#cyber-and-careers

I just put those things as that what my university requires though and if I take it out I don't know if I will like get an offer that just my worries

If you know what I mean

Cause I have had my resume review by the university staff before

what? your university requires you put in communication, teamwork, decision-making?

Yeah

they are wrong

I can show you a sample resume template

It's probably some guidance counselor

just because its a sample resume doesn't mean you have to follow it

Mine wanted me to put some things initially, but I pushed back and we compromised.

also, your professional profile specifies basically what your degree is but your education already has that. Use your professional profile to showcase your interest, not what is elsewhere in your resume

this is what we have to follow off

eh idk i mean after all they preach it like is the only way to get a job and im like hmmm

What happens if you don't follow it

okay

lol idk

dont ask me

You're an adult now, you have to make the decisions that work best for you and your future.

wdym by the right and left side for that section skills wise

So it seems like there are no repercussions.

yeah i guess

so i guess get rid of the certificates and then tweak my profressional summary and get rid of teh soft skills right

am i missing anything

Move your capstone

okay

would i just add that as a project in my experience section and labled it projects

ok don't use the skills in this example but use tab spacing like this

No, not in the experience section. It gets it's own section

This is mine

okay

see like Joa's skill section (except again, don't put soft skills)

ah gotcha

like a column type list

but would it be ats friendly though

You can go side to side list

Hang on

you use tabs not columns

It just needs to look well spaced

ok

what should I improve?

ok

so I'm in the US and I'll say I can't exactly speak to what is expected in EU or Spain specifically. Your resume is 3 pages, thats a bit much. I know EU is a little more lenient than the US but I've heard people say 2 pages max for early career.

Your Professional summary is a bit long. In the US, we are told not to put "I" in a resume, again, not sure what the standard is but I would stick to 2 sentences max for your summary. Your skills have a lot of soft skills, which again I'm not keen on because anyone can say they work well under pressure.

Your last page has a lot of spacing for your education. Also you mention your languages twice on the last page.

Under certifications, none of those look like certifications? They all look like courses.

You also didn't redact it, just fyi

Seems like all your information is in the top banner

yeah I didn't mention that aspect but was just going with it.

Yea i thought about the length

Gonna reduce it a lil more and yes they are not certifications

mostly free courses

but I did some ImmersiveLabs labs and got a lot of badges

I dont know where to put it

it is probably better to have a LinkedIn and put it there, badges aren't worth much on a resume

Alright

So let me make these changes

Hey guys, i was wondering if this is the right channel if i wanted to ask some advice for job paths?

I would suggest deleting your resume, making changes, then blocking out your name/contact info before you post again'

sure

Well, it's a bit of a personal question really. I've been in a tier 1 Help Desk position for about a year now, and i feel like i'm ready for some growth (for more reasons than one), but unfortunately don't see the potential with the company i'm within anymore. So i'm considering applying elsewhere, but i realistically don't want another helpdesk job. Where can i take that experience, and are there any other lateral or better positions that this can lead to?

done!

for some reason portuguese made another page by itself...

im gonna cut something more

done

Your business degree will definitely help you in management

thanks!

@stoic cave YOU HACKER

Can I help you?

YES

I WANT TO HACK LIKE YOU

PLEASE

I WANT TO HACK MY TEACHER

One moment please

OKAY

Hey, this is illegal and against our community rules #rules

😡

OKAY

I WILL NOT HACK

Thanks 🙂

I'd bail

Don't work for free

Those 6 weeks should be paid as part of your onboarding, which comes after receiving a job proposal to sign.

it's for a junior system admin role

are they basically asking you to have linux+, rhcsa or lfsa prior to hire?

net+ and sec+ is not a 6 week course

usually net+ is broken down into 2 1-semester courses

Ask them if they'll reimburse if you pass

I would recommend to skip this employer opportunity, compTIA certifications don't prove skill, so it is dubious why they ask for these to prove skillset.

it may be a business requirement for the cert to fill the role

ifthat's all that's on the requirements list, ask if you can talk to another recruiter

I presume this is a bootcamp style class that will prepare you for the exam? Still strange they request this.

because you are being asked for shit that's not on the job req

Yeah it is not completely uncommon, but dubious for sure. 🙂

Filtering Out people also does not sound classy in an interview. 😄

i agree dont work for free

Ask for a different recruiter. If this is coming from the technical hiring manager, it's a hard pass.

I got something similar in an email, where they offer to me to take their course on cybersecurity for $300 in order to get the experience to get a job

Olsen?

or something like that

not quite sure it was awhile ago

Happen twice

I look into the course and it was literally for something to get a security+ cert level

which i have

they offered me an "intership" but i had to pay

lol

yeah fk that

yea

"pay us so u can have some exp"

fk that

Im looking into stating working torwads a carrer as a pentester is there any recemondations on where i should start off at?

Well you can learn a lot of skills here at Try Hack Me. A pentester is considered a fairly advanced skill level in cybersecurity. Even a junior pentester needs lots of useful knowledge and skills in things like Linux, Windows, Networking and understanding how coding works. You can learn a lot of these things as you progress through Try Hack Me's paths and find the area you like the most. Then you can learn different skills and do things like the challenges in rooms and networks on THM, learn how to perform in CTFs, consider pursuing certifications or going to college, etc

Hi, I got curious and telnet gives me accès to the Dutch police mail server, smtp. And it seem not to be a fake smpt. What to do with this information?

Is this a bug bounty?

Is this? I did inform them about this vulnerability risk.

maybe a honeypòt

They have a disclosure agreement

You can contact them for "kwetsbaarheid melden"

Usually though, its asked not to make it public before they had a chance to respond

You can also contact the National Cyber Security Center. They have a hotline 24/7

https://www.rijksoverheid.nl/kwetsbaarheid-melden

Be very careful the OM doesn't like people going too far...

You can DM if you want

Thank you sang I think I need some help.

Since I did everything in the wrong order, again. I did publish it right after that I did inform them.

Im not sure if it is a honeypot since they blocked my IP after I did send some emails from one person to his self and another few persons.

And I guess they did block my Mac address since I'm switching ips.

You've already been asked if this is a bug bounty?

Sorry I do not understand what my answers could be on this question. I'm really sorry for that.

I heard the term bug bounty somewhere and somehow but I do not know yet what this means.

I suggest you stop disclosing details publicly, and contact the Dutch pvd

Ok I can do that

But its complicated since I have more information about things that are going totally wrong in this organization

I feel horrible with this.

Its not complicated at all.

Stop disclosing it publicly, thisnincl here, social media and DM's.

When do I know if this will be alright?

When they contact you back you can ask if you can publish

And when

Ok thank you haha fuck my life.

If it's legit, they'll ask for your address. And send you a very cool tshirt

I did enjoy this adventure. Can I say that?

(Not a prison one )

Is that @sinful kestrel ?

I got about 8 of them now

Send me one

It was 5 the last time we spoke 🤣

😄

Two more and you get to keep them.

One had holes in it, so I got an 8th

The trophy was even harder than the shirt

Damn.

I'd have preferred the refund.

You must be on first name terms with them

"It's frost again..." 😄

In the counter intelligence agency lists

By name and dob

My latest is CISA giving me a 2nd shoutout

https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd/cvd-report-form

Report it here and they'll email back if it's in scope and/or not an issue

Okay, haha so maybe I go to jail now? Great. Can I bring my laptop there?

I mean you shouldn’t unless you did something your not supposed to

You won't go to jail

Unless you've done something completely wrong.

One step ahead if you . Hell yeah

But I did send emails to persons in between and I know they also have a serious problem in between. Ai.

You're not one step of me

Which person?

Don’t tell me

A teamchief in the Hague, an officer in the Hague, and an officer from another district.

And they have a lot of tension in between for some reasons.

Should probably be fine.

Just don't disclose anywhere unless.yoy have permission.

Ok so I did delete my post on LinkedIn. Haha. And I did make a thank you to meet this thm community.

It was nice adventure. I did really like it. But I have to fill in this form right?

Yes

You don't HAVVVEE too but in good faith it's prob best

Worse case they deny and you go on about your life

best case you get a cool shirt

Hahaha

It's better than a hoody.

I did not know this haha.

So there is work to do. I do appreciate that.

But with a nice beer since it is kingsday today isn't it?

how do i go about bug bounties from zero?

Follow your heart and read the documents about cvd.

didnt see the bb channel, I think the discord auto-optimization hid it from me

This channel is for help with career questions, and as a recommendation, you may want to take a look at the #rules. Not sure what direction you're headed with that question.

mb

Morning

hello everyone. im willing to get into soc analyst position. is it okay if to include any of the TryHackMe rooms in experience or projects field? for example to prove the ability to use splunk.

There is one or more learning paths on thm and they are called soc analyst.

ive already completed it

i mean, there are some rooms that are not in path, but are good for practice. so is it okay if i type these rooms in my cv experience field?

I'd say it depends on your work experience. Are you coming from a totally different field?

#cyber-and-careers message

nah. Im a student who's been interested in IT for long time and learning cybersec field for almost a year so far.

No, THM is not experience and it's also not your project. I would make an extracurricular section and include completed paths there.

can anyone suggest any videos or articles for good soc analyst resume?

if i want to get AZ-500 are there any certs i should get before-hand? 104?

Azure has a roadmap i think

love it

u can visit soc ion & refusix

How useful are cysa+ Ans pen test+?

Depends

Are the roles you're applying to requiring those certifications?

I’m asking in like comparison to security+, in how it allows you into more security roles.

Like if my goal is to be in the security field of some kind how helpful or useful are they to jobs etc

The reason why security+ "allows you into more security roles" is due to it being a requirement for the role typically

It's also generally considered the baseline level of knowledge needed for cybersecurity work, which is why you see it in the requirements a lot of the time.

Again, it's going to depend what the role is asking for. If you have no professional experience or a degree, it's probably not going to matter. Certification(s) without experience, or even a degree, don't help. It shows you're good at sitting for a test, but that's about it.

Hallo boys

Hello

I questions

Then ask?

Is there a serious hacker who can help me?

I need to know if you think it's possible for someone to sell rigged pokerstars? So see the cards or do you think it's a scam? I found a guy who sells a 1000 euro program but wants payment in bit coins

Hello everyone, I'm fairly new to TryHackMe and cybersecurity in general. Having worked as a web developer for a while, I'm now seeking your recommendations on how to find my first job in offensive cybersecurity.

@broken idol

What specific job functions have you done that are directly or indirectly related to security and what relevant certifications do you have within security

Thanks bro

Gave +1 Rep to @dense dagger (current: #22 - 367)

There are specific areas within application security. If youve worked with CI/CD tools and implenenting security within it, DevSecOps is a good role

There is also offensive security related roles such as penetration testing specifically for applications

pentesting for entry levels on cyber seems today almost impossible

I have been a full-stack developer for one year, and in terms of certifications, I only possess certifications from TryHackMe and the eJPT. I understand that it may take some time to find a job, but I welcome any hints and suggestions.

I am particularly interested in jobs related to offensive security, such as penetration tester or red teamer.

Nahz that's not what we do here..

Its doable but I think people hear entry level within cybersecurity and think its open for new graduates

which isnt the case most of the time

Bro I know mine was just a question if you think it's possible or not

Yeah, those are seldom entry level roles

So, what do you suggest for me? Should I pursue another job and then switch back to penetration testing later?

yea

im actually going for an entry level on IT

and meanwhile gaining exp for better roles

its easier to enter on blue side

I would do is: 1) implement controls that will improve the overall security of your company, this will boost your resume. 2) get a relevant certification within your local area, this can be OSCP, eCPPT, or PNPT, whichever is looked upon. 3) get lots of training hours in on training platforms. The more potential skill the technical recruiter sees, the more they’ll take a chance on you.

But also switching to a different job can work like SOC

do u know any better places to job hunting other than linkedin

from europe

No, I don't.

Actually, I am preparing for my eCPPT certification, which I have to pass in August. So, for now, what would be better for me: pursuing pentest certifications like OSCP, or starting with roles in SOC or any other job certifications, and then pursuing pentest certifications later?

It pains me, but it's really difficult to find the first job.

Try get The job first

I’m not sure which would be a better career path. IMO, both can work.

OSCP is better i think

I heard it is very difficult to get. Is it?

Its not imo

It's entry level. Technically it's not difficult. Just need to keep a cool head and manage your time during the exam. It's high pressure, and easy to make mistakes. If you panic, you're done.

The most important thing that OSCP builds is a methodology

I honestly dont know

but ill do it sooner or later

i expect it to be intermediate

osep is way harder

Tbh OSEP isn’t that bad, it’s basically a continuation of OSCP. I know people that skipped OSCP and got OSEP instead, but they had a little bit of experience in the field

But OSCP > OSEP, some recruiters might not know the following cert or there might be business requirements that say that OSCP is a must for that role or contract

Its a 10:1 ratio for blue team jobs compared to red team jobs. Get a job on the defensive side of things, grow your network and skillset then transition to the red team if the opportunity presents itself.

Hey everyone, i just got my sec+ certification (letsgooo) and now I am thinking of applying to jobs in USA as a non-USA citizen. Do companies provide visa sponsorship usually?

what rooms can you recommend for SOC position training?

I'm not from the US, but from what I'm reading, getting VISA sponsorship in the US is quite a challenge unless the role you are applying for is quite specialized.

I noticed you are a subscriber. I would recommend taking a look at the SOC 1 level 1 and 2 learning paths.

ive completed the level 1 path

and now i think i need to practice the gained skills. so if any of you can recommend practical rools related to SOC, i'd be grateful.

Anyone of you put tryhackme into resume?

yeah i do

Is it possible to transition to bug bounty and then to pentester? That way, the path seems a little more straightforward. I would just need to start with web pentesting and then move into pentesting. I think it would take less time for me to go that route than to start with a SOC and then switch back to pentesting again. Don't you think?

As a hobby, sure.

So what’s the alternative apart from hobby

Nothing really.

It's not experience, it's all extra learning you do in your own time.

For all we know could have used writeups for all the rooms.

If you are in the US and there are a shortage of qualified workers, a company may provide sponsorship. If you are outside the US, it's highly unlikely. I will also say since a ton of companies have been laying off in the US, there is no shortage of qualified workers.

For home labs where do I put them in resume then?

For me to showcase

Hobbies/extra-curricula

Does anyone know of any catalogs of pentesting and/or general security projects I could tackle to build my CV and overall proficiency in the field?

Ask Chatgpt for some help

it works

haha

We do not use ChatGPT as a suggestion to solve problems here 🙂

It definitely counts as hands on experience yes.

it counts as learning, not experience

Agreed, the machines are configured to be vulnerable which doesnt make them experience

try bugcrowd.com or hackerone.com... .govs if youre in the USA are easier targets

You don’t, you lie and say that’s what you built at a company

And you swap just swap put terms/details that indicate it’s consumer grade and put in enterprise grade stuff there(like you didn’t build it with 5 regular hard drives, you used the expensive server grade SAS drives)

You're not being serious...right?

Has anyone here done ISC2 Certified In Cybersecurity exam? I have a voucher for it that expires soon so I'm currently studying for the exam

Oh it's in person? I thought it was online 😭

I'm in Canada idk anywhere near where I'd take the exam

Oh I might be able to book it at my college's test centre but I'm not sure if I'd have pay for that or not. I'm only doing the exam since it's covered by my program

Have you found the exam prep easy? We're starting to go through some topics over it now through my program but I've yet to follow up on anything by myself or do practice questions

The voucher is for the exam itself

I don't know if it's supposed to cover all of the costs or just a certain dollar amount though

I'm hoping I'll pass lol this is my first time trying to get a cert. There's so many things that we are learning about for each section of the exam

Thank you

I am being 100% serious, people usually don’t care about homelabs in an interview. You can easily flip it and just say you did more than you really did with previous jobs and list details you learned from your homelabs. End of the day it’s to express you know the skills, for some reason interviewers don’t care about stuff if it isn’t directly benefitting a company and making money instead of just being done for fun and without profit being the motive

But your lying on your CV?

Like completely changing it

Dont listen to the people telling you “home labs” or whatever isnt hands on experience. It absolutely is experience. In fact there are several websites besides tryhackme that also give you real world hands on experience.

Just a bunch of debbie downers and negative neds telling you nonsense.

They’ll tell you it isnt experience but wont tell you how to get experience to get an entry level job that requires experience.

Now I don’t think it should be that way but it’s a job, I’m there to make money to survive. I’m taking every advantage I can get. I don’t support lying, this is just stretching the truth of homelabs into my work experience, doesn’t mean I lack the skills or knowledge.

The best part is these same people will tell you CTF’s and home labs aren’t experience but if they make it to the “top 1%” of the website THEY PUT THAT IN THEIR BIO AND RESUME 🤣

I prefer do home labs than not having them done

if that gives some boost

Ill do it

oop

My thm rank is nowhere near my LinkedIn or CV.

So explain how you get experience for an entry level job without:
CTF’s
Any “home lab” website ie THM, HTB, etc
Internships

You can have all the best certifications in the world. Means nothing to any company without hands on experience

David Bombal interviewed an Ex- NSA hacker Neal Bridges

He explains that if you have a “cert”
With a “ton” of demonstrable experience with things like HackTheBox (HTB)
Then you will have a really great chance at getting hired.
Its just wrong to say that putting it on your resume means nothing because it absolutely does mean something

You don't need those for entry level. They help, but they are not a hard requirement. Listing homelab as professional experience is a disqualifying mistake. If someone does that, and gets hired, the company is completely justified in terminating employement for misrepresenting their history.

Ok, the question still stands.

How do you get experience for an entry level cybersecurity job that requires experience?

But you cant get that experience without getting the job that will give you experience?

Nobody can answer this question and it makes me chuckle every time

Work in other areas of IT. Sysadmin, netadmin, help desk, dev are all common routes into security. Due to the nature of security it's rare that a company offers a true, entry level security analyst or engineer role.

Entry level to security usually requires 2-4 years of experience in another domain.

I somehow got a job offer for a junior role at a big international company with a start date already decided, which i accepted and I'm VERY excited, but I still don't feel "safe" lol, in the sense that I don't feel I can relax and stop looking for jobs, but maybe i'm just being paranoid.
Like i have to do onboarding and a background check, so I'm thinking something could go wrong there, or the hiring manager could change his mind 1 week before my supposed start date or something. But maybe I'm being irrational

Once you've signed the contract, you're as "safe" as you're going to get.

maybe it's impostor syndrome kicking in before i even start working in the field

i haven't signed anything yet, i only accepted the offer letter. I'm assuming i get to actually sign a contract after I finish the onboarding

Usually there's an employment contract you'll have to sign with something like docusign, or in person if it's at a physical office. Accepting the offer starts the contract process, usually that will take a week or so.

I see. Btw in your experience how likely is it that big companies might rescind/retire the offer for whatever reason, before actually signing the contract and starting to work? Like the hiring manager coming up with some excuse where in reality they simply found a better candidate AFTER they offered you the job, or something like that.

you read some "horror stories" on reddit but then again it's reddit

not usually. Occaisonally it happens, and usually it's because the candidate mis represented themself in a way that breaks trust

yeah i mean if you get caught lying on your CV or something it makes sense, but outside of that it'd feel pretty bad

Usually you don't interview more candidates than open positions

there are other reasons

such as not being honest about involvement in a legal case, or some other pending legal action

I also felt like I bombed the technical interview lol, but I guess either other candidates did worse than me or I didn't do as bad as I thought; or maybe they're really need folks in that position

Has anyone here heard of the bootcamp Masterschool? Are they legit and good?

if hiring would you pick one over the other cert vs. non-cert

Technical interviews are used to determine where the candidate is. It's normal to get questions you can't answer or don't know how to answer, especially as a junior

Depends on candidate and business need. There is no hard and fast rule.

@juun but do most filter resumes at the cert level?

I've never heard of a bootcamp for cyber that is actually good

Ouch

I looked at it, it is very... odd to say the least but the goal is to get you a security+ certification, which you can do on your own very easily

if you want more of the career readiness, TCM does have a program for $1000 which includes training and a certification. along with the career guidance, mock interviews, etc, etc. But honestly, you can do a lot of stuff yourself

I would look up professor messer on youtube, look at his network+ and security+ courses, they are both free.

the certifications obviously cost money but the training is free

the selling point is they claim a job guarantee at the end or at least support. I am trying to find a jb for over a year now and it seems I need a new approach. Heard of Messer already.

Thanks!

Gave +1 Rep to @flat sedge (current: #10 - 746)

Those jobs all you need is the certs: A+ , Network+ , Sec+ right?

packtpub.com has those books for cheap/ month

and they are videos too, thats how i found out about THM

on a sec+ video

CISSP

etc

its also has the holy grail of tomes... the web application hackers handbook

Nice profile picture

I mean... I am already self learning for like 2 years. All companys say: not enough get work experience (the classic) so a bootcamp with "job guarantee" seems good

start a sec company, do bug research and try again

get a DBA for a business license

Also worth noting here that there's a big difference between ranking on THM and HTB.

• On HTB ranks are actually vaguely protected (e.g., high ranks are coveted and tie directly into job postings, writeups of active boxes are banned, there's an actual sense of competition, etc).
• THM is not designed for competition. Writeups aren't moderated. You can get to top 1% easily by following answer dumps in a matter of days (and that's assuming you don't automate it).

It's different systems -- neither one necessarily better than the other -- but how you represent them to a potential employer does matter.
Stating your HTB rank or stats in extra curricular activities related to the job role looks good. That's something I can go and verify if I'm interested, and it's a good indicator that you've been working on HTB stuff legitimately. It's nowhere near as strong as real XP, or a cert, but it's not a bad thing to include.
Stating your THM rank is a bit of a red flag because it means you've missed the point of THM. Saying that you're Top 1%? Big whoop -- there are 3 million users, so there are 29,999 other people who can say the same thing, and you could easily have cheated to get there (not saying you have, but there's no way to verify that).
The point of THM is the learning, so if you've got nothing else to put on your CV then including things like that paths you've completed, or modules you've enjoyed (again, in the extracurricular section) can be good. At the very least it gives you something to talk about if you get an interview. That I'm interested in for a junior.
Rank? Not so much.

Eh, I don't know about bootcamps though

Also, if you put THM, HTB, or home labs anywhere near your experience section, I'm with Juun -- that CV is getting binned lmao

All excellent extracurricular activities, but not a substitute for real world xp

Would you say the same about HTB's Certs?

In the experience section? Yes.
I'd say the same thing about virtually any provider's certs.
Those go under certifications.

... which segues into the whole "certifications" vs "certificates of completion" thing as well lmao

Experience is hands-on, industry experience relevant to the role. I've yet to see a cert which accurately reflects an enterprise environment. No matter how relevant the vulnerabilities they include, the exam environments are:
A) Always exploitable (not the case IRL)
B) Nothing like the scale of a real enterprise environment, and
C) Not populated by humans. Exams are clean -- real networks are messy. Regardless of how well regulated you keep it, you're always gonna have some moron opening up a fileshare with an important password in it. The potential for unexpected vulnerability goes up massively when you add humans into the mix

I looked and their faq specifically says they don't guarantee a job, they say they will provide you the tools

of course it is never guaranteed. But they claim they only get the money after you landed a job which is a plus.

but they don't specifically say what the job has to be

I looked, course is $8k normal route, $20k if you pay them after you get a job

@undone shore does HTB work with both blue team and red team? Whats the best site for Blue team hands on experience?

ok first of all, I'll say sure people say all sorts of things. As someone who has been involved in hiring decisions, THM/HTB are kind of like an extra bonus on your resume but not counted as experience.

Secondly, I'll say just because someone claims to be ex-NSA and claims to be an ex-hacker working for the NSA, doesn't mean its true. I'll say he has successfully built his brand but its wild that he goes around saying that. To each their own.

why are you asking here what HTB has?

Where should i ask it?

there is a HTB discord or you could look at their website

Haven't a clue -- I'm on the red side

They have a path for blue teamers on academy and a blue team cert, as well as Sherlocks which are the blue team equivalent to boxes on the main platform, so yes

Thanks!

Gave +1 Rep to @fallen heron (current: #65 - 104)

Hi, does anyone know a website where I can apply for internship or mentorship? I want to get some real experience in cyber security

Hey, I'm a student and looking for training. What training might be interesting to become a web pentester (in France or the USA).

*and certification

hey guys i was joking am not a white hat hacker am a grey hat hacker

by the how do i hack a network so i can see the dangerous stuff in that network on a windows 10 operating system?

@linkan1.1 if you search for cybersecurity interships there will be lots of results. Try to find ones that match your interest. If you are school there are plenty that look for graduating students.

There are nunerous penetration testing certs. Id look for web specific if you already have the fundementals otherwise focus on fundemental certs and build from there.

quick question is there a way to share my tryhackme achivements on my profile with potential employers would i just send them the profile url or would not work? i got links to badges but they time out after a few hours any help is greatly appreciated

examples for some fundamental certificates?

Check this out and find the section of cybersecurity you are interested in. Build from there. https://pauljerimy.com/security-certification-roadmap/

ok, thanks man

Gave +1 Rep to @mystic kiln (current: #1034 - 3)

No problem

i figured it out, the image was broken had to reload it:)

Hi just wanted to ask what certification i should get first,
i thought about OSCP, OSWA and OSWP . But im not sure

Well, where do you want to go?

Basically everything around Pentesting

I just don't really know what certifications I should get first, to start

Probably best starting off with CP then,

Alr thanks! I'll have a look at it

Gave +1 Rep to @broken idol (current: #1 - 2201)

Do check Portswigger's Web Security Academy

I just got done with my ccna,the plan was to do the comptia security+ next

But apparently one of my uncles works in the industry and I got to speak with him and he told me the security+ isn't good?

What's your opinions

should i learn jr pentest first or i can just lear SOC 1?

better go with soc 1

sec+ is def good to have

unless u already have 10+ years of exp

thanks

Gave +1 Rep to @fiery harness (current: #2068 - 1)

it also made me think, if you're job hopping, to be safe you would wait to tell your boss/company that you're leaving and actually quit your job after you signed a new contract, and not after you simply accepted a new job offer?

or what do people in that situation usually do

I've got some help desk experience but weak networking. Not sure if I should start with Sec+ to land a job, or net+ for foundations. Thanks!

why is it so hard to get a cyber seucrity job in the UK ?

Are you applying?

What sort of certs do you have? Experience etc?

Could be your CV.

I have already completed CCNA and CCNP in R&W and got a masters in applied cyber security. and got experience as a IT analyst in HCL

Is the masters making it hard for entry level?

yea, i think so, i applied more than 150 vacancies (Even for the junior vacancies), and still I haven't heard from anybody

#general message

just bumping this, thank you!

That could be why for entry, masters will make you too advanced for entry certs.

Post a redaction cv in here and somebody will review it.

(Screenshot preferable)

Am i correct in thinking that cyber threat intelligence is more of a role than a career path?

And it would fall within dfir?

yes, and it depends on the org where it'd fall but its a blue team role, but could be outside of DFIR but DFIR informs threat intelligence and vice versa

Hey, I'm a French student. I have questions about cybersecurity training in France. If there is a French person who is into cyber here, please go mp me

Wouldnt they want someone who is overqualified?

Goes to show there are hundreds of thousands of positions open but every HR manager is extremely picky with what they want.

Nobody can get jobs

They feel like they need to pay a masters student for an entry job.

Ah you mean Masters degree wage for entry level job?

That is pretty much what I said.

That and they think you're more likely to leave quickly.

Put it this way -- you have a degree (which would usually correspond to higher pay) but no xp, meaning you struggle to get a job.
Company hire you for a role you're overqualified for at a wage fitting for that role. 6 months later (after they've trained you up), you now have xp, want a higher pay, so jump to another company.

So he is screwed is what your saying

Those 6 months and all the training they gave you are now wasted time for the company. They now need to start again from scratch with someone else.

i.e., it's a big risk for them, so why bother?

Same thing can apply to certs as well, to a lesser degree. I got lucky.

Why bother getting a Masters degree, exactly.

This is exactly why there will always be a shortage of Cybersecurity jobs. Nobody wants to hire anyone

I mean, aside from contributing to academia?
They're good for a pay increase a lot of the time. Good for your own knowledge. Etc

Dosent matter if you cant land a job LMAO

And that is irrelevant if you already have a career

That's why you usually get professional experience before getting a masters

That ^^^

But you cant get experience because nobody will hire you without experience until you get experience

A lot of companies will actually pay you to go and get a masters

Juun already answered this question

Cyber is traditionally not an entry level field.

You get experience in other sectors, then transition in

Usually, anyway.

#cyber-and-careers message

Yea yea It help desk then It admin then if your lucky branch into CS 🤷🏻

(Thank you Juun)

Right answer, Muiri 😂

Lets assume someone worked 10 years as a C++ programmer. Why would that make him any more competent as a penetration tester?

For a start it makes them well placed to understand security flaws. It means they'll be able to read and understand code (I.e. good for code reviews).

Programming experience means they've got a big headstart in appsec.

Definitely

Reminds me, I have to study all the C languages before moving into CRTL & OSEP

Well I do have some experience as programmer. No IT-sec guy ever cared.

When you say experience as a programmer, do you mean as an actual career/job or just in general programming?

work experience

Hi i have question , can someone help me ? im beginner

Ask away

i am a software developer and i want to learn hacking , i passed some test in try to hack me
but i need help now

• Which team focuses on defensive security ?

🩵team

not just that, the entire degree process is really teaching the candidate the best way to learn in the domain, so the candidate already has all the theory - that's the hardest part to pick up.

Once the theory and abstract reasoning side can be properly applied, the experience puts everything into context and the candidate outgrows the role much faster than the business expected. This causes the business to have to spend more money to fill that role out of schedule and out of budget

Without knowing anything else about the candidate? Probably not.

there are multiple teams within cybersecurity that focus on defensive security. Cybersecurity is not just blue team and red team but there are other teams. Network security team = defense security, Cyber security engineering & Architecture = defensive. If you looking for active defense such as looking for alerts, threat hunting, all that, then you looking for blue team

This was THM room help.

aha

Or they could take a chance and see what the person is willing to make. Making presumptions based on someones skills, credentials, and experience is only doing companies a disservice. The stigma of overqualified is subjective and if the person likely wouldnt have applied if they weren't willing to do the job.

I am so tired of hearing the "overqualified" statement. Thats just an excuse by HR and companies to easily get rid of people they are threatened by.

You sound like you're one of the people who gets turned away for being over qualified.

I got turned away for it by Barclays Bank,

They obviously wanted somebody with less skills than I.

This is exactly why there will forever be a shortage in cybersecurity

Companies dont know what they want

Infinite amount of talent but nobody wants to hire anyone 🤷🏻

And getting turned away by a bank who made 32B in revenue in 2024 / the wages they are paying clearly isnt the issue

Your opinions are wrong, and that is not the root cause of a shortage of cybersecurity professionals. Companies do know what they want, that's why roles are open. I've told you what the 'traditional' paths into the domain are; if you think that's incorrect, that's fine, but best of luck.

So pretty much a masters in cybersecurity isnt enough so you have to apply for jobs like It desk and IT admin that your overqualified for in which they wont hire you anyway because they are scared your going to leave as soon as u get experience

Thats flawed 👏

masters in cybersecurity are generally focused on management vs technical and yes it makes you 'overqualified'. Lots of companies have salary structures that take masters into consideration. Meaning if they hired someone with 1-3 years of work experience but no masters, or someone with no work experience and a masters, they may be "required" to pay the person with a masters more. also they may view someone as having a masters as someone who wouldn't stay there long in a low level/entry job

Hello guys, i am a computer science student, currently finishing my second year with pretty good grades. I am in love with cyber security and networks and currently i am choosing college courses to listen to related to that field. I started tryhackme about a month and a half ago, and have only missed like 4 days. I have learned a lot of new stuff from the site, however i would like some of the more experienced people to give me a point/direction into my carrer path. I would like to get a Masters Degree in Cyber Security and/or Computer Networks, and would like for someone to suggest some good schools in Europe, and give me some tips for my future. Thank you all in advance 🙂

Edit:
I know i need to do certifications, and i will start doing them this year. I would also like some suggestions on the order for finishing the certifications.

I would not recommend pursuing a Masters in cybersecurity until you have gotten your first job; it's a checkbox on your career path, and won't help you much with getting your foot in the door.

I would also recommend looking at internships as soon as possible, although all the summer positions may be filled for this year.

The thing is that in my country there a not a lot of internship positions in cyber security, a lot of them are just software development, machine learning and what not. Also i can take my degree either 3 or 4 years, meaning if i want to persue Masters in my country i can go 4+1, however my wish is to get a Masters outside my country (My country doesnt have that good of education) and most Masters degrees are 2 years in Europe. Any point if i should take the 3 or 4 year degree?

That's fine. All of those will help you in a security career. it is more common to start in another domain then move into security than to start in security directly.

You need a Bachelors as a pre-requisiite for many Masters degree programs.

Thank you THM. i beginning to break the ice on bug bounties becuase of your help!!!!!!!!!!!!

Hello gents, in your opinion for now best certs "granting" interview?
Are we at the moment that ppl REALLY acknowledged HTB CPTS?
Would it be enough to get somewhere without real job experience?

Also few months ago when it showed up I was told it is go to, to get full scope in terms of what u should know to make A-Z pentest

Oscp

And that will be the standard for years still I think

Has anyone ever done a "screening" interview before? I have one coming up and I'm not exactly sure how to prepare

This will depend on what role and level you are applying for. I haven't been on the interviewing side, but a screening interview would most likely ask for some high-level information that you should know before you are passed onto the hiring manager for the actual technical interview.

It will take some time for CPTS to be the standard because only those that have completed the path or course are eligible to sit for the exam, thus in a way making it "exclusive".

Usually those are interviews by HR, they generally will go over the job description and your resume. They may ask a few questions as well about your goals.

You can DM me and we can talk about it since I assume we're from the same country ^^.

His last name is 'grifter'

That is very unfortunate

Ahh so thats why I am interested in IT-Security

How to Get a Job in Cybersecurity ,?
Here is the thing that , I am trying to learn CCNA and hacking and solving the HTB rooms , but the point is that , the company will not hire fresher like me ! ,
So what should i do ? To get the job ?

Has anyone had success with one of those AI powered job boards?

I'm thinking about paying for the service to automatically apply me to new jobs

Hello
I choose cyber security course
I don't know what I learn first
I think you are know better what I learn first

no

nothing has a success rate when the job market is shit

Have you worked alot with the AI powered job board?

for india they don't work i have tried applying a few times

i don't know about the countries outside india

anyone from kenya........................?

@primal ore Please no advertising services in this Discord.

has anyone here done bug bounties before? going for a sanity check, but what is some down-to-earth advice you can give for someone potentially starting on bug bounties? it seems like a promising side hustle, but i like to believe such things don't come easy

in addition to, what is some prerequisite knowledge i need? i need to checklist if im ready for this sort of thing

please @ me!

It's not a promising side hustle at all.

You could go months without finding something, you could find alot of dupes.

what do you mean by dupes? i know that the hardest part about bug bounties is going against the many others trying to submit the report first too

I've reported some bugs, but they're dupes as in somebody else has found it and reported.

That could be more than one person for the one bug

However got any bug bounty questions etc.

We have our very own #bug-bounty channel.

oooh, i did not see that at all for some reason. its not on my channels list

let me put out my question there instead!

You might need to hold in the server or right click show all channels.

Any Mobile Pentesters here? I just was wondering what’s the best resource to learn Java for Android to git gud at static analysis/reverse engineering?

probably try and make some apps for android

or look at open source apps for android

Hey guys

I have just finished my Googles Cyber Cert

and I cant use the discount code from it for Sec+

anyone know why?

well we could guess but there is no garantuees... either ask google or whoever certificates sec+

Can some one help me download kali on MacBook or asus laptop having issues thanks

wrong channel and kali.org

how do i rank up

if youre talking about tryhackme, just gotta do the rooms with points

Hey so I've just gotten into cyber security today and ive only gotten into it using the roooms in tryhackme and didnt use any other programs but i feel kind of behind everyone, am I going on the right path or should I do more stuff to improve?

Yes the rooms are great although if you havent #start-here

After that just do the intro rooms and expand from there

Alright thank you

How much time does it take to get to an average level and whats the average age group in here?

Im barely older than you and id say im a little below average, took me about two to three months of on and off learning and i can hack slightly misconfigured machines. It juts takes some time

Oh wow

But honestly age plays no factor, just make sure you’re learning to be an ethical hacker not a bad guy :)

I just feel really far behind considering my age

👍

Yeah youre honestly getting into it earlier than most so dont

Ah alright, thanks!

Gave +1 Rep to @ember meadow (current: #522 - 8)

Anytime!

mate youre 13

most people start when theyre 18 or something

How old are you?

Great now I feel old

same...

let him cook

My brother in christ, I was 25 when I started. I have people in my classes who have a solid shot at jobs who are in their thirties

Ahh, it's cus I keep hearing all these stories about people starting from 9 or smth

oh

thats so unreal

afaik most people start when theyre like 16-17

and age doesnt really play that much of a role

I wouldn't have managed learning this when I was 17... I wasn't near mature enough to handle it... the chances I would have crossed the line and gotten into serious trouble would've been huge. Assuming I'd have gotten to a serious level enough to land into trouble to begin with

Certainly not 9, where did you hear this from?

I started at early 14, but I'm a bit of an exception to the typical route

Idk, multiple commentaries talked about how certain currently professional people started ata very young age and it was a key factor for there success

but either way I really enjoy cyber security and i dont think i'll stop

it can be hard sometimes but im aiming to be a penetration tester or a red teamer (maybe malware analyst? idk alot of cool careers out there)

I mean, I guess I could say I started at 10 but that was just programming - really depends on how you'd define starting imo

oh wow

Nice, passion will get you far!

well, I learned some python at 11 and recently i have gotten kind of decent in this language called verse

so i think im mentally prepared and my problem solving skills should be above average to get into cyber security

Hi, could you tell me what's the difference between 'unix_passwords.txt' and 'rockyou.txt'?

Companys want you to start at 4 and get 7 phds at the age of 18 or else you won't land a junior position!

• you have to cure cancer as an extracurricular

thats not really a good mindset to have

just becuase someone started younger, doesnt mean that theyre going to have a brighter future in it than someone who started later

aha

its very good to have an idea on what you want to do though especially at a young age

Well at first I wanted to be a programmer but after learning about cyber security and how it uses programming and alot fun stuff it definetly caught my eye

keep at it

buy the sub if u havent yet

wont regret it

At that age you can't really have any idea of what you are doing with your life, and that's okay
Some people switch careers in their 40s and are fine
If you enjoy infosec spend time on it, don't obsess over it necessarily being your career path

Does anyone know of any companies still hiring internship positions for IT or cybersecurity? I’m a freshman in college.

How can i become an ethical hacker after 10th

10th of what?

After 10th std

anyone familiar with the popular mssps in Germany , whether they're local or international companies

trynna find a soc position here

What does std mean?

sexually transmitted disease

Keep it appropriate please

He means to say after 10th standard or grade whatever you guys call it

i m looking at ways to protect PII Data from architecture perspective

just complete ur 10th std after take diploma(cyber security) or do 12th in arts,commerce,science and learn side by bout it from onine platforms play games related to it n get the flags n etc just start that's the thing

Ok any languages to be learned

Is btech in cs necessary

@slender hearth

Programming can be useful, but is not essential when learning pentesting. Being familiar with bash/Python/SQL/Powershell etc can really help your progress, and you can pick these up as you learn new skills. You should also consider learning Linux/Windows/Networks; you will be introduced to a lot of new skills and tools as you learn and progress. THM has learning paths to help you develop from the basics onwards and the community can provide you further advice with how to progress as you go

As you learn new skills you might develop an interest in a particular skillset where programming can be beneficial. A degree can help you to get a job in cybersecurity, and while it might highlight your abilities, it isn't 100% necesary if you are able to demonstrate your skills and abilities in other ways. There are many certifications that can help show your skills, as well as participating in activities like CTFs or bug bounties, keeping a blog of your progress, etc

This can be looked at or interpreted in a lot of different ways depending on the specific need. Maybe start looking at TOGAF or SABSA?

And #infosec-general might be a better channel for this.

Hi everyone.. I have an interview tomorrow for SOC support engineer. After 2 years on tryhackme (in top 4k now) and some other websites where I did lots of investigations and got BTL1 certificate I decided to try and get a job in the field and already I have few opportunities 🙂 I would like any advice for the interview like what could be the questions, what should I ask of them etc.. The company provides SOC as a service, among other services, for costumers and according to their website, they are moslty using Splunk as a SIEM solution, which Im quite familiar with. Any advice or help would be much appreciated. Thank you all 💪 ❤️

There are tonnes of questions you might get asked and you can use your preferred search engine to find sites with lists of questions they might ask you. You could ask specifically what tech they're using, if they haven't told you, maybe ask why a particular solution, if they have particular processes/training they'd like you to understand, what their requirements are for the role, schedule, work/life balance, team compatibility etc...

Good luck🍀

Good luck 🍀

Hello, I am taking the google cybersecurity certificate on coursera to get foundational knowledge in cybersecurity. My next step upon completion is to move over to Google Cloud Skills Boost learning site. I am wondering the order of courses I should take on Google Cloud Skills Boost if I want a to pursue a career in cloud security? Thanks!

My current plan (in current order of planned completion):
Phase 1: Foundational Knowledge (~6 Months)

• Google Cybersecurity Professional Certificate (Coursera) (Currently on course 5/8)

• CompTIA Security+ Certification (Discounted upon google cybersecurity certificates' completion)

• Google Cloud Security Operations (Cloud Skills Boost)

Phase 2: Google Cloud (Unknown completion time)

• Google Cloud Digital Leader Learning Path (Cloud Skills Boost)

• Google Cloud Architect Learning Path (Cloud Skills Boost)

• Google Cloud Security Engineer Learning Path (Cloud Skills Boost)

• Google Cloud Network Engineer Learning Path (Cloud Skills Boost)

INFO ABOUT ME:
(Started learning cybersecurity ~ 4 months ago, have a Bachelor of Business Manegment w/ a minor in Pscychology, 23 in june, Canadian).

I’m not sure if this is the spot to post it, but if you live in Tucson, Arizona IBM is hiring and Global Cyber Risk and Resilience Lead.

Please can Anyone give me a clue of what to specialize on in Cybersecurity.... i have been studing the whole topic and it gets tiring... anyone please

nobody can tell you what to specialice in but you can just look at the different paths/jobs in the cybersec field
THM for example has the Careers in Cyber room where they go over this

and if you want to make it in the field you will have to study all your life/career

Okay, this helps... thank you

Gave +1 Rep to @fervent hamlet (current: #1379 - 2)

Do you have any professional experience in the field or in the computer industry? It doesn't really make sense to specialize before you even start working. Specialization generally takes years of learning a specific topic/process/etc.

The advice out of this is to focus on the basics. The basics are your foundation and you need a solid one to build off of. Then, after getting in to the industry if you're not, start building your professional skillset. Working in a professional environment is a lot different than self-studying. Once you've decided in a general direction, start to focus in, and over time (period of years) you'll build that specialized skillset.

I agree, I did a variety of things in cybersecurity before really finding my thing I love

What was the thing you loved and why ?

https://tenor.com/view/hey-stranger-deadpool-ryan-reynolds-hey-gif-8183762

I knew I liked design portion after trying my hand at a variety of operations stuff. Then cloud came along and decided I'd enjoy that and then I officially moved into architecture a few years after that so basically cloud security architecture

Thank you, I will keep that on the list of things to explore

Gave +1 Rep to @pseudo creek (current: #15 - 478)

would it be better to get a bs in comp sci or IT for getting into cyber

comp sci is generally considered better

IT, from what I see, teaches you tools vs concepts, comp sci teaches concepts. Tools fade into and out of favor and often what schools may use may not even be tools widely used in the industry

Which entry level jobs in cyber security can be done as freelancer and remote?

Usually remote freelancing is done by more experienced specialists. I’d recommend checking out SOC positions, some offer entry level remote jobs, but that’s not really freelance

Ok. I thought searching remote or freelance job. In my country I can't even find apprenticeships unless you are at most 1 year for completing a Uni degree. I'm not even halfway of my degree, so I thought looking outside as freelance or remote

Do you have any other experience in IT?

usually remote jobs are within country. It is extremely rare to find remote jobs to another country

Like professional experience? No, I'm trying to get professional experience. I learned the basics of web development and completed Google IT support certificate

The Google certificates are a good indicator of very basic knowledge, but certificates of completion aren't the same as certifications from a known exam provider. Certifications like Security+ or CISSP show that you've read and understood a bulk amount of conceptual knowledge about the field. Sec+ can be done as entry level but CISSP requires 5+ years experience. Neither is a good indicator of your practical knowledge.

You can build your skills using Try Hack Me, to tackle new challenges in various areas of cybersecurity. Your aim should be to include and work towards some form of practical certification like OSCP, or partake in CTFs (I notice you follow PicoCTF), it's a good idea to keep a blog or other record of your progress and experience in THM and with other technologies and tools. Doing things like installing a Linux server and using it to test various programs, applications and protocols and writing about it can really aid your learning.

You should also consider doing helpdesk, QA or other IT/programming roles to gain experience in various tools/technologies and to see how processes and procedures work in the real world

Are internships more of a outside college type of thing

What do you mean? They are specifically for people enrolled in some form of education typically.

Thanks for the advice

Gave +1 Rep to @rugged delta (current: #21 - 377)

Thanks. I appreciate your input, will look the SOC path and job

You mean apprenticeship? They are a thing, but I haven't found a position outside US. I would love to have that kind of opportunity in my country

Yes and no. Might have misunderstood

Wait so you can be enrolled and also have a internship?

Yes? Internships are usually held between semesters in the summer. There are other types, some run during the school year.

Ooo

It dipends, what do you like more, red team or blue team?

or purple team? in my case, i really like to attack, that''s why i choose penetration testing

If u like to defend, you can maybe become a SOC Analyst

Or as i said if u like both you can do it, for example even if my profession is Pentester, i have to do also a bit of soc at work, it can be helpfull to know both of them in anycase, but at one point you have to understand where you want to focus more

Thank you for the advice, I am a newby, I get confused on where to focus…. I just sent you a request

Gave +1 Rep to @flat scroll (current: #2076 - 1)

It's normal to be like that at the start, i've been in your same situaton a pair of months ago, i had just some basic fundamentals but what i did in these 4 months bring me to have no work, to work as a pentester

So if you want i can reccommend to you a simple path that u can follow since you define yourself as a beginner

Guys I'm trying to learn the fundamentals of cybersec... I heard I should learn networking , os concepts.. when I saw networking it's overwhelming with many concepts...can anyone say which are the most important topics in networking I should focus on so that I don't waste too much time in this..if I miss out any other fundamentals let me know plss

Look at the content for the CCNA Certification by Cisco. That's your baseline.

Networking is a cornerstone of security.

Thanks... That gives an idea

Gave +1 Rep to @stoic cave (current: #20 - 394)

What about os?? Should I go into theoretical things or just practical stuffs like knowing to use linux and windows?

I just finished a forensics class and the deeper the understanding of an OS the better you will be in offensive or defensive stuff.

But in the beginning, focus on using it and the basic workings

Cybersecurity doesn't just require you to know the basics of using things like Linux and Windows and networks. You should be capable and competent with these things to some degree. It's something that takes time to learn and constantly improve. While you might not need to know how to build and scale enterprise networks full of multiple, intermingling systems, knowing how to set up a Windows or Linux desktop and server are considered fairly rudimentary stuff.

Learning how to poke around, install and use different software and services is part of the learning path. getting to know protocols and how they work is going to be part of your journey. You're going to learn about things like web servers, databases, email, file servers, TCP/IP, VLANs, firewalls, antivirus, standards, processes, laws and regulations, Active Directory, and loads more. Take your time and enjoy the journey

Things like CCNA or Network+ will teach you lots about how networks function and how they might be configured in the real world. The Security+ study guide (and videos from people like Professor Messer, etc) give you a general understanding of the cybersecurity landscape. There's lots to learn, and you'll find the things that interest you mostly

I heard if you do ccna network + not worth it ?

Can i get a job as a 16 year old in the field

Probably not, considering you cannot legally sign a contract (if you're US) or really be held responsible for major mistakes. Companies would be taking on a high degree of risk.

That's not to say you can't find a job somewhere in tech, like potentially a part time IT position (probably in the same risk boat) or something like Geek Squad

I would say it is worth it, if you don't have a strong basic understanding of them

Network+ is more broad and general, whereas ccna is more Cisco focus related

And provide more in depth in networking

However it is still worth taking as a good refresher (you can read the books and don't have to take the exams)

But some jobs will look for those 2 cert usually ccna is bit more favorable

Yeah I was thinking to do network + Udemy Dillion course I already purchased so just go over it

Yup that's a great start, I bought the book by Mike and listen to professor messor

thank you

Understood... Thanks mate

Gave +1 Rep to @rugged delta (current: #21 - 378)

Sorry if its a bad place to ask, do you guys know other discord servers in which i could learn and connect to people in relation to cybersecurity

Specifically more serious ones, most of the public ones i found seem to consist of mainly younger folks pretending to be hackers

I am in the sys admin server already

We don't really allow advertising any servers in here, if a discord server is posted It will get blocked and muted.

Hey everyone

Well the CCNA is certainly more indepth than the Network+, so if you go for CCNA, you won't see any benefit from Network+. The Network+ should be sufficient to teach you what you need to know. CCNA is a little more complex

Interesting name.

Interesting bio

Hey everyone if I wanted to work as a Soc analyst what would be some projects that would stand out on a resume ?

I would build an environment that has a SIEM and XDR enabled and conduct attacks on it to see how detections can happen

Anyone here working with Compliance?

no but if you have a question, you should ask

I've been hired as a Security Specialist by a small IT company. My primary job currently is to help implement Compliance frameworks like NIS2 and ISO27001. I dont have experience in the field, which my employer is aware of, and I am really looking for some example documents on Risk Assesment Procedures and IT Security Politics etc. was wondering if anyone had any great resources.

damn, good luck

i have limited experience with compliance so take it with a grain of salt but in my current work, we have someone that creates internal documents and policies. try to look at internal documents that they have also too

Thanks, its a huge task. And basically I have been hired because they see great possibilities in me (Their words btw). They needed someone with the interest in learning and taking responsibility of the frameworks and their implementation. Which is why they hired me, through mutual connections.

Gave +1 Rep to @dense dagger (current: #22 - 369)

Yeah I have tried this, problem is. ISO27001 and NIS2 are very specific in what they want to be a part of the documentation. But super vague in what that actually means. A national compliance cert states as an example " Risk Assesment Procedure should include, at minimum, the phases Identification, Analysis, Evaluation, Mitigation and Acceptance of new risk." But it has absolutly nothing on how to actually perform and write these. Which is why I was looking for examples.

yeah, thats why usually you'd get a third-party auditor to help you

Yeah, and that is also still a possibility. I was just hoping to do as much leg work as possible before starting to pay for those expensive consultant fees.

you can start by documenting a lot of the processes people follow

Yeah, that might be the way to go.

Thanks for the insight! I think I’ll get started with that right now I may have done something similar before but it was on my old computer

Gave +1 Rep to @dense dagger (current: #22 - 370)

If you're in need of virtual assistant or a social media management. I am available for the role.

are there any certs that i should try to get before looking into digital forensics/incident response?

The reason for this is that both ISO 27001 and NIST CSF are frameworks and are designed to help you create your own policies and program that best suit your organisation's context.

First question, do you have to report to any auditing body?

And not to be a pessimist but this also makes you the fall guy.

I have understood as much. But somehow these frameworks are always written in a certain "law" language. And for someone who's native language is not english it's often hard to really understand exactly what I need to describe and implement. It seems to me their should be examples of ways to implement the aspects of ISO, but I haven't been able to really find any. I'm basically looking for something to make sure I'm going in the right direction.

Eventually yes.

You need to map the frameworks to controls

It could be that way. But it seems I have great leadership backing, and my immediate leader is one the founders. But they could still turn to blame me at any time probably.

The framework orgs are just going to provide a general "you should do this." it's on the orgs to take those frameworks and map them to their environment.

If you're going to be reporting to an auditing body, they aren't going to care that "oh I'm just learning" or "this was implemented incorrectly because I was unfamiliar with how it worked." This also isn't a one person task.

Law/legal education helps a lot with compliance positions in cyber

Keep records of everything and get everything you're asked to do in writing.

Yes, and I am really trying to do so. It might be imposter syndrome, but I really need something to hold mine up against. To know that I am even going in the right direction.

I have neither 😄

I would agree to this, and I am not alone as such. But I am the only the one working solely on this.

Its tricky to give specific examples as these can be implemented in a couple of ways. However, I found these resources useful -

https://www.isms.online/iso-27001/requirements/

https://www.iso27001security.com/html/27003.html

Hey thanks, I'll give them a read through 🙂

Gave +1 Rep to @fickle grove (current: #13 - 548)

If you have management support as well, getting a copy of the standards would be a ton of help

If you can find a proper one, you can request an audit. If you have good leadership backing, they could agree to it. A good auditor will not cut you down for not being up to snuff, they will help you guide you to compliance

When I workd in aerospace operations, this was the case, at least and I have met government inspectors (in cyber) wih the same attitude

But you need significant tolerance in leadership for things not being right yet

i have a doubt. Is there any thing i can do to restore my previous instace or tabs in kali linux after shutting down or restarting the kali vm??

you'd need a third-party application

iirc tmux can do it

I heard about it and tried. But the session is not there after rebooting my Kali vm

@warm hinge please know that unsolicited DMs are prohibited. For the benefit of the community, please continue ask the questions and continue the conversation here.

there are few custom scripts you can write for that

“- Basic knowledge in data technologies and analytical tools (e.g. SQL, Data Lake, Data Warehouse, PowerBI, Elastic, Kibana)

• Experience in creating dashboards and data visualizations (e.g., in Excel, PowerBI, Kibana) for reporting key metrics and stats would be an advantage
• Experience with programming in Python
• Knowledge of vulnerability management processes and solutions” These requirements are for a vuln management position but this comes under devSecOps right ? Should one focus on devSecOps for this specific role ?

Nah, looks like a data analytics role

Can anyone please help me with how should start my carrier in cyber security currently I am doing ug in cyber and everyone seems to be knowing so much more than me. Can anyone please help me

Start learning on tryhackme.com

Do I need to learn any language before starting that or I can just start with tryhackme

I suppose you could pick a language as you go.

Which one would help me more

Python

I'm not a AI hooligan but I think GPT 4o can already do that smoothly, except the vulnerability management

True….vuln management is the role tho…this is an intern position so more of a learning thing with easy work at the side

The basics help alot

Let's not suggest it, ChatGPT can be very confidantly wrong

By basics do you mean networking, operating system, cryptography and linux

You don't have to learn any language before starting, but it does help understanding how it will function or work

To get started you probably need to know linux command lines, sql queries, and bit of bash scripting

Then you if you like you can go bit deeper into python (popular choice by many), rust, c, go, or a language you like

Recommend you learn the syntax when going into programming language to help you

As for basic yes, you need to know about network, the operating system, and how data flows

It is a lot of learning, so don't rush and don't be overwhelm, just practice over and over until you get some understanding

Do I need to do get deep into the language. Like learning about all the libraries and oops concepts

Thank you so much man really helped alot

Can you help with this too please

Learning the basics of something like Bash or Python will help you a lot. As long as you're able to follow the logic of how a piece of code is working, that can be enough, at least to start with. You can learn more indepth as you improve along the way

No

If you go deep in OOP then you are going more towards as being a programmer

Learn to know to at least how to code and read/understanding coding

If you want to go deeper than that, it is your personal choice

I want to enter cybersec and plannin to do certification . Should i focus on ccna or comptia network+ or comptia sec+ as a fresher ?? any other suggestions are also fine. ( i will be facing placements soonn)

Either CCNA or Network+. Or the knowledge from those certs. Most areas of cybersecurity have to do with networks, so you want to know networking. CCNA is quite Cisco specific, but doesn't hurt. Also looks solid on your CV when you apply for jobs.

Sure.. im quite confused about choosing vendor specific (ccna) or vendor neutral. Also i heard about cissp. if there's something first to do , which one shall i goo?

You need five years of work experience in security to call yourself a holder of CISSP. It's aimed at people in management. Personally I would do CCNA. It's much more recognized by employers, you might get interviews just because you have it. You will learn Cisco specific things you probably soon after forget, but it's worth it. Has all the network fundamentals you need, and more.

Thanks a lot... that cleared it out

Gave +1 Rep to @modest geode (current: #2078 - 1)

is comptia sec+ overhyped??

Like most certifications it's "a mile wide and an inch deep". Covers lots of topics but barely scratches the surface. If you do courses for it on YT or Udemy you're basically learning the definitions of >100 terms, but without substance. And that's enough to pass. You don't need any practical skills for it.
I believe it's quite valuable in the US because the military and military contractors demand it. It depends where you're from. In Europe it's not worth much in terms of employment. But if you treat it as what it is, to get an overview of what's out there and what might interest you: Can be worth it.

Got it... Thanks mate

Gave +1 Rep to @modest geode (current: #1383 - 2)

Is eJPT worth getting?

Does the job you're looking at require it?

No

It's one of the cheaper ones and I want to get some certs to show off my "skills"

Do you have a bachelor's degree (STEM or really any degree) or professional experience in the computer industry?

Nope

CryingCool

Getting certifications without one or the other doesn't really do anything for you.

Certifications are used to quantify professional experience and say you are proficient to a standard.

Hmm

If you have neither a degree nor professional experience, and you're of age (age to legally sign contracts) to start working in your country of residence, I'd recommend looking for help desk roles in order to start building that experience.

Hi, I've just started trying Hackme. So, I have questions for you. In the Hacking Your First Machine Part 2. I transferred successfully, successful then when I write the account balance, 'your answer is wrong' the message comes out. Can you tell me what's wrong?

try #room-help not careers

ok thanks

Hi

Hello,
I am currently a sophomore doing CS, and I am very interested in cybersecurity and I wanted to know how start preparing because my college doesn't offer any cybersecurity courses just Standard CS Curriculum. I've checked out cybrary, hackthebox and tryhackme and I am still lost and can't figure out how to start.

Also are there any cybersecurity internships? which I could apply to after learning a skill or two

I am asking internships as a general question like do companies give out internships focusing on cybersecurity

They do yeah.

oh okay thanks.
I asked that because I couldn't see any internships in my country

Gave +1 Rep to @broken idol (current: #1 - 2269)

most companies are accepting hacking/sec certs from tryhackme and hack the box nowadays in america im not sure where youre at

Please don't spread misinformation. Tryhackme does not offer certifications, and the HTB stuff is so new, the security communities barely know of it, let alone the HR and Business groups that actually post the job reqs.

youre right i used the wrong word, there are badges for completeing courses,to show what you know and to prepare you for certs like pentest+ and SOC1&2 roles. im not sure where youre working but my employer loves them, probably depends on the company

Anyone on here have know of companies they work for that are hiring? I am a senior and I have less than a year left before I get my BS in IT with a specialty in Cybersecurity. I need to start getting experience and actually start working in the field. I have been working as a Technical Writer II for a defense contractor for 4 years and have a military back ground. I have been applying all over and have been having a hard time finding any job that I qualify for. Are their recruiters on here or anyone that has a company in North America that is looking to hire someone remotely? Any recommendations or help would be greatly appreciated. I am struggling horribly.

I could have sworn I was applying somewhere (*.gov) and a TryHackMe reference was in the reply

Ah it was another site, that I shall not name.

I am from India

Yes?

Hello , i have a question , how do i get a first experience in the computer industry:)?

well

if you dont have a degree many people start off in help desks

and work there way up

even people with degrees often start off in help desks

I’m in America so the job market is gonna be completely different here, you could try your hand at bug bounty hunting on integrity, bug crowd or hackerone there’s a bunch of sites with bug bounty programs

Depends, in the company I'm working, there are people who pick up the phone (and help with little things), and people who give support with a bit more complicated things. The people without degree do pick up the phone, and the people who have a degree are the ones starting by giving support. Some people are growing towards support from picking up the phone.

yes, it depends. I didn't say everyone does

True

in my company generally the help desk is staffed by those with college degrees and they eventually move out of that position to something else. I never worked help desk myself, but my job in college was a lot of what you would call desktop support

Does tryhackme do a good job of getting you ready for the workforce? Currently doing the Soc 1 path. Just wondering if I should stick with this or study for another cert.

It does enable you with the theoretical and practical knowledge of understanding concepts and technologies

A lot of employers look for that; people with basic understanding of tools, concepts, and technologies.

It's an additive, meaning something you do on the side bolster your knowledge. Professional experience and degrees are what actually matter and you need one or the other. Also, just know that certificates, like THM provide, are not the same as certifications.

i have a doubt.. Is it advisable to do CCNA or network+ first or go straight towards cybersec certifications like CEH or ej pt or somethin as a final yr student with networking and os knowledge ?

Where do you live?

India

Ceh would probably be one of the most useful

Okee... But recently I saw that ceh has some bad rep in industry. Is that true?

Yeah, it's very much true, however India still use it as an HR request.

Finee

Even with these certifications in hand as a fresher , won't I get a cybersec job instead of a help desk ?

The hard truth about the industry is there is expectation that you have experience before coming into cybersecurity

But it is definitely possible to get into cybersecurity as a fresher. Its not just as easy.

Understandable

Is that only possible through referal coz I see every job profile with exp demand

I don't know your local market but generally: you have to stand out from the masses. Pass OSCP, maybe CCNA just for the initial HR filter, have a successful YouTube channel, publish a blog with write-ups or discussions of the newest vulnerabilities, write tools and publish them on github, be very high up in the THM/HTB ranking.

Ceh would be cheaper tbh.

Understood...I'll try it outt

i have done a few try hack me modules. Now that im in summer i want to study for a cert. Would it be advisable to study network+ or sec+. My curriculum is Electrical Engineering so I wont take any classes regarding networks or telecommunication until my junior/senior year.

i tried with sec+ at first but seemed too much to start with

also does anyone in the U.S know if network+ can help get you a network engineering / cyber secuirty internship with a 3.4+ gpa

Assuming you're in the US, sure, but you don't need certifications to get internships.

(Almost) everything security-related builts on networking in one way or the other. It's highly advisable to first get networking knowledge. That doesn't need to be the actual net+ or CCNA cert, you can acquire the knowledge without passing the exams.

It's better to wait until you're about to finish your degree as well, that way you don't waste the time before the certifications expiration.

If they did Net+ now and Sec+ later, the latter extends the former.

True, but then they're also spending more money. It's really going to depend on what their goals are.

yea but would the cert make me more likely to get an internship

Certainly, all other things being equal. You're gonna stand out from the crowd, at least from the majority that doesn't have certrs. Nobody has data on how much more likely though.

IMO, yes, but it defeats the purpose of an internship.

You're in school in the US right? There are plenty of internships to go around. They may not be at FAANG or insert hot startup, but they will get you experience. Juun can articulate this better than I, but the purpose of an internship is to expose you to the professional workplace. Internships aren't expecting you to come in with anything more than what you learned in school and are more of a trial for you and the company to see if you fit.

Hello

You can you givee a road map to learn Cyber security

https://roadmap.sh/cyber-security

Thanks brother

hey guys im timo from mrc i want learn cyber but i need someone to help me step by step cut idk from where i cant start

https://tryhackme.com/path/outline/introtocyber
https://tryhackme.com/r/path/outline/presecurity
https://tryhackme.com/path/outline/beginner

That would be a start

You can also go to #start-here