#cyber-and-careers

And going to school

Is it a great idea to get a help desk job once I get the A+, Net+, and sec+?

I want to gain experience since i don’t have any

Yes help desk is a great entrance into security. Penetration testing is not the easiest role to get into without much experience (it's possible tho), so maybe I'd look into blue team roles like a SOC analyst first?

You can also try to find the helpdesk job without those certs as experience >>>>> certs

Also if money is tight you can skip A+ and Net+, so that you jump straight into Sec+

Currently in a SOC role, I don’t have any certs. Is the security blue team 1 and 2 certs worth it?

I'm coming from software/webdev and sysadmin with minor pentesting/security testing etc. if I show my resume, can you guys advise on what kind of jobs I can get? I'm having a mid life career change and about to graduate with a masters in cybersecurity.

Don't ask, just post 🙂

Sure thanks

How can I tailor this resume for security. I'm familiar with pentesting, hardening, cenzic/qualys scanning, nessus, I have my own private data center secured and built with proxmox, I run Wazuh and elkstack kibana and a fairly large self hosting community on matrix

Oh and I'm quite good with digital forensics on windows platform, in which I also got a commendation by the Dean in my bachelors program last year

I'm quite good at desining secure networks, and I also got a commendation for the Secure Network Designi class in masters degree program

Should I include this, or replace the above with this? I did all these things as CTO for Sky, contracted by Symantec Inc. and Panasonic and Men's Warehouse and others.

The first is the web dev resume and this one focuses more on the security aspect

I updated the skills and sky social media work experience. rest are same a those were mostly dev roles. Sky was CTO all in one role where I did everything

I am so new to everything.

Hello new to everything.

does turning a pc on w a foot vs a hand count XD

Wow very nice

hey is theres a roadmap for learning to become hackerman
first thing install kali linux right 😎

Do check the #start-here channel

@noble glacier Here

Do you have a degree or professional experience in some other area of the computer industry?

Certifications by themselves don't do much

Im currently in my 5th sememster of my CS undergrad

Even Finding a Intership is very hard thing

You're too late for summer 2024 internships if that's what you're looking for

Maybe even too late for Fall 2024

This is the wrong season to be looking for an internship - summer internships usually open in october/november and are closed for new applications in January.

If you're getting a Computer Science degree, that's good

Even Preparing for OSCP and CPTS

It is still unlikely to get a red team, or even pentest, position straight out of school though. It happens but it's very rare

oh then ..I think i should start blue teaming ..Something like soc which i absoltely dont like

No, you don't need to start there

I don't think I've ever seen an actual red team role offered at true entry level

Red teaming is usually considered an advanced and highly trusted subset of penetration testing. If an org was asking for entry level red team roles, I would be extremely suspect of the competency, knowledge, and maturity of that org.

DMV area has started listing Red Team positions for the level you're talking about. It's mind boggling because they don't do typical red team activities and basically just do vulnerability management.

And then they are leaving and trying to go to actual red teams

wait, the Dept of Motor Vehicles in your area? That sounds like governmental incomptency of the highest level.

No, DC/Maryland/Virginia lol

I'm a pentester, and 99% of the vuln related activities of my day to day are blue team, not red team.

Surprisingly, the government red teams I've dealt with are refreshingly competent

But to circle back, the colors are kinda meh in my opinion. I took an cybersecurity engineer role right out of school and did pretty much everything under the sun.

oh you did both offensive and defensive ?

I was basically this orgs "firefighter" in that if the customer had any issues they could come to me and I would solve it, come up with a potential solution and have others implement, or find someone who could solve it.

If you want a binary answer, sure, but the environment was more fluid than that

I saw you hymnosi

Okay, I will stop thinking about this for a while. I will focus on putting in whatever effort I can..Then i will think about results

That's not to say you shouldn't have goals. Goals are good and they drive you forward. It's just that you need to set reasonable expectations for said goals and you'll see results. Crawl, Walk, Run.

sheeesh thanks man👉 😎 👉

Gave +1 Rep to @fickle grove (current: #13 - 562)

xd

Thanks. Any advice?

Gave +1 Rep to @brittle pier (current: #101 - 64)

hi guys. Any advice for starters here??. Im a 16 years old student

👋 checkout #intros and https://roadmap.sh/cyber-security

Learn the basic foundation, first off look at Comptia A+ to give you insight on where you are weak at and where you are strong at

You can follow the roadmap that was provided for you to help measure your way, or depending on some experience you may have figure out what path you may like to take. Start with tryhackme rooms and see where your interest lies, then slowly build upon that

Also, you can check out #start-here for an introduction to the platform

oh..thought I mentioned that, not sure why it came up with #intros

With 0 professional experience prior to it, I got a Network Security Analyst job at an MSSP.

I think my skills and knowledge are severly lacking and that maybe the reason I've been having second thoughts on the job.

So I don't end up writing an essay, been wondering what should my next move be

Prove yourself wrong and study like hell

If you try to base your knowledge against "security" as a whole you will definitely feel you know 0

Pick one foundational area and master it. If you don't know which one to choose, do all the basic paths in THM and see what sparks your interest. Then dive deep.

This field is BROAD and DEEP so it's very easy to feel unsuited for this journey.

I'm an ISSM, combat veteran, business owner...and I wrestle with this shit constantly 🤣 I felt more confident in my position where lives depended on our decisions than I do on day to day running a cyber team.

Learn constantly, be confident in your decisions when based on your knowledge, and never be afraid to accept insight from others. All our journeys are different and even in cyber we all have very different experiences to bring to the table.

thanks

Gave +1 Rep to @rugged delta (current: #21 - 381)

i just start learning with 0 experience or knowledge about tech should i be worry about choosing career?

does tryhackme have everything cover or only have partly cover
and if it only partly cover then does that mean i have to learn the fundemental IT skills first (I have 0 experience with technology)

it covers some. I like this website that provides some details and resources (free and paid) https://dfirmadness.com/getting-into-infosec/the-five-pillars/

thanks

Gave +1 Rep to @pseudo creek (current: #15 - 479)

can someone help me with this question

no

Alright thanks

Is TryHackMe subscription enough for a 15 year old?

well probably..... should be able to get a students discount too as not heard of any 15 year olds that are not students

Users can email support and verify that way.

What do you mean?

We have 3 ways, email, ID or enrollment papers

Do you take report cards?

@dense dagger @winged mason First of all, thanks for the advice!

Its true about the feel being huge, really easy to feel lost but rather amusing how people will have such varying levels of knowledge.

Studying hard with THM rooms, one thing led to another and I've gotten interested in a Homelab, for Malware Analysis specifically... But my current job's direction seems to be more about Network Configuration than Security, I'll take all that I can learn but I haven't been exactly fond it

Gave +1 Rep to @dense dagger (current: #22 - 372)

Welcome to THM. You'll learn lots here and be encouraged to investigate a lot of fun things. There's loads of fun rooms to play around in and learn about lots of tools and techniques. Computing, IT and cybersec are very broad areas, so play around with things that look interesting.

Also noticed you're on Book Lovers Club... We have a #bookclub channel where we discuss interesting books related to tech/cybersecurity

We don’t take them afaik. I can ask for you tho

Hello All, I need some advice on how to prepare for technical interviews for cybersecurity jobs. Are there any resources I can refer to ?

There are loads of websites with all kinds of questions and answers for different cybersecurity and technical jobs. Other than that, study hard, practice loads, be able to demonstrate that you know what you're talking about

You can impress interviewers by really knowing what you're talking about. Beyond surface level knowledge and lists of interview questions. While that's not a simple advice to implement, it's powerful if you do. Just takes time and will.

@modest geode @rugged delta actually I don’t have any background in IT but I have good theoretical knowledge. In fact I managed to get my CompTIA net+ and sec+ in first try. I am trying to get an entry level job in cybersecurity. I know that you need some IT experience before you can go into cybersecurity but what I am trying here is to prepare for interview by trying to understand, how to answer technical questions with a scenario based answer, so the interviewer think I do have some hands-on experience. I am even doing lab on tryhackme. P.S. also I am feeling very nervous about this interview phase and don’t know how to overcome it.

Yeah I get that. So what I'd advise is to go and do technical things. Learn how to install and configure Windows, Linux, web servers, databases and other applications. Also, be comfortable with networks. Having Net+ is a good stage to be at. A lot of organisations will consider Sec+ as an entry level certification. Search for it on LinkedIn and other job sites.

You should consider roles in technical support and IT, as this will be beneficial going into cybersecurity. Showing you can manage systems is highly beneficial. It's okay to feel nervous. As we've said already, improving your skills and abilities gives you confidence to talk about things because you'll already understand them. You need to be quite technical and have knowledge and experience. Keep practicing on THM. Build a home lab (even if it's a couple of VMs in virtualbox) and install Windows and Linux and learn how to use them. Understand a little about how programming works.

Yes it is challenging, especially for a lot of entry level people. The market is very weird at the moment. Keep applying though

basically there was a huge hiring boom during Covid, then businesses started to downsize so the last couple years have seen lots of layoffs and difficulties in getting a new job due to competition. This happens every decade or so

actually I don’t have any background in IT but I have good theoretical knowledge. In fact I managed to get my CompTIA net+ and sec+ in first try. I know I'm not making friends saying this, but having passed both myself, that's what I meant by going beyond surface level knowledge. CompTIA certs touch a ton of material but nothing in any depth. One can pass them having a rough idea of the items in the study guide while lacking a firm understanding. They're much more an exercise in "how to interpret comptia's way of phrasing questions" than in deep(er) technical understanding.
Not saying that's the case for you, that's a general statement.

What happens if you fail a cert that your job payed for

Depends on the company and what's laid out in your employment contract.

For my company you only get reimbursed if you pass. It's on you to pay for your failures.

I'd only accept such a deal if the cert was fully optional

Ah I see

I Thought if you failed you didn’t get the job

There are companies that offer accelerated programs but you either a.) pay the training if you fail or b.) are bonded for X years if you pass

What do you mean by bonded

Like you have to work there?

You’re stuck there for X years unless you’re willing to pay the pre-termination fee

Ah gotcha

Hello, i have windows 7 32bit operating system can i run buripsuit etc type software in this system and start my career as Ethical hacker from scratch? Please anyone reply.

Probably a question best for #general

I would assume not as Windows 7 is very old

S

I am an experienced full-stack developer.
Let's keep in touch

AWESOME!! I finished my master in Cyber recently and get only rejections due to 0 exp ... 😦

Pretty spammy, responding to a three-year old message

Bros just catching up on chat

Sorry, lol.
I thought it was recent message.

But the thing is I am an experienced developer, full-stack+blockchain 😄

I don't see how it's relevant to even the message in question, or to me. I've not been active in this discord for a couple of years 🤷‍♂️

Yeah, I was just finding someone who can need developer with full-stack experience.
And saw your message posted. But it was 2 years ago. haha.
Sorry if it's inconvenience, but looking for a good opportunity to work with you.
I can give you more details about myself if you want to hear.

👍🏼

Please do not send unsolicited friend requests. I don't know you. I've not said I'm looking for people to work with.

Lol, okay. I won't send.

You already did.

How can I cancel it?

You'll get there! I applied to a dozen of places before where I am currently at and got rejected. Though being honest, this company prioritizes the desire to learn while also preferring inexperienced folks (and we aren't doing anything crazy)

Not to belittle a person but guy hired after me had never used a linux system and is still here

It may be arrogant for me to say when I haven't mastered all current tasks in the job, but I am rather dissatisfied with the company

Don’t me to butt in.. but what was your experience prior? I didn’t think the no’s would bother me much, but aside from actually loving what I am doing, I’m finding the “no’s” are casting doubt and causing some imposter syndrome.

You will encounter imposter syndrome quite often, even when you are an expert in the field. It is the mindset or what you probably are working on that cast doubts.

Its okay to not know everything, and okay to ask for help if you are unsure or don't understand. Be honest when it comes to job interview

I don't mind the inquiry, I commented it here so its fair game but I didn't quite understand. My experience prior to what?

I have considered imposter syndrome but being aware of the possibility doesn't help me much except being a little bit more daring. Regardless, I just have to keep moving forward.

As for my work, what I am actually doing didn't align with what I thought I would be doing so I've been having my doubts. I think that's my issue with it.

Thanks for the advice

Gave +1 Rep to @polar aspen (current: #718 - 5)

i was asking more your experience prior to landing the role, if you were in the same field or not..

No, I didn't have any experience in the IT/Cybersecurity field prior to this job. Only my Bachelor's in Comp. Engineering

Sorry, should've replied

no worries at all! thanks for your input!

Gave +1 Rep to @vague scaffold (current: #2085 - 1)

I have a question do we need to learn the whole language or we can just do the basics and move further

You need to learn few basic and I would suggest syntax

But definitely need to know some command lines

im sorry if this isnt the right channel, but i just had a couple of questions

im a high schooler super interested in cybersecurity, and i actually just got my GFACT certification. im just kinda wondering where to go from here?

are there any certifications people recommend, and if so, which ones do you recommend for a high schooler looking to enter the field quickly?

im also looking to (hopefully) get a job soon, and im wondering which certifications look best on a resume?

and last but not least, do you need to go to college to get a job in cybersecurity? im heavily debating this right now, especially because im going to need to start applying for some soon.

any advice is appreciated, thank you!!

If you have the opportunity to get a degree, do it. Individuals with a degree make more than non-degree counterparts and are also not limited by not having one. Many jobs have a degree requirement, whether it be written in to the contract or just required by the company itself. If you're not going to obtain a degree, you're going to need to build professional experience through employment. This means working in another area of the computer industry as cybersecurity isn't entry level in the grand scheme of things. A common starting point is IT/Helpdesk. As far as getting certifications as a high schooler, not sure I'd recommend that. They are expensive and will likely expire before they are useful to you. If you go the degree path, revisit the certification question when you are in your last year. If you forego the degree, try to get whichever company you work for to pay for certifications.

Good evening,
I am going into sophomore year in college and am considering switching my major into Networking Information Technology. I was wondering if anyone has any pertinent information i should. Main thing im interested in is any information around Certs.

Thank You

Can anyone suggest me a path which will help me to get into the Cyber Security Job ?
I think I am more interested in finding info/digging hidden components, love to bypass general way of entering and monitoring stuff. So which one you can think will be more viable for me?

Forensics is definitely that finding hidden stuff part and is really fun imo while a red teamer(although hard to get into) would probably be that entering and monitoring type of thing

If you don't have much knowledge around computers or networking Comptia A+ is a great way to start

I would also pick up learning Linux and some command lines to help. Along the way pick a language you like and learn the basic of reading codes or creating program/small functions

Python or C++ is what id reccomend for starters depending on what youd like but theres plenty more out there. You can probably do your own research to see what you like

so I just started and i look at the list of skillsets
it mention this
Functions of:
CPU
RAM
SSD/HDD

Science:
Threads
Processes
Process Trees
Memory (RAM)
Caching
Buffers
and the articale said it's not an exhaustive list
is there more to added?

or should i just follow the list?

and after i done studying all the skillsets i jump straght into hacking

I have a fair bit of experience. Just wondering what the process around getting the certs is like

You look for the website that gives out the certs, sign up, read about their rules, policies etc. From there you pick the certification you are aiming for. Pay for the voucher, unless its free or you have a promo code, schedule to take the exam in person or online. Make sure you are ready, then on the day follow the process

You will usually get your result if you pass or fail, and you have your certification if you do pass. Some certification expire and to renew you have to pay a fee and do some continuous learning. Each company does it differently so you have to do more research on the certification you are getting from.

Standard certs people go for is A+, CCNA/Net+, Sec+

Usually these 3 are the starting point

Hello everyone

Hello guys! What certifications do I need to start work as SOC Analyst??? 🤔🤔🤔

where can i get free cybersecurity certificates? is it possible?

Not professionally recognised ones.

where can i get proffesionally recognized ones

You’d have to pay for them, good examples are CompTIA, ISC2 or OffSec

thanks!

That said, ISC2 offers the CC certification for free unless that changed recently. It's very entry-level and not well-known but at least the company issueing it is a household name.

A few people miss out there is a subscription for ISC2.

True, I didn't consider the $50/yr or what it was as certification cost.

Plus local VAT

I think it's only paid after a year is up, so it's free for a year at least.

That is correct, looked it up. And it goes up to $135 once you hold one of their advanced certifications. Although by that time you're likely swimming in money anyways.

you need to pay before they issue the cert

you can pass and get referred by other ISC2 peeps but the final step in issuing out the CC is the $50 subscription

Their website is ambiguous about that imo
Associates of ISC2 pay an AMF of U.S. $50 which is due each year upon the anniversary of achieving their associate status.
but also
After you pass your exam and receive official notice from ISC2 to begin the certification application process, select Associate of ISC2 if you do not yet have the required work experience. You will be prompted to pay your first Annual Maintenance Fee (AMF) of U.S. $50.

I mean it's clear what they mean reading both, but the first quote could mean that you only pay after a year.

Shared on LinkedIn by the Linux Foundation today, maybe interesting for some here: https://lfenergy.org/training-certification/

Especially this one: https://training.linuxfoundation.org/training/developing-secure-software-lfd121

All free

You can be an ISC2 Associate without having their certifications.

Which is the main difference, getting the cert forces you to pay it.

What? Associate of ISC2 is a certification. Passed the CISSP exam but without having enough time served in industry to qualify for the full CISSP.

You do only have to pay after your first year's membership. After that, yes you need to pay a membership, but you also need to demonstrate you're studying other things in the field like teaching, doing courses, exams, using your skills professionally and having a record of it, or else you need to sit the newer versions of their exams. If you don't keep paying, your certs won't be validated. This is the service they offer as an accreditation organisation and many people in the industry recognise it as a normal part of being a cybersec professional. They are trying to exhibit cybersecurity as a profession in the same way doctors, lawyers and accountants have professional accreditations on top of their degrees, etc...

Of course there's others who will just get the cert and use it to get a job and subsequently not maintain their certs, others who just read the books, plenty of people who, once you've held it once won't care whether you're maintaining it because you're maintaining your professional standard in other ways...

Yes you can be an ISC2 Associate, that just means you pay your fees. You can be a CISSP Associate if you don't have the standard years of experience/college degree

Oops, I meant ISC2 Candidate

Associate of ISC2 means you have passed one of their exams, commonly CISSP
https://www.isc2.org/certifications/associate

Ah yes, that's the one. You can just be an ISC2 member without holding any of their certs if you pay the fee. I did a previous version of the CC course over a weekend and didn't have time to travel for the exam

yeah. Being an ISC2 member, attending meetings, isn't a bad idea. The CC certification tho, is not worth it

Yeah the CC cert is definitely not worth paying for, and they know it. It can be a good indicator of intent to a potential employer if you pass it using the free course and voucher in the process of getting SSCP, CCSP, CISSP; simply because when you actually pass those certs they can see a trail of evidence of your achievements, which is what being on the ISC2 train is about, in a professional perspective. Most people, once you're working in the industry don't care as long as you're keeping up with the skills and changes you need to do your specialty

https://github.com/miracleaxax/3num

How is this related to careers?

Prolly a project they made

Sorry I'm just kinda curious 😅

?

That didn’t answer is question tho

Curious about what? You self-advertised in multiple channels, what is this for?

Please don't advertise your product without interacting with the community in some meaningful way.

Relax man I apologize for

i dont have time to do both network+ and sec+ within the next year. would it be possible to get cyber secuirty internship with net+ alone alongside some tryhackme

also does putting thm on your resume for internships work the same way for jobs. Am aware you shouldnt nessessarily put it for your job.

Hey guys i need some carrier advice
i am trying to get into a SOC analyst L1 role and i was searching for Job related to them on Linkedin but the relavency for the job title does not mean anything i am not able to find jobs that are right fit or are close to what i am looking for how should i approach this.

I would instead get Sec+ but tbh, you wouldn’t need any certs for an internship. The level of capability that is expected from you as an intern won’t be that much.

with THM, I would add it as extracurricular or personal development, not as direct experience or education.

I don’t know what the biggest factors are in your country or area when it comes to internships but from where I come from, its usually a willingness to learn, basic technical expertise (networking, OS, etc.)

What do you mean, you can’t find job responsibilities that align with what you want to do or you’re confused of different job responsibilities per posting?

no the relavency of finding a job that suites the title is not too much and when doing the search most are either irrelavent or need higher experience

if i search for job title SOC analyst L1

then mostly i dont find jobs that are fit for the title

do you mean. the job says its a entry level job but it asks for you to know some pretty advanced things?

yes

Can someone advise/comment about my resume

in my opinion waaaay to much text

And regarding your projects: How did you contribute to the results you list? You're supposedly not applying for sales jobs, so how is it relevant for a potential employer that a company you've worked for increased sales in an unspecified time period?

It's spelled out on linked in

One sec

So what should I do?

Put all the info from linkedin in the resume as well?

Doesn't matter, your resume must work on its own. The skills list is already too long. You should tailor the resume to the position. In most security jobs unit testing is irrelevant. Many of the terms are too broad. "cloud security", "backend security". That can mean anything.
Also you have education & skills and then next heading skills. In the experience section I would put the position you had in each company.

Ok

I'll work on it more.

It's difficult. On one side it's waaaay too much text, nobody's gonna read that. On the other hand crucial things are missing imo

Here's my resume generation code.

Here's the json it uses to build the resume

I just have to work on the json.

I hate having to type things out manually in word processors. It's the most annoying thing.

I don't mind coding though

Collaborated with designers to create secure and intuitive UX using PHP & CSS frameworks such as Bootstrap, jQuery, Code Igniter, Kohana, Zend, Laravel, and Apache Cordova/Phonegap, incorporating CSRF protection, input validation, and secure session management

This for example is just dropping buzzwords. The whole Sky Social Media Inc. I would personally cut down to at most the length of the HashSecurity.net section.

Ok

I am noting all this, please keep the advise/tips coming. Thank you so much for your time and eye

Can you give examples of specific skills ?

1. Cut down sky section
2. tailor for job
3. reduce skills text
4. use specific skills that the job requires (maybe from their job description/requirements)
5. Projects section should mention what I contributed

Anything else?

nice projects

Docker is a skill, if you can back it up. But that only goes in your resume if it's relevant for the position you're applying for. Probably not for a security job, in most cases.

People use containers in development. Container security also matters.

Stuff like unit testing, git, all this also kind of matters for security code autiding

SAST/DAST

Nothing is really irrelevant

Probably too much text

and not specific enough text

but definitely nothing irrelvant

Everything in there is somehow security related to my skills.

I just need to word things better and hack the resume 100%

You can find an argument for everything and end up with a resume like yours. Again: It needs to be tailored to the role your applying for. They're gonna mention what they expect.

That's why I did the software

I actually thought of the following

Take job description and requirements from posted job

Feed into Generative AI and ask it to compare it to my resume and tailor my resume json to that job

No lies or anything, honestly figure out what I have done/experienced and put that from the job into the resume json

This way I can build different resume json files for each job

I don't want a shotgun dating approach to resumes

That's why I did the tailored thing. First step done, system is good, resume builds fine

Now to refine it

Just need to refine my json building process

i think what cyber is trying to say. Most employers only skim over resumes. they have hundreds of other resumes they have to look at too

I am aware

First you have to get past the automated system

Then you have 5 seconds to impress a human

5-7 seconds they glance over

So top 1/2 of the first page of your resume is prime real estate

Everything you want them to see int he first few seconds should be in there

So I'm still reconsidering what to put in the top half of the page.

I don't want a long list of things, I Was just b rainstorming, now it's time to refine

I want them to be very easily able to identify what relevent skills I have for the job andd etc. etc.

I don't want to have the reader be forced to take more seconds to find the info about me

I want to make it extremely easy for them to see and find the relevant info at a glance ina few seconds

I don't have a lot of cyber experience as I am coming from development from but as CTO and for life/my personal projects, I have to manage the security so security is always soemthing I did, but just not professionally uniquely

So I don't want to lie on my resume either

So I'm thinking of focusing the security related things I did at the jobs I had

Is there a need for the lines of text?

What counts as... can Nessus or knowing how to use/setup/configure etc. SIEM systems or IDS/IPS count as specific skills? If I could get an example of specific skills, I can think about the ones I have and word them specifically.

Performing vulnerability scans with Nessus
Conducting forensic investigations using EnCase
Deploy SIEM solutions like Wazuh

Are these too long? Too specific? Thanks

Oh EnCase.

Lovely bit of software.

Creating secure AWS and Azure IAM policies
Performing code reviews for security vulnerabilities using Cenzic and Qualys

Are these how to word skills? Or am I still off?

Or would these more be points for the job description or stuff I've done there in that section

Hmm. How would you word things like building entire secure networks for companies, what does that qualify as? what kind of skill? how to word that I've build secure networks for small to medium sizes businesses from the ground up, from networking components to which protocols to use and regulatory compliance and etc. installing OS, hardening, pretty much everything.

https://youtu.be/K4uXHXcGYe8?si=ztmjCHD-lkzrBjQY

Nice

Then you have 5 seconds to impress a human 5-7 seconds they glance over
You say that and then you have a resume with 22 skills in addition to a 70 words self description. And when I say nobody's ever gonna read that you argue how it's all not irrelevant. You do you.

I said I was brainstorming. It wasn't a real actual resume.

hence. "resume.new.pdf"

When you brainstorm, you think of everything.

Then you cut down and refine.

That is true

But sorry to have offended you, sir.

People online often take offense when they feel like you didn't instantly accept all their advice without question. It's an ego thing I think. I mean, if it was me, I'd have to offer the best advice I can because that's the right thing to do. What another does with my advise is up to them. You've at least done your part. That's how I am. Even if they don't take my advise, I don't feel like I wasted my time and get upset or irritable about it. shrug

well spoken

Thank you. Just speaking from the heart. 🙂

I am in the U.S and honestly I started to study for the sec+ then It seemed a little too advanced for me. I dont have relevant coursework as im an engineering major. I want to build up foundations before jumping into secuirty.

Youtube Professor Messer Security+ videos

See if that makes sense to you

He explains things well.

Right before sec+ you need network+ and know the materail for A+

yea tried that thanks. But with no foundation it didnt click in my brain

Basics

https://roadmap.sh/cyber-security try this maybe

brother i am aware of the basics. I just was inquiring on whether or not network+ alongside try hack me would be good grounds to help me get a sec internship

thank you

I believe you. I just went by what you said.

I dont have relevant coursework as im an engineering major.

What basics do you have in place and what are you lacking?

Network+ and tryhackme skills would definitely help in securing an internship

just learning networking basics rn

awhile back i did learn basic linux

Here's a more optimized second draft of the resume. I took a lot of your advice

This is tailored to a locally advertised position with the gov, cybersecurity

@warm hinge Please don't post job opportunities in this channel. 🙂

mb

Ah, I see the JOBS-BOARD room now

Definitely better

Updated to the latest version of pandoc and now it looks like this. Much better, cleaner, sophisticated, eas;y on the eyes, no colors, no images, no lines, nothing.

And everything fits on one page.

Now to just refine it more a bit.

Third round of improvements. Any more advice/suggestions?

https://www.indeed.com/career-advice/resumes-cover-letters/ats-resume-template

i've been on THM for about a year but i haven't gotten any certifications to show for it

are there any paths that cover sec+ certification content?

For me I feel like your resume not organize right way

Only in small parts. THM is all about practically doing things. Sec+ on the other hand you can pass without having ever used Nmap. This one has a fair bit of overlap: https://tryhackme.com/path/outline/introtocyber

is THM down?

This one is much more thorough and practical than you need for Sec+ but wouldn't hurt to get a better understanding: https://tryhackme.com/path/outline/beginner

Neither of them covers all or even most of the Sec+ curriculum.

Not for me.

got a 504 error for like 30 seconds but now i can get on

anyways idk i'm prepared after this

https://i.imgur.com/GQeLcBt.png

doing the google cybersec cert first then i'll get into the sec+ grind

on module 6/8 for google

guess i'll have to go back to professor messer for sec+

What's the right order?

Right now I am working on CASP+ certification

Here are the certs I have acquired so far in my life in cybersecurity, except CASP+ which I'm working on now

I also have CCSP, SSCP, ITILv4, and it doesn't show A+ but that's in there too not that it matters and MCSE and MCP, and ECES encryption cert

People take comptia path or some people take CEH type path or some take ISC2 cert path.

You have to figure out what's best for you. After I'm done with all these, I'll be working on honing my pentest skills so I can one day take CEH certs and increase my level that way

I mean is depend what you want so overall in my opinion do more technical stuff but this is my thing I don’t like CompTIA to many people has it try to be different

So when you apply for job you can come out different then others

Hence the ISC2 certs

CCSP and SSCP

But certifications don't really mean much when it comes to getting your job done

You need to have the skills and knowledge to get practical work done

That why do technical

Anyone can pass certifications even without knowing practical work

In technical you go to do your own thing

Not verbal

Haha

Except for performance based certs like CEH

You can't fake performance based tests.

Have you heard you can sign up for the beta of the next version of casp+ (renamed to securityX) for $50? It takes a while to get the results but the cert is fully valid

Is really what you want do purple team red or blue

I have not

Good morning

Woah I sent this message once but it shows up twice oO

Not on this end.

Yep

Could be client side. Refresh page

So what do you guys think? Order of components on resume

// Define the order of sections
$sectionOrder = [
    'personal_info',
    'experience',
    'education',
    'certifications',
    'skills',
    'projects',
];

Here is my current order.

Some blog posts and the one I linked from indeed.com etc say to put the Experience first, then education/certs/projects etc.

Some people say to put personal info, then education/cert, then experience, then projects?

What is the optimal order?

// Convert HTML to PDF to DOCX using Pandoc
$pdfFile = pathinfo($jsonFile, PATHINFO_FILENAME) . '.pdf';
exec("pandoc --pdf-engine=xelatex --variable=geometry:\"margin=.5in\" --variable=header-includes:\"\\usepackage{fancyhdr}\\pagestyle{empty}\" $htmlFile -o $pdfFile --css=style.css");
echo "PDF file created successfully: $pdfFile\n";

exec("pandoc $htmlFile -o $docFileTmp --variable geometry:\"margin=0.25in\"");
echo "DOCX file created successfully: $docFileTmp\n";

exec("pandoc $docFileTmp -o $docFile --reference-doc=custom-reference.docx");
echo "Converted $docFileTmp to $docFile\n";

unlink($docFileTmp);
echo "Remove $docFileTmp\n";

and instead of just PDF, we're now olso generating a DOCX file with proper formatting and page margins etc.

Some people don't want PDF, some don't want DOCX, some ATS software can't see PDF, most work well with DOCX

So the file format of the resume also matters a bit

Also, don't put PHONE - EMAIL - LINKED in on one line. That seems to sometimes confuse some ATS software. Instead, put them one on each line by itself right under the name.

First goal is to make a resume that is tailored for ATS software. File format, resume format, resume tailored for that particular job, using keywords from that job, so the ATS sofwtare can flag your resume as potential match

Applying at indeed is really weird. They give you a place to upload your resume and then you just have that ONE resume that is used to apply for every job. That's not very optimal.

https://www.youtube.com/watch?v=eFbBbcJeRdU

Did you use cert master learn? Would you say it’s worth it. I’m a student so the test is half off so I technically can spend more if I really need to.

I did use certmaster.

Don't listen to anyone else who says CM sucks

CertMaster literally gives you exactly everything you will be asked about on the exam.

You just have to read the material.

Don't worry if you score less on the certmaster practice exam. Those are 20% more difficult than actual certification exam

So if you're getting 90% or more on certmasters quizzes/exams, you will easily pass any course.

I think it's worth it

You don't have to use certmaster

A+, Network+, Security+ you can learn online and using videos and professor messer and jason dion

Coding a resume builder that maybe we can all use for a standardized format. You select JSON file, and it builds resume. Now I need to make an interface that where you paste in job description and job requirements from a job posting, and it talks to an LLM and extract keywords and build a JSON file from it, tailored for that job. Then build the pdf/docx resume files. Automate everything! Then refine/cleanup later.

For my needs, making it for myself, np. Works right now. Making a generic solution the world can use, that's going to take more work. It's cheaper to just copy paste into chat gpt and askit to produce the JSON instead. API costs too much. Local llms are not good enough.

Exactly as I feared, guys. Local LLM is not good enough.

I'm gonna go do something else for now. Try to think about this automation with ChatGPT instead. but their api will cost money. Anyway, good day. Not entirely on topic. Sorry. I guess.

You mean to make it public is too expensive? Because for private use the API costs pennies

Yes public.

I haven't got any funding or manpower really to turn this into a product

Then again there are tons of resume buidler services out there.

So is this a website or how will we call it

Just on my pc right now

Wow
I'd envy having a mentor like you

I could mentor people maybe I could start a service

What would I mentor though?

and thanks

For me I think I'd need someone who can teach me more of websites.....
Not only how to create them but even understanding other languages

we can do that here in #programming

Yeah I do have ideas but lack someone who we can implement them

If you need a personal tutor, I can offer myself as that. What langauge are you interested in?

I'd need it personal though I won't be able to pay funds for that that's why I always give up

It's a matter of time. Time costs money

Yeah...I'd definitely need you
At maybe your free times

To guide me if you won't mind
Coz I've been checking on your ideas
... bro they are Einstein like ideas

So about languages... can one learn a language without knowing web development... and if they can learn then where will they use the language...
And what really are the different languages that people learn n there importance

As in I got ideas but putting them down has been hard

Depends on what you want to do

You can learn any programming language you want. You don't have to do web development.

I also do c++ and mod Diablo 2 for fun

https://gitlab.com/hashborgir/d2tweaks-rnd2k/-/blob/extractor/src/d2tweaks/client/modules/loot_filter/loot_filter_settings_menu.cpp Currently working on optimizing this file

Where do you use the c++ n the c language for instance

C++ I use for system level or lower level programming

Such as reverse engineering and modding and coding for Diablo 2

For system daily tasks, automation I use python and php and bash.

For web I use php and javascript

It's my wish connecting with you if you'd give me that favor as a bro

For real for real
I just need some knowledge n skills brother

We are connected here

Feel free to ask whatever you need in the correct channel

I meant like maybe whatsapp if you don't mind

https://github.com/krisives/d2s-format/issues/13 Here's a reverse engineering effort where I had to figure out the Diablo 2 save file checksum algorithm

And ofcourse please
A word I forgot
Please @viscid haven

Turns out, it's a circular left shift

I do game stuff as it helps me keep interested

I can't do boring tasks of reverse engineering

I'm actually still stuck on the Binary Heaven room last task. I can't seem to figure out ROP chains yet. I havne't taken the time really.

Yeah
True

Return Oriented Programing in ASM

Find things that you like and hack 'em.

For example instagram accounts 😂😂it's just my wish having that knowledge

Sigh.

Yeah, sure sounds like fun I guess.

Try to focus more on more meaningful things

Hacking social accounts is 1) trivial, 2) illegal, 3) juvenile.

Yeah true to this

Some knowledge ain't that worth of risking to try out in experimental

I also will not help teach any illegal activity or hacks.

Yeah

As cybersecurity professionals, we have taken certain oaths and made certain promises.

@viscid haven Bytha I'm asking if we could connect via WhatsApp
It's my wish getting your guidance in programming n web n also helping one another with ideas

I don't use what's app for anything other than family.

For sure
It's good being ethical

Sorry

I'd appreciate it if you stop insisting.

I'm sorry bro
But yeah I only need guidance
It's over though

As I said, I'm happy to guide you here.

I also require guidance and we can all help one another here. you don't have to get me on another platform.

Cool brother I sent a request

Sure, but I don't provide support in private.

Try to keep things professional with me. I'm autistic and I like to remain professional and respectful.

Oops... cool bro
Thanks for your time though

Thank you

Feel fee to ask whatever questions you need guidance on.

How can I make my resume more appealing to potential employers? I am getting my Security+ certification soon so I will add that to my resume as well.

Uniform formatting, it's all over the place.

JROTC isn't work experience

But the biggest problem is imo that you're trying to sell something that your experience in no way backs up.

Get rid of colors and formatting

I had that too, it's not good.

Keep a simple text only resume. You're trying to get past AI software first.

Then make a simple resume, text only, no gimmicks.

I think a good part is due to the redaction

Structure your resume semantically and properly so each section and it's data can be properly parsed by ATS software

Also, test your resume in any number of free or paid ATS resume testing software, how well your resume is parsed. etc.

"Skilled in conducting vulnerability assessments", "experienced in performing penetratiom tests" but relevant work experience "sales associate"? What am I missing?

work experience doesn't seem coherent with the rest IMO

if you did pentests, that should appear

How did you conduct vuln assessment?

That's not the same as pentesting btw

experienced in performing pentests, how did you conduct pentests?

bit too much wall of text on the top, assuming you had individualised cover letters?

CTF isn't really work experience

looks like you're trying to pad the resume

@tacit bobcat Are you also on IRC ? Libre.chat?

I was a long time ago

I'd also bet that you don't have "strong technical skills" in all the areas listed. A database administrator can claim that for databases. The specific ones they worked with. Now, one can debate if "fake it till you make it" is the way to go, I personally wouldn't. Cloud computing and network protocols: are you comfortable you could answer detailed technical questions from let's say a network or cloud engineer with >5 YoE?
I'm going by gut feeling here, correct me if wrong.

You were an op in my channel.

🙂

nah not there

If you're the same person

unless

I run #websec on libera

nah

mostly trolled on freenode when that was still up

I also did the website for #security on libera https://websec.anti.guru

Now I'm on Matrix

In case anyone wants to check out Matrix

https://matrix.to/#/#selfhosting:mozilla.org Here's my self hosting community

probably not the forum for that

And whilst we're at it "served as a red team member on a team of three", are we talking actual red team ops? Pentests? Vuln assessments?
Red team ops seems... unlikely... which means you're likely to get hanged by terminology in interview as well

looks like CTF

Don't lie on the resume

yeah

Only embellish appropriately

that was a lot of embellishing

You're trying to sell yourself, but don't be a car salesman.

or a snake oil salesman.

(reads more like a carpet salesman)

to build on what Muiri said, there's a little bit of wiggle room in what "red team" actually means, because there's a lot of noise pollution on definitions. That said, if you aren't doing security assessements with high risk and reduced scope, one probably isn't actually red teaming and you absolutely should not put anything like that as work experience

I'm going to redo my entire resume. I honestly don't have much expereince at all so I don't know how I will ever get hired anywhere.

Apply to entry level positions

I believe most people here feel with you. The problem with claiming knowledge, skills and experience you don't have or not have at the level claimed is that hiring managers will find out. It's part of their job. If not when looking at the resume, if not in a technical interview then at the latest in your first week at work. And then you get fired.

here on Brazil usually they just see your resume to get your linkedin and github

your skills will be evaluated on the specific test

so dont bother writing 2000 lines on your resume

Describe the work you did without the category-terminology, can still mention security assessment as a general term without overqualifying yourself on paper.

I got it to work with local LLM. Had to use chat completion mode and not instruct mode and send two prompts. Now new JSON is generated for any job description and now I can build the PDF and DOCX files.

You are an expert in generating resumes.
Intelligently extract skills and keywords from the following job description so that we can use them later in our own resume:

Using the following extracted skills and keywords, generate a complete JSON resume template based on the provided information.
Here is the base resume template Don't add any new fields to the JSON. Only replace what is there

Still working on refining the prompts.

Hello
How can I make a virtual phone number that I can use in WhatsApp

Not the room for that question. Try #general

Is it worth it to pursue a PhD in Cybersecurity?

MISS state has a PhD program in Cybersecurity, very affordable, and online only so remote, no campus.

I'm considering a PhD in cybersecurity but I'm not sure what that might add to my... life/profile/resume/career

I’ve always liked the advice that if there isn’t a specific reason to get it, ie it will help you get x job doing x thing, it’s not worth it. A PhD is a large commitment, and it might not reap as many rewards if the intent is to just see what doors it might open, as it might not open any

no.

I mean there are specific reasons someone would get a PhD, generally it is due to them wanting to go into academia/research

I will say that largely a masters in cybersecurity generally isn't worth it either except for specific use cases

Paging Dr. Toaster @vital laurel

But I agree with Zojja

oh boy

I'm about to finish my masters in 2 months

Generally, I don't recommend it. However, depending on your goals, it can be worth it

I don't know my goals!

Some positions, almost nearly require it

I just want to be as highly educated as possible.

Have you been in industry at all already?

You have exprience?

Software/dev/IT industry and skirting aroudn the security industry

but jnot in the sec industry yet

coming from dev background but CTO so had to do everything myself including all aspects of security

I have done vuln ass for all clients over 8 years to ensrue they're all secure

we were a vendor for Syhmantec Norton so we did all their social apps, servers, security etc.

I did all that single handedly as well

So I've done work for a social media company donig app dev and web app dev and every aspect of server and app/software security that entila

but I've not done anything security related for any other company or a security company or a legitimate security only job

among others

I could replace all my dev experience with security stuff, and I wouldn't be lying.

Cenciz code source scans, SAST, DAST, pen testing, vuln assessment, Qualys scanning, patching, hardening, total zero to 100 solution providing for all clients

So I could easily replace all my sky media experience with security stuff and it would be 100% accurte/true/honest

Have you worked at one single place for more than 2 years, more than 5 years?

Yes

Sky social media, 8 years

My own company too

I had some clients there, but much luck as I am studying to finish my masters

I haven't worked in 4 years

so to fill that gap in my resume, I just mention my own company and that I was in school.

I also have active references from Sky Social media today, so they can call and get my reference etc.

Even though sky is no more.

Right. I think you need to work for someone for a while.

@viscid haven What is your undergrand and master's in?

But I'm think you need some real industry exprience, Going for PhD right now without that, is probably a death-sentence for your career in my opinion.

Comp Sci Cybersecurity

It will take you years to pursue your Phd. It's worth taking a little time to consider what you would like to study and teach in the field. I know lots of people who teach academia while also holding down jobs in the field; in management, cybersec engineering, pentesting, training military/police, etc... There's lots of directions you can take. You also have to consider the pressure to publish throughout your studies.

You'll likely be expected to give frequent talks at academic and professional conferences, publish papers, perhaps a book. You might be pushed to pursue a postdoc after your Phd in order to maintain relevance and your chance at a post. People who pursue a Phd are usually incredibly passionate about their unique take on some aspect of the field they study. If that sounds like your thing, go for it. But I do know the path is hard; and you will need professional experience in the field most likely

Wait you were a cto for sky media?

Oh wait I’m thinking about that sky media/telecommunications company

The British one

They'd probably not be asking for advice here if it was THAT sky 😅

Prolly not lmao

And if he was a cto there that would be crazy

I'm definitely not entry level. Where do I fit in? I don't know!

Start checking out medior positions and then see if to suits you. Adjust up or down and with different organizations as needed

And start applying to stuff when you hit a sort of ceiling

is there any discount for a 15 year old for THM subscription?

A senior told me on this discord server 10 days ago

Student discount.

May not apply to a 15 year old, unless they have a recognized .edu email address - that's more of a support question than one we can answer.

What can I do if I do this?

Unclear what you mean.

which I find jobs?

What's a good place to look for jobs in the field. I am currently a Cybersecurity Student, 1 year of experience. I have TestOut Network Pro, TestOut ITF Pro, and I am GFACT Certified. I have one unrelated job for experience, and I am 18 years old.

If you have any info please feel free to dm me or @ me with a response. Thank you!

Never heard of testout. Is that a local thing somewhere?

Sub-company that was just bought by CompTIA

they are rebranding rn I think actually

Okay. Problem might be employers not being aware of them. But could be just me.

it isnt very well known currently

CompTIA decided to migrate to TestOut to CertMaster so that might help a bit with getting the word out

if you would like me to, I can send you a screenshot of my completed courses that show its a sub company of CompTIA

Oh I believe you

no worries

just an offer lmao

Since you asked where to look for jobs: it highly depends on the region. Where I am LinkedIn is big but there's also local portals that don't operate outside of the country.

Im in Michigan, United States. Any recommendations?

I don't know but there's users from the US here that could tell you.

alright no problem. Thank you!

If anyone from the United States reads up and has any recomendations please feel free to dm or @ me with a response!

LinkedIn and Indeed

just google jobs and it'll show other job boards

alright thank you!

how did you land a position with 0 experience? I have been trying for some time now adn finding it hard just to get an interview

@flat sedge

Not sure what to say, I don't think I'm skillful enough to make people think they must have me. I think the reason is more on that it's a small MSSP and the way it operates.

Not sure if it helped but in the interview I had the opportunity to discuss how I had practiced/played around with tools like Wireshark, Nmap, Nessus and other various Kali pre-installed tools, additionally how I had a home server and maintained it.

Also, I'm not in the US, in where the competition may be more fierce.

I looked a while back, in the states for any job you're gonna need your CCNA at minimum, I tell everyone save money by skipping the A+. LinkedIn and local job boards, but most will want you to get a security clearance for CyberSecurity positions there.

Alright no problem. Thank you!

Hey guys can you review my cv and give me some pointers and please let me know whether i can upload my cv here or not

You can upload your CV here, make sure all important information is redacted such as Name, number, companies etc. Send it as a screenshot

Ok

Please do the review and give me some pointers so that i can work on them i am a fresher who is trying to get a SOC analyst L1 role

A THM certification is not a "project", doesn't come with "responsibilities" and it's at least debatable if that's "hands-on experience".

Lol it is a certification but we need to debate on whether we can count person having experience with the soc level 1 cert as experienced or not

Opinions on this might differ but I think you're overselling way too much. Nobody with your (lack of) work experience is "proficient" in the use of five different SIEM solutions.

It's a certification, yes. Why not list it as such in the CV then. Nothing wrong with that.

Ok

Would simulating labs would work for projects

Will they help any if i have created all five labs

Thm is not experience it's what employers expect you to do in your spare time as extra learning but it won't get you a job

No, its a certificate of completion

Lol what have I completed if we have to question whether a person have gained some experience from it. I know it’s not complete and there’s still a lot to be done and mastering Soc comes more down to how well you can simulate real world scenarios.

But saying Tryhackme is complete irrelevant then what is even the point.

It's to teach you the basics cyber is very complex

3 years of uni for me and 30k in debt still doesn't make me close to industry standard

No one said that, we are just saying that there is a difference with a certificate of completion versus a certification

Well I don’t think without the right information and requirements we will ever be called prepared

IC...thanks...good luck moving forward!

If you can consistently apply things you learn on these labs. Some people just spin up a lab, do one thing, see it works and call it a day.

For example: you spin up AD, test out a few attacks and never touch it again.

That is a valid point

You need to have knowledge of tools that are going to be in use

But wait where is this conversation heading

Still in critique with your resume

I didn’t get the part with what you are trying to say me adding THM Soc level 1 as a project rather then certification

That was me.

Or the part where i just questioned the value that the beginner soc level 1 certification holds

Well it is a valid point i also see that I can’t just add it as a project

But can i add the screenshot that i sent afterwards

What do ya'll think about adding certificates of completion for tryhackme learning paths to linkedin?

At the risk of making enemies: I think it's rather "cringe". Especially if it's shared in a long post celebrating all the great things you did. But that's how linkedin works.

haha i wouldn't make a post about it, but i'd have it in the certificate section of my profile

Well from my perspective i think it is not bad that you show casing the knowledge you gained

People share wordy posts about their "preparation for the CCNA exam" Udemy courses as if it holds any value. And get hundreds of likes. Wild place.

linkedin is kinda wild in general

so many cringe posts that don't say anything of value

Well what are your thoughts on these certifications that i have done

Just to gain some knowledge and experience

which did you do

Have to add soc level 1 and 2 of tryhackme

I know they are not much

But for start i think they might do it

honestly

if it gets you a job

🤷‍♂️

I am currently in process of completing comptia sec+ 701

And after that i will do cysa+

I have to have oscp too but that thing is for later once i start earning

As it is not cheap

i'm not too familiar with the different certifications haha

sounds good though

yeahhh a lot of certifications are hella expensive

also maybe i'd add a sentence or so per certification explaining what you learned there

Hmm a valid point

I recently got laid off of my network admin job and ended up back in helpdesk after years on not having to be on the phones again. I had to take the job because I have bills but I am miserable on the phones again and I fell like Im starting at the bottom again. I have to get out of this job lol. Is there a SOC analyst around or even a hiring manager that would be willing to look over my resume and help me figure out my game plan to escape helpdesk again?

there are quite a few of us who have done quite a few roles in our careers. I'd post a redacted resume for input

This is a pretty stripped down copy. Im also expecting to have my Sec+ this month

the goal is to figure out what certs and what I need to focus on to get that first SOC analyst job so I can get some years there then move onto a pen tester role

I would recommend you post screenshots of your resume, instead of the docx or pdf

this is my long resume just the experience part. I have a more professional one with just the last 3 jobs but some places ask for my full history so here it is

All of these are remote as well

I feel like I have the "IT exp" by now. Just need a few security related certs and I feel like I should be able to apply. I do not have a degree just the exp

First thing is I would sort the work experience with most recent first, reading down should be less recent. Reason for this is that it prioritizes a reader to encounter the most relevenat experience first

I agree with juun. Order should be most current job to least. Also, I'd avoid light grey text. You should also use the left and right side of your resume such that, you could put the dates on the left side, location on the right. For my resume, I put (virtual) instead of city location.

Also your last job, you have just June 20, I imagine that is June 2020? One thing to consider is you had a job for 4 years and it got 2 bullet points? You gave more bullet points to a 5 year old job that lasted for a little over a year.

Generally, you should include 10 years of job experience but jobs further in the past get less attention. Like your 2015 job (was it a month long?), 1 sentence could suffice.

This is just an old resume and my more professional one has more detail but only 3 jobs listed. Ill add all of the jobs with less detail.

I was given all of the security related tasks at my last company along with the network stuff so in this resume I put security analyst because I dont really know how to define that role tbh. I did a little of everything

if your offiical role title was not security analyst, do not put security analyst as the job title. That's an easily verifiable thing, and would immediately disqualify you as being dishonest from many places

List the security things you did for that role, but if the title you had was not security analyst, do not put security analyst as the title on your resume

Alright. They were actually supposed to give the title change but neve did. Good to know

Hey guys general question I'm just starting off in cyber security with no experience in computers what so ever. I just finished Courseras google cyber security certification and was looking for some help on where to go from here. Is the CompTIA security+ certification a good next step and is it required for cyber security jobs? Or should I start applying now and what jobs should I be looking for? Any and all advice is appreciated.

Guys need one suggestion , I've been solving thm rooms and portswigger from some time , I am getting the grasp of some thing but again when I look at the topic it seems too vast and the real-world scenarios like issues , ctfs , competitions etc are on a different level (know most of the stuff used but can't decide that on-spot).Like along with that I am reading two books as well one on networking one on windows and learning linux(arch) by using it on daily basis as my main os . Is there something wrong with my method and if there is how can I improve it.

Like I wanna apply for internships and get hands on in real world asap but then again I look at the requirements in internships ,I seem to know most of the stuff req. but still can't build the confidence to apply (like what if they ask everything which i don't know and blah blah .. )

no need for double spacing in a resume and again, feel free to use the right side of your resume as well (like dates could go on the right)

just apply. Let them disqualify you, don't disqualify yourself

a lot of it depends on what country you are in. Security+ could be valuable in the US. Other countries don't seem to take much value in it

Yeah I'm looking at jobs in the US

hmm got it I guess got to be more confident , thanks

Gave +1 Rep to @pseudo creek (current: #15 - 480)

one more question is it the right path or should I change something in my way of learning

and for resume I've seen people applying for dev roles build projects , so is there something similar like something I can showcase or should do which can give me some advantage

Hey folks, if I'm aiming at quickly pushing my resume into acceptable territory for entry level, which of these learning paths should I be pursuing? I am biased toward the Offensive Pentesting path, since I already have about half of it from the rooms I already did... but then when I look around on job boards I don't see a lot of entry-level pentesting positions.

that is because pentesting is generally not an entry level job... you most of the time get there from first helpdesk then soc and finally pentesting and eventually red teaming

That's because pentesting isn't entry level. Cybersecurity itself isn't entry level in the grand scheme of things. Do you have any prior professional experience in the computer industry or a degree? TryHackMe is a good additive to work on in your spare time to shore up your knowledge, but it doesn't stand on its own if that makes sense.

I come in from being a sysadmin for micro/small businesses.

Oh, OK, that's good

No degree or certs, companies I worked for weren't uh, big enough.

But they were actual businesses though, as in you got paid a taxable wage?

So, I generally know my way around, and I want to move into security because I'm sick of dealing with non-technical management with crazy expectations.

Yea

Is it appropriate for me to link my resume here?

Just to fill in the blanks?

OK, if you can swing it, I would suggest taking Security+. Then start applying for entry cybersecurity (as a whole) roles

Sure, just post an image of your redacted resume

I can't afford the cert, thus THM lol, one sec

I'd really recommend trying to save for it then. It is the baseline certification for knowledge in cybersecurity and meets a lot of HR check boxes.

Yeah, once I have a job... which is kinda the point of what I'm trying to do.

Your experience should be first

TryHackMe isn't education or certification

Your skills should be professional skills that you use at your jobs and can talk to, at length, for 20 minutes

I don't follow. It may not be recognized as highly as CompTIA or whatever, but it's still someone certifying that I did/ learned a thing

I personally don't like summaries, but if you want to keep a summary, it needs to change. The way you wrote it seems lackadaisical

I'll be honest, I appreciate your input, but this resume is the result of me talking to a hiring manager a few days ago, and this was the recommended format. There's so many different takes that I'm genuinely lost.

Certifications are not Certificates. TryHackMe does not provide any certifications. Education is also meant for structured education, such as High school, College, etc

Ah, I see.

Certificates do not verify that you actually know the material or that you did it yourself. Certifications have an organizational body backing them and verify that you know the material to a certain standard.

Okay, I didn't know that. I'll excuse my mistake by being ESL lol

The general format is fine, the order of the categories just need changing up. Then you can tweak the contents.

Ah, no worries.

So, work history first, skills second?

Fun times, I have lots of gaps.

If you want THM on the resume, I would make an "extracurricular activities" section

I mean, I don't have anything else to show. And if I make another section I won't fit it all on one page.

Which is why it's so cramped in the first place

You have a lot of whitespace

Look up AwesomeCV and try it out

I'm writing this in org-mode, I'll figure out the latex for columns I guess.

Or make a table

AwesomeCV is LaTeX and does all of it for you, you just have to enter the data

ah

I'll need to do some major edits to that :/

But thanks, I'll mark it as a weekend project

Personal projects aren't experience either, they should be in a projects section

...that's why the section is not called "work experience"

Sorry, I assumed that was clear

Experience means a specific thing in resumes

It means professional experience

Hands-on practical knowledge, no?

No, as in places you worked professionally. With bullets describing your "greatest hits" at each role

Actual work learning/experience is very different from personal project learning/experience

It's OK to segment it out

The only difference I know of is that management is very pesky about constantly changing requirements, and having more stress. But as I said, I only worked with small companies.

Or, put another way: I know I'll complete the things I set out to do on my own time, but I never know if the work projects will be canceled or not.

Out of curiosity, what's the general opinion on more creatively formatted CVs? Something like the attached. Think it has any real impact on one's odds for the position?

Specifically for a cyber position, I assume it would do wonders for other fields

Personally, I hate double columns and also pictures & multi color is a bad idea, at least in the US

How so, if I may ask?

Also, since I only have had two technical positions (by title, I helped with tech in most jobs I had), how would you handle one-off jobs that come and go randomly, like addressing DNS issues, setting up email servers, migrating data, automating tasks on a freelance basis?

I was thinking it would be bad on the resume but this restructuring has me thinking

@stoic cave hi hope you don’t mind I @ you and jump in here but you seem to have some experience I assume as a mentor. Kinda running into the same problem as Phil with different things being told to me by various job help places.

I was just going to do my resume over after I got some projects done as I’m coming from a non tech bg. I did the Google cert and have my sec + but it seems like from what you were saying above, none of that matters unless I have professional experience?

The biggest things are professional experience or a degree. Certifications compliment either of those, but struggle to stand on their own. As far as "what is professional experience," it's any experience that you've built in a professional setting. That includes experience outside of tech, you just have to relate said job to the new job you're looking for.

When you say 'relate', what do you mean? My autistic brain instantly jumps to 'write a paragraph explaining how that task/ skill is applicable to tech' but I find that unlikely

Relate your bullets under the role to the type of role you're going for

Talk about, in bullets, the work experiences you've had at those roles in a way that incorporates the new job requirements

Alright. Thanks!

Don't write a paragraph for each transferable skill.

When I was taking the Coursera classes they were talking about having a professional website that pretty much acted as a resume. Has anyone tried that or is that a bid idea

The point of the resume is that it's the elevator pitch to start a conversation with the interviewer

It can be ok

I have seen a fair number of portfolio websites that were homebuilt and absolutely awful

😂 yeah I suppose it's all in the actual execution

Are we still talking entry level IT roles like support/help desk

If so then damn

Hi has anyone worked an IT helpdesk or familiar job here?

Wait so what would a fresh out of uni, has a degree but no actual experience, look like. Of course you should try to get an internship but without one what would it still look like.

Hey guys I have a 4 day CTF challenge that is part of an interview tomorrow. any advice?

I am currently a SOC analyst with 2 years of experience, Comp Sci degree. The job i'm trying to get is for a Pen Testing position. I've been practicing CTF's for a couple weeks now but still feel like i won't stand a chance

Get enough sleep so you're well rested.

Hey everyone I wanted to pivot my career to IT and Cybersecurity. I have an associates in electronic engineering tech and worked with RF and aviation fixing electronics. I really want to remote work and try to get away from these graveyard shifts and recently my contract ended for my job so I been jobless. Could anyone recommend a good path to choose with my background? I was looking toward like A+ and Sec+ but should I just go straight to Sec+ ? Any advice would be amazing I have time now and willing to double down on learning while I am job searching.

Don't start with Sec+. Depending on what you already know A+ or Net+. There's hardly any cybersecurity jobs that don't deal with networking. You'd have a hard time understanding (as opposed to merely passing the exam) the contents of Sec+ without that.

Thanks for the advice. Would it give me a better advantage to start with Net+ first then so then it could help with Sec+ once I get there since they go hand and hand?

Gave +1 Rep to @modest geode (current: #104 - 64)

It absolutely would!

Do you reccomend any resources to start? Being jobless now been giving me the fire to just learn and really double down on this while I have time to use. I did find TryHackMe should I still put effort into this site as well while I'

work on the Net+ stuff?

For CompTia have a look at "professor messer" and "Jason dion" on YouTube and udemy. That's all you need for net+ and sec+.

Great! Thanks for the advice. So buying the bundle for CompTIA's book isn't worth it right just learn online then buy the voucher for the test?

That's what 99% of people do who don't have a company pay for them.

The official material is overpriced and unnecessary

Awesome. Thank you for the really solid advice. Do you reccomend I still do stuff on TryHackMe as well? I figured I need some type of experience to put on my resume while I learn and try to do the tests.

Gave +1 Rep to @modest geode (current: #101 - 65)

You can do that in parallel, sure. Maybe start with the introduction to cybersecurity path.

Thank you so much for the guidance it really means alot. I'll get started on all this now!

hello everyone i am trying to get my first certificate in penetration testing i am very worried as i have to get a job from next year i have a budget of no more that 400$ which one should i go for??

PNPT

just take it from 400$ to 500$

Do you have previous IT experience?

TCM offers a 20% discount to students, veterans, and military all year round if I remember correctly. You'll just need to show proof. However, if you don't have a job at the moment, I'm not sure if taking a certification is a good move for you at the moment.

Hmm

please answer this as well if you can

So I'm guessing you're aspiring to be a penetration tester or at least to perform at a high level as an ethical hacker. You're on the right path. I noticed you mentioned things like real-world scenarios, ctfs/competitions being on another level. Yes, it does take a lot of effort to get to a high level as an ethical hacker.

I hope you're having fun with all the challenges and walkthroughs on THM. There is lots more to learn. You're also making great effort with Linux, Portswigger and your reading material. Linux is pretty important to most jobs in cybersecurity, so familiarity with it should be maintained. Also with Windows. Being able to install both of them and configure them to act as servers/workstations is very beneficial, aloong with the applications they run. Portswigger is some of the best training on web pentesting, alongside all the resources on THM.

Pentesting is a role that will push you to learning a lot about the technologies that run organisations so you're constantly going to be learning and exploring new things, reading, studying, revising, testing and doing new things. Keep going. There are many more resources you're going to encounter as you progress. And yes, keep applying to jobs that interest you. It's up to them to decide to hire or reject you

Need CCNA I believe, can skip the A+, after the Cisco CCNA, then take whichever direction you're gonna go with the certs, Network Chuck explains it pretty well, and you learn more on your own. But a+ is seriously just a time and money dump if you already know your way around a bit. CCNA will also get you a job. Get Cisco for Networking stay away from CompTIA on that one

I also like TCM's content but there are no jobs in India on indeed or linked in that mention that certificate I am thinking of something that can help my resume

Yes I have done some WAPT and basic but hunting currently I am learning Active directory and later I planned for binary exploitation it's just that I only have a year left and that is worrying me a lot

So you have had a paid job doing that?

Not a course or class

Me?

No I have no work experience I am just a student rn

Then your WAPT is not experience. Pentesting also isn't an entry level job in security; there are some companies willing to take true entry level, but it's very very rare.

Junior sys admin, net admin, and support/help desk are much more common entry level roles for infrastructure.

Wait really?? Even after these certificates like oscp Or crto

there's a lot of risk in pentest. Those certs will get you the interview, but understanding when to stop is as important as being able to get an exploit to work.

Now I am worried even more then what should I learn the next one year

I mean you can't change the job market; you can only maximize/improve your chances. OSCP definitely does that. It's just not a guarantee for anything.

I guess I am just going to stick with this and see what happens still worried though

Who knows how the market is gonna develop.

But still if not penetration testing then what entry level job should I look for so that I could later switch

What juun wrote earlier

really? I havent looked up too much about CCNA but is it really better then CompTIA for that one?

it depends a lot on country and your goals. In the US, Comptia certs are fairly well respected. I wouldn't really recommend the CCNA for someone unless they knew they wanted to aim towards a network engineering type job first

A+ is often a cert that many help desk jobs will require if you want to start out there

Just curious to see if anyone could help refine my resume to be better to land a Help Desk job which I heard would be a huge step in the right direction if I want to really get into Cybersecurity to have that experience. Thanks so much any advice and tips would be amazing. I did have a ton of other jobs I left out out since I bounced around quite a lot for higher pay such as sales roles, cook, and customer service. https://imgur.com/a/tvEtt5X

if you verify your THM account, you could post the screenshots directly

Post the screenshots on my Resume?

Yes. Preferably redacted of your PII

I'm not quite sure what you mean?

Under your account on thm site there is a discord token. Use / verify (w/o the space) then post your resume and block out PII or personal id info

Oh Gotcha!

@flat sedge @pearl iris

Hmmm I'm not sure you can put THM/Coursera under "Education"?

Couple of things stand out. IT SPECIALIST isnt' really indicated anywhere in your job history, and education should only be used for accredited degree programs.

It's fine to put THM, Coursera, et al on the resume, just in a "personal interests/learning" category instead

I would also be very careful about putting down Operating Systems or Coding Languages - if I see those, I ask all kinds of unpleasant questions how the kernel works, how permissions are granted, how does ldap integration work with the OS in question, and for coding, usually I ask for a whiteboard session to solve a problem I give

If you aren't comfortable saying you are an expert in a technology, putting it on the resume as a skill is a very real risk.

I see thanks for the advice I just done freeCodeCamp in the past and thats the reason I put the coding languages there I am no expert but I wanted to show that I had some knowledge. I redid this resume like a few times to try to put emphasis in remote work and programs maybe I sold myself a little too high haha. Would it be better to add soft skills instead of technical skills?

I would not

MSOffice is also pretty expected, I would not list it

The only exception to that is if you are comfortable using excel to solve complex optimization problems, and if you can write a VBScript for a document off the cuff.

You can expect to get questions of things on your resume, if you cannot speak extemperaneously on that topic for a minimum of 5 minutes, you probably don't know enough about the subject to put it on there

Thank you for this I was putting just what I've only scratched the surface of but when you put it like that it makes me feel a bit dumb to put it on there lol.

Gave +1 Rep to @flat sedge (current: #10 - 759)

That wasn't the intent - the intent is so that you don't set an expectation you cannot meet in the interview

Also, to touch on this would it be better i put self-directed cybersecurity into like personal interest?

Thank you.

Gave +1 Rep to @flat sedge (current: #10 - 760)

I will make some revisions of my resume thank you for the help and being straight with me @flat sedge

Would you be able to name three types of SQL joins, explain what they do and write down an example query each; without Google after less than 5 seconds of thinking?
Or could you do the same for 5 types of CSS selectors?
Could you explain JavaScript closures and write down an example? How about promises?

That's the kind of stuff you might be asked at a basic level. You can of course gamble but be prepared to be embarrassed in interviews.

Yeah I see thank you for this guys!

Gave +1 Rep to @modest geode (current: #91 - 72)

Not directly answering your resume question but since I know how easy it is to jump from online course to online course because there's so much stuff out there and it's all kinda interesting: Focus on one or two things at a time, get good at them, then move on. There's no way you're gonna learn html, css, JavaScript, Python and sql in parallel and go beyond surface level knowledge. But maybe if you focus on Python for a couple of months and linux on the OS side, put in a lot of hours, at the end you might have marketable skills.
That's just my experience, YMMV.

Yeah I have the same experience I been jumping from course to course to course not mastering anything it feels like. I will take your advice on Python though as so many jobs now use it!

Can't go wrong with Python. Extremely versatile. Whether it's data science, web applications, automation, hacking... Good luck!

well then in that budget, CRTO is i believe the best option

If given the opportunity for a free cert aside from Sec+ would you recommend for someone new to the field professionally? I hear have the networking knowledge but you don’t necessarily need the A+ or Net + cert. But I’m finding it difficult to land a help desk/support role with just a Sec +. I have the opportunity to get the CompTia’s or a cloud cert for AWS or Azure. Already paid out of pocket for Sec + so would like this cert to be useful moving forward

getting cloud+ with sec+ gives you a stacked cert so thats an idea. Really just depends on what your trying to do in your career

I was working in retail when I got my A+ because I wanted out. Got a job 7 months after I got it. This was back in 2020 right as the lock down happened. I applied for 3- 4 months before I got the job offer. That experience is what helped me land the next job when I had to move suddenly where I got my Sec+ by studying at night again. Left that job and now am on my 3rd professional IT job.

I was the only one on my team with any comptia certs or background in computers aside from a manager or 2. I don't know how much it helped that I just so happened to have people skills and can handle solving problems under stress but it was not a requirement to work in a helpdesk/it support position.

The A+ and Security+ made me look good on paper and made it so that jobs didn't have to train me as much because having those makes you understand the fundamentals of how things work so you can pick things up easier.

Thanks for your insight! I think that’s where I’m stuck now. Like I’m studying and upskilling for the future position I want, but I need a job now and just can’t quite figure out why I can’t even get an interview for help desk. So going thru yet another strat rework

Gave +1 Rep to @lyric yoke (current: #2090 - 1)

Yes I was hearing that getting a cloud cert would do well in Cyber. I would like to get into pen testing . I like puzzles and I like to write 😂

If you like, I can DM you what worked for me?

If you don’t mind I’d be pretty grateful for any help/advice

I’ll look out for a message request

That is exactly what I thought as well😂 the plan is to get an ejpt then CRTO, and then something for network like CNpent how does that sound??

bro deduct eJPT from the list because yeah it's a beginner level certification but we all know its worth
it's like very basic one

I mean I don't have any experience on how these practical exams work so maybe giving an easy one first be some help

if it's feasible for you then sure
eJPT costs 200$ with that easy content
on the other hand, CPTS somewhat 210$ if i'm not wrong and with its content you'll have robust knowledge for OSCP

P.S.: I'm a strong believer that certs should be selected based on the demand in industry

Dude!!! This one is just the one I was looking for its almost same price and covers exactly what I wanted to learn

How does one prepare for it???

And also are there any entry level jobs after the knowledge from these pentesting certs

i've some fellows who are preparing for this cert

@clever dust bro

this brother needs some guidance regarding CPTS

Heya! 👋

bro @low yarrow needs some guidance regarding CPTS

@low yarrow you can communicate with @clever dust for guidance regarding CPTS

Sure. Just a head up I'm currently also preparing for the exam and haven't passed the exam myself yet.

Hello @clever dust

HI!

Ya i looked it up it's really good and hands on but do you think there are fresher jobs out there after these skills and pentrations testing couse i never would never want to go in that theoretical stuff😅

Hmm, So if you're going for jobs CPTS currently doesn't have much recognition as other certs like OSCP when it comes to jobs certs with more recognition are favored.

Ohh... But pentesting in general are there entry level jobs for freshers btw what country r u frm

But pentesting in general are there entry level jobs for freshers
I'm pretty sure there are entry level jobs for pentesters as well. Tbh I'm not the best person to take advice from regarding jobs as I'm currently not a working professional either.

what country r u frm
I'm for Pakistan

@clever dust i m frm india nice to meet you, we are neighbours... right? 😂

Nice to meet you as well!

What are you studying in general as degree

Not doing a degree rn. Just studying Computer Science.

Wait.. Diploma

No not a diploma either just in school 😉

Yes there are, but not too common. There are even some pentesting internships

You usually have to be very lucky to join one of those

So should I do these certificates or learn something else cause what use would the knowledge be if there is no job for it

$210 is the exam voucher. You have to pay for the course content too which is either through cubes or their Silver Annual plan which is around ~500$.

student subscription 🙂

I mean pentesting overall is not considered an entry level position in IT/cybersecurity, if I were you I’d invest time into learning helpdesk/SOC L1 concepts and trying to find such jobs and then try and move onto pentesting

Pentesting is an medior to senior position tho

medior is not an English word.

Are you trying to invent a word for something in the middle of junior and senior? That's intermediate.

https://www.linguee.com/dutch-english/translation/medior.html It is specifically a dutch word used in the Balkans and isn't used anywhere else in the world in the industry, though people might wrongfully use it.

Then why do junior pentesters exist

because the junior pentest positions are to train those who haven't done pentesting

but you need IT/Security experience to qualify for most

Ok so not medior senior

Because there’s juniors as well

@plush coral why do you ghost ping

I replied to you, but decided to delete it.

yeah, he said TO senior. It's usually someone who has experienced the other side of security, that way they understand what they are attacking

Correct, he said it’s medior to senior which isn’t correct

I for example had 0 experience except for certs

And also became a junior

And there’s multiple people like me

Medior senior would mean you could only become a pentester with experience

not necessarily. It means that that is the normal

which is true

That word is making me cringe. Hard.

The hell is a medior pentester?

Not once in my multiple decades of speaking English in a dozen countries have I ever heard this word. It's not a word.

Stop making up silly words and learn actual English people! Words. They mean something for a reason.

Mediocre maybe?