#cyber-and-careers

If I do isc2 cc exam , is it really mandatory to pay the membership fee. There won't be any trouble if I get the cert and stop paying for membership ryt?

then you won't have the cert if you don't pay the fee, thats kind of how it works and why its not that useful of a cert

Hello everyone I'm currently working as a DevSecOps and I would like to switch in a different career ideally in Digital Forensic and apply in cybercriminality field at the end of my Master degree in CS. I have some knowledge but still a beginner in this topic does anyone got some advice in term or course/activities book, feedback or any others stuff related to that ? Thanks in advance

Yeah understood...thankss

Just got my sec+ certification as I'm trying to ditch being a line cook to become a cloud pentester. I'm studying for Net+ but it's hard on a line cook schedule. Anyone got advice for landing an entry level support job?

Hey can you suggest which certification should I get first?

Check the job postings in your area to see what certs are required by local employers

This seems like the best place to ask this question. Does tryhackme count for (ISC)^2 CPEs? If so how do people normally submit them?

I'd review their CPE list/requirements and if you still have questions ask their support.

Cert question: After Sec+ I'm seeing a bunch of different recommendations on what I should pursue next. Some of the common responses are: CompTIA CySA+, CEH, CISSP, and more.

anyone have thoughts on the "Cert path" I should look into?

Whatever will enhance your job role and you can get work to pay for

Spending your own money on certs is not a great idea unless you have cash to burn

I got the Sec+ myself so I could try and transition to cyber from development

I'm writing about future plans to show interest and growth

Ask to shadow your current security team

See if you can start to build that experience within your org first, before trying to spend your own money on business things

my next cert will certainly be paid for by whatever sec job I get

I'm just trying to have some idea of what I want to pursue without sounding like an idiot

Sec+ was really easy for me, I think I could do a CISSP but I'm not sure how that comes across to people who may not know me.

unless you are in india, EC Council is not a good look

That's CEH?

CISSP is a great one to have, but I think exam is almost $800.

Yeah, CEH is an EC Council cert

I was just reading about how CEH has lost a lot of credibility

I wonder how HackTheBox certs are seen

and CISSP requries 5 years experience in at least 1 primary domain to qualify

I believe if you pass and you don't have the exp you get an "associates"

IE: passed the test, hasn't checked a box yet.

Hi I'm new here...... And new to i.t..
Can anyone recommend learning material for the network plus?

The material I've been given is far too detailed.. And I'm never going to remember 48 hours of videos in a few months.. 5 or 10 hours more memorable for a beginner like me.

Thanks

48 hours of videos in a few months is doable. Watch an hour a day and take notes.

Cybersecurity as an industry is very research heavy, you should get used to studying and taking notes.

Much appreciated...

Yeah don't try and do too much in a given day. That's heavily romanticized but it's something you have to build up to.

So start small. Consistency is key.

I find self studying difficult.. no exercises to practice with, as we would in a classroom.. I think I have to make a plan. Perhaps watch one hour, then spend an hour going over it, before moving on... ? All day watching videos is just impossible..

As I just said: Watch 1 hour of videos and take notes.

Take notes on what the videos talked about like you would in a lecture

If you have the time consider making projects based on what you've learned

Good advice thanks.. I'm going to do exactly that.. 🙂

Gave +1 Rep to @thorny light (current: #2190 - 1)

Oh hey I got my first rep. Nice

Yo

😭😭 lvl isnt synced yet

You can verify again

and boom

it syncs

Hello everybody,

I get my first security job a few months ago and today we noticed somebody is using a bot for Brute Force Attacks using some of my coworkers' accounts.

After a few failed attempts, the accounts are blocked, preventing the people from working.

Does anybody has experience blocking these kind of bots?

How can I stop them?

Thanks.

|| @broken idol can't help with work, right?||

You'll need to speak to somebody in your org, we won't know how their security is set up.

Thank you. I will see who I can talk to.

Gave +1 Rep to @broken idol (current: #1 - 2655)

PFIC 2024

hi , im new here and also my english its not good , sorry for my future mistakes. Somebody from Europe who ist appsec admin, sast-dast-sbom. thanks a lot and have a nice day

Can you please see the respone I wrote.

As much as we'd love to help.

We don't know if;

a) They have the permission to make such changes.
b) Have to research and workout this by themself as part of their jobs/responsibilities..

Yes. Just a suggestion 😅
Sorry 🤕

@hardy socket Please reach out to our admin team, if you wish to post a job.

Oh sure

Much appreciated. 🙏

I sent Fontaene a PM

Iam a job seeker from india, obviously iam a fresher, is there any job opening, please let me know, moreover Iam bad at texting so please apologize for any mustake if any.

is distance/purely online pen testing a thing, freelance/independent work? or is it primarily in house hiring. curious if anyone has any experience on that, and wouldnt mind clarifying. thanks!

I failed the CBBH and I had managed to do a little more than 50% of the exam, I was not up to par and I thought maybe I should move on gradually and I saw the TCM PJWT, would it be interesting for a web pentest / bug bounty certification before the CBBH? Or do you think I can directly do the PWPT?

Else if you have labs from THM / HTB / Other plateforms to be sure to have CBBH without too much difficulty, I take it as well :), to train.

did you go through the CBBH training? Did you do port swigger before?

I think generally port swigger and the CBBH training, plus some practice could be/should be, enough?

Any ideas of what to train for a first internship in the US? Turning 16 in a while.
Want something in IT/Cyber.
Have done Security+, Google Cybersecurity/Data Analytics, PCEP (Python), A few TryHackMe pathways already.

If you are 16 with a Sec+ you are MILES ahead of most people your age. you might want to look into CySA next. Just keep studying and practicing. I would urge you to practice scripting and write some small projects. There's a good book called "Cybersecurity Ops with Bash" that has a lot of good info that will be useful to you in a cyber career.

Looking for simple online challenges to test what I can do in a realistic scenario.
I've got plenty of isolated knowledge, but I need to start tying it together with experience.
Any ideas?

TryHackMe has CTFs

I see~
Thank you!~

Gave +1 Rep to @dense dagger (current: #22 - 392)

How we can implement our programming languages like c++ python into hacking

I did again final exercises of each module ans did some labs on portswigger.

Are the result shown in like a public profile or something
Like you know some leet code programs, where even non-signed in users can visit your public profile and see your achievements

most* CTFs have points allocated to them if that's what you mean

Usually, you'd only see the rooms done by people and that includes non CTF rooms

Yea so like can I see how many ctfs u did and how many points u got in them
Things like that, like for example if someone / usually an employer asks me have you participated in ctfs
So I wanna be able to send them link which they can open and see; the proof

In short I'm looking for things I can showcase on my resume

I have mentioned my certs there
So I was wondering if there's anything besides certs to showcase too, like labs n ctfs
Coz they're usually things like these are private, I can only see mine with my acc

In fact I think my big problem is the enumeration.

In any case, it's the key to everything, but personally, I didn't find the environment I had at all to be at the same level of the courses.

Yeah that definitely helps. You can also start a blog or github repo and start putting CTF writeups there

Don’t bother with any of the tcm courses if you already finished cbbh path. If anything do the Portswigger labs

Hello, can someone who has a career as a Pentester help me? I have a lot of doubts about how to start a career and take the first steps to learn more about the subject as I am very confused.

Thank you!

It would probably be best if you just asked the question you have, first. There are some folks here who do pentesting as part of their job, and it's better to get a variety of opinions and start a discussion than to get a single viewpoint

Right, thank you very much!

Gave +1 Rep to @flat sedge (current: #10 - 773)

My question to Pentesters is, how do I start from scratch to achieve a career as a Pentester?

Pentesting requires a decent understanding of systems to be tested as well a good understanding of risk - the role of a pentester is to test security controls in production without causing unacceptable damage. Acceptable damage is always determined by the system owner.

I would say that pentest is not entry level to security, and security (in general) is not entry level to IT

Without a degree or prior professional experience? Start in an entry role, ie Helpdesk, and then work there for a few years. Then move up off Helpdesk into an admin or analyst role. Then transition into an entry security role, work there for a few years, and then move up the ladder again in security. After that, try to transition yourself into a pentesting role.

This is certainly a great way to go! And yes, I don't have any experience or a diploma or even knowledge of the content, I'm looking to learn more about this area because it's the area I'm determined to work in and also the one I'm most interested in, and at the beginning of the year I intend to look for a diploma that is directed towards this area, could you direct me on all this as well?

this dude Mad Hat on youtube talks about all this stuff in glorious detail. it's how i found tryhack.me and got commited to this site. he speaks highly of tryhack.me for a place to start.

Hi, what is the first entry point for beginners in tryhackme.com site? i mean first initial steps for learning...

Yeah but idk if it's enough for me.

thers a learning pathway tab thats shows you everything and then filters to your interests. basically tho, pre-security

Interesting! What I'd like to know is if tryhackme really has the basics I need to develop my knowledge as a beginner, could you tell me?

well. i'm an educator and switching careers. so, my suggestion is to get a book on self-learning (like the science of self-learning by Peter Hollins). from there you can get all the resources you need to teach yourself anything. entering an education facility would then be something you know if you need to do or not. (for example, you want to become an orthodontist, you need to go to dentistry school). to answer you more directly. you need to use several resources to learn what you desire. tryhack.me is one, and a great one. pulling resources as you explore from other areas will be more obvious to you, once you begin going through all your chosen resources. but to think you will become indiana jones and solve the mystery of the pyramids from reading one book is a lofty assumption to achive your goals. if you catch my drift.

Am i right that I joined firstly the "complete beginners" and "pre-security" for begining?
And also compare the vulnlab.com and tryhackme.com; which of them is more close to realistic practice??

simply put. focus on pre-security. when you are bored explore the tryhack.me site and self-learn. it's okay to end at a wall and look elsewhere. the important thing is to continue and search. but yes, finish pre-security, and watch the accompaning videos and read the writeups when stuck. or ask in here. everyone is very helpful here. ngl.

actually ask in the pre-security-pathway room, not here. i think we aren't suppose to really be talking about this in this channel.

I see! Thank you very much for your help, I will be reading this book soon, I will have more affinity for self-learning and thus be able to better enjoy the study resources offered.

Gave +1 Rep to @dawn wraith (current: #2193 - 1)

#start-here helps

I have 73 badges out of 74

Hello. I work at a business who employs in house Red and Blue teams. I am not in the infosec side of things at all though. It is something I have always wanted to get into but have been busy with life. I have a history in computers as a hobby, mostly on the physical side of things but have also dabbled in programing video games. My main experience is in Windows but I do have a little experience with linux. Where is a good place to start my journey? I plan on going through all the TryHackMe courses. I am wondering if there is a suggested guide to getting certs; which ones are worth it and what order to do them in. Also, is there something I should be doing before TryHackMe? I have seen online suggestions of getting a "help desk" job or something like that first. Any help would be greatly appreciated, and sorry for the novel.

Since you already are in a company that has an in house blue and red team, I would suggest try to do an internal pivot to them. You should definitely solidify your foundational skills (Networking, Linux/Windows, application, etc.) and TryHackMe definitely helps there. Keep in mind that TryHackMe is a way to dip your toes into these concepts and technologies but you should definitely also challenge yourself with doing projects and other things like CTFs to build your skillset and problem solving.

For certifications, there is really no order to do them. I would suggest looking in your local area or peers among your company which are good certifications to take however.

Yea, the plan is to pivot internally. But I fear they wont give me the time of day until I have more knowledge under my belt. I will work on TryHackMe and then do some CTF's though. Thank you.

Yes that will unfortunately be true in some cases but don’t hesitate to reach out to them to know what you should do to be able to make that pivot. I know that HR and other talent development departments would rather retain employees than hire from the outside so they are always open to internal pivots (as long as its possible).

Thanks. I will do that. I appreciate all the advice.

Who is TryHackMe's HTTPS certificate issued by?

you can just view it?

They're asking for room help, (They've posted in multiple channels) but the certificate has changed.

hey guys, I want to prepare for the security +, I have a degree in computer science and cybersecurity. Whats are the best resource to start to study for the security + ?

Professor Messer

damn it seems pretty complete thank you

Gave +1 Rep to @crystal acorn (current: #2194 - 1)

I’m currently studying for the cert as well and I’m watching Prof Messer’s YouTube videos. I plan to purchase his practice tests later

People also recommended Inside Cloud and Security on YouTube

I will take a look thank you

I liked CBT Nuggets. I purchased practice questions from Udemy. If you are light in your networking knowledge you may want to watch videos on YouTube about the basics of networking.

what is your current level on cybersecurity ?

noted !

Professor Messer, Jason Dion practice exams, and read a little bit of Get Certified Get Ahead. With your degree, the certification will basically be a recap of your 4 years. Dion's practice exams are harder than the actual exam as well.

Do you consider a salary range of 65k-155k as a red flag in a job description?

in us ?

yes

I recently graduated with a degree in information systems so I’m pretty new

It depends, it could spread across multiple areas with different costs. It could also be a more open job req where they are looking for people to apply and salary will be based on prior experience.

More experience = higher salary

I could see that. I always figured it was just them trying to catch the largest pool of people without actually paying that much but you're probably right. It's a remote job so they probably thought for low cost of living it's 65k and New york or SAn fran it can be 155 or something

thanks

tryhackme.com is really cool website so far. Looking forward to taking networking security based lessons from this. Never really thought I would of been any good at network security cause I tried a network class a couple years back and failed it cause I was subnetting wrong. I only collected like 3 or 4 badges so far but question. Does anybody feel more comfortable learning on here then going to a college and dealing with all the pressure to learn the fundamental's of cyber security. Cause the schools want you to learn about general education courses that require lots of reading a writing and math. Which if you tell I already have issues with. Maybe I could just become a pen tester and dabble in different software's. I am nervous I might not have a good enough background in computers to go this route.

If you have the opportunity to attend a four year degree, I would do it. You'll receive information at a steady pace and it's goal is to make you a well rounded contributor to society. It also helps salary wise. As far as reading and writing, that's what you do in cybersecurity (this includes pentesting) . A lot of the work is report writing and requires you to be able to put together well written/formatted documentation.

I need to practice more on my reading and writing and report writing? Wow! That sounds exhausting and repititious. But your right I would contribute to society better with a 4 year degree I only have an associates degree and work in construction with some health issues. But im trying to go in some direction at least. Networking is somewhere I figured I could start off at or there's A+ computer repair. Something where I'm sticking to the fundamental's of something towards. I am just neverous about having timelines again and not having everything finished to continue with school. All of my comprehension and placements scores would be terrible right now. Maybe there's some school or some class I can still take that get my mind better inclined for a cognitive thinking.

Hi friends,

I’m 23M in the UK. I completed my Bachelors in Computer Security this year, Security+ and now working on my CCNA. I have 11 months of IT Helpdesk experience, and I just landed an IT Support Engineer position with a focus on networking (will be groomed into a network engineer).

I have been doing CTFs for years now, mainly for fun, with 300+ labs/rooms completed across TryHackMe & HackTheBox alone. I’ve purchased the PJPT & PNPT exams from TCM but haven’t taken them yet because my focus is all over the place, and that’s why I need your help. I’m desperately seeking your advice on what a path could look like to achieve my goals and how I should move forward in my career.

My dream is to one day become a very specialised penetration tester, mainly focused on something super niche like IoT, embedded systems, 4G/5G, wireless etc.

I’m by no means in a rush to get there, and although I feel behind some of my peers that landed a cybersecurity position after graduating, I think the network engineering experience will only help me down the line. What’s important to me is to get there eventually, and be the best that I can be when I do.

What would you suggest I do to best equip myself to not only land a job as a penetration tester, but be a great one when I do? I’m willing to do whatever it takes.

Here are a few paths I have thought about:

1. IT Support Engineer -> CCNA -> Network Engineer -> CREST CPSA -> SOC 1 -> PJPT -> PNPT -> CREST CRT -> Jr. Pentester Job?

2. IT Support Engineer -> CCNA -> Network Engineer -> BTL1 -> SOC 1 -> PJPT -> PNPT -> OSCP -> CREST CRT Equivalence -> Jr. Pentester Job?

TLDR:

1. On the path to become a network engineer, how can I prepare to break into cybersecurity from there and then into pentesting?
2. Should I focus on SOC skills/certs after CCNA?
3. What pentesting certs would you recommend in the UK?
4. Am I on the right path?
5. How can I stop comparing myself to others who are ‘ahead’?

Sorry if this makes no sense, but I’m really lost with no one to go to and in a bit of a panic before starting this new job. Thanks in advance, anything you can add will be greatly appreciated.

It seems you've been working very hard and have developed some unique interests, always a positive when pushing into cybersecurity. Knowledge of IT and networking can carry you a long way, as they are an essential part of cybersecurity knowledge and skills going forward.

Your certification path is certainly interesting and well thought out, and your training so far appears to be in line with a successful career path if you maintain your learning rate. Completing the CCNA as a network engineer is pretty par for the course and could lead you on to the CCNP as well, if that's where you're spending a few years.

BTL1 is gaining recognition as a good cert for junior SOC analysts and a number of regulars on this Discord have had a good experience with it. CREST CPSA is a worthwhile pursuit in demonstrating your abilities and professionalism and there are a number of recognised training orgs in that sphere with a high level of quality learning platforms. An alternative to, or progression from CREST would be the Cyberscheme, in association with the NCSC and UK Cybersecurity Council.

PJPT/PNPT are a good path into pentesting, and offer a reasonable representation of junior-level pentesting, but you would probably be expected to acquire the OffSec OSCP, as that is still the most widely recognised junior pentesting certification. Still, if you hold the CREST/Cyberscheme/TCM certs, you should feel capable of applying to such a role.

As you have set your sites on recognised certifications, and have been building your skills on multiple platforms, you should be in a good position. You could consider doing CTFs (PicoCTF is a good start here), bug bounties (mostly for fun, don't depend on it for reliable income) consider writing a blog, and/or writeups, maintaining a Github account...

As for comparing yourself with others, realise you are on your own journey, as is everyone else. Throw yourself into it, doing the work will inspire your confidence and you'll see results

Hello guys, for someone looking for roles in cloud security, what will be the ideal pathway? Will you also recommend taking Comptia Sec+? Then what will be your view on CCSK cert as well.
Thank you and I will need some guidance. I am currently pursuing my masters in Applied Cybersecurity and Digital Forensics at Illinois Institute of Technology.
I am also in search for Internship opportunities and will appreciate some leads.

Thanks 😊 🫂

To operate successfully in the cloud, in general you should have a good understanding of general Linux/Windows/Network administration & engineering. You should be able to setup and configure Linux and Windows machines and services (on a computer or in a vm) and understand basic networking (Network+ level knowledge). The Security+ is a good entry level cert into all areas of cybersecurity.

As for cloud certs, each of the big three (Google, Azure and AWS), they each have their own certification paths and you should at least follow their beginning engineering certs for the platform(s) you want to work on. While their security certs are reasonably good, you should already have a decent level of knowledge of how their platforms operate and how to use them. Security would be considered an advanced topic, so shouldn't be your first foray into the cloud, but it's definitely something that's not beyond your ability to pursue. There are a lot of free and paid training facilities online and in books, etc.

The CCSK has been gaining some recognition as a good intro to cloud security, and something you might find helpful on your journey. They have a free prep kit you can use to gain good general knowledge in your preparation. It might not be necessary to pursue the full cert if you're pursuing a specific cloud provider's certifications. The main thing you should be doing is gaining hands-on experience with cloud platforms and the big three each have their own free tier offers to help you

My frnd got an internship offer as a Security Analyst at a mid-sized company. It’s unpaid but they’ll cover food, transportation, and medical insurance. The internship lasts a 1 year, and they’ve mentioned there’s a good chance of a full-time job if he performs well and there’s an vacant opening. He's concerned about it coz work hour is full time and has multiple shifts with strict holiday policy even for interns which disturbs the uni placement stuffs. I'm from India

Considering how tough it is to break into cybersecurity as a fresher, do you think this is a good opportunity to take?

It's unpaid, so no.

Hello. My name is Aaron and I'm trying to get into cybersecurity. My background is in music. I was in Warehouse Operations Management for seven years. I have been taking the lessons in TryHackMe. I have been listening to as many podcasts as I can about cybersecurity. I was going to take the Google Certification exam. Does anyone have any advice for someone like me that is entering this field as a newbie? Any advice would be appreciated. This is something that interests me and I'd like to make a career out of this. Thanks in advance!

Welcome to the world of cybersecurity. I would advise developing an understanding of computers, how to install and run Windows/Linux, install/manage general applications like web servers/databases, learn some basic bash/python/powershell, understand the basics of networking. You can learn a lot of these by following THM and supplementing with other resources like books/courses/websites/certifications as you progress, but if you're just starting out, there are a lot of helpful walkthroughs and fun challenges here on THM.

I personally wouldn't worry too much about the Google Cybersecurity Certificate, it's just a certificate of completion and doesn't stand for much in the field. You're better off learning here and pursuing something like the CompTIA Network+ and Security+. Even following Professor Messer's free courses would go a long way to developing your knowledge, even if you don't pursue those certs at present

Thank you for your helpful insight! I truly appreciate it!

Gave +1 Rep to @rugged delta (current: #19 - 413)

Do remote jobs that require top secret clearance exist? Or is that not a thing?

It's going to depend, so I won't say it's not a thing, but it's pretty much not a thing. TS is a different animal. Hybrid is more likely.

It's possible

hello people, im currently a student completing my Computer Science degree in college and Im very interested in Cybersecurity field. Wanted to ask, should I first focus completing my degree and then do Cybersecurity courses or do them side by side? Also what all courses or material do yall recommend?

It really depends on you and if you can handle the workload. I know people that are in university also pursuing security on the side and I also know people that focus after learning the required stuff in university

If you feel like you can do it at the same time, that’s great. You’ll be able to understand concepts and then see how it is from a security perspective

you might want to redact private information before posting a resume on a public discord server

That all depends on your opsec.

he posted a resume with his full name and location

i guess, if he put up a fake name

Or if he doesn't mind his name and location being public.

That all depends on your opsec.

Hi there, another question from me 😄 do you have any particular course to recommend which prepares to CEH?

I do not recommend the CEH if you are in countries that do not look for CEH. EC-Council has been rumored to rip off course contents from other creators and their certs carry no weight outside of strict requirements from countries like India or government positions in Asia, maybe US too iirc.

Noted, thanks!

Gave +1 Rep to @dense dagger (current: #22 - 396)

more than rumors, a quick google on 'ec council plagiarism and misogyny' will have a pretty accurate reflection of how the company has operated (unapologetically) in the past

@dense dagger what do u recommend me? Dominican Republic

i have no idea what cert go for

I see from your previous posts you are interested in pentesting. So you should be comfortable with a reasonable level of Linux/Windows/Active Directory/Powershell/bash/Python/networking knowledge; such as being able to install and manage web servers/databases, configure Active Directory settings, understand/modify a script, know what routers, switches, firewalls, IDS/IPS are. You'll learn a lot more about them on your journey.

For pentesting certs, consider the OSCP, it's generally recognised as the standard, as it's intended to get you from beginner to junior/intermediate level, and teams/hr/clients frequently request/require it. Other people will go for certs like TCM PNPT, HTB CPTS, as they are cheaper and might be better at conveying knowledge/skills for certain subjects/topics.

While certs might be good for your cv/resume, you really need to be able to demonstrate your skills/knowledge above and beyond, so consider entering CTFs (PicoCTF is a good precursor), doing bug bounties (not a dependable way to earn but good for experience), maintaining a blog, doing writeups, having a github account

thanks so much man!

Gave +1 Rep to @rugged delta (current: #19 - 415)

sorry, i have another question, how can i learn python scripting?

thats the only thing i dont know on the list

Python is a very common language in cybersecurity, programming and IT. There are lots of free and paid resources online. There are rooms in Try Hack Me that teach some Python skills. There's a book called 'Automate The Boring Stuff with Python', free to read on the book's website, or available to buy from the publisher, No Starch or other book retailers. You can go to python.org, learnpython.org and lots of other websites for free or low-cost lessons, tutorials and other learning materials

https://tryhackme.com/r/hacktivities/search?page=1&kind=all&searchText=python
https://automatetheboringstuff.com/
https://nostarch.com/catalog/python
https://www.python.org/
https://www.learnpython.org/

thanks so much again, i love this community <3

Good to have you here, keep up the work

You can have ChatGPT write you code, also. : )

Yeah but you're not learning anything, and it can frequently be poor quality, very basic, or wrong; so you'lll still need to understand the code to be able to correct and modify it. Even the best coding LLMs have an effective rate of about 13-14%, and can actually increase the workload of professional programmers

Of course

But let's face it: AI is very helpful

hi! i have been learning cyber for a year and i have good foundations but Active Directory and Windows Exploitation are too complicated for me currently. Can i ask how have you learned those topics?

Who, me, or mister Subtlets?

anybody 🙂

Everything I have learned has been by myself, I started when I was 15, creating stupid banking programs with C# lol. I study a lot, and practice makes perfect. In this field, you need the motivation and practice. You can learn a LOT in a month.

on what have you practiced?

A lot.

The only way to learn is to jump in. There are plenty of rooms on Windows and Active Directory on THM, including multiple networks, which are labs with networks of target computers to learn the process for AD. You can learn from Windows basics up to expert-level, with lots of walkthroughs and challenges

hi, would anyone be willing to look over my resume? this is my first time writing up a resume and need help

If you would like to remove any personalised information from your resume, you can post a screenshot of it here and people would be happy to review it

i will do that now, ty

its not allowing me to attach photos

☝️ click that link to verify your account, not the first one 😛

if anyone would like to review my resume here it is 🙂

I'll take a look a bit later, but generally the battle with prior service resumes is the translation to things that civilians care about

yea it was hard trying to translate military to civilian on the resume

i did military for 9 years, worked as a cashier/housekeeper before that as a teenager and haven't had other civilian experience

so writing the resume was a little hard for me

Yeah, it's not an issue. Just have to use the right words

i used this resume to apply for jobs and never hear back. so at this point whatever makes it sound or look better

Just visually, imo, the center justified is kinda bleh. If you've got some time, I'd look at putting this into a LaTeX template. AwesomeCV is a popular choice. Its machine readable as well, which is good.

LaTex temp is a website right?

I use Overleaf for LaTeX editing

thinking of going into AI

is that downloadable?

ive never heard of that before

any blue teamers ever miss a TP then realise a few days later and feel like a complete idiot and have to go back to it because it's been eating at you because you knew somethign was off and then discover a really novel exploit that you hadn't encountered before

Website

ah gotcha, and it helped you?

Hi

i actually have a simple question, what after ejpt? my goal is to be a red teamer maybe a bug bounty hunter in the future i dont want a certificate i just want experience and knowledge. thanks

What is your current job?

To be a red teamer it is preferred to have experience in working in a pentesting environment either in a consulting or internal team. It is seldom that these teams hire recent graduates or new to the workforce with little to no IT experience so you’ll also need to gain some IT experience before pivoting to these types of roles.

Knowledge can come in different aspects, whether it be specializing in network/infrastructure, web, mobile, etc. so as long as you’re learning you will be able to piece together different IT domains together.

You can be a bug bounty hunter in the present and it will simultaneously earn you money and skills and experience and a portfolio for a future employment

Do you have any prior professional experience, in any industry? A degree?

Well tbh im too young to work and i have no experience in jobs but i do have some experience in freelancing

Nop im 16, i have a solid base of networking HTML CSS JAVASCRIPT linux Software and Hardware though

So your primary objective is going to be to complete high school, or your educational equivalent.

Attend a four year degree if you can.

Experience means a very specific thing, were you paid? Did you pay taxes on said payments?

yes i got paid , yes i paid taxes

Well thats disappointing

So i dont and take other courses untilli graduate ?

until *

You should focus on school because that's what's important. Do things like TryHackMe on the side, but don't let it take away from a life requirement.

yeah definitely my main goal is to graduate now but i will take courses after school like CPTS

Are you going to college?

Its just a LaTeX editor, so not really sure what you mean. If you're asking if using the AwesomeCV template helped, I think it's a nice template and it's what use personally.

I finish college on September 30 2024. In BA Business Information Systems. Then I start school for Cybersecurity and Information Assurance. I have a lot of experience while I served and my jobs were IT and I was a Cybersecurity Liaison for senior leadership. However I never recieved any Certifications whil I served, which now I'm regretting but trying to get my certs now through school

Yes

Hello everyone
I want to abandon Kali-LInux and set up my own environment with tools on Ubuntu.
Where to start and how to do it correctly.
Maybe there is already a ready-made article on this or a video.
I will be glad for any information.
Sorry if I wrote in the wrong section)

Maybe start with plain Arch or Gentoo if you are crazy😆

this is the careers channel, maybe ask in #infosec-general I'm sure if you google, you will find various videos out there. You can also look at the list of tools on the kali webpage and see if there are any you already know you'd want and build as you go

Thank you, yes, I tried Google, a lot of garbage, that's why I turned to a specialized chat) I'll try to look for it. Thank you.

well download arch , and then install the tools you want , and you can install black arch on top of arch if you want.

Hi! I have Net+, Sec+, CySA+, and working on PenTest+. I currently work in cyber. Does anyone have any recomendations on what Cert I should do after PenTest+?

Honestly, I'm not really sure yet. I'm low level blue team now and think I will stay that way for a while, but eventually I would like to get into pentesting

Same, US East

I sorta work for the goverment now so I was looking at the CEH. Maybe CEH - CPTS - OSCP would be a good track? I understand CEH isn't the best

I can get my work to pay for some of the cost at least

Also thank you for the advice 🙂

Sounds great. I'll do that. Thank you again!

Gave +1 Rep to @hallow sparrow (current: #143 - 50)

Can anyone suggest some research area in cybersecurity

which template do you recommend using on Overleaf?

I use AwesomeCV

this one made me laugh

this one?

Yes, I modified it though to remove the color, image, and other things.

gotcha, thank you 🙂

should i include my profile/summary

Just put a resume together using the template and we'll review it here.

sounds good

One thing you could consider is a bootcamp like https://www.carolinacybercenter.com/. One classmate is working on his Computer Science degree from another country (not US), at the same time. Throughout the program you're learning and preparing for the certifications such as ITF+, NET+ and SEC+, in addition to a section on scripting and Network Defense Essentials. Plus it's at night, so that may help you depending on where you're located. The cert exam vouchers are included, plus there is access to labs where you can practice skills. Could be something to consider. Everyone is treated as an adult with responsibilities and a life, so there is understanding when time conflicts and other issues arise. Just wanted to share in case you haven't considered a bootcamp.

I'm sorry, I realized I sent you a DM without asking permission first. Just wanted to share my thoughts on your post.

largely cyber bootcamps are a scam. You can certainly do Net+, security+ on your own with the amount of free/inexpensive resources

$14k... for network+, security+ and aws cloud practitioner? uhh yeah that is a bit excessive

considering those 3 certs together are what? $800? and aws cloud practitioner doesn't have much value

I get that. I personally like having the accountability of a class as a beginner.

Professor Messer (free on youtube) has various cohorts from what I've seen where you can study with others at the same time

Comptia itself has self paced training classes as well, I'm just going to say thats a lot of money for something that doesn't cost a lot to do

You're not wrong. The scholarship aspect took my costs very low; so that is a plus. Just can't speak for others.

even Comptia has instructor led classes, pricey but still cheaper $2400 for Security+, $2200 for Network+

how much was this scholarship?

I guess, how much are you paying out of pocket?

Less than 2k.

But it also varied because there were multiple things you could get scholarships for...so mine might not be the same as another's - such as location.

well that tells you a lot considering their advertised price vs what they willing to knock it down to. Also it may be because certain states, including NC, offer money to technical training vendors

so you may be paying $2k but they are getting $10k from the state

You likely have more experience with this than I. Just trying to share because I do enjoy it.

Oh that's interesting!

yeah there are state and federal grants for technical training vendors

the entire idea was to offer free or near free training to people to help get them into technical careers

Gotcha! Thanks for sharing. Learned something new.

Is it worth going for ITIL before security+ if going for a Helpdesk role?

Heyyy...I want a lil bit of help I'm a college student and I was thinking of pursuing my career in cyber security soo could anyone help with it like how to start with and stuff and what I need to do (and yeah i have one course of cyber security on udemy but i dont think it will help that much)

nah

how does this look?

i cut down a few bullets to make it a little shorter but not sure how much i should cut out

Make the Skills section two columns, put education and skills under work experience so work experience is emphasized to the reader. If not applying for government jobs you can merge most of the Air Force stuff into one job (you can use your most recent title) or at least one job per location

You have work experience, so put the degree below the experience. Your skills should go side to side, don't use a double column. Your skills are also very vague and not all are technical. Your clearance also isn't a skill, but you can rectify that by going side to side. Cut the experience down the three bullets each, then we'll go from there.

You can break the skills into categories: clearance, certifications, software, technical, programming, etc

this may be stupid but im aiming to be a bug hunter so do i take the pentester path or the bug hunter path? and which one is better ?

Have you done any of the paths?

nope

#start-here then

There's a pin in #general too with a recommended path order

ok

thanks

Largely cyber bootcamps are a scam. Why that? Is their level of educating too low?

At least, that would make sense

I'm guessing its due to how they are priced considering their intended audience and the value it will bring in?

It usually appeals to beginners or those aspirants wanting to shift into cyber security.

Yeah

also another reason is they often focus on certs that aren't that good like CEH. That particular one they linked had CND from EC-Council, which not only is EC-Council horrible but that cert isn't a good cert.

Another thing I've noticed is bootcamp vendors (there are around 2-3 that are prevalent in the US) are buying university names to go with them. So basically they approach universities and say 'let us give you some kickbacks if you lend us your name'. So then they charge $20k for someone to get a handful of not great certs, backed by a university name.

but as some have discovered, it is easier to scam the government than individuals. So they are using government grants to fund themselves

I mean for $20k, you could basically get 3 SANS certs and get a solid name behind them as well as a huge networking org

Hello, my name is Sékou Coly and I am here to learn new things in the field of security.

Yeah

Thanks for explaining @pseudo creek

Gave +1 Rep to @pseudo creek (current: #15 - 516)

Curious to know more about the EC-Council opinion, because I was under the impression that CEH was a good cert to have. Is it the quality of the material or is there something concerning the company? I have heard good things about SANS though.

nah CEH hasn't been regarded favorably in quite a few years. If you are in India, there may be an exception there but even in India it is waning. Ec-Council generally has a bad reputation overall

they have plagarized content, their content is often wrong

Pentest+ is a better alternative to CEH but not by much, OSCP would be a better option and HTB has en emerging cert that is being looked upon favorably called CPTS

but EC-council had a bad reputation before that

(and their CEH documentation did tell women to wear heels and skirts)

Oh lawd.

but for US gov/contractors, they don't look at CEH favorably anymore, Pentest+ is considered better for a multiple choice exam but employers aren't really going to be look at multiple choice exams for pentesters

Gave +1 Rep to @pseudo creek (current: #15 - 517)

Thanks! I appreciate the feedback.

Gave +1 Rep to @hallow sparrow (current: #143 - 51)

PT+ fills the same role as CEH on the new DoD cert schedule, and it's several hundred dollars cheaper. I could not, in good consciousness, recommend any EC-Council cert to anyone outside of India.

For managers that pentesters report to, or for team members that are point of contact for vendor pentest though.... I would say PT+ is a reasonable (but not technical) for inclusion of pentest management into ops

Gave +1 Rep to @flat sedge (current: #10 - 775)

no need to be so formal about it. just giving a heads up

Not sure if this is the right place to post this, but I figured I'd give it a shot. Was laid off today due to budget cuts. Have skills in penetration testing, cybersecurity analysis/engineering, and also software development. This post contains my public resume in case anyone is interested in interviewing me. https://www.linkedin.com/feed/update/urn:li:activity:7234753485060067328/

If you are US based, I just saw a Reddit post earlier today that Raxis is hiring for a pentester but not sure of the rank. You might want to check that out.

Thanks. I'll do a search.

Gave +1 Rep to @fickle grove (current: #11 - 668)

Where does CySA+ stand these days?

Depends on where you are I guess. There are some places where CompTIA isn't very well known.

hello, could i share my CV here to check with u guys if its any good for cyber positions? i used my template previously for 3D related jobs but thats no longer the case, so i wondered if i'll have to redo the whole cv lol

I suppose you could, but make sure to remove PIIs and other information that could be used to identify you.

alright, should be fine i hope 🙂

i did notice the education is moved to previous page, though its just a temporary issue as it sometimes gets weird

Could someone suggest me any courses for Cybersecurity from udemy??

IMO, none

Alot of the courses I've seen is just re-hashed outdate content.

speaking of education, can you land a job based on solely learning from THM and HTB for example? for a junior position without any certs i mean

It's not impossible but it won't be easy.

I mean I wanted to have some certificates for like internship purpose soo that's why i was asking and also where I can learn easily from

Security +

yo guys, how can i learn to develop honeypots?

Thank you for being very transparent

Gave +1 Rep to @pseudo creek (current: #15 - 518)

Look at honeypots in Github

thanks

Hi everyone, I completed my B.Tech CSE in July 2024.
Is PJPT a good to go certification to just get your 1st internship/ 1st Job in pentesting?
This is the cheapest certification I have found for $250.
PJPT is provided by TCM Security and I have not found any job post which is mentioning it.
Though I found 1 job post which mentioned PNPT instead, but again PNPT is expensive i.e for around $500.

I know there are other well known certifications like CEH Practical, ejpt, OSCP etc, but currently they are expensive for me.

https://certifications.tcm-sec.com/pjpt/
https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
Kindly go through the content of the PNPT from above link, and guide me if I can get my 1st internship or job after doing this certification after passing its exam.

Currently to gain knowledge, I have subscribed to Tryhackme membership for around $12 I guess for a month, and I have done
(1) Intro to cyber security from Tryhackme
(2) Pre security from Tryhackme

And I am about to complete Junior Penetration tester from Tryhackme

PJPT is a junior pentesting certification. It is trying to teach you the basics of penetration testing, and the course is fairly high quality. Penetration testing is not considered an entry-level position, and you would generally be expected to have a reasonable amount of IT/Programming work experience in pursuit of such a role.

The course for the PJPT is included in the course for PNPT, so you'll be covering that same content, along with other things you'll be expected to know as a pentester. While the PNPT has been available for a couple of years now, and it does have some recognition, it's not widely recognised, and might not fully prepare you for a role as a pentester.

As pentesting is considered a highly complex role, no certification is really going to be sufficient to cover all the duties of such a thing, but the OffSec OSCP is the most widely recognised and requested cert for junior pentesters, though it's likely not going to be sufficient on its own. You can also benefit by doing things like partaking in CTFs, bug bounties, having a blog/vlog, doing writeups, going to conferences and networking with others. I would recommend reading the Tribe of Hackers books, a set of interviews with experts in various roles in the field, and checking out PicoCTF and the free training provided there, as well as the content on THM

Thank you so much for taking some time for replying.
Should I do this PJPT certification exam for $250 and expect to get 1st internship with the help of it? Or should I save more for a more recognized exam like CEH Practical, Ejpt etc?

Gave +1 Rep to @rugged delta (current: #19 - 417)

I'm not sure if it's different in India (assumption based off B. Tech), but internships are typically reserved for those in higher education. If you've already exited higher education, you should be looking for a full time job.

What type of attack uses Unicode characters in the domain name to imitate the a known domain?

In regards to certifications, you should be looking at what the jobs are requiring. Security+ is the baseline certification for the cybersecurity industry. As subtlety mentioned, pentesting is not an entry level area within the cybersecurity industry.

What's this for?

Seems like they are just reposting from #room-help

Have you tried google my friend

Hello, I am looking for a hacker to take revenge on a group of people who took all my data with a python link please, I have to take revenge, it is mandatory

This is illegal and against our community rules

Good Luck, this discord server will not help you for that, be more aware next time :))

where can i find people to help me

dont try to take revenge, just report what happened to the police

it's useless, let it go

You said it brother

yeah taking revenge is useless too ;)

no

You should use this as a learning opportunity instead of making more mistakes

if they stole ur data it means they are more aware than you... don't try anything

I know but they do this to children and will never stop, for example they ask them to dance in front of the camera.

• it will not change anything, they have ur data anyways so yeah

Discord + Police report

I don't care, I want to calm them down with someone who knows what they're doing.

i mean yeah we could do something, but it's illegal

if u really want to do something, do it yourself...

I don't know how to do it please help me catch them

if you don't know, learn to know i guess

I just want something done quickly I don't want to learn just once stop these scammers that's why I need someone with resources

No
We do not encourage vigilantism

This is an understandable, if emotional, response. Unfortunately it's not going to do anything.
Think about it. What can you actually do online? What can anyone?
Best case scenario you manage fuck all.
Worst case scenario you wade in and fuck up a current or future police investigation. Your rash action could result in these people walking free.

Calm down. Don't be an idiot. Report them to the police and move on with your life.

I am French and the French police are not effective for cybersecurity.

Hate to break it to you sweetie, but most of them aren't
The internet is a largely lawless place. It covers every jurisdiction on the planet, and law enforcement haven't caught up to that yet.

There's precious little more a vigilante can do either.
Even if you do track them down, what then?

There are shitty humans. Many of them. It's a defining characteristic of the species.
The internet functions as a medium for that.
Unfortunately, there's sod all anyone can do about that 🤷‍♂️
Report them to the police. It's your best (and only) bet. At the very least there's a record of it then.

Report them, and move on with your life.

You ruin any chance of a case being brought against them by poisoning the well and get yourself arrested for illegal activity in the process

I'm not talking about finding but doing like what they did

Oh, wow, so you just want to scam them? Dump a virus on their machines? Steal their data?
Very scary

How's that gonna stop them?

This is assuming that they're dumb enough to fall for the same crap you did.

no virus just a way to calm them down

And that they keep anything important on the machines that they use for "work"

How exactly do you intend to calm them down by hacking them?

Think this through to the endgame. What exactly do you hope to achieve?

just stop them from hacking but since you're talking about data theft just having the data scares them and leaves

"stop them from hacking". How will hacking them do that?

by hacking you can do a lot of things if it is effective

You think you're going to scare away criminals by stealing their data?

No, that's dodging the question.
Think this through.
What, exactly, do you want to achieve, and how, exactly, will going vigilante help with that?

Calm down. Think logically.

bro I'm going to make them dance like what they did to 10 year olds by doing dirty things to them with a good hacker

How

Bad time to ask for advice?

Nah, go for it, that's the real use for this channel lmao

Ok ok, I'm going then

I'm new to this cibersec world

Currently I'm only doing some lessons in tryhackme

but I'm having the feeling that I won't progress much using only tryhackme

But I don't have a solid base in cibersec lol

What's your background?

Currently I'm in the third semester of computer engineering

with a good person who has experience in the hacking field as they say in France revenge is a dish best served cold

and never had any contact with cibersec

Yeah, you're still not answering the question. How do you go from "hacking someone" to "making them dance"?

Okay, so a CS student just now?

Which parts of that interest you most?

And do you know where in cybersec you're most interested?

it's humor forget it if you can't help me find what I'm looking for

Yes, I've just decided to start studing cibersec topics expecting I would land a job easily in the future

Ngl, I think all this hacking stuff is cool

But I don't see myself doing it

So I would think maybe a SOC (?)

Hate to break it to you, but what you're looking for doesn't exist.
You want a magic bullet. A hacker who can snap their fingers and break into their computers.
Then somehow translate that into a real world consequence.

That's not how it works.
If you want to stop someone from hacking, you arrest them. That's it. That's the only way.
What you're asking for just isn't a thing.

Okay, that's good!
So, what I would strongly suggest there is a homelab. Do you have any experience with setting up systems / systems administration?

From memory the Splunk training courses are still free as well -- or at least the first few. Those are well worth doing too.
I hear good things about Blue Team Labs as well

No, I don't have :c

So, these homelabs would be used to practice(?)

Okey, I will take a look

Exactly, yes. There are a heap of benefits -- both in terms of experience and as a CV boost.

Wow, do they even give the certifications in the free courses?

Also if you spin up two VMs and download splunk on one and use the other for launching attacks at the splunk one you can see the attack being flagged. It’s pretty cool

I did that with snort

I'd suggest grabbing a cheap, ex-enterprise SFF PC off eBay or something. You can often get them for well under £100.
Doesn't need to be fancy, just something to mess around with networking on an actual system.
I'd personally put a type 1 hypervisor on (Proxmox being a prime example).
Either way, setup a SIEM and a couple of endpoints so you can get some practice with how that all works

Exactly what AceS is suggesting, yeah ^^^

You can then try running something like a C2 agent (or some other malicious software) on one of your monitored endpoints. Try to catch that.

It's all about learning how to track down indicators of compromise and write rules to automate that

I don't know where you're based, but in most places your degree will help. Throw in some of the BTL and Splunk training, as well as work on a homelab, and you'll be in pretty good shape

Okay, that was a lot to digest lmao

But I'm going to start for sure

Thank you so much for your advice

It all starts with a single step 😄

... Followed promptly by tripping headfirst down the research rabbit hole

Anytime! 🙂

Hi, i have a question , what do u suggest to someone who is studying cybersec outside the education system and want to get a first job in that field knowing that he wants to be a pentester :) ?

what github project related to pentesting? can u elaborate?

okay thank u !

Gave +1 Rep to @hallow sparrow (current: #129 - 55)

Do you have a degree or prior professional experience in any industry?

we got any PSIRT folk here? got a question.

Looking for some career advice. I am curious about reentering the tech job market and I am unsure how to get started. I'd likely need to be remote. I am wondering if I should self-study with THM to try to prepare for a cybersecurity position, if it makes more sense with my experience to be in software/programming, or something else entirely? Any advice? Thank you for your time.

I worked for a company from 2018 - 2019 as a cybersecurity intern(security analyst/engineer type of work) for 6 months, and as an IT intern for 9 months. I graduated at the end of the internship with a AAS in business information systems, C# developer certificate, C++ developer certificate, but I did not secure a position with the company. I had some trouble finding a job after that, this was when covid was taking off, and I have not been back in the IT field since.

If you have questions, just ask. Better to ask your questions instead of asking a question to ask a question. Plenty of knowledge here.

What is your current experience? If you’re in another role right now with your current company, maybe you can express your career concern and wanting to pivot into an IT position internally.

I'm not in a different role right now, I joined/created an agricultural startup that fell through.

i was researching for the median base pay online for this job role. Wanted to have this answered by a person who is already in a PSIRT.

Are you talking about median base pay in a specific area or the whole country? High COL areas often skew the payband.

Well it looks like there are now some significant changes for the OSCP in the coming months:
https://help.offsec.com/hc/en-us/articles/29840452210580-Changes-to-the-OSCP

I'm currently an senior analyst. I would say get some certifications. I would also top it off with courses with THM or Hack the Box, and find out what type of security your into (blue team, red team, or others). Keep learning everything you can about your interests, and clear up what your flaws are, or stuff that you aren't too familiar with. Finally, have a good salary that you are aiming for to start (mine was 70,000 per year, for example, to start). Keep applying for three jobs every day, and keep an Excel sheet of the various jobs that you applied for, the date that you applied for them, what qualifications they called for, how much they are offering, whether you were rejected from them, whether they were scams, etc. Be prepared for some harsh rejections, but try to learn why you were rejected from them, and improve for next time. You also have to really try for each application, don't just send in your one off resume: you have to fine tune your CV for the job at hand. I didn't get an job for about four hundred jobs, and only got a job with two interviews for two companies.

Much appreciated for taking the time to respond, this is great 👏I will keep all of this in mind going forward.

I believe I may be interested in pentesting/maybe red teaming. From what I've gathered, it seems that good certifications for pentesting might be OSCP & CEH. Does that sound about right or am I missing something?

Hello, I need a copy of the "Web Hacking Arsenal" book plz?

It looks like you can obtain copies from Routledge, Amazon, or Google Books

Done!

Does anyone else look for hidden easter eggs/intentional mistakes in job postings if they say "attention to detail" in the posting?

Depends on where you are from. CEH is only valuable in India and for DoD purposes, but aside from it, I've heard that there isn't any real value in it.

It has fallen by the wayside for the DOD and I wouldn't get it unless it's specifically written into the contract or is otherwise required for the position.

I believe Pentest+ meets requirements, you're going to have to look at the contract and or position requirements, going forward

With the OSCP news, we might see them added to the fray as well

Currently building a Wordpress style website that includes my resume, contact info, about me page, and labs I documented in Google docs through the Google course to showcase basics for Linux, SQL, and Python. I plan on doing projects and am wondering is it better to make a GitHub site for projects I do moving forward and including that link in my website or should I just do everything (resume, labs, etc.) on GitHub and use that as my “Resume/Portfolio website”?

Look at what the job postings are asking for.

Getting certs just to get certs is honestly a waste of money, if you're paying.

The only certification that I would recommend anyone pay on their own in Security+

Why did you delete your message?

Honestly, thought your username was a bot at first and that I had asked a dumb question I should have googled. Thanks for the advice, tho. The original message was "what certs are valuable in NA?"

Gave +1 Rep to @stoic cave (current: #17 - 450)

You're welcome

The caveat to certifications is that they don't really stand on their own like a 4 year degree or prior professional experience.

If you don't have either of the latter, you should find a way to rectify that.

Right. I'm not in the situation to be able to do a 4 year degree. I'm not sure what kind of professional experience I can get at this point, considering that I graduated Dec. 2019. Otherwise, my most recent experience is 4 years at a startup family farm. I did some IT work(website, asset management, etc), I wore many hats. Unfortunately, it did not work out and now i am honestly not sure what to do with that or if it is even worth mentioning if I try to go for a new job. That was why I was interested in the certifications to add to my resume so I could have something more recent to go off of.

Anyone else here a data analyst or at least working in data science right now?

has anyone tried making a project apply ML to cybersecurity?

it's pretty fun, especially when you start off with the basics like clustering applied to finding unwanted ip addresses on a server

I did some data science work for some years (more on medical computer vision side), but we had an anomaly detection demo on our cyber security course. I'm planning on trying something of that sort in the future.

That sounds really cool

especially since it's so relevant to both fields

Were you paid for the work you did? As in, had a W2 or equivalent and paid taxes? If so, that sounds like professional experience to me, which you can put on your resume, and leverage to obtain an IT role at an org.

I need it for free, because of a financial problem!
If anyone has it for free

Unfortunately, that would be unethical as the book is paid.

Thank you !

Gave +1 Rep to @stoic cave (current: #17 - 451)

You don’t need to be paid to list it as professional experience.

John Smith & Co Farm - IT Technician (or whatever name you want to give yourself) June 2016-June 2020

• Led IT modernization efforts to upgrade company websites by transitioning to HTTPS, building secure, compliant web platforms, and enhancing overall cybersecurity posture.
• Upgraded physical hardware components and installed advanced firewalls to strengthen network security and protect against external threats.
• Implemented asset management security best practices, ensuring current and accurate tracking of all IT assets and minimizing security risks.

Respectfully disagree as it's what differentiates it from projects or extracurriculars. Obviously there are exceptions, ie some 501c3 work and the like. Their work sounds like it may qualify, which is why I asked.

Unless you’re applying for a government job, nobody is checking with the IRS to audit your work experience. It can be on your resume under professional experience until you have enough to replace it. If you want a separate grouping for projects/extracurriculars sure you can do that, but if you’re trying to compress your resume you can also just put those under work experience.

Again, respectfully disagree. They are different. Working in a professional organization is very different than working on what I read as a family passion/hobby farm project in their case, or freelance (there's caveats here, 1099 is obviously professional work) work in general. That view definitely changes if they were a paid, and paid enough to do taxes, employee of the project.

i don't know Moose but i think it could be more a thing like a moral point of view

experiences count or the proof of it? i am lying is the question? or it just the fact they are requiring years of experience that make me non valuable for that position?

i guess we should tryhackme

Personal Project/Self-Learning/Extracurricular/TryHackMe experience is very different than actual workplace/job experience. That's why there is the distinction. If you're bending morals/ethics to obtain a position, I don't want you on my team.

who's moral and who's ethics . Taurus. Experience is Experience, what counts is what you are able to do, Ur Skills, Competences. Besides that, if you have certain requirements and feel like applying for a Position, u should't not wait too much years, sometime is okay but not like 5 years for seniority

What is your standard of comparison between personal (non-real) experience and work (real) experience? How much money do you make, or how important is it considered?

personal learning and practice experience is not the same as having to deal with a business environment

all the skills and knowledge you acquire on your own are not the same as having experience of those same skills and knowledge in the context of a business that has its own needs and flaws and goals and objectives and challenges and senior management making weird decisions and users doing insane stuff you can't account for

security isn't a job where you walk in and just bolt everything to the floor. You have to navigate the company's risk appetite, however hungry it may be.

I Think it is difference between roles

Hello everyone, I am still learning and I was asking about bug bounties. what are your thoughts?

They're a great way to learn and practice your web pentesting and reporting skills according to a defined Scope of Work on real targets. It's something you can use to demonstrate your experience, using platforms like HackerOne and Bugcrowd, or other bug bounty programs run by other orgs.

It can be a way to earn money, but it's certainly not a reliable method. Many of the successful bug bounty hunters submit multiple bugs a day. You can check out #bug-bounty and consider buying a copy of Bug Bounty Bootcamp by Vickie Li to learn more
https://nostarch.com/bug-bounty-bootcamp

thank you very much ❤️

Gave +1 Rep to @rugged delta (current: #19 - 418)

That sounds about right. You can also start broad and then narrow your interests as you go, and you can change.

I forgot to mention to network too. Go to hackathons, and anything in your area. Make sure people know your name in a good way. Most jobs come from people you know, and not from strangers or jobs postings. In addition, usually companies will pay you friends or acquaintances for recommendations for a job.

I loved that book! It taught me the basics. There is also a good Udemy course that costs a bit, but it is worth it, once you know the basics of bug bounties. He basically walks you through some good tricks for getting some good ones.

https://www.udemy.com/share/105Ovg3@qnIlo70GUtYiLgOeuvRy0moF6aaKe6DYnnUMgpai8a52mBd6XL1tM-RcX8nSLaZAeQ==/

thanks I will keep it in mind, thanks❤️

Gave +1 Rep to @vocal heron (current: #2204 - 1)

how do you guys use acronyms in resumes and portfolios? I feel like at least in my portfolio using all the acronyms that I am. I could see how it might be annoying.

especially if its not refered to more than once.

I would probably avoid acronyms, different places they can mean different things. If you are using an acronym, the first instance should be the whole thing spelled out with the acronym following.
Radio Corporation of America (RCA)

Then following that instance you can use the acronym.

Alrighty, thank your friend.

so SSH would be Secure Shell (SSH)

It just feels weird to spell out Random Access Memory instead of calling it RAM.

In what context are you trying to use it? That seems fairly granular for a resume.

It's more for project documentation on a portfolio.

speaking wise there are some acronyms i'd spell out and some where i would just say the acronym which is why it feels weird to me. But I feel like if im pick and choosey on it, then it will also sound read weird.

If it's a project writeup, then yes, do what I showed you.

If it's a resume you're sending to people, it's more than likely too granular

Right, thanks you for your help.

Would anyone be willing to look at my project writeup for making my ubuntu server? Id like to know what could be improved upon so that way i can fix the formatting and documentation now before i'm using it on other projects.

You can post an image here if you want, just redact any PII

So im wondering if there is a better method to format this. Also want to make sure each section is a thorough as it needs to be.

I plan on explaining most of the acronyms in the project summary

For a writeup, this isn't detailed enough imo. You've also passed off whole sections to other people's work.

how am I supposed to set up a server for the first time without using online resources?

unless youre only talking about the setup and configuration parts because it doesnt contain a lot of other bullet points like the others. these didnt really have a whole lot of steps. like the setup menu most of the options were just left to default.

also in the bullets there will be hyperlinks linking to pictures.

I'm curious to hear different opinions on the question I've just been asked:

"Why do cybersecurity jobs pay so much more in the US than elsewhere in the world?"

I don't have a good answer for it. Only some vague gestures toward "US corporate culture is more tech-pilled than the rest of the world and values it higher"

Every job pays better in US and especially Tech

It's the biggest economy

So the simplest answer is that there are just way more money available than everywhere else

yeah, GDP just doesn't really feel like a super satisfying answer though

because you can compare individual companies that have similar gross + net and headcounts between countries and see CEOs on similar packets but with staff at massive disproportions

or even within a single company with international branches + separate employee sets

Rapid7 for a good example on that; UK senior eng ~50k, USA senior eng ~170k

I should not be an economist

Probably has to do with the salary that somebody expects to get in different countries as well. UK salaries have always been around that and the prices in general somewhat reflect this kind of income

That's why you see outsourcing as well. Companies are eager to profit from this difference of cost of living and income expectations

It's not a question that someone can give and answer to in a simple way tbh as economy is not wholly based on rational factors

has anyone taken the google cybersecurity cert before their sec+?

i did the google cybersec cert a few months ago and forgot where to find the sec+ discount voucher that comes with the course

They probably emailed it to you. The Google Cybersecurity certificate isn't going to be sufficient knowledge for the Sec+, you should use a study guide or perhaps Professor Messer's free vids

that's what i've been doing

im ready to schedule the test i just need to find the code

cant find it in my email

Then try the coursera site

at this point i have to wait on their support to respond

fingers crossed they do it soon

Cost of living and how taxes are done.

A senior engineer making that much would more than likely be in a high COL area.

peeps, is it worth to be on linkedin? I'm just transferring into the field, was active duty before so I have no idea how or whether linkedin is valuable

If you're in the US, I would consider it worth it. Its probably a necessity, tbh. If you're concerned about privacy/opsec, adjust the settings.

yep, that was my concern. I'm not in the US though. Thanks for the input. I did some freelance web-pentests but I would like to focus on bug bounty, therefore I'm like; I don't know, whether to do linkedin or not.

This is not an apples-to-apples comparison you are making. Vastly different tax rates for both the business and the employee, cost of living normalization, local market conditions, and exchange rate also have huge affect on salary.

For a "real" comparison of salaries across regions in the US, let alone across countries and continents, you are better off doing the analysis based on purchasing power of the offered salary in that location.

if you do it based off of purchasing power by region, the wage gap between UK and USA looks even worse. On the whole taxation and cost of living are much lower in the US, while the salary is much higher

but in particular the focus is also on cybersecurity as an industry. There are other industries where salaries between the US and UK/EU are comparable, but cybersecurity (and tech more broadly, but especially cybersecurity) seems to have a very sizeable difference

You aren't fully taking into account employer taxes as well. UK has much higher benefits that the employer is required to pay, as well as much higher employee protections as well.

A large part of the "salary math" includes risk; an employee in the US is much more likely to be 'at will', and can be terminated at any time. There's a lot of 'hidden' taxes that employees never see because of regulation.

It could also be that certain areas of the US see that work as being more valuable, and are willing to pay more for it.

yeah these things are true, esp. around worker's rights and statuatory benefits

It's my perception that the EU is more willing to hire junior and entry level security personnel; most US companies do not want to train and will pay more for senior engineers and analysts.

but since many other industries have comparable salaries, it seems to ultimately keep boiling down to a cultural thing - the roles are more highly valued in the US

which i guess is the issue I've been having with the question in the first place. This answer feels nebulous

and is hard to tie down to objectivity

It's also extremely difficult to get an entry level security job with 2-5 years of experience in IT.

In the UK, I hear it is much more common to get hired without a lot of background experience or education.

Struggling to find what job roles are called related to appsec, pentesting etc.
Any suggestions?

that's also true, but the example salary i gave off-hand was for senior engineers

I got hired in a soc straight out of uni with no it or security experience

At a big company

they usually do what they say on the tin - e.g. application security analyst, pentester

perhaps it really does just boil down to GDP and company wealth, though. greater expendable capital means they can afford to invest more into security. Lower capital means expenses are more tightly divided between critical functions.

But there is also the fact that tech companies are generally valued higher on the NASDAQ than the FTSE indecies

Don't get the idea that everything is good in the US security market, though. Many companies (especially startups) don't understand the value of security until they have to go through an audit without competent infosec and grc.

oh for sure I'm totally excluding general quality of work life from the equation. I'm only looking at the raw salaries 100%

Security is often seen as "putting up roadblocks" when the reality is, those roadblocks are designed to give investors and other 3rd parties confidence that the company is behaving responsibly and ethically.

but I'd say companies not understanding the value of security is pretty universal lol

Looking at raw salaries is not a helpful comparison

except in Russia where they seem to take a radically different approach of proactively not caring in a lot of cases

The same job role for same department within the same company could vary by as much as $50k annually just based on the place of residence for the employee

if the employer offers full time remote, an employee in cleveland OH could expect a substantially lower salary for the same job role than an employee in NYC or SF

I am wondering guys do you actually work 40 hours a week? On paper it's that but do people really put 8 hours of work a day 5 times a week?

they dont in most jobs

even outside of IT

i do powder coating and we only do full 9h with no slacking if the company is getting stacked with orders

So you have like gaps in work where you just sit on a chair and do nothing?

i invent work lol

theres 3 of us, if theres not much work 2 sit and one works and warns the others if someone comes

and we rotate

i cant speak for IT though

i had a friend who did embedded software and he would watch anime all day

yeah so it just depends where you work, I just asked a guy and he is like going work 8am and back home 6:30pm at least, including commute, some people actually do full 8 hours

i used to work 12h in a factory

you get used to it

time passes faster if youre working nonstop

I mean alright let's say work times goes but how will I have time to do other stuff like I got a personal project I am working on

40h work week is standard in most of the world

I am just worried cuz I am gonna start my first job tomorrow inshallah

new experience you know

yes it sucks lol

parents were right all along when they were warning us not to waste time

yeah it's rough now

if you are spending a lot of time commuting you could use that for things you do at home

I have to make use of that time yes

it's a no come back point sadly

work forever till death

some countries are experimenting with a 4day work week

you could strive to work those eventually

or finding a remote job

if your career allows it

or hybrid

I am thinking of just making my own business at some point

good luck

Thank you

Can someone shoot me examples of their resumes and cover letters? Applying to some cyber internships !

I was thinking of gettin my first cert, and was wondering which would be better. The CCNA or network+ ? Any advice on each of them would also be helpful

CCNA is vendor-specific (Cisco) whereas N+ isn't, but at that level of cert I'm not sure it's a huge gap between them really.

^ CCNA focuses more on cisco specific products iirc

just hack there site & you wont need a cert

@broken idol our master of ethics 😉

Wat?

we do like joking but this is one of our more serious channels as it is for people looking for careers in cyber. So please refrain.

also s/there/their/

Does anyone here know if cybersecurity sector is in high demand? Also what would be a good certificate to obtain if I'm going down the pen testing route and want to land a remote job?

Cybersecurity has been, and will always be, in a manpower shortage.

I'm going to assume you meant certifications, as certificates are not the same, but the question I have for you is do you have a degree or prior professional experience in any field?

Does having a self-portrait on my website/resume make a difference compared to not having one?

Example (stock photo)

It should

Depends on the country I suppose. I would avoid it unless you are in a location where it is all but required (for the resume mainly, but in general as well)

U.S.

Then don't include it

Solid, thanks.

While I'm here as I'm completing final touches LinkdIn actually make a difference on applications?

Seems overkill to have website(github extension included) and a resume and a linkdin?

LinkedIn can be very good for networking - on the flip side it can also be completely useless if you don't use it well. I would say its worth having though

I got a lot of great offers from LinkedIn alone, even when my CV was pretty crap

Got it I'll get that touched up then once I complete uploading labs to the site, thank you for the help on getting things together 🙂

are there any jobs that primarily focus on recon and defense ops?

Currently in the Help Desk, mainting the AZ-900 & Network +. I want to jump more into System Admin work before fast tracking my way into Security. A lot of the guys in my Company that are SOC Analyst informed me they were systems/network Admins. I just want to understand the best way to not fast track, but to stay on pace to devloping the necasarry skills to move over to security work. That being said, any advice is great and something I will always keep in mind.

Original question: Quick question. I feel like I have a decent understanding from a Network+ standpoint. I recently passed and got the N10-009. I'm trying to structure my learning and trying to figure out which cert I should go for next.

A) Just continue to build my Home Lab & go for CCNA

B) Continue to build homelab and go for SEC+

Reason why I ask, I just want to understand how strong of a understanding of Networking did you all have before perusing Security fully. Any tips I'm grateful for

I have an MBA with a concentration in Data Science and Analytics. I currently work in tech.

What certs would be best short term / long term to look into for junior to mid level cyber professionals? I already have a Sec+, was considering CySA or CISSP.

I'm thinking about purusing a CASP+ next, it's the technical version of CISSP from what I see

Forgive my forgetfulness, are you already employed in Cyber?

No 🙃

I figured another cert might help

I have Dev / Systems Engineering exp and a degree in CS

Would CySA be next then?

When you say CS, you're referring to Computer Science correct?

If you have a degree, experience, and Security+, just apply to roles

yes

I am, but I'm considering another cert just to try and get an edge on some of the competition

It's rough 😦

You need to take a look at your resume then, imo. You're qualified

Hey, so before focusing on your security skills, how strong in other aspects of IT? From AzureAD/AD, Networking

I want to start going knee deep into Security but I feel like I should have exp configuring switches, routers, firewalls etc

Like I only know about them from a CompTIA/Theory perspective. What would you recommend? I'm going to get a home lab enviroment going. I just don't want to sink to deep into Networking unless I have to before transitioning over to Security perspective of things? That would be great!

Not to mention, I don't know anything from configuring AzureAd/AD group policy etc

I just know all of these topics from an in theory perspective

I had answered your initial questions [here](#general message) before we moved to this channel. If you can answer the follow-up question I asked just below, we can go from there.

Yeah, I'd like to continue here. The reason I ask that because, I'm just having a hard time making the transition over and I'm kind of looking for some guidance at the moment.

Becasue jumping into Security, you have to have a strong understanding of how systems work. So before I route over to trying to break systems, I'm trying to understand them. Does that make sense?

Like I have CompTIA certs, I just feel like they're good at telling you what to from an in theory perspective? How good where you at configuring things in AD/Networking/ETC

I hope you can understand what I'm saying, lol

That still doesn't answer what I asked at the linked message. Are you currently employed in tech? If not, do you have a degree or any prior professional experience?

I love imposter syndrome. It feels so good, and best of all it never goes away!

I’m close to finishing the Microsoft cybersecurity analyst course, I plan on taking the SC-900 after that. Any recommendations on what my next steps should be to land a job?

skip SC-900, try to get a free voucher for SC-300 or AZ-104

SC-900 is a shallow cert, it doesn't bring value. If you rly want to take it that's okay but imo, SC-300 or AZ-104 are better equipped to give you the required knowledge

Hello everyone, just started off my Career in Cybersecurity since 2023, I’m certified by ISC2, and CISCO introduction to Cybersecurity. I have also interacted with tools like Nmap, BurpSuite, Wireshark. Basics of Python and bash. Now I have been actively looking out for Internship roles to further gain Hands-on Experience and it’s been discouraging to not get an offer yet.
What am I not doing right. Pls I need an answer. Thank you

Internship roles are generally reserved for college/university graduates, and most other cybersecurity roles will expect you to have a number of years experience in another computing role, such as helpdesk/support/qa/system administration/network administration to demonstrate that you have worked with the systems you're supporting. You'll generally need at least some knowledge/experience of Windows/Linux/Active Directory/networks, an understanding of basic programming/coding, web servers/apps, databases and applications, and at least some professional experience within an area of computing.

While this isn't the case in every role you apply to, you will need to be able to demonstrate practical experience in some way. Which ISC2 certification do you hold? Is it the CC or CCSP/SSCP/CISSP? While the CC and Cisco Introduction are a good sign of your pursuit of security certification and signifies your interest in the field, it wouldn't usually be sufficient to demonstrate your abilities.

I would suggest that you read one or more of the Tribe of Hackers books (approximately $15-20 usually) for suggestions about how to prepare to operate in a cybersecurity role. Gaining experience using tools like the blue teaming tools discussed and demonstrated in the various Learnign Paths in THM are a good first step in positioning yourself in a very competitive market. I would also suggest have a home lab, consider having a blog where you discuss tools/technologies, do writeups about rooms, participate in CTFs (PicoCTF is an excellent and free training platform for this), consider doing bug bounties, and include this experience in your cv/resume

Hi guys...I'm a cyber warrior and working in cyber security since 2010. I have worked on Microsoft SCCM, Symantec AV Manager, Forti UTM, Splunk, Deployed Honeypots in DC infra, Core Impact VAPT Tool, Windows/Linux administration in DC for AD/ AD CS, DHCP, DNS , PKI and all others services provided by Data center. I m also equipped with knowledge of Forensics and Malware Reversing. Now I want to shift from LAN infra to corporate. Can you please suggest some certification and role to which I would be suitable. I have hands on experience on all above mentioned infra but didn't apply for certification.

Thank you so much, will definitely put all the suggestions in play. But in the area of work experience, Internships having been successful and neither it’s the job search. I mean I have to work in those fields to get an experience but most Entry level Jobs are not exactly Entry level because they still require about 2-3 years experience.

Gave +1 Rep to @rugged delta (current: #19 - 419)

Just for some clarification, you've been professionally working in Cybersecurity for 15 years, and no certifications? Also, what do you mean when you say LAN Infra?

Ya...my organization doesn't need certification and we are working in intranet with more than 1500K end point devices.

Don't worry about a job claiming to want 2-3 years of experience. A lot of people don't have that, and it's not important if you can demonstrate your abilities. A lot of people will start in helpdesk/sys admin/network engineer/programming/qa roles and build their experience from there. Cybersecurity isn't generally considered an entry-level field in most cases, so you would need to show your knowledge/experience of computing through the ways I suggested above.

Having a home lab with just a few virtual machines of Windows/Linux servers and playing around with the applications they can run can really help you understand the tools better. As you've done Cisco training, I'm assuming you've used PackTracer at least somewhat to build practice networks. You can explore more complex concepts as you go. It is something that takes time, and effort on your part. It's not a sprint. And in today's market, where there are a lot of people new to the field, companies can be very selective. Most people will have their first encounter in a cyber role in a SOC or taking on some security duties as part of an IT or programming role. Having curiosity, and taking your time to build knowledge and skills is essential.

As for certifications, keep going trying to pursue higher levels. Most people at your level would next move to pursue the CompTIA Security+ and perhaps Network+, aiming to take practical certs like the OSCP or BTL1 within a year or so of that. That means you will likely need to invest in training and pay for certifications. This can include getting study guides and following free/paid videos or courses to supplement your learning. I'd suggest watching the following video for a good justification of this pursuit
https://www.youtube.com/watch?v=ZsEWUguYXgM

I would suggest you pursue certifications for your own benefit, to demonstrate understanding of the skills you use at a professional level, as many organisations like to demonstrate that they comply with industry standards and ways of standardising skillsets. The video I shared above would also benefit you

To be honest, I'm not sure you would need certifications with that much experience? It would really depend on the hiring organization and what they require, whether internally or mandated by contract.

Ok

If you're struggling to get hired, you can post a redacted image of your resume here for review. You will need to verify to post images.

I'm studying for my A+ certs, and trying to decide if i should go for a degree in cybersecurity or something else

any advice would be appreciated!

basically, I'm trying to explore what the different branches and jobs are in the IT/tech industry. Right now it's more of a thing that I don't know what I don't know 😂
So I'm also kinda looking for ways to dabble in different things to figure out what i would like

OK! I'll check those out! And appreciate the advice on the degree, it seems like a very specialized degree, and with cybersecurity being pushed as much as it is right now, I would honestly be concerned about landing a job in the sector by the time I wold be through with any degree program

Cool! network engineering is also a degree at the school I'm looking at, so might be looking into that program when I'm ready?

anybody a discord moderator trying to get a job so I can transfer colleges and continue my path in nc \

Thank you very much for your responses, much appreciated.

Gave +1 Rep to @rugged delta (current: #19 - 420)

What?

Anyone have experience or testimonials on Josh Madakor’s courses?

Okay thank you!!!

Gave +1 Rep to @dense dagger (current: #22 - 397)

success isn’t just about giving up, it’s about you appreciating every step you take, every hurdle you clear, every challenges you overcome and every sale you make. Be proud of each win, no matter how small, and let them remind you of just how far you've come. Keep goingyou’re on your way to something incredible. New sales made🎉🎉 . All thanks to GOD🙏🙏

For the more experienced folk that have done both OSCP and SEC660, which did you consider more difficult? I'm seeing reviews saying that OSCP is basically an intro for SEC660.

GXPN has a lot of topics not covered by OSCP

Is it an intro to SEC660? Not really I would say. There are similarities but OSCP doesn’t teach the pre requisites for GXPN imo

I would say its more similar to OSEP & OSED combined

Is OSCP still worth it?

I know it's a broad question but I've been thinking lately and OSCP doesn't seem to cover that much

If its in the job postings in your local area, its still relevant to you

Sure

But idk, I have some fear

The OSCP goal is to not teach you techniques but a methodology

I don't want my cybersec job to consist in phising employees and people related to the company

It specifically hones your methodology

Or using the same techniques

Sure, makes sense

It's a good introduction, from there you can develop more things

Yeah. Its a pain to explain it to a lot of people that the OSCP doesn’t necessarily train you with all the latest and greatest techniques (granted that the syllabus should be updated for the latest known and utilized techniques)

Yeah, they're monotonous techniques that won't do nothing against a company with a decent cybersecurity

It's disingenuous to think that you can bruteforce lots and lots of directories without getting detected (maybe this applies more to read team)

In pentesting you don't have to really worry about it

There are lots of jobs in cybersecurity and most of them don't even consider OSCP to be anywhere near a requirement

if you want to do pentesting, you will find jobs that will have a high desire for it but that doesn't mean its a requirement

Only if its not behind a WAF

Even then, you can try to circumvent it but thats another topic

Sure, public projects and experience are even more desirable than a title

Yeah

I know quite a few people who got their first pentesting job without OSCP, they basically worked their network, talked to people, went to conferences, had a public presence

Idk, to me sounds like incidence response is more interesting, you get to analyze malware and to see more sophisticated techniques

it can be

I prefer cloud security, you get to build things, try out new technologies

Unlimited budget

Fr

Cloud security is goated

Sounds reasonable

Biggest goat now is IAM

you can set budgets... whether you keep to them is another thing

IAM?

also GRC is huge

Identity and Access Management

Ew GRC, I personally hate it

oh

Too much paperwork

When working in cloud security do you have to deal with AIs?

May sound stupid but i'm curious

we had an intern project whether they were like "we want to use this cool AI feature within AWS", we were like "sure"... a few thousand dollars later, we were like 'let's not"

Oh

Hhahahahahha

I don't, but there are AI services in the cloud

same, I couldn't do GRC but for those that can, it's a great job

Yeah, got a good lovely GRC people in my circle

same

You're lucky

I just don't want to interact with AI

AI services in the cloud are also super $$$

so going that route is a total decision

Aren't like a lot of AI companies losing money?

Ik, but AI is just polluting the internet

There's maybe some good uses to it but it's making everyting tasteless, from art to text

I dunno, Microsoft has invested billions in AI, so has google, so has Amazon

AI is more than generative AI

Ik

generative AI isn't going to go away

Damn (soon everything will end)

people spending hours upon hours doing prompt engineering to write their code for them when they could've just written the code themselves in less time is SO COOL

...You don't use ChatGPT to write code for you for your work? 👀

is that a sincere question

Yes.

the only time i've found any real value in it is getting it to summarise documentation for APIs

Ah, you'd be surprised how many people I've spoken to who have, or inputted sensitive information. 😅

i WISH i was surprised :)

Hello everyone. I want to connect with the remote (also freelance) workers . Your counseling and advice is needed. Thank you in advance

Hey everyone,

I'm currently a Computer Science student actively applying for internships. So far, I've applied to about 60 positions but haven't received any responses. I've tailored my cover letter to each position, ensuring that my resume includes relevant keywords. Despite my efforts, I'm not sure what I might be doing wrong or what I could improve on.

My current company is sponsoring me to take the Security+ certification this month, and I'm planning to pursue more certifications this year to strengthen my profile.

I'd really appreciate it if someone could review my resume and give me some feedback or advice on how to increase my chances of landing an internship.

Thank you!

P.S. my past experience was from knowing someone who got me in

If you have questions, like I mentioned in our previous correspondence, just ask them here.

Eyyy Central Masshole!

I'll take a look at your resume a bit later when I have time

Hi guys, I'm a beginner wanting to learn cybersecurity in the area of ​​offensive security, I started with the first room and I can't get through the first task it says: which of the following best represents the process in which you simulate the actions of a hacker to find vulnerabilities in a system?
as an option we have:
offensive security and defensive security, but when I select offensive security the wrong answer comes up, what do I do??

Hello, someone asked me to suggest him some certs (offensive), I sent him the following, what do you think?

OSCP: content quality: average, recognition: very high, difficulty: inter/hard

PNPT: content quality: above average, recognition: low/medium, difficulty easy/medium

CPTS: content quality: very high, recognition: low, difficulty: very hard

Security+: content quality: low, recognition: high, difficulty: braindump

For help with THM content, #room-help is the best place to receive assistance

Giving them a list of certs, without context and with this over simplified score, is probably going to be counter productive. Brain dumps are also prohibited by CompTIA, so I would probably change the difficulty to easy if you're set on providing this list.

I mean it's easy as in just read and memorize stuff, not to go check a literal exam dump.

well I told them to ask more anyway, one opinion isn't enough

It's just about interpretation. Ethics boards can be unforgiving.

ty, i would appreciate it

lol yea

So, quick question, what are you applying to? You're still 2 years away from graduation if you're applying for full-time jobs. You likely won't get responses.

I am applying to internships rn

these are all security related internships

OK, are you shotgunning or tailoring your resume to each role?

i havn't had any luck with responses or even a rejection

tailoring to each role

Also, when are the internships slated for? Summer 2025?

Spring CO-OP or Summer 2025

Are you including a cover letter?

yes

I'd bump skills above experience

And include relevant classes under education

hm ok i didnt think of that

Also GPA if it's above 3.5

i have gpa listed

3.7

I missed it then

oh wait actually its not on that version

i have gpa on the one thats not censored

its been really rough i have 1 year and 4 months of IT experience before i even graduate

what are people doing to get these roles 😭

do you think the end user computing intern title is confusing?

i always wondered if it was worth changing it like information technology intern

Put what your title was

Speaking of internships. Can you still get an internship if it’s a college but doesn’t specifically specialize in cybersecurity?

If you want a career in security, don't limit yourself to just cybersecurity internships

anything you learn in any IT domain will be useful down the road

yea i did end user computing/deskstop support for a year at a company as an intern

i just wanted something new

Do you guys think getting CCNA after Network + is redundant, or a waste of money, in other words? A lot of network engineer jobs want CCNA.

I would say Network+ is certainly redundant if you have a CCNA

Ok, thanks for your response. Do you prefer one over the other for cybersecurity? I’m thinking of going network + because I want to be a sys admin one day, but still researching.

Gave +1 Rep to @pseudo creek (current: #15 - 521)

CCNA is great if you want to be open to more network admin positions

network+ is more like 'you know some networking'

Ok makes sense, thank you!

I'm going to be honest i hate coding am i cooked?

Depends on what you want to do? Not all cybersec positions require coding, though most benefit from it

https://www.upguard.com/blog/does-cybersecurity-require-coding

i have not written a single line of code at my internship and neither does any of my co-workers

yup

is he cooked
:8ball: As I see it, yes

Ah man, the 8ball has spoken, sorry dude

Looking for advice on my Resume, And/or possible job opportunities!

Those duties and tasks and the bullet points below them can be summarized

It takes up so much pain and honestly not everyone is going to read that

Be concise in what you want to say and provide actionable results preferrable with data to back it up.

Like you said you fixed hardware and software issues, do you have data that you did minimize downtime and improved overall system reliability?

You have a certifications section but you say you’re working towards them. So technically you don’t have these certifications? Maybe you can rewrite this or remove it altogether and maybe add it into an About You section. There are those that like those and then there’s those that don’t

The key skills is maybe all over the place, there are things there that I don’t think are necessary like Cybersecurity protocols, what do you mean by this? Maybe its better to expound or put in specific skillsets that you do have. Words per minute is not really a skill and I don’t think you should include it.

Under Education, I would recommend a format such as 2021-2024 for your education so they know how long already you’ve been there.

damn, that 8ball powerful if i do need coding then its fine ig any good courses out there to help?

i just feel like with our future of ai coding is useless

Hey guys, has anyone completed the eJPT certification?

I've finally decided to get out of 'tutorial hell' and start doing real things to land a job. I’m thinking of starting with the eJPT certification first.

Any tips?

Hi All,

I'm reaching out for some advice as I'm currently at a career crossroads.

I've spent the last few years in consulting, managing digital transformation projects like DWH migrations, IT systems implementations, defining data strategies, etc. But I've always been drawn to cybersecurity and feel like it's a field I could find myself in.
Now that I'm between jobs, I'm seriously considering making the switch to cybersecurity. I’m really not interested in returning to the corporate world where I find myself babysitting C-level executives again.
I've already done a few courses on TryHackMe, and I'm thinking of taking the leap with a bootcamp. If anyone has gone through this transition or has experience with bootcamps, I’d really appreciate your advice. I'd also love to chat privately with anyone willing to share insights or offer guidance.

Thanks in advance!

I think you should do what motivates you more. Apart from that I think that the cybersecurity will grow even further in the years to come.

It also depends on how much time you can give yourself to gain knowledge and/or certificates.

I can give it a some time to get at least Sec+ and Network+. My feeling is that there is a high demand but for senior roles. The market seems to be quite saturated for junior roles. what do you think?

well nothing beats expierience but I would say it also depends on the area where you live and how much you want to earn.

Since you already have some expierience in the IT business you might be ahead to some people whou want to switch from a different field.

Its a shallow cert that holds zero value imo and the company that used to make it was now acquired by INE which has a bad track record.

If the local jobs around you require eJPT, you can consider it

OSCP is a cert that is usually being looked for by HRs but it has a high barrier of entry at $1649. You can also opt for the HTB CPTS which is a lot cheaper and is more in depth. I believe that the CPTS is a better cert if you just want to get better at pentesting but if you wanna jump the HR barrier, OSCP is good.

If you live in India, you can consider the CEH but EC-Council has a known bad track record and most of their certs hold little value outside of India or governments that require it.

cybersecurity bootcamps are largely a scam. I will say that the market is tough right now in IT in general including cybersecurity. There are a lot of people who are trying to get any job they can including cybersecurity. If you want to get into cybersecurity because you think you'll enjoy it, you can certainly do that and there are a few options.

Although it may not happen at junior levels, I will say that cybersecurity can be heavily influenced by c-level executives. So there may be at times that you'll need to explain to c-suites executives why things are the way they are or even at the behest of execs, bend cybersecurity rules in a way to meet their demands. It really depends on the company.

hey @dense dagger

Since you have done multiple certification which include OSCP. I have heard that OSCP is over hyped and that it is not really as worthy as it is being said in the community.

As a newbie here in cyber security field I really am not being able to wrap my mind around it. Whether should i go for OSCP or not.

I heared that CPTS is a good one also and that CPTS are far superior than OSCP. So which one to choose and how to prepare for this?

Also what are the opportunities you got based on the OSCP certification. Since you are highly skilled personal I can see that.

Considering someone having not such exponential skill but having knowledge of whatever required to pass the OSCP, or CPTS, also having these certificate.

How many oportunies is out there?

Also how much does the country am living in matters?

I think what matters when getting a cert imo is it return of investment to you. I don’t value certs which doesn’t fulfill either 1.) give me a head start on jobs OR 2.) give me good knowledge.

I picked OSCP bec. looking at my local area, OSCP is a big factor in getting a pentesting job, nothing more nothing less.

OSCP is overhyped, I’m not largely sure. I do see other people’s sentiments that the OSCP is overpriced when you compare them to other certs but I think people are more concerned about the techniques it teaches you (I understand, pentesting courses should be updated to reflect the current landscape) but rather it teaches you on building a methodology. There are numerous modules within OSCP actually that drill down on this. I think that’s one of the biggest things people forget.