#cyber-and-careers

Thank you! Going through his videos and so far its going good

Gave +1 Rep to @worthy shoal (current: #43 - 181)

lots of people start in help desk initially. Usually certs like Network+ or Security+ although some help desk jobs will require A+.

has anyone in here used professor messer's practice tests before taking an actual cert?

i'm just barely passing when i take the messer tests and idk how his tests compare to the real ones

For sec+? I think Messer's exams were slightly easier than the real thing just because it didn't quite have CompTIA's weird wording for their questions

Though if you can decipher their wording you should be fine

first practice test i took today i didn't do too well because i had too much coffee and tried to speedrun it lmao

wording could be a problem

CompTIA be weird with it sometimes, just remember that a lot of the times they want the best answer or what you should do first in a situation, even if there are multiple 'right' answers one is more right.

793/900

Congrats!

how long does it usually take to get the email that you passed

No clue

Don't think I ever got an email since I took it in person 🤔

I took my Sec+ using the proctor software, and my results were available immediately after taking the test.

i did it online and got my score at the end

but after closing the app idk how to access it

Should be able to login into your CompTIA account to see your certs from them, but it might take a bit for it to show up there idk

yeah, they should have given you a link to download your PDF, etc.

it's not on my comptia profile yet

only have my A+ on there

you might want to contact them if you're concerned.

ok i checked their support and it said it could take up to 5 business days

anyways i had my a+ and i just got my sec+

now what

now you celebrate and relax!

Take a breather and look at the options you have based on where you want your career to head to.

I got happy then read your bio and became sad

I’m at the Helpdesk and I just wanna get that first job in the industry and go from there

But right now Jayy is right I should relax

Turned my resume into a one-pager if anyone wants to comment! 🙂

What are you guys’ thoughts on Josh Madakor’s resume template in his video?

https://youtu.be/eFbBbcJeRdU?si=W8eAmfJ3LpA5K18d

That's a lot of red text for no reason or is that not supposed to be part of it?

Section ordering is also weird and there is some not great use of space like with the header, but I've seen worse templates for sure

I think the red text is supposed to indicate where you fill in your own information. He says in the end of the video to change it to all black. Would you recommend putting experience on top? Thanks for the input @worthy shoal

Gave +1 Rep to @worthy shoal (current: #42 - 184)

Yeah well you want your most valuable qualifications at the top (outside of your summary and maybe skills if present), normally that is experience, though if someone has perhaps just graduated that could be education.

Having education and projects above experience when there is experience is strange

Hey guys,

I have a 12 month contract for a part-time job where I only work for 2 hours a day, meaning I literally have a full year that I can use to become a developer.

I was wondering what are the chances of getting hired for an entry level position in software development within 12 months, if I study for around 8-10 hours a day and build my portfolio?

I know a little bit of C and Python already
(Finished Harvard's CS50, wrote my own little games in PyGame, wrote a few little scripts for Penetration testing).

I also have the CompTIA A+, although not related to development, hopefully it's gonna look nice on the resume since I don't have a degree.

btw. I'm located in Germany
Any tips/advice would be greatly appreciated!

What are your duties in this part-time job?

It's not really IT related. A lot of degrading jobs, cleaning, moving furniture, stuff like that. I'm sometimes depressed because of how bad you can get treated at these jobs, but that motivates me to study harder

if you work on the portfolio primarily you're in with a good shot if development is your goal.

Recommend working on some projects that cover topics like:

Ansible
Docker
Kubernetes
Cloud deployment
APIs

A good sample project might show scalability and declarative deployment. Maybe create a little tool of some kind that collates data about a topic, and write an API to query the data, compose a docker container for it, write some ansible for deploying it to a kubernetes cluster and host a demo on a cloud platform with a basic web GUI to demo the API.

alternatively take a look at some job listings that seem appealing to you and pick out the key skills and technologies they mention, and build some portfolio work based on those things. The examples I gave above are just useful reasonably universal modern-ish development skills you're likely going to be expected to have

also probably take a crack at some l33tcode challenges, since technical interviews are likely to make you jump through some silly hoops about your programmatic reasoning.

Hi Rixon. It was similar for me. It's absolutely possible if you learn and understand the concepts and also master 1 framework. The advantage for you is that you can already work there part-time. That means your progress will be noticed.

Why you not verified anymore...?

get some practice with CI/CD and make sure you're very comfortable with git.

also see if you can find some open source projects on github that you can try to contribute to. Having some merged commits on some open source projects would raise your profile a lot.

Thanks a lot I'll write this down, I was told that HelpDesk might be a better choice for if I want to quickly get out of these dirty cleaning jobs I'm doing, and study development while working at HelpDesk

But then I saw some Youtuber say that HelpDesk experience can make your resume look bad when applying for a Development job

Also if I had a HelpDesk job I would have significantly less time and energy to build a portfolio.

What are your thoughts on this?

Gave +1 Rep to @zinc girder (current: #488 - 10)

I rejoined the server so thats why

Youtubers have big opinions lol

However if your goal is to rapidly build a portfolio, abusing the fact you have so much free time right now is a smart choice I think. Getting into a 9-5 helpdesk role is going to massively reduce your time to work on your skills

Yeah true

But glad to see you are on your way 🙌

I could be stuck in Helldesk if I found a job right now 😅

another strategy you could take is like

Thanks bro

applying for non-tech, entry-level roles at technology companies that develop software
And then once you have a foot in the door, try to move sideways through the business into the tech space

a lot of orgs like to hire internally

Not sure what you mean by non-tech roles

Would sign this 👍 .

like, anything. Social media poster. Receptionist. Inventory manager.

Oh yeah good idea but I dont have any qualifications

I think I'll take advantage of the 12 months of free time

yeah, i mean specifically for roles that don't even need qualifications anyway.

Pretty sure noone goes to university for 4 years of inventory management ;D

Yeah you're right. It would take away my free time though

yeah

Is IT (technician/support) a possible entry level job if you want to escalate to cyber security? Or is that a misconception?
If so, how do juniors usually start?

Yeah, its also a good job.

Sysadmin, network admin, developer, etc.

They all work too

Thank you

Gave +1 Rep to @dense dagger (current: #22 - 400)

gotta ask a question about the actual certificate you get for passing the compTIA exams

is there anything on the certificate that i should consider sensitive information besides my name?

gotta know who i should share it with

hello , I really need some suggestions for some projects to do and add them to my portfolio and cv ? especially in Cloud Security / DevSecOps .

It should just have your name on it. You would typically have a feature on their site to validate your cert to potential employers

there's a candidate ID and a code on it

are those sensitive?

IAM, hardening Linux/Windows VMs, securing S3, any of the topics you cover while studying for the AWS cloud cert you should consider writing a blog post about it

You shouldn't need to share the actual certificate with anyone, as in, there's no need for you to email a copy of the cert or upload the cert to a site for other people to download a copy. A statement that you have the cert on your cv/resume is all you need; and I'm sure there's a validation link you can use from CompTIA's site

this isn't for sending the cert to employers i just wanted to know if i should post the cert on social media

thank you, currently learning Azure cloud, in my country it's more popular.

Gave +1 Rep to @rugged delta (current: #18 - 425)

You can do what you want on social media, but if you want to show the certificate, I would suggest a screenshot with the candidate id and code cut off

thx

Yeah they'll have similar features and tools so the processes you used should be fine to discuss. As long as you're not just cutting and pasting course content onto your site, that it's your own work showing what you did, it should be fine.

I will start doing it, Thanks !

If I wanna become a Software Dev and I finished CS50 and learned C and Python, what are the next steps I should take?

Do you have a degree, intend to take a degree, or have prior professional experience anywhere?

Unfortunately no to all three questions, but someone told me that Web Development is way easier to get into and that I could transition to Software Development later

Kind of a knitpick, and it's not meant to belittle/detract, but "learned" has a finality to it. You didn't learn all there is to learn about those two languages. There is always something else.

Yeah definitely, I said learned right after saying that I finished CS50 which basically means basics

Still a noob unfortunately

Yeah, not a problem. Tbh, its a knitpick and the more I read it back, it can definitely be interpreted in a couple of different ways

So, ignore it

I think web development would be a good starting point but im too started of the AI problem

But back to the topic, what age bracket are you? Under 18, 20-25, 25-30, etc?

25

Not getting a degree is likely going to hurt. If you you're not going to get one, you're going to need to build experience somewhere

You've never held a job?

Not in tech no, id have to explain in DMs, basically I barely went to elementary school

Its gonna be really hard for me, but If nothing works out then I can hopefully fall back on HelpDesk, I got the A+

Do you have your GED? If you're in US or equivalent in other places

No im in Germany, Ive heard a lot of success stories about people getting a job because of a really good portfolio so I think thats my only chance here

Since I dont have qualifications I can only let my projects speak for me

Right but, and I'm applying US labor here (vaguely familiar with German job market, was looking at going to university there) you basically need a High School diploma or GED as absolute bare minimum.

I understand you're in a predicament, but without a higher level of education you're likely going to be missing foundational material in things like math, which devs/SWE use

I'm not sure how it is in the US but in Czech Republic (where I grew up) you'll get a High school diploma specific to the job youre preparing for

and I know a guy who just didn't list the diploma on his resume because he was a barber and that was not related to the job

and got hired anyways

They did ask him if he has a diploma but thats about it

I mean I can always learn, and I dont think you need math in web development which is where i probably have to start

That's the difference though, he had a diploma. The diploma was the requirement

I can literally just say that I have one too, but not related to IT

Im pretty sure you would do the same (or anyone else)

I'm not in that position, so I can't sit here and say I wouldn't in extremely dire circumstances (ie going homeless or starving), but it's something that's fairly easy to validate and a breach of ethics. Trying to validate your lie with "well anyone would do that" is you lying to yourself in order to make the decision OK.

My initial steps would be to try and close the education gap, tbh.

Well my last job was throwing out trash in a gym full of girls my age, so yeah

Thank God not homeless but I really cant live like this anymore so Im gonna do whatever it takes for the next 12 months

Don't really see what that has to do with anything. It's a job that pays.

Yeah I guess it depends on the person, I cant live like that

I've exhausted what I can say at this point. Don't let your pursuit of goals drop your ethical and moral compass.

I don't think there is a single person on this planet who would rather say "I dont have a diploma" and get rejected. but thats a different topic, thanks for the chat anyways

I am familiar with the german shizzl dizzl ✌️

(Sorry in advance if college/learning paths dont apply since this is mostly a career based channel.)

So I am a 17 year old high school senior trying to get into a college for IT/CyberSec. The university I applied for has a degree for CyberSec, which is essentially the IT program with a few classes shifted out for "Hacking" based classes (On top of some "CyberSec" electives). This college also requires me to have an internship summer of my junior year at the college, so i believe this is something pretty worthwhile as opposed to what some other programs are offered at other places

1. I am at a plateau at where I should self-learn. I like to use THM as a primary platform, but I'd also like to know any other skills that would be valuable to have relating to CyberSec (Specifically PenTesting)

2. Currently I have been getting into the python language as a whole and am not sure if I should learn another language parallel to this as well (C++, JS, or even other languages) and if this can be seen as a useful skill in the eyes of colleges/employers

3. My dilemma is, should I go for certs as opposed to learning a new language? Certs are somewhat unobtainable at my current status since I am doing Dual enrollment course work at a local CC (Completing prereqs for aforementioned college) and attending high-school fulltime.
   TL;DR

4. Im in highschool, I use THM somewhat regularly, but I feel like I need more resources to help stick the concept (YouTube channels, Books, or other mediums)

5. For a pentest path, should I learn python? would it help me down the road?

6. when should I focus on Certs? During college or after? (I do not know if the uni offers Cert trainings as electives)

Thanks in advance, I am somewhat paranoid that I am on the wrong path even though I havent graduated highschool yet. (Sorry for this wall of text)

1. choose whichever platform you enjoy. You're likely going to be busy, so use whatever service you choose as a way tk relax and have fun. Breaks are OK and you can't let your extracurricular learning get in the way of primary classes and social life at university.

2. You can. Is it required, no.

3. End of your senior year, realistically you should only be paying for Security+.

4. I would really scrutinize the Computer Security degree. They can be very hit or miss. If you're US, certain government agencies have "schools of excellence" that you can kind of use as a barometer. Not saying you shouldn't take that degree, Computer Science has the potential to be a better option though.

Thanks for the reply. I have a screen grab of what I should be diving into right after highschool.
My tuition is being paid for because of a scholarship program here in the state that I am in, and it only applies to schools within the state, so realistically I will only pay for housing and books as well as food. I settled on the overall best school that I had visited while touring a few campuses.

Gave +1 Rep to @stoic cave (current: #17 - 454)

There are a few classes listed before these that are in regards to basic programming skills as prerequisites

Better screen grab of the first three years, crossed out classes that I have taken as dual enrollment (which in turn allows me to already hit the ground running with some of the later classes

If you're dual enrolled, you should have most if not all of your Gen-Eds done, correct? You're going to need to work with your advisor to make sure you effectively plan your schedule. This will make sure you don't fall under the minimum required credits and have it structured in a way that you aren't wasting time. Free tuition is nice, but it's pocket change compared to the cost of University housing/food /etc

I am slated to graduate with my AA if you are asking about that. Some of the classes I took at my community college are equivalent to what is on the planning sheet, but it does not show up as a "direct credit replacement".

I have taken COP1000, which teaches JS, C++, and supposedly C, but does not satisfy the requirement of "an introductory course which teaches JavaScript, C++ / C"

General education credits are math science, literature, etc

Yes I will have those complete by the time I graduate

If your credits for dual enrollment don't count at this university as a direct replacement you're probably going to want to look at a different school

I think its just one course that may be debatable as not being sufficient, a majority of my credits do count though

I could take statistics and physics next semester to knock those out as well

I’ll have to take it up with admissions for the introductory programming courses, but for all of my Gen Ed’s it seems good

Thanks for your help, I will definitely consider all of my available options at this moment

What was the flag found on Sophie's desktop?

i cant access the machine

its being shutting down continuously

#room-help for assistance with TryHackMe rooms. This is the careers channel

Question for anyone here that works for a Defense Contractor:
-As a fledgling pentester, should I try to get my PenTest+ because government loves to check their boxes for comptia certs? Or should i go straight for the OSCP as its the better cert and i have seen some defense contractor jobs out there actually recognizing it as a preferred cert over the PenTest+?

hello

Hello, A little about me I am (well i guess was) an Underground Coal Miner thats what i've done pretty much my entire working life! I live in a town with a population of about 900 people and graduated flatiron schools cyber security bootcamp a very great program, But i kept on making excuses and taking the safe route staying at the mines and putting food on the table. Accompanied by VERY unpopular opinion within the fam i quit my current job and me my wife and kids are moving to the city to pursue this carreer! HIGH RISK HIGH REWARD (I hope) i am completly new to IT and trying to break out any tips(currently doing THM soc level 1) then on to google cybersecurity cert and sec+ after that should i try for GRC mastery? any andvice is appreciated

It depends on the contract. At this point, OSCP does not satisfy any main Government requirements though. Contractors, depending on who they're supporting, are still using 8570 in a lot of cases.

So you think I should gee the PenTest+ first then?

Have you fixed your resume like Zojja suggested?

I fixed the stuff I knew how to fix but luckily I already found a new job for a defense contractor due to a friend working there

I'm just planning for my next step ina year or two

Cant lose momentum

If the contract you move to has a requirement for pentest+, the contracting company should pay

No the job is as a Sys Admin III, im just planning for my next career hop in a year or two from now for a pentest role, for a diff DoD contractor

Right, the advice doesn't change. If you're looking to change to a role that has the certification as a contract requirement, they should pay for it.

does anyone here work or has experience with a fibre internet service provider?

If you have a question, just ask.

the question is too broad to be asked directly

i need to filter it out first then ask the broad question afterwards

Not sure I understand. If you have a question, just ask the question, as you can still get help and it may point you in the correct direction. Asking a question to ask a question won't get you anything.

Just starting out, do I need certs to get an entry level job? I’m working on my security + but it seems like every job wants someone with experience.

Depends on the job, certs help, but they aren't the be all end all. Also what do you mean by 'entry level' job? Entry level into IT or into cybersec? Yes, most cybersec positions require previous experience, that's because it is an advanced part of IT more broadly

Do you have a degree or prior professional experience in any industry?

Entry level in cybersec I just recently took the Google course. I have a bachelors of science degree in Audio Production

Also I’ve been in insurance claims for about 8 years

@stoic cave

I completed my graduation in CSE- CYBERSECURITY and I placed in OT SECURITY team so should I need to continue on OT or should I need to shift to IT. In future which field we can find more opportunities please suggest me 🙏iam confused

Just starting out looking for career opportunities in cyber. I completed the Google cybersecurity course and I have my Security+. Pentesting is very intriguing to me, but it seems like everyone is looking for more experienced pentesters. Anyone know of good apprenticeships/internships or of companies that would be willing take on a noob and train? I completed the Jr Pentester Path on THM as well, but it's disheartening to put a lot of work into learning OffSec/pentesting and only be "qualified" for help desk roles

Try
https://dontasktoask.com

Believe it or not, "filtering it out first" makes people significantly less likely to help.

I am a fresh graduate off of university as a software engineering bachelor. I've taken some security focused courses. I've had classes on networks and used Linux and such. What kind of first-time job would you recommend me to pursue to break into the security domain? Many thanks

I don’t have any work experience, that’s why i was asking. I don’t mind joining the IT industry from another standpoint and pivot into security, any advice on that

Are those acronyms software engineer / developer?

I will search for those in that case. How can i pivot from them into sec?

Looking to Improve my resume, any help or advise is welcomed thank you

Hello, I’m new to the field and would like to build my resume. Can someone who successfully landed a job in cybersecurity provide their resume or a sample resume? This will help me understand how to create my own.

If they require the certification, they'd rather just hire someone with that cert than wait for me to study and take the test and get the cert and then have to pay for it.

It's the path of least resistance for them.

But the question is more so what my next step should be to reach the goal I am trying to attain (Pentester for a DoD Contractor)

I finished the THM Jr. PenTester Course and I believe that has gotten me the fundamentals I need to start studying for a real Hacking Cert that they'd want

so from your resume, it isn't clear what type of job you are going for. Is it an OSINT type position? those are very niche.

Also you list tools in your professional summary, which is kind of weird, especially since you list them in your skills.

One thing to remember is your resume should be as concise as possible to get the point across. Like you don't want to be a cashier, right? then why does it get 6 bullet points. I'd put 1. Same with volunteer positions.

Skills shouldn't be on the bottom, imo. You only have a couple of seconds to get the attention of the person reading.

mine is skills, experience, certs, education

if you have experience, education doesn't matter

Like Zojja, mine is skills/certs, experience, education, projects. I'm at work, so no time to expand upon that currently. Also, are those links you provided Cyber specific? This is an assumption on my part, but I'm figuring no. Cyber/Professional Engineering resumes are typically different from "normal" jobs/resumes.

I'm also later in my career so certs matter less although I think I mention my certs in the skill section. It is more of a descriptive skill section (sentences putting multiple skills together into 1 topic)

Which is easier cyber security or ios dev?

ios dev is lower barrier to entry

but making money is hard until you get a following

@hallow sparrow @pseudo creek sorry for the ping just wanted to say thanks for the advice I will rearrange it today, also I applied to like 3 jobs last night as a test, and looks like all 3 have contacted me today for an interview lol

Gave +1 Rep to @hallow sparrow (current: #85 - 81)

Yasss

https://tenor.com/view/hahaha-lol-laugh-hilarious-lmao-gif-6450323867451562681

1gif

Hi im not sure if this is the right place to ask but we have to do a internship for school and i'd really like to do it at a pentesting company. Is this even possible and if yes is anybody familiar with the procedures? Thx in advance.

@midnight flame

jesi razumeo ti sta ovde brt

sve

HAHAHBRT

Huh?

nothing

just ask my friend

in serbian lang

Ohhh

something XD

ye bro

@warm hinge

do you know web development

I do not

u know some program lang?

Basics of Python

oh

u love linux more

Huh? Lol

like u love linux stuffs more lmao

not coding

like hacking and others

I mean I like both lol

yes but more

this

i think

I like OSINT more yes but recently been getting into pen testing tbh

Linux and Python go hand in hand with OSINT though

Hey y'all I have a question

what do you really need to land a helpdesk position ?

A+ is a must?

Okay got you thank you !!🙂

I would say it depends also where you from. And no, u dont have to say it. Its just in asia its different from europe and europe different from US u know.

well check the cable if it's plugged in

ohhhh yeah that's true

thank you i'll work on it

Gave +1 Rep to @hallow sparrow (current: #84 - 83)

High School Diploma or GED, or your countries equivalent, and apply.

If they're trying to fill a role and the certification is required, it's typically have it or be able to obtain it within 90 days of hire. At the expense of the company. You'll more than likely need to transition to a security role first. Gov pentest teams are small, in person relationships are critical.

Im already in charge of network security for my company. I wouldnt want to be a pentester working for the government directly though, but for a contractor.

I used Gov as a whole

Those teams are small. They're also on-site at a lot of places and travel a lot.

Sounds like getting my TS Clearance may have become more of a curse than a blessing then...

I may have accidentally pigeonholed myself into a sector that wont be the best for my future

🤦‍♂️

@idle pier here

Im here

What I mean is that by having a masters, you will be priced out of entry level salaries. Companies also will be reluctant with hiring a masters in an entry level role due to you leaving for a better role fairly quickly.

Isn't that a good thing then?

No, because they won't hire you

Because of the lack of experience?

But then what would say that im qualified for a cybersec job? Certs?

The cost of you, the risk of you leaving fairly quickly, etc results in the company not hiring you.

A bachelors degree and an internship are really all you need

Security+ can help

I see, and here i was thinking it would just make me better qualified/hired easily because i had a better Cv than the adversaries haha

It has the adverse effect

Overqualified for a entry level🥲 since i would have no experience i thought it would never be the case

I'm just a kid haha, I don't really understand these things. (Im 20🥲) But I dont understand how internships work

I'm having an internship in some company in about 1 year if i do manage to enter in this course

Apply to tech internships

But it would have to be a job related to cybersecurity no?

Oh, you have a co-op at the school?

No

Mine was IT

Why would they take me and not someone else that has a cybersec degree?

Yeahh something like that i would say

Im not really entering a bachelors rn, but i kinda am at the same time

If i do enter this "course"

Do you have any computing clubs at school?

A ( Ctesp ) ill have direct access to my bachelors, 1 year (ish) studying + 800h internship

I don't know? Im not really at school anymore

Im nowhere rn

I'm confused why you're saying "course"

Are you in a bachelors program?

I don't need to know why, but you should finish your degree

Because they call it a "professional course" yk i dont know if there's anything similar

No

I never started one yet

So it's not a degree

Let me ask a question first

I thought you were in the process of getting a degree

Does teaching system have levels?

From 1 to 8

8 being a doctorate

I'm assuming this isn't the US education system?

Not yet, that's what might start very soon haha

Exactly, its european (Portuguese)

Which makes things harder to explain haha

I am not familiar with their system, but I would ensure it's an accredited College or University

It is, im sure of that heh

But continuing, as you finish school here you end up with a level 3

12 grade

Highschool i think

Sometimes if you take a "professional" instead of the regular you'll end up with a level 4

Then we have the level 5 that is what im about to take

And 6 is a bachelors

7 masters

8 doctorate

Im not really sure if a post graduate program/degree would increase your level or not

Associates degree is 4-5?

Where im taking this, ill have "direct access" to the university, so all i need to do in 2 years is apply and im in.

I have no clue

I'd assume so, its the level after highschool and before the specialized bachelors

Ah then from what you are saying i would say so. 😂

But yeah, im just worried about not having anything saying that im fit/qualified for a cybersec job/internship. Which was the reason i would take the masters

I could also take a post-grad in cybersec to be specialized but it takes the same amount as a masters and at least the masters increases my lvl 🥲

Ofc this is all in a very far future but yk, i like to have somewhat of a plan

once you get a 2 years experience, you'll have jumped one of the most difficult hurdles

and remember, worst comes to worst, go work for the gov

how do you all advertise your room completions and awards from Tryhackme when applying for jobs. Do you just stick it in your resume or linkedIn?

Anyone good with Samsung phones? Need to bypass pin lock without wiping it. Samsung A15.

----> #room-help

Please don't post the same thing on multiple channels.

Also, folks don't simply help on this type of inquiries as we are not certain on the ethical implications of this one (e.g., if you are the owner of the phone, for what purpose will that be used for, etc ).

Getting a masters without work experience could work against you as some organisations will hesitate to hire you for an entry-level role.

Same with certifications, I think. It may look like you are just cert-hunting.

i want coder for my robitices work who know abt robotices and c++

Does completing soc analyst modules equip me for entry level roles?

No, but it is a good place to start. I would also look into the networking modules. If possible, go and practice on your home lab. The modules are just to introduce you to a new tool, it’s your choice to become proficient with them.

I would also like to add that don’t be afraid to mess something up, cause you will. We all have. Those issues or errors that you will get will help you learn a lot more than simply completing an exercise.

someone suggest do the BTL1 certification? For now i got the CyberOps of Cisco

which job boards are good and which ones should i avoid

BTL1 is certainly gaining recognition in the industry and a few people here have good experience with it

It depends on your country, but LinkedIn tends to be high on most lists of application platforms

That is a very broad question that is unable to be answered

Oh, my bad

Reading comprehension is hard

LinkedIn is also a wild and crazy place where you need to be on your toes. Speak corporate, not personal 😛

It is a very broad question and a lot of the time there are better local options in many cases

god i dont wanna learn manager speak

Yeah, LinkedIn is a job board that's trying to be a social media platform. You shouldn't join in on the social media side. Use it as a tool to research your next role

i feel dirty when i talk like that

You just need to be professional. It's a place to demonstrate your achievements, both academic and professional, your progress with actual work, awards you've gotten, to network and discuss job roles, make connections and demonstrate your ability to be a good fit for a particular employer, etc...

i'll have to get used to it i guess

rn im at a help desk job that encourages us to be personal on the phone

Well you should only be as personal as you should be professional. First name basis mostly, you're not doing their garden while they pick up the kids

i've never had to look for a job so im genuinely just dumb in this matter haha. But I dont see why would anyone hire me to a cybersec specific job without me having anything to my advantage in that area

i only thought about certs as it could be a good way to show that i might be genuinely interested/good in that area

Good way of putting it.

hell i want to start in cyber seurity i dont now the road

#start-here

You are asked to test an application but are not given access to its source code - what testing process is this? Is black box testing?

If they gave you no info except the target name or domain to start enumeration probably yes

yes

hey, I really wonder if THM certificates of completion do help in getting a job in the field? If so, I wonder which regions recognize and respect those? like US, EU, ..?

If you’re thinking if they’re recognized by HR, I’d say no

Its more of an extracurricular or a supplement to experience/education

yeah, that was obvious, but are these recognized by anyone to act as a supplement to experience/education?

So far here where I live, there are a few companies that do recognized THM/HTB stuff like that but its usually as a question during interviews with the hiring manager along the lines of “what do you do in your free time to upskill?”

Not with HR

If you're talking about putting THM in either of those categories on a resume, I would refrain. THM is neither experience or education, it would be an extracurricular.

Hii

Please any one can tell me how to start cyber security from 0 or scratch , I am new in this field please guide me

#start-here

Is a degree necessary to get into the pen testing field and if so what kind of majors should I be looking into?

Gotcha, thanks. I definitely lack programming knowledge since I haven't worked with it since like high school.

Gave +1 Rep to @hallow sparrow (current: #76 - 88)

Can anyone give me a path to learn javascript for ethical hacking,,i also know basic javascript and dom

Is this free?

Please give me some free path to learn javascript

I also have a basic idea about js,,but i wnna learn js for hacking 🙃

Portswigger is free?

@hallow sparrow You have the OSCP correct? Has that been beneficial to you in job hunting?

Hello, I wanted to ask if any proffesionals out there know if it's possible to start up a cyber security company online and it being all legitimate, not sure what the process would be if I am based in the UK

Starting a company would be my end goal

You'd need industry experience, a good network, potentially millions in startup capital, and very good lawyers/business insurance

What about like a smaller one, so not going to cost millions to start up, maybe restrictions on operations to fit with laws and such, would you reckon starting one on discord and working up would work and be more cost efficent for a normal person?

Starting a business is expensive, Cyber especially due to the risk involved. People are trusting you with their security.

I am just like starting to find ways I could progress to that stage, so what if it starts off as a IT solutions or something? website creation, game developement and then progressing up?

It might be better to do personal contracts in a server as it may cost less

Everything I said was to get something off the ground. Sure, you don't always need millions if you have an idea. Startups with ideas seek VC money though, which is where the millions comes in

All of these things are completely separate areas of business

Alright, so anything cyber security related might be better just doing as a solo?

Not even sure what this means

So like just operating by myself on cyber security.

If you're not currently in Cyber, or the tech industry, that's your first step

I wanted to also ask, do you know when you complete a module on try hack me and get a certificate as it states, does that count towards anything irl?

You need to have a network to do contract work, 1099 in the US. Your network is how you get work and build your reputation. You're going to need to start out working for someone.

It's an extracurricular. It's not experience or education

I am in the UK, I am sure they said it's not required to start doing cyber security solo, the certifications just makes me stand out more if I pay for the courses.

Who is they?

Online law sources

US and UK are fairly similar when it comes to this

I am not a lawyer, but you shouldn't always trust online law sources. I bet those articles said that they were not your lawyer, and to not blindly follow what they say.

Oh, I am sure it was something stating the Computer Misuse act 1990

I am very confused

So like aslong as I dont break those laws and have consent on the company I am sure it's allowed.

company or person, idk 😦

That's a gross over simplification

Yeh, I might ask a solicitor when I get to that stage 💀

Would you say it transfers to the skillsets as it would be in a real thing?

Self learning is not the same as professional experience

Professional experience is learning at the end of a hose in environments where the "right way" isn't always correct.

Whereas self learning is at your own pace and doesn't really expose you to how things are done outside of an educational setting.

THM needs a careers pathway. Not a path dedicated to a particular career path, but rather common pitfalls obstacles and challenges. Room entirely on alert fatigue. Room on imposter syndrome. Room on blue team false positive anxiety. Room on business friction. Room on unweildy insecure architecture vs budget constraints. Room on managing up.

Room on colleague interaction with non technical users

Room on 24/7 coverage / emergency callout

All the stuff you can't learn about through developing technical skills but will hit you like a brick wall in the job

hey was just wondering if someone could help me improve my resume, i have some stuff on there, but just want to get a second look from experienced individuals in the field. thx :p

You can post a picture of your redacted resume here for review

Right off the bat, change summer/fall/spring to actual months. ie May 2022 - August 2022

Your entries in each category also shouldn't be at the same heading level as the category headers

Your internships are experience, they shouldn't look like their own sections

how does this look

I'd rename Academic Experience to Extracurricular Activities, maybe Projects

Remove high school from education as well

I don't think so. I think in this case people have not understood the concept of THM. I don't presume to have understood it myself, but the things you mentioned are more a matter of personal experience than general validity.
Therefore, such paths would make little sense.

Such topics are also often company-dependent. At this point, it is perhaps better to talk to colleagues at work and find out how they deal with the problems.

But to be fair, i understand you.

Idk if this is the right place to ask but does anyone have any experience with hiring a coworking space for WFH?

I am work from home, and most of my collegues are also 100% remote.

From a business perspective, I do not have experience "hiring". From a technical interview and collaboration point, I have been doing that since 2019.

I mean renting a desk at a coworking space, I'm going to be working from home for a couple months but I don't work very well just stuck in the house

one thing you'd want to ask is what requirements your position requires. For us, it would have to be closed door type space

I know our company actually looked into coworking spaces for remote employees but the vetting often didn't meet our requirements

I don't have really specific requirements, mostly I'm worried about hidden costs or difficulty cancelling since it's just for a couple months

that might be a business expense you can either deduct from your taxes, or the company may be willing to reimburse you.

One strategy I use, is to mix up which area of my living space I use for work when I have trouble staying focused. Some days, I set up in my hobby area, some days it's a lap desk on the couch, most days it's in my designated office area

Your company doesn't have requirements for those that work from home? Such as a closed space that others cannot hear conversations as they relate to work? Having a locked door for any company equipment if you plan to leave your laptop even for a short period of time?

just something to consider as I know many coworking spaces may not offer a closed door space unless you pay extra $$ and even then they could be more like office cubes than a fully enclosed space

also depending where you live, check your local libraries. Some of them have rooms you can reserve ocassionally or even 'as available'. My old library had about 10 closed door 'study rooms'. They had power and they were fully glass so you could see into the library

I heard the Google cybersecurity professional certificate gives a discounted sec + exam voucher. Does anyone know if that voucher is only for a short time?

Does it make a difference if I have a cybersecurity company in the us/europe but I am physically based abroad?

I think it was one year

Ight thanks

Gave +1 Rep to @balmy lynx (current: #2220 - 1)

@stoic cave I mean like I have a cybersecurity consultancy company or whatever else cybersecurity wise and the company is registered in the us but I am outside of the us europe

You own a cybersecurity company in the us/europe?

No

I want to

In the future

I'm planning

And like all clients are us

Well, you'd need to register in each locale, pay all of those fees, have business insurance, hire attorneys, have a positive reputation in the industry so you can obtain work and build a client list, etc etc

Cyber is also higher risk, so a lot of orgs probably won't want to hire outside of their borders

Also maybe start off in your area first so you get a solid foundation and then branch out

Yea ye ofc but I mean just the fact that I don't live in the us, I want to know if that is something that will have a bad impact on the business

There's too many variables

You need to fulfill what I just mentioned and more to even have a business in name only, before you even do any work

Yes

What variables?

Variables like I just mentioned

Yes I want to know them so I can look at them for me

I literally just laid some out for you

.

For an example. They are very very successful but check point cybersecurity was established in Israel but now they also have a us headquarters. It’s possible but of course you have to have a solid foundation

Israel is a bit different

Your right. I forgot nato and our ties with them

I have the feeling that cybersecurity is a lot harder to make money in than ai

Like from a business prespective

Like everything is much more sensitive

Adds a layer of complexity and volatility to it

For ai who cares if the generated cat has three eyes

Eh if you create a ai and someone abuses it you gotta have some good lawyers

I mean from a client acquisition stand

It seems like it's much harder to get costumers because they have to trust you

For ai they don't have to trust you that much

Much less friction

I mean they are two different markets

Do you have a product or usecase?

You can't just sell someone AI

No I am thinking for the future

Are you implementing AI into a specific industry's product that could solve some of their issues? Are you developing your own model?

For sure but there's so much you can do with it. You'll find a good product if you think about it and if it isn't like cybersecurity where its super sensitive and omg one error and everyone is fucked type shit, I think it would be a better industry to go into as an entrepreneur

For a example. Private security is a hard market to start because you have to make a name for yourself. A famous person wouldn’t want a newly fresh made private security company to protect them. It’s the same with cybersecurity. You have to somehow prove yourself YOU can keep there information safe.

I think you need to do some research on how things work and build a plan if this is what you really want to do. Dealing in hypothetical questions isn't going to get you anywhere

It only starts from hypothetical

Everything starts from hypothetical

Hypothetical probably isn't the right word. "I'm going to sell AI" is incredibly vague and provides no bearing on how to proceed

Why? AI is a niche industry, there are no commercial applications right now other than chat bots

Why are you so angry

Chill out

Yes now it's not very useful but it def will dominate everything

Like all aspects of society, I think it's possible to create a product that lets you use ai with something that helps you make more money

Everything, maybe not? You know some poor IT still runs Windows 2003 somewhere

Adoption is a slow and gradual process

I'm not?

I'm being realistic. Businesses can, and have, ruined people. Going in without a plan and not having done some level of risk mitigation is a recipe for disaster

They have to trust you completely. What are you selling them? What does it do? Is it going to improve? What is the purchase/licencing model? They don't know what your tool is doing. You don't even know what it's doing, or how it works.

They don't know where you got your data, what the legality of it is, what the risk is with putting your tools in their business, are you going to steal all their data and trade secrets? Are you going to increase or reduce the volume of work being done? Are you going to increase or reduce the cost of doing business? Will it affect their company's reputation?

On top of that, nobody in AI is making money yet, except from investors, and they're starting to walk away

Does anyone know what cert path I should take after security+?

I want to do blue team/cyber threat intelligence

Don't spend your own money on certs. Sec+ is about the cheapest entry to industry you can get.

The entire point of certs is that they demonstrate competency from the business perspective, having the cert without work experience gives you no benefit, and may be a detriment if you are perceived to be a cert-chaser.

Bro what makes u rich could be an image generator of cats

And you charge

And people are happy generating cats

It's not that insane as cybersecurity

Like cybersec is much more sensitive

I have one year worth of experience as a IT support engineer intern

and 6 months worth of cyber security intern experience working with cyber threat intelligence and risk management

i have more internship offers lined lined up for next summer as well since im a junior majoring in comp sci

I was thinking that my degree in computer science, mixed with two years of internship experience and getting some certs before i graduate would put me ahead of others when appllying

i just dont know what certs to get

yea ty i've only heard of cysa out of those three, so its nice to know there are others as well

Gave +1 Rep to @hallow sparrow (current: #76 - 92)

will look into those tn

ok ty, would you say the cysa+ would be better to get past resume screens?

ok good to know

my internship pays for all my cert trainings rn with itprotv and im pretty sure cysa+ is on there

Nobody is going to pay you for an 'image generator of cats', since you can use free web tools to do that. Try again.

I'd listen to Juun's advice. You don't need a bunch of certifications out of school. Security+ is the only one that I'd recommend paying yourself. You're getting a degree, which is often a requirement, and you say you'll have two internships, which puts you in a good spot as well.

Just to reiterate what juun said, having certifications with no professional experience to match doesn't help you.

Can you tell me how to gain work experience without having certifications?

I'm 34 years old, and my dream is to start a career in this environment, but I have no experience in this field... so I think the only way to get a job in this field is to study and get as many certifications as possible to convince someone to give me a job opportunity!

Do you have any other professional experience?

You also have to understand the financials. You may be taking a paycut with the transition and you need to account for that.

one thing to keep in mind, is that usually someone works 2-5 years in a non-security IT related role before making the jump

sec+ is a good 'starter' cert, but there's a lot of context that has to be understood to be good at security, and you can gain the knowledge about how things work, but the practical work experience is the biggest/most important factor

I'm certainly aware of that, and I'd be willing to do it just to get started

I don't have time anymore to get a degree in computer science for example. That's why I have to focus on certifications, even if I'm still a bit confused about which one to choose... for now I'll start studying networking (cisco) and the basic THM courses.. and in a few months we'll see what to do

i've already some idea, red team attract me a lot and also reverse engineering

Hii everyone,

I'm a Master's student in cybersecurity. I'm looking for internship opportunity in UK or Online. Can anyone let me the ways of getting a internship specifically in Cybersecurity related roles. Such as Websites or communities where the jobs are posted often.

Hi there I just got my A+ cert and graduated from Northwest Career college. I'm confused on how to even get started in IT in general

Anyone in here working/used to be working as a SOC analyst? What is that kind of a job like?

Well until someone answers tryhackme has a career page that talks about soc analyst

I read through that, it seemed a bit generic, though. I was hoping to get a peek into some more personal takes.

It's generic because every organization is different and conducts their business differently. Different customers, different markets, different laws, and different policies means that one SOC analyst's experience is not the same as another's. There is overlap though, which is covered in THM's writeup and other sources you may find. It's typically shift work, has tiers, etc etc

Damn Zumi you are a mil-😝

https://tenor.com/view/duongcam1621-cat-hmm-smirk-gif-12766866

Hey everyone, hope you're all doing well today. I needed some advice regarding getting hired asap, I'm kind of in a tight spot, I'll be getting kicked out of home soon and there's not a lot I can do about it, I need to create an income to be able to afford living expenses, any suggestion helps, I am under 18 and will be for a while, I can't really rely on any external resources for help, I have a GitHub where I publish tools I develop, it's not beefy but I have some downtime before my host decides to pull all funding for letting me stay with them, anything helps

Hey, I am new to the THM team, but have worked in recruitment pushing 10 years. I would suggest firstly engaging with platforms such as PeoplePerHour and UpWork to increase your chances of securing project work, this will hopefully give you a string of income opportunities. From here you can apply and engage for hourly, daily and project work. After this I would then suggest getting on some active only recruiting platforms similar to LinkedIn where you can apply and communicate direct with hirers; cord.co, https://www.lhh.com/us/en/hired/, Otta, Hackerjob - Best of luck with your search

Feel free to connect with me on LI and if I see anything I can tag or send your way: https://www.linkedin.com/in/daryljb/

Thank you very much man

I sent a connection request on LinkedIn, I really appreciate you typing this out, it means a lot

Hi, I am a physician and medical researcher with a strong interest in healthcare data security. I'm currently enhancing my cybersecurity skills to help safeguard sensitive healthcare information. To this end, I'm enjoying TryHackMe to gain knowledge on major threats and ethical hacking. Since I won’t pursue a career in IT but need this knowledge for medical research and as a personal hobby, which basic certification, if any, would you suggest for someone in my position?

probably Sec+

tnx! 😃

anyone have tips on getting into linkedin?

i have a profile but i hardly use the site

Network.

Connect and talk.

i'm asking what it means to network

should i just add a bunch of people in my field?

Yeah.

k thx

btw should i mention THM on my resume/linkedin?

You can, the paths you do can go into an extracurricular section

As a personal interest, it's fine. It's not work experience.

Unless you are actually a THM employee.

Hey everyone, if anyone here use Mac mini or any divce with the M chip what is your experience so far especially with virtualization and hacking tools like burp suite and so.

Hey guys

I’m an official employee of GitHub so I can help I think

How can I apply to GitHub

I am. I really hope I can be of great service

https://www.github.careers/careers-home

Are you 18+

I can’t with that emoji 😂

Brotha said “I think”

I mean I don’t know if I can though. I want to see if I can

I was trying to hear some people's experiences to see if I could deal with the shift work or not. The technical work sounds very interesting to me, but I think I'd strongly prefer fairly consistent working hours.
Incidentally, I've taken the career quiz on THM several times now, and get either "Security Engineer" or "Pen Tester". Maybe the universe is trying to tell me something, lol...

Security Engineer is a catch-all in the industry. The role varies wildly from company to company

WRT shift work, low person on the totem pole generally gets the less desirable hours and has to work holidays

Its alright, I’ve done a few machines with it and so far it was smooth

SOC analyst deals with log analysis, incident response and some malware analysis.. Usually includes 24x7 on call.
SOC engineer deals with building the corporate wide tools (security stack deployment, logs ingestion etc) that the organisation uses... May or may not have on-call duty

But as mentioned above, some organisations makes it a 2-in-1 role and dont differentiate one to the other..
As a person who's "been thru it", my perspective also sees the significant pay difference..

P.S.: I'm currently a SOC Manager.. worked my way from 13 years in IT, last 7 years in Cyber.. (SOC, incident management, DFIR) Wont claim to be an expert as there are many more qualified people, but i'd like to think that i have a "non-philosophical worldly view" on things.. 😄

hello house, where is the best place to start my soc journey and what are the things i need please?

Hey everyone! I'm currently pursuing a BA in English Literature, but I've recently developed a strong interest in ethical hacking and cybersecurity. I'm planning to pursue CEH (Certified Ethical Hacker) and OSCP (Offensive Security Certified Professional) certifications to transition into the ethical hacking field. However, I'm a bit concerned about whether having a degree in Literature could be a hurdle when applying for jobs in cybersecurity. Do you think the certifications alone will be enough to get a job, or will my degree pose any problems? Would appreciate any advice or insights from those who've transitioned into the field! Thanks in advance!

If you’re still studying, its still possible to pivot into a relevant degree

I can't do that I tried a lot but couldn't happen

May I ask why?

Is not possible where I live

That sucks, I can think of transferring to another university. I know a lot of people who have done it but if the degree is a worry to you, I can assure you that once you get a job in IT, its gonna become a lot easier. I wouldn’t focus on getting any of the certs you said. Its better to take them once you have IT experience. If you really want to take a certification, Sec+ from CompTIA is a solid foundational cert. Other than that, I’d focus on networking with people and different orgs, dipping your toes in as much IT as possible. If you’re able to secure IT positions as an intern, that would be really great. Building projects is also one way to strengthen your understanding and a good look at your portfolio.

I know so should I start with the certs?

how far in to your degree are you @glacial plover

I have 2 years left

2/3 or 2/4?

2/3

UK?

India

Wish

ah okay

Well I can say your degree itself won't prevent you getting a job in cybersecurity, but it also won't help you get one either obviously. I would recommend to continue to try to swap courses with the university. Speak directly with the course coordinators and lecturers for any computer science or cybersecurity or networking degree at your university. Express your passion and keep trying different people until you find someone who is willing to advocate for you.

you don't have to switch to a cybersecurity degree, but something related would be useful, especially networking for example.

Pursuing certs is good too, Sec+ as @dense dagger said is a good entry point.
CEH is perhaps not so useful these days as it's predominantly a knowledge-check rather than practical skills
OSCP is gold standard for pentesting.

You could also use THM and HTB to learn about web security and web pentesting, and then try to apply those skills to bug bounty huntign to build real-world experience on platforms like intigriti, hackerone, bugcrowd etc

However, studying for additional certs and doing bug bounties is going to take time away from your studies of course. You may want to speak to an academic or careers advisor at your university to get some professional advice from their perspective on what you should do.

It wouldn't be right for anyone in this server to tell you to drop out from your degree and not to complete it, but you also want to pursue goals that are not related to it. So definitely try to get academic and careers advice from relevant professionals at your university. They will be best positioned to give you some direction and options.

I mean from where I am it's almost impossible to find a person who can help me in this

may I ask why?

I don't know much about India's higher education system sorry

There isn't

Their education system is straight forward, just get a degree and F off

I'm pretty sure from where you are you'd get at least some counselling we can't even get that we have to research and think for our future by ourselves

in that case i would say try to find a lecturer or professional at the university who at least seems to have a brain and ask them for advice on it, they may be able to point you in a helpful direction

I can try but it's hard to find a guy like that

there's always one good one somewhere, hiding lol

give it a try, or ask your peers who they think would give good advice. it doesn't have to be your own lecturer or a computer science one. Just someone who seems like a reasonable person who could give you advice on nagivating the academic system.

I will try

Your degree will fill the requirement of having a degree, but it may result in some door closures due to it not being STEM. Certifications alone are not enough to get a job, in fact, having certs with no professional experience to go along with them can be and is a detriment.

I would also avoid CEH

Your path into industry may be through technical writing, just a thought.

You mean I should just drop it all?

Not sure I understand. Technical writing is an important skill and Orgs hire Technical Writers. These are people who have a good understanding of the language being written, but also can translate the techno-jargon

It is but I'm more passionate about cybersecurity

Report & Technical writing is a huge part of cyber

It is a role at cybersecurity orgs....

It's your foothold to get into the industry, then transition

And I can get in through it easily?

Nothing in life is easy, you're going to have to work for it

80-90% of my day is writing and diagramming all manner of things, as a technical position

I mean will it be easier for me to enter as a technical writer than getting certs like OSCP etc?

I know that once I enter the IT industry it's easy to transition am I correct?

I would stop using the word easy. Is there a clearer path, sure, but it's not easy.

Having certs with no experience, as mentioned before, can be a detriment. The only certification that I would recommend paying for yourself is Security+

So should I first do technical writing to enter the industry then transition to Cybersecurity like pentesting and stuff? And does my chances increase with this other than just trying to enter directly as a pentester etc?

With my degree in Literature?

.

CEH is still a HR req in India - it's the only place I where I wouldn't actively discourage someone from taking it.

One thing to keep in mind is that pentest is not usually entry level to security - there's a LOT of background a pentester is expected to have, and just being able to do some THM rooms or the easier CTFs is not sufficient to understand what a pentester does and is supposed to do.

Not trying to discourage you, but please just understand that pentest is one of the riskiest security activities and the tolerances for juniors or freshers making mistakes are not nearly as lenient as other domains.

I know that it's really a responsible job

"Responsible" really doesn't factor into it. Risk assessment, scope, prioritization, communication are as equally important as technical skill and knowledge.

Yeah but can I enter the IT industry with this method and can it increase my chances of getting a pentesting job?

Interesting, will bear it in mind thanks

Gave +1 Rep to @flat sedge (current: #10 - 779)

Does anyone have any good recruitment websites for entry level jobs in Cyber response / threat intelligence/ OSINT - remote or UK

linkedin

@minor linden

hey!
i have 2 job options for my first cybersecurity job and cant decide which has better future prospects in terms of pay/growth, AI taking over parts of the job and other factors. im interested in purple team so im

first job is a SOC analyst in O2 where i would have to do 12h shifts sometimes over weekend, or over night but with extra pay for such shifts. they have good benefits and are long established on the market, and said i can work upwards from L1 to L2 in a couple of months (if im doing alright), where i only work 9-5 shifts, meaning its better above L1 in terms of work hours.

second job is in a pentesting company. they offered me higher start pay, and job is pentesting. however they required me to do hackthebox pentesting course and eWPT certificate to get a job there, but once i do, the job is guaranteed (so they said).

given all of this infornation, which of these 2 is better option in your opinion in a long run? on the interview with O2 they said that more of pentesting is being automated or likely wont need human pentesters as much as SOC operators... which seemed may not be entirely true, but then i dont have much info regarding this, so i figured better ask here. any help is welcome, thank u 🙂

Damn. I would reconsider the second offer. Dropping money on certs for a “guarantee” is not, in my opinion, not in your best interest.

There really is no guarantee you’ll get the job. Try to ask if its possible for them to sponsor it, try to negotiate on that.

IMO, the first job is more hard but starting as SOC is a really good way to get into other jobs in cybersecurity

i thought of that, but thinking i have 0 xp, would i be in a good negotiating position for that to succeed? i kept thinking its a ton of money but i could still have cert for jobs outside of this one, so ultimately a win win?

Assuming you pass...

That's the part people often forget.

Even then, there is no real guarantee

So its like taking multiple certs amounting to 800-1000$ for a “yeah, we’ll hire you”

A more probable scenario is “hey, we’ll make you take these certs after you get hired and you’re required to pass it or else you pay us. After you pass, you get a bond for 2 years”

that even sounds better cause the job is still in place already

Yeah, you should probably try to negotiate on those kinds of terms if you’re comfortable on that

certainly, i wouldnt mind asking/trying to probe it out

what do u think about the part with AI taking more of a workforce in pentesting? do u think its true or just an HR talk?

that part rly caught my ear cause theres a ton of info on this out there but its seemingly contradictory

The 2nd job offer sounds suspicious to me.

the first one sounds solid.

how are they making you a job offer before you're qualified on the precondition that you get qualified before you start? that sounds very odd

also, starting off in blue team is a great way to get a broader idea of the cybersecurity career landscape

A lot of recruiters, especially in colleges/unis, or at job fairs will have people asking for role requirements, and for a standardised role, they're going to have a minimum set of measurable successes. They know that course x and exam y cover a good deal of their entry level requirements and so that's what they state for some standard entry positions. They'll know that if you do course x, you'll have learned that certain set of techniques and tools to a certain level and been tested on it. They'll also do cert y because they need people who understand those skills so when they start the job, it will be easier to direct them and have them learn and perform other things more easily

yeah, but this is context dependent, user didn't specify jobfair did they?

Doesn't matter the context, this is standard fair for new people going into the industry that they might hear from potential employers

i would be sus of any conditional requirement like that.

Several years ago, I got a conditional offer for a TS/SCI position assuming that my then-unemployed self could get through the clearance process. the problem with that was, there wasn't a place for me until i got the clearance and the clearance process was estimated at 2-3 years.

that's a long time to be waiting on a job, and many employers would pass not be willing to extend an offer with something like that pending

A lot of the time, for junior positions, they're just standard industry minimum expectations for a particular role, i.e. show evidence you understand concepts 1-10 by doing this course, or having a degree, or x amount of experience in a field.

For something like needing clearance, you'd probably already have been aware of the conditions and been making sure you measure up before applying, and probably started working somewhere else in the meantime. A conditional offer is going to be dependent on their expectations that things are moving a certain direction, but of course, 2-3 years is a long time in this game

Can I ask something for my particular case

I'm currently looking for help desk jobs

But where I live every help desk job has 500+ applicants. So it ain't looking good for me

Is it really worth it to go that route?

For context I'm an electrical project manager

And have been in this field for about 10 years now

Or is help desk more so for someone who is fresh out of uni with no work experience?

https://tenor.com/view/cute-frog-glass-abi-toads-toad-sad-gif-3111019021779484852

You're more than likely overqualified for a helpdesk role tbh

Strange spot to be in

So does that basically mean I'm cooked?

I mean what's your goal?

Initially cyber analyst role

Honestly I don't plan on staying in a particular field within cyber for too long. I think it evolves so quickly it's hard to make a 5 year game plan, but that's where id like to start, because all skills are transferrable to different roles in a way

And I was willing to go the long route to get there through a help desk role

But it's actually quite difficult for me regardless of my cyber certs

I don’t think cyber moves as quickly as people say

The same stuff still plagues companies: asset management, vulnerability management, log analysis, etc.

so whatever role you get into IT or Cyber, I still believe it’ll be relevant in 5 yrs

Correct me if I'm wrong, I know help desk is a good foot in the door path into cyber security, but what I think I'm seeing is that it's a good foot in the door pathway for a large assortment of IT roles.

Which probably explains the 500+ applicants for each job ad

That’s true but you don’t need to limit yourself to helpdesk roles

All I do is study but my knowledge of different pathways is limited, if you have any suggestions for me that would be cool

Do you pay in iTunes gift cards

How about DoorDash

Not something i put on the internet

But do you pay in door dash gift cards?

What about Vbucks

Because i think im funny

Would you like my credit card details including the security numbers on the back so you direct debit it into my account?

:hammer: kenjiimai#0 has been banned.

Lol

May I ask questions about university major and career?

You can ask any questions you like here and people will try to answer them

Hey guys just thought of dropping this piece of advice that has been working out for me in massive ways to my and fellow friends here 😁😁🎧🌄😳😳
Stay positive and keep pushing! It’s all about staying focused and regrouping. You just need too find a method that works best for you even tho you are doing it and it's not working out the way you planned or you have a store and ain't making any from it yet or you are just planning to get started but you feel so scared of losing just find the right people that you know that have been successful in this to guide you you through and it gonna work. Believe it's possible and you are half way there. Peace be onto you🙏🙏

I want to study at CMU or other university to be a cybersecurity engineer, but the problem is I don't really know which major/program I should choose for Bachelor's of Science degree. If you have enough knowledge in this topic, can you help me with that?

It would usually be more beneficial to take a Computer Science degree if you can do that. It makes it much easier to transition to other branches of computing with such a broad range of skills. A cybersecurity degree would be beneficial if it also included networking, operating systems, programming and other related topics to a reasonable level.

In a lot of cybersecurity roles you'll still be expected to pursue professional certifications, and different organisations have different standards and expectations. They may also have a program to assist with the costs associated with specific training that org wants you to pursue

Computer Science, overall, is a much better degree to have than Cybersecurity; security degrees tend to pigeon hole candidates a lot more frequently, and are seen as being less broadly applicable even if the difference between a compsci and a cybersec degree is a handful of electives.

Hi I have an interview with ibm for an internship as a security engineer someone have experience or tips to give me plssssssss

Backwhen I was applying for a networking job I found it useful to research common interview questions - that can come from the interviewer and prepared for them

but really just talk about the experience you have, the things you know, and when they see and hear what you can do that's often enough to leave a positive impression

Thank you for the advice

Hii everyone. I've been wondering. How valuable is the Junior Cybersecurity Analyst Certification by Cisco. It's a free course but is the certification recognized in the professionally?

You will likely learn a lot of really good basic knowledge about cybersecurity, especially with respect to Cisco systems and platforms.Might be considered a good basis, but you will also likely be expected to pursue other qualifications as you progress. While it's unlikely to gain you a role, it can show your determination to learn and follow a particular progression path. When you're in cybersecurity, you're generally going to be expected to continue learning and developing your skills, no matter which direction you choose

Hi Family,
Any ideas for Cybersecurity Awareness month

yes, learn some cybersecurity

That is not ethical 🙂

i forgot to say that after it tell them that they need to learn more cybersecurity if they got pranked and phishing campaing should be not harmful

but i understand

Be aware of cyber threats

how long do internships normally go for in cyber

I don’t get it

How is a phishing campaign not harmful

If it's part of a campaign to gauge and raise awareness of risks within a company as an internal test, the campaign would not actually be malicious. It'd be more of an information gathering exercise

Otherwise yeah.. of course it'd be potentially harmful 🙂

Maybe I've got the wrong end of the stick..

I mean isn’t it supposed to replicate a potential harmful phishing campaign so thus it is harmful but not because they aren’t using the phished credentials for bad

But to teach

Depends.. where do you stop with the campaign? With a click on the email? With entering credentials on a mocked up login form?

You could go to both extremes, but at the end of the day the point of the campaign would be to raise awareness and the ability to recognise a legitimate email

True

There’s two sides of the coin here as g0blin stated. Phishing for awareness is usually done as an annual exercise for users to learn not to click links. This is usually a user clicking a link and then maybe getting redirected to a page that says “hey, you got phished by the IT team”. This usually is done on a select group where whitelisting the domain is done or they use third party tools like KnowBe4 to conduct the phishing campaign. This measures how your users are susceptive to phishing emails.

On the other hand, phishing for access falls under red team campaigns. It measures both how users are suspective to emails and engages your security systems i.e., can your IdP see high risk logins, can your EDR, Email Gateway, etc. detect these

Annual?

Isn’t it usually an annual exercise or is that just a nice to have

I mean, a lot of places just do it as an ongoing thing 🤷‍♂️

I get a bunch of them at random intervals throughout the year.
Granted they're identifiable as phishing attempts from a mile away

I see, there is added benefit to just do phishing campaigns at random intervals, even seasonal where users can be more likely to click

Doing it on a select group is also likely to miss things. Better to sample a percentage of employees with each campaign than just select a group for all of them.
These things also often trigger internal training

i.e., click the link, get pushed into mandatory phishing awareness training. That's the real benefit of them.

We had a campaign run a while ago, just before a company wide meetup. The team were very sneaky, using information not widely circulated online and prior knowledge of the meetup (being internal) to make a very convincing campaign. While I feel they cheated a bit, a dedicated malicious party could well have come up with the same technique, and I'll admit, I clicked the link.

There are a small number of recommendations you can make the team aware of to recognise an email that is not legitimate, but it takes the exercises to really push home the fact that there are those out there very talented at making believable and very convincing campaigns that can lead to breaches.

Getting comfortable, trusting emails to be what they are, keeping vigilance is a tricky thing to get an entire company to adhere to. It only takes a momentary lapse to start that first step to fall into a trap.

Just hammers home the point as well: anyone can be phished. All it takes is a moment of stress / fatigue / whatever, and the right campaign can slip through the gaps. Which is why awareness is so important

That and having a non-punitive response 😄

Exactly

"no blame culture" is so important

Yes, perhaps someone could have been responsible for an outage, for a bug, for a breach

Also proper end point detections

But it's not a single persons failure, it's a failure as a company

Education, awareness, training

Sorry, "upskilling" is the word we're supposed to use now 😅

Most of the campaigns we are targetted iwth are thankfully "Hey ch4p, this is x, we need to talk, can you call me to do x please" From: x@hotmail.com

lol

But vigilance always needs to be promoted, regardless of how useless the majority of bad actors are. You never know when you will get hit by a group that actually knows what they are doing, and know how to do proper intel gathering on the company and roles.

For example scattered spider is known for there social engineering techniques

thanks for answer

Gave +1 Rep to @rugged delta (current: #18 - 428)

thanks a lot\

Hi there , Is A+ or Network+, required for starting in bug bounty?

No

You would be better off polishing your skills in TryHackMe, HTB, or PortSwigger’s labs

Has anyone tried a Udemy course for the CompTIA Security + exam?

I would use Professor Messer on YouTube

If you want practice quizzes, Jason Dion's are good

Ok, thanks, I'll try it out!. The Udemy course is very good but a little TLDR-like . I'm not a total newbie and I want to get to the core basics of the test.

Thanks.

Gave +1 Rep to @dense dagger (current: #21 - 403)

Hi all. I've completed Jr. Penetration testing and Security engineer modules on TryHackMe. I also know the fundamentals of networking and linux (I'm a senior backend software engineer). I'm planning to also finish red teaming and devsecops in the next 2 weeks. My final learning goal is to make 1000$ on hackerone using bug bounty (not because of the money, but because that would prove to me that I learned a nice amount).
My final goal is to be able to provide cybersecurity services for my own products.
My question is, do you have a better idea for the final learning goal? Maybe some other suggested learning path?

I am new can you help me to choose our carrier in Cyber security

Which field is better for me

It depends on what your interests are and what your background is so it isn't something others can recommend without having much context.

TryHackMe has some learning paths for different areas in cyber security. Try them out and see which ones you like.

@trim gust Can only recruit in the appropriate #jobs-board channel, which requires verification prior to being able to post in that channel. 🙂

sorry about that @distant pier

@broken idol

This sounds very illegal

also the third time they've posted it since the 15th

Hey guys, I like THM very much as it is a whole new world for me with lot of practical exercise, but I also wonder at what extend THM helps in actually secure and perform at a cybersecurity job. My questions can be summarized as below:

• Does completing THM learning path helps to get the security certs? If yes, by how much? (In terms of the knowledge gained from THM)
• How would you suggest, complete the THM learning path before studying for the certs, or just start right away?
• For those who switched or are switching career after using THM, do you mind sharing how you think THM helped in your career switching process? I would love to hear if you don't mind sharing the biggest obstacle you faced during the progress.

I am sorry if the question list seems to be long and annoying. I wish to proceed with care and efficient, as I have to budget carefully. Googling gave me answers from 2 years ago, so I am thinking asking here. Thanks in advance.

THM and the Learning Paths can certainly help improve your understanding of a topic, in pursuit of certifications, by giving you a good overview of the working processes and skills you will need to learn as you progress. If you're considering pursuing a certification for a particular role within cybersecurity, the community, as well as mods, mentors and staff, are always willing to provide input.

If you want to ask questions about a particular role and the skills you might need to acquire, we can certainly help you consider resources to augment and improve your understanding of a topic, or discuss what certifications, learning resources and practices might help you along a path.

You can read some of the Success Stories from Try Hack Me's userbase at this link:
https://tryhackme.com/r/resources/success-story

Does the OSCP have any open-book or notes-allowed element, or do you have to do the entire exam based on your brain's ROM

cool

Thanks

Gave +1 Rep to @hallow sparrow (current: #72 - 104)

is the JR pentest path worth anything for careers?

Im sure that if you end up learning anything new from that path, it's worth something.

what about in terms of the "certification" at the end

Its definitiely a great starting point, but doesn't hold as much value as say PenTest+ or OCSP

To clarify, what you will receive upon completion of any THM learning path is simply a certificate of completion and not a certification that THM issues and attests as valid. However, what the key takeaway from it will be the learning / hands-on experience which you can build upon.

How do u guys feel about the google it support and cybersecurity certs

About the Google certs itself or cybersec certs also in general?

Google has a cyber-security one as well

Like

Both

Also uh

I'm considering the isc2 certified in cybersec cert aswell

Should I do the isc2 one first

I probably should

It’s not something I’d recommend

Even the ISC2 CC

The ISC2 CC is not worth it as it doesn’t rly have any leverage job wise. Its course content is shallow in terms of other content and its not rly free. You pay the ISC2 membership fee to get the actual cert.

The google certs aren’t rly something employers look for also. Its also expensive as a course (50$/mo) unless you aim to finish it in 7 days and has the same issue that its content is shallow (in terms of other courses that also offer the same “beginner” pathway)

As a beginner, I recommend learning and gaining experience before trying to get any certifications. Preferrably the certs are reimbursed or provided by your company.

If you’re a student, I recommend THM and HTB Academy to learn, join CTFs, build projects, etc.

I got a long way to go but for rn I'm in a cte school and I got my comptia competency in tech fundamentals cert, still waiting for the comptia tech+ exam to get issued but I'm currently doing pc pro/A+

I mean those certs wouldn't be bad for my portfolio right

I aim to get like majority of the beginner certs to get a grasp of each section like aws cloud practitioner fundamentals and etc

If you’re paying for it out of pocket I’d rather not

There’s rly no use since you’ll outgrow it pretty easily

maybe i can get scholarships out of it

Idk

Plus if your concern is building foundational cloud knowledge, just set up an AWS account and don’t go beyond free tier

If you’re aiming for scholarship for these certs there are definitely ones that focus on AWS Solution Architect - Associate

Thats a rly good beginner certification that actually tests your AWS knowledge

A recent graduate got a full ride for having some comptia/testout certs, ceh and red hat system admin so I'm kinda tryna do that

That's good to know ty

Gave +1 Rep to @dense dagger (current: #21 - 405)

I'd have to agree on this one sadly. I would suggest @exotic tapir to check job boards to see how many are asking for the said cert.

would it be a good beginner cybersec cert just to learn the basics? Btw what are some other beginner cybersec certs?

I mean idk how much it costs to obtain it but still

Ik it's "free"

You can look at Professor Messer's Security+ materials to get you started on cyber security, but if you can look at a few IT basics stuff just to set the stage, that will prove useful.

Ty for your time

And help

Both of yall

I see, so that means my questions is considered broad I guess
I am thinking of going into SOC and then Security Audit. I think ISACA cert is more relevant?

From an audit perspective yes, but from understanding what it is you are auditing, Sec+ (coupled with THM) will be more useful imho.

Can we say PIM is like authentication and PAM is like authorization?

Sort of, PIM is used to assign and manage accounts. PAM is mainly about authorization, but it also keeps watch on the actions taken by privileged accounts.

PIM is used for authentications yeah.

Thanks

Gave +1 Rep to @broken idol (current: #1 - 2795)

Hey guys, i have been having trouble as a new jr security analyst. I was given a threat intelligence task to do on certain domains. I started with google dorking, and found that these domains exposes the non standard http port. The reason they said they're doing this is because they said that they cant afford to use different IP's. But i still thought that this is a threat. Which got me into an argument me the network security guy.

Am the one who's wrong here?

why would running http on a non standard port be a threat?

You are making it easier for the hacker, instead of scanning the entire ports the hacker would only check this open port which is displayed in google. For example ( mydomain.com:8909)

Huh? If anything using a non standard port helps to prevent that

as opposed to... port 80 or 443?

Albeit security by obscurity is not sufficient

Yes

If you want the simple answer to your question: yes, you're the one who is wrong here 😄

just because 1 port is used, doesn't mean others aren't. But a hacker knowing what is on a port isn't a threat in of itself

If you want the longer answer: if something is exposed then it's a potential attack vector. Doesn't even remotely matter whether it's exposed on its "default" port -- those are just a convention anyway

🥲💔

It's really embarrassing. I argued so much about this 🤦‍♂️

being wrong and learning is the fun part. Whats fun if you always get things right?

Did you not have seniors to run this past?

The reason i am upset is that he concluded that i know nothing about networking. And started quizing me on IP classes

it depends on how you approach it but I'd approach seniors with an open mind and even say things like "I don't understand, can you explain why my thinking is wrong here?"

No, i am the only security analyst here. This is my third week and there's barley any guidance. Its my first job in security also

Um

RUN

Yep at the end i thanked him for pointing this out. But still felt embarrassed

Lol

Yeah, this... doesn't seem sustainable

never be the only security person in a company if you are a junior

Especially if it's your first role

I mean I'd say never be the only security person in your company ever but

Any time i have a question i ask in descord and reddit 🙃

I am always thinking that, i feel stressed about this every day

I repeat what Muiri said, that isn't sustainable

Precisely. It means that you're the scapegoat if anything goes wrong

If your company gets breached, it will be your head on the chopping block

and you can't give security guidance because honestly, who is going to listen to a junior?

Thats exactly my problem

Not to be harsh, but, uh, especially after you just got into a heated argument with Networks to argue that non standard ports are an issue

I've been a mid level and had difficulty with people listening to me, but I was able to shuffle those people off to my manager

And even when i point something as obvious as they should stop using carcked software. And update their software more often. No one takes me seriously

Nobody, of course.

i'm going back with RUN

Wow....

I wish—the problem is that I am in a bad financial situation. I just graduated from college and got a job here not very long after receiving my degree.

Soon is a one year contract 💔

well that sucks

Yep

Thank you for your help

As i said i have zero guidance sadly

Hi Everyone! Im new the the discord and was hoping to maybe get some advice. I got my first job in IT about 6 months ago working as an IT Support Technician at a hospital and I am trying to get into the cybersecurity field. I don't have a college degree, but I did complete a 10 month, 400 hour cybersecurity bootcamp about 10 months ago. Since then I also got the CompTIA Security + Certification and have been continuing to learn as much as I can through things like TryHackMe, Youtube, and other hands on labs and experience. I was thinking about going for another certification but I have not decided which yet. I was hoping to get some advice on possible next steps I could take, certifications I should get, or really anything that could help me get closer to getting into the cybersecurity field. Thanks!

Heh

@hallow sparrow when you did OSCP was there any reason to write your own windows process/dll injectors or is that outside the scope? sorry for so many questions about OSCP, just trying to get my head around how much I need to actually prepare

Wayyyyyy beyond the scope of OSCP

That's covered in OSEP

is OSCP just way easier than everyne makes out

Technically it's foundational.
The difficulty comes from rabbit holes and requiring a robust methodology

If you're not good at managing your time, or you get flustered, you'll probably fail.
If you do the course and keep your head in the exam, it's straightforward

Exactly that ^^^

how obscure does it get? am I likely going to need to be super proficient in, say, DNS tunnelling

cool

my goal is like

i want to be insanely overprepared so that OSCP feels beginner-level-easy when i finally do it

yeah it's on the todo list

i mean i hope i'll have a similar approach to you re: caveman / low hanging fruit.

is there any defense evasion component? Am I going to have to worry about stealth scans and IDPS?

plan is to have my prepared notes sectioned like

| [context e.g. port scanning]
[low hanging fruit commands and procedures]
[other shit to try in the event of certain obstacles]
[ Nuclear options]

and then hopefully not have to go deeper than low hanging fruit lol

bash my head against the brick wall until it works, got it

thanks

Gave +1 Rep to @hallow sparrow (current: #71 - 106)

do they give you a VM to work from for the exam or do you use your own machine and setup?

no i know sorry, just some of that isn't 100% clear from the exam rules (already read them)

noted

@undone shore thanks also, missed you on the robocop rep there

Gave +1 Rep to @undone shore (current: #9 - 787)

no i totally get it dw I appreciate it

I just had qs floating in my head while i sit here grinding THM and should've paused for a second and thoought that I could probably find these answers elsewhere too. But sometimes it's good to hear from someone who's been through it already

i feel pretty confident when it comes to methodology and strategy. Where i'm going to trip up will by hyperspecific technical knowledge, or [redacted] powershell commands

so i'm more concerned with how i prepare for the exam, rather than the exam itself

making sure i'm confident in the correct areas

i still think a lot about how actual education and certification in our field is still relatively in its infancy. You know other fields like finance or whatever have existed for so long, the big institutions and legal structures exist to define appropriate qualification and requirements

but for us such requirements really primarily exist in the form of enterprise compliance, NIST2 , SOC1+2 etc and are for business not individuals

it seems it's only in the last few years cybersecurity degrees at universities have started appearing

I think i'm hopefully a bit more the opposite end of the spectrum where like, probably i would miss a rabbit hole because I wasn't expecting to to go down that level of complexity or something

has anyone here worked with/works with Fortinet systems?

If you have a question, just ask.

that was the question

You've been here long enough to understand that asking a question, to ask another question, is counter productive. What are you looking to get answers to, more specifically? Their use in industry? Vulnerabilities?

instead of asking this, ask the question you would ask if someone responded "yes"

that was the question

I wanted to see how popular or impopular it was by how many people would answer yes and how many people would answer no

tbh THM is not going to be a good measure of the popularity of Fortinet products because a large % of people here are still trying to get their first job in cybersecurity, let alone familiar with enterprise tooling

You can break that down multiple different ways. Just security hardware? All networking hardware? Are you including FaaS? The best way to get the answers you seek is likely going to be looking at the market share in each of those areas.

although I've worked in the network security arena and have worked with firewalls as well as familiar with what my company uses, I am not familiar with fortinet but if you google them, you see they made 5.3 billion dollars last year so someone is using them...

are cybersec people using it?

i'm sure some are

maybe reddit r/netsec may have more insight but you don't make $5.3 billion by not having your product used

also from google...

Fortinet has market share of 4.71% in networking-hardware market. Fortinet competes with 368 competitor tools in networking-hardware category. The top alternatives for Fortinet networking-hardware tool are Cisco with 35.72%, Cisco Switches with 11.50%, Cisco Routers with 10.06% market share.

but also consider something, depending what type of product you are talking about, consider that understanding networking / network security / similar functions is the most important aspect vs a specific hardware vendor

hey people