#cyber-and-careers

There are FOSS alternatives to splunk

does anyone have thoughts on including github projects on resume? I have my github and was thinking of including a section that outlines some of my projects

Using an alternative is not the same as using Splunk when you're trying to learn it

You can practice with elkstack/kibana/logstash if you don't have splunk or even if you do, it's good practice

yes i use the splunk one, as its dominating the market i think its the best choice

There is also Wazuh a FOSS SIEM which I use personally

Depends on the job you're going for. Definitely worth it if it includes programming elements

You can, you can also link/put the link to your github on the resume

I tend to include a link to my GitHub regardless. Let the employer go and find it if they're interested

I'm a former developer / sys engineer, trying to break into cyber

I figure I can easily do the role of a cybersec analyst

Cyber is a big space

How much does splunk cost for personal use if that is even a thing?

Same here

what are some jobs in cyber that involve coding and development?

SOC?

I can do that too

I'm trying to get out of coding/dev

I don't mind coding

AI is taking over and within 10 years, AI will be developing most software

I now mostly use GPT for coding.

I do have repos from years before GPT was a thing so I can show I have skills.

Exploit development would be an obvious one. Anything DevSecOps potentially too.
Pen testing often has an element of scripting and code review. Not quite coding, but some SOC roles have you writing detection queries.
There will be plenty of others I'm sure

Source?

Me

Sooooo, anecdotal?

Yes

What I would say, is if that's the case then cyber job security just went up big time lmao

Based on life observations of how new technologies affect things

pent testing / red teaming is where I eventually want to end up tbh

Opinions do not need sources.

Facts require sources

Opinions stated as facts, on the other hand...

Depends on your perception

For which others are not responsible.

Free but less than 500mb of ingest, per day?

Maybe you should have added "In my opinion" here, so there's no confusion

That's something I guess

this is an image I pulled from a resume website. How do you guys think the formatting looks in general?

The difference, for the record:

AI is taking over and within 10 years, AI will be developing most software
Statement of fact.

I believe that AI is taking over and within 10 years, AI will be developing most software
Statement of opinion

It's not a large amount of ingest and Splunk is heavy af

Maybe adding "in my opinion" is just not required for every single opinion. I refuse to do so.

can you derail the Ai conversation into somwhere else 🙃

Everything coming from me or anyone is their opinion, unles sthey provide sources or claim it as a fact, which I did not.

Please don't get into another argument.

Thank you.

Then expect to be challenged for spouting opinions and passing them off as fact. Welcome to communication101 🤷‍♂️

You're quite confrontational.

You're also wrong

I just want career advice, can both of you take this to the relevant channel

thanks

And you're making me uncomfortable and feel attacked

shut up ,fuck

ok

done

every single day it's somoene arguing about soemthjing

stop soapboxing

ditto.

I'm not soapboxxing, I'm trying to get help / advice on something that's actually relevant to this channel.

You on the otherhand, are not.

learn go use ignore and stop cuirsign at apeole

Kindly, fuck off.

this is not how to behav ehere.

I'd say that's reasonable, personally. Good use of space. Good use of bullet points. Short, snappy. Should keep interest

@cobalt escarp we have soemone here cursing at me

Yeah I'm just trying to make sure I describe the relvancy of my project correctly in a small frame

Alright please step away if you’re getting upset

@cobalt escarp last time yhou asked me to tag you

This is abuse.

You mind scrolling up a bit for context? This guy is derailing the channel and picking fights.

You need to stop abusing people.

Hey you can step away too

Sure, but I am not the one out of line and/or cursing. Diagreements between people are fine, but he's is cursing and being antagonistic.

What I would say is maybe don't put it in as work experience unless it's paid.

I have a few cyber projects and one very large ML/AI project

Yeah my work exp is my last job as a dev / engineer.

But in terms of describing the work you've done and the purpose of the project, that's a good way to do it imo

alright, thanks.

Doesn’t matter, if they’re antagonising you, please just step away as responding will only make it worse

If another moderator doesn’t deal with this before me, I’ll be back to handle it.

Pick one or two especially relevant ones to highlight. As long as you link your GitHub they can retrieve the rest if interested

Please don’t interact with each other for the time being 🙂

So I can curse at peopel too
?

Cursing is fine ?

Please clarify

That's true. I've written a trojan horse using a hash collision, I'm writing a CLI wrapper to bundle some tools together and send a report. Also have a large amount of ML / AI work, a discord bot for funsies

Apparently cursing is fine here.

Wow.

I had no idea.

No reprecussions.

I think the Trojan Horse I've written, as well as the large AI/ML project are the two I should highlight.

The hash collision sounds interesting
AI/ML is a hot topic too. Do those projects have direct relevance to cyber?

It's md5 don't get your hopes up.

For what did you use it?

@cobalt escarp please clarify cursing at people is allowed, since @thorny light was able to do it and have no reprecussions.

:mute: hcb420#0 has been muted.

The AI/ML is actually 4 projects in a single repo, it was a school class on AI/ML.
The trojan horse was also a school project

Torjan horse is very basic; using a hash collision to impersonate another program

so I didin't use it on anything

@cobalt escarp ty

Gave +1 Rep to @cobalt escarp (current: #6 - 1271)

A signature hash collision?

what do you mean signature?

What were the inputs for the hashes?

Since you're a community mentor I feel comfortable linking you the direct repo, on the grounds you A. Don't give out my github name and B. Don't share it elsewhere.

It's actually two programs, to show that there's a hash collision.

Ah, gotcha 👍

@undone shore I've DMed you the repo.

You might have to check your message requests.

Those look cool!
Given they're projects for university/college, is it entry level roles you're heading for?

I think? I'm not quite sure where I fall on the "entry" level spectrum for cyber. I've heard some people describing basic IT/tech support as the "entry level" but that's below where my skill level is currently.

I have a degree in CS, Sec+ cert

experience as an engineer / developer

That should be enough to go for junior pentest roles. Should definitely be enough to go for SOC roles imo

okay, I'll look into that. Thanks!

oh- how should I "sell" those two projects?

Depends heavily on the role imo. For a lot of the things you're likely to go for I'd suggest only including the ML one and pushing it more in the direction of "I understand how machine learning works and therefore can help break it"

That's for the offensive side obviously

I can also sell the ML as "I can learn complex high level theory" as some of the math for that course was hard.

That's not necessarily what an entry level cyber role will be looking for though

true, In my mind it is a way to show off my intelligence and my ability to learn hard material. Is that not what a recruiter would read it as?

Yes, but that's not necessarily what they're looking for

lol oh

There's a massive difference between academia and real work, as I'm sure you're aware. Academic smarts don't necessarily translate over into being good at pen testing, or as a SOC analyst.

yeah

In fact, making the point that you're very smart with theoretical concepts could actively hurt you in that regard, unless you can also prove that the aptitude also translates over into the responsibilities of the role

hmm okay

can you elaborate on that just to make sure I understand you properly?

This

For example, both of my parents have PhDs from a Russell Group university (roughly equivalent to an American Ivy League, but older). At different times in their lives they've both struggled to get practical jobs because recruiters are afraid that they won't be suited to the tasks they'd be asked to do.

I was denied entry level jobs between jobs because of my degree

same idea as that right?

Even aside from the practical ability to do the work, there's also potentially the concern that you'd feel overqualified and either be an absolute dick, or leave very quickly.

Yes, exactly

recruiters will either think I'm going to waste time because I'm only there a month, or that something is fundementally wrong with my socialization.

Something like that, aye.
Which is why it's important to focus your CV on the skills and experience which are most relevant to the role

Gotcha okay

nvm here we go

I should probably add the language

(Python) for both

I'd call that something like Personal Projects or Background Projects

Then link GitHub with your socials

done

Github is up with my socials

Maybe less of the word vomit with the AI one as well. Couple more bullet points (as in, split up the big sentence), and don't list a stream of topics. If they're interested they can click the link and go look through the README

If you're putting in the collision project as well, I'd call it something other than Trojan Horse in this instance -- focus in on the research aspect of the project. You wanted to learn more about hashing algorithms and hash collisions therefore you implemented x,y,z

In both instances, tailor it on a per-job basis as well. Think about which (if either) are relevant to the listed desirable experience / attributes and update or remove accordingly for that position.

"Hash Collision reasearch" maybe?

Aye, exactly

and I should decsribe that as something like

"Basic programs showcasing an attack vector using an md5 hash collision"

This looks a bit better. I don't like the way the 2nd bullet sounds on my ML project

"Covering" if you're going to keep that bullet

Covering a range of topics from search algorithms, ML techniques, to data modeling if you're going to keep it

You can also do more of a paragraph structure instead of bullets here, imo

I have a little bit more but that kinda ran on

do you have something more concrete in mind for a paragraph structure? You've also mentioned "if you're going to keep it" a few times, do you think I might not want to keep that project outlined?

I took "I don't like the way the second bullet sounds" as you potentially removing it

I'd go for something like "Topics include:" rather than covers

That should solve both issues there. Keeps it nice and succinct as bullet points and reads as a complete point

ahh

I like that

I have it written as:
Topics include: search algorithms, ML techniques, data modeling and more

I don't think I want to include every topic (I'm fairly sure I don't have the space)

I also don't want to just list algo / ml tech / data modeling because there's more depth than that

Reckon that's for the best

Okay resume is done, I'm very happy with where it is now

I have a program manager for cybersecurity at a large company that gave me his email to send him my resume. May I have some tips on what I should say?
Subject line: [Name Resume - position he met me at]
Dear [name];
I am [name], the [current position] from [company] you had talked with on site. I hope this email finds you well and your recent proposal project went smoothly.

I am very interested in cybersecurity and would love to start my career in cybersecurity with [company]. I have 1.5 years of experience as a systems engineer/software developer when I was working with [company]. I decided to transition to cybersecurity because I found a lot of my personal projects with cybersecurity were a lot more fulfilling and engaging than what I was doing for work.

I think I'd be a great addition to your team and would love to talk more about which roles I fit in for.

.

true, In my mind it is a way to show off my intelligence and my ability to learn hard material. Is that not what a recruiter would read it as?

Got it

hi

Are there any good alternatives to A+? Or do employers always look for either of the Comptia Trifecta in a resume?

A+ is good for a help desk position, it depends what type of position you are going for. Like CCNA is good for network position, the various cloud certs are good for cloud jobs

I'm going for a help desk position and am wondering if there are any alternatives for A+

there aren't a lot of certs out there that cover the super basics that would be wanted for a help desk job

I can't think of a specific one

Would the Google IT Support Professional certificate from Coursera help?

no, its pretty basic and it isn't a certification

Ohh

I think i might've wasted my money then

How much was it?

Its just 59 dollars usd i think, its alot more in terms of aud per month

I mean atleast you learned new stuff

Employers wont acknowledge it, i mean they've been using ai to filter out resumes (or so ive heard)

what are the methods to inject virus into the pc ??

claiming that you get free robux if you run FREE_ROBUX.exe as administrator, then sending it to people who are interested

guys lemme know ur top 3 movies and web series

its gonna be interesting

my guy, please read the purpose of this channel.. it's not for meme and random off-topic 😛

okk .. i understand ..

https://discord.com/channels/521382216299839518/787737943364075540

I think that would be the channel for that

yeah sure .. we need to discuss that too

Hi everyone,

I'm applying to a job that requires siem experience (splunk) as well as experience with investigating incidents. I am currently in the process of doing that on try hack me.

What is a good way to show this on a cv/cover letter? As in which section should I put it on and how?

I also don't have work experience so that's why I'm considering putting this on the cv.

I would probably put it as a skill but maybe with a rating of 1/5 or something, then explain in the cover letter that I am eagerly learning more and more and active on this and that platform, studying that and this skill and such. Personally I like working with people who enjoy studying and improving their skills in their sparetime

Nothing kills my mood more than when a person says "I don't know that skill, so I need a course paid for by my boss if they want me to know it"

that's completely missing the point, IMHO...

Do you think it would be a good to put in as an achievement, or in the experience section and just briefly write it as a skill in the skills section.

do not give ratings to skills in a resume

It wouldn't hurt to put in a personal development section and mention it there but I'll say whats in THM is scratching the surface. Splunk has some free training on their website you could use as well

Thank you

Why not?

because its very subjective plus basically anyone who is entry level would have a skill rated low. Say for instance in a rating 1 to 5, 5 being the highest, I'd expect someone to have a decade of experience / leading team in that area / true SME

I've seen many resumes where someone rates themselves high in an area without having any real world experience, which makes no sense

That's an opinion and I respect that. My opinion is that it helps the reader gauge where the persons strong sides are and weak sides are. If somebody said they are a 4/5 in Python, and I happen to need Python skills in my team, I would ask questions to try to figure out "what a 4 actually is". Knowing that, I can guestimate what to expect when they write "SQL: 2/5" or "SIEM: 5/5"

But what if your

4/5 for python, is different to my 4/5 for python?

well like I said:

If somebody said they are a 4/5 in Python, and I happen to need Python skills in my team, I would ask questions to try to figure out "what a 4 actually is". Knowing that, I can guestimate what to expect when they write "SQL: 2/5" or "SIEM: 5/5"

if someone said they were a 4/5 in python, and I didn't see real world experience, I'd say they are overestimating their abilities

i ask very different questions for someone who says they are 5/5 in python vs 'they know python'

Yes, and that is an indication for where there skill levels are in the other skills which may be rated lower or higher

Would just seem like a waste of time for the employer to look through x amount of applicants who place ratings beside their skill list.

also it just takes unnecessary space in a resume and really doesn't add anything

I dunno, I enjoy it for that reason...

if someone says they are 5/5 in SQL i would absolutely expect them to be able to explain relational algebra and how to decompose queries for optimization

it adds a lot of value to me when recruiting people for my team and reading resumes

again: I don't use it to figure out who is good or bad in a skill, I use it to figure out how comfortable they are in the other skills

recently a candidate my team interviewed did that and vastly overestimated their skillset with the ratings. it actually cost them the job, because it set the expectation of what they know and can very much not in their favor

we have to do self evaluations of skills now (have to is a strong word) but for each level, a criteria is specified to judge against and we still find people overestimating their skill

I don't disagree that it's bad to take the ratings as the truth and in comparison to your own perception of what a 1-5 scale should measure

I've never seen anyone submit an actual skill scale on a resume for any of the jobs I've been involved in the hiring

because it's so subjective, i don't like to see it. i would prefer a candidate explain waht they actually did as part of job or coursework, and let me calibrate my questions from that instead of the question trail to mt doom

but just looking at a resume, you can kind of figure it out

I'm just saying it's a good way to evaluate the full skill set if for example somebody lists:

• Python: 4/5
• SQL: 2/5
• CI/CD 1/5
• Java: 3/5
• JavaScript: 5/5

If you think the set of skills look interesting and you decide to interview them, but they in turn tank, completely your questions related to Python, chances are that their skills in SQL, CI/CD and Java will be lower and that a JS of 5/5 is a gross exaggeration

You don't use the numbers to find senior people

you use the numbers to figure out where theire strengths and "opportunities for improvement" are

why is a non senior person putting 3s, 4s or 5s on a resume?

Because they're in the very beginning of the Dunning Kruger scale

I'm just saying, I disagree with its usefulness. Like juun, I like to see them explain how they've used a skill on a resume

and are in fact not very experienced

so basically they are putting useless numbers

that's fair and this will paint a better picture of where their skills levels are -ish than a fluffy number, but to disregard putting a range just because "you don't like it"... 😛

they're not useless

they indicate level of comfort in a set of skills

as a resume reviewer, it would be useless

you can compare the useless numbers to one another and suddenly they're no longer useless

I disagree 😛

nah I'm gonna disagree

as a senior, I don't even have a skills section on my resume at all

I've explained how to use the numbers to your advantage, you're responding with a "I think they're useless and disagree with you" 😄

IMO comparing useless numbers to other useless numbers does not result in usefulness. It's like knowingly using bad numbers in a bayesian analysis

estimation of workload in agile project management is based on comparing useless numbers to one another

some people call it "T-shirt sizes"

These are "T-shirt sizes"

¯_(ツ)_/¯

even agile project management numbers have a basis of estimate. We generally have some criteria for those numbers to give an idea of what to put

Yes, you find one work item that you all agree is a "size medium" and define it as "medium"

but how much is "medium"?

It's a fluffy number that can be used to compare with other fluffy numbers when it comes to "is it more or less than the baseline?"

we have criteria for what makes something xsmall, small, medium, large

Then you're doing t-shirt sizes wrong

they don't relate to days or time

You literally pick one task that you all agree is "medium" then use that as the baseline

it's not bound to time

I didn't say it was a strict criteria but its something that is used so that the numbers aren't random

Python: 4/5 isn't random either

like I said, much like we do self evaluations, we give people criteria to base things off of

4/5 means "to the best of my knowledge, I would say that I am quite comfortable in this skill, however with that in mind that I cannot evaluate myself based on criteria I do not know exist"

I'll also say I'm not the biggest fan of skill sections that are just keywords in general

3 is less

1 is even more less

5 is better

and an effective resume would have enough details to provide context for how skilled someone is in a certain area

we're not talking about what an effective resume should contain though... but yes... it should...

you aren't going to change my mind, I'm not going to change yours

so tell me this... we both agree that if we look at two people's skill sets:

Senior:

• Python: 4/5
• Pentesting: 3/5
• SIEM: 2/5

Junior:

• Python: 4/5
• Pentesting: 3/5
• SIEM: 2/5

we both 100% agree that they are not at the same skill levels.

100%

look, again, you aren't going to change my mind, I think this line of discussion is useless

But couldn't we also agree that in both of the cases, they are both more comfortable with Python than with SIEMs?

No, because numbers mean different things to different parties

is 4 not a higher number than 2 in both cases?

But it's not an agreed upon scale

What does that matter when we're talking about evaluating the comfort levels of skills?

The only scale that should matter is the one the candidate used to self-evaluate

Again: the only thing you can use the numbers for, is the evaluate which skills are stronger than the other skills

But self evaluation doesn't matter

That's a flawed system

Here's another way to put it:

Python: 😄
Pentesting: 🙂
SIEM: 😓

Or or

skills: Python, Pentesting, SIEM

And the business asks questions to gauge potential hired aptitude and see if the candidate is actually at the level they're looking for.

Sure

that's also valid

It doesn't invalidate the other thing though...

But it does because it's not an accurate measure in any way

It's a gauge

Nobody is on the same scale/page

that doesn't matter

Scales only work if there is an agreed upon metric

You can't compare Story Points between Scrum teams either - it doesn't make sense to even try, because the SPs all have different baselines

but that doesn't mean that using SPs is useless

on the contrary it adds a lot of value..

But an expert in python may put 3/5, because they know how much they don't know, while somebody who is actually less knowledgably may put 4/5 (Dunning–Kruger)

correct

Nobody is saying that the numbers are in any way an accurate representation of a skill level on a fair scale

Again:

Senior:
Python: 4/5
Pentesting: 3/5
SIEM: 2/5

Junior:
Python: 4/5
Pentesting: 3/5
SIEM: 2/5

Does this mean they're equally good? No of course not.

But it means that both of them thnk they are much better at writing Python code than working with SIEMs

it might very well be that the Senior's "2" would be the same level as the Juniors "5", we aren't able to tell

But we can tell that they both believe they are btter python developers than SIEM users

and THAT is valuable knowledge

at least to me... seems like a lot of people disagree

(Ps: I once read through a CV that had listed a full page of skills as "expert level" with one-line explanations of why that was the case. I threw it in the bin."

so basically, if they hadn't put expert level, you would've looked at it

so seems like a stronger case not to rate your skills on a scale when submitting a resume

You can't ignore my comments that peel your argument apart and then strike back with an extrapolation like no other 😛

If you wanna agree to disagree that's fine

The saying "Don't measure others by your own yard stick" and similar phrases didn't come from nothing though. It's the same principle: your own scale is not the same as another persons own scale, the only thing we can take away from it is how comfortable they are in certain things. Similarly to how somebody in here can say "I'm so bad at XYZ" while in fact they know more than the beginner who just joined.

For the applicant perspective, I would only include strengths and not include a numbering scheme, as a 2/5 can be perceived by the reviewer as a negative. If you're inclined to add things you are familiar with but not an expert, briefly mention familiarity without putting a number to it. Part of a CV is accentuating your strengths. 🙂

would anyone be willing to do a quick review of my cv please before i submit the application

Verify your account, post a screenshot and somebody will get to it.

Sorry, what do you mean by verify account

Sorry it looks like this because I took screenshots from my phone on Google docs

Hey

Want ro thank everyone who helped me with my resume

First bite!

Woohoo! 🥳

Ty

awesome

Hello guys

I am new at the cyber world

Can any one help me with the road map for a better carrier in cyber field

no problem

https://github.com/Hacking-Notes/Hacker-Roadmap

follow this from the beginning

like from the hobbyist

even though u want to go to the certification

start from hobbyist

Thx bro

Gave +1 Rep to @plush otter (current: #2122 - 1)

Hi, I'm a student in junior high and I want to enter cybersecurity one day :P (For the questions below, Im sorry if my grammar is bad, Im still learning English)

What is the best degree in entering the field?

What can you get in a Computer Science degree that you can't get in a cybersecurity degree? And vice versa.

Hey everyone, I am a software engineer and have a BSC in computer science,
i am mainly interested in Malware Analysis as this has a lot of overlapping with coding (which is my job)
do you think that learning from TryHackMe would help me land a job in the field?
are there any other requirements? Thx!

Hey guys im interested in cybersecurity, is #start-here with enough info to start with?

That looks jacked up.

@warm hinge it's from the phone that's why

I mean the qualification is pretty good.

I am interested on how your resume look.😄

how is bachelors in csecurity in usa?

Wow I am like reading pretty good resume here I just wonder if most of the competitor are like this.

I am like year 4 applied math student now and my qualification is not as nearly as good as you guys here.

My resume is nothing good compared to others

Oh I see it is great.

Thank you

Gave +1 Rep to @fleet aspen (current: #2122 - 1)

I think like you guys already got great starting point when choosing degree, For me I am regretting doing my degree. All I know is mathematics and no real application that is demanded in industry.

You can still transition into Cyber security

Sure but it seems like there is a mountain of knowledge to learn and I got 1 year timeframe to do everything. 😆

Right now I am year 4 and just beginning to learn computer science core and cybersecurity. I have done some app projects but still it means nothing.

hello everyone!

this side piyush i am the beginner and i want to learn more about cybersecurity and ethical hacking

If you got any tips to transition into cyber security I am all ears.

please tell me

how can i get into this

how can i start

?

I am not expert on this matter but you might get some info in pins in other channel.

I'm not an expert. From my experience as a fellow cybersecurity enthusiast I can say -
Learn
Basics of computer
Programming
Networking
Web & protocols used there
to start with..

i done that programming and basics i am working as a IT manger in park group of hospitals but i have to learn more and getting more knowledge.

can anyone give me the best advice for this how can i grow more

Idk if you can find expert on discord may be you can try finding a expert mentor on linkedin and take advices.

you can start with what @meager stratus mentioned

That I am already familiar with. 😁

I was actually going to ask you about your process, but you've already covered it. Reading about your approach helps me navigate uncertainty, especially since I lack experience in the outside world. I was planning to follow the same steps you outlined, and it seems to be a promising strategy. Thank you for sharing this. Your guidance means a lot to me. Have a wonderful day! 👍

Gave +1 Rep to @somber kelp (current: #1409 - 2)

Ty guys for your elaborated comments! indeed very helpful!

anyone up for some BBP collab on bugcrowd/hacherone?

Bachelors Degree popping up in a help desk job posting is just an HR wishlist right?

depends, lots of people are applying, its one way to filter out people. I'd still apply

hey guys, is it possible to find a job in this section without a degree?

possible??? yes
easily doable???? depends

how doable would you say it is? And why would someone prefer the risk with someone without a degree?

it is easier to get your foot in the door if you have a wide network of people you communicate with inside the field

and then mostly in the soc analyzt sector

certification from companies like comptia and offensive security can also increase your chances

I can pay if you can break it

Sorry, that's not the openbsd.sh

@quick forum @broken idol ⬆️

how much time you think you need to dedicate in order to land a job as red teamer lets say

depends on how close and good relationships you have with people in the industry and if you have any certificates or a degree

how do you make relationships and connects in this section?

attend conferences
go to hackerspaces
talk with locals about your hobbies
try and find relate hobbies like HAM radio

go to the local church is also an option

xD

thanks for the answers

you know any online place that people need ethical hackers? As freelance(just to test the site)?

¯_(ツ)_/¯

nevermind, thank you a lot for your help!

I see I got some warnings, "borderline blackhat (illegal) hacking of government things" but I do this on behalf of the Norwegian government and NATO.

In coordination with the Secret Police www.pst.no.

The IT-infrastructure here is very weak. But I want to design a new system, inspired by my mentor Jeremy Evans who designed the IT-infrastructure of the Government of California.

You did, yes.

I suggest you drop it though.

I'm an OpenBSD developer trying to secure my OS:

You could be the president of United States, we'd still ask you to drop the subject and not discuss it..

https://www.tiktok.com/@johhaaaaann/video/7375736163211939104

But I'm related to two presidents

irrelevant.

I remember as a teen I was an organist, at my peak I knew https://www.youtube.com/watch?v=dkQrj-eEs-M by heart

Church organs are awesome, the way the sound goes through your flesh and bones

It's the king of all instruments

🙏

and each organ is unique

it is like playing a building

I hope you're not violating any government contracts or non-disclosure agreements 🙂

anyways think this is off topic for this channel but oh well

unless you are presuing a job as a church organist

Jabba: It's all good!

lol

No, I found Ableton Live instead and crazy stuff like https://www.youtube.com/watch?v=xCSp0a51mvg and https://www.youtube.com/watch?v=tvSBF5nN-Kg 😁

As for my Assistants:

• Attorney: Assists in legal matters, providing insights and strategies for court cases.
• Doctor: Diagnoses and recommends treatments based on patient symptoms and medical history.
• CovertOps: Conducts psychological operations and campaigns using AI-powered tools.
• Parametric Architect: Implements parametric designs using advanced algorithms and renders ultra-realistic parametric shapes with Mittsu.
• SEO Expert: Analyzes and optimizes SEO practices using advanced strategies.
• Web Developer: Conducts web development analysis and applies advanced web development strategies.
• Real-estate Agent: Analyzes real estate market trends and applies advanced real estate strategies.
• Stocks & Crypto: Conducts market analysis for stocks and cryptocurrencies, creating autonomous agents for investment strategies.
• Neuro Scientist: Analyzes the latest neuroscience research and applies advanced neuroscience strategies.
• Material Repurposing: Analyzes material repurposing techniques and applies advanced repurposing strategies.
• SysAdmin: Conducts system administration tasks with a focus on OpenBSD, leveraging comprehensive manual scraping and indexing.
• Mixing & Mastering: Faithfully recreates the rich warm sound of legendary analog equipment from the 70s like Neve 073 Preamp/EQ, Universal Audio LA-2A Compressor, Pultec EQP-1A Equalizer, SSL G-Series Bus Compressor, Studer A800 Tape Recorder.

Hope it's not too much.

What is this guy talking about

Do you think its possible/common for someone to land a Junior PenTester role if they have the eJPT?

Without a degree or professional experience? Uncommon to exceedingly rare, at least in my opinion.

Ok good to know. I have a bachelors in business and am currently a network engineer

but i doubt those would help much

in the grand scheme of things

Pentesting is not an entry level profession within the cybersecurity field.

No, the network engineering will help

What job position would you recommend one get before pentester (if thats the end goal of mine?)

Network Engineer -> X -> JrPenTester

You have a degree, which is a checkbox (kinda dependent on org) and you have professional experience in networking. Do you do any security as part of your role?

Firewall management/ACLs, VPN management, phishing campaigns, and security awareness training for clients

That's about it

Tbh, I would make sure your resume is squared away and then apply

My MSP outsources it's security to an MSSP

So I can't lateral into more cybersec duties at my current job ):

Really?? 😮

I can't really speak from a field change perspective, but i think you're close enough that it's not really going to matter? Others have a better perspective on transitioning to Security from different fields. I've only been in Security.

Anyone else have an opinion/advice?

I'd love some insight too. I'm non IT and have been thinking about a transition into the space. I like the idea of getting into pen testing myself. Would be willing to take on certs and build professionally on my own time. Wouldn't be able to go back to school though 😦

Same

I’m new to it all but just based off what I learned is available I imagine maybe vulnerability management or InfoSec? I do agree with Did You Google? And get your resume squared away and use GPT for some guidance on key wording your resume to tailor pentesting positions you’re applying for

Yeah, don't try to hide weird prompts or keywords in small, white font in your CV, hoping that the AI system that all companies use and 100% rely on will flag you as a high-quality candidate.

🙈

What insight are you looking for? Just being active on a platform such as this is a really, really good start

So as has already been pointed out, a pentesting job is not a beginner's position in cybersecurity. It's good that you have a history of sys/network admin and some security admin as well. While eJPT is a good starter, it isn't considered sufficient knowledge/skill to be a junior pentester. For certifications, you should aim for Security+ for the basics, CISSP for professional accreditation (5 years experience required), OSCP is the most widely recognised junior pentesting cert. On top of these you will need to be passionate about learning and keeping up to date on new skills, tools and techniques.

It's a highly involved profession requiring you to be on your game. There are other certs like the TCM PNPT, HTB CPTS, ZeroPoint CRTO I & II, Altered Security CRTP/CRTE and others to help you learn and develop other skills. You might like to participate in CTFs. PicoCTF is a good source to learn lots of cool things in that area. There are loads of resources online that hackers frequently use/consult to develop/learn new skills. You might enjoy these two related articles:
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

Regarding ways to transition into cybersec without a formal degree \ pursuing a career change

You don't need a degree to get into cybersecurity. Starting with THM is a good idea. You should read the Tribe of Hackers books. They're generally about $15 each on Amazon

I did hacking as a hobby instead of watching Netflix or playing games, then I got rather good at it and applied for a job

Did you end up getting one?

I'll take a peek at those. Thanks!

Gave +1 Rep to @rugged delta (current: #21 - 395)

yes, but turned out I was way over-qualified. It was an entry-level SOC position but I applied after getting my OSCP cert lol

spend about 10 months there (was a chaotic department slowly falling apart so I quit in the end), but rather quickly I was one of the seniors in the team, minus the title prefix

went on pentest gigs and was responsible for multiple bigger clients and such

it was fun at first, but turns out rather mundane and "more of the same" rather quick

(...so I went back to DevOps)

Ah. I see. So do you just hack or do the exercises for fun?

I haven't done much on THM yet, but in the last month I've done a few of the CTF Challenges

it's mostly for fun though

Can someone tell me the difference between IT-Secuity and Cybersecurity. Ican't dedcide which major i should choose whats your recommendation?

The two terms are used interchangeably AFAIK. This is the first time I've ever heard of that not being the case... hmm.

Do you know which courses are covered in the two majors?

(a third term often used interchangeably is "InfoSec" (Information Security))

I can't decide there is cybersec, IT-Security and Information Security

If they are separate courses, there's probably a lot of overlap in them. You'd need to delve into the course makeup for us to help you, and you should also tell us about your skill level and what you want to pursue

Hey nice ppl. I'm on thm since a couple of months and I do enjoy. In april i made my first hack in to gov.
Now this week
I'm talking with ppl who want to bring me in their business. company.
I did not expect this so soon.

Hope to hear from you if you feel free for a call or message.

What?

@broken idol

Uh

This type of discussion is reserved for the advanced channels. You would need to verify and pass certain criteria:

https://help.tryhackme.com/en/articles/8671900-discord-what-are-the-advanced-channels

how to learn about hacking ?

can anybody tell me that

#start-here

do certifications from the site have any actual value? Will a company take notice of it?

TryHackMe does not provide any certifications.

TryHackMe does provide certificates upon completion of the material, but certifications and certificates are not the same.

thank you bro

i started

any other recommendation

like book or youtube playlist

any suggestion ?

i not have a idea
currently i know basic of coding and computer
not much

so any advice

did you sign up at TryHackMe and start going through that content?

If not, do that

If so, stick to doing that

i started

from today

Well there's lots to learn about. Cybersecurity covers a lot of ground. Havig a coding background will be very beneficial in a number of cybersecurity roles. Knowledge of Assembly, C, Python, Java and other languages, bash, powershell too. And secure coding is a very important aspect of the software engineering process these days in a lot of organisations.

On top of this, knowledge of Windows, Linux and other operating systems from a technical and administrative level is very beneficial. Active Directory, networks, web servers and web applications. Using THM to learn a lot of these areas is very beneficial, alongside the range of skills a cybersecurity infrastructure in an org might have. There are a wide variety of roles to learn about and there's loads of walkthroughs, paths and modules to guide you along the way

okay i will focus learning this things

thank you for responding

Gave +1 Rep to @rugged delta (current: #21 - 396)

Take your time and enjoy the journey

yeah sure buddy

Hello friends, I want to make a cybersecurity career which Assembly language comes into play. I want to have deep knowledge about manipulating hardware and OS(Linux), which career path would be good for me? Binary exploitation and malware analysis sounds good but one is offensive and the other is defensive. I want to get some certs but I am not even sure that I am blue or red. I think I am both. I am also interested in Linux, IOT and Mobile phones.

Done!

Don’t worry about blue or red teams as they should be supplementing one another. The end goal is to have a better security posture. This can be through building better detections, understand TTPs better, fix vulnerabilities or gaps in the system or process.

Hi, i want to see facebook private accounts friends? Is this possible?

from your acc or from others

others

@broken idol (again, sry for the ping) idk if this applies here

No, that would defeat the purpose of being private..

sry for the ping agian

cant let you live in peace huh

ok

Hey i am a student can someone give me advice on this I have previous bug hunting experience and CPTS (htb penetration testing specialist) I can either go for burpsuites WAPT cert and then oscp and ofcource keep working on my articles and making python tools along the way and try to get a job in offsec which people say is very tough to get or having this offsec knowledge start learning SOC analysis and go for a defensive job i only have a year left to complete my degree after that I'd have to get a job

Are you able to look for and get an internship like now ?

I can get an internship but that would be paid I mean I'd have to pay for that is that alright

You would need to pay for an internship? 👀 What kind of crazy arrangement is that

I'm asking because the whole "having to find a job with nothing but your education and some certs as soon as you graduate" might take you a bit of time....... so having an internship that might even offer you a fulltime position when you're done, or that will at least give you an edge in terms of work experience, that's very nice

Ya my gmail is kinda filled with these kind of offers😅

I can do an intership after degree as well you are reffering to offsec right?

How much does an internship cost?

No, I'm referring to the fact that it's very hard to compete in a market of fresh graduates, if you're up against, say, 10-20 other graduates with the same experience as you but who also has been working part time for 2 years (in a relevant field - not at Mickie D's)

YMMV of course and it's definitely not the same situation in each country

It's cheap I can get that starting rn, i know no one give an exact answer to this but having the certs I mentioned the internship experience my bug findings the CTF history, my coding projects and my articles will I get atleast get selected when I apply for entry-level interviews in offsec

There's no way for us to tell. Most likely. Which country do you live in? Are you native to that country? Do you live in an area with lots of opportunities or in a rural area?

I'm from India I don't know but i think there are IT oppertunities here but vapt is a very small niche and kinda not being taken seriously here

They're scams, don't pay for an internship. They should be paying you for doing the work.

Does anyone think a masters in cyber security is worth it

it is only worth it if you already work in cyber and are looking at higher level positions (management / lead)

What about doing early in the career, for example looking for a 1st role. Would it increase the chances of getting a job

✅

Eh, the problem is most people in cyber jobs, really just jobs in general, don't want to go back to school

I believe its best to just continue with school, if you can, all the way instead of taking stops

no, it could potentially even make getting your first job harder

also as someone who has studied multiple master degrees, I'll say college programs in general, are slow to update with technology. So technology is moving every day but colleges can be 5-10 years in the past. If you looking to break in or sometimes even progress, a degree isn't generally the best place.

really ?

okay

reason being, at least in the US, lots of companies have a pay structure that pays you based on experience + degrees. So if you have 0 experience + degree, they may have to pay you more than someone with experience and no degree... so they rather not hire you

ok now i get it

it isn't taking a stop, master degrees aren't required. Also lots of companies, at least in the US, will pay for your master degree. I know a lot of people who work in cyber who got their masters after starting work

How comes?

read above

Oh yh, I see that

Ive helped quite a few people break into cyber and usually if they aren't getting interviews and their resume otherwise looks fine, I tell them to take the masters off their resume, then they start getting interviews

I'm being advised by many people to do it, I'm hesitating to say no, and feel I'm being pressure

in india

as much i know there is not a degree for cyber

and if you done some certificate it will can help you to get job in other country or big company but not in small one

that what i know so maybe it can me wrong

are these people currently working in cyber?

What can I tell them @pseudo creek

wow

No

I'll say I don't know anything about India's job market

then I'll say there is your answer. Lots of people think "more schooling = job" when it doesn't

BTW @pseudo creek could you please check this and let me know how it is

ok

i also heard from youtube video

I can send a proper version if you want me to

thats pretty painful to read. Can you send screenshots from a computer instead

brother i think nowadays company see project achivement you have not degree

Sure, np

bro i invest 3 year and my college only teach me basic in coding or about computer
and that info will never help me to get a job so

try to learn on your own
not focus on degree
focus on knowledge you get, that will be useful

@pseudo creek

is it better now, or should i send a proper pdf/docx version?

that's better

Looking for someone that wants to collaborate on learning and bug hunting (I’m wanting to career switch into OffSec). I’m 615 hours (one year) into learning from zero. Looking to kick it up to 30hrs/wk and want someone with similar motivations and background to grow with in this field.

DM me!

Thanks for your answer. Let's say I want to be a malware analyzer, how would offensive security certs help me? I am checking offsec and HTB and seeing that there are extensive offensive security cert programs but when it comes to defensive, there is only SOC cert program and it seems simple compared to pentesting programs.

Gave +1 Rep to @dense dagger (current: #22 - 381)

You'd need more than just certifications. OffSec certifications are also expensive now and not really meant to be purchased by individuals. They've stepped into the purchased by companies for employees price point.

If you have zero professional experience nor a degree, I'd focus on obtaining one of those first.

I am trying to choose the good learning path for me. I worked as system administrator and application developer in the past.

Oh ok

Not freelance, right? Like actually employed by an organization?

both. But I want to do somethings that requires deep knowledge about computers, maybe electronics

My point still stands with the OffSec offerings, they are too expensive for an individual at this point. I have heard good things about MalDevAcademy, price point is not bad either.

I’d start with Open Security Training. Its free and has deep dive courses on computer internals and reverse engineering.

Then you'd likely need to go to school and get an Electrical, ECE, or Computer Science degree

I have premium tryhackme account too. But I want get some prestigious cert to get job easier also. But I even could not find which certs would be good for malware analyzing job except fundamental SOC

Gave 1 Rep to mknukn (current: #22 - 382)

don't count on certs to make job hunting easier. The certs that are worthwhile for that are not going to be accessably priced.

guys should i do a+ and sec+ OR google cybersec cert.

I’m also working on a general cybersec certificate through an institution, that’ll be completed next year.

So did you mean they are too expensive or accessible only for people who have some priviledge? Would be good to check if there is any example of that.

Too expensive.

Certs are also primarily a way for the business to demonstrate expertise to auditors; you get hired on your work history and knowledge, a cert is, at best, a gatekeeper.

Any example?

SANS, OSCP, etc

If you are just getting started in industry, the goal is to get hired, not spend thousands of dollars for a cert that won't qualify you for the job by itself

I was thinking that I need to get cert in any case.

Look at the jobs in your area, and see what the requirements are. There is no reason to spend several hundred dollars on a certification if it's not required.

I was thinking about to go for any kind of Offsec cert already but none of them descirbe my goals. I want a cert that proves I am so good at malware analysis

That said, if higher education is available, that will often take the place of an entry level job in terms of knowledge base and other skills.

No cert does that.

Do you currently work in IT?

I worked as system admin and application develeper already for many years

Either you are skilled in reverse engineering, and you have some kind of CTF or record that shows you know your stuff, or some other kind of project that demonstrates your competency.

RE is a very niche field, and most companies that have a security department don't have a dedicated malware specialist.

I have near zero experience in cyber security

do you have a good knowledge of C and ASM? I would recommend getting invovled in RE CTF events and contests

Winners from those kinds of events typically have the skillsets and knowledge to jump directly into malware analysis.

But I am interested in such things that assembly language and low level languages comes into play. I actually want to have deep knowledge about computer systems

Nope, I worked as web application developer.

I am also interested in binary exploitation too but once I listened some experienced speaker and he was telling binary exploitation will be exist much less in 10-20 years. But malwares would always be around, so which one promises more job opportunities you think?

I don't understand the question.

I mean which one is more demanding, binary exploitation or malware analysis?

I don't know. Similar skills required for both

In any case, I want to do somethings with low level languages and assembly in cyber security area. Then I guess I should go for binary exploitation or/and malware analysis

And I am also interested in Linux systems and there is not much cert specifically for binary exploitation/malware analysis on Linux. There are exploit development certs for Windows and Mac on Offsec as an example.

What's up fellas. I just completed the pre-security path. Intro to Cyber security, Network Fundamentals, How the web works, Linux Fundamentals, and Windows Fundamentals. It took me roughly 9 days and 36 hours. I'm looking to network for a possible internship/ entry-level position. Going to keep climbing the TryHackMe ladder. Anybody have any ideas or thoughts on my approach to a career-change?

What role are you looking for? From what I've seen, cybersecurity as a whole is not an entry field. Someone's answer will also depend on your previous IT background.

TryHackMe is generally an introduction to multiple subjects. You can definitely refine some skills but generally is it enough to get a job without outside resources? No

i've just completed Complete Beginner path, what should i start next?

depends on country, those are very US centric certs

not 100% sure, but we have people from the UK here so maybe they'll provide input

What do you like the sound of more? There's few paths

What cert you think good for blue team in USA other than security +

I am thinking CDSA next to

Should i start Comptia Security + or Jr Pentester Path?

Jr pen

Resume question: Google's Cybersecurity Course recommends last 10 years of experience. Is that recommended in the field still as their course has been out a year already or should I stick to just using previous 5 years/relevant experience?

(U.S.)

I'm liking pentesting or red team offensive security. I have no it experience. I have been a registered nurse but had a major life event and need a career change. Do you think without a formal degree it is possible to get a job? If I do all the comp+ certs etc could I land a entry level job or become a free-lancer somehow. What do you recommend? I don't have the money to get a formal degree.

well Splunk is a solid plan, Security+ is great

I don't understand your question?

are you saying you have 10 years of experience but are only going to put 5 on your resume?

general/previous job experience sorry

it depends and also depends a lot on country. In the US, the standard is to go 10 years back except older jobs have less details than current/recent

Okay, that helps a lot thank you! 🙂

@ebon matrix I am a newcomer myself but from what I've read, doing certificates only or THM only isn't a guarantee for work. Doing challenges may be a good way to get exposure to high level concepts. I defer to other actual experts or professionals who can speak more to what to do next.

Are internships usually reserved for university students?

In the US, yes. Not sure about other countries

Then you get an entry level job, IT Helpdesk is a common starting point.

whats it helpdesk

You know what I am going to say, right Alex?

fair enough, il google it

Good idea bud thank you !

Gave +1 Rep to @stoic cave (current: #17 - 438)

Okay thanks Pat. Are you in college majoring in computer science or something like that?

Hello guys, can anyone recommend me a good roadmap to follow? I am doing THM rooms, but I feel like I dont have a full path to follow, and I am afraid that I am kind of lost, I wanted a roadmap for a red teaming role.

You know this was a joke right?

Also INE has gone way downhill, I don't think most people would recommend any of their certs any more

What do you recommend?

well where are you right now in terms of knowledge?

I mean red teaming is a big field

Yes I want a long term path that leads to a career on it

Well Tryhackme is great for starting knowledge, HTB can help hone some skills and TCM can as well. But it does depend on where you live, what your background is and what skills you have already

I would say this also depends on where you live and what job offers are in this area

Looking at job listings in your area can give you an idea of skills and certifications companies may want

so @warm hinge where are you from?

Brazil

mmh well I am from Germany so I don't know anything about the job market in Brazil but the next thing I would suggest is that you figure out what you are looking for in the red team. Some companies split up their departments and you could end up travelling a lot to gather information on facilites/plants/offices.

How is the market in Germany?

pretty good I would say.

but you would need to learn german.

I am thinking about leaving Brazil, but leaving without experience is kind of an overkill, I was seeking for germany and australia.

https://de.indeed.com/

try this website. They are listing jobs in Germany

What part of it?

@warm hinge https://www.ferchau.com/de/de/bewerber/jobs/351763/informatiker-penetrations-tester-cyber-security take a look at this job offer.

Well the whole thing was made as a joke to put CEH as the ultimate cert. Tux is a valued part of our community but I'm not sure if they were really trying to make a roadmap

And that is quite a few years old

I know CEH is a joke, it says so as well

The first edition didn't have HTB on it even

I poked Tux about that and he added it

But I think it's still a fairly decent one honestly - it shows some common platforms and certs to look into

though not in a linear order, mind you

This is pretty good, but I would say that I am a beginner-intermediate

this company is hiring people who don't have a lot of expierience and will send you to a company who needs a engineer. In Germany it's called "Arbeitnehmerüberlassung". It's some sort of temporary employment but when you work for Ferchau they will always put you up to a next company

Like I said, INE has become very questionable since that was made

Is Germany good with foreigners? From what I saw they are, but you are a native so you know better

https://roadmap.sh/cyber-security
is pretty neat (ignore the certs section)

oh, i didn't know

shure normally you are very welcome here. If you learn the language it will be much appreciated.

...and ignore parts of the network section and other parts of it where it is unreasonably "unicorn-like"

I really don't like that map xD

but it's the closest to a full one that I know of, too

It's nowhere near perfect, but I think it gives a good rough outline for the fundamentals needed

how old are you @warm hinge ?

I am 20, 21 in december

well jobs like this one will always be there.

Have you ever been to Europ or Germany?

Yeah I went to england once, I stayed there for a month to study english

No - I am in an unrelated business field taking an interest in cyber 🙂

if you can afford it I would suggest the same for Germany

Is this a better roadmap than the one Birb posted? 🤔

it's more in depth than just "here's a website"

something like this might help you out: https://de.indeed.com/viewjob?jk=e9eb98f490508c25&tk=1i2eaoisdk1vl80m&from=serp&vjs=3

the problem with a 'roadmap' in general is that for specific jobs, it varies from country to country. The one Jayy posted covers the fundamentals for a number of different areas of cyber

and also saying things like "do THM and do HTB" is very hazy. Since that 'roadmap' was created by Tux, THM and HTB have both expanded greatly

Does jobs like this, where you study and work needs to speak german?

It's more elaborate, but even this one has massive flaws IMHO

I would recommend to check out our Career hub: https://tryhackme.com/r/careers

I've ranted about it before on another discord server

I was going to do this, do you think that after I do the pentester path I can take the comptia cert or any pentesting cert?

Or at least have the knowledge to do so

if you want a certification, it is best to do specific study for that certification

I already did the cybersecurity careers. pre security and I am doing complete beginner now, then I was thinking about following the carrer for pentester

Professor Messer on Youtube has a variety of resources for Comptia certs

well in IT you usually get along with english. But there will always be a language barrier. I would suggest that you lear some of the language and continue learning it when you are in the country

Ok, but is it worth it to study for a cert right in the beginning ?

so I should do this path then study for the comptia?

depends on the cert, and like I said depends on the jobs

are you going to a university right now?

like in Europe, I don't think Comptia certs have any value. I'm not sure about South America

No, I was doing a computer science course at uni, but I dropped it, it wasn't good

@distant pier There's alredy a pinned message on the careers hub btw lol

More the merrier 😆

Well I want to be a red teamer / pentester that is for sure, I just need a "path" so I dont feel lost

mmh well in Germany the companies are looking more on the certificate you get from your university.

but you can always apply for a job offer and see what feedback you get.

well generally, someone's first job won't be a pentester / red teamer. So a first step is getting a job in IT

yes that's true

It depends on what your personal action plan is. Did you read the pentester page as well?
https://tryhackme.com/r/careers/penetration-tester

I had a job in IT when I was about 16, I was a tech support, then I got into programming then landed a job being a full stack

well thats a good start I would say.

but I kinda didn't liked the company I was at, and they didn't treated me well, so I quited and now I am trying to get into cyber

There's a learning-guide tab on the pentester page I posted. 🙂

Thanks, I will look at that

well I can tell you that it won't be easy :D. If you want to have a job in Germany you definetly should learn the language and finish your study at the university. It takes time and you need to get through it with all the ups and downs.

there is no unuseful knowledege in cyber

Does "degrees" that are like a 2 and a half years course helps?

I was going to get into a "cybernetic defense" degree here in brazil

shure it will help. But if you want to get a better paid job at a better company you might also need a bachelor in IT

if you are looking to emigrate to another country, especially EU/CA/US (possibly others) usually, they are going to want an equivalent of their 3-4 year degrees. Unless a country has a very specific open policy. Lots of countries will also want you to have citizenship to work in cybersecurity.

oh yeah. I never thought of that. This is also something to consider.

Good to know that, does it matters if the bachelor I do is from distance?

Or they just want the bachelor, does not matters what university it is and the methodology that I do

I will say that I do not know

well if you have a bachelor from MIT or Harvard they will appreciate it more :D. Also there are some universities in Germany that have a good reputation. But a bachelor degree is a bachelor degree.

Do you have a list of this universities?

A website that specifies them or something like that

for Germany you can have a look here: https://de.wikipedia.org/wiki/Spitzenuniversität

they call it "Eliteuniversitäten"

I would say that Munic (München), Berlin and Karlsruhe are the top three and Karlsruhe and Munic are the top for IT.

but for Munic and Berlin you need a shitload of money since living there is quite expensive.

this uni is also know for it's IT: https://en.wikipedia.org/wiki/Technische_Universität_Ilmenau
But the city is very small and I would not reccomend the east of Germany if you are not fluent in the German language.

I am worried that I get too old for living on another country, if I go back to uni I will finish it in 3 years, I will be 24-25 by then

ah don't worry about getting to old. You can start your career when you are 30, there is no hussle here.

the more knowledge you can gain in your twenties the more relaxed you will be in your thirties

you need to take your time

Definitely too old

No you're not too old. Age has nothing to do with it. Do what you want to explore the things you're interested in

I didn't finish my BS in CompSci until I was 32. I didn't actually enter security full time until I was almost 40. The only timeline that matters is the one that makes sense to you.

dont worry champ

How is everyone doing

Anyone doing bug bounty hunter I need help

#bug-bounty

😂👍

Hey, what are the most important things to learn or accumulate from python

Like what design choice or quirk about the language should you learn about and take away from using it? Or what should you try to learn to code?

2nd

most important thing is to learn coding well enough to write maintainable and testable code, and to learn how to write tests for the code as easy and efficient as possible

but if you're only just getting started it's important that you learn how to write python code including how to write software that is larger than the average scripts - so like 5-10 different files of 100-400 lines of code each

that kind of size

it's a good thing to aim but, but not something you would be expected to be able to "just do" as a beginner

It's an older book written for Java, but there are many lessons that are very applicable to all programming languages: "Test Driven Development: By Example" by Beck is a great resource once you've mastered the basics of control flow.

5 - 10 files?

sure, or more

also less

depends on the project

I'm at use Variable Arguments in Pyhton

but if you're learning python development for the purpose of being able to write code, you should try to aim at being so profficient that you can identify where and how to split the code base up, so it makes sense and is maintainable and testable (the book Juun talks about could help here)

what's the resource

So your first step is to learn python 😄

I think that's a good strategy, but may be a bit more advanced than they are now, Birb

take it slow, enjoy the ride

indeed

How do I get into a task to test if I've actually accumulated anything

I would suggest first learning how to write a function, a class, and how to integrate those into a module. Once you understand a module, then you can start to think about what it means to unit test code as you write it.

Alright, I will do that but there's so much to read cuz I'm using microsoft learn

Could you like give a task to write functions/class and integrate module

I can assure you it's just the tip of the iceberg, so try not to think about how much there is to read, just focus on how well you are progressing

You will get more out of it if you figure out your own deliverables

Alright, I acknowledge what you mean, focus is on the progress not how much you're learning

How do I do that

Find a problem to solve, then solve it 🙂

What type of problems, can you give me one

Whatever you want it to be

Can you give me a problem

I'm getting confused, what's a problem

Here's a classic: https://codingdojo.org/kata/Bowling/

Alright bro, what is it about

Read, and you'll figure it out.

you're going to work long enough
also the average education level in germany is quite good, even if you don't go to Karlsruhe or something

It's a simple kata to get you to think about algorithms, and also testing

Come on, just say the basics in it

It's an exercise

Read the specs, and implement it in the language of your choice

Ohh so I perform some things

Language like coding language?

Yes

It's meant to help you practice by giving you a problem to solve. Most katas will focus on one or two concepts

I can use it on python

Ohh, that's good 👍

sure

Ohh, thank you so much bro, you're the best

Gave +1 Rep to @tacit bobcat (current: #12 - 588)

Hello folks.

Question, with this kind of knowledge and some experience as IT Analyst, which kind of job position you guys think I should apply for? https://tryhackme.com/p/fwnction

hey guys is EC-Council really that bad? My company will pay for the vouchers, but still want to get the most out of it, had a few in mind. Starting with CND > CIH > Scada > etc

yes

so instead casp+ ?

depends on your goals, if you are in the US, Comptia certs can be good although I think CASP+ is a fairly new one?

if your company will pay, will they pay for SANS? or what are you specifically looking to get a cert in ?

looking analyst certs / incident response certs (intermediate / experienced). I dont work in government but do want to check the DOD 8570 boxes too. Havent really looked at anything from SANS

well SANS will check your DOD 8570 boxes and its pretty solid

Comptia is much cheaper though

every class I've taken from SANS has been great, lots of IR stuff there too

I would have to confirm the amount of reimbursement, what classes have you taken from them?

its been a long time but I took their incident handler, malware analysis and 1 other that I forget at the moment

8570 is deprecated, just an FYI

yeah it is although lots of employers are still using it as guidance or seem to be

since the new guidance isn't as firm or maybe isn't as communicated

It's still being worked out, at least it was before I left the last place

It depends on the Installation and whether or not they're Government Civilian or Contractor

yeah seems to be, I'm not working that close to the programs anymore so I don't hear about it as much but I see the job listings and they still seem to be parading the same certs

8570 certs will likely just be ported, but prior experience and education is also being taken into account with the new system

8140 is the new publication

yeah, which is good

Security+ is pretty much good for everything though, tbh

it sounds like they are looking for a more advanced cert... which of course there is CISSP and everyone (US, especially gov stuff) loves CISSP

I don't think I met anyone that didn't have it and anything additional was pretty much always paid for by the government or employer

do see that in alot of job descriptions too as a baseline being security+

Yeah if you're going IAM, CISSP or Scrum would be beneficial

but I do have a degree in cyber too

Degree is pretty much a contract requirement/HR checkbox. It can also determine which payscale, classification, and or jobs you're allowed to apply for in some cases

yeah they still like certs

like Security+

(I don't have it but I'm also... old)

yea im looking at job descriptions to see the ones that are most looked for but also want to get the most out of it. Will look more into SANS but might be a pretty big jump hahaha

You can't pay for SANS yourself

if somone is paying for it, I'd do it

It's way to expensive

will have company pay yea

I think they said someone is paying

I'm behind on messages

or else I wouldn't recommend it

I appreciate your guys input

good luck

tbh, job descriptions for government work are shit shows. To put it nicely

thanks and yea there kinda all over the place

I found out when I was leaving the last place that I was designated a Senior Cybersecurity Engineer when I was hired... out of school. Job description did not match what I did either lol.

sounds fun

New place I basically had no indication of what exactly I'd be doing, even with being in the space for a couple of years at this point, and it turns out RMF (and everything else cyber under the sun). The thing I hate most.

not fun lmao

How is Scrum beneficial for IAM?

or is IAM not identity and access management in this context

CSM, Certified Scrum Master is a desired thing in government management. Information Assurance Management/Manager

Ah very different stuff. First time ive heard of it

I also got confused

This might sound stupid but...

Does anyone actually good websites that show how to write a cv with little to no experience.

Literally all I see when I type on Google "IT support/cyber security cv with no experience examples", is websites that have examples with experience. I see entry level cv examples with 1-2 years of experience, that doesn't even make sense.

And some websites say to list volunteer work or internships, when I mean no experience, I mean nothing at ALL.

Why does Google not provide with me with the exact thing I'm looking for? Or I just searching it wrong?

Hey everyone,

I've been studying blue teaming for about a year now, but I'm finding the hands-on Splunk work quite frustrating and time-consuming. I understand that Splunk is a key tool for SOC analyst roles, but I'm struggling with the practical aspects.

Can anyone share their thoughts or advice? Should I focus on improving my Splunk skills, or is it worth considering a different path? Is this experience common, or might it be a sign that SOC analyst roles might not be the right fit for me?

hey guys jus asking , if i want to opt for certification which is good , CTIA or ECIH from EC-Council ?

It seems to be common that people get a Comptia Security+ cert (some also get the A+ and Networking+ certs) before looking at more advanced cyber certs

i'm asking in expert level , i have CEH CHFI CPENT and do i need to get CTIA or ECIH ?

which is good CTIA or ECIH?

Ah I see, apologies. I can’t advise there. It might be worth looking at the roles you want to go for and see what they ask for.

oh k

CompTIA+ Security and CompTIA+ Network are currently the most recognized certificates within the Cybersecurity market.

I would consider that "good", but you have your definition of that as well.

Like Noisy said, choose the one you feel the most like. They are different certifications for different roles so you can't compare them easily.

oh ok got it , thanks everyone who jsut answered for this

Gave +1 Rep to @unreal shore (current: #123 - 55)

thanks to @near gate

Hey everyone!

I'm looking into different entry-level pentest certifications. Maybe someone can suggest a recognized organization? Currently I'm looking at Pentest+, eJPT, or maybe CEH Essential. Do they even help with career in cyber or it's more of a way to build tech stack?

I will say none of those are great options. It depends on your goal though. If you are in the US, companies will have heard of Pentest+ but not much value is placed on it. I would avoid CEH and eJPT at all costs. There is the PJPT from TCM Security but many companies won't have heard of it. It is pretty solid though. And I know lots of people will misunderstand when I say this but OSCP is considered a junior level pentest cert. Since pentesting is considered a more advanced area of IT/cyber, it may seem like a more advanced cert to people but for pentesting, its not

thank you

Gave +1 Rep to @pseudo creek (current: #15 - 490)

Projects projects projects. Show off a home lab, talk about programming scripts you’ve written for personal projects, talk about hobby projects that are tech or cyber related. If you don’t have those either, you better get started

I know programming is useful for Cyber but it's not my thing, I did it at university and I hated it

what type of cyber jobs are you interested in?

Blue team roles mainly soc analyst/incident response