#cyber-and-careers

Classy

From looking elsewhere online, I've mostly seen people say business casual

yeah something like that

I wear a shirt and pants and rubber shoes

Depends on the company dress code too

Depends. I usually wear jeans, a collared shirt, and nobull cross-trainers (because they're flat/wide and I stand/lift things a lot) or a sneaker. If I'm traveling for work I usually have to wear clothes in accordance with PPE rules.

Class don’t teach you anything

Other than concepts

In DFIR? Just be aware that a lot of it is CSAM

Let's not make broad, over-generalized, statements

Be dressed

What would be a good start point to transition or specialize in Digital forensics? I currently wear a couple hats at work such as GRC/policy development, incident response, and somewhat of a SOC role.

anyone know of good microsoft certifications for cyber?

Unfortunately no, it's current me and my manager that handles the security for the company, it a small company. And just based on the daily tasks I do, doesn't feel like I'm progressing with what I need to do improve. Been focusing on tryhackme to learn and develop more skills as well as studying for the security + but would like to transition into a more exciting role or just get to the next position at a different company if that makes sense.

How long have you been with the company?

About two years, was promoted into the cybersecurity role as a specialist like a year and half ago.

Is anyone here trying to start their career in pentesting?

If you have a question, just ask. Plenty of knowledge and experience here.

You could probably do security focused software development, but if you're talking about both roles at the same time, I don't think so. They are pretty different.

I'm forgetting the role on the security side that reviews code. Big brain fart

Was wondering what does it take to start a career as pentesting. I study cyber seucirty and computer forensics at uni which covers everything and i'm in my final year and I think I wanna pursue a career in pentesting any tips on how I can go about becoming good at this job?

I would be hesitant to say that it covers everything, I did a similar degree and have learned things that the degree didn't cover, but as far as getting a job in pentesting you're going to need to build some experience. My advice is more US centric, but there is carryover to UK and EU job markets. Apply to entry cybersecurity roles, ie Cybersecurity Engineer, and make sure your resume is squared away. That's really the first step.

I would also be hesitant with this as there's a lot of additional variables, ie Work Visa, when it comes to where you want to work location wise versus where you can work. With security roles as well, there's also higher scrutiny on who they're hiring, so I would probably change the recommendation to the job market they are in.

Thank you for the advice and I appreciate it! I considered those two certs but current it's really just out the question right now. So I've been considering just continuing in the path of looking for a Incident responder or GRC position and gain for experience in the field. Looking into going for the CDSA cert on Hackthebox after the security plus

Gave +1 Rep to @thick dirge (current: #117 - 59)

Any advise for a job seeker?

Does anyone know of a decent IT work from home job? Or something to do with PCs that i could also learn from.

Hello, working on website for projects and labs however I am a beginner so I've only really done some foundational labs to showcase I know the basics. I was wondering if these are things I should include on the website if it even matters to showcase basic understanding and foundational knowledge? This would be just basic documentation like the example in the screenshot: https://gyazo.com/90e7f8ea2ebb733e17620d95d9c927ee
I would be uploading similar docs for Python, SQL, Linux, SIEM and etc. or should I just stick to uploading projects like calculator games (as mentioned above)? https://gyazo.com/1ab3405bcd52e4ad5c0365af29906676 I've done a few more exactly like the one above covering things like file permissions (list inside screenshot) but don't wanna waste my time doing these if it doesn't add any value to my website for recruiters/employers

@visual flower based off your react you are saying that these types of docs are worth adding to my website for employers?

What’s most important to you guys when you see a job opportunity posted on the cyber job board?

As someone new still building their resume and website. I tend to look at location (Remote/Hybrid), experience requirements, open to people that are new to the field and encouraging on going learning

From some of the other listings i've seen that are intimidating typically require few years already however the descriptions seem very lone wolf and team culture not important

When you see "demonstrated ability to XYZ" what does that mean? How do you demonstrate that via a resume? Or is it just code for "we will test you on this subject"?

Example:

-Demonstrated excellence in supporting the Microsoft O365 Collaboration Tools --Email, Outlook, Teams, SharePoint, etc. and the ability to interact with colleagues throughout the LOBs to troubleshoot, diagnose, and repair issues and to work with peers and partner teams when necessary to find solutions

I assume thats what the websites are for to show case projects that display your capabilities

Pet projects VS work experience is different I would think.

I like your idea about setting up a website and I;m sure I've seen it brought up before but have never done it

I would say work experience would be displayed through resume from previous jobs/current

just word your responsibilities with a security mindset

Right. That makes sense. Thank you for the insight

Im coming from collections and service industry so I used GPT to help me rephrase my responsibilties

bump

It is

Personal projects are not professional experience

So when they say "demontrated ability xyz" what are they looking for? Resume with details of "On x project I did ABC thing" or is there something else they're looking for?

hi

v

is that in response to me or cienfuegoes

Demonstrated ability to XYZ just means you’ve had some exposure to whatever technology before and it was successful

Thanks folks

Yes sir

Hey guys,
I'm doing SQL Injection room.. though I know basics of sql like CRUD, union, Group_by etc.. I still feel like I don't have enough sql knowledge to tackle sqli.

Any suggestions on how much SQL knowledge is good enough to find sqli vulns in web apps .. ?

You just need to get familiar with commands..sqli as a concept is easy to grab.. commands make it hard

I personally learn by applying what I have just read or watched a video on. So for sqli I would complete the walkthroughs on THM. Once I have some basic knowledge I would then attempt a sqli challenge. This will tell me where my weaknesses are in my knowledge. Then I will focus on learning what I do not know and then attempting the same challenge again. Once completed find a harder challenge and go through the process again.

Thanks @visual flower @low dust for the suggestions.

Gave +1 Rep to @visual flower (current: #333 - 15)

anyone have any good group projects recommendations for cybersecurity?

Is this for schoolwork?

If so, I would consult your professor, TA, or query your favorite search engine. School projects really should be your idea and sometimes outside assistance can be viewed as cheating.

No. This is not for school work

Some buddies and I wanna do a group project together that involves cybersecurity

whats the fastest most basic skill to learn to start working/getting money

bro how to get started

Read #start-here

You can do #878393611929129000 or #pre-security-legacy-path or #974406074444685322 , I recommend presecurity because I have learned a lot from there but all of the paths are fine and worth learning

Honda that is a hard question. For me it was learning the Comptia A+ material and started fixing computers. That lead to everything. Been in the software/IT field for a long time now and I still continue to learn everyday. What is your background and what are you interested in?

iceekarma maybe vulnmachines? You can load known vulnerable machines and and hack them.

Cybersecurity is something that expects you to have a lot of knowledge about IT, networks, systems engineering and the basic understanding of cybersecurity itself. On top of that, you could spend a while learning skills about hacking, security operations and other aspects. You can begin your learning here: #start-here

Any good home labs for blue team ?

For beginners

@south monolith hi

Hello ?

??

What ? If you don’t know answer why ping

I do not have much of an answer, but i am also interested in these kind of questions.

So thats why i am responding in hope that if you got smth, you might share ;)

Thank you :)))

Gave +1 Rep to @river musk (current: #1435 - 2)

Hi, can anyone help me out with the snort challenge

Hello, I am a WebDeveloper and I am looking forward to transform my career into cybersecurity.. What are the steps should I take.. Whom to follow for courses..

I have a vast knowledge on Networking, Linux..

So please help me to move forward..

give me a curated answer from experience. .

1. Embrace ur inner paranoid schizo. Cybersec is all about assuming everyone's out to get u.
2. Git gud at:

• Network Penetration Testing (cuz poking holes in shit is fun)
• Malware Analysis (Learn 2 think like da bad guys)
• Cryptograpghy (so u can complay as Alan Turing)
• Incident Response (be da hero nobody wants but everyone needs)

3. Certifications 2 collect:

• CompTIA Security+: Baby's first cybersec cert.
• OSCP: Da dark souls of certs, git gud or git rekt

4. Follow cybersec ybers:

• John Hammond
• Ippsec -- Walkthroughts that'll make u question ur skills
• LiveOverflow

5. Practice like a tryhard:

• HacktheBox: where skiddies die and hackers r born
• TryHackMe: For when u need training wheels
• VulnHub: Download VMs, break em, rinse and repeat

6. Read this bibles:
   "The Web Application Hacker's Handbook": ur web dev skills, but evil
   "Red Team Field Manual": Pocket-sized haxor cheatsheet

I have so many issues with this...

Let's start with Malware Analysis, you're not thinking like the bad guys, you're literally observing the behavior and characteristics of the Malware.

Ik malware analysis isn't about 'black' hat dis or dat. It's about dissecting digital cancer like a coroner

I didn't mean it as literal 'bad guys' I'm talking about getting into the mindset of da malware author

What the fuck did I just read..?

lol

Yep, probably in a thread that overgeneralize everything

1. No it really isn't...
   2,3,4,5,6. None of these are essential. Further information is required.
   8,9. Read local job postings for jobs you're interested in rather than just going for Sec+ and OSCP as a catch-all.
   10,11,12,13. Sure
   14,15,16,17. Yes, but are you baked out of your mind?
2. Web app hackers handbook is deprecated in favour of portswigger academy. RTFM is still a good read. There are lots of others which may be more relevant depending on which area(s) of cyber the individual wishes to explore

I think this might be the place to ask this

but shouldn't we have a channel for Certifications/Certificates?

This one.

Would fall under cyber.

And careers.

1. It's subjective. It's either this paranoia can kill a person or not but having no paranoia can be quite free, ofc (i'm quite paranoid)
   2-6 'None of these are essential' - Technically true. No single skill set is 'essential' for everyone in cybersec. The field is diverse w/ multiple specializations of ur choices.
   8-9. Job posting strategy - Fair point cuz tailoring ur skillset to market demand increase employability dd. It's more efficient than a one-size-fits-all approach.
   8-9. Sec+ and OSCP -- These are valuable but not universal. Their importance varies vby role and employer. But they're not guaranteed tickets to success still.
2. Another fair point. Online resources often outpace books. Ofc, cybersec is not monolothic. Different roles requires different skill and knowledge bases

Though da reason why I said OSCP is that it's an HR hacks (though Idk one cuz i haven't work on one, lol) is said to be 'legit helps get past initial screening. Well-respected in infosec circles for a reason, many companies specifically look for it [though this one defeats it by using strat 8-9]. Though for me, OSCP is a starting point, not the end goal

I agree on the part that HR loves oscp

Would I get it? Maybe not

another way to get past initial screening is become part of your local community. If there are local conferences, take part, volunteer. Same with DefCon or other larger conferences if you are willing to travel.

also the person said cybersecurity, not pentesting. For Cybersecurity in general, OSCP doesn't matter. Like Muiri said, check job listings to see what they are asking for

also there are various online cybersecurity communities, like this one. I've known a few people through discord and recommended them for jobs within my company

Cool, are they employed there now?

at least one person got a job, one is currently in the process, we'll see how that goes

but I've known others who have gotten jobs through their connections

Unfortunately, connections are indeed the most secure way to get past the initial filters

This is true for outsider-to-company but also applying internally

But I mean, its pretty good, no?

Better to have it then to not if you're looking for an offensive cyber role

CISSP I see in a lot of job postings - like a lot

you are not alone bro

Unbeknownst to most... CISSP is primarily a manager cert... it gives a good overview of most parts of threat management, but does not get into the "nitty-gritty" of any of them.
It is the "nitty-gritty" that makes someone a pen tester, analyst, or engineer.

this really depends where you are from. In the US, CISSP is a generic cybersecurity overview cert but not considered a management cert. But most people know it doesn't get into the technical details. It is good to balance the technical details with the theoretical knowledge

In the US, CISSP is the minimum cert that a manager that is over a SOC-like team should have, if they have more even better... however, a techie shouldnt care about getting it unless they want to go into management

yeah keep thinking that. In the US, CISSP is a cert useful for anyone who works in cybersecurity

This is primarily due to the sections about audits and separation of duties.

Most techies don't really need to worry about those.

managers love employees that have it. Yes, they want you to have the technical skills but they also want you to have a base understanding of cybersecurity and a common language

Audits is more CISA, which most people really don't care about

Guys i wanted to ask smth

But not sure if im allowed

We have obviously had VERY different managers... I have only had one that has not had it, and he was a moron. Almost broke the SOC (everyone was ready to quit before he got fired). Yet, NONE of the analysts or engineers ive worked with had it unless they wanted to go into a Management (or Lead).

As long as its not something illegal or NSFW, it should be fine.

I've worked in the cybersecurity industry for a long time and know a lot of people inside and outside of my company and also you see it on job listings

it is considered a net benefit more than not

(I let my CISSP lapse because I couldn't be bothered but when talking to people at are early to mid career, I tell them not to be me)

For a generalist, sure... log-monkeys, key-jockeys, etc... its not useful.

again, obviously your experience in the industry is different than mine

SANS or any of the trial by fire type certs for Red side are alot better.

if you a junior level, I wouldn't try to pass CISSP, I would definitely wait til you get the 4-5 years experience

https://tenor.com/view/why-not-both-why-not-take-both-gif-11478682

but the verbiage of it being a manager cert is more the european view of CISSP because that is how it is treated there

Asked in the general

I mean, more certs pretty much cant hurt right? Regardless of how technical nitty gritty CISSP is, while perhaps not strictly nessicary for a lot of roles, I could for sure see how people would like to see it.

Like having basically any cert above A+ for just a computer repair position would be.

ehh I mean there is a point where certs don't really help but personally depends on the job you want / career you want. A CISSP is pretty solid early mid level. I always recommend cloud certs cuz cloud everywhere and then depends on what you want to do on what certs to get beyond that

yes its a great cert

and sometimes you recognize you get certs to learn something and other times you get certs because it helps your career

I can understand someone disliking CISSP, when I took it, most of the questions were related to classified areas and I was like "this is so stupid"

but it helped propel my career so I didn't complain

thats what I just said...

but I will say in the US, it is very much considered a bonus and in some companies, expected of most everyone who works in cybersecurity after a few years

any low / mid level pentesters mind sharing their resume (PII redacted) ? I'm trying to gauge my competition for things I'm applying for

Getting a new job is always a double edged sword when you are leaving a job you like

I am dreading having to tell my boss I am leaving

And to make it extra fun I’m in an environment where they are going to view it as me ‘screwing them over’ even though I am going to be giving close to 4 weeks notice

If you're considering becoming a penetration tester, the market is highly competitive. It is one of the most desirable roles in the industry purely because of the boast that you're a hacker and you get paid for it. If you want to present yourself as a valuable candidate, you need to show a passion for it, as if it's what you live for.

Expect to spend a long time studying and learning to get up to that level. You should be very comfortable doing routine IT admin stuff like Windows/Linux/Active Directory admin, networking (at least understand the entire Network+ curriculum or try the CCNA). Also have an understanding of basic bash/Powershell/Python/sql with an urge to learn more about those and other languages. Also, you should have a very solid understanding of the cybersecurity landscape and have several years working experience in cybersecurity, IT or programming or a related field.

If you're looking for a certification that most hiring departments like you to have, consider the OffSec OSCP. It's the most widely recognised certification in pentesting. On average, if you spend 3-5 hours studying most days, you can expect to spend 3-6 months learning; some people opt for a year-long program. This is considered the minimum level of competence for a junior penetration tester, but you would also need to be able and willing to study new things on a regular basis.

There are alternative ways to learn and demonstrate your skills, such as competing in and placing highly in competition CTFs, performing bug bounties (not a reliable source of revenue, but good experience), and completing certifications at the same level as OSCP, such as the TCM PNPT, HTB CPTS, Zero-Point's CRTO certs and/or Altered Security's CRTP/CRTE.

There are lots of other learning resources, but I would suggest checking the Tribe of Hackers books (about $15 each on Amazon), PicoCTF, OverTheWire and UnderTheWire and pushing to do ctfs like those on ctftime.org

I would consider reading these two posts from Medium:
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

I have a comp sci degree, Comptia sec+, and some relevant experience. Sould I be looking for analyst positions then?

oh and about half a dozen projects

Sure, you should apply to any role you'd feel comfortable pursuing. Understanding the objectives of the SCO paths on THM is a good start in that area. A lot of people enter cybersec through a SOC with a couple of years experience there

Maybe I should go back to dev for a while so I can at least eat more than 1 or 2 meals a day.

thanks for the advice

Well there are plenty of dev jobs in cybersecurity, so those skills will always be in demand. Things like secure software engineering, exploit development and other such roles. They would usually be considered advanced roles

Yeah I think I need to rewrite my resume and then try applying for jobs again

It's always a good idea to have a couple of standard resume templates highlighting your skillsets and then matching them to particular job roles. Using an ATS checker to compare your resume to a potential role is a great way to ensure you have the relevant skills on show

ATS checker?

Many companies these days have an Applicant Tracking System (ATS) set up to filter peoples' applications. They use keywords from the roles posted on LinkedIn and other sites to validate your application for a particular role. An ATS checker (there's lots of them online) simply compares your resume and the role description to help you highlight your skills effectively

Is IU University of Germany (IU International University of Applied Sciences) a bad university or good?
I'm thinking of getting my bachelors online (https://www.iu.org/en-in/bachelor/cyber-security/) from there and it seems legit, also the curriculum is great, but i'm getting mixed reviews specially in reddit. So, can you guys help me?

(Germans and/or people aware of this university please please help)

I have no personal experience but a recruiter told me that their employees who study there also say it is on the mixed/bad side. It was for general "Informatik" though. If I remember correctly their CS Bachelor has quite a few courses in common with the Informatik one.
If you plan to study on the side while working, you might want to also check out what the FOM offers: https://www.fom.de/bachelor.html?faculties=56565&degree=9812
"Cyber Security" or "Cyber Security Management" might be interesting for you. What information I have found about the FOM is usually more on the mixed/positive side. Both Bachelors are completely online too.
FOM is also a lot cheaper with 445€ instead of 800€.

Guys ive heard that its necessary to have different passwords for different accounts that you use so you can secure yourself and your info from hackers

Is this true?

This is 100% true. Imagine you have the password password1234 for your facebook, instagram, tiktok, steam account, gmail and a bunch of others.

All it takes for the hacker is to only try and hack one of these account or wait until there is a data leak or something from one of these platforms. Since hackers know most people use the same password everywhere, they can easily get access to all of your accounts and eventually all of your personal information a.k.a. your whole life.

so its better to have a list of ur passwords from different accounts because i forget my passwords lol

I mean sure, but I wouldn't keep that in digitial form. I would print it out and put it somewhere safe like in a literal safe or something.

The best recommendation is to use password management tools. They can generate complex passwords for you and save them all centrally. You will have a master password to access all of your other passwords. This ofcourse introduces SPOF (Single point of failure) meaning if the hacker gets access to your password manager, it's basically over.

I would also recommed using 2FA/MFA everywhere.

You can never be 100% secure. You can only slow hackers down. If somebody is determined enough to hack you, they will. It just take longer, more money and ressources to do so...

what about when it comes to hacking internet password

they might not turn it off but they will try to use my internet wifi

If by "Internet password" you mean your wireless router's password:

Most home wireless routers today use WPA2 Personal which is strong but there are ways to crack the password.
Hacker need to be close to you to capture something called the "4 way handshake" and try to crack that.
Now to avoid hackers from gaining access to your router, all you can do is use a long and complex password. (10-20 characters long, lower- and uppercase, numbers and special characters)

Do they get access to the password through a device or through a program (meaning through pc)

They will only need a wireless card with monitor mode capability and close proximity to your router to capture the 4 way handshake.
Then they will try to crack it on their computer offline (which if the password is strong enough, it'll be basically impossible)
Once the password's hash is cracked, they can then access your router and use it.

The programs/tools used are usually the ones below which come pre-installed on Kali Linux:
aircrack-ng
airmon-ng
aireplay-ng

I would recommend this video for more informaiton about this type of attack: https://www.youtube.com/watch?v=X49lIPHcurE
and this article: https://medium.com/@callieshielim/wpa2-secured-network-password-cracking-d281484dd467

I’m new here and need some knowledge please

FOM seems interesting but does it have German language requirements, also IU is cheaper than FOM but if FOM is good, it doesn't matter.

Hi, guys I am new to this field of cybersecurity and want to learn, could you please guide me through resources for it.

jump to #start-here

should I buy try hack me subscription before or after I go through the fundamentals listed on their website

and will I get support in order to secure job in the subscription??

getting a job is on you and your skills you will learn here

you will get help and support with your problems for sure

I am from commerce background, will I face any hindrance in the job market?

why would you face anything like that? I don't see a reason

okay

if you won't try to do anything illegal that is

eu

suggest you to don't disclose this kind of info and jump to #general

okay, thank you

Hey folks, I’m new here and I wanted to know if doing thm then applying for jobs is a good strategy, or do you recommend getting a degree at uni? I see all internships require university enrolment

How do you make money with cybersecurity?

If you can afford university, I highly suggest it.

Also having a degree just in general helps

Degree + THM + projects + meaningful internships = 👌

You get a degree to learn and apply computer science concepts, you do THM on the side to grow your practical skills, you do projects to build and enhance those skills. Finally, meaningful internships give you a glimpse of enterprise IT and how it works

Yes, you can skip having a degree but like AceS said, it generally helps as its value lies in getting in internships, networking with similar peers, joining support groups re: IT, university job fairs, etc.

A degree is more than a piece of paper I would say

🤔 I see… so in this field it’s highly regarded and useful unlike other fields…

I wouldn’t say that. They all have their ups and downs.

Sure. Are you employed?

Do you recommend a bachelor or associate degree?

Yes and I don’t know the difference between the two. I do have a bachelor’s though.

Associate is 2 years usually Bach is 3 ft

Ok so you’ve definitely studied this shit at uni . Thanks MK

Actually no

I did learn the necessary foundational knowledge for security

My Cisco classes were fun

Guessing from this that you're US based. Worth noting that the industry differs hugely in different countries

Have a look at what job postings in your rough area are looking for. Even if you're not ready to apply yet, it gives you a good idea of what employers are looking for. A degree is usually a bonus to get through the HR barrier though, yes

I’m in Australia actually, ok that makes sense so you’d go for the competía sec+ qualification? Is that like a global qualification..?

https://tenor.com/view/the-simpsons-mr-burns-muahahaha-evil-laugh-gif-4482837

I’m confused so what’s your job now then ? I want to be a hacker

Okay so I have a question, I can’t really afford uni, but I can afford community college!!! If I get a applied science degree (which has an ethical hacking class, java, C++ class etc) which also offers a hardware/software support certificate on the way to the degree, will I be okay ???

it also comes with a network support certificate, so I’ll be sittin on like 5 various IT certifs and 1 degree, but like will I be okay ?

hello, I intend moving to Ausie with cyber security skills, although i have a Bsc in Microbilogy. Is it possible to go to Ausie as aforeigner with online certificatiobs in cyber security and what's the chances of getting a job offer for sponsorship from here?

It is, although again, I'd caveat that by saying check local job postings to see what recruiters are actually wanting to see.

Also, paging @tribal flicker

Mmm Im not a migration agent tbh and never dealt with visas myself but I dated a girl who was very smart and like studied some subjects at uni and then she said she learned by herself too, she got sponsored and is permanent resident now. She did back end development I think….
I’ve a friend who’s a visa agent if you want to ask him stuff …

I imagine you’d have a ton of competition as unis here are buzzing with IT students from overseas and domestic but maybe again not an expert in this

I hear people say they first move here and then change their visa/ aim for a sponsorship as you’re already here etc… I think that’s very reasonable

bumping thissss

hey guys

what cyber certs are best for red team?

I asked my friend who's been in cyber for a long time who has CISSP about OSCP and CCNA, he didn't recommend either and he also said he's never heard of OSCP which surprised me given his experience in the field. He told me CISSP is the attention grabber which seems to be the case from everything I read online, but surely there has to be some well known pentest certs right? ik comptia has pentest+ but idk if any of those are "prestigious" enough to get me anywhere

OSCP is the baseline standard for pentesting (at least in HR’s perspective) . CPTS from HTB is good, their content has more breadth than OSCP. CRTO from Zero Point Security is good as an introductory red teamer course.

Those are just the entry levels, then you have CRTL which is like the higher tier of Zero Point Security, you also have OSEP from OffSec, HTB doesn’t have one yet.

CISSP is more how to translate cyber to business value

CRTP and CRTE from Altered Security also sounds good

I would seek advice from people who are currently working in IT/Cyber around you or consult a career advisor

That way, you get tailored advice that would help you better

But its also better to do your own research and understand what are pros and cons

based on that, I should do OSCP > CPTS > OSEP?

ik thm has a course for pentest+, does that have a place in any of this?

OSCP or CPTS but I would check your local job market what certs they’re looking for

well I'm not currently in a position to get a job

still in hs, but I'm in my final years and I plan to get one as soon as I start uni so yeahhhh

want that head start :P

In that case, starting on THM paths and CPTS is much more affordable

I've already clocked in at least 100h on thm

It's now taking up 50% of my gaming time

That's not a lot brother 🙂 But it's a good start

And you can look on steam for how much my gaming time is

I started like 3 weeks ago

But yeah you're right

The sleep I'm sacrificing rn ain't enough if I wanna make it

IN that case it's actually a very good start. Just don't burn through your motivation too quickly

insert www.m@lwfxon|ine

Ahh don't worry I'm still addicted to games I've played like 500 hours on, I had to quit counter strike for this

No need to rush. If you're going to start uni, you must be... what? around 18?

Almost 17

Old enough to get ladies where I live

Tho

Brother I am 26 and I started a year ago teaching myself cyber and IT

There is no need to rush

Well I've wanted to do CS since grade 6

And I've had an interest in cyber for a couple years now

I've been doing some shenanigans on roblox that I can't talk about here which really got me into it

And lately I've been taking it seriously

Most of my phases don't last more than 2 weeks

So I'm positively confident

By the time you're my age and you're still passionate, you can be a long way. Make sure that from the beginning, you're laying excellent foundations for going into cyber. Start at the bottom - don't go into hacking and red teaming too quickly. I am more on a tight schedule than you, considering I have some professional boundaries I must overcome that limit how long I have to become good at all this

Yeah lol I'm starting with the beginner paths. I'm halfway through complete beginner and I already went through its two prerequisite paths, one is pre security and I forgot which the other one is called

Also finished fowsniff

And for god's sake don't script kiddie your local government

I'm being really careful with this because I know how complex even the fundamental tools are

Nmap has got my head spinning lol

If I mess up my fundanentals I'm cooked

I'll cyeck out CPTS then, is it worth getting OSCP if I have CPTS? A concern of mine is if my employer doesn't recognise certain certificates

Since I don't have any specific positions in mind

Instead of going straight to tools you don't understand, it's better to go for the fundamentals of IT and networking first

Then you'll understand Nmap and how it works

Can you afford $2500 on OSCP 😄

Yeah OSI model right? I understand how nmap works lol, it sends tcp/udp packets to a machine's ports and based on the response it determines whether or not a port is open, closed or firewalled.

Honestly I'd just start with the TryHackMe paths before jumping straight into certifications

There's plenty of free resources to get you started

My problem with nmap is the configuration, it's hard to remember when/how to stealth, adjust speed etc

Look man, I get you're enthousiastic about this, but you're coming across as impulsive. I was like that too at 17 (still am almost 10 years later lol), but you gotta make a smart plan about this

You're being rash

Hmmm

If you're enrolling in Uni, speak with a counsellor when you're there and plan your steps out

You don't wanna burn out at that age too

Does the fact that I spent hours making friends with roblox kids and hanging out on friendly forums for the past 2 years change anything?

Maybe by the time you're in uni, or halfway through, OSCP will be old news. Fuck, maybe even CPTS will be old news

No

Excellent point. Thing is, I'm kinda ahead in school and cybersec has been one of the few things that has grabbed my interest like this. I'm legit more invested in this than I was at counter strike

Your interest and enthousiasm is admirable and honestly I wish I were as passionate about my life at 17 as you are right now.
But you have a long, long and difficult road ahead of you if you want to get serious into offensive ops... you need to be ready for it. And that is besides growing up, uni life and adult responsibilities

I kinda want something to do during school that helps with my career but isn't school itself

Volunteer work is cool. Like you can go and help seniors with their computer problems. That will most certainly help you in your career later on because that's what you'll be doing in work as well

I.e. explaining how word works to executives

Yeah but I don't get paid for that nor does it help with my resume beyond a "nice innocent kid" gimmick.

That depends on how you frame it my man

I've been taking technixal evasive measures against my parents for years at this point

I became a neighbourhood conflict mediator to work on my communication and conflict resolution skills. That's something I can put on a resume

CS has always been my passion

Has been since grade 6

I knew I wanted to do it in the future and for the past 6 or so years it hasn't changed at all

First I wanted to do game dev but I never really got into game dev despite my efforts

Cyber came naturally to me

For the past 6 years you haven't been confronted with the reality of learning such a complex technical vocation as Cyber

I messed with trojans and phishing if that counts :p

Young me wasn't the nicest guy

Met a few guys on a chatroom and we tried to do dumb shit, didn't get far

I get that you think you're prepared and ready for this, but this is not messing around with some wanky or dodgy shit for fun and games. This is prolonged dedication to a far-away goal that is complicated, doesn't break down in small steps too well and honestly, you might fail.

That's a different kind of motivation right there

And not something you likely have had to endure

If your profile pic is anything to go by, anyway

I believe that at this point nothing I say is gonna concince you, and nothing you say is gonna change me. Thanks for recommending CPTS to me and reminding me to stick with the fundamentals which I assure you is what I'm trying to do right now. If I fail, burnout or otherwise get screwed over then it's my life and you can be happy knowing you did everything you could to warn me, and I'm grateful that you are acting out of your best intentions.

Pfp is satire btw

See the middle finger and the sunglasses? That makes it funny, which contrasts with the edgy teen "scary" aesthetic

A nice little "F- you" to the skids who get featured on r/masterhacker, seen too many of those irl

Hey man I am all for your dedication and I wish you all the best. All I wanted to say is to be careful, be smart about this and do this right. You're in a perfect position to do this right: uni, likely pretty smart, young. All the ingredients for something great. Just don't implode

Thanks bro. I get you're trying to look out for me and I truly appreciate it, don't get me wrong. I'm just ready to accept the risks at this point, I've pushed myself too far in the past and I've learned my lesson which is why I'm confident this time. Starting small, my goal is to hit top 100k before school starts and hopefully top 1000 by the time I'm done with thm

Gonna do stuff like htb somewhere along the middle, I have a few CTFs that I'm looking into. Mum said she'd take me to defcon next year (dunno if she'd hold up that promise tho), but if she doesn't it's okay because I have a friend who said he'd be really interested in seeing my reaction to vegas (I'm "sheltered" apparently, whatever that means)

Make sure to always take notes while you're learning

Oops. Noted. Now would be a good time to finally start using Obsidian which has been gathering dust on my desktop actually

i wouldn't quite put it that way. CISSP is the management cert that links business needs with security needs.

The reason it has a high market "value" is because CISSP tends to be the thing that translate security needs into risk assessment

Ayo anyone else on the struggle bus trying to get a job recently? I'm 200 applications in and 5 interviews with no offer, I'm starting to lose it

Are there any types of default questions in an job interview?

Depending on the job, if you get past the recruiter you might get technical questions

Gotcha, you translated what was in my head more clearly

When I was job hunting, a common theme when I was doing technical interview was “what do you do to elevate your skills outside of work?”

Oh thats an easy one ^^ . Thx 👍 . If there are more, glad to hear/read.

Gave +1 Rep to @dense dagger (current: #22 - 386)

you can also look up behavioral questions

new zojja profile pic dropped

yup, played with a few new ones yesterday

is it better to do ejpt before oscp (or any other practice) or should I just get started with TJnull and see how far I go

just go with TJ nulls list, I wouldn't bother with ejpt

Thank you as well. Will do it

Gave +1 Rep to @pseudo creek (current: #15 - 507)

If you really wanna be prepared, do CPTS tbh

Hi guys. I got the contact credentials of my potential manager. Would it be intrusive to ask him if there is anything I can do to prepare for the practical day and the interview?

Yes, that’s weird

Hi everyone,
I need advice on looking for jobs.

I've just recently graduated from a bachelor's degree in cyber security.

And I'm really confused about what kind of job roles are suitable for me.
I wanted to be a pentester in future
So what kind of job roles should I go for
knowing that I've got a degree and some technical knowledge but no experience in the real world projects.

🌟 Hey everyone!
We’d love to hear from those of you who have participated in Cyber Tabletop Exercises!
We’re conducting a quick survey to gather your thoughts and experiences, which will help us improve our product.
Your feedback is super valuable to us, and all responses will be anonymous.

⏰ If you have about 5-7 minutes to spare, please check it out!

HERE IS THE SURVEY > https://docs.google.com/forms/d/e/1FAIpQLSfdNjEdM8FXWAt4AbervSkX6Ad3qwE43ylkOwIaJtozaHtvhg/viewform

Thanks for your help! 🙌

You should only contact a potential employer through the official communication channels they provided prior to the interview, or if a specific person has given you their contact information as an official duty as part of the hiring process. If they haven't requested you to make any particular preparations, just expect the standard interview style questions and tech test assessments.

It was givin during the application process till now.Thank you.

Was a kind of a weird question but i've had never worked in IT before so i want to ensure doin things the right way 🤝

Congratulations on your recent graduation. A lot of college programs do have graduate job programs, and also a lot of orgs do hire graduates through their own programs. A lot of them are on LinkedIn and other recruitment boards, etc. Most people starting out with a job after graduation will start at the bottom rung; generally IT/QA/networks/programming/SOC and gradually build up skills towards a more challenging, engaging and rewarding role.

Lots of people want to be pentesters, it's a highly competitive field and generally you would be expected to have quite a bit of experience, and/or qualifications or awards for achievements, such as certifications, ranking in CTFs, completion/participation in bug bounty programs through, for instance HackerOne or Bugcrowd. It also helps to write a blog/produce videos about your experiences (always in compliance with the rules of the provider regarding exams/courses/ctfs and sharing info).

If you have an email address to communicate with them, it might be the most acceptible way to get in touch. A quick 'is there anything you would like me to prepare for the upcoming aassessment?', or something to that effect might help, and do it early during normal working hours

That's the only question i had. I'm honestly interested in and thought a simply "hey is there anything i can do for prep?" were the only question.

Guys I am looking for openings in cybersecurity as fresher due to no work experience except project and hackathons do any one has lead about potential openings?

Well it certainly might show initiative and that you're genuinely interested

It would depend on your qualifications and experience. Have you worked in IT before? Have you any qualifications/degree? Have you certifications? completed projects in Linux/Windows/networking/programming? Participated in CTF competitions? Have you a blog/github/linkedin? Have you done bug bounties like with HackerOne/Bugcrowd? Have you a version of your cv/resume? If you like, you can anonymise it and post a screenshot of it here for others to view it. You'll need to verify your account to do so.

Hello! I just recently passed my comptia net and sec + certs and was wondering if anyone had any good resources to help for finding an entry level IT role such as resume templates, job sites, or overall advice? Thanks!

Yeah sure I would do that

You can #start-here if you haven't already signed up to Try Hack Me

Hey guys, I work in a SQL database, manage servers for the application and do application support but quite frankly the pay is dogshit. I have a+ and A-Z900 certs and I’m working on my sec+ and pentest+ certs I know a lot but I’m scared to take the sec+ just yet😅 any advice on how I can break out of this boring low paying job, been doing it a year now and it’s time to move on.

Definitely get your Sec+, read and understand everything in the Network+ too. There's a Pentest+ path on THM that might help you. Just read and take notes for each test. Also, check the roles you're interested in, and see what skills/certs you need or they require/request

I’m currently enrolled in the Pentest+ path it’s more acronyms and vocab I’m having trouble remembering since I havnt used those concepts in labs, a lot of it has been roles like “SME” “SO” not those specifically but it’s new material from the 701

Took some practice tests for the new test and bombed it basically to to vocab🤦🏻‍♂️

I’d like to be a cloud security engineer and penetration tester which is why I got the cloud certs

Any tips on studying the new material for 701 without all the rest? That would probably help a lot I just need the new info bc the practice test was asking me things I had never even heard of and I’ve been doing this almost 3 years

Maybe a better question for this section would be what would be a good next step to shoot for as a job considering I have a year of experience and 2 certifications a+ and a-z900

You need to just learn the theory, take good notes, embrace it. CompTIA tests are mostly about the base knowledge of a topic. Cybersecurity has a lot of technology and terminology you're not going to hear discussed in other tech roles unless specifically working with that technology in those contexts. Security engineers are highly sought after, but they also need to be well-trained in IT technologies and have some level of expertise.

Penetration testing is considered an advanced role in cybersecurity, it's highly competitive and you need to demonstrate a broad range of understanding of many concepts, such as Linux/Windows administration, networking skills, some scripting/coding knowledge/skill (bash/powershell/Python, etc.).

You might benefit from reading the Tribe of Hackers books (usually about $15 each on Amazon). They're sets of interviews with experts in various roles in the field. Also you should read these two blog entries. Very informative for people considering becoming a pentester

https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

Thank you! And if that’s the case I should just go take it, I keep being told by some of my superiors/mentors at work to go take it and that practice test I took was probably a lot of the new material considering I’ve done well on labs and other pretests I’ve taken. I work at Johnson and Johnson and I’ve created tools with python for my team and do the windows server reboots and upgrades. Done some networking to get our application working remotely, and I’ve completed a few paths on THM might as well just post my resume😂 sudocod3r.github.io

Well if you need advice on your resume, consider posting a PII-redacted screenshot of it here. People are unlikely to go to your personal site or download a file to view your resume. Keep practicing, take your time. It's not a sprint, it's a marathon. Get the understanding right and the answers will come

It’s hosted on GitHub I’m not worried about it go follow me on LinkedIn 🤙😂 I don’t answer emails from randoms and will block you so don’t do that otherwise check me out brah🤙😎

If you wanna give me pointers tho it’s above 👆

sudocod3r.github.io

And here👆

I kinda wanna put a background on it but I don’t wanna do anything that’s gonna make it hard to read, I did it this way so colorblind people can read it easily

I'm really grateful for your response.

I know it takes time to become a pentester, but I had to choose a path. I don't know what the future holds for me, but I need to start somewhere.
Besides, the reason it's getting stressful is because I'm an international student living in London and I've got 2 year windows to land a job and get sponsored by a company, otherwise I won't have a choice but to give up. I know not everything is meant for everyone but I would like to try till the last bit, since I came this far.

But I need to use the time I have at the right place.

So any heads up or important factor to look for when searching for the right job role at the right place would be really helpful.

Hi guys.
I want to make a startup project in cyber security field.
I need a person have enough knowledge about hacking and security.
I waiting for your messages.
Regards and Thanks

More information please.
RT? BT? PT?
One person, a few ppl?
Where are you based? Where the ppl should based?
How old are you if i may ask?
Are there other ppl involved?
Which expertise you have? Resume?

I have a quick question for some cyber stuff if there's a mid to higher level person in cybersec willing to give me a few minutes. Want to make sure I'm not forgetting something on a personal project.

If i'm looking at entry points for a host I want to check for:
Ports
Services
Versions
netbios
ldap
NTP
DNS
After I'm in I want to check
user info
system info
network info

Am I forgetting anything simple (for a junior)?

I'm trying to take a step back and look at the "flow" if you will

check ports
check services
etc
once I'm in
whoami
uname -a
systeminfo
etc

I'd really appreciate if you expand on the "a lot more to it" part

or at least point me in the direction of what I can study

yes

please do

Go onto LinkedIn and other recruitment sites. Look at the roles available and the skills/qualifications they're asking for. Go and get those. Also, don't ignore opportunities that aren't the exact job you want. Most people looking to be pentesters will spend years learning other skills and practicing in other roles. Tech support and other starter roles all cound towards your goals

Tech support is a great place to start, get some experience and certs and start trying to move up

im in my second year of working in IT, it does take time but stick with it and itll pay off

for a private network, like most networks of companies are, how will someone even start with network discovery process?

other than phishing

threat actors dont have that luxury tho how do they get in

is there no way in, other than phishing or stealing credentials or social engineering

that would put persistence at top priority right

how do learn more about the defense techniques that can be put in place for offensive techniques. if u can point me in the right direction

ty cyberwizard

I have a question:
In a windows batch file I can run
> file.txt (
cmd 1
cmd 2
etc
)
to throw the output of a bunch of commands into a textfile that I can parse later. IIs there an easy way to do this in bash?

using the same syntax doesn't work

I don't want to have to keep appending the same file

I'm pretty sure that's slower no?

in batch as far as I'm aware my implementation just keeps writing to the file, it's not multiple appends, is it?

lol I'm trying to figure out how I can optimize this for bash since I did it in batch

If you want something fast, don't use a high level scripting language 😆

shhhhhh baby steps

oh whoops, in the other discord I was in the right channel. My bad

Realistically speaking, on a modern machine you're not going to notice the multiple file handles.

If you're worried though, do something like append to a variable then write the variable to the file once 🤷‍♂️

Either way, if you want it optimized, use C. Maybe C++ or Rust if you wanna be fancy

this might be a stupid question but what's the max size of a variable in bash?

Heck if I know. I do the sensible thing and just append to the damn file

Yeah it looks like that's the solution here then rewrite this in C / C++ when I'm better.

I don't need it but I'm trying to make sure I'm in the mindset of trying to optimize things. You only ever have to learn an optimization once no?

never know what's useful later.

https://stackoverflow.com/questions/1078031/what-is-the-maximum-size-of-a-linux-environment-variable-value/1078125#1078125 I found an interesting post on shell variable sizes

TL;DR: there is no limit to individual variable sizes... But the OS will throw a fit if your process takes up too much RAM

Yeah, again, optimising bash isn't going to do a whole lot of good.

If you want extreme performance, learn to optimise C and/or ASM.

okay

But the vast majority of tasks you'll do on modern machines just don't need to be optimised.

okay

Don't get me wrong, it's good to know how to shave a few nanoseconds off your execution time, but for the majority of your daily scripting tasks it's unlikely to make a difference

yeah I get that

Optimzing run times and file sizes sounds like it could be useful later

Gave +1 Rep to @thick dirge (current: #117 - 60)

Hey guys, i just saw that the Comptia Academy Store has discounted price for students.

can i apply 30% discount of google cybersecurity course on an academy security+ voucher

thats a question for comptia

pipes and redirects.

yeah I'm just appending

it's bash anyways; i'll rewrite in C at some point

bash is fine for I/O, you wont' gain much in the way of performance by using C or C++. Think about what the bounding factor is.

I'll look more into bounding factors

it's not necessarily a bounding function in the same sense as big-O notation is. Benchmark the slowest part of the operation, then try to optimize. If you are doing a lot of disk I/O and you move to CPP for performance, you won't be gaining very much. CPP is great for optimizing CPU workloads but I don't think you've thought through the time-cost of of memory vs disk

I haven't it'll be something for real consideration later. I want to finish the basic projects I have on my plate first. It's more of a "later when I have more experience, come back and do this better" type of thing

most hash tables are implemented as a sparse matrix, it's almost never implemented as the full n^n size

depends on how the kernel schedules disk writes. It's not predictable

hmm okay

have you studied computer organization yet? it would be a good idea to understand this process in better detail

some, I don't remember a lot of it. I should probably refresh myself on that

It was briefly talked about in my degree

do you have a good resource / book I should read first?

Patterson&Hennesy is a good textbook on the subject.

Is this also for exam vouchers?

You should query this with CompTIA, but there'll usually be a voucher option at checkout

basically you can get exam voucher for a discounted price type on google "Comptia Academic Store" then click on vouchers

I think academic security+ voucher is for 262

thanks :D

Gave +1 Rep to @rugged delta (current: #20 - 404)

If you've done the Google cert, you should still be considering other resources for study for the Security+, as I don't believe it's a very thorough resource. I completed every part of it 100% for fun last year over approximately 16.5 hours between parties during Xmas week

Actually I haven't started it yet I'm just gathering information and plan the effective way while saving money

I'm planning on using tryhackme for 2-3 months and once I'm able to do CTFs without any difficulty I will either get the cybersecurity google certificate or just study for the security+

Well I would honestly try to complete it during the free week and then make sure you cancel the subscription. Professor Messer provides free training videos, and there's a lot of excellent study guides and other resources for a reasonable price too

I wish, I heard that people who finish it under a week would still have to pay the monthly subscribtion

Well THM is a great resource for starting out, and training/learning in cybersecurity is an ongoing thing. You really never stop learning

which is 50$ I dont mind paying it if it will take 30% the security+ but I'm just looking if I can save more money as I'm in uni

No, you just cancel the subscription before the week is out. The button is hidden in your account settings. People you're hearing things from clearly haven't gone looking

:D yeah

really? have you done it in under a week?

and you got the certificate?

You're basically paying $50 a month for the Google course to get $50 off

yeah true 😂

Yeah I did it under a week and have the certificate. Granted, I've been in cybersecurity a long time, and if the information is new to you, it might take you significantly longer. I believe it would be more beneficial to put your time and money towards the free Professor Messer course and getting the study guide from your favourite bookshop

and btw thank you for the advices

true, I guess I will do that, I saw that professer messer has 15hrs worth of videos for security+

syo700

if everyday I watch an hour or 2 with taking notes and getting the study guide I think it would be a good plan

I've also never seen a company hiring someone for a cybersecurity position based on the Google certificate, even Google. Those courses are intended as an introduction to a field that requires some level of expertise. Acquiring the Security+, Network+, understanding Linux and Windows administration will be a good foundation for entering the cybersecurity field

Yeah definitely having a plan and sticking to it, being consistent will help you a lot

yeah I agree

thanks so much :D

Gave +1 Rep to @rugged delta (current: #20 - 405)

If you have any questions along the way, don't be afraid to ask here or in other channels. There's always people who are willing to give you a nudge in any topic. Also, there's tonnes of walkthroughs and challenges on THM. If you like, you can verify your account to show off your achievements

will do, appreciate it so much

@rugged delta just 1 question, the full name in the tryhackme its not public right?

No, your full name is only used for certificates of completion when you complete various challenges. Your personal info isn't shared with anyone

👍 thanks :D

Hey guys, i want to ask. What is the best way to start with TryHackMe? The best path to start learning or whatever, some tips?

You can do the paths, however there is subscription content, (which you can skip) or buy a sub. However, 63% of the content is free.

Depends on what im the most interested in right.

Okay thank you. Have a great rest of the day 🙂

You too! 😄

I'm half way through the Google cert now. It gives a very barebones overview which imo won't be enough to get you noticed by hiring managers and likely won't be enough to pass the sec+. What I'm doing is working through a module, then taking breaks to work through THM related material or labs. For example right now I'm working through the Bandit lab on OverTheWire, and actually putting the theory from the Google course into practice is making the knowledge stick really well

I was also sent this link by a friend of a friend who works in a blue team. It's an article by her boss, who is a hiring manager and director

https://utopianknight.com/employment/starting-out/

Thanks a ton for the detailed information, this will really help ❤️ my plan is to get some hands on experience with the labs and go through some of the learning paths until I’m somewhat comfortable, then study for the security+ exam using professor messer videos and the study guides :) i still haven’t started uni yet so Im gonna be having more time to put into it

Gave +1 Rep to @oak jasper (current: #2172 - 1)

Hey guys, I am looking to do some collaborative projects, I don't have any project idea yet, but if someone is looking to collaborate, DM me!

I have just read the article its very interesting

When yall are working, doing your own thing can yall listen to music at work?

Or is it seen as unprofessional

There are workplaces that do allow music, it might be on a speaker, might be with headphones, might be on late shifts. It really depends on the workplace

I always listened to music when I was working, helped me focus (headphone ofc)

My director would blast techno music from his office when he was closing in on deadlines. Headphones here, but that's only cuz my partner has her daily zoom meetings.

I don't care for music much but I'm on the phone for a good portion of the day

One of the reasons I'm studying cybersecurity is my graduation project for college, Well due to some complications the team I joined during my 3rd year got poofed so now I gotta find a new team and a new team means they'll have a different project... The disbanded team was going to make a network infrastructure and have me pentest it, For the new team I'm thinking of joining ones that are making a game (I'll need reverse engineering for games I think) or would you guys recommend something different like a web app team or mobile or what would you recommend? Edit: forgot to mention project time limit is a year, So recommend based on that time limit please

I don't think it should be a concern so long as you are not affecting or bothering others (e.g., using headphones). I sometimes listen to music myself if I'm doing stuff that doesn't really require too much focus.

Any office job that doesn't allow you to put your headphones in and crack on with your work is a massive red flag for me

Some companies do not tolerate it. It depends on the company. Especially as it could also suggest that you have no real interest in the work.

Sometimes people use their headphones to shut out the rest of the office so they can get on with work in isolation. Solutude can be really hard in an open office

As person who never worked nor applied to any cybersecurity job role. Would you guys say that following SOC Level 1 learning path is a good starting point for person like me? I am asking, because I have no idea what are the entry level job roles/positions/expectation when someone like me would apply.
Thanks 🙏

#general message <--- This is a link to the best order in which to do the Learning Paths, as you would be expected to have good foundational skills in IT, networking and other areas, as well as a background in cybersecurity prior to pursuing a SOC role

There's an intro to cybersecurity and a pre-security pathway

Gotcha! Thanks! However, I have a question. You're saying, correct me if I am wrong, but let's say I finish all those "learning paths" before SOC Level 1. Does it mean, I am ready to do SOC Level 1 path with "an ease" or would you say this person is ready to start applying to some entry position job roles? (Plus, what even are those entry positions? :O)

Gave +1 Rep to @rugged delta (current: #20 - 406)

Sorry in advance, if my questions sound stupid, but I am trying to figure out what the "best" path would be and what are the actual jobs on the market that one can apply to. As I have no idea what I would be able to apply to even when I finish all of those "paths". In programming world I can see ok this is junior Java, then u have mid Java and senior Java, but you know it is Java, with cybersecurity I would have no clue what I can apply to, if that makes sense 😄 I am trying to think outloud

Cybersecurity isn't an 'entry-level' field. You would be expected to have a reasonable knowledge of things like Windows/Linux administration, Active Directory, Networking basics, understand the basics of Python/bash/Powershell and build on those as you go. There's a lot to learn, you'll need to spend a lot of time figuring things out; but it is possible to get a role in a SOC and build on the skills that you learn in THM. You might need to pursue some certifications as you advance, but start slow and get the basics right

Most people enter cybersecurity through IT or programming roles if they're already in that field. They might start with desktop/IT support, sys admin, QA or a programming role and develop their skills as they progress

Thanks! I cannot agree more of what you said here. I think what my confusion is, that even after completing some paths here and gaining some knowledge, I wouldn't know for what role I can actually apply with basic knowledge, because there are so many...

You do need to have a good foundation in the field to understand what kinds of roles might be available and what skills you need to develop. The paths are a good place to start

I see! Thanks a lot for clarifications! Appreciate it

This might be a better example lol

ISO certified gate.™️

Does not pass FedRAMP 😄

Strange thing... it works for more men than you think 😄 .
But right, yea.

💯

Can I re-issue a certificate on THM? I want to change the name on one of them. Please ping me with an answer if you have one, thanks in advance :)

Hello everyone, I’m a high school student currently studying cybersecurity and have a strong interest in this field. I plan to major in a related subject in college. I’m looking to participate in some competitions over the next few months that could benefit my college application, especially those recognized by universities.

So far, I’ve come across the NCL (National Cyber League) and plan to sign up for it. If anyone knows of other competitions available for high school students between now and November, please let me know! I’d really appreciate your help.

Unfortunately, once it is generated, you can no longer change the name on it. Also, this is more suitable to #site-support for future reference.

Alright, thank you.

Gave +1 Rep to @fickle grove (current: #11 - 643)

Would cybersecurity be considered a major? Or is it information security

depends. In the US, cybersecurity is a major in some universities. I haven't seen information security as a major

Thanks

Gave +1 Rep to @pseudo creek (current: #15 - 508)

Guys, should I try to apply for a Security Analyst in the US, Canada or UK? if so, do any of you know the best way to do it?

The job would need to be remote in this case.

I barely have experience, 8 months as an IT Analyst, that's it.

FML, Sec+ is too expensive here, imagine the other ones.

I am just going to need to wait and refine my stuff first then.

That's a broad range of locations, where are you based?

🇧🇷

hey just started in this field
'what do i need to get an enetry level job in this

can anyone accomapny

watched tons of videos already
just wanted to ask here who are alrwady in this field working professionals

Certifications are crucial for cybersecurity roles, try getting the most accessible ones first, such as the ones on TryHackMe. Google and IBM also have relatively accessible paid specializations/courses on Coursera with certificates.

It's more than "I need a remote position." A lot of Cyber positions require you to be in the country you're working remotely. For the US, you'll also need to get a visa afaik

The brazilian passport is the strongest one on the planet, however I don't think that you have to have to be in the country to work remotely.

certifictions are expensive as of now considering my potential
also tried tryhack me///doing it

That's what I said, some are expensive but focus on the accessible ones.

Cyber is a higher risk position, it's often times required

Passport has nothing to do with right to work

fine can you tell me a bit more specifically
which certifications

i'm currently doing , soc1 , soc2 on try hack me

If you're looking to get started, check out #start-here

I thought about trying to apply for a multinational company which is also based on the US/UK, and then try to lateral-move my position to a remote spot in those countries.

However, it's borderline impossible to get a job at a good tech company here, it's incredibly difficult because HR doesn't really know how tech works.

You'd more than likely need to apply to a multinational based in Brazil

Or at least has offices in Brazil

I mean, let's say for instance, I apply for IBM here, you reckon I could move to a remote spot based on the US/UK?

It depends on the requirements

You can't magically make jobs remote and a lot of companies keep sensitive positions within borders of headquarters

Yeah, so the US specifically requires an Authorization Visa, which would come with the work opportunity I guess.

Or at least countries deemed "safe"

You need to be sponsored for a H1B

It's not automatic

Highly educated
It's over.

Pretty much any country you're trying to immigrate to you need to provide some level of value as they put it

Is a bach considered "high education"? I assumed a Master's at least.

It's probably on the State Departments site

Yeah, that's expected, I just need to actually move out of this place, it's so difficult getting a job here it's insane.

Checking it right now.

H1B is a work visa, not immigration afaik

It's going to have different requirements

I'm going for a Bachelor's next year then, I am conflicted between picking Computer Science or Cybersecurity, CS is offered by a mid-to-great level uni here and Cybersecurity is offered by the best private uni in the country.

However, CS is more recognizable worldwide, right?

And would work better for US/UK HRs, right?

Computer Science has a more defined degree

Computer Security degrees can be hit or miss

Yeah, you guys convinced me, my dad told me the same thing.

If anything I really just need it for the comprobation that I know something about computers, right.

Alright, thanks @hallow sparrow

Gave +1 Rep to @hallow sparrow (current: #177 - 38)

Thanks @stoic cave, where's the rep?

Cool down

Zumi rep Google fa me, plx.

5 ish minutes

Gave +1 Rep to @stoic cave (current: #17 - 445)

Guys I'm planning to do comptia sec+. Ik the Google cert provide voucher for the exam. I'm using professor messer for prepping and just needed the voucher from Google cert. Is it possible for me to get the voucher by completing the Google cert within the free week and claim it?
I don't want to go into Google cert as it covers only the surface and that's not enough for exam.

Do you mean the 30% off coupon?

The Google cert will not teach you enough to be able to achieve the Security+. They're basically giving you the equivalent of one month of fees for their course in return for the voucher. You should just buy a study guide and/or do the Professor Messer free course and do the exam. The Google cert is a joke. I completed it 100% in about 16.5 hours during Xmas week, between parties and hangovers. Don't waste your time and don't spend any money on it

I don't know about him but people say that a guy named Dion (I think if you search Dion Security+ that is the person), has a discount + training. Professor messer is free. What people usually do with the google cyber course on coursera is sign up for the free trial, speed run the course and get the discount. The course on coursera is pretty useless overall.

Yeah

Yeah.. I heard the same.. peeps say it's too surface level for sec+. I'm doin professor messer free course and planning to buy a good study guide once I get through. Just wanted to know if I can grab that voucher using the free week on Google cert

So can I get voucher once I complete the course. Even if it's on a free trial ?

thats what people say

Okee

Btw sec+ is valuable to do ryt? Especially for a fresher.

I would say don't get a cert just to get a cert. Look at the job reqs for what you want, and spend as little money as possible to get that

I really enjoyed Professor Messer's video series on the SY0-601.

Sec+ is valuable speaking if you're going to be contracted out for the DoD at least

That's crct... My goal is to get a job in cybersec if possible as a fresher. Ik it's hard. I thought sec + will cover all the fundamentals I need and boosts the chance a bit

Okee

Yeahh

Hi guys, I graduated from university about 3-4 months ago and been working as a soc analyst for about 3 months now. I do enjoy what I am doing and I am learning a lot however I'm currently looking around me trying to decide what I want to specialise in whether its AppSec or Security engineering. I'm just looking for some advice/ thoughts, which is better for the future etc.

https://youtu.be/5vQS7xRFSRQ?si=ugG7D_QZgsNwABIC

Any members with experience taking the CEH practical? I know it's not a good cert, but I am taking it tomorrow and I am still nervous

Any tips from those who have taken it before?

Hi there

Im currently looking for IT job, preferably in network/security remote position. Im not a U.S. citizen , so it is harder to find to these kinds of jobs. Been in the field of IT since 2015, but security from 2019.
Here is my LI profile.

https://www.linkedin.com/in/lukasz-kondracki

I'm not sure why you and others want to get certified through Prof. Messer course etc.. when all the resources are available through TryHackMe?

Not to toot the horn here, yes you’re right TryHackMe has resources that can help you pass Sec+ but Professor Messer’s channel and courses are strictly in line with the syllabus for Sec+

So rather than finding a bunch of resources from wherever, Professor Messer has already compiled those into a Youtube series

Its good to note that while Prof. Messer does have Youtube series, you can use TryHackMe to supplement your learning with practical application

True, but TryHackMe is very thorough and provides all the tools needed within hands on labs and such.

👍

Could anyone with professional experience give me some advice on what kind of job to look for? I am Sec+ certified and currently taking Sans FOR508 and hope to take GCFA in the next month or two. I haven't worked a cybersec job yet. Do I need to try and find work as a tier 1 soc analyst and be open to potentially pretty low pay first to have experience to list on my resume? My understanding is that FOR508 and GCFA is at least intermediate but I'm not sure how much the GCFA cert really helps with getting hired.

are you in the US or other country? what job experience do you have?

and what is your goal, sounds like DFIR?

this page may help if so
https://dfirdiva.com/getting-into-dfir/

Im in the US. I am in the Air National Guard and I’ve really just been doing training for the last year and a half or so. I haven’t had much opportunity for practical experience outside of exercises and labs. My orders terminate in October so I’ll be looking for a full time job. I’m looking towards DFIR because I think thats what my skillset leans towards right now. My biggest priorities right now are short-term earning potential and ideally remote work because I want to get my bachelors and hopefully make a bit of money before I go back to school. Even better if I can keep up the remote work while getting my bachelors.

Thanks for the article

This is actually a really good resource for me. Thank you again. Any idea of what the best thing to focus on for me would be in the next couple months before I start applying for jobs other than GCFA? Whats the best way to showcase what I’ve learned to potential employers if I’m not able to put much on my resume in terms of experience?

Gave +1 Rep to @pseudo creek (current: #15 - 509)

well I'd definitely look over that website. Often people have a blog / github that talks about their projects / things they've done.

and remote work because you live outside a major city?

I will be living about 1hr from boston so I could take a train or something to do in person
I was thinking remote would be ideal if I wanted to try working full time and pursuing my degree at the same time
But I plan on working for around a year regardless before I go back to school so if I end up having to just do in person for now and switch to part time or something later I could do that instead

do you have the GI bill?

Im waiting to hear from my unit when I get back
National guard works a little different from active duty in terms of benefits so I haven’t been able to get any written confirmation that I will have GI bill

Right now I’m working under the assumption that I will get no or very little benefit from GI bill
I’m also hoping to return to Brown university and I’m not sure how much of that tuition they would pay

well companies often have a tuition reiumbursement plan if you didn't so that is something to consider

Okay I'll look into that too

Thank you again

I'll look over the article and try and figure out what I can start implementing soon

Do you mind if I reach out in the future if I have more questions?

well I'm always here 🙂 others are as well, I'll answer what I can

Appreciate it

good luck

I work in cybersecurity. Is there such a thing as a “part-time” cyber job? Something with flexible hours so that I can keep my current primary / day job?

I’m just looking to make a little extra when I have free time. Especially on the weekends and maybe a few week-day evenings.

Do you have any good examples of this by any chance? I've heard this a few times recently and would like to set up my online presence, but good reference is always super useful

It's so easy to word vomit a portfolio that isn't interesting to read, want to avoid that mistake

I have experience with an online portfolio, but that is for Arch Viz - not a lot of words, lots of images with a very small amount of text

a few of my coworkers teach cybersecurity at various universities/colleges. It brings them in a bit extra money and once they get the materials set up, isn't too streneous from what they say

well I think in general, it would be something that possibly shows screenshots/commands and just talks about what you have done. Less words, more show. Also look into local cyber groups, some may be on meetup.com, sometimes there are discords for certain regional areas.

so I think what you did previously is probably exactly where you should focus

Something to consider. Thanks!

Gave +1 Rep to @pseudo creek (current: #15 - 510)

Any pentesters here? What certs do I need to land a Jr Pentesting role?

This could vary, where do you live?

South Africa

what do you recommend for U.S.?

Pentesting is one of the most competitive and challenging roles in the industry. Everyone wants to get paid to be a hacker. There isn't one cert that will land you a role, necessarily. Most junior pentesting roles do insist on having the OffSec OSCP. It's a very challenging training regime and exam, but that's just the beginning.

To get there, you'll need some proficiency with Linux/Windows administration, Active Directory, at least basic networking, pick up some bash/Powershell/Python, understand web servers and other things. Just passing a certification isn't going to keep you in the role. You'll need to be constantly improving your skills as you go, and there are many directions.

There are many many people who want to get paid to be hackers. Ethical hacking/pentesting requires you to learn a lot of very complex things, like many tools, techniques, processes and methodologies to tackle a range of problems. You'll be frequently learning, experimenting, studying and researching challenging things. And you'll be expected to produce reports for your clients. That is the whole point of being allowed to do hacking in an organisation's environment.

You should already have plenty of experience with working in IT, from helpdesk to sysadmin, qa/programmer, etc. You'll need to understand business processes and practices, as well as al the expectations of being a cybersecurity professional.

I'd suggest reading the Tribe of Hackers books, especially the Red Team one, they're usually about $15/20 or so, and also have a read of these articles:
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

If you're still interested, fire away...

Thank you very much for this comprehensive answer. I have been in infosec for a minute, I do have a dev background, from perl and Asterisk, then later moved to php, and currently it's Java/Springboot. I will start with python training as soon as I am done with the Jr Pentesting Path on THM. But how do I know if I am on the right path, how do I know if I am getting better, are there any suggestions on what's a good way to track progress and growth?

Gave +1 Rep to @rugged delta (current: #20 - 408)

Woooooaaah, this article is OP...however, I still want to be like @untold compass, @urban sapphire, @wild meteor ...and the list goes on🔥

Continue to do new challenges, make better notes/take screenshots, partake in CTFs (PicoCTF is good training for this). Make studying a part of your habits by setting aside time every day to get something done. Set goals for yourself that are realistic, like completing 2 new challenges a week, make revision a part of your process. It can take a long time to get up to the level that you're comfortable with things in the field.

You'll get there if you work hard, pursue your goals in the field above anything else. There are a lot of resources and ways to get better, but the most important thing is to get down to work. Work up to doing 1 hour a day, then 2 hours, then work up to 4-6 hours a day when you're planning on pushing yourself to the next stage. For instance, the average person who passes the OSCP will spend about 4-6 hours a day, 5-7 days a week for several months in the run-up to the exam.

You'll face challenges along the way. Don't look for the quick answers. There are a lot of writeups about targets like the boxes on THM and other places, and they are a very good way to learn about how to approach a particular challenge. You might approach harder boxes this way, but your goal with writeups should be to see the methodology for how this challenge is done, and gradually develop your own way of doing things, so you rely less and less on the writeups unless you're really stuck.

Pursuing a career in pentesting is going to be challenging. The key is persistence in putting in the work, studying, doing challenges, taking and organising your notes and applying your learning to new objectives

Thank you very much for the words of encouragement. I truly appreciate it. 🙏

Gave +1 Rep to @rugged delta (current: #20 - 409)

Also, while a lot of organisations will insist that you have or pursue the OSCP when looking for a role in pentesting, it may benefit you to start by pursuing a similar certification like the TCM PNPT, HTB CPTS, Zero-Point CRTO I & II or Altered Security's CRTP/CRTE, among others. These are more reasonably priced certification and study paths that might help you understand better the tools/techniques you'll need to improve as you become a pentester.

While some people will say that you shouldn't be paying for expensive things like certs, you do need some way to demonstrate your abilities. Certs are one way. You might also pursue CTFs or take part in Bug Bounties as a way to test and measure your skill.

There are CTFs taking place all over the world, both online and on location. some are team-based and others can be pursued solo. I mentioned PicoCTF earier. It was created by Carnegie Mellon to make pursuing cybersecurity easier. Like THM, they provide a lot of free resources for you to improve your craft. This came from the way students in the college were encouraged to train and pursue goals like competing at the DEFCON CTF, the peak of the game.

Bug bounties are a way for you to bring your skills, mostly web pentesting, but also others to finding real bugs in live infrastructure for many organisations. A lot of orgs run a bug bounty program through a platform like HackerOne or Bugcrowd and some organisations run their own. Some of these will be public, meaning you can join and perform certain actions against an organisation's infrastructure within the scope they set. There are also private bug bounty programs where you will need to have demonstrated a particular reputation or skillset to participate, and that's how HackerOne and Bugcrowd can provide a standard to assess yourself by

https://www.cmu.edu/news/stories/archives/2024/june/cmus-picoctf-seeks-to-make-cybersecurity-education-more-accessible
https://www.youtube.com/watch?v=6vj96QetfTg&t=218s

At first, I would continue with what you're doing on THM, as you're still only starting out and there are a lot of directions you can take your own studies and pursuits. It's a long road, but take it step by step

And if you want to hear more about where CTFs can take you, check out Episode 43 of Darknet Diaries
Here: https://darknetdiaries.com/episode/43/
or here: https://www.youtube.com/watch?v=del-c1Pmo-E

Is getting a pentesting role harder then getting a red team role

@so@rugged delta Keep the golden nuggets coming, thank you very much

Gave +1 Rep to @rugged delta (current: #20 - 410)

Red Teaming is in many ways an evolution/progression of pentesting. Pentesters have a number of duties including internal/external pentesting (black-box, grey-box, white box), application/web app pentesting, pre-production testing and others. Red teaming itself can be performed by a team of pentesters and can involve objective-based testing, such as accessing a file store, gaining control of an Active Directory environment, emulating an Advanced Persistent Threat, competing with/testing/supporting blue team/SOC teams in various exercises and tests.

Some or all of these duties are performed by various pentesters. Some organisations have separate teams or specialists for various roles, some have clearly defined red teams. Generally, you would be expected to progress your skillset to be able to perform in many of these positions.

You should read

Professional Red Teaming by Jacob G. Oakley
and
Red Team Development and Operations by Joe Vest and James Tubberville

Ah that makes a lot of sense. Red teaming is a broad term for it

Red team focuses on threat emulation and testing people, processes, and technology of the environment. Pentesting differs by testing vulnerabilities across a tech stack.

You should check out the Tribe of Hackers books, especially the Red Team one. They're a series of interviews with cybersecurity professionals in various roles in the field

In a nut shell, red team focuses on measuring the security operations as a whole while pentesting focuses on validating attack paths.

I’m definitely going to

This is also from Red Team Development & Operations book

I love that book

Also check out Episode 83 of Darknet Diaries, about Marcus J. Carey (author of the Tribe of Hackers books) and Jeff Man (participant in all four of those), and their experiences working at NSA and elsewhere in the industry

https://darknetdiaries.com/episode/83/
or
https://www.youtube.com/watch?v=JemCG7y_2kc

Oo bet

I am a student studying cyber security and digital forensics I'm a bit worries because I'm 23 years old and dont have any IT experience within the field of IT i never worked as IT support any advice on how to start my career after graduation I have 1 more year to graduate

yo

have you had any internships?

I had 3 interviews got to final stage but others got higher scores

Be open to applying to lots of different roles... helpdesk, it support, qa, sysadmin, programming as a junior. Build up your skills in Windows/Linux/Active Directory, bash/Powershell/Python basics will certainly help. The courses for Network+/Security+ and the relevant certifications. Many people learn the skills necessary for SOC, such as those on the THM Learning Paths and progress to certifications like the BTL1 and go from there into other areas of the field

Good book indeed, written by real Red Teamers. 😄

whats it like finding a role in IT after graduation?

i'm in UK

You should be open to applying to any role that appeals to you, and also any roles that can get you onto the ladder. A lot of colleges prvide a graduation program where they assist/facilitate some employers, many organisations have their own graduate programs. You can also pursue helpdesk/it support, sysadmin, qa/programming, maybe even SOC or any role you feel you have something to contribute to.

A lot of organisations are looking for more than just graduate level knowledge. It is worthwhile pursuing extra courses/certifications as you progress. A lot of employers will provide a training budget and/or facilities. Basically be open to any opportunity in the field

Atm I'm doing my junior pentesting path on THM

I do find pentesting interesting but I understand that it can be very competitive to get into

so i'm trying to find somewhere to start

Same here, just started and currently doing the authentication bypass room

I'm in the Burp Suite room

I'm at a bit of a loss of where to take my career, I'm 33 yo, only got into IT industry in 2020 (redundant from another career due to pandemic) so I feel im very late to the career, I'm currently an IT support specialist (2nd - 3rd line work) .

I really want to specialise in something as I can't see there being much in terms of development in my role, I've had 4 different roles since starting out, each time stretching a little bit further. Does anyone have any advice, Cybersecurity interests me a lot and ive sunk a few hours into THM so far and loving it

SOC Level 1 might be interesting for you. 🙂

Thanks - I'll take a look 🙂

33😁i am 36 and totally new in it,but i still hope😁

A good understanding of the systems you'll be responsible to test. Pentesting is not entry level to security, and security isn't entry level to IT.

A candidate for a pentest role absolutely has to have a background that incorporates a knowledge of security, knowledge of at least 1 IT/OT domain, and a strong skill with report writing.

I would be a little more restrictive of red teaming. IMO it's intended to be adversary emulation, mimicking the TTP of identified ATPs.

If "red teaming" doesn't involve ATP emulation, then it's just a pentest engagement with a "sales"-y language of the scope.

Yeah, I'd agree with Juun there. It's more of a heavy specialism than an evolution.
"Red team" is just market speak for adversary emulation or potentially attack path mapping.
Realistically it's just focusing on overall security posture and the risks facing an organisation based on known techniques, as opposed to a pentest which takes a micro view on individual systems and tends to be more by-the-book, as it were.

Unrelated to careers. Please don't advertise without at least making some effort to interact with the community.

My controversial opinion on red teaming: it needs to be done hand-in-hand with the infrastructure and systems owners and maintainers, so that the verification and patching can be properly done instead of ad hoc nonsense with random vendor patches

I don't know that it's controversial, I know people (myself included) that share the same opinion

I should caveat, controversial to actual practitioners

Agreed

The way we approach it is by having a dedicated team acting as liaison between the red team, our blue team, and all other relevant teams. I.e., basically a project manager forcing people to sit down and read the report, then coordinate a strategy. Works quite nicely

Weird question but is possible to do both team like red teaming and blue teaming ?

If I have dedication and discipline

if you work for a small enough company, maybe? but I guess the question is why?

Passion and for me is fun

passion for what? to have multiple jobs in multple domains?

I guess the real question is, what do you like to do or are hoping to do specifically? like a dream job, what would be your duties/responsibilities?

Have knowledge of both

that isn't really answering the question

like what do you want to do?

Be a security engineer

ok security engineer is a catchall job title that can apply to many jobs including those outside blue and red teams

what kind of activities do you want in a job? what type of responsibilities?

Like system architecture

ok now you are sounding like something outside of security entirely...

I dunno what you wanna do, I think once you get a job, you'll have a better understanding of what options are available

Security solutions architect? This is not an easy job entry. 🙂

I know that my long term goal
So this is what I am trying to do
Going to finish my information technology degree next year.
Currently just got basic IT job and will try to move up in 6 to 8 months after that i will try to IT for 1-2 year to gain basic experience. During that i will try to work certification for blue team etc .....
Get SOC job something related to blue team work on that for 2+ year
if is possible during that time i will try to certs like OSCP red teaming certs
Will try to find red team jobs.
My timeline is get 10+ year experience first before apply for security solution architect.

A move into network engineering or system engineering might also be a good foundational step, unless you already have that and want to improve on the security aspect in a SOC.

Hey Tim. So as a QA manager what do you do? I’m curious because I’m pretty sure I read somewhere a QA is a pretty good “entry” level job but in all honesty, I have no idea what there task is especially if it’s a QA job for cybersecurity

Yeah I know this road going to be up side down and I am not going just get job but I really appreciate it for your advice 🫡

In general, a QA position in security mostly likely be positioned as a security analyst position, but can be named very differently. In THM it is related to the quality standard for content and software.

Ah I see

So there different

Gotcha

You can have 10 people with the job title security analyst in 10 companies and their responsibilities will very likely vary greatly. Same for security engineer, it is one of those generic-job-role names that just don't want to go away. 😄

Job responsibilities list for a job is more likely to be indicative than the job title.

I'm a cyber security architect, I don't do red team or blue team related stuff at all but I'll say I was a network security person, then a security engineer (again not red/blue team), then moved into cloud security then moved into cyber security architect.

my cyber security engineering job was basically a cyber solutions architect job

also cyber security engineer is kind of a catch all job title within cyber, it can mean a multitude of things

Ohh nice I see so cyber security engineers do have different role

lol I think I should do some research something

I wouldn't stress too much, I'll say I had no idea that I'd be doing what I do now when I first started. I just found one job, saw other jobs that were interesting, moved to those, saw other jobs that were interesting, moved to those

Thank you

you got this

Thanks 🙏 I recently got job in IT without certs so I am gaining confidence

Gave +1 Rep to @pseudo creek (current: #15 - 512)

lol

It was connection and lot of patience

yes, learn what you can, keep your eyes and ears open

One of my coworkers said something dumb to our CIO. I got to thinking; could that potentially end their cyber career since they have a really bad impression with a CIO? Is cyber like that?

Okay. I know some industries are like that and I was curious if cyber was. I didn't think so but wanted someone else's thoughts. (See: more exp)

it wholly depends on the dumb thing that got said

two incidents- asked to see his badge. CIO said "I don't have to show you shit" or something like that. Day later CIO asked how they were doing, they replied "I'm fine why do you ask?" Tone wasn't the best here to be honest.

If the policy says that badge challenges are acceptable or that badges must be visible, which it more than likely does, the CIO can fuck off. That's putting it nicely.

Even if my friend is in the right, should they be worried?

It's definitely a lot different where I work, but it's bad security if you only enforce the rules some of the time.

the first is actually policy. every place i've seen that required a visible badge to be shown, it's actually a policy failure to not ask to see the badge

I wouldn't think so. Your friend was doing their job to the specification required, in adherence to a standard policy. If there are repercussions, wrongful termination would be a very real concern for the org.

If they're that worried, contact HR with the understanding that HR is there for the business. Keep a record of communications and interactions.

I wouldn't be worried personally, I have done it personally and physically blocked access to things, but again my work environment is a bit different.

Thanks both of you. I'll pass this along.

Guys i am prepping for sec+ . Any souls on the same path DM me for collab study

I mean in an ideal world the CIO wouldn't talk to your friend. But would make ask about it with his manager. The manager would protect their people and probably ask why the CIO wasn't (as a leader and example) wearing their badge.

The 'i am fine why do you ask' may not have been the most brilliant starter line, but jesus if we start firing people over shit like that we'll all have an employee shortage in about 5 minutes

If your friend is not too brilliant socially to begin with, there is training for these kinds of things. Those (at least they did for me) can really help being more... Well... Neurotypical

Thanks
I'll do my best.

Besides, I've been curious about something.
Why would a company take me in with no experience, while there are hundreds of graduates with better grades and experience out there?

I'm not trying to compare myself, I just wanted to understand how things work out there,
Like the perspective of a recruiter, interviewers or a company.
this will help me narrow things down to worry about.

Gave +1 Rep to @rugged delta (current: #19 - 411)

What are the most relevant tools at the moment to learn to become an SOC analyst?

currently looking into learning to use splunk

Splunk and Wireshark comes to mind but more than tools, deductive reasoning, technical competence, and intuition are what you should try to hone instead. Tools will come and go and every company will have different tools, some even proprietary.

Virustotal, any.run

That’s very true, I’ll look to build on these aspects. Thank you, really appreciate the response

Gave +1 Rep to @dense dagger (current: #22 - 390)

should i do software enginnering and study in THM/HTB in parallel of cybersecurity for my undergrad

Well you did ask about graduate programs initially. These are programs that many companies and organisations partake in to assist new graduates getting into the workplace and give the company more input into the graduate's development while allowing the graduate to develop their skills and abilities in an environment that encourages them.

Of course companies will be looking for great applicants, but it's not just your grades that are taken into account. They'll want to interview you to see how you might fit the culture, or how you might operate in the organisation, and the program is developed to give both graduate and employer a better overall view of the mutual benefits. As the program winds down, you'll either be offered a more permanent position, or not, or you might choose to take your experience elsewhere.

Graduate programs are generally managed by the company/organisation itself, because they want greater control and involvement of their teams when picking new recruits. Most of the time, if they're doing a recruitment program, you'll be seeing their enthusiastic side, and get a warm welcome once the intterview stages are over. A lot of the time the interview stage can be a lot easier on new graduates than professional applicants.

Obviously they want the best people they can get, but it's an ongoing evaluation based on your performance, and a good recruiter will make a specific development plan they'll want you to follow. The interview is a chance for both sides to get better acquainted professionally and personally. They'll ask you a lot off questions but will expect you to be receptive, open and inquisitive in your responses and when you have opportunities to ask questions. So don't miss out on a chance to ask about things like company culture, the development path, the expectations and goals, etc...

mind linking those trainings? I'll forward them.

I passed 701 a month or two ago. If you have questions I'll try and answer in this discord.

^

There's a lot of benefits of spending your free time pursuing cybersec while doing your undergrad. You'll get to do a lot of fun things, you're only under your own pressure, as long as you're getting your coursework done and assignments in, relaxing with a hacking challenge can be a real stress buster

noted, so which one should i go for? i was thinking sof. eng. bc it would be rly helpful for things like payload creation and source code auditing

Software engineering has a lot of benefits. You will need to understand secure programming and code analysis. Exploit/malware development is an advanced topic within cybersecurity, but also, malware analysis and reverse engineering can require good programming skills. There are a lot of roles in cybersecurity where understanding coding can be of benefit

I mean you can do anything. If you want to do cybersecurity whilst learning software engineering, you’re right, THM and HTB are good platforms to learn about it. Of course you shouldn’t be limited to them and should also explore other areas.

Suree

Which else website I can use other than try hack me or any YouTube channel?

hack the box in short ( htb)

hey people , could any one tell me how could i land in a internship as iam a litle over beginner

->completed google cyber security professional certificate
->completed a internship at a local company ExcelR on asssesment methodologies and host and network scanning
->completed a job simulation at mastercard as security analyst
->currently working on INE's eJPTv2 cert

extra :

->i also know programming langs: c,c++,java,python

database lang's: SQL

os: Windows,mac OS , Linux (Also Kali linux)

Front end : HTML

-> a internship on Machine learning

I was looking into doing Google Cybersecurity Professional Certificate. Is it worth doing or is it just another certificate issued by Coursera which is not quite worth when landing a job?

I don’t know is depend what type of knowledge you have

I definitely recommend skills for all academy from Cisco

Is free

Okey. Thanks

Gave +1 Rep to @south monolith (current: #661 - 6)

I mean if you trying to get job with only google certificate is not possible

You need home labs
Practice with thm and HTB

Also IT fundamentals

Yeah, I know that. I mean is it good to have on the CV

The Google Cybersecurity Certificate teaches some very basic cybersecurity topics, crams in a little SQL and Python, talks about the ISC2 CISSP (which requires 5 years experience in cybersecurity), and then tries to sell you on a voucher for Security+, which is about the value of 1 month of the Google course fee. I completed the course and got the cert during the free week, after about 16 hours during Christmas week, between hangovers and parties.

You would be better off saving your time and money, and just doing the Security+. I would recommend getting the study guide/practice tests and/or checking out Professor Messer's free resources and going from there. The Google cert won't teach you enough to complete the Security+. If you're brand new to cybersecurity, you can learn a lot more from the free and paid walkthroughs/challenges on THM

So the Google cert's a complete waste of time?

As an absolute beginner going into cybersecurity, it can hint at the kinds of things cybersecurity people do, but it won't prepare you to work in the industry. You can, of course spend the free week doing it, but I wouldn't suggest spending money on it. You can learn much more by continuing here on THM and pursuing industry-recognised qualifications.

When starting out, you should be spending as much time as possible with cheap or free resourcesuntil you're comfortable, but when you feel ready to pursue something like Security+/Network+, etc., then you should definitely use resources intended for those accreditations.

kind of. If you don't know anything it's great, it only teaches the absolute basics, if you have any experience, it's not worth your time.

I started it to help my CV, but a few minutes in I realized it was about as rudementary as it gets, I got my first cyber job a few days later. I had quite a few years of industry experience already at that point.

hello guys i am learning Nmap Post Port Scans
in the task for , Launch the AttackBox if you haven't already. After you ensure you have terminated the VM from Task 2, start the target machine for this task. On the AttackBox, run Nmap with the default scripts -sC against MACHINE_IP. You will notice that there is a service listening on port 53. What is its full version value?

the port is closed 53 , i couldnot find the service , i google it and found the answer is 9.9 5 9 deb8u1

but it is not the right answer

any help here please

Assuming you're doing THM content, #room-help

yes exactly

thank you for support

Gave +1 Rep to @stoic cave (current: #17 - 448)

Hey, I am thinking, what's better for a portfolio website; a .com domain, a .ch domain or a .is domain?

More specifically, this simple aspect would be aimed at the eyes of cybersecurity recruiters/employers.

depends on what your domain name is and if it looks good, and not much else imo
if you're in switzerland or iceland and use those TLDs a lot, or if it plays into your name somehow, then idk probably fine

i use a .dev and have never had a single issue

(note that TLDs that are too foreign and weird may be blocked by some companies, i.e. i wouldn't go and use a .zip *glares are google*)

It's more about their security levels than actually "being there", my country's domain is not well seen.

as in, in a bad light? or?

Yeah, it's seen as just too generic and... let's just say looks like a HTTP, whereas a .ch or .is look like a HTTPS.

care to share? bit curious

It's .br but it would have to encompass a .com a priori.

So, .com.br, kinda sucks.

I have seen other cybersecurity professionals use both .ch and .is for their websites.

yo, if i'm 13 and i wanna get a job in cybersec, where should i start?

By learning how a computer works.

i already know that

Of course you do.

ah one of those ones
i do see use of them elsewhere, like .com.au is common for my aussie clientele, but I'm not sure if it's used often in brazil
I do see it used more often for business domains rather than personal, tho

Yes, that's the case for the most part here too.

However, if I am applying and using the website as a portfolio, then I need to have some details that would catch the attention of an experienced cybersecurity professional. https://en.wikipedia.org/wiki/.ch

country type tlds are pretty safe imo, unless it's something like china or especially russia, which see heavy block rates, and those two countries you picked are pretty neutral on most things and likely fine if i had to guess

you're from Switzerland?

No.

So, yeah, but culturally, I don't know if you know, but the most used ones are those two I mentioned.

.is because Iceland has incredible security services, basically anything tech related is of great quality there, etc.

i don't think there's anything particularly attractive or not attractive about .ch tbh, just normal country code
i actually forgot it was swiss and was like that's not china...right? (no, that's cn)
no hiring manager i know is gonna see a country code email and be like "oh it's switzerland, this guy is amazing!", and HR won't even know what country it is unless it's obvious like US or RU or AU

just what looks good and doesn't come from a heavily sanctioned country like ru

I cannot give the explanation here but .ch is well seen in the hacking community too.

sure, a lot relating to neutrality and privacy laws, but a hiring manager isn't likely to care imo

Yeah, I forgot about the HR process.

So, should I just go for a good ol' .com then?

"oh hey a swiss tld" /forgets three seconds later/

Having a .ru ccTLD is kinda badass though.

not really necessary to use .com specifically but whatever looks good to you with your chosen name
i thought .dev just worked in my case so that's what I used 🤷‍♂️

I would have to be a better dev to go for .dev

.tv makes up a significant portion of tuvalu's GDP

I'm still unsure!

I know LMAO, good for them.

An interesting and underrated one is .py, if you are mostly a Python programmer then that's a genius idea.

That's the TLD for Paraguay.

know your way around linux? and the command line (bash)?

Which coincides with the file names for Python files.

i had no idea that was a tld, lol -- i should snatch one

https://en.wikipedia.org/wiki/.py

It's a ccTLD too.

yea, i'm trying to get eJPT certified

lmao discord flags this as a potentionally dangerous download

LOL maybe because it's has a ".py" in it.

at 13? man, at 13 certifications were far from a priority for me, lol

See?

i'm from Switzerland lol

i was 12 like 1 month ago

I am aware.

There’s really not much here to point out maybe in terms of a technical standpoint. Most technical recruiters (I guess those I know of) wouldn’t even bat an eye at the TLD of someone’s domain (unless they are super fishy e.g. being .exe or .zip)