#cyber-and-careers

I'm going through the labs now. One was about powershell, one was about AWS.

You get a full VM and tasks, you have to do them, then submit and it grades the tasks in the VM

PBQ are simulated and totally different.

You may or may not get a lab. If you get a lab, you can't skip it or come back to it, you have to do it then and there

Went through two labs so far. Let's see what else is there.

Hopefully CASP+ doesn't test Windows OS specific things.

Seems like according to comptias terminology both are PBQs

I'm getting a free voucher for CASP+. SecurityX replaces it and costs $50. Should I just use the CASP+ voucher or abandon that and go for the SecurityX? First I have to pass college exam, then if you pass it, you get a free voucher for certification. Right now, my goal is to pass the college exam. Which I passed already in the pre-assessment.

I did pretty alright. I just have to study a bit more, schedule college exam, pass it, get voucher, and then take a few more weeks to study for CASP+ before take the actual certification exam.

should i feel bad or guilty for using chatgpt to code even though i know how to read documentation and make my own code and understand it?

I don't know about feeling bad or guilty, but you probably shouldn't be doing it from a security perspective.

https://www.threatdown.com/blog/chatgpt-writes-insecure-code/

In fairness, it's extremely useful for providing a base solution to an unknown problem quickly... As long as you're able to actually read, understand, and tweak the code

Significantly worse idea if you're using it instead of (or to bolster otherwise weak) coding ability

Right and I'd agree. The second half of your message is a big if though

Oh, 100%

If you're able to verify and validate the code it's fine, just don't blindly accept what it spits out. GitHub Copilot perspective, as gpt is more general purpose

thx for info

Gave +1 Rep to @tacit bobcat (current: #11 - 575)

Don't forget to test all the things

It depends on what you ask GPT to do

Please don't self advertise, you've already been told this.

srry

Quite useless if I may say so

And instead of macros, it's best to use their provided API

yeah but if its for illegal for auto posting for accounts then it wont work and get flagged thats why i do it without a api

if it's illegal, don't do it.

Ive recently been using it to explore the Linux kernel. Ask it about a certain subsystem, then get more specific with my questions. Then ask for a concrete code example from the kernel.
If I don't understand a certain language construct, ask it to explain me that line. Which it does step by step with further (commented) examples. If there's something I'm not familiar with, like yesterday a gcc attribute, one quick question before getting back on topic. Or what a certain typedef/struct/function in the code is meant for and which file it comes from if I want to look it up on github.
All in one clean UI with zero distraction, no clicking around. Just the information I want.

Incredibly valuable to me personally.

I make it do repetitive tedious tasks, among much else. Since I already know how to develop, I can tell secure code from insecure code.

Ok, so we all on here obviously use THM, but what exactly should my path look like if this career change is going to happen?

I've completed Pre-Security, and will just keep doing pathways one by one, but where do I look to actually get a job? What one specific thing should I be getting? THM is great, but I'm assuming not a recognized certification

guys can you suggest the bigginer friendly bug bounty platform

I think I've wasted the past 20 years of my life doing network security and systems administration.

I kind of want to something fun now

Like drive a forklift

network security isn't fun?

i agree with sys administration xD

It's kind of a slog when you do it day in and day out

for 20 fucking years

I don't want to do anything 24/7, I want something that can be done remote and when you're vibing it

IT isn't going to go anywhere, even if you're just doing it for yourself

Anyone knows the sweet spot of months or years of experience for finding a better IT job? I'm currently at a service desk job and only almost 3 months in and it's horrible trying to solve issues with 20 different vendor tools. I prefer solving problems at a physical locations instead of being behind a desk at an office and trying to solve things remotely...

You can start searching now, why not. Usually it’s best to wait from 6 months to 1 year before switching jobs

Duck

What do you want to do?

A year of experience is pretty good to kind of see what's out there

Could someone help me out? I applied for a cybersec traineeship at a company, they gave me a vm with ctf tasks i open the vm and it asks me to login but i didnt get any login credentials from them am i supposed to just guess ?

I'm pleased you have had this oppurtinity to furhter your career, however we can't help with the CTF, as it's assesing you. It would not be fair to other people who'r in contention for the position, so helping you would be cheating them out of a potential place.

I guess thats true, I just think am already stuck since I cant login haha

Maybe you're not supposed to?

huh?

its ubuntu linux

I would provide a screenshot but I cant upload images for some reason

Is it white box or black box?

Ive no clue, these are the instructions I was sent

There you go, that gives you more than enough information to get started, I'm going to remove it now.

thanks

With that info I should know the login credentials as well?

And then is it white or black box?

Im still in school so im kind of a noob

but for the upcomming year we have to apply for internships

so ye

Do you know what white box and black box testing are?

I read about it 5 minutes ago haha

@quasi stream wrote a good room about penetraion testing fundementals.

https://tryhackme.com/r/room/pentestingfundamentals

awesome thanks!

Now that is all the help I can give without helping you too much.

Good luck!

Thank you!!

I just passed your room thx it was interesting for basic understanding of pentest

Gave +1 Rep to @broken idol (current: #1 - 2371)

Not my room, but you're welcome I guess.

lmao

Yes I am aspiring to become one , but after going through some stuff I saw that there is no entry level for that role so I am thinking to either start as bug bounty or soc side just to enter into industry then I can switch easily . Please tell me is this okay or did I miss something .
And yes I am having a lot of fun and will surely continue to work on networking, Linux and windows.I keep you advice about learning a lot and continuously applying for jobs in my mind
In the end thank you for the response and helping me to clear my mind.

Gave +1 Rep to @rugged delta (current: #21 - 383)

Bug bounty is more of a side gig

then how should i proceed i want to do pentesting and red teamer stuff but there is no such entry lvl job as far as i've seen and heard

They're not too common, but they happen.

Blue team is good to start off and get experience

Plus you learn how the people in blue team work and as you do get a pentesting job you know the flaws they have

Keep studying. You should aim to be able to complete the OffSec OSCP. It's quite a challenging exam but while it doesn't guarantee you a position, it's widely recognised and frequently requested by many pentesting teams. There is a lot to learn to become a pentester but you can certainly do it. If the OSCP seems a bit pricey there are other certs that, while not as widely recognised, provide a lot of the same skills, such as the TCM PNPT, HTB CPTS and INE eCPPT.

You should be aiming for 5+ hours study per day in such a venture. It's not going to be an easy road, but you are aiming for a role that's at the peak of an industry you're very new to. The following articles will give you a goood insight as to the path. Don't worry about the seemingly daunting prospect he produces, it's a very realistic path to being good at this game.

https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

That was a really good artice man, appreciate it

I definitely feel a bit overwhelmed, and probably a good wake up call to try other things in the interim

question is putting the certificate of completion worth it on resumes ?

i’m looking at in the future once i get money again to get my certs instead. like i been in the hospital for two years and mine expired on me and lost my job so having to start over

im looking at the pentest + and casp + since i had a cyberops associates figure i go to the professional equivalent

Not as experience/certs.

Just as hobby

Pentesting internship is starting tomorrow and I have not prepped at all. Procrastinated the whole week.

Thinking about where to start.

Might as well finish of the thm offsec path then start and start with the tcm PEH

Good luck!!!

@tacit bobcat , @flat sedge

No pls

I'm a good boy I swear

Hay. We don't allow links like this to protect the privacy of our members.

That's understandable, thanks

Damn

Glad your okay

Glad you enjoyed it. There is a lot to learn. It's something you can really enjoy if you get stuck into it. It does help to learn and understand a lot about other areas of computing and you will be very busy going down this path. Having other roles like IT/programming/SOC etc. can really help you understand things along the way. You should read the Tribe of Hackers books

oh is that so , then i should continue working i guess

👍 will def explore the domain , if it interest me then we'll see

like I usually study more than that only as I am currently pursuing a Dual degree in CS related field only , yes thank you those certification recommendation and that article particularly it was really eye opening , scary for once if I say but still for now until no better alternative comes to my mind so I'll continue to work towards this goal only and we'll see how future unfolds

Gave +1 Rep to @rugged delta (current: #21 - 384)

Hey everyone. I like to know any internship opportunities for cybersecurity students. Just wanna know how to get into entry level.

question i’m moving pretty fast through the jr pentest and going through the offensive one here in a week the rate i’m going. I already had a cyberops cert so i know enough to go trough it pretty quick

but is vulnhub okay for labs?
rn i can only afford this month for THM and that’s it so it be nice to have free labs

A lot of people use LinkedIn

Even I do.. 😅 but still searching everywhere for that. Didn’t find anything still. Need to kick start my career. Hoping for the best 🤞

Are you in college

Yes studying masters cybersecurity in Queens University Belfast

If they have a career center you can connect with a counselor and they can help you

Yeah..! We have.. I am in touch with them too. Trying.

So I guess you'll be going to the Belfast BSides in September then?

https://bsidesbelfast.org

Thank you so much for the information. I wasn’t aware about this. I checked just now, the tickets are sold out. But I have registered still.

Gave +1 Rep to @rugged delta (current: #21 - 385)

The next batch will be released in July. I haven't got a ticket yet

That’s good news 😎 I have emailed the team as well . I Hope for a positive response.

Please let me know if you come across the links for booking the tickets.

I know some guys. So I can let you know.

The booking page is on the website. You just have to go on there on the release day

Sure.! I will be looking into it keenly. I understood clearly.

Thank you so much ☺️

Gave +1 Rep to @broken idol (current: #1 - 2377)

What age can you go to a bside conferences

They haven't posted one but I'm guessing you'd need an adult to purchase a ticket and go with you. You should drop them a message via their website

There's BSides Conferences all over the world btw
https://www.google.com/maps/d/viewer?mid=1KBFOZ6eIptZgktZOy53ACycZ9AY&ll=19.096492810287835%2C-52.751742300000046&z=2

Well you would have to contact them for their rules about such things 🙂

True

Thank you

Oh they have a student discount

Actually that’s for los Vegas

Every BSides has their own setup. They're independently organised and they have sponsors. I got some nice t-shirts and pens each time I went

That’s actually very cool

Can u get a cyber job without working in IT support without a degree

More than likely not

I suppose if you had professional experience in an adjacent field or can leverage the field you're in to make the jump, but based off your question it sounds like you're starting at zero.

I’ve done some web development in the past

I’ve also done an internship at a managed service provider

Currently I’m doing some cyber certifications, they’re free but with reputable companies

In a professional setting as in you were paid to do so/filed taxes?

Which certifications? Are they actually certifications or are they certificates? They are not the same thing.

I'd like to know these free certifications from reputable companies.

there's a difference between certifications and certificates? 😭

Certificates are usually provided after completing a course. Certifications are credentials where people get certified by a certifying body through an exam or other requirement.

One example is CompTIA, you need to take one of their certification exams before they certify you.

Thank you for explaining!

Gave +1 Rep to @dense dagger (current: #22 - 376)

Can you drop the link 🔗 I want to get those free courses as well please 🙏 sharing is caring

Does comptia really help you get employed

I have net sec and and zero calls back

The tests don’t tell you how to do your job imo

It’s like telling a truck driver what his truck is built out of rather than teaching him how to drive routes etc

They're not designed to, no cert will prepare you for life in work.

Having a cert doesn't mean you're going to be employed immediately.

Wouldn’t CCNA prepare you since it’s vendor specific

Doesn't is really just teach you how networks work?

for Cisco systems yeah

is it fair to say most people who are applying to entry level positions

have the net Sec and a

Or/And CCNA

ccna with no job experience?

I have alot of freedom at my current job and can pretty much run whatever OS I want from my Laptop. I want to learn Linux in an accelerated manor and have been running kali Purple as my daily for about 2 weeks now. I know its not really the purpose of the distro so im looking to change to something else. Does anyone have some solid suggestions of security analyst distros that can be run as a daily driver for work?

Isn't CCNA an entry level cert?

no

a is entry level

net sec is intermediate

ccna is advanced

CCNA and Net+ are roughly equivalent. The difference is that the CCNA focuses on cisco specific networking configuration, and net+ is more general.

hm ok

Citing Reddit is not exactly compelling evidence, Scrubz

It can be sometimes 😄

@flat sedge would you say most entry level applicants have the trifecta and ccna ?

No

i don’t want my certs to go to waste im working every single day 12 hour researching

need to get hired

If you aren't getting callbacks, it's very likely that the problem is either your resume, or you are applying for the wrong jobs.

In my deleted message I had stated I held the CCNA. I don't, I was thinking RHCSA for some reason.

But I did prepare for the CCNA without ever taking it. It's still pretty basic, just covers a lot of topics. I wouldn't call it "advanced" by any means.

For example knowing the very basics of the three way handshake is enough for CCNA in terms of tcp. Meanwhile there's hour long videos on YT on specific details of TCP.
CCNA is still surface level knowledge in my book.

https://tryhackme.com/games/koth/join/fb24c3629e3b94f87be41648

hi I need help I can’t get a vm Mac
someone can help me ?

Unless they're in some form of education, internships will likely not be an option for them. Internships are typically reserved for students.

#general or #infosec-general

#koth

hi There, I want to switch due to the wlb..so if you have any openings then do let me know.

tech stack : python,/django,nestjs,node js,graphql,Postgresql,redis,docker and so.

if you have any openings the ln pls DM me.

I've applied to about 300 "cybersec analyst lvl 1" job listings and have gotten zero callbacks. Anyone mind roasting my resume? I want to know if its my resume that is causing me to not get cybersec jobs or if i'm just not qualified enough to land an entry lvl job? or is it just bad luck so far?

Is there a channel on this discord i can post an image of my resume?

If you verify your THM account, I would recommend posting screenshots rather than the actual document

Will do

and you can put those in this channel

I've applied to about 300 "cybersec analyst lvl 1" job listings and have gotten zero callbacks. Anyone mind roasting my resume? I want to know if its my resume that is causing me to not get cybersec jobs or if i'm just not qualified enough to land an entry lvl job? or is it just bad luck so far?

Be careful about posting personal info - i recommend you redact that and repost

Your resume seems fine for an analyst 1 position; given how long you've been working, you may be priced out of that kind of position. Try broadening your search to security engineer as well.

Do you think I'm qualified enough to be a security engineer without having been a security analyst first?

I started as an Engineer, just a degree and an internship. Plus unrelated work experience at other jobs

Analyst and engineer are different types of roles. Your background doesn't demonstrate much in the way of monitoring, but it does show that you understand at least more of the theory than i would expect out of an analyst

Thanks for the tip! I'll look into that and see if I have any better luck

Gave +1 Rep to @flat sedge (current: #10 - 761)

Nice resume

Hey! What is the entry level position for someone who wants to eventually end up being a Cyber Security Analyst? Is it SOC Level 1 or is there something below that position?

The typical response to that is "there is no entry level cybersecurity". You start at the helpdesk, sysadmin, network admin and work your way up.

Exceptions exist but are rare.

In my case it is more like I am finishing my BSc in Computer Science and before I continue my masters I want to get some experience in Cybersecurity.

But other than a few challenges I don't have much experience

You should read the Tribe of Hackers books and get some real world experience. While it is possible to get a job as a SOC analyst, you will need familiarity with Linux, Windows, an understanding of bash/Python, databases/sql, Active Directory and other topics. It's a good idea to work in a helpdesk or other IT role as you learn to understand the roles you aspire to

Thank you for all the answers there are a lot of good points that I have not considered yet. I have been looking for an internship since January but in Europe or at least in Hungary we don't really have many opportunities. But again thank you, I received some valuable good advice.

has anyone in here had success using an AI generated resume?

i heard a lot of companies use AI to filter through resumes so it would make sense that an AI would like an AI generated resume

AIs don't base their determination on what made the resume. The resumes are generally filtered on context based on the role description. Look at the ATS resume checkers on various websites online where they compare a resume to the role and give you recommendations on what to change for each role you apply to

You should be changing your resume to suit each role for each application

do you have any website suggestions?

Google ATS resume checker and you'll see loads of them

and i signed up for offered.ai because it applies for me and modifies my resume to fit the role

so far no success but im not sure if its because the service is trash or i dont have the qualifications for level 1 SOC

You should make sure your resume is correct, accurate and truthful. If you don't have the actual skills needed, you might find it difficult to secure a role

You should read the Tribe of Hackers books. They provide a lot of details on different cybersecurity roles

lol i started it a while ago and never finished it

thanks for reminding me

oh btw, should I include any THM paths I've completed on my resume?

i finished jr pentester and i have it on there

Also check out the amazing Career Hub on the THM site:
From Entry-Level to Expert, the TryHackMe Career Hub has you covered every step of the way.
https://tryhackme.com/r/careers

do you think THM could ever have a built in jobs board for people with high scores?

WDYM jobs board?

#jobs-board but in the actual THM site

a place for recruiters to scout people who use THM a lot

It happens from time to time in here.

Should I include this on my resume?

In hobbies only, not as certs or experience.

K

Not sure if I have enough room on my resume for hobbies tbh

I really wouldn't put THM anywhere else tbh.

K

The resume is an elevator pitch to the hiring manager - you need to have something that distinguishes you from other candidates with a similar working background.

Do hiring managers read resumes?

Thought they just used AI to do that for them

Lol are you for real?

That's what I've heard

Is that not true?

I've been trying to write a resume that passes an AI filter

Maybe some do. But I hope not.

so yes. Companies may have some system to pre-screen resumes so that hiring managers only have to read resumes that have passed screening

ah

The people who eventually decide on the candidates to interview will, in fact, read your resume and they'll expect you to know what you sent them when they discuss it with you in an interview. They'll also talk about your skills and experience, find out what you might bring to the team, where you might fit in, if you need particular training along the way, how long it'll take to on-board you, etc... It's not just about the filtering system

https://tryhackme.com/games/koth/join/d566593e1683615de7291de2

https://tryhackme.com/games/koth/join/d566593e1683615de7291de2

good to know

i'm confident in my ability to do well in an interview and my skills on the job, but getting up to that point is always the hard part

wish i could show instead of tell to impress a hiring manager

any cs analysts here

how is the csecurity these days

Build projects, do things like building Linux and Windows machines running various servers/applications. Write a blog, gain certs, do CTFs/Bug bounties and other things like that

so basically do more than certifications

lately i've been power studying for sec+

guess i should do more THM once i have it

Yeah sec+ is a good cert to have on your cv as a new entrant to the field and THM will give you broad scope in a practical sense. There's lots to learn

btw i decided to skip net+ and go straight to sec+

do you think not having net+ is a big deal for a first time security analyst role/

You should absolutely understand everything in the net+ curriculum. Having the cert would be an advantage but perhaps not essential. You can just read the study guide and/or use Professor Messer's free course and other resources if you like.

k

i did a lot of net+ studying and watched the messer course but i dont think im ready for the actual test

can't risk wasting 300 dollars

but sec+ im definitely ready for

halfway through the sec+ messer playlist and done with 10/26 examcompass practice tests

i'll schedule the exam when they're finished

Do you guys think I can land a position after getting AZ-104? I have 1 /1.5 year of help desk support along with CCNA,Net+

Unlikely. Most places won't consider helpdesk as relevant experience for a cloud role. Then you're competing with an army of applicants that have 1-1.5 YoE in on-prem windows environments or as sysadmins.

All other things equal that makes them the first choice.

And frankly, like with most certs, passing AZ-104 says little to nothing about being able to independently use the technology to deliver value.
Companies know that. That's why they expect actual work experience.

With the rare exception.

@modest geode I guess Build a portfolio of things I have created , github account showcasing my work would increase my chances? Maybe I should set my sights on something else

I didn't mean to discourage you from trying. That's just the harsh reality everybody with no or little experience faces.
The more you can offer, like github projects, the better. Absolutely go for it.

If you're going the Azure route being proficient in powershell scripting and different template formats is something you might be able to score with.

Already got input from one of the hiring managers that normally would hire for this position (he is referring me, so it is going to a different one) but any extra input on this?

I like adding a bit of color to mine. Yours is well organized, but very full and the only color is links, which I would make hyperlinks. Perhaps change the Career Summary, Work History, etc. to a mid-low saturation color.

Mind if I ask what position

how does this look?

personal info redacted

Associate Red Team Consultant on the web security side

Very solid resume. There isn’t really much you can change with it

thx

Hi! If i want to incorporate both data analysis with cybersecurity (specifically reconaissance and OSINT investigation) but I don't have any professional experience in cybersecurity, should I place an emphasis on projects or volunteer experience?

Not nice enough to get a callback from anyone!

You will keep trekking

Indeed. Wife is getting pissed though that I'm not making enough to pay the bills these days 😅
Slowly going further and further into debt... the depseration is setting in

600 applications deep

Sheesh

Actually, that's not true. I did get one job offer! Although it was a scammer trying to steal my info 😦

Sooo.....

What position are you trying for

Security Analyst

or anything i can qualify for

Literally anything I can get that is cybersec related and pays at least $80k/yr (to pay my mortgage)

That's usually a senior position. You can expect to take a paycut to get junior cybersecurity jobs, if that number is USD

What CyberSec job is lower than a SOC analyst if that is considered senior?

I'm saying reset your salary expectations. True entry level to IT is in the realm of 45-55k, SOC analyst 1 is usually in the 50-65k range.

I'm a network engineer though

currently

Do you do ops or engineering?

network setup/management

and troubleshooting

both on-site and remote

for 100 clients

i work for an MSP

Ok, that's a slightly different skillset. A big selling point to transition to a SOC is if you can get experience with the tooling your NOC uses

so we manage all their networks

we're a 8 employee company

including the owner heh

You must have network monitoring somewhere, but it sounds like that's not really what you touch on the daily

We have Datto RMM with automation doing the monitoring alerts through a system called Autotask

just up/down monitors

Datadog, Zabbix, Zeek are common tools

we outsource our Sec stuff though to an MSSP sadly

yeah, i'm not asking you to look at the security side of the monitoring

So im effed in that regard

Getting experience looking at some of the network side of the monitoring is huge; do you write the detection rules for events in your NOC?

No the owner does

Ask if you can be included in that.

Because that is a transferable process

He's very protective of that

doesnt want anyone to touch his duties

mainly the automation

You should be discussing with him the next stage in your career, since it sounds like you report to him

Already tried

If he's not willing to let you grow in terms of what you are trained and capable of doing, it's time to make at least a lateral move

He has no desire to grow the company and wants to keep everyone where they are

Thats what im trying to do

but into security

hence my 600 applications

You aren't making a lateral move, you are moving into a domain that your resume says you don't have experience in

How are all these people with literally zero experience getting soc analyst jobs then?

Even security engineer roles

your options are: take a huge paycut to do entry level security similar to what you do now, or make a lateral move to the same kind of position to a competitor

with zero professional experience

the biggest problem is that many companies don't want to grow junior security personnel, they just want to hire mid- to senior- level.

yeah i know thats a big problem in the market right now

So i'm telling you, if you want to make the jump at your current scale, you wil lmore than likely need to get some experience on the monitoring side of the network as well

I already monitor networks

literally 100+ of them

You can lab it up at home, and that's a good way to demonstrate you know what you're doing, and you are more likely to convince a company to take a chance on you with that as a project

But you aren't really writing the detection rules. Do you have experience with IR? I don't remember that being on your resume yesterday.

The incident response is me going on-site to check the cabling, confirm nothing has changed on the network, and go down a list of troubleshooting steps until the network is back up

95% of the time its the ISP's fault haha

I also work for an MSP and have been transitioning into a more security-focused role. Tasks have included security audits of our clients, rolling out org-wide MFA enforcement, handling phishing and malvertising incidents, managing phishing simulations, assisting with PCI compliance, and providing security training. Any of this something you can do at your MSP?

I provide security training, phishing campaigns, and add sketchy emails/domains to spamhero filter, and MFA enforcement. The rest though I cannot do as it's outsourced to an MSSP

Any threat response/detection is handled by them

Your MSSP handles PCI compliance?

No the individual clients do for themselves. For some reason that hasn't been something my MSP has taken on in its contracts

That's kind of crazy. How does a company that needs an MSP handle their own PCI compliance? lol

No clue. I'm not high enough up the totem pole to be privy to such info. Even though our company only has 8 members heh

I'm trying to jump ship though asap

Company is falling apart. Lost 3 employees in the past 2 months and the owner has been MIA since 2023

Its literally the CFO at the helm now

IT manager quit last week

And no plans for owner to replace him in the near future

SO we're currently rudderless haha

I tried to put my name in the hat for the position but they just blew me off

Is it worth putting I failed the oscp twice on my resume?

Cuz I need a job lol idk that’s why I’m asking

Did you end up passing?

I did not or I would have just put it

I’m looking for experience I didn’t go to college and only had one tech job so my resume is a little barren

Good idea I still did the whole course thank you

Gave +1 Rep to @thick dirge (current: #118 - 55)

Then I wouldn't mention it. From the employer's perspective that doesn't look good.

And if you mention the course you almost force them to ask why you don't have the exam. Given how expensive course access is.

That is true aswell thank you for the perspective makes sense and I don’t have a very good answer to that question so I will hold off

I would not even mention that you took the course. It's fine to put that you have an interest in penetration testing in Personal Interests and Hobbies

I understand a lot of what I’ve taken from everyone’s feedback is I should probably wait to finish the cert before making a resume as I have one job and one project and nothing for certs or education

You can add a line on your resume under certifications section stating that you are "currently working on OCSP"

That way ATS sees it and might get your resume in front of a hiring manager's eyes

I’ve been in app dev for a few years after college and am starting to realize I enjoy security related tech much more than making websites and mobile apps.

I really enjoy understanding vulnerabilities and my personal projects tend to be more automation and scripting than “apps”

I’m almost done with my google cybersecurity professional cert and want to get my sec+ after that. I’m willing to lose some salary to work entry level in cyber, do I have a shot now or do I need to finish sec+ first?

Hey guys so I’m as new as a newbie can get, so I’m looking for a mentor if anyone is willing to help a bro out. I’ll do apprenticeships anything I just want to learn

You can go to #start-here to get started

Are there any transferable attributes/experiences if you transfer from a NOC transfer to a SOC?

Working under high stress, triage, investigating root causes, reading logs

Not sure if that's what you want.

Let him decide what he wants to do bro

I’m also in the same boat where I may be doing a position at a NOC

I know that a leading CISSP instructor, who is a network security engineer now, said that he went straight into a SOC. But looking back, he said he would have joined a NOC then work in a SOC

Sounds good enough, working a noc besides my studies beats working retail on the side for sure

Any experience is better than none, I'd wager

What?

@modest geode That wasn’t what he asked

He asked for transferable attributes and experiences.
Explain how what I listed is not that.

This.

That's just friendly conversation, no worries

The ego

I was referring to my own reply, not the job.
It's generally a good idea in life to not automatically assume the worst interpretation of what other people say and then jump on it.

Your own reply was about the context of the job

I mean the assumption is correct anyway

Correct. And I wasn't sure if the answer I gave was the kind of answer the user had been hoping for. Hence the sentence.

Another good idea in life: don't double down if you barked at somebody for no reason. Maybe just say sorry and move one.

Y'all should just knock it off. This channel is for professional purposes. Would be best to take your beef elsewhere

If you’re saying “not sure if that’s what you want” referring to your answer to his question, it’s still an egotistical response to turn him away. Nothing to apologize for, “cyberterms”. Maybe you should stick to reddit. But please tell me more about answers you think people are hoping for from you. cue self righteous life lesson

Can you please be civil community members please, they asked a question, and got an answer and an opinion.

There is nothing wrong with that.

Sure, just thought it was unprofessional

I was generally wondering, as I see conflicting opinions on this topic, is there any point in adding a summary/career summary to a resume

Generally the objective of your resume should be to highlight the main things you can do for an organisation, for the specific role they're filling. Nobody wants to read through a summary that might just come across as jargon. They want to see bullet points of the important and relevant things, the big things and a list of skills you're going to bring.

What you should do is run your resume through an ATS checker along with every role you apply to so it checks how closely your resume maps to the particular role and keep sentimental language for the interview

If it builds on the idea of 'this is the elevator pitch of how i'm useful to the open job role' i think so.... otherwise it's a meaningless distraction

Thanks, pretty much clarified what I thought myself

I just look through some resumes and see Summaries at the top with things that should either be in a cover letter, in skills, or is reiterated in skills for a second time

i personally prefer to not see it when i'm screen resumes for my department

i also think skills is pretty meaningless for entry level, if that's what you're going for

skills doesn't mean much until you are a SME in at least 1 thing

What would you replace that for then in a resume?

I've never heard about leaving that out

As entry level? You don't really have much to say. Personal Projects/Interests, Formal Education, Current Certifications, Employment History

That's from least to most important

with education and certs being basically interchangable

What do you think is most important for internships

Education

Because Internships, at least in the US, are typically reserved for current students

I'm incoming junior next semester

So you just finished your Sophomore year? Remember that summer internhips basically fill up by end of january

That's why I had these questions about resumes

New to this, only had a Tech writing class on writing a resume for like 2 weeks

Hey

Anyone who specializes in block chain tech?

Or blockchain security ?

You might want to try posting this in #infosec-general instead.

44422183422184621

Hello there! Is there any chance someone from france and working in cyber would like to chat? Just looking for some story and tips from pro to learn a bit more about careers possibility 🙏

Is it ok to post recruitment ads here?

Need to contact a discord admin

Aight

Ty

Gave +1 Rep to @sleek sedge (current: #14 - 531)

whatsup

hey im new to tryhackme how long of doing this would be reasonable to get an entry level job in information security of cyber security of some sort. i got a bachelors degree in information security and i need a job so bad i been working at mcdonalds and it sucks, and nobody is hiring me and i apply like 10 jobs a day

or cybersecurity

The comon saying is "there is no entry level cyber security" and thus the recommendation to first do something like helpdesk, junior sysadmin and work your way up.

i apply to helpdesk but nobody hires me they 😦

While there are rare exceptions you are competing for those with tons of people who are more qualified than you. Maybe they're in the top 1000 on tryhackme, maybe they did the OSCP in their free time, maybe they run a youtube channel.

ah ok

I dont know where u are from, and if its a thing there, but Traineeships can also help you get a foot in the door.

It's really, really hard and the timing couldn't be worse. Companies are largely looking for experienced people.

Hello

michigan im from

You should start with the basics. Having a bachelors is no assurance you'll get a job. You should aim for getting known certifications, Sec+, CISSP, OSCP and others are great options. Start a blog. Demonstrate your knowledge of Windows/Linux/bash/Powershell. Keep learning.

Look on LinkedIn/Indeed and see the skills and qualifications that local orgs are looking for

how can i get hired? I need a company where i can learn and share. I'm a proficient full stack developer

Do you have any certifications? If not that would improve your chances of getting into helpdesk. CompTIA A+, Net+, Sec+, CCNA

This is my first time writing here

problem in the US is a ton of devs been laid off and they are looking for cybersec jobs now

What experience do you have to prove to companies that you are a proficient full stack dev?

i tried studying for comptia sec+ and A+ but i stopped because i cant really remember things by the book which is why i decided to do tryhackme because this seems like a more fun way of learning

There's fantastic youtube and udemy courses for these certifications. You won't get around learning theory. Tryhackme requires a looot of reading and researching as well.

Yeah, I'd stick to what cyberterms,and so_much_for_subtety mentioned.

I stopped persuing webapp or software dev career, got into cybersec with a more "centered" mind. Picking up skills along the way while I apply for other jobs that may pick me up due to my skillsets, while I work/study on the side. Thus, enhancing my knowledge, to maybe in a future, get a job in the field.

But still, you get a nice set of skills.

When you're doing any kind of study, you need to take notes, revise, answer practice questions. There's a lot to learn and understand, but you need to develop a way to make it ingrained in your thought processes, because in the field, these are things you will be thinking about while doing your job

so what do you guys recommend should i study tryhackme or comptia ??

or both?

whatever you think funner

I have started coding since 2017. And i have been working with some startup remotely but the payment is fucking low.
Actually I have experience in Flutter app development, many more i can proof to company.

here is my github https://github.com/Omo-oba18

gonna make it much easier getting anywhere

i think tryhackme is more fun so far

but idk if im learning stuff lol

You're not gonna get far in the ethical hacking field without knowing at least a subset of the contents of certs like A+, Net+ and Sec+. One way or the other you have to learn these things. That's why tryhackme paths start with networking and linux fundamentals.

Both would certainly help. It takes a lot of work to show you know what you're talking about in this field

...I mean... are you?

not really

then try comptia

i mean i just started today lol

lmaoo

You'll probably deal a lot with impostor syndrome. But, you'll see that once you get to work in something that requires some past knowledge, you'll probably won't remember the answer, but you will remember what/how to search for it.

imposter syndrome is the worst

kinda cool thou when looking back at code that seemed complex and now its as natural as reading a book

Yupppp!

~I work as a dev in a primarily pentesting company (for perspective)

That's cool! (:

my dreamjob 🙂

I was told by some people skip A+ cert and go to sec+ is this true?

No way. If anything you go for Net+ without A+.

I wouldnt worry about that yet

in reality the certs is not really what matters

Also, surround yourself with people that might know more than you in other areas you probably don't know. E.g. This server (:

I like doing that. Just watching from a corner (:

can you put tryhackme on your resume?

fr... and more than anything, people who have the same passion

anything that shows your passion for cybersec imo

Unless you only want certs for the resume. THen anything goes. You can pass Sec+, it's not rocket science. But if you want to actually learn and understand, you wanna have a foundation that you build on. Like first knowing how networks work before attacking them.

the tools/skills you learn from thm, and the certs you reckon might weight quite a bit.

ok is there networking rooms i can do before i do the hacking stuff

why not follow a career path then deepdive after?

which rooms should i tackle first?

if i want to go into helpdesk then cybersecurity

Active directory, registry keys, can be crucial for helpdesk, and other stuff in there. --- waiting for someone to throw something else ---

helpdesk is like sysadmin at a large company right?

+1 if I understand helpdesk correctly

probably basic linux and win-server?

"Helpdesk" can really be anything. Could be sitting 4000km away and resetting passwords for a foreign corporation all day, could be (effectively) managing the entire IT in some small shop.

the most important by far "how to explain to an enduser how to restart their pc"

oooh yeah! Linux, defo that!
Errrh... remote desktop connection *

"expliaining to endusers how to let you remote"

used to tell people around me "no remote, no help"

so whats the best way to search for rooms? Learn-search-active directory?

how do i know which room is the best room sorry im new to this website

waiting for the remoting to actually remote.

then I got more cynical, now its more like "no linux, no help"

lmao

is there a linux basics and ad/win-server?

choose a path. I forgot how it works, but I reckon it's based on a few questions they ask you at the intro level of the website.

I just hopped on jr pentester - thats what I am hoping to be in the future

save a few rooms that might catch your attention. Like I'm now completing some flask & django rooms, just for fun. Because I was honestly somewhat burned out.

...and what im expected to do tbh lmao

oh.. IF YOU CAN.. find a rl mentor that cares

is this one good https://tryhackme.com/r/room/winadbasics

talked to mine yesterday and OMG it does SOOOOO much

or, just do it alone, like me

i just typed in active directory under search

probably, gorfor it

helps you get unstuck thou

but yea

the issue is the people you want as a mentor are usually the ones with no time

yeah, even though I don't consider myself "smart to that level" I try to encourage other people to continue, and offer them other ways to cope "burn-out" stages. So they don't abandon something that they feel passion about.

same as with school teachers for IT - few if any people good at IT would put up with a school as an employer

keep doing that💖

honestly few things teach you more than helping others

yeah, try filtering by walkthroughs, unless you have the knowledge to participate on CTFs rooms of AD

Please how can I join CTFs room of AD

Can someone help me to join room of AD

Which ad room?

@warm hinge here

got u

This is the better channel

so basically

What should i study in college to increase my chances of getting a better salary? Which degree's are more valuable in the ICS/SCADA industry?

I mean there's no one size fits all

Im trying to make a not so deep plan for my life so i'll understand what im doing and for what

ICS/OT is fairly small, so you have all sorts of backgrounds

A STEM degree is what you should aim for

Computer Science, Electrical Engineering, ECE, etc

those are the most important?

They're just examples

You can look up Justin Searle, he was one of my instructors this past year for ICS410. You also have Robert M. Lee, who provides a good blog post for ICS:https://www.robertmlee.org/a-collection-of-resources-for-getting-started-in-icsscada-cybersecurity/

The thing with ICS is that you generally have experience in another part of the cybersecurity field beforehand

Robert doesnt really post some interesting or technical education videos

He is probably one of the most knowledgeable people in the field

I would look at what he has to say

these are all paid :(

though i might get some books he recommend

Again, that's professional training meant for people in industry. He has a ton of video links to free content as well.

You're trying to run before you can walk

You're primary objective is to finish high school with good grades

Im just trying to make my chances higher every day, im pretty new in cybersecurity so some things are pretty foggy for me

Okay, got u. Thank you!

Gave +1 Rep to @stoic cave (current: #19 - 407)

One last question, what do you think about OccupyTheWeb's industrial hacking courses?

I'm late to the party, but you could go to a college around an EPRI campus and see if you can get in as a student employee/intern. We do a lot of ICS/SCADA-related stuff. Any bit of experience can help

I'll be retiring by the time i get a visa lol

Awh damn :(

I know that stuff can be difficult

They are good, but coming from me who took his course it would be a lot, you want to first know what you want to do after you finish high school by coming up with a goal or a plan and see through it

doing SCADA can be challenging, but once you know a couple of things its very interesting to learn

rn im taking the DHS CISA courses, finished 10 already, also took some udemy courses

Oh, you're not a US citizen? That's an important bit of info to leave out.

Yeah, sadly

Yeah that changes things, like a lot.

A lot of these roles, in the US, require you to be a US citizen and in some cases only born here.

damn

A lot of ICS/OT is critical infrastructure or other government projects.

I suppose manufacturing would be a different story

Getting a TS/SCI with a poly is pretty difficult if you're not a citizen. Lots of perceived risk, even if you'd never do anything malicious in a billion years

But we don't have a lot of that here anymore

whats TS/SCI?

A top secret clearance with sensitive compartmented information

even for EU citizens? or you meant every non-american citizen?

oh

I don't know that you can? Foreign national clearances are different iirc

It wouldn't surprise me, it was never something I had to deal with so I'm not sure

i heard sweden has almost the same salaries compared to the US in this industry

Even getting a TS/SCI can be difficult for us citizen as well

Yep

Especially with the poly pseudoscience bullshit

But I do agree if you want to work in infracstructure you will likely have to move. live here and be a US citizen, but even then it could be difficult

Turns out, telling the poly examiner "I think this is fake pseudoscience and doesn't actually have any function besides psychological fear" when they ask you what you know about it is the wrong answer

The interviews to get the higher government clearance are very expensive - typically, a USG prime contractor starts the process, and it can take multiple years for all the interviews to conclude.

:(

I think it's >$10,000 a pop now

I thought the process for the SSBI was down to about 1 year or are you talking about something else?

It depends

per interview? that sounds about right. Last I knew, it could cost a company in excess of $100k to complete everything necessary to have a TS/SCI issued

Per person, at least on Google. I had thought it was around $250, 000 but idk how they're calculating the numbers

oof

my understanding is that the SBBI and the interviews are considered separate elements? The background check could complete, but OPM/FBI still has to do the interviews and lifestyle/poly

https://news.clearancejobs.com/2021/09/07/how-much-does-it-cost-to-obtain-a-clearance-fy-2022-23-costs-go-down/

Here's a better source

i didnt even know its THAT complicated over there. Looks like im returning to 3D design 🥹

At least secrets are down to 90 days or so. Eqip made it much easier to fill out, holy hell

I just hope to someday get a job in the gov and get a security clearance

yeah

i hope i never have to fill out another SF-86 though

They are miserable

I really, really hope my gov contracting days are over

Ahh maybe so, I'm not sure

Dude I feel that. Even eqip took me a few days since I've moved so much

I don't know about this. I don't think I've heard that before. Maybe that's how they used to do it?

I know the clearance process at my employer is still via SF-86 because they don't get access to eqip through the sponsor or something like that

eqip is just digital SF-86

It's the platform you fill it on

Yeah

A couple of projects, I had to do both EQIP and the paper forms

But I'm talking about the hard paper

I've only had to do digital

And one homeboy made the mistake of doing it in pen and then messing it up

it was super awesome when the CEO of the subcontractor we were a vendor to sent back my forms in the clear. I loved having my PII exposed that way.

This is a report lol

yeah

Do you have the folder too? Just everything in there in case you need to fill it out again? 🤣

It may of changed but Gov security would not be pleased now

i maintained that for 4 years, across about 8 different projects that my company assigned to me. Now, it's a pile of hamster bedding in a landfill

That would count as a leak afaik

Or "spillage." whatever word they're using now

i let corp handle it. I reported as required, and i never saw any followup.... but that CEO never sent another email

guys, do you have any tips for me (newbie) that you wish you knew back when you started your career?

Don't be afraid to be wrong..... And don't overstate what you know.

Stole the words

Repetition repetition repetition. Listen to others and learn from their mistakes

It's OK to say "I don't know"

Being wrong, and knowing you could be wrong, is very forgivable. Being adamant or arrogant about something you are wrong about is not a good way to maintain a career.

Much more respect for "I don't know, but this is how I'd find out" than some clearly bullshit answer

Start early

Hell, 80% of IT is googling 🤣

even when I know I'm right, I amost always caveat with "this is just my understanding, if someone knows or thinks differently please speak up, and lets have a conversation about this"

Get passionate about it, learn, ask, network, and do projects. But most importantly don't burn or stress yourself out

And be prepared for the plethora of egos in this field. I saw this in an article and it's so real.

Thank you so much guys, appreciate your help!

I'd also add, don't let others deter you and at every level, there is someone you look up to and go "holy shit". Doesn't mean you're any less talented or that you're not good enough

Im thinking about installing a VM and creating a couple systems in it with one having a FactoryIO system which i can pentest, i dont really remember who recommended me this but i think it was @stoic cave

Maybe? I do recommend it to people who ask

It's pretty heavy though, just be aware

Im really interested in learning industrial red teaming. A couple of cities in my country were seriously attacked a couple times, and i would love to help to secure those attacked systems

by heavy you mean size? or cpu/gpu usage?

Resource usage

got u

My experience has been the opposite. The security people who know security well, are very humble about it. I tend to see the ego like that in very junior analysts and engineers, across all domains

Fair, I'm sure the communities I frequent are more prone to that so it seems like more of a thing. I know everyone on my team is pretty good

Biggest problem I see is that many of the 'too much ego' types don't bring evidence when they make a claim.
If something is a vulnerability, show the evidence of how the exploit works, and what the kill chain is for it to be effective.
If a security person can't, or won't, understand the significance of the alert, it's not quite useless but it's not helpful.

Yeah, asking questions isn't an attack lol

btw, what do you guys think about NATO's cyberwarfare centre?

no opinion, i don't know anything about it

I don't either

You're going to need a NATO clearance more than likely though, which is it's own thing

on the topic of clearences it helps if your parents have worked in a related industry

/ have clearences

I will also tell you now that applying for a ts will require to disclose lots of information

including people you know online

and where they're from etc

in other words don't be talking to foreign nationals lol

This really depends on investigator

The people I've talked to about it all had it questioned

but that was also for aerospace and defense

although I don't see how it would change industry to industry if the clearence is the same

It wouldn't, the questions are really all the same

ok so im not going crazy lol

that's good

Once you get to in person evals it changes a bit

Well yea

I just know for the people in my family who've had it done/ some other people similar to my age

anyone that they speak to online had to be mentioned

and if they knew them everything they knew about said person

age, country, sex, occupation

Again, it's investigator dependent

It's not a hard rule

fair

I would still just be prepared for that though

Or at least it wasn't as of last year

as in starting the process last year or going through it last year

Both

they could've changed it

although I would imagine if anything the online associates would be more prevalent in today

Yeah, I specifically asked and got indifference from multiple levels

That's pretty interesting tbh

a little concerning even

I've heard a bunch of conflicting information though from all sorts of people. If you ask the investigator, and follow what they say, you're in the clear

Yeah that's true

I would hope that they would look into it reguardless though

I imagine that they already look over your socials anyways

It depends, most of it at the lower levels is automated credit/debt checks

A human only gets involved if things don't line up

Fair enough

part of that doesnt sit right though

Going on easter egg hunts is a waste of funds and resources

You have to think at scale

Yeah

but some stuff on a ts is worth the potential egg hunt

especially in aerospace

That's why you have SCI and SAP, they have different requirements

They aren't clearance levels, but they add additional requirements

I'm aware

Still just a bit silly

This is the case because your environment will loosely already have been done anyway. They still do the checks again though

Although this can widely differ depending on which country you're in. Some agencies have more access to personal info than others

Then staffing, resources and general quality can be different for each country

Does anyone know if the A+ is enough to land a help desk job?

I got a helpdesk job just by getting halfway through the A+, guess it depends on how desperate places around you are.
In hindsight I'd probably skip A+ and go straight for net+ or sec+

I already schedules my Core 1 exam so I'll just finish it

Do you think I got a chance to find a remote Helpdesk position?

Yeah if you've already put in the time and effort then for sure, go for it.

I think that depends on where you live and how many positions are availible.
Im not very experienced in this sector but I've worked helpdesk and I'd say it's harder to get a remote job to start with

at least where I've worked they've wanted new personel and entry level positions to be in office and then you eventually "earn" remote work.

I'd say it highly depends on where you are and what jobs are around though

Okay thanks

Gave +1 Rep to @wild flume (current: #2096 - 1)

My dream is traveling and working remotely and I'll do anything to achieve that

For sure you can get there.
Im sure someone else in this channel has gotten to that point and could give some advice

That is 100% achievable, take it from someone who got to that point and started from little to no experience

Yup definitely achievable, probably hybrid is what you be doing most of the time starting out in help desk, unless company requires you to be on-site. But if you show value and potential, they can work with you and tailor your schedule a bit

I never obtained my A+, but you can get a IT help desk without it. But may be difficult

Not sure what the market is like for the A+, but from my experience I went straight for the sec+. Looking back, would have been good to get the net+ before the sec+

That's what I always recommend

Same I was in this situration

I still have not acquired my net+ or ccna

but I learn networking by getting thrown into the fire

When I got hired to be a network admin

It was a literal nightmare

This would be better in #general

Okay

Got a phone interview for a soc position Monday.

Any tips?

Have the incident response phases and what they mean memorized. Be able to list some indicators of compromise. Be able to explain by which criteria you would prioritize incidents.

That's some basic questions that could be asked, but depends on the position.

Yeah TryHackMe soc 1 has a list of potential technical interview questions too

Are there any Cyber Security positions that can be fully remote?

Yes

What if I have certs but no experience

I'm basically full remote but I choose to go to a location once a week to meet people on other teams in person

It's rarer for entry

There are all sorts of rules too, such as being in the country you're working remote

I'm looking for an IT job that is most likely to have a fully remote job for entry level

Doesnt really matter which one because i like everything related to tech

That is going to be difficult

Also lots of employers are requiring hybrid at least

But I'd say cloud jobs in general have a higher chance of remote than any

Can you recommend any certs for that?

AWS solution architect associate or azure 104

Which one would you go for?

But again no guarantee of a remote position

I like AWS but azure is growing quickly

And I'm in the US, if you are in another country, you should see what cloud vendor is a leader

I think im gonna go with AWS

I'm scheduled for the A+ Core 1 in 10 days

do you think i should get the Network+ too before getting the AWS?

Networking knowledge helps with cloud

Okay, ill do as many certs as needed, Im dreaming of living in Thailand and working remotely. A lot of people say its gonna be extremely hard if not impossible but Ive seen people achieve that goal

And i dont really care which job it is, i did Harvard's CS50 so I enjoy coding as well

Ahh well it is very country based as it's extremely rare to get a job outside your country

I know but ive seen a guy that lives in Nigeria land a job in London remotely. and ive heard that working remotely is gonna be even more popular in the future

Remote work doesn't mean international work. If you have a highly specialized skill set and a company wants you bad enough, they may jump through hoops to do it. Otherwise how it usually happens is a company local in your country has a contract with a foreign company.

There are a variety of labor laws and hoops with employing someone outside of the country

I admire your drive to achieve this goal, and I was certainly in your shoes before. Don't wanna throw hot takes out there and in my opinion knowing how to learn is important and a skill on its own. From my experience, something that hit me in the face was, that certs aren't everything. It's when you absorb that knowledge and know what to do in theoretical or practical situations that you can call on that knowledge to assist

Also, yeah the job market dictates what type of positions are more in demand. 4 years ago is different than today, most companies want hybrid, some want fully remote, and others want in-person, it depends

There's also some finance hoops that person has to jump through (not a finance expert)

I spent so much time studying and I feel like its all been for nothing, I honestly feel helpless

Im scared im gonna have to take the business route and try dropshipping or something similar.

I've been there too. But that is progress. You might not see it daily but you're subconsciously building a mountain of experience

It's a marathon not a sprint

Yeah but as Zojja said remote work doesn't mean international work and I didn't realize that.. and my goal is living in Thailand

Idk i dont wanna listen to the naysayers but I guess they're right

That's not how it works. As some point more certs are gonna do nothing for you. And you reach that point pretty soon if you focus on certs.

Yeah well i dont have any diplomas and any experience so if certs are not gonna help me then there is no hope for me

You'd be lucky to get ANY cloud job with just certs and no experience. You want full remote from anywhere in the world on top of that. You're almost certainly gonna be disappointed. It's not gonna happen.

Youre right

Well, don't throw the towel in. There are folks who went the cert path and have jobs of all kinds. It's not about the destination but about the path to get there
(Sound like a hippy at this point lol)

I guess I can find a job in my city and travel on the weekends, visit Thailand once a year

Sorry to burst a bubble but that's how it is. I have a bunch of advanced ("expert level") cloud certs, thousands of hours building stuff in the cloud as a hobby, ive been programming for longer than some user here are old, and reality is nobody's queueing up to hire me.

Understandibly when there's (tens of) thousands of ex-AWS, ex-Google, ex-Azure cloud folks on the market.
But I never had about illusions about that so I'm not disappointed.

And to be clear that doesn't mean you shouldn't learn and practice and get those certs. Just with realistic expectations.
As was mentioned before who knows how the market is gonna look in 3-4 years. It's just gonna be a (years-long) marathon no sprint.

I'm already scheduled for the A+ exam in 10 days but now I feel like its all for nothing since I can't achieve my dream

The chances of achieving your remote work in Thailand dream anytime soon are close to zero, yes. But if you never start, the chances you're ever gonna achieve it are in fact zero.

I assume you have a couple of decades of life expectancy ahead of you. All you can do is your best, try and hope it works out.

The hard part is starting, if you get over that speed bump, you'll get yourself that much closer to your dream. It's a marathon, not a sprint. As they say, Rome was not built in a day

Can't really weigh in on the higher end jobs but I'm currently working a helpdesk job fully remote from a different country. So it is possible.
There were a ton of hoops though, it almost wasn't doable and it only happened because I had already had the job for a few years and I had a ton of support from my bosses.

Helpdesk is really all i need

Congrats

I think the key might just be continuing to learn, getting your foot through the door with any helpdesk job and then communicating with your workplace about your hopes for the future.
Getting that first job and accumulating experience is going to be key though

Another thing Im scared of is if you god forbid lost the job, finding another international remote job would be much harder than if you were in your own country

Yeah for sure. In my current situation I wouldn't go for a remote job then.
I'm trying to learn a ton more in the hopes of eventually getting something that's local and cybersec related

Hey sorry for bothering but I think I figured it out, since living in Thailand is cheap, by saving up for a year in my country (in a helpdesk job), I can have enough money to live in Thailand for 2 years jobless (worst case scenario).

By then I will have 1 year of experience on my resume and the CompTIA Trifecta- making it way easier to land a job once im in Thailand

Don’t think that you can’t do anything

Try your hardest

Yeah I felt like giving up bro but I thought about it and came up with a solution

W

You got it

You can even get a job that’s not exactly a it job to still get money and study on the side and send out job applications

Yessir

Hello friends, I am looking to make a career switch from Aviation to Cyber would anyone give any pointers on where to start without going to college?

I am really new to all this but have been looking into get security+ certs but not really sure where else to start on getting an entry level job with little experience

guys is tryhackme a good way to get into cybersecurity, im 16, is it too late to start

THM is a great platform for beginners and 16 isn't too late to start. I'm almost 40 and I have yet to complete any paths though.. which is not a good example. 😅

cool, i just think that since i have very little knowledge in coding and the IT field in general, it might be too late to step into this field

considering the competitive high school scene in america

If you are a beginner, I wouldn't think too much about competition at the moment as it would put you in too much pressure. I'd say focus on yourself for the time being and enjoy the journey.

got it

Hi, I am 26, trying to transition from IT to Cybersecurity. I have been learning about this field for past two months. What do you guys think, should I prepare for certifications or target the bug bounties to get a job or internship? Thanks

ur

16

what too late are we talking about ???

I'd say try to do a couple of free rooms in THM just to get a feel of what you will be doing and see for yourself if this is the type of field or work you want to be in.

Bug bounties are a big no, that's something you do in your free time and you can't expect to make any money

true but i think the hands on aspect of it makes it slightly worth it

Yeah if you want to be a pen tester then its a must

like you actually get to experience xss sqli and so much more rather than just blindly mermorizing the theory

but ya its not realistic to get a full fledged carreer in it

wrong

if you are bad at bug bounties sure, you can make millions doing bug bounties if you ACTUALLY know what you are doing

They cannot be relied upon for a stable stream of income, and large payouts are exceptionally rare.

again, if you are bad sure

but try not to lump everyone in with the skids

I'm not.

some of us have consistently been making over $400k/year for the past decade via bug bounties, with some years as high as $800k

i consider that pretty stable.

I'm assuming you have first hand experience, currently making those amounts?

Yes.

It's kinda like when you are a pretty good musician but should not be putting all your eggs in that basket in the hopes you make it big.

How long do you think it would take me to make 1K a month consistently?

even if you don't make it "big" you can still etch out a living pretty easily though

depends where you are at now. from scratch, assuming decent program selection? 9 months ish i would say

but you can get it lower for sure if you have really good program selection/automation skills

im able to root a medium box on tryhackme but with a lot of effort

so basically a noob

but not a noob noob

for 99.9% of bug bounties that wont matter, its purely about knowledge of web vulnerabilities

normally once you get rce, privilege escalation is a no go

Im gonna be honest doing bug bounties was my dream because i was not born to have a boss and work in a office.

But ive read so many horror stories of people trying for years and barely making $500 here and there

So I started learning IT to get a regular help desk job and im gonna work my way up

i think if you can try for years, and only make a few thousand dollars, either 1) there is something fundamentally wrong with the way you are working, or 2) you aren't working hard enough. or both.

Bug Bounties is not a viable income.

for you*

For anybody.

it is for me, and many others.

With bug bounties, you don't get paid right away, you could be reporting dupes and not get paid.

i am aware how bug bounties work.

I would be completely fine with incosistent income because I would save up the money from the "good months", but still, it all sounds too good to be true for me

Then don't lead newer users in to false pretencies that bug bounty is a viable income..

from what i understand, you can't make bug bounties work, either because of a lack of skill, or a lack of good methodology

that doesn't ring true for everybody though.

On the contrary, I've had bounties pay out.

so you are saying you can make bug bounties work?

Not for a long term financial security.

so why are you trying to tell our friend Rixon here, that they don't? You just want less competition or what? 😉

I had to wait 6-8 months for payout.

im plenty financially secure

That won't pay monthly bills.

which is why people with a brain dont submit 1 bug a year

do you not understand what is wrong with your thought process here?

I was making Trap Beats for 2 years until i started selling them so I have the patience for bounties too

Ill just try it

Do you understand you're now being rude?

Im at home all the time anyways

you are dismissing my entire life for the past decade, and many others, and trying to persuade this fellow not to follow his dreams, just because you can't personally make money from bug bounties

If you continue to be rude, you'll lose the right to speak 🙂

i find that quite rude. especially when you have 0 evidence other than a half-baked anecdote about the 1 bug you reported taking a while to pay out

You're assuming it's one bug...

feel free to mute me for disagreeing with you. i have no qualms about taking it to the admins. i have been quite civil here, whereas i feel you have not.

Your personally attacking is civil? Lol

https://tenor.com/view/ducktales-ducktales2017-arguing-popcorn-listening-gif-21379912

about as civil as you dismissing the careers of myself and thousands of others based on your personal experience.

I've just joined and it's funny how even here discord mods are threatening to mute someone because they don't agree with them

It's not my personal experience it's being based on.

The disagreement isn't the issue.

And it's only one mod, it's not plural.

you yourself said you don't find bug bounties a viable career choice because it took a while for one of your bugs to pay out

I used that as an example.

but you are giving this man the wrong message. instead of manually looking for low hanging fruit, like many people do, you should be focusing on good automation

of course, im sure.

@warm hinge , you should be making sure that after you have learned about what makes sites vulnerable, you can reliably detect them. like i said, looking manually won't get you very far.

Do I have to develop the automation tools myself?

using a language like python you can easily automate searching for xss, sqli, ssti, etc. Then all you have to look in depth at a few small cases instead of an entire site

you should yes

I know Python and C

if there are automation tools being sold to people online, there will be thousands if not millions of people using them. you won't find anything that hasn't already been found that way

also the basics of html, css, js

good to know thanks

Gave +1 Rep to @karmic sequoia (current: #2098 - 1)

no problem, bug bounties is quite a densely populated field, but you can certainly etch out a living if you can build good enough automation

okay but im not sure how to start, should I complete all the medium and some of the hard boxes on TryHackMe first?

no, like i said unless its web-specific, it won't help you much

oh okay so all the web app boxes

learn how http works in its entirety, requests, responses, how files are served and downloaded