific location too, i.e London will be fairly higher in comparison

I mean I'd be applying to anything and everything that you look even partly qualified for, including help desk.

and also if you aren't hearing anything back, you need to have someone review your resume

Thank you, what is the best way to go about this? Any platforms to get mass feedback? I do not have many connections in IT and am unsure who to approach for help.

Gave +1 Rep to @pseudo creek (current: #14 - 467)

well you could post a redacted one here

I may just do that today!

Is ejpt the first cert i should get?

knowledge first then job then money then certs if u like to let them define u

Hy everyone ,please i have a question about cyborg room when i was trying to login i did everything so i go to check the solution of just the part to login in user mode but i see i new tool "borg" but i don't know why they use this tool ,any one can respond me ?

You will probably get more response in #room-help

for what purpose? honestly, I'd personally avoid INE, there are other options these days

thanks

Gave +1 Rep to @gleaming remnant (current: #28 - 274)

well said and i like new pfp

Can anyone tell me which module I should start on with website?

#start-here

Ohh nice.. I think you should accept that offer. Nowadays company's not offering this kind of perks for intern guy... you have a good opportunity

hey for a cyber security career what tech stack should i choose please help me

Is there a sorta free study guide for the google cybersecurity certificate?

I think the course itself is the study guide tho, you mean the one in Coursera?

Hey everyone,

I'm currently studying software engineering and I'm very interested in cybersecurity as well. Is there a career path that allows me to be involved in both software development and penetration testing phases of a software?

Thanks a lot.

That one is 53 eur a month

I accepted it yesterday! Excited for my new journey

It's a certificate of completion. Most people seem to speed run it in a 7 day trial. It really doesn't have value and unless you really need the Security+ discount voucher, I wouldn't bother

Hello Guys,
I am an Computer Science Engineering Major, Currently Holding ISC2 CC, Google Certified Professional, Security + and Certified AppSec Profesional, while having attended Many defense workshops

what are the certs i should go for after these, and what roles will currently be suitable for me? and if i am doing Post Graduations which of the fields should be more relevant for me? Masters in information Security? Homeland Security? Defense Technology? CyberSecurity General? or is there any other suitable field.

i mostly want to become a Security Engineer, Architect or else Auditor

hey for a cyber security career what tech stack should i choose please help me

Wait what! Its like a reward for completion? I heard that u get like infinite retries as well: is that true?

I mean it's not an exam

Goodness its a free cert tho, why wouldent people bother. Its owned by google as well.

It's not a cert

And it has 0 value

You get 7 days free trial at the start. More than enough time to cover the whole certificate

It's a certificate of completion, meaning you completed a course

Only value from courses are things you learned that you can apply

From what I understand, it's a general overview of what cybersecurity is

Ahh okay, imma get it and maybe i can save some money with security+ in the future.

They advertise the CISSP during it, have tonnes of content on Python and then give you a voucher for money off Security+, which it's not substantial enough to cover

I completed the entire course, including the optional quizzes in about 18 hours spread over the free week. There's much better ways to show you know the basics, like the Security+ or a book like the one DrGonz0 is giving away in the bookclub #bookclub message

I'll add that the value of certificates like this is CE and CPE credits for maintaining other, paid certs that have a proctored exam

https://www.dataleadershipcollaborative.com/data-practice/ethics-data-collection-and-data-mining

Looking for advice on career path in security. Recently completed the Google cybersecurity certificate on Coursera and currently working on a Comptia security+ certificate. I have no security or technical experience but 25 years have other transferable skills to offer. Should I start with IT help desk jobs or keep trying for an analyst job?

Did u ever fail a practice quiz?

Im doing it rn

@warm hinge A couple were first attempt fails but passed on every retake. Early on I flew through and finished a month ahead. I slowed some after due to my lack of technical experience.

Do you know if you can skip videos and the reading pages?

Sure all of those can be skipped. The only things mandatory are the graded items.

Oh. Thanks

hi

Hi

The optional ones are helpful too I’ve actually used what I learned from those to answer my interview questions

It depends what part of the uk you live in

Is it worth it to get CISSP for someone working in the SOC? My boss recommended to work on it after my move to DE was cancelled as company decided to hire offshore.

@tacit bobcat

Done!

@spare jackal and @proven fable did u guys have to wait like a month before accessing the next course even tho you finished the first one already

@warm hinge No, you can start the next course immediately but like Mike, I didn't skip anything.

CISSP (in the US) is valuable for career advancement for anyone working in cyber

In other countries, they see it as a cert for managers only or tend to

Hello guys,
I would be really grateful if someone to help me get resources related to darkweb crawling and monitoring tools and technologies. Maybe some reseach papers or existing projects.

It's definitely advantageous to have CISSP for working in the EU. The cybersecurity community is quite vibrant and upskilling and demonstrating your abilities and commitment to growing your skillset is a huge aspect of maintaining your CISSP. We are still in the era where organisations are requesting CISSP from junior cybersecurity professionals, even though it has a 5 year industry work history requirement. I would suggest if you can afford it, to just get it. Hopefully your employer will pay you for it. It shouldn't be too challenging. Most people I know in the industry have covered the book in 30-60 days

ahh ok, people from the EU tend to say "CISSP is a manager cert" or at least from what I've seen

#start-here If you want to learn how to get started

Personally, I don't think it's worth no. CISSP is more of a managerial cert, there are other skills that would be better used in the SOC than what CISSP teaches

Even the shitty CEH is better for SOC, more practical

Uhh no

Again it depends on country, in the US, absolutely have your eye on the CISSP

US has been hiring a lot of people for security who don't know anything about security. CISSP at least demonstrates a basic knowledge of the role in security and is intended to be the meeting point between 'real' security and 'business value' security

i'm about to begin a 2 year certificate program at college which covers cybersecurity topics, networking, hardware, and some python programming. i am also looking at the material on tryhackme. i'm hoping i will be ready to take the oscp exam in less than a year. instead of doing one thing at a time, i'm worrying about how i will get my first job considering i have a weird police record. also a friend who is in infosec says without a bachelors degree, companies may want me to have 2+ years of experience before hiring me. thanks for listening to my vent.

to get into security, that's largely true, although m any companies prefer to hire absolute entry level and train in their way of doing things

thanks @flat sedge

Gave +1 Rep to @flat sedge (current: #10 - 729)

anyone work in cloud security - Azure? from what I see the cert path i s (AZ-900, AZ-104, AZ-500). My current exp is AWS and id like to get multi-cloud certified. I have the AWS SAA and wondering if I can/should skip some of the other Azure certs and go for the AZ 500 straight

Since you have the AWS SAA you should be able to easily familiarise yourself with the Azure environment without much trouble. The AZ-104 looks to be similar to some of the SAA content, which you should pick up relatively easily. I'm sure some orgs look for you having equivalent certs at least, if not some specific ones, so my suggestion would be to look at what kind of certs are being requested in job applications and go for them

CEH is practical? I thought it was a multiple choice quiz, did it change?

The main CEH is a multiple choice quiz and they a separate practical cert. The practical isn't widely recognised but there are better certs to go for anyway

For SOC environment I would actually rather look for trainings/certificates provided by the tools' vendors you use in your working environment if they have any

Some of their training can certainly be beneficial but the process of doing work in a real world environment isn't always centred around the tools, rather than the workflow and process of the particular environment/organisation. You want to know how all your tools work together to meet the goals/needs of your org

Well, tools themselves you learn during work, however most tool related trainings usually contain a section of why they work the way they do, and that's the important part of it. Processes in real world environment are also different depending on the environment you are in, which also you can re-adapt to if you know how to work with what you are provided

It's good to get a mix of exposure to various tools and processes

Absolutely, I am not denying that at all

Personally as someone who works in multi cloud security, the az-104 will be more useful than 500

Just curious but how much a discount for the exam is being offered?

people won't really click pdf's here - post a screenshot

Fair lol

Hi everyone! I've attached a vanilla copy of my resume here. If you have a moment to review and offer advice, I would be very much appreciative!

For context:

I am looking to get back to work in IT after being laid off. I am looking into anything and everything with the hope to eventually arrive in a cyber role. I have one year experience doing help desk-like work and drafting IT policies. I have another year experience in software development thanks to an apprenticeship program.

When applying for a position I modify this version to use language used in the job description and highlight relevant technologies if I have used them before. If I don't have work experience I add bullet points to my certifications to indicate that I have gained some relevant knowledge or used relevant tools during CTFs and labs.

Hello im looking into carrer for cyber ?

How can i do that

😄

I recomend chainging "Window 11" to windows 12 becuase windows 11 will be obsolete, as Windows 12 has been announced...

Windows 11 has a issue

How can they list an OS that hasn't come out yet as a skill?

^^ This 💯 I recently made the change to it as well