#cyber-and-careers

ya'll think i am ready to be a bug bounty hunter?

or do i need to learn more?

Only you, can answer that... 🙂

thank you, o wise discord monk

Gave +1 Rep to @broken idol (current: #1 - 2427)

I got a reply already! Nice.]

That was quick

I can't find how I applied to them. Darn.

Or which resume I sent them.

Or even find the job description.

Blah.

That's why I wanted to keep a full CSV of all the jobs I applied to. I should have done that. Procrastinated.

Classic blunder. I put all the info into a spreadsheet if I apply. And I'm still confused what it is about when I get a call

We received your application. We post this job in many markets. To be clear, this position requires relocation to the Madison, WI area. A member of our HR team will be in touch with you in the coming weeks to let you know how we'll proceed.

Ok I remember this one. Was one I didn't really even want, as I don't really want to relocate, but I could if things become dire... or just probably not. Argh.

I will start a spreadsheet ASAP.

So hey at least my resume is working! So there's that.

I'll still talk to them for interview practice.

See how that goes.

do you any tips how to get jobs?

as a minor, i, at least, have nothing to give

Learn the skills companies want. Update your resume/cv for each job. Apply for jobs.

Just do what I do. I post here a lot. Or don't do what I do. I don't know. Just read what I do I guess. I like to hack everything in life.

Hacks!

Hack The Resume!

Let's not spam across multiple channels, #general is a fine place for this

Can we talk man?
I'll be in your dm

go for it man

however imo thm especially the jr pentester room covers only the tip of the surface

its nice to understand the very basics of the basics but you have got to get hands on experience, so hesitate no more

At some point you just gotta start somewhere, anywhere really. In the beginning i really struggled finding the right platform for my skill level. Thm was that for me.

What would you all do here.

In my current position it’s extremely stable, pretty enjoyable, and easy as well. Government job so I get a pension at the end, not too far into so I can quit and still have a career paying into SS(assuming it’ll exist but that’s a whole debate). Little to no room to move up, likely going to be capped at $75k a year at the end of my career.

Other option is to take a risk and move right up to the next level in the private sector for $60k starting(I believe) but the work will be significantly harder. Title will look much better on my resume in the future but they are also lowballing for this position and I’m likely only being considered because I’ll accept that lowball.

Safe, predictable, low but stable pay or riskier, undecided future with the opportunity for more money

Welp just finished my interview, just learn a decent thing about working for the gov 😭

Pension + Roth IRA is about the best retirement you can get without having to do weird investment strategies that require learning/work all the time, that’s one of the huge pluses if you work for the man

Not sure if this is the right channel to post this question but would it be some copyright violation if I publish a blog tutorial post about building a SIEM home lab with Splunk?

Assuming you are young, max out a Roth + average salary pension payout means you get like million from the Roth and a million over time from the pension(going by average US lifespan)

Zero effort, just auto deduct and forget about it and presto, good retirement plan without having to learn stocks or real estate or anything

No, as long you are not plagiarizing someone work, and you actually show steps on how you step it up and such

You can say this is a project you done, and how others can do the same

I work for private sector and it was decent not great

You may not even get a raise or you will overwork yourself before the year ends, however you get some knowledge on few things here and there

You're US right?

I think I asked already and the answer was yes

Gov job, depends, but yes you should go for the gov job, even if you get cap, you can apply easier to other gov roles

I feel its harder to get into a gov role then a private sector from my experience

Thank you 🙏 I searched different blogs and Splunk documentations to build my lab. I guess I can reference all blogs and Splunk documentation used in my search

Gave +1 Rep to @polar aspen (current: #577 - 7)

Also, was this Municipal, State, or Federal? @full sandal

Yea

State specifically but I do know someone who works for the fed and his pension is roughly the same as mine(funded differently and whatnot) and he had the same idea with Roth + pension

Ah, OK. That changes things

My advice was going to be Fed centric

Then as the other person said, some government positions allow you to transfer step levels so transferring jobs can be very beneficial if it’s a reciprocal trade, like I can trade my step levels into the federal pension system I believe

That’s my fear with private, raises are a total mystery and the lack of job security is a bit worrying especially right now with how the tech market in general is

If you're saying transferring your state pension progress to federal progress I'm not sure if that is possible

I know one of them I can, I was reading up on refunds and whatnot in the specifics of mine

This is specifically the education field so it may have only been another educational pension fund

By progress I mean years of service, just as a clarification

I can tell you I was underpay and overwork when I work in the private sector

I was literally the only person in the IT team, beside my manager

never got a raise even though I was promised, so I left

Yeah, credit years/step levels, years of service. I think there was a way to transfer it into a federal one? I may be wrong but I’m pretty sure there was something there but it may have also only like the department of education one? Either way it’s kinda just semantics, transferring credit years varies by pension system and you can also negotiate experience to gain levels/years

I think the negotiation bit caps out at like 4-5 years or something or you can also just buy step level increases

I’d be the only IT in this role

Not even really IT specifically either

for a private sector right?

if so, I pray for your mental and physical state

Somehow I’ve only ever managed to get job interviews for K12 IT because I worked for the IT department in my high school and got familiar with that specific sector of IT.

Private job I interviewed for is a private school, only K-8 with like 500 users(staff and students) total

But I’d be the tech director essentially

Which very much a sink or swim situation and I’d probably be overworked but in my current position I currently have about 1k devices to manage

Not to bad but yeah I don't know about the education sector

But it will be a lot of work

And it’s basically just me in my current position too. I have a tier 2 I can reach out to but it’s basically just me day to day and I’m managing 5 network closets, shitload of devices and accounts, and it’s a vocational school so weird stuff too like plasma cutters and high temp welding cameras

Right now I’ve(in addition to help from tier 2) gotten to where it’s all fairly straightforward and easy, it’s all well organized and I feel comfortable doing it all. I just cap out at $70k with like $2k a year raises

Private one starts out at $60k(I think, I never believe them until I see the offer with the number)

But it’s me in charge of absolutely everything and I know there’s zero documentation as I worked for the MSP they are currently ending the contract with, that MSP was a bit of a shitshow

I need to be at like $60k to live comfortably in my area. I feel my options are either weekend job and keep government job, take tech director role and gamble, or go and touch some grass and get a partner than can move in and split rent

And the weekend job/tech director role sound much more realistic as options lol

ooof no documentation is a nightmare

If I’m going to gamble on jobs and whatnot, I’m at the age to be doing it, spend too much time with the gov and it doesn’t make sense to leave due to the pension even if the pay isn’t the best

And my job is pretty easy right now and a big plus is this place actually respects IT and funds it unlike most other places

well beside the money are you comfortable where you are or do you want to grow ?

I would like to do more but this is also the easiest/most relaxed job I’ve had(that actually pays a livable wage), I know if I leave it I wouldn’t get it back

You want a good work-life balance and a job that shouldn't burn you out

But at the same time if the job is something you like that is something you should consider

If you want to challenge yourself and grow, it is a risk you will have to take

However if you feel the current job fits everything you want more or less then that is something to consider as well

At the end of the day, you just got to ask yourself if you are happy with the decision you make

https://tenor.com/view/cat-gif-27567306

First time I think I’ve been faced with a decision like this, usually it’s always been pretty clear on what decision to take or outside factors force make the call for me

I could also just get a weekend job and likely make more than $60k and if I feel burnt out, it’s a side job that I could just quit on the spot

It's a hard choice, if you want to grow and you feel stagnant at your job. You got couple choice before you. You stay at the current job, and try to go to school, self-study, or something to gain a new skill set or improve.
Another one is to leave your current and hope that the new job provides you the challenge and growth you are looking for.
Another is to seek a job that you are more passionate in (its a huge risk taker)

or current option is to stay and proceed life as normal

With the private job I doubt I’d do it for more than 5 years or so, half the reason I want to do it is because the title would look good on my resume

Most time title doesn't mean much and its more on what you do in the job role, and the experience you gain

But I understand that title can have a good impact on people looking at resume

I’ve been screwed by roles that say ‘tier 1’ in them but in reality it means ‘ok you are a system admin’

Like I manage azure, Apple School Manager, web filter, only have read access to our network stuff and firewall but I message tier 2 to ask them to make specific changes, APs, Google admin, share point, etc. but it’s just ‘tier 1 helpdesk technician’

I think I need some guidance folks. I have no clue what jobs or companies I should apply to or where to even start. I have no IT work experience. I have a Comptia Sec+ cert and did that whole google coursera IT support cert (That was probably a waste). I'm just looking for a start and have no clue where to start. Any feedback would be appreciated. Thank you.

First look at jobs you're interested in doing. Then find out what they want. Learn what they want. Then apply to them.

Do you have any professional experience?

Not in IT.

Yeah, I was asking if you have any at all. Even if it's not in IT

Yeah mostly security, and customer service type jobs. For example my previous job was security for a casino. While working there I had to escort contractors into server rooms, and other network infrastructure areas. I tried to transfer into the IT department there and my boss blocked me from doing so because the security department was understaffed.

To anyone with a voucher and will love to give it away , I am kindly asking for it, so I could continue my learning for a SOC role

Lmao

Funny cat

City or rural environment?

I live in a medium sized city in Indiana. About 2 hours from Indianapolis.

Hi y'll

@river vector @vernal moth here for education and career stuff

I have learned and have practical experience in HTML, Kali linux, network scanning with nmap, wireshark and metasploit. All of this is sufficient or what should I learn further to boost my skills?

Brute force, hashing, wpscan and more

learn pretty much everything else haha

There’s so much that it’s pretty much impossible to do it all. Learn at your own pace

I got interview scheduled. I reconsidered things. I might move/relocate to their city. Cost of liviung is much lower than where I am and with that level of pay, I should do quite alright.

Good luck

I would also ask if they do relocation package or reimbursement

Thank you

They do

🇸 🇰 🇮 🇧 🇮 🇩 🇮

I have a question on job titles / start of career - I just finished my sec+, have a degree in CS as well as 1.5 years exp as a systems engineer / developer, have a bunch of experience working physical security. What sort of job titles should I be looking at to break into cyber?

Soc analyst? Cybersecurity analyst/engineer? Information Systems Analyst? I only vaguely get the differences between these roles to be honest. [Please ping me if you reply]

You should look at jobs on LinkedIn and such places and see what qualifications and experience they're looking for. Find a job you're interested in and apply. You don't necessarily need to have all the qualifications/ Also consider jobs like tech support/sys admin/qa... basically anything to get you in a job role.

I'm fairly sure tech support is a step back or two

considering I was a developer

As long as you're comfortable with things like Linux/Windows admin, Active Directory, networking and are continually growing your skillset

yeah

Also consider cloud, devops and similar roles... There are a lot of entryways into cybersecurity, and never dismiss an opportunity on the bottom rung, if you're currently not on the ladder

okay

You should read the Tribe of Hackers books if you get a chance

are those like non fiction or?

They're usually about $15 on Amazon

I'm on a tight budget right now :/

Oh this is kinda like a self help book? idk how else to describe it. A collection of advice

I'll look into it, ty

Yeah they contain interviews with professionals in various roles in the industry. The guy who put them together is ex-NSA. Here's a podcast interview with him on Darknet Diaries
https://www.youtube.com/watch?v=JemCG7y_2kc

I listen to darknet diaries every so often. I think i'm in the 50 or 60s right now?

Cool, so you know the drill. Ep 83 is a good one when you get to it

mmk

I'm never doing shit for Iowa.

Just apply to the roles you want to do based off reading descriptions. SOC Analyst, imo, is a step back if you're applying to Tier 1. You could probably apply to entry-associate engineering roles and do fine.

mmk ty

Gave +1 Rep to @stoic cave (current: #18 - 411)

I went straight from college to cybersecurity engineering, no certs but some other specific qualifications, and did fine.

That's not how I wanted to finish the sentence, but it's all my brain could come up with.

Yeah college for me was rough for a bunch of reasons

I didn't have it that well planned out at all

i want to get into red teaming or jr pen testing, does anyone know if i should do SOC first to get some work experience or as long as i know my stuff and get some certs (looking into OCSP by HTB) i will land a job fine

OSCP is not provided by HTB, that's an OffSec exam. Do you have a degree or any professional experience at all?

just A levels but that's about it

which is like american high school

planning on getting into compsci uni

OK, you need that to be your current goal in view then

noted

so you recommend me to get into uni instead of finishing certs right?

Yes

In terms of "paper" qualifications, a degree is the most important/biggest one

Just keep in mind this advice is more North America & European centric

nice nice, currently i live in europe but planning to move to NA once i am competent enough to land a job

Eh be mindful about it. See what their idea is with it. Sounds promising but you don't want to rush headfirst into a hell

well there are a couple options. You see a remote soc analyst position open, you may see 100 people apply who have some experience, various qualifications. So basically at that point, you worry about your competition. Having said that, no harm in applying.

Yeah I mean it would suck if they hire you as an alert slave and then spend 0 effort in developing you as an analyst

but on the other hand, lots of people can suffer through a year of a not great job to move onto a better one

I mean if they treat a soc like tjat where you just remotely click through false positives what kind of shit are you getting into even as a higher level

That's a decent point

I speak from a position of luxury where I just apply internally so if this is what gets people's foot in the door, that works I guess

It may end up being in a call center and your are traped.

There are some very strange job ads out there right now. It's like "oh IA, there is truly an Internet! We need ppl, now!"

Totally agree

https://tenor.com/view/chugging-alcohol-rick-morty-rick-and-morty-bottoms-up-gif-7318360215163274667

The job descriptions most of the time are written in wabbalabba

Hello everyone, I am recently completed my Bsc (Computer Science) Degree but I want to make my career in Cyber Security Please Anyone Guide Me How Can I Start?

What should I do next?

Master's Degree or Certificatation?

I think having a Master's Degree before you get any experience will work against you.

What should I do for experience?

Ideally, you would have to look at jobs or opportunities to get hands-on experience in the field. You might also consider doing projects that would demonstrate your interest before even getting the requisite experience.

Setup your own labs and do a couple of stuff.

Thanks for help 🙂.

If you have a degree, just start applying

If you're close enough to your graduation date, you can likely still get a Security+ voucher at the student discount.

Like inf0 said, and I agree, a homelab is a great way to demonstrate interest and also allows you to learn.

Just keep in mind, that is not experience.

also if you have graduated, any IT/tech experience is better than none so getting a job should be apriority if you don't have one

Thank you so much for your valuable information.

can someone suggest me which is the best platform to learn CEH (free) ?

Try hack me 🤙

and where should I start?

Dont take the CEH. Everyone talks different about it but it's not worth the money in my opinion.

Beginner learning path

which one should I take then, I'm confused here

This depends on the location.

Yes, me too ^^ . 1ooo ppl means 1000 answers

Where do you live?

Nepal

Could be ✌️just my opinion as i sad. Everyone should do what they want and think is useful.

Have a look around, see if Ceh is asked for in your job.

I know CeH is an HR "request" in India.

I recommend the comptia certs or cisco.

Also is Pen Testing what you'd like to do?

Otherwise, if you have no degree, every cert make sense. Cuz the HR and companys see "hey this dude is still educate his self!"

every cert makes sense

True, In a way, there is such a thing as too many certs.

Too many certs with not enough exp is a red flag.

Agree. Absolutely

I've wrote 2 companys today with my thm confirmation certs 😂 .

Those aren't certs

Confirmations

I wouldn’t put them on a resume. Most I’ve done is on some resumes, I have a 1-2 line ‘interests’ or ‘accomplishments’ section and throw THM stuff in there, usually I only use that resume for smaller places where I feel a human is actually looking things over. Still is a gamble but I think that one line makes me seem more like an enjoyable coworker & human, maybe giving me an edge over one that’s 100% pure business.

It was just a try. Sure u could be right but i think it depends on who is on the other side of the pipe. I have no degree or something like that and i know from a friend for example, he wrote company and they appreciate it because they know the plattform and some of them were in. Lucky guy... so. Idk.

How to do hacking

I would register to tryhackme.com and visit #start-here to get started on my hacking journey

Best advice i can give: Do not start at youtube

First job interview today

I haven't had a job interview since 2009

That was the last time I ... well no, I actually had two more interviews after that

One in 2018 and one in 2019

First phone interview today at 1:30pm

So I need tips for today. What kind of questions might they ask on the first phone interview

OMG

I just found out it's for a healthcare provider company, whose app I use literally every week. Nice!

Before all that

I have a question

What do you wear to an interview

Suit

"how did you hear about us," "what are your salary expectations," etc

A phone interview is usually just a check in with HR or another party as a preliminary check to the actual technical interviews

Are u sure you can pay me?

If I need a suit, I've got a couple.

They might also ask " Can you get us free Clash Of Clans gems"

Its a phone interview so make sure u wear no pants. It should help to relax.

They are one of the largest healthcare tech providers in the USA

Suit (top and bottom) with a tie. Depending on where you are, no loud colors.

Got it

Black should always work i guess

They want you to move and relocate and reimburse for that as well. Relocation package.

Depends on who you are interviewing with

I put down 85k/yr as I didn't know what they paid but after I did, the job showed it was around either a 100 or 120

one of those two numbers.

So that's one thing I screwed up on but it's okay. I'll try to get 100+ if it goes smoothly

at negotiating time.

Black suit is not going to be appropriate for 90% of the private sector jobs. It's very funeral-ish, unless the corporate culture there is 'suit and tie all the time' and the interviewers are wearing a black suit, I would not.

It's dark navy suit, not black.

I don't like black.

Rule of thumb is same as consulting "wear a step up from the employees"

And I have a grey one.

Also, it's a phone interview, not video. I can be naked even.

But ur a hitman. Ur in IT... fogotten?

Who is Ur?

"you are"

Sounds like a Mesopotamian name.

The King of Ur

It is but here i mean -you are- 😄

Ur Ne Biru

So type out 'you are' or 'you're'. The time and keystrokes you thought you saved, you had to do that to explain yourself.

Which was more calories burned and more work than just typing the correct word to begin with

🙂

Short hand typing might save a few keystrokes, but taking the time to do typing and speaking properly is very very cool.

I'm going to probably need to shut up with my opinions like this if I'm gonna be working a job with other people.

Hmm.

Its an acronym and legit

I don't speak Acronym.

I speak English.

Not my bad

What if someone is not familiar with the acronym? Then you just end up doing the work over again, and explaining the acronym.

They asked me questions like, do you confront others etc. etc. type of questions

I without hesitation said, I confront people. there is a right and wrong way to do things (live life).. etc. etc. type of answers

I would say "it depends". I work for a very traditional company and it still seems weird if someone wears a suit to an interview. I will say that it isn't a detraction if you do

I don't mind managing people.

So I think opinions like the one I hold are fine to hold and disperse.

Though I'm not sure if I want any sort of a managerial position.

but generally I'd recommend wearing something you feel comfortable in, but still professional. For women, it could be dress or skirt/slacks + nice top, for men, slacks + nice top

I would explain it or take conversations like this to burn my calories i've stored 😄

but it sounds like for an externally facing position such as consulting, they may expect suits

Well you are a racoon, so not fully human, and therefore not fully compliant with human behaviors.

Could be...

🙂

Got it

Anyway. Wish u luck and dont forget to forget the pants. 🤝😎

but in tech, you definitely get a variety of clothing options for interviews, I've seen a few people with a tshirt/nice jeans

Thank you

How much are you expecting to be paid?

Maximum allowed by your budget for new hire.

Maximum.

You can pay me 20k less, and you'll get peformance worth 20k les.s

You pay me 20k more, you get performance 20k worht more.

Inflation gone ujp?

So has my fucking labor.

Thanks.

If someone offeres me a job? I would work for free for the first 2 month 😄 . Serious. I offered it a company. No chance.

Minus the f word for the interviewers

😄

What do you do when you need a job too.

Both of us are desperate, but whose desperation is higher?

And at the beginning... Idk. I never worked in IT before.

They instantly contacted me

Instantly.

So obviously they are hurting for people

They can't find people to relocate and work on site in their city

So they are full of desperation too

Need to capitalize on that psychologically

Hack the HR brain.

Don't work for free. It devalues you, monetarily and as a human, and has a negative impact on your peers

It also potentially broke some level of labor laws where you were applying. Which is why they said no.

Yea. Was warned about that before. But the fact without a degree, i thought they can see what i can or not.

Rent is gone up, landlord says inflation.
Grocery gone up, CEO says inflation.
Everything... (every... thing)... cost more, inflation gone up.

But as soon as you say, yeah, inflation gone up, so has my cost of labor... and immediately they go.... LISTEN YOU ENTITLED AHOLE!

shaking my head

Sad but true

They claim to have a few hundred million patient data stored in their app stuff.

Oh yeah, they need security and they need massive compliance.

I would actually really like to work for them.

Which makes sense, cuz that's literally the de factor medical app used in the USA

Is this still cyber and careers? 😄

Yes, was discussing salary negotiation

Just trying to steer is back on topic 🙂

YOU will made it. And some day i will be here with the interview update and you will say " U R deserve it" 😁

Sry

Good luck to you too!

@bronze spire why is your name so familar..

OHhhh HI!

Anyone and everyone, please roast my resume! I'm trying to get a Soc Analyst/Security Analyst/Security Engineer position

Why put manager role experience here!? It has nothing to do with the job you want I guess

It demonstrates softskills and also I heard I should have at least 7+ years of past job experience listed, not just IT jobs

tbh, and others will probably chime in, but I think you're past SOC

Or else i'll have a bunch of gaps in emplymet history

Unless you're going for a higher level, tier 2 or 3 SOC position

Got it

Personally, I don't think the key strengths is necessary

I would also work on the formatting. I'd look at LaTeX, it has nice templates and is machine readable

Is there any idea that thm will provide such form templates in future or... nope cuz there are enough outside?

That's what I thought but after 500+ applications, I havent gotten a single callback for soc analyst roles

I've looked in multiple different states onsite and remote,

Government and private sector

Zero responses.

Ok so bachelor of arts

hmm

sec+/net+ is nice but not for a soc analyst. In my book you don't qualify

You need at least CySA+ analyst cert for SOC work without a formal education in IT/comp sci/information management

I could apply for SOC analyst and I have been, as I have some experience and a certification

I could be wrong. I'm sure someone else has more info

But in my humble opinion, you would qualify for SOC analyst if you had that set of skills/exp or certifications

Sec+ is a bonus for SoC work.

So I'm going to say it does seem you are beyond a SOC analyst. I'm not sure why your screenshots are fuzzy but also, one thing I hate to say is that if your current job doesn't align to positions you are applying to, there may be a question as to why you are applying, which is where an objective can be useful.

Professional experience
I know you are trying to qualify things you have done but unless you have facts/figures, stating something like "reducing social engineering risks" and "ensuring minimal downtime" doesn't really add anything to the end of your job tasks. You would want to focus a lot more on some of your technical aspects. My advice is be concise, get your point across and don't add words just to add them.

Certifications
fine but I would personally put this in 2 columns to save a bit of space.

Projects
fine, honestly I could take or leave this section

Technical skills
This is fine, but you list Windows and then list Windows Servers seperately. If you going to list Windows, I'd say specify desktop vs Server and if Server, you could put versions.

Key Strengths
Honestly, I'd drop this section, doesn't really add anything. These all just seem like repeats of your job descriptions.

Overall
Possibly add an objective, re-review your job descriptions and try to make them sound more impactful without adding things at the end of the statement. Like what did you do, did you design anything? Did you implement anything unique? Are there any specific security type functions you performed that aren't listed?

Your biggest problem is you are probably seen more senior than a SOC position, so you might just have to sway your resume in that direction.

like you said you "utilized monitoring tools" but you don't name them, maybe name them.

nah, I'm going to agree with Scrubz here, Sec+ is a bonus, no employer is expecting CySA+ or similar

AFAIK, in many places I have seen CySA+ requirement. Sec+ is a bonus. Bonus is not a requirement.

But his statement is a big vague, maybe you could ask him to clarify it.

Vague in what regard?

What does he mean that Sec+ is a bonus?

That statement could mean multiple things.

This is super helpful, thank you! I added key strengths to get past the ATS as clearly thats my weak point. I'm clearly not even getting to the hiring manager's eyes since Im not even getting HR/Recruiter callbacks.

Gave +1 Rep to @pseudo creek (current: #15 - 483)

Beyond SOC analyst?

I don't see that form the resume.

I see below SOC analyst.

Not beyond/above.

People with zero IT experience are getting SOC Analyst jobs and im a Network engineer

You dont think a network engineer can get a soc analyst role?

I fit all the job requirements on the jobs i apply for

Can? Sure. If they're giving them out then what's the problem?

Thats what im trying to find out.

I don't know how you seeing CySA+ on most jobs you are applying for because I searched both Indeed.com and LinkedIn right now and they only pop up on a few job listings (Indeed gave me 2 job listings for cysa+ and linkedin gave me 3)

I'm just telling you about the problem as I see it and you're refusing to even consider it

So I have nothing more to add.

to consider im not qualified so guess im Shit outta luck?

so I'll also say this is a mistake. If you fit 50% of the requirements, apply if it seems interesting

I have SIEM experience, log monitoring, incident response, technical writing, and a security cert

What more do i need?

1. Why are you being defensive after you ask for brutality on your resume?

2. Don't.

I'm asking you to support your claims, not being defensive

You literally asked our advice. I'm gave it. You can choose to refuse it.

Which just means I need to shut up.

you're the one being defensive it looks like

Sure.

I'm asking you to say more than ((you cant be a soc analyst)

Good luck.

Ok bye

your key strengths should be incorporated into your job listings, another way you could do a resume is how I have mine, I have something similar to my key strengths at the top of my resume, which includes my skills. I don't have a specific skill section. But I've had a variety of jobs so those skills basically are across multiple jobs. If it was within a single job, I'd incorporate it into that job

🤷

Who pissed in his cheerios?

I see a terrible attitude, and quite unprofessional way to comport yourself. How would you handle conflict at work with another? Silly confrontations without tact?

ok, you should take a bit of a chill. I don't see a terrible attitude or unprofessional manner

He asked for our opjnion. To be harsh and brutal so he can improve.

Now he's being defensive instead.

Don't ask if you don't want to receive.

I don't like the listing of tech names in skills. I'd build out the comments on your current role, aligning it more to a soc job

you aren't being helpful. you aren't really offering constructive criticisms. I would keep that in mind if the future if you want to try to offer advice

I'd see strengths more as personal skills rather than technology aligned?

Yes. Talk like this at work. See. Clear example of a unprofessional way to comport oneself.

I wasn't wrong.

Have a good day.

I asked you to chill, you really need to take a break

It's none of my business or my life. I am not involved. Seriously, good luck and have a good day. 🙂

My reason for Sec+ is this

There is a reason why Comptia has a CySA+ certification which is totally differetn from Sec+

Its primary focus is SOC Analyst work.

Consider it.

reason being, more money for them

That's one reason.

also telling someone to consider a cert vs saying they need it, are 2 different things. Again, I don't see the job listings asking for it, maybe you are, its all good.

I agree. Also don't be afraid to apply if you match at least 20% and have other knowledge of the type of work that role does. Always let them tell you 'no', don't disqualify yourself unreasonably.

Also, SOC analyst is quite a boring job.

You will get dulled out quickly.

All you do is mostly monitor SIEM and check out logs and it's really boring work in my humble opinion.

Unless it's your sort of thing.

How can you say that without knowing the person at all?

Something exciting would keep your intereste far longer

Some people really enjoy SOC work; the routine really appeals to some people, and it's not true that everyone gets bored of the SOC.

I'd like DFIR

Have you had experience as a SOC analyst?

I love forensics and investigations.

I know plenty of people who love SOC work

and also SOC work can include DFIR work

it depends on the SOC

Isn't SoC DFIR?

Most of the engineers in our SOC also do investigations and IR.

I think MSPs may be different but what do I know. Our SOC does DFIR

Saying that all a SOC does is monitoring is at best half accurate. Monitoring and logging are always going on, but that doesn't mean that the SOC doesn't have other duties as well.

Many SOCs also do vulnerability scanning and manage remediation tickets for a variety of security related activities, including compliance, vulnerability findings, pentest findings, et al.

Pentesting is also part of it?

I hadn't heard of those job duties in a SOC role yet

I'm sure there are hybrid roles etc.

The few I've spoken with only mentioned going over pentest reports and audit reports for analysis for the thigns you mentioned, but not to actually do those. Those are done by other departments afaik and what I've been told.

There's a big difference between doing the pentest and doing the tickets for the pentest findings. That said, it is sometimes a thing where a SOC engineer will do security assessments. Many companies can't afford a dedicated full time pentester, but still have a requirement for internal testing.

I have not myself worked in a SOC, but I have been an analyst for two companies in minor analyst roles.

Every org is different. Making a blanket statement about a thing you don't actually have any experience and real knowledge about is never going to be as accurate as information from a first-hand source.

To me no work is beneath me or boring to me.

A job is a job is a job. Not recreation.

That's completely irrelevant to anything that's been discussed so far.

Take out the beneath part and boring was the OP.

I simply added the beneath part

Also, I'm kind of fearful and walking on eggshells

I've already been threatened in hushed tones by a moderator for simply having a normal conversation.

He just didn't like what I had to say.

So I stopped saying it.

You can't disagree with mods ,they call that arguing

You simply cant' be free to have a free and open conversatino here.

You just can't.

Some WILL dislike somethign you say for some odd reason and then try to come after you.

Follow the points by AzureZojja. Furthermore, make your skills relatable to the target job requirements. You will understand your job, but the reviewer will only understand the target job, in essence attempt to speak their language. Also for skills, quantify achievements for showing impact of your contributions. If you worked on a 5 MIL project and reduced cost 25%, that shows impact. 🙂

so yes, my autism combined, i'm now wakling on eggshells and afradi to takl here openly.

Sigh.

You were not threatened. You weren't just talking, you were starting an argument with another member

I wasn't starting any arguments.

You are more than welcome to disagree with mods; just be aware of what you're disagreeing about. Arguing about the rules isn't really going to be productive. If you disagree with a rule or feel a moderator is being unfair, DM Jabba.

Scrollup and read. I literally moved on first.

"you are unprofessional" isn't starting an argument?

No desire to argue.

No.

you did it twice

It's what he asked for.

ok, lets not rehash

Yo guys, any tips on how to make a resume for you first job without work experience and projects to put in?

I understand you're dealing with kids here mosly

I get that

and like juun said, if you think you are being treated unfairly/disagree with a rule, contact Jabba

I appreicate that its's hard and diffucilt to moderate over children and young people

I get that.

But Im' in my 40s and I don't need to be policed around like ac hild.

Come oin guiys.

Please.

but also one of the rules is not to argue with mods

again, this is #cyber-and-careers, we want to be constructive and helpful to users

I know exactly how to comport myself with dignity and honor and respect. I don't need to be policed around as if I'm a teenager unable to behave himself.

Thank you.

lets qualify that with, argue with mods about the rules here - I'm happy if someone can argue with me about a thing I misunderstand, and they can demonstrate where I'm wrong with my technical knowledge.

If I remember correctly, you're younger and not out of high school yet right? If so, just apply for local jobs that the high schoolers usually do.

everyone, regardless of age has to abide by the #rules

Hey... we had a little-finger-promise that we don't use acronyms.

I didn't break any rules.

He asked for a review. I gave it.

I am not interested in getting stressed out over this before my interview

Can we stop this?

Your resume will contain your school and not much else. I don't think I have an example on hand to provide.

You're right and I'm wrong

Please just stop.

Spread love and support and help each other

Don't.

Don't try. Someone will dislike your help and come after you

It is inevitable.

https://tenor.com/view/deadpool-funny-gif-22781913

Yes. There's like summer practice jobs for people who are still in school but want to work. Found a cybersecurity position and wanna apply to have a bit of experience

So I'm giong to go back to just worrying about msyelf.

Okay, thanks

Gave +1 Rep to @stoic cave (current: #17 - 414)

If you want to stop the conversation then simply stop typing?

again, this is the #cyber-and-careers channel. Look drop the topic plz

Man I really wanna do that but the job IT job in Vietnam kinda suck

That's good, I'd apply. I don't think they'll expect you have anything to be honest.

so like a half page "resume" with my name on it, maybe a picture, a bit about me and school, right?

I wouldn't do the picture

Depending on where you are, you may be able to work part time as part of a work-study program with your high school or secondary school. You likely will not be able to get a job like that in cyber or information security, but a tier 1 help desk or support role might be a good fit.

Few question but does it require you to have a lot of knowledge in IT, cyber security or certain degree

Do they like train you

I'm not sure about work culture

If you're talking about my case then no. Here in EU they mostly require a school with IT as main subject

Lucky

Basically yeah, they train you to do i guess one task and you do that task until they decide to train you a bit more

Let me see if they have that in Vietnam

I think its more about the workflow. To catch a snatch of whats like to be in IT.

Astronomically small chance

Yeah I'm trying to get that too

I just had my first callback ever that i got strictly because i know an employee there (it was for a security engineer role) and the HR lady seemed super impressed with my background and was exciting to move me tot he next step and then during the interview my friend DM'd me in discord that the Security Director just offered the job to someone else..... so i told the HR lady and she said, "wow that sucks, wish they told me.."

SO CLOSE!!!

Well now i cant say I've NEVER had a callback yet

yeah I'll say one way you'll be able to do it is through connections. Someone with your background would be valued.

Unfortunetly she was one of two connection i have in cybersec

Something you can do if not doing already is get on LinkedIn, make connections, let people know what type of job you are looking for

I have but there's another 99999999 applicants doing the same thing in every group I join. I have posted that I was looking though

also you can see if there are any local Cyber/IT orgs near you

I know a few people who got jobs through ISC2, attending local meetings

I'm part of my local Defcon chapter that i meet with weekly, thats how i scored this callback

I've been told this before but i have no clue how to quantify my work... the money being saved and costs and dollar amount impacts isnt something available to me at my work. no graphs, i cant see budgets, etc.

Check if there's a local BSides in your area.

I'm fortunate to live in Las Vegas where al the conventions happen, i've heard of bsides and still need to look into them but unfortunately they all happen during work hours... and im saving my few precious vacation days for final interviews

They have a site: 😎 https://bsideslv.org/

also ISC2 las vegas
https://www.linkedin.com/company/nvisc2/

Attend the PROs vs Joes CTF 🥳 https://bsideslv.org/prosvjoes

I feel very nervous and I'm sweating even when the AC is on

20 min to interview

I googled up interview questions and everything

Asked chat gpt for most ocmmonly asked questions and aqnswers

also this page for ISC2 apparently (nice cover pic)
https://www.nvisc2.org/

I already signed up 🤞

Thank you!, I applied to join.

Gave +1 Rep to @pseudo creek (current: #15 - 484)

Is linkedIn that beast? Serious question.

I think it's a good way to network

Don't treat it like Facebook

Okay. May i try it.

Thought it is the shodan of social engineering 😄

Jokin' but yeah, it could be used this way. I wasnt sure but as i said, maybe i take a look 🤝

Okay. Task for tomorrow.

Don't put a picture on a resume!

why 😭

It's a red flag to employers, and what you look like should have no bearing on whether you get an interview

It just opens you up to possible discrimination with no reason benefit

Would you say the same with putting your age there too?

oh damn, its that deep

Absolutely do not put your age on there

IMO it doesn't actually matter if it's a protected category or not, there's no reason to include information that could lead to people judging you unfairly

Personally I recommend having one and keeping it up to date, semi regularly update it even if you're not looking for a new job

Means you don't have to do so much when you make the decision (or have it made for you) that you're going to look for a new job

I mean your age will show with schooling/experience

I wouldnt put your highschool dates either

And dont put your GPA on there unless its close to a 4.0

Yeah, yours is going to be unique. I can review it on the side, whenever you're ready, if you want

Also you said you dont have any labs to show off. Thats an easy fix! There's some awesome ones online you can follow for free

Lol

It's mainly going to be translating stuff

Yeah so why tell them explicitly bonus info they could discriminate on? Make them work for their discrimination!

YOu willing to move?

I know there's several SATCOM CyberSec positions open here in las vegas

I applied to them and they laughted at me because i dont have satcom experience haha

Worth trying imo

If the money adds up for you i mean

I'm willing to move to pretty much any state in the U.S. if the salary matches the cost of living haha

I'm desperate

Wife is pretty much on board too luckily

Stay away, the rat race is miserable lol

I loved living in Maryland

I mean that's my take as well

That's no longer a van but a bus

Probably requires a special permit

where do you live now hym?

Too bad

ahh

It has its pros, but I'm a cold weather person. The heat/humidity and no winter is miserable. I also run into and have to deal with way to many high level people for my liking as a twenty something.

I'm sorry?

Ah you're there. I wasn't going to ask incase you didn't want to say lol

I'm nosy

Georgia sounds awful climatewise

But I'm from the North, so heat and I don't get along

Further north here 🙂

The true north

Strong and free

Sure believe what you will

Hymnosi, mind if I DM?

@stoic cave Sorry for the ping.
I see that you have the GICSP certificate, so im sure you have a lot of experience working with industrial systems and people who work with industrial systems. So, im still trying to figure out if i should study to be an ics red teamer or ics security architect and i wonder if there are any AWS certificates that would be a good bonus for an ics security architect position

1/2 hour interview went well.

They said they'll let me know via email next steps

Let's see what happens.

I talked with a network security engineer, not HR at all.

Congrats (acronym for congratulation friendo!) 🥳

😛

lol

that's a shorthand version of congratulations, but not an acronym

Sorry but for today its my runnin gag. But serious, great news.

thank you

in the meantime, uber eats delivery

gotta making a living somehow

They want to proceed to the next steps of the interview! I got an email to schedule a technical assessment!

It was interesting, Justin is a good instructor if you have him. I'd equate it to Security+ for ICS? Basically a firehose of ICS 101 intermixed with security. If you do take it, take the exam right after, no more than a month or two. It's a lot of material.

I do not work with Industrial Control Systems per say, but I do work in an environment that's quasi Operational Technology. I'm going to say it again, you need to finish high school and go to college first. Those are your priorities. You're trying to sprint before you can even crawl.

The next class up is almost all hands on with minimal handholding from my understanding, so that's up to you if you think you can do it.

If you're after something new, it would tickle that curiosity.

I definitely should have been more attentive. My ADD hit hard unfortunately, it was my first sit down/lecture learning since college, and the course started 3 days in to me being there.

It was a 5 day course but I was there during a summit

So i had day 0, the summit, and then the course

Yeah. Tbh I credit it with changing my perspective at my last job.

It definitely opened my eyes and helped me to comprehend directions and instructions that I previously thought were asinine and contradictory to security

The cert

Outside of certain Gov or critical functions, it probably wouldn't make much sense.

Some orgs roll analysts into enterprise

You'll go over that in 410 lol

At least with Justin, I can only speak to how he teaches it

I mean, if you're trying to stay in Gov after ETS, I don't think it would hurt

I mean a free pick is a free pick lol

You never know who you're going to meet at those courses either. I met some interesting people working at interesting places

Yeah, that sounds like it sucks

Haha, understandable

I hear you

Moreso after the GWOT it seems, from talking to people

As long as you don't have a SMART contract lol

Pay is localized GS typically

There are some places that use slightly different scales

Yes, I worded it poorly

sub paybands

There are additional modifiers and requirements depending on which step it is

The steps are your raises

Yes

You progress steps 1-3 in 3 years, steps 4-6 in 6, etc etc

Afaik though, that's really just guidelines

As with the Army, you can waiver almost anything

ie you need a letter to earn in the top 20% of your payband, iirc

There's some weird stuff

This is what makes cyber interesting on the GS scale though Since a distinct work-level to work-level pay comparison is required, beginning pay rates for GS jobs must be compared to beginning pay rates for non-Federal jobs at the same level of work, etc

Yeah, idk that seems more for certain agencies than standard cyber FedCiv

Hey guys, I'm working on my resume to apply for some cybersec jobs. Is it okay to put like side skills I have? For instance, I'm trying to apply for some SOC analyst jobs and I'm putting things saying I've done like various raspberry pi projects, have some basic programming experience in C++ and Python and even maintain a 3d printer/firmware flashing.

I want to make the impression that I'm interested in IT/cyber security even outside of a job

Is this okay to do?

Okay thanks!

Yes, personal projects go under a projects section. This is not experience and I'm leaning towards not putting that stuff in skills either. Your skills and experience sections are for professional experience.

hello

Heeiii , any idea where i can study security +?

on tryhackme or even on other sites

if possible can someone give me an overview on my resume ? idk if i can upload pdfs here or what

my name is youssef i graduated from year 20 22 , during my college i focused on programming and scripting for automating tasks along with system analysis and understanding the basic and concepts of networks and computer hardware and software fundamentals , i have done several projects during this years but my most memorable one was a project revolving around automation of a business model for a start up , i integrated the automation process with odoo ERP

to facilitate all the business needs , after graduation i have studied cyber security and system administration and networking until i was enrolled in Air defense college for the military , at the beginning there i was doing basic troubleshooting for hardware and software along with assisting useres in their daily needs after 3 months i have been granted access to the servers and file shares and i began my analysis for the system there and i found several points that needs improvement i finished up those improvements and hardened and secured their servers after 6 month there a big project for the base was getting planned segregation of the base network along with enhancing the security for the base there i have dealt with VLANs , firewalls and network connection of intranet and extranet and hardened the configurations of the network along with deployment of Kaspersky security center and wazuh seim and xdr tools and that was my final work there after finishing my enrollment i kept studying cyber security and networking

and i started working at Safir Halls as an junior system administrator i began by analyzing the needs of the company tech and planned a project that would enhance all their IT areas i began by the infrastructure and segregation of Nvrs CCTV feed , Guest network and internal network to remove any bottle necks and ensure a smooth transmission of data then i started working on the fire wall for the company and wan connection i deployed Sophos firewall on all the company sites and configured the necessary configurations to harden the network and the system after deployment of the firewalls i started working on connecting of the site resources through a vpn connection to ensure an encrypted and secure connection along with configurations of failover mechanisms to ensure high availability , then i began working on the Cameras system optimizing any misconfigured configurations and set up a centralized monitoring station for the company after that i began the deployment of security tools to protect all the endpoints ensuring all systems vulnerabilities are removed and ensuring that all the systems are free of viruses

i finished all the work needed for the comapny right now and i feel am wasting my time thats why am searching or more jobs and trying to optimize the resume

Professor Messor on youtube, you can buy books if you have the money, or take some courses on udemy or coursea

There are also a syllabus on what you need to know, so you could do some google search research on those topics to get some better ideas.

Overall, from my experiences I use Professor Messor + Security+ books, and ffew practice exam question to pass my test

thank you for your infoo

is the path am walking right now good or what do i lack right now any idea ?

I haven't check your resume, I rather if you send a screenshot then the pdf (cause I don't know you personally or I believe it may be crafted with a malicious virus or something). So I can't see much on it

Not to be rude or anything, I didn't read the wall of text, I skim a bit so I believe you have somme experiences in IT or cybersecurity

So my response is do you have a website that list your project

Do you have a github that show other projects or work you done?

Have you continue learning and improving despite not finding a job right now

i'm looking into whether self-training or university is a better way of getting into cyber security. Like i'm currently doing ISC2 CC and will do some other online free courses such as a pentesting one on cisco skills for all and qualys training. what else would help? I'm effectively trying to find a way to bypass the 2 years of experience in IT helpdesk.

It's usually beneficial to have university qualifications, but most university grads will still need to go out and gain professional certifications. ISC2 CC is a very basic certification, a good introduction but not considered sufficient training to pass the SSCP or Security+. which are considered foundational certifications. The Cisco courses are also good foundational knowledge.

With regard to getting a job in cybersecurity, the field of cybersecurity is highly competitive and requires a broad range of skills and experience. The courses you're taking part in are really just introductory and a good step on your way to gaining the skills you'll need. You also need to learn a sufficient level of Linux/Windows administration/command-line skills, networking, understand the fundamentals of Active Directory, pushing for broader knowledge through more training, perhaps some bash/Powershell/Python skills too as you develop.

The role of pentester is one of the most highly skilled and in-demand positions in the field of cybersecurity and requires a lot of skills, knowledge and constant training to get up to and maintain a consistent level of skill. Try Hack Me is a good place to start learning the practicle and theoreticl side of this, and many other cybersecurity roles.

Don't be dismissive of roles like helpdesk, quality assurance (qa), sysadmin, programming, networking or cloud as stepping stones. It's very difficult (though not impossible) to be considered for cybersecurity roles without demonstrable experience with IT/programming/other cybersecurity roles but it is a long process. You can read about the various journeys other people have had in the Success Stories section of the THM blog:
https://tryhackme.com/r/resources/success-story

i've already got a few programming projects under my belt in web languages and will do one as part of my studies in python.

Okay but personal study that's not part of an official course or something that gains you credentials like a college degree or certification won'y necessarily be recognised as a good example of your skills. I would suggest writing a blog and/or producing your code on Github/Gitlab so you can link to the projects you've completed. You should consider reading the Tribe of Hackers books. They're sets of interviews with experts in various cybersec roles and can give you an idea of what you should pursue.

Consider learning how to participate in CTF competitions or doing Bug Bounty to gain experience once you're at a certain level of skill. HackerOne's Hacker101 has some basic training and PortSwigger has free training as well, which are excellent complements to the learning on THM. You might also investigate PicoCTF, a training platform from Carnegie Mellon, a very successful producer of professional CTF players
You should read these two blog posts as well:

https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

is it worth mentioning my THM level on my resume?

it doesn't really translate to anything so I wouldn't. I would mention that you use THM for personal development.

okay

ty

Do employers look at which university you have went to usually when you go apply for a job or go to an interview? Or do they only care about the degree (In this case Computer Science)?

There are boring parts to pentesting as well. Record keeping, logs, notes, findings, and ultimately reporting. Hacking is all fun and games, sure. But everything else sucks.

Pentesters should have assistants who do record keeping and reporting so the pentester can focus.

There should be a new job career, pentester assistance. Like electricians and plumbers and carpenters. Everyone has an assistant. Or 'helper' rather. Not apprentice. Or maybe apprentice too, why not. Maybe people who don't want not hack or enjoy hacking but enjoy reporting.

no. One benefit of certain schools is they may have partnerships with large businesses including more opportunities for internships and such but in the end, what school you graduate from doesn't matter (this is true for the US, other countries may differ)

That's not entirely accurate as the reputation of the school matters as well, but overall, if it's not a 'bad reputation type diploma mill type university' then you should be alright.

I'm assuming the university is accredited, diploma mills/unacreddited schools shouldn't factor

Even if you're accredited, some are considered diploma mills, even if incorrectly

Example is WGU

You will find both opinions in large quantities

nah WGU is fine

WGU is an excellent choice if someone already has work experience

That's not the point

The point is perception. If someone hiring you percieves that school to be sub par, they'll skip you

WGU isn't considered a diploma mill

I don't put universitye on resume

Only degree

By some it is.

Check reddit

I'm nit making this up.

reddit...

Doesn't matter what forum; or site

HUMANS ARE TALKING

As someone who knows many people who have used WGU and as someone who has been actively involved in hiring practice, WGU is fine

Why disregard humans because they're on that website

one of the largest support gruops for WGU is on reddit.

Check it.

why would I check it?

Sigh.

I'm not going to let you do another argument then try to reprimand me.

I'm done.

You're right and I'm wrong. You win. You're a mod. This is over.

fine, I know you have a strong opinion, I gave mine, you can disagree if you want but in my experience, what you said was not true

and again, this is all based on the US

I did my BSCSIA and now MSCSIA at WGU.

....

You're just... not a pleasant person toward me and I am not goiung to do this wiht ;you.

Please stop.

Good day.

ok then good day

what you said was not true

What I said and which is true, is that there are some, perhaps many, who consider WGU a diploma mill. You will find those comments verbatim on the forum I told you.

Good day.

and again... if you have details on how companies said they don't hire, then fine but WGU is used heavily by those that have been in the military to check the box

Alr ty.

yeah thats why I generally say its good for those with previous work experience, especially military. I can see how it might be a mistake for someone who has only done freelance and/or never had formal work experience

with everything "it depends", I think the SANS degree may also be another good viable option, I see a lot of people going that direction

ahh but you can use the GI bill no?

or at least SANS.edu says you can, but I was never military so I don't know how hard/easy it is

do people do resume reviews here?

yeah sure

Who can help me with a vapt report template

Just make sure to remove any PII before posting it here and asking for a critique

How important would u guys rate github repos for carrer or job hunt?

It will depend on:

1. What your specialization is?
2. Where you are in your career - starting out, experienced, etc.; and
3. What you have in it.

Disclaimer: I haven't used it thus far, but that is how I would look at it.

Thanx 🤙
I meant it in general. If you were a recruiter and someone submits his github projects with.

Only a handful of recruiters will have an appreciation for it I would think (based on those I've had a chance to talk to in the past). It is something that might be appreciated by the hiring manager though, again depending on your specialization.

hello guys wanna convert into a security audit career which certifications should i take (the easiest one to get and how long it ll take to prepare it ) ?

We cannot assist you with work.

What are you currently doing now?

I only asked for a sample of vapt template

am a cyber security developer / analyst

Help me with the report template if you have any

You're going to need to do some research utilizing your favorite search engine. You asked who can help you with the report here and in #infosec-general. We cannot assist you with work.

Do you have an audit team where you work now?

I'm not in auditing, but the advice I would give you now is to look at job listings in your area to see what they're requiring.

no unfortunately

okey thank u so much

Gave +1 Rep to @stoic cave (current: #17 - 415)

Then you'll have an idea of what they're looking for. This will allow you to build out a better understanding of the requirements.

You should probably consider the CISA/CISM from ISACA and ISC2 CGRC/CISSP

CISA is definitely the auditing cert at least in the US, not sure about other countries

Do u Know how much time I need to study for it ?

Do u Know how much time I need to study for it ?

no. I'm not an auditor, I know auditors

ok thank u so much for ur help

https://www.reddit.com/r/CISA might be useful

thanks again ^^

Gave +1 Rep to @pseudo creek (current: #15 - 485)

What side is typically more often remote? Blue team or PenTesters?

I would say it more depends on the organization and the industry you're supporting/interacting with than red vs blue. With the industry having more "blue" roles, it's likely going to default to that.

Ok, thanks! 🙂

Gave +1 Rep to @stoic cave (current: #17 - 416)

is there a way to get picture permissions?

for resume review?

🫡

ok so my resume used to look fancy with like side bars and stuff but i read that it can be hard for the software they use to sift through resumes to read it so I made it a lot simpler

I usually rearrange the qualifications in order of most importance to the job posting

A lot of white space

I would move your experience after summary

Instead of Qualification I would mark that as skills

Note CompTIA Security+ instead of Security+

not sure about the TryHackMe Soc cert but it should be fine

TryHackMe does not provide certifications

Do you have github or a website you can add on, as well as linkedin

Certificates and Certifications are not the same

Thanks, I was unsure about if they offer anything of the sort lol

Gave +1 Rep to @stoic cave (current: #17 - 417)

I probably move that to Continue Education or something

Like TryHackMe (YYYY- Present)
-SOC Course Beginner
-Usage of blah blah blha

yea my bad i thought if it was a certificate it was considered a certification

oh i gotta add the THM usages

This is a rhetorical rant or whatever, but damn is it tough to find a job. I did the google cybersecurity course then got my security+ cert, and I have pretty good tech industry experience. I'm limited by needing remote Canada jobs though and it's a legit struggle to even find things to apply to.

this is what i have so far

it has a lot less white space

I would remove hobbies

ok

Do you have projects you done?

Maybe you can include those and expand on it

Your experience is very limited

So you need to add more tech experience in the mix

Why 🤔

I cant really think of projects other than like textbook assignments or just basic labs

I mean unless they require someone to do jiu jitsu on a customer or employee 😅 I doubt employer would care about it

It’s worth having on the end. I know people that have missed opportunities because they didn’t have hobbies lol

Better to have and them to ignore it than to not.

You can also list TryHackMe/ HTB/ PG under hobbies

If you build a website that has your hobbies in it that is fine, like you could say you built this website listing who you are, what you like to do etc

I was just looking for something to fill in space google says that hobbies can be fine but maybe not in this space

lol, then its fine I guess

Put it on the end, won’t hurt to have

should i put hacker101 and thm under continued experience and hobbies?

I probably wouldn’t list them as experience, I would list them as hobbies

Continue education would sound better

But you can put it under hobbies as well

Are they recognized in the space as education?

like if i put it in hobbies theyll know that its aided in my continuous learning?

eh depends on who is looking at your resume

also what would you say a project is, what seperates it from doing rooms?

or labs

Projects are something you build, document, and broken/fix

Think of like setting up a home server

is setting up a virtual machine a project?

You put Windows server and Kali linux, and a SIEM.... etc

Like building out Vmware?

Or like Installing vm's?

virtualbox

Explain more

just like making a kali vm in virtual box, whats the scope minimums for it to be a project

Uh no, that would not be a project

a project is something you do like setting up a linux vm is a few clicks, its not something that required much thought/planning although there are ways to screw it up. I guess also think of the business value. would there be much business value in someone who built a VM once?

like if you automated the building of VMs using code, that could potentially be a project and you could share the code on github

^

So like this, if you build 2 vm's or more and link them I would say it be a good starting project

Is it still worth applying before I finish up some projects?

But i think ill start with th server

Yes, I recommend try to get into IT HelpDesk if possible

Or maybe a computer repair shop or something (like Geek Squad would be good)

hello

i also just think about to create vm and run windows on it

but i cant start to implement on it because i am scare of it

well don't be scared... whats the problem? also this is the careers channel

maybe move the dates worked over to the right side, try to remove some of the needless spacing. they usually spent like 3-5 seconds per resume, if you have stuff hidden on a second page they probably arent looking at it. putting it on the right side will remove some of the white space too.

what i do is i make a bare bones resume and then edit it from there

i usually just have a generic one thats well rounded, i have been using that one to apply for weekend jobs. any job i actually want as a full time job i will edit the resume in small ways to help me for that exact position, usually copying buzz words out of the posting and putting that into the resume, renaming the location i live in depending on job location(instead of saying the city, ill list the specific locality if im nearby it), just small things to help give me an edge with it

good idea to do that with a cover letter too, keep a barebones and generic one handy, then make a targetted cover letter per job.

id try to get the resume to look more like this

ive only managed to have the opportunity to do this once but if its an in person interview I print out my resume and if there is anything else with it, put it in one of those small binders with the see through front to hand to the interviewer. since covid everything has just been zoom meetings though so i don't know if in person interviews are really a thing anymore. i think its a shame, i feel like id do better with in person over virtual interviews and i just have a hard time getting in the right mindset for it if its virtual.

I was reading the ai they run it through has a hard time reading colomns but if you think its good I'll add them back.

Oh nvm i get what youre saying

i had a roommate who worked in HR and would sometimes be apart of the hiring process, he said his method was just Ctrl+F for the buzzwords

and then filtering everything down from there, then they did interviews and basically kept a score sheet of how many of the specific technologies they said they were an expert in(basically its 3 answers, no experience, some experience, or skilled)

so say you managed a Palo Alto firewall at a job but they want CATO firewall experience, maybe target your resume for it and if asked, say you have experience with CATO

the skills with managing it are basically 1:1, its just that you will need a couple weeks to get used to a different UI but depending on the place being 100% honest could cost you the position

Yea i try to use buzzwords at least my skills section i think has a lot of them.

Since you say the first page is more important would you recommend moving skills back to the first page?

Swap it back with education

Well i guess i should see how it fits in a new template first

I feel like skills just looks awkward and is kinda weird to make on a cyber security resume because youre expected to have experience in so many things.

Hey THM, I have a few quick questions while I prep for job hunting

• What makes a good cover letter?
• What makes a good readme on github?
• For "old" (few years) student projects that are good projects but I might not nesessarily remember all of- how should I describe these / explain them? For example I have a machine learning project I did but I don't quite remember all the technical details (mostly the high level math) I was doing for it. How should I go about including this?
  It's kinda of overwhelming how much information is out there to sift through and I figured asking people in industry would probably yield better results for my specific application
  @ me so I'm sure to see if you've answered my question please 🙂

Personally I’d keep it one page unless you have multiple degrees and at least a dozen certs

If it isn’t something that would make someone go “wow” I would keep it to one page

My cover letter is my resume posted again lol

I don’t think they even read it tbh

on the off chance someone does read it I want it to be good lol

It’s just fan fiction about how much you love working and cubicles

Hi I studied IT for 2 years at university (network, system, programming...) I'm 20 years old and I'm currently receiving job offers to work as a technician (support, network, etc...). My long-term project is to work in cybersecurity, but I don't know what field yet. I'm thinking of starting out as a technician to learn the infrastructure while working towards cybersecurity certifications before landing my first cybersecurity job. Here's the situation 🙂 Can anyone advise me on what to do? Is this a good way to get started in cybersecurity?

Is it temp agencies reaching out to you with ‘direct to hire’ promises?

no, these are companies that offer a real permanent contract.

Cover letters are good for explaining things like your career change and such. whenever I do resume reviews, I always read the cover letters if they are included

I’m pretty jaded with it all, I’ve gotten every job either through nepotism or treating job applications as a numbers game, so my advice isn’t the best

Hello, I want to use open browser function on Burp's proxy to open chromium browser but I got an error "You Os does not support's Burp's browser running with it's sandbox enabled" I followed the instruction to disable the sandbox, but on the settings there is no such option to disable a sandbox.

hi guys could someone help me with web fundamental part 1 user Accounts, Profiles, and Permissions question What is the account description i am stuck if somebody could tell me the ans i will be really thankfull

#room-help

This is more of a question for #infosec-general if you haven't figured it out. If it's for a THM room, #room-help is the best place to receive assistance.

If you haven't fixed the formatting yet, that should be done. Use something like LaTeX AwesomeCV and then once you fix it, post again.

🫡

Hey pals, where do you search for cybersecurity related jobs worldwide?

Usually the internet

Little unhelpful don’t you think? 😄

Yes it is, I know. I was going to reply more but I got distracted

Depends on where you're based, honestly. And what type of job you're looking for?

Many people use linkedin and indeed

There’s also many other job hunting websites

For EU and US:

• Goverments usually have their own job websites, for local, regional and national governments
• Companies and orgs are either on linkedIn, or are aggregated into job board websites by field
• Large websites like indeed, glassdoor, or such

Thanks for the answer. I'm familiar with the large websites, I thought maybe there is something else that's focused on Security 👾

Gave +1 Rep to @coral vault (current: #730 - 5)

That really depends on where you're based. There's organizations that broker specifically to fields like IT. Look for recruitment agencies that cater to it

I'm based in EU

If you're Dutch I can help you out, otherwise I'd recommend searching in your oown language for vacancies or for IT recruitment agencies

Because It's really country-specific

Ok, I see. thanks

Hello guys please I just joined Tryhackme I am on task 2 hacking your first machine

If your transfer was successful, you should now be able to see your new balance reflected on your account page. Go there now and confirm you got the money! (You may need to hit Refresh for the changes to appear)

Above your account balance, you should now see a message indicating the answer to this question. Can you find the answer you need?

I got the hacking right but saying incorrect answer please how do I answer so i proceed thank you

this is the careers channel, you should try #room-help

Thank you

Gave +1 Rep to @pseudo creek (current: #15 - 486)

Hey guys, I’ve started the Microsoft security analyst professional cert and am almost done, was wondering if anyone could help me figure out the next best steps to take in getting a job. Thank you!

What other skills and experience do you have with computers, operating systems, coding, networking and cybersecurity? Do you have a college degree (not always necessary)? Have you experience in Linux, Windows, Active Directory, Cloud? The Security+ is a good step to gaining basic cybersecurity knowledge. I haven't seen any roles looking for the Google, Microsoft or IBM cybersecurity certificates from Coursera, but it's a good way to start

hi
so I have just finished my third year
and I took these courses in my collage (networking/security/network security/ethical hacking/Penetration testing/ISMS/forensics), and i still have a forth year and 8 months training
and i loved the forensics alot and the penetration but the path for the penetration is so long
so i was thinking maybe getting better in forensics and at the same time learning small things for penetration for the future ?
and I want to have good skills before I finish my studies
I have started with tryhackme and the path for DGIR but most of it require paying like any sub links for tools or windows Forensics 2 and so on
so i wanna know am i on the right path? and what i need to do
and its worth paying right?
i just wanna know to focus on what and how to study and whats the best to do for these fields

i don't have a thm subscription but its deffo worth it ive learned a bit of everything only with the free stuff

DFIR Diva is a good website if you're interested in that. There are also, and I forget the site, sites that have practice DFIR materials. Like data that you can look through, mock environments, etc

I’m fairly good with computers, Ive built two PCs, actively use windows but other than the stuff I’ve been learning in the Microsoft course there really isn’t anything else that I’v done.

Do you guys have any tips on how to most effectively do a cover letter?

Well I'd recommend you spend lots of time in THM, learning about all the things I mentioned above.You'll need to understand quite a lot about computers and networks and how to manage them

There's lots of websites online that discuss them

Try plotswigger for free

Okay thanks!

Gave +1 Rep to @rugged delta (current: #21 - 391)

hi do you guys think getting the [Google Cybersecurity Professional Certificate] from [coursera.org] is worth getting?

It depends on your level of experience. If you're new, it wouldn't hurt doing it.

Do you have any prior professional experience? A degree?

currently doing that myself since i'm completely new. it's definitely good to learn the basics from it and the certificate may not mean much, but still cool to have. i think they give you like a 30% discount on the comptia security+ exam too if you plan on getting certs

other than that, i'm positive you can learn everything on THM that you learn there. it's more so the benefits of getting that 30% discount on the exam

for comptia security+

here is the new and improved resume

hi guy, do you think "SOC analyst" is a remote job? is it hard to get a job as Soc analyst? and what about pentest? 🤔

I assume you can do pentest remotely, but probably not full time. Most likely just depends on job's requirements. Doubt you will get a first job as fully remote. Getting a job as a SOC analyst is probably easier than pentest as well.

do you think the "SOC analyst" path in THM is enough to get the first job?

the field is pretty competitive as of lately. most jobs I’ve seen require previous experience in the IT field for a cybersecurity role. what they recommend now is sites like THM for hands on experience, outside of that a good portfolio filled with projects. it would also be best if you got certifications since jobs usually require at least one certification (such as the CompTIA Security+)

I saw a conversation mentionning Google Cyber certificat. I will try that one before Comptia. Thank you very much for your answers.
Long way to go 👍

yup just keep it up and try to follow cybersecurity stuff on every social media so you’re always constantly reminded of your goal (tip i use to hold me accountable)

The cybersecurity field is pretty competitive. While the Google certificate gives a little bit of info, I wouldn't spand much time with it and definitely wouldn't spend money on it. I did it in a little over 16 hours around Christmas during the free first week between parties. Better to start with learning some networking, Windows/Linux and go from there.

Cybersecurity isn't an entry level field, though SOC analyst is usually the first role most people start with these days. You do need to have good experience and skills with other IT roles. A lot of people will spend time in IT support, sys admin, QA and programming roles before getting a job in cybersecurity.

i thought about learning programming that targets cyber field (to earn some times) but THM dont have any of theses, so i choose to start Jr Pentester path. Do you know any plateform that i can learn something like that?

which one is better for red teaming parrot OS or kali?

Whatever best suits you.

Windows

There's a lot of discussion of secure coding practices in #programming

@tame tiger Please use the #jobs-board channel to post about job opportunities.

Hi guys ,I am beginner in this field I want your knowledge, tryhackme it is enough to increase my thoughts?

@daring jackal thank you! It was not shown for me

Gave +1 Rep to @rugged delta (current: #21 - 392)

You should verify your account with the above link to get access to more channels

no im completely new only have accouple certs from TryHackMe

thanks ill take a look

Gave +1 Rep to @prisma cloak (current: #2117 - 1)

TryHackMe is a good additive to work experience or a degree. It's not really going to stand on its own. If you're not in a degree program, or any school, and you don't have any professional experience (this does not mean just cybersecurity experience), the recommended course of action would be to build experience. This means getting a job somewhere in the computer industry, IT helpdesk is a common starting point, and progressing from there.

Can anyone give me an internship? I am a beginner looking for work experience, i dont want to get paid , just looking for some experience

You're going to have to look around where you live currently, remote internships are relatively rare. Also you're doing work, you should be paid. If you work for free you not only devalue yourself but also those that come after you.

But i am a complete beginner and i just started and i want to learn so getting paid is the least of my concern rn. But thanks a lot for understanding u touched my heart with your kind words 😿😹

Gave +1 Rep to @stoic cave (current: #17 - 422)

I understand you want to build experience, but working for free isn't the way to do it. Are you in a degree program or school?

Yeah i am in college, but its a shot hole that only focuses on full stack development and doesn’t have any courses for people interested in cybersecurity even tho i chose the cybersecurity field our college ignores us as if v don’t even exist 😿

OK, so you can do some studying on your own. Here on the discord there is the #start-here channel that describes how to get started. As far as internships, don't limit yourself to just cybersecurity. That narrows the scope considerably. You can look anywhere in the computer industry.

Ok thx a lot 🙏

Gave +1 Rep to @stoic cave (current: #17 - 423)

I’m trying to learn Cybersecurity like Ethical hacker red team

hey wanted to know if going for the google cybersecurity cert would be worth it if you already have sec+

it prepares you for the sec+ so i dont see a reason to take it tbh

ahh

ok

at that point try to get into your niche of choice or try to get SOC Analyst skills bc ive heard they’re more hireable / more entry

ok thanks

ofc

should i get a bachelor's in computer science or cybersecurity? my plan is to go for compsci so that way i have a deeper knowledge on programming and how computers work and paralelly study on thm/htb during uni

Hey everyone ! I'd like to do y cybersecurity studies in USA or at least I'm taking info on the subject. But I had some questions : is there only one undergraduate program to apply to a master degree in cyber ( I think it's MSIS ) or is there more ? And the whole things is a bit hard for me ( as a non native ) so if someone want to help me a bit by explaining some stuff then we meet in my DMs.

comp sci would be my choice

cybersecurity masters would state their requirements but basically there is no specific degree requirement for most cybersecurity masters. Meaning you could major in English for undergrad and then do cybersecurity masters.

Only thing with cybersecurity masters in the US is generally you want work experience in the field before the masters

I've seen ur a blog author. Is the a platform you could recommend?

@fast pier

Hey cool. There are individual storys or better can be create 🤩

Just wanna write about my story. Nothing special but maybe someone could find hisself in it. Thank you @cobalt escarp

Gave +1 Rep to @cobalt escarp (current: #6 - 1269)

👍 thanks

Gave +1 Rep to @pseudo creek (current: #15 - 488)

Hey everyone 🙂

i would have to ask some advices on a path that would suit me and how the market is going these days.
Right now the second wave of layoff in my company is starting (big tech), i was doing Storage support the last 7 years, so handling incident, SAN & co, i need to prepare myself that why im seeking advices.
I got the google cyber with coursera and was fun, nothing that difficult, and now im a the point where i need to go for choosing the jobtype, SOC analyst where is would focus on splunk, or pentester with the training path of tryhackme as i find it cool too, what is important for me is that i need hard skills to provide value.

(in addition, i speak english, french(native) and spanish and i can speak to shareholders /VP /customers, got that skill point checked with reporting/incidents /training/workshops & mentoring in the job)

What "team" or job type is more open to full remote ? like if i go to LATAM for exemple and work with US.

I know its a long road and i like learning so no issues for me, but where there is more space for Jr cyber people (onsite or remote) ?

Of course im watching all the youtube gourou's to grab some information's in the middle of the generic stuff, but im looking for some terrain feedback 🙂

Thanks !

well I'll say there seems to be way more people interested in getting into pentesting than there are junior pentest jobs.

I will say that generally SOC will have more job opportunities because there are just more jobs in that area and more open to people entering in cybersecurity.

I will also say as someone who works in the US, the US is pretty strict in terms of where employees can be. Often companies want people in the same time zone, same state / regional area. I will say that the expectation is that you are a US citizen working in the US.

Hello,

Thanks for the feedback, as european citizen that can be an issue so for this part on the plan.

Any specific reason why pentester is more popular ? as SOC jobs seems more accessible in term of hard skills, salary ?

Thanks

Gave +1 Rep to @pseudo creek (current: #15 - 489)

I wrote a cover letter generator.

try {
    if ($argc < 2) {
        echo "Usage: php script.php <resume_json_file> [cover_json_file]\n";
        exit(1);
    }

    $resumeJsonFile = $argv[1];
    $coverJsonFile = $argv[2] ?? null;
    $resumeBuilder = new ResumeBuilder($resumeJsonFile, $coverJsonFile);

    $resumeHtmlFile = $resumeBuilder->createHtmlFile();
    $resumePdfFile = $resumeBuilder->convertToPdf($resumeHtmlFile);
    $resumeDocFile = $resumeBuilder->convertToDocx($resumeHtmlFile);

    if ($coverJsonFile) {
        $coverHtmlFile = $resumeBuilder->createCoverLetterHtmlFile();
        $coverPdfFile = $resumeBuilder->convertToPdf($coverHtmlFile);
        $coverDocFile = $resumeBuilder->convertToDocx($coverHtmlFile);
    }

} catch (Exception $e) {
    echo $e->getMessage() . "\n";
    exit(1);
}