#cyber-and-careers

Resumes tailored to job descriptions can help you land an interview.

damn ive been doing everything to avoid admitting i can't use my AI resume for everything

What are some intern/entry level jobs in Cyber Security industry?

Usually from what I see, SOC L1 and Security Analyst roles are very skewed towards entry level job pursuers

SOC level 1

But tbh, any security role plus slap in a “Jr.” will most likely be looking for entry level

What about internships?

I thought this is just a pathway in THM 😅

whatever you can get your hands on 😄

So, I'm f***ed...

It's a tough market out there at the moment. Yes, there's a purportedly large number of cybersecurity roles that need filling, but cyber isn't an entry level field, and they're not looking for entry level players. Perhaps they need to start showing peoplee how they want them to level up, but entry roles are now far fewer, so if you can get an internship, go for it. Or IT, helpdesk, whatever gets you on the ladder

So, what exactly gets me up the ladder? That's what I need to know

Do you have a degree? Previous professional experience in any industry?

No

When you're applying for a job, you need to be able to show you have skills and experience. There's a lot of things you can learn on THM, such as the relevant paths for each of the roles you might encounter. After this, you might consider certifications, specialist courses, books, partaking in CTFs, going to conferences, writing a blog/doing writeups, keeping your own github, and adding such things and the skills you've learned to your cv/resume.

Having a degree and professional experience, from basic IT support onwards can show you're working and learning as you go.

You need to show that you're continuously learning. Many certifications have a Continuous Learning program, where they require you to show your achievements/learn new skills as you develop.

https://tryhackme.com/r/resources/success-story

OK, so you need to either obtain a degree or build your professional experience.

Common starting point is IT Helpdesk

This... Is a lot to go through

Thanks

Gave +1 Rep to @dense dagger (current: #21 - 408)

Wait. There's a cool down period for thanking?

ye

a couple of minutes

Oh, I'll come back and thank you later

Sure, sorry if it is not the right channel to post 🙂

It's just we have a requirement for recruiters job posts to be verified, that way we can assure our members aren't getting signed up for illegal stuff, protection for them etc.

If you get verified, you'll be allowed to post in the #jobs-board

Gave +1 Rep to @alpine marsh (current: #7 - 882)

is it possible to get any entry level IT jobs with just the network+, if so what kind? I just wanna land that first role and then continue on advancing my career and working towards more certs

Its pretty possible to get an entry level job without a cert

I agree with @ember meadow

You mean like helpdesk jobs or it technicians?

how do you showcase you have the skills/knowledge without a cert tho

Comptia certs are pretty basic bro, better opt for something like CCNA/CCNP+BSCP

depends i got to IT with no school or cert in my opinion you just need to pass the stupid interview where they will ask questions like can you reverse binary tree whitout using your hands or something like that. Its hard but you need just keep trying i got it on like 9th try

If you've graduated high school, or your equivalent, you can apply for Helpdesk roles.

You aren't required to have anything

i never knew that, thank you. so for a complete beginner, would they train you from the start or would they require you to at laest have some background knowledge

Gave +1 Rep to @stoic cave (current: #17 - 459)

If a job isn't training you, you probably don't want to be there. Especially as a junior.

I would know what a computer is and it's components. As well as the purpose of each component

are there any online resume builder apps besides chat GPT?

flowcv? Or just any document editor

thx

Hi guys\

@haughty cobalt hi

Hi

Nice to meet you

i m pretty new to this sysec shit but hope i can help @haughty cobalt

Thank you so much

Gave +1 Rep to @hardy sonnet (current: #2237 - 1)

I am developer, So I need remote job.
Can you help me?

man i was a developer in C# for one year and then i begd my team leader to move me to the pentest position so i m afraid if you are not from Slovakia which is pretty unlucky spawn point i cant help because the money they are paying us is pretty joke compare to developed countries

What’s the best red team cert?

@grizzled belfry why do you think you need a cert? just asking because its usually a lot of money what position are you aming for

The one that's required in the job description

Different jobs have different requirements

@stoic cave that is a good point

My job will pay for it, just HR recognition

I didn’t Google 😦

well then what is the next job you want to have

and then you tell them to pay for it and skibidi

CRTO is supposed to be good, doesn't necessarily have the recognition though

it depends on which market you are in or in which location you are like geographically

I don't understand
Can you explain it further?

@haughty cobalt
I was a programmer in a German company, I worked on angiogram, and when I was just starting my career, I asked my team leader to move me to cyber security, that I would do everything for it, and now I am there, and because of him, I have two college students and one high school student on my neck, but I do it what I enjoy more is breaking applications instead of building them very long story short

Won't you hire me? please....

Won't you hire me? please....

@haughty cobalt well first thing i m not in the management you still need to work your way with HR second i dont know where are you from but you will probably get more money from working in MCdonalds than being cysec professional in my country

Do you know anyone who would hire a developer?

What kind of skill do you have?

Hi there! 👋

I'm seeking a job as a Full Stack Web Developer and UI/UX Designer. 🧑‍💻 I have 8 years of experience in front-end and back-end development, and I specialize in building websites, web services, microservices, and apps from scratch. 😉

If you have any job openings or new ventures arising, please DM me.

Thanks!

Gave +1 Rep to @ember meadow (current: #180 - 38)

Agreed lol

“new ventures arising”

Im not hiring but that is a pretty good resume, you can always look at linkedin for something you’re interested in

thank you so much

Hello

Hi guys! I wonder, is it normal in cyber security field to have a mentor? I am asking, because I am quite new to this field and I am learning a lot, but I sometimes struggle with how to transfer the theory to practice. I thought that having someone besides with experience could be a huge difference. If that's the case are there any platforms that offers some kind of unofficial more like friendly mentorship? (or anyone here with experience and some free time to spare by mentoring and building a new friendship this way?)

@crimson star Feel free do DM me whenever you need help 🙂

🙌

I mean, aside from the fact it doesn't actually say anything, or back up any assertion

Hi team. Is there any member here doing freelance?

I like cyber skills but it is a tough wirk to find local businesses recruiting cyber sec professionnals here.

So I intend to offer services as freelance over Internet. It will be fine to have a mentor to guide me.

"Freelance" work in cyber isn't really a thing

You could do contracting, but you'll need a good amount of experience and will depend on the client / employer

Only kind of "freelancing" you could do I guess would be bug-bounty

if you have a good skills, let try to search for remote work.

sharing my work history.
IT support role
Network and server administrator

i have worked alongside the security teams on conducting audits.

how can i transition to a security role?

Do you have security+

nope

I would recommend getting that certification, as you have professional experience.

it would cost a lot and i am broke at the moment😅.
I just want to know if ISC2 CC would work?

Security+ is the baseline for Cybersecurity

CC is not on the same level afaik

Tech companies are laying developers, every one is switching now to IT

And I think IT will be replaced by AI soon

No

So you watch tech news

Right

IT won't be replaced by AI, that's fearmongering at best, imo.

hey guys im in my junior year in college and im looking to see my job in cyber security and everyday day i see many resources many project oppurtunities with my peirs and sooo muchh stufff the thing is ,its really confusing for me what to do exactly for me to land a good job or do something that will make my profile stand out from other peirs. if any of you guys are exprienced or do have any good advice plesae drop its down thank youuuuu 🙂

and always have a good idea of certifications

im in computer science degree prg , from india , going to write CEH this year did a few normal internships not related to cyber

i see

so should i go for bug bounty

tbh pentration tester

or anything related with web application security or cloud based

yeah

but what will make me stand out?

like anyone can do these certs

ctfs are another thing

but i cant solo tbh i need a good team for that

which i cant find lately ofc i do play but i need mastery

u got any project ideas

i see

ppl in im my college are doing random things like club activities some SOC related projects with professors

and idk wt else there are a lot and theres me confused dude who doesn't kknow what to do

In my country competition is at its peak i compete with over 100K people for a few posts of job

so im planning to leave this place and head to ms in some other place where its better

Honestly I'm still beginning. What skill would you recommend me to begin with for getting a first job quick.

lol jk

yeah apologises

Are we reduced to just be good 9 to 5 employees?
Beside, I'm not English native. What is bug-bounty please.

yeha

cool

so ig doin bug bounty is the way to go

do have any other idea abt other domains which like uk quite good paying so that i can keep it as a backup

if i didnt able to land a job in main one if i go with web app

Is this a red flag to anyone else?

Starting salary up to $175,000.

Fully Remote, US-Based.

No up-to-date resume required.

anyways thx for the help man! I greatly appriciate it 🙂

Gave +1 Rep to @hallow sparrow (current: #65 - 118)

That's what I was thinking. Thanks for confirming.

Gave +1 Rep to @hallow sparrow (current: #65 - 119)

Guys is there any way to do cert through udemy... I have my org funding my udemy acc and I want to do a cert like sec+ through this udemy. Is there any course offering such official exam coupon or stuffs?

Not for udemy, no

Oke 😭

Done!

Hi guys, I want to get a cyber security analyst job and I have applied to over 100 different jobs applications (remote) but no luck. What should I do

Job market is tough right now. What you can control is how you sell yourself to these companies. I suggest dropping your resume here with PII redacted so you can get it reviewed by others. If you’re getting interviews but not getting job offers, one thing to look at is how you can speak better. I usually trained in front of a mirror to get it down right. Check if your experience is enough on jobs that you apply and make necessary changes to your resume that tailors to their job descriptions. Lastly, if you have connections, you should definitely make use of them. Network with people because its easier being a referral than an outside hire as someone else is already vouching for you.

Oh alright, How do I upload my CV though?

I dont have any experience all I try to do are some forage interships and tryhackme SOC level 1 labs

And I'm building my skills with certifications, labs and youtube videos

Screenshots are fine

Alright

Oh, I cant even send screenshots here

Yeah, you can definitely try maybe IT jobs first if you can’t land any cybersecurity jobs. The main goal to be honest is to get your hands dirty with enterprise IT. Once you’re in there, it’ll be a lot easier than trying to pivot from a field far from IT

You need to verify yourself

Here

So a helpdesk or IT Technical Support

TryHackMe isn't a certification

but for how long should I do that for

Are you currently a student?

They gave certification so I just added it there

Yup

You should put your degree dates in education

Alright

They don't provide certifications, they're certificates

They're different

Alright

I will say that your skills section can be formatted better. It also seems like you're kind of just listing things to list them

Yup its mostly to try and get past the ATS

To show that ik these things and I can be useful

Well you should be able to talk at length about any of the things you listed for 10 minutes at least

Just listing things to list them isn't the way to go about it and can be a detriment

I could probably talk about them in some detail, but how would you go about it

I personally don't like the paragraph at the top, and think it should be removed. It's what a cover letter is for. Not everyone here agrees though, so it's your decision.

Skills needs to be formatted better. You should input skills that you specifically used at your internships. Each job application, you should check the skills they're looking for and see if anything that you did at your work matches. Then adjust accordingly.

Not sure why Splunk is bolded. Find a third bullet for the mastercard entry.

I would rename "Project Experience" to "Extracurriculars." TryHackMe is not your project.

Add your attendance dates to education. Also add relevant classes.

Only put completed certifications. Remove TryHackMe as it's not a certification.

I'm looking to venture towards a Pentesting career but unsure which certification to get next...

I currently have:

• PMI CAPM (Certified Associate Project Manager)
• CompTIA A+, Project+, Net+ and Sec+

I plan to do this next:

Pentest+ -> CySA+ -> Linux+ -> eJPT+ -> OSCP

Is this a good plan?

Just go straight to the OSCP

Its the most desirable out of the 5 unless you’re required by DoD to get the Pentest+

I mean… OSCP already has the OSCP+ so… 🤷‍♂️

Not sure that would be the best learning path. That's a huge leap to someone just starting off with Pentesting, no?

It's the entry level pentesting certification

oh okay gotcha - Thought it was more advanced.

Really? I heard that it leans more on the intermediate side

Oh alright, how much is the exam for and how would it compare to CEH from EC council

Damn

Expensive

Please ask the admin team before posting jobs.

How valuable is a well formatted AAR worth to potential employers?

An After Action Report?

Any in demand career areas which combine reverse engineering,programming/devsecops and ideally some pentesting?

Trying to become more specialized and less of a generalist

And these are area I could focus on for hours consistently

Off the top of my head, I can’t think much career areas which focuses on all of these at the same time.

I guess you can say red teamers do employ reverse engineering/programming during R&D and DevSecOps can be integrated to your red team by automating building of your tools, etc.

But other roles rly don’t focus on all of these at a time. They are usually their each function.

Makes sense I was trying to find someway to combine them since I got a pretty heavy interest in all of them and been programming/software engineering since 2012 with fair bit of it experience as well so was considering looking into malware analyst roles as well since it looked to be closest to what I’m after since ideally I dont wanna stop programming but want to specialise more heavily in one of the other areas but from what I’ve seen red teaming isn’t massively in demand atm? And havnt heard much about reverse engineering side of things either but sorta come to the realisation I need to become more specialized either way for work to be more constant

is there any certificate that's free related to CyberSecurity?

I wanna re-start my career as a SOC Analyst. Any leads are appreciated!!

AFAIK, none

I mean there’s that google cybersecurity certificate but idk how much it is really noticed in the industry

Or if you’re talking about certificates of completion, TryHackMe does issue them but they’re not a substitute to certifications.

Try to search on linkedin for any free path which train people on beginning cybersecurity. It usually last 1-3 months and it's a good starting point. Here in Italy lot of companies are doing this (also if the market is oversaturated)

You can do the Google cybersecurity certificate on Coursera. The first week is free, and it's totally possible to cover everything in it in less than 7 days. If you don't manage that, there is a charge of about $50 a month, and they estimate it will take you about 6 months. I did it 100% in less than 17 hours during Christmas week, between parties and hangovers; so that might suggest there's not much to free certificates such as this one.

This might show that such things aren't going to be valued highly. You need to be able to demonstrate practical achievements. You can do this by completing courses/training, doing CTFs, having a blog, doing writeups (where it's allowed). You can have a lot of fun learning on Try Hack Me for free, and the paid tier isn't too pricey.

Then there's things like pwn.college, PicoCTF or Cryptohack, which aim to teach you various aspects of cybersecurity for free. In almost all cybersec careers, you'll generally need to pursue professional qualifications, at least as part of breaking into the field, so entry-level certs like Security+, or specialist certs like OSCP might be an expected part of an application. Many organisations will facilitate your training/certification once you're in the door, but you need to demonstrate a certain level of ability to distinguish yourself from the crowd, as companies look for more capable workers to fill positions.

hey yall is anyone going to GocTech Con? in the DC area hosted by Bry Simone? I bought a ticket thinking it was a more established convention but found out later its an influencer convention. Wondering what yall think of her if yall know anything

Never heard of them. You better off going to local B-sides and other well known conferences like Mitre's ATT&CKcon 5.0 that's happening on Oct 22-23.

Is it possible to go from system administrator or network engineer straight into pen testing if you have years of experience as a sys admin or network engineer, or do you suggest going blue team first to get experience in cyber before the transition into red team roles?

That’s my goal to get into a sys admin role within the next year or two. I do tech support now, so I want to work my way up. Thanks for the reply!

Gave +1 Rep to @hallow sparrow (current: #61 - 126)

That’s so sick

Not yet, I have Security + and plan to go back and do A+ and Network+ to get my fundamentals on lock. I want to practice using Active Directory for a sys admin position, but I do plan on doing red team certs in the future for sure.

Thank you for the info!

Gave +1 Rep to @hallow sparrow (current: #61 - 127)

Guys have an interview tmrw for Security Analyst - XDR Specialist ,
its my first ever interview in the career , any tips or anything u guys would recommend that i would check before heading to the interview?

I thought this video has good info.

https://youtu.be/RM3TZJOmHAM?si=cKjJBpwHgJGpRpdw

https://youtu.be/sFIbPS2pCzk?si=xPArGoprij1hzdzG

This is pretty solid too

Show them that you are a XDR specialist 😛
Jokes aside i dunno mate just wanted to wish you good luck

hey guys, in python how do i fix "from" or "import" not recognized as internal or external command

Maybe #programming is a better channel for this

either you've referenced it wrong or it's not installed

how do i install the command?

pip install

syntax of command is incorrect error

okay, let's go to #programming

Try TCM security free courses

For fundamental

They have helpdesk one , Linux programming and business skills for free to those then try try hack me / hack the box and offsec certs

And then you good

I am on tryhackme.fom and am loving it!

Tryhackme.com

Hello, everyone. What should I do to be a cyber engineer?

Is here anyone from Slovakia, ideally self-employed/freelancer as penetration tester?

THM has a learning path on being a Security Engineer you could look at.

Hey, I'm looking for someone from Europe who wants to learn together AI and business. My English is A2 so I want to improve it along the way. So we can hop on the call and learn together (I'm 18)

Yea. It's also possible to go from 0 experience straight to pentesting / consulting if you know what you're doing. Learn the skills, apply for the roles, do good in interviews 🙂

To get a career as a web app pentester, do I need the OSCP? What cert should I be focusing on?

It depends on where you are located. In some countries like India, CEH is favorable. OSCP is well sought after by HRs worldwide and it carries the branding much like SANS. If you're trying to break into jobs where DoD certifications are a requirement, other certifications such as Pentest+ may be favorable for you.

Currently in the US, I have Security+ and GMOB and have been in the field for about 3 years now but wanted to pivot more to the web app side lately; I wouldn't mind doing Pentest+

I appreciate the insight, I just want to do the certs that matter and would actually get my foot in the door

Like I know PNPT has a lot of good material but the cert isn't worth it much atm

Yeah, OSCP is definitely a good start. If you're looking into certifications specific to web applications, here are a few I recommend:

• CWEE from HTB, very detailed and is good if you're going from intermediate to advanced
• CBBH from HTB, very detailed and is good if you're going from beginner to intermediate
• OSWE from OffSec, very good and is actually one of their best courses IMO. Pure whitebox pentesting and imo gives you an edge over others bec. of source code review.
• OSWA from OffSec, the black box version of OSWE, kind of like CBBH but overall I think CBBH is better curriculum wise.
• BSCP from Portswigger, black box and I feel like its difficult to gauge its difficulty, maybe its intermediate to advanced as it requires a lot of deep-diving into the labs of Portswigger before doing it.

I haven't personally taken any of these certifications so take all of it with a grain of salt.

I'll look into these, thanks for your insights. 🙂

Interesting, how is the material so far in it?

So did a bit more research and starting to think I’m pulling a lot more into enjoying threat intelligence stuff then most other roles feels like closest I’ll get to combining red teaming,reverse engineering and programming although the programming side is probably still minimal, anyone able to provide some info on that role? Or any clarity from what I’m reading sounds like it would usually be thrown onto another role but I’m all for it if there’s some demand for the role

I'm going to an interview for Application SOC specialist. They're looking for a software developer who's interested in switching career into cyber security. That all fits my profile, but can anyone give tips on what to read and practice regarding the role? I'm not sure is it over my skills, but I applied with an open application and the HR person recommended that job for me.

I'm enrolled on the SOC module at THM and just finished OWASP Top10 room.

If a job posting has Boca Raton, FL (Remote) - or something similar like City Name (remote) VS United States (Remote).....do they expect you live in a commuting distance?

Possibly, but that also could mean that's where it's based

Okay thanks!

Gave +1 Rep to @broken idol (current: #1 - 2829)

Depends on the office rules. Some remote roles require weekly time in the office. Fully remote is, unfortunately, being killed off by management that needs to justify spend on office buildings

Also because it's much more difficult to micromanage remote office workers

I see. That’s what I was thinking. I’ve seen several that have said it’s a remote role but need to travel to office twice a month or something

that's still remote

it's just not 100% remote

im confused because

i am doing this room

https://tryhackme.com/r/room/networkservices

and im meant to do an nmap scan

its a room about smb

but i cant find where the IP im supposed to scan is

#room-help

anyone from italy?

Thoughts on a bachelors in computer science with a minor in forensics

It sounds like it would work decently but idk

Question: Which certification should I go after since I am new to the cybersecurity field? Which cert is the easiest to obtain?

d

eJPT probably

If you want to find a job then eJPT is pretty much useless. It’s a fun cert tho

I mean skills get you into a job anyways

I would check your local area what certifications are sought-after by checking job descriptions of cybersecurity roles that you want. If you are keen on getting your first certification, I recommend Sec+ if you have money to pay for it as its a good entry level certification that teaches you multiple security domains.

What's this? gibberish?

Indian English you cannot understand

Hey, this Discord server is English only #rules :)

Ya bro but Indian English is different like

That makes senses. I appreciate the answer.

I am looking this cert up now.

Either it's English or it's Indian. Nothing such as "Indian English" lol

Good luck

Honestly I actually had a few questions if anyone is willing to answer, so currently I’m a college student on the CIS and Cyber-engineering path (dual degree) and I was looking for internships, and was curious if anyone knew how much companies value like the certificates and stuff cause I’ve only recently started learning the nitty gritty myself to work towards one of em.

When I was actively interviewing interns, it is something I look for but only if they have knowledge to back it up. It means I don’t have to train them as much in the fundamentals because they have prior understanding.

I see, so although it’s not required to get accepted into an internship, it puts you on people’s radars?

Just to clarify, are you talking about certificates or certifications? They are not the same.

I’m assuming certifications, like A+ and the like

They aren't necessary and should be obtained near graduation, imo. That way they don't expire while you're in school.

Having a homelab is a good talking point and being able to demonstrate what you've learned in your classes is important.

I can add that I took the network+ exam last summer and, alongside doing projects and making a networking homelab, got a few IT internship offers when September came. They mainly talked about the projects in the interview, but I believe the cert was what got me into the interview as it was also brought up

I simply had nothing to do during the summer tho, so that's the only reason I did it. Normally I agree with the guy above about doing it near graduation

In security, experience trumps everything. You'll be looking for SOC Analyst 1 or Security Engineer 1 roles, both of which are more about the context of the systems and environment. that's not a thing you can learn from certs or education, it's a practical assessment that fits the theory and coursework into real world application.

In all honesty, I would not stress nor emphasize certs unless your region requires it. Check the requirements posted for jobs you're interested, and start figuring out how you can check the boxes to pass the HR filter.

Is pursuing a degree in cybersecurity worth it?

i eventually plan on getting certifications post grad or during my time while I'm working on my degree

another question i had was, cybersecurity degree or something like IT or Computer Science?

to eventually end up in a cybersecurity role like a SOC, pentest etc

It depends. A degree by itself is should provide some value when you do job hunting but its not the only factor.

Factors such as your school, their education program, their specific IT programs, career development programs, etc., this should be factored in when you actually choose your degree.

I don’t think getting a certification while in school should be in your top priority. IMO, building a good network, studying, and applying these to real world projects are much greater. If you do decide on getting a certification after your degree, look at your local job market to see which would be the most favorable to you in landing your first job in IT.

Typically a cybersec undregrad degree is less valuable overall than a CompSci equivalent. the programs for security aren't as well developed, and many university programs aren't aligned with what industry wants, which is mostly fine. Academia and industry generally point the same direction, but aren't on the same line.

FWIW, I think a CompSci degree is better to have, even if the actual difference between the course contents is a handful of upper division electives.

Fwiw I finished uni (ethical hacking degree) with 3 offsec certs + crto and got head hunted before finishing my degree. Certs definitely shouldn't be the priority, but if you're sitting around bored with your coursework, they certainly don't hurt...

Hello please suggest me any project regarding cyber security for my final year project

We don't help with project work.

Which projects looks good on a resume if you want to apply for a SOC or Digital Forensics position?

Do y'all think hackthebox cpts is a sufficient cert for jr pentester role?

Ejptv2

Do you have any prior professional experience in the computer industry, or any industry, or a degree?

Wasn't that the period of time where you also built a multitude of challenge rooms for THM as well?

No professional experience
And if things go to plan i'll have cpts before i finish college

I'm pursuing a B.Tech in CSE with a specialization in cybersecurity. I'm in the first year and am confused about what to do to have a great career in this field. Such as which certifications should i consider in the beginning or where to start

More walkthrough than challenges, but yeah. 30 odd total. Was the record for rooms released for a while

hello

any helpers free

I sent you a request

hello everyone, hope yall are well, if any of yall is available to review my resume please send me a dm:)

First and foremost you should decide what type of role would you want to have
Then see what certs exist for that role and starr learning the basics
And after a while pick a cert to get of the easier ones

What would you recommend for someone who started their career in SOC recently? How to progress from this to next level in this field? Best certifications to pursue? Any other advice would be helpful

Technique-based detection > Tool-based detection

Do not focus on learning the tools. You should focus on building your knowledge to detect and respond to attacks, analyzing logs, etc. rather than understanding what X tool does.

To progress to the next level, in my opinion, you need ample opportunities to be exposed to actual incidents and being in a highly competitive environment may work in your favor.

Certifications should be an add-on but I do think the BTL1 from Security Blue Team looks good. If your company will pay for it, even better.

Great advice..Thanks a lot @dense dagger

Hey guys, got into cyber a few weeks ago, did some HTB machines but the next ones were too hard, so i started actually learning on THM, my final goal is to be able to do bug bounty, would THM get me anywhere close to that? Im currently doing Jr. Pen Tester Learning Path, which is going well, but im wondering if this is actually gonna get me anywhere useful?

yeah, you learn concepts from thm, im using thm to learn for btl1 certi for example, its been great so far, mixing it up with btlo and letsdefend and ctfs as well

jr pentest path has helped me in my current role so i definitely vouch for it

whats ur role?

SWE. university didn't give me a great security or networking background that the rooms offer. tools like burp, nmap, etc have been useful in development. the owasp rooms should be a requirement for any web developer

most people start at THM courses and CTFs but favor HTB after it becomes easier to do more courses and the rooms there.

There's a good video about which is better where it just brings up points of what you might consider.

Like how THM is beginner friendly but most CTF follow a puzzle like theme while HTB is against it and wants diverse but isnt beginner friendly.

at least this is what ive gotten from that video

yeahh i really dont like thm ctfs :(

but rn idk im struggling to know if like im really learning because i cant really tell if im making progress since its hard to like find a way to apply what u just learned

I would do the courses then lookup more info about it. So like network security basics u learn about nmap. Go to nmap and read the documentation.

do stuff like that

as an entry level pen tester..what can I offer?

Pentesting isn't really entry level, as an FYI. It typically requires prior professional experience in cybersecurity. I would also time obtaining any certifications you get while in school towards the end of your degree. That way there isn't any issues around expiration before use. CPTS does not expire though, so that bit of advice is more for other certifications.

Just looking for some advice really. Want to make sure I'm on the right track with my career path;

I decided to go back to college/Uni (UK) in Scotland for 2 years to learn broad IT after just having it as a hobby since I was young. It covered a variety of topics from coding, app dev, digital forensics, ethical hacking etc, both hardware and software. Im currently enrolled for a Government funded bootcamp, starting in the coming weeks which pay for the vouchers for Comptia A+ and the CCST exams. So pass the exams, get the certs, look for a IT Supp/technician role, progress into cyber sec after a couple of years. Obviously work on home projects etc too. Is that a solid plan? Is there anything else im missing? or should look into?

Edit: In my area, there are no cyber sec bootcamps, so the one I enrolled is IT Technician. Covering hardware, OS's, networking, but the later weeks it dips into cyber sec.

Thanks in advance everyone!

I want to be a pentester but would also like to have experience in the field early on because pentesting isn't that much of a low-entry level position. What would you recommend me to do as a roadmap?

i think it's better that you do the bootcamps for the certifications than any other general bootcamp. on a resume a cert looks way more impressive than a bootcamp. work history is also important, so anything you can do to get your foot in the door is very critical. even if you're just signing up as an intern to read logs all day. i also think you should try to see if there is an OWASP chapter near you

Thanks for replying. Yeah, content wise what they are covering is pretty standard, and somewhat what ive already learnt prior. I dont see myself completing more than 1 bootcamp thats for sure, but the main thing was for the free vouchers. As for interships, Im not sure if its just me, but after my hours and hours of job hunting I dont think ive ever seen a intership posted near me. Can always look harder tho., but im not sure if the UK isnt that crazy about them. I'm not sure ive even seen any posts from my hours of job hunting lol.

Thanks for the tip on the OWASP chapters, didnt even think about that. Theres one within a 45 min drive so ill look into those!

Gave +1 Rep to @frigid spire (current: #2251 - 1)

Hi guys, have an interview tomorrow for a junior security analyst. They have said there will be a practical that is mostly just to test my strengths and weaknesses. Anyone had a technical practical before and what kind of things were you asked to do? What am I worth brushing up on?

Yes

security analyst is a wide field in general. Each firm having a requirement of a particular field or sub field. Depending on which company you are applying for and which role/team they are hiring for you might have to focus more on that

It's for a payroll / accountancy services firm

They did say this more to assess strengths and weaknesses but I just can't think what they might have me do a practical on as there isn't really any defined tools that all companies use. Each company use different things.

I guess perhaps defender? But other than that all I can think is they might check I can configure a firewall correctly, set up a remote desktop or VM, etc

so, payroll or accountancy could be more inclined towards security related to that. possibly network infra of a payroll dept. Its again wide. but the fundamentals don't change

cloud infra sec, applications they might host publicly

good luck with your interview btw

Any advice on how to land a cybersecurity internship? I'm in Ontario Canada. I'm doing CTF's and I'm planning on starting to study for my Comptia Sec+ this early november.
Here is my resume as well. Any feedback is more than appreciated.

https://imgur.com/a/resume-aFMkZSC

Hi, does anyone have any advice on how I can get a job in US, Canada or any European country.
I'm looking for a remote jobs since im living in the UAE and there arent many oppurtunities here.
Is it possible to get a remote job to US or Europe from UAE? do I need any clearance or any VISA or whatever before applying?
If anyone has any experience or knowledge in this area please message me.
Thank you

This is my CV

Usually remote jobs from the US, Canda, or anywhere else as far as I know would require the company to have a satellite office there. That means if you wanna work for Company A which is based in the US, Company A needs to have an office in your local country to employ you.

Yes, usually security jobs aren't performed outside the country the office is based in, for security reasons. You might be able to do things like participate in bug bounty or contract work if such things are available, but I believe there are cybersecurity programs in your country that you can pursue for work and experience in the field

Thanks for the advice, also I applied to 20-25 places over here for security/soc analyst but no luck. Most of them ignored me

If you know any country or any jobs in my area that might accept me please messgae me

31 😄

Huh, I was close! 😆

Impressive number though. 👏

I like the initial room-code for wreath though. 😆

I want to be a pentester but would also like to have experience in the field early on because pentesting isn't that much of a low-entry level position. What would you recommend me to do as a roadmap?

Get a job in IT like a sysadmin, network admin, tech support, dev, the likes. Then you transition to a security position, think security engineer, security analyst, SOC analyst, etc.

You can skip some steps, jump to the next step faster, its all in your ability. Personally, I got a job out of school direct to security as an analyst but one of my core job roles was doing pentesting so I got exposed to it fairly fast.

My advice is to go at your own pace and grab opportunities.

Thank you so much 🙏🏼

I am gutted. I missed the deadline for the career support programme by a few hours due to external events. I hope that THM will backtrack and entertain this kind of initiative on a regular basis

Guys, I did the breaching AD and enumerating AD but I dont't have it clear. I don't know where I am lacking. Please point me towards good AD resource for beginners.

Microsoft's documentation for how AD works

Can you elaborate about the prior professional experience?
If it's just about hacking ability i can manage
And learning how to make a report or something like that shouldn't be too difficult

Hey guys, I'm 17 rn and am trying to land a carreer at cybersec. I have a ton of experience with linux (remotely & locally), but I don't really know what to study. My current plan is to study a major in software engineering and mastering in cybersecurity. What do y'all recommend?

Penetration testing is generally considered an advanced topic in the field of cybersecurity. Apart from having certifications, you should also have demonstrable experience in a professional capacity in things like IT or programming. Consider helpdesk/support roles, IT/Network/Cloud admin/engineering, Programming/QA roles as you progress.

You're expected to have a decent understanding of the general tools and systems like Linux and Windows and the applications running on them and within the ecosystem, at least some knowledge of coding (though being a programmer isn't always essential, it helps to know some coding).

It's not just about hacking ability or how to write a report. There's social/professional/soft skills to be comfortable with, engineering skills, thinking outside the box skills and being creative. most people will have experience in some of the roles above and have a start in another area of cybersec before being considered for a pentesting role or a more senior or technical position in the field.

You would benefit from reading some of the interviews in the Tribe of Hackers books by Marcus J. Carey (a series of interviews with experts in the field, he's ex-NSA and has a broad cyber experience, episode 83 of Darknet Diaries podcast is a good learning experience.

https://www.youtube.com/watch?v=JemCG7y_2kc / https://darknetdiaries.com/episode/83/

https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc
https://assume-breach.medium.com/im-not-a-pentester-and-you-might-not-want-to-be-one-either-part-2-the-response-ab838cca3519

It's a good idea to pursue your software engineering/computer science degree first, as you'll learn a lot about how computers really work, and what you can do with them. A masters in cybersec can be useful in many environments, but you would also need to demonstrate practical skills.

A good knowledge of Linux is very important, as is Windows, bash/Powershell/Python can be very useful, as well as Active Directory. THM can teach you a lot about these topics and their use in cybersecurity. Towards the end of your studies, you might consider pursuing certs like Security+, OSCP and others, but certifications need to be supported with things like having a home lab, a blog, writeups about boxes on THM and the many other hacking platforms.

Cybersecurity is a marathon, not a sprint. There are lots of different roles in cybersec and IT in general, so it can be beneficial to broaden your knowledge and skillset over time and find the role that you want to pursue, but many peoples' initial role is in helpdesk, tech support and progressing into other IT/programming roles on the way to a cybersecurity position. See the post above ^^

Having done writeups is so well regarded?
I am kinda lazy when it comes to writing writeups

pretty neat advice, thx man (:

Gave +1 Rep to @rugged delta (current: #18 - 432)

It's one good way to show that you understand what you're doing. You can explain it to yourself how a target was compromised and teach others potentially. You don't have to publish writeups for everything you do, but do get used to writing notes about how your process worked. It helps to build your methodology, as well as your reporting skills. Of course, there are targets where you aren't allowed to post publicly but there'll be rules about that.

Another good option is doing CTFs, by yourself or within a team. Learn on PicoCTF, for example and take those skills with you

i've done too much picoCTF, that's why i'm here

and me and my team are participating in ctfs occasionally

Well then you're on the right path. Keep it going

what's ctf?

capture the flag?

Hello guys. I am new here. Nice to meet you all 🙂

yes

Meaning actual job experience

Pentesting typically requires job experience in some facet of cybersecurity

Since you're doing a degree, you'll be able to apply for cybersecurity roles out of school. A degree typically substitutes 3-4 years of experience that you would build in another role like IT

I wouldn’t say 3-4 years in reality it’s more like 1 or 2 you’ll still be entry level most of the time unfortunately

Entry cybersecurity roles require more than 1-2 years of experience. You can obtain an entry cybersecurity role with a degree.

No I mean they’ll usually only count the degree as 1-2 years equivalent to work experience

Work is king

What do u think of picoCTF compared to the tryhackme CTF?

Hii need help..am doing a CTF and I got stuck..can anyone help

In terms of difficulty or complexity, picoCTF is made for people with 0 experience and knowledge about IT. It also contains good starting points for learning Linux, Reverse engineering, Crypto, Binary exploit, Web exploit and Digital Forensics.

Tryhackme is made for people who have IT experience and wish to get a job in the security field. It is more complex and more realistic to what you encounter in real life situations

I'm pretty sure you're not allowed to ask for help.

I just need to be pointed at the right direction

Asking for outside help is not allowed

True I would definitely recommend try hack me / hack the box and pwn labs for cloud penetration testing and offsec certs that all you need.

Hey Guy's

yes

Just ask anyway

hey ,ik some ppl have it hard to start using some tools at their start
i just made this tool , check it , might it help ya
https://github.com/sh0z3n/Sh0zack

That's actually pretty cool

Appreciate it ❤️

can anyone here rate what i have going on for my resume so far? Dont plan on applying just yet but trying to get an idea

Maybe you can post a PII-redacted version of it in screenshots?

People are less likely to click the PDF file

Kk

This was from my phone but should still be fine

Main thing about my resume is I don’t have IT experience and what I do have experience in seems pretty irrelevant to even include, but I have it there for now. I’m only 20 so I’m a newbie. Anyway yea any feedback is appreciated

What type of education you pursuing ?

Nvm

I saw it

lol yea

I would suggest add homelab

Homelab section got me a job if I being honest

Was thinking about that. Makes sense

My manager had 30+ application but I was unique with home lab so I got interview and pass

Did you break right into cyber or went with IT first?

IT

I am still in university

I would highly suggest do something in IT first because you will learn good fundamental trust me.

Ah ok. Yea seems like there’s almost 0 chance without being really lucky to break into cyber without IT background so I’ll have to look into applying in that direction

You still about my age

Yea that too

I was doing warehouse job before I land that role

In that same warehouse

Lol

lol irony

Connection and talking with people

You from usa ?

Yep

What you do now ?

Currently nothing it related I’m just focusing on school/projects since I graduate in December. I make some side money delivering pizza

Hmm try to talk to your city hall

Some time they need IT aswell

Oh true

I’ll look into that

Just go over there say hi my name this is that I am graduating in December I was wondering if you have any position open.

Make sure you dress Nice

Smart! Thx

Also try schools

Around your house

Hospital

Just go over there and talk

Imo

Email they wont check LinkedIn they wont check they can't ignore you in person.

Since you got sec+ and a degree you got higher chances.

Just didn’t think I was gunna have much luck until I finish my degree to give me that boost but honestly at the point im at now and especially with a home lab I should be able to at least break into IT with a method like that

Yep LinkedIn is good to but I feel most of the time they ignore you

Yea..

Just start searching now good luck

Tyty

if you don't mind can you explain more about that? what did you have exactly in that section and how did it help you stand out?

Just put I just putted I play ctf and I have Kali vm that's is lol

oh 😂😂😂 thanks

Gave +1 Rep to @south monolith (current: #531 - 9)

How can I add my CTF experience, including ranks and placements, to my resume? Should I create a separate section for it?

Does participating in CTF competitions matter when trying to land a job?

any recommendation for internships in cybersec? I am focusing on data privacy

It goes under hobbies/interests

Not entirely, direct experience to IT/Cybersecurity is the biggest factor.

But it is a good indicator that the person does indeed do practical applications of what they learn and are able to think “outside the box”

Hi

i have a "self learning and projects" portion in my resume, i put mine there

I assumed to put a card into « pro experiences » section in my resume which contained info about my ranking and stats on a cybersec platform.

Maybe not the good place but I wanted to be sure that recruiter see it first. I knew that it was a tech manager who according importance about ctf and stuff like that.

Plus, the platform in question was not pure ctf but also real world challenges. So it was not in the best section but it was eye catching

Hello

Hey looking to network with y’all! Here’s my LinkedIn - https://www.linkedin.com/in/kevin-botana

Hey hoping some of you can give me some advice. I’m looking to get into cybersecurity as a career (currently an IT tech)! Currently I’m doing the Google Cybersecurity Professional Certification… however I don’t have any experience my goal is to try and go down 1 of 2 routes:

route 1: pen tester

route 2: security engineer

Could I use tryhackme as portfolio to gain experience? Or how can I build up a portfolio to show that I have experience

just a student here, but will reiterate what my teachers say(im on a cybersecurity and digital forensics course):

CompTIA is the first one people go for, then usually CompTIA Pentest+.
OSCP is on a lot of job requirements too.
Mainly though, red team is more about experience than anything else, and im trying to do pentesting too but its really difficult lol, we are in the same boat here

There are loads and loads of certs, but dont waste your time on the smaller ones as companies dont really care about them (for example the linkedin ones which basically give you free certificates), quality over quantity.

Usually experience is directly related to job roles. You shouldn’t use TryHackMe as a substitute for experience as it is a learning platform.

What can help as direct experience is landing job roles in IT like SysAdmin, Network Admin, IT Support, etc.

Indirect experience can count through projects where you are paid (think being paid as a developer for a project contract)

Or voluntary experience where you help out NGOs in setting up IT infrastructure and whatnot

You are correct in saying its not a good place. Learning you do on your own belongs under an extracurricular section as it is not experience or education.

How many years in IT? Sysadmin?

I don't necessarily disagree in full, but if you're in a degree program and obtain your degree Sec+ should really be all you "need" to get your foot in the door. Jobs will still hire with only a degree. Security+ is the baseline and really the only certification I would expect someone to pay for out of pocket.

anyone here using coraza WAF of owasp.

whats your thoughts on would sec+ be needed with a degree and IT/software experience or is it still usually wanted

I’ve got 9 years experience in 1st & 2nd line support

Hi everyone. I just need a little guidance about a cert I wanna pursue, is this the right channel?

Dont be scared to ping me I dont mind

What cert do you want to pursue?

So I am starting my career brand new and doing the PEH course and some HTB and THM things. Do I go PJPT or PNPT?

No prior IT experience except for what I have learned thus far

Hello everyone!
a curious student needs help!

I am trying to get into the cybersecurity field, but there is a bunch of YouTube tutorials and a roadmap..

What are you thinking where should I take the cyber security online course?

So far I found this one https://www.simplilearn.com/pgp-cyber-security-certification-training-course

But I am still not sure!

PNPT, you will easily outgrow the PJPT. But for the same price of PNPT, you can already buy the HTB CPTS which has more depth, built-in labs, and better content.

But the ultimate factor in getting a cert should be what is being sought after in your local area. You should be looking at the relevant jobs and considering those (except CEH unless you’re in India).

If you have no prior IT experience, I recommend getting experience first such as SysAdmin or Network Admin or developer, etc.

Will an employer be satisfied with both? Do they both carry the same weight?

I will be relocating to Johannesburg/Pretoria cause in my current town there is nothing.

It rly depends on the employer. That’s why I suggest that you should check the local area. Maybe check job openings in Johannesburg to see if the certs align with the openings there.

Hot tip for young players, don't get too many entry level certs as it doesn't show any progression.

Ah okay I see what you mean. For me, these are basically to build a solid foundation and have knowledge of the subject and then Pivot into GRC. Thats my dream

If you’re looking to build knowledge, you don’t need to do any certifications early on imo.

When I told people I wanted to go into GRC and do IT audits some people told me they hated auditors

Hey guys, if I took CompTIA Security+ and CySa at he same time for someone with no formal work experience you think this is overkill or not? I am situated in Asia and competition here seems tough.

curious but would a degree justify no certs if backed with experience in IT/software?

In my opinion, yes. As long as you have the relevant work experience and have the skills to show for it.

But then your competition will also level up, think of people who will have all three. You need to be able to make yourself stand out from the rest of them.

There’s no point in taking both at the same time imo as you’ll be wasting the renewals provided by the higher tier cert.

Yeah that actually makes a lot more sense, I’ve sorta been trying to workout where I’d fit in with most things since got a lot of programming experience and worked in IT management for 3 years on top of that, half way through a masters in cyber as well but havnt had a lot of luck with finding work in cyber

Yeah, tbh the job market is tough right now. Lots of layoffs too and there are incoming hiring freezes because of the incoming Ber months.

Yeah at the time I figured with it and software experience it wouldn’t matter

Yeah I’ve been doing freelance software engineering stuff off and on since 2012 then have about 3 years experience as an it manager

That’s good news then

Still a touch confused where I’d fit into a cyber role tho in terms of what level I should be aiming for

End goal would be either malware analysis or threat intelligence most likely but I’ve been applying for all cyber roles basically

Also found I’ve become more of a generalist then I’d like to be tbh just happened to be what work had come up

Appreciate the help btw, been trying to workout where I sit in terms of most things for a while and plan it out since most “roadmaps” tend to presume 0 knowledge and only look at certs

Yeah, that makes sense

My degree is within Computer Science Discpline or IT with strong foundational application on programming or developing full stack apps in general but I rarely do any hardware related tasks

Also done some certs from cisco relating to Networking

Always look in the job description to see what's required. In the US at least, Security+ is seen as the baseline with the US Government requiring it for a decent amount of GovCiv positions and also on contracts. Having it while having a degree and/or experience does not hurt

Im still pursuing my IT degree but I have seen others break in to the field even if they are still pursuing it. So I kinda want to copy what they did too. But right now i'm having doubts on the cybersec its very rare to see positions that accepts no experiences. And the easiest jobs to get to in my region are full stack dev jobs, which I'm not against in doing but kinda hoping for more cybersec roles

If you don't have Security+ that would probably be my recommendation. Then start applying to Analyst positions potentially. TryHackMe, or any of the learning platforms, are not experience. Your experience is your IT support role. You need to make sure your resume reflects your skillset and is otherwise on point.

Okay maybe I'll just get Sec+ first. It's widely mentioned in HR anyways. But hoping to skip it and go straight for CySa instead but might be a bad thing cause I do not have the experience yet.

You need a degree or prior professional experience. Certifications are used quantify experience and do not stand on their own.

I see

Finish your degree, and more than likely Security+ depending on market, then start applying

Okay sounds fair. Maybe I just got too pressured with my peers getting jobs earlier even if they are still pursuing their degree.

Bad call, finish your sec+ first. CySa can wait

Thank you all! Noted all of your advices and passed it down to my friends who have similar concerns!

Hey it’s no problem

Hello!
I have a question about Security+. How long does it take to learn everything and pass the exam? I actually started studying cybersecurity last summer, completed Intro and Pre-security modules on THM and now working my way through Complete Beginner. Also I'm on a second year of Telecomunications studies so thats another thing I have to put time into. To the point. I want to make some money in Summer but also want to gain some experience in cyber and I think security+ cert would help me get an internship. Should I study for security+ and if yes, then how long does it take to learn everything? Or should I just continue with THM and study for now? (also I may be an absolute fool thinking that I could pass security+ after so little time, I don't have a full perspective of how it works so if that's the case please let me know)

Your question is dependent on the person and not one we can answer. You do not need certifications for internships, and you also don't need a Cyber internship. I currently work in Cyber and my internship was in IT. Given that you are currently in school, I would recommend continuing with THM and the like and wait until you're close to your graduation date for Security+. That way it doesnt expire before you graduate.

Thank you for advice!

Gave +1 Rep to @stoic cave (current: #17 - 460)

Hello Guy's

Does anyone here have a recommendation of studies for Fortinet and Watchguard? it could be whatever, links, books, anything that could teach me how to master these two, thanks!

Their manuals and manpages, tbh

Hi,
Watchguard have few documentations on their website for free.
watchguard.com/wgrd-help/documentation/overview

They have videos on youtube too.

They have a lot more docs on their learning center (customer/partner only).
You can try a free demo but the best way to learn watchguard imo is working with/for a company that use watchguard products.
If you're intrested to learn more about the EDR, look for docs of "Panda Adaptative Security 360" (watchguard just copy/pasted their product after buying panda in 2020)

So I have azure fundamentals, ISC2 CC, and Sec+ and Im more blue team oriented than anything else. What do you guys think the next cert to hunt should be? I’ve had my eyes on cysa, but not sure if there is a glaring better option for me rn. Blue team level 1 sounds nice, but HR doesn’t seem to recognize it well and I’m already doing things to hone my practical skills as is.

CPTS has more modules, and they go much deeper into security topics than the OSCP does. I've taken both, and the CPTS is much harder than the OSCP. I'd say if you're dead set on pentesting, the OSCP cert has much more recognition than the CPTS does, and you might have a better time with HR having the PNPT or OSCP

Gave +1 Rep to @oak herald (current: #2262 - 1)

For sure! I've heard good things about PNPT, and it might be a good way to find out if you're really interested in the field without breaking the bank for OffSec training. If you got any other questions or anything feel free to hit me up!

really not sure what the next blue team cert that would look good for hr would be after sec+ I see people talk about cysa, and btl1 but i dont see them very much on job postings, especially btl1

Do you have a degree or prior professional experience?

Bachelors in cyber and no relevant experience

And you have security+? Start applying to cyber positions

yea I do, but havent had much luck with landing interviews so thats why im looking to add to my resume with another cert while im doing more hands on practice through THM

about to finish azure fundamentals just to add some cloud knowledge but looking for something more impactful

If you're not having any success, it could be your resume. You can post an image here for review

I did was told it was relatively solid for where I am now, but I can post again?

Sure

I'm sorry if I reviewed it, I don't remember

sry for the delayed response

The only thing standing out for me - better not to post your experience that's not relevant to the position you're looking for, mb you can just add those soft skills to your cv and that's it

I would like to ask for advice, after finishing THM Red Teaming Path should I go for PJPT first or just skip it and go for PNPT?
I'm a university student, I'm Security+ Certified, I know python and C++ and I have some experience with CTFs (planning to practice even more before exam)
I've also taught programming for about 5 years online (mainly for my friends, but it counts ig)

from what I saw on TCM website, both PJPT and PNPT include the PEH course, PNPT just includes even more stuff like OSINT and External Pentest Playbook

I’d say maybe get a networking cert or if you really wanna pick a specific one, if you want knowledge btl1, but cysa+ at least is asked for for some dod jobs

Kk

So just move up my skills for from the bottom by removing the experience? Should I also remove assisting in accounting since it’s the closest experience I’ve had to anything cyber/it?

Hello all, I'm looking for a little adivce on my resume. Im a college student with no IT experience and I'm having bad luck with the job hunt. I have an interview soon for an entry level cybersec engineer position, but I wanna polish my resume for future opportunities in case I don't get this one.

Have you checked your school IT department for any work study? Most universities have a program. Just giving you some ideas

My school doesnt have the best available positions, most of it is finance related or tutoring.

Feel free to post an image of your resume with all personal information removed here, and people will give you advice as you need it

Going to be honest, and don't take this personally, it kind of stinks. There's a lot of white space and the formatting isn't great. You're also more than likely not landing interviews because you're still in school. Primary focus should be to fix the formatting, use something like AwesomeCV in a LaTeX editor like Overleaf.

Education - add relevant classes.

Certifications - collapse the section and make it part of skills.

Projects - drop to last section

Experience - will review later

Skills - will review later but it needs rework. You have a bunch of broad topics listed. Skills should be things that you can talk at length about.

Recommend reorder:
Education
Skills
Experience
Projects

sure one second, sorry i wasnt able to post screenshots earlier.

Ty! I’ll work on that today

And yea the experience part I’m kinda the most confused about because my experience seems really irrelevant to cyber so I almost want to put it at the bottom

Hi how can I learn programming is there anyone who makes me happy here

Check out freeCodeCamp on YT

cHECK OUT #programming too

If a job posting mentions a "high-performance" or "fast-paced" team...what does that essentially mean? It sounds like a red flag to me but not sure if that's generally true or not.

"High-performance" and fast-paced" are terms that can be applied to teams that actually do have such traits and reputations, with a resultant expectation of sufficient reward. You are right to be on guard about seeing such terms, and asking in the interview what they mean by that can shed light on the realities of things. Do you get to meet team members or colleagues who can discuss a typical work day? Are there expectations to hit targets for some reason?

It can be the case that an environment is a stressful place to work for a number of reasons. Cybersecurity can be a high pressure environment, with many people looking to change roles regularly until they find the right fit. While it can be a red flag, it isn't always, it might just be the nature of that organisation to produce high quality work on a regular basis. High performance can mean hitting various targets, or having certain achievements. Fast-paced can mean that things can be time sensitive. These things can also mean that you have a high workload, an ungrateful boss and an expectation to be loaded up with more work and tight deadlines. You need to figure out the reputation of a place based on its own merits

Thank you for the detailed answer! That's what I was thinking. Good to know there might be some ways to discern between red flags and typical behavior

CAN SOMEONE TEACH ME HOW TO HACK A BANK It doesn't matter what damage I take

walk in and tell them you are hacking them

https://tenor.com/view/flightreacts-tongue-laugh-flightreacts-flight-tongue-tongue-laugh-gif-739589491343629007

are you serious rn bro @mods

@cobalt escarp

You're right in that military resumes are weird, so you're going to have extra work putting it in a way that people outside of the government, outside DOD even, sphere will understand. I don't know that I agree with that advice someone said, if it was me, I'm going to disagree with past me. I think you should try to have your 3 "greatest hits" per role entry and, if you can, relate your experience to what the new role is potentially looking for by tweaking the wording. Not blowing out the entry entirely.

Hope that makes sense

lol

They might, you never know

Hi mates, I need to prepare a presentation antivirus evasion for red teaming, do you have any information on this subject, are there any resources you can recommend?

|| https://tryhackme.com/r/room/avevasionshellcode ||

|| https://tryhackme.com/r/room/introtoav ||

|| https://tryhackme.com/r/room/runtimedetectionevasion ||

Check out these 3

If this for work?

I need to study evasion techniques for red teaming operations

:hammer: masterofmalware#0 has been banned.

So… it’s work?

for internship

If it’s for an internship, I highly recommend asking your supervisor or peers for help or where you can start with. TBH, Anti evasion techniques as a presentation topic for an intern is really bad too as it’s an advanced topic.

I understand, actually I was told to talk about evasion techniques, I am aware that I need to learn this subject well since my main goal is to become a red team operator anyway, for this reason I am looking for resources, there were those who recommended THB to me, especially in the host evasion path, I was told that this was explained

It is explained that is true, you can use it a baseline.

https://maldevacademy.com/ a friend of mine suggested this place, do you have any idea about this site?

It’s a paid resource.

so basically crypting

and allat

like im ngl 90% of antivirus's including UAC are bypassed by signatures lmao

https://www.trendmicro.com/vinfo/us/security/definition/crypter

In fact, the techniques are basically certain, but I am undecided about what information I should include in the presentation.

for malware i would talk about crypting

it's a good subject you can milk out a bunch of slides from

and 100% of bad actors that specialize in malware use crypters

you can find acouple vendors on clearnet sites too like hackforums

does it make sense to show the application of at least 3 techniques in the application section via windows defender?

This sort of chat is actually reserved for our advanced channels.

For all the SOC's out there how necessary would you consider CompTIA certifications?
I'm looking into A+ Security+ and Network+ but wanted to know if they are actually "worth it"

I’m not in cyber yet, but many people like InfoSecPat and Heath Adams from TCM Security emphasize the importance of the fundamentals you learn from those certs.

Yah im abt 40% done w/ my book for Network+ and its pretty interesting, some good stuff but could do without the 50 page long chapter on cabling best practices lol

yo who can help?Jus t started do not know what to do in my first room

got 20% done of my room

The best place to receive assistance with TryHackMe rooms is #room-help.

low key I am thinking of finally moving on after 4 years of working in my first IT job which consisted of, win/linux sysadmin, infosec lead, compliance lead, devops lead. Although when I say lead, I was the only person doing them lol.

I have no college and still no certs but would like to change the latter for my own employability despite how awesome my resume will look at this one job.

The main unfortunate thing is I'm looking for fully remote, my SO and I still have a mortgage to pay off on this house for a couple of years. I'm not sure if you all have any advise there but I'd be glad to hear it

I'm sure I could get some like Sec+ in like a heartbeat, I've studied for that previously, but I'm just spitballing.

Not actually sure what I'm asking, just if anyone has any thoughts

Something a bit more focused on actual cybersecurity or sysadmin without me being pulled in a ton of other directions and job roles.

Not sure which top 3 you mean, but for contrast I’m moving from an extremely small org so that may not be the best fit

That is why I had to dip into so many roles lol

Yeah you're not wrong, I do think I just need to stack on certs just to prove my experience despite an impressive (potentially lol) resume. I was thinking of just building up from some of the basic infosec certs, but you are right I could jump to some more advanced. Sec+ seems kinda below me rn

As for programming I'd say I'm very good at "scripting" but less decent at much more traditional programming, as if that means much of anything

more than enough for Python if I muddle through long enough, and I have studied offensive python scripting somewhat

Good info thank you for more ideas and considerations

Gave +1 Rep to @hallow sparrow (current: #59 - 132)

Totally fair, yeah. I still have some what of an ambition to build my way up to the bigger tests, but I guess I'll glance at the CISSP study materials avaliable to make a better judgement

You'll have to join a large org then. Smaller orgs require people to wear many hats because they just don't have the personnel. With CISSP, you also need to make sure you meet the domain requirements. Those domains are available, with instructions for if your work applies, on the site. Tbh, I don't know that I would pay for it out of pocket. If you don't have Security+, that would probably be my recommendation. It's more affordable and "more technical." CISSP is more how the business unit interacts with Cyber.

Interesting and yeah that was also my general impression of CISSP, you're not wrong and I will for sure keep that in mind. I'm not so much looking for manager despite me traditionally being "basically" level 2/level 3 at my honestly just flat org. I just kinda had to manage it all

although it is always fun when the boss escelates to me lol

I am a university student. Should I take the OSCP exam? thanks

For how you've described that employer in the past, they should absolutely spend the money for cissp for you. That said, when you are ready to move on, pay for the exam yourself and GTFO

Totally fair, if I bugged them enough to do so they potentially would, but that would probably send the warning signals out a bit sooner than I'd like lol

If you have the time, skills and money, then why not

^

If you dont have the money but have the time and are learning the skills what would you suggest instead to try and break in (im not a uni student for context, im in SOC currently and trying to get myself into Pen as quickly as possible)? @fringe spade @stark saddle

I've checked out the pricing for OSCP and its kinda pricey

I'd recommend that you stay consistent with your learning while searching for grants/programs/promotional offers/vouchers. Vertey has the OSCP role so he can tell you more about it.

what about a masters to pivot elsewhere after 4 years in web dev? the idea of having to write a thesis is kind of a deterrent ngl

If you work in a SOC, then you’re pretty much ahead. I’d ask your employer if there are any opportunities and maybe they can pay for the OSCP? If not, then try to broaden your knowledge, as with SOC experience it shouldn’t be that hard to score a pentesting interview

I see, ok, I know my employer isnt really interested in funding it but I'll definitely keep expanding to get myself to standard

Guys I have a question

Basically I enrolled in university and I'm attending all lectures n stuff
I paid 80 euro per semester for this uni and I won the green card for the us so skipping lectures won't be a huge cost in terms of money or networking (I'm in Germany).
I have 4 exams for this semester which are IT systems, basic cs, basic programming and analysis 1.
I'm thinking of going back to my home country which is like 6/7 hours by car from the uni, study on my own and come to the uni only to take exams, coming to lectures isnt mandatory and I'd have them recorded for most subjects besides cs basics.
Because I've been studying cybersecurity solo for about 6/7 months now and the way I learned how to learn is to dig deeeeep in every sentence every concept every word that I don't understand. And its working great. And now I'm at uni where the professor talks and I can't ask a billion questions like I ask chatgpt so the end result of me not asking all the questions I need is that I don't understand the lesson and then I have to go home and learn by myself as if I didn't go to lecture
I just feel like it's unnecessary to attend lectures idk, do you think this would make sense or should I stay here?

It can be a double-edged sword honestly. According to my experience, it's much easier to follow the lessons and just prepare a little for the exam at home. But I have to prepare for the test alone from the beginning. When listening to the lecture, it's so simple, you have to listen to the lecturer and do additional research at home and answer the questions with research.
But if you think you will learn better on your own, maybe you could combine classes and independent study.

As someone who just left uni (Both bsc and masters) I'd say go to as many as you can tolerate and still do independent learning

Its better to be present mainly because of the opportunity to meet people and network with like minds

just because we're comp scientists doesnt mean we need to do everything alone, very important to get other peoples irl opinions on things as well and you'd be surprised how far it takes you

On another note, would you be down to take a look at my cv and give some advice if you have the time?

Post a redacted copy here as an image. People will be able to give feedback, but I'll review later as it's bedtime

hey guys may i ask, i'm a beginner and i just finished my first automation program, it sorts files for u, is it weird if i'll upload it to my github? it only has about 30 lines

A+ definitely not, for the others I would say just study the materials for the knowledge, and if you really want one cert to put on your CV then Sec+

although for a SOC analyst role I would recommend blue team level 1 over Sec+

no not weird at all

@plain adder

Hi. Im also just starting out my Cybersecurity journey. I’m current planning to take the sec+, I saw your reply in regards to certifications. Is blue team level 1 for SOC analyst role another Comptia Cert ? Thanks

Gave +1 Rep to @vestal vector (current: #918 - 4)

no it's not comptia, completely different company. just google it and youll find their website

Just saw it. It looks like it’s only for UK residents ? There’s another website that I have been recommended as well called CyberDefenders for blue team as well. Is anyone familiar with it ? Is it worth it ? Thanks

hi

the company is english, u dont need to be from UK yourself

Crowdstrike utilise it

as for CyberDefenders, i don't know it

Got it 👍

Thanks, I uploaded it

Gave +1 Rep to @lean shoal (current: #2266 - 1)

@tacit bobcat @flat sedge

Why is there no mod role to ping 🥲

Past abuses

Thx! For blue team cert would you rec HTB or Sec Blue Team? My friend swears by HTB but is Red Team Pentester so idk if that changes anything

Im about halfway through my studying for network so I MAW gun it, I have an unrelated degree and no experience so I feel like I need to overcompensate

Do you have any professional experience, in any industry, or a degree?

I do, I was in education for a year (not my degree) and was in a management for the summer which I just recently resigned from seeking a career change, either to SOC or Law (Law school admission cycle would place entry at Fall 2026 so why not learn SOC/IT is the thought process)

Not substantial but I do have people at both jobs who can/will recommend me

Do you think it's an issue for western cyber security employers if I've been in China for the past decade?

I would have the citizenship of the western country in question.

Out of the 3 job roles discussed on THM. Security Analyst, Security Engineer and Pentester. Is Sec Analyst the more entry level one? Is a SOC level 1 entry level?

they are atleast a upper entry level in my opinion and yes sec analyst or soc1 is more entry level

I thought it might be based on salaries I've seen. I saw some companies offering as low as £28k for security analyst. But £65k for pen tester.

It could be

Law school + cybersecurity is a good idea 🙂

They gonna think I'm the Manchurian candidate

pentester isn't a complete entry level. You don't a compnay to give this resnponsiblity to a entry level person

Yeah I know it's not entry level. No one is gonna pay 65k for entry level.

anyone going to the NYC Bsides?

Never been to one before, should i bring a laptop? I'm fairly new to the field, i'm not sure if i can even follow along with the workshop contents. Any tips or ideas on what to do there?

Depends on your credentials and certifications, one of my boys got a pen test role after getting OSCP certified without prior cyber experience

What's the difference of vulnerability research and reverse engineering

Where should i start? i am completely new to this

#start-here

Is it necessary to learn everything related to cybersecurity or just the things we require for our job role?
Say if someone wants to just pentest web apps, do they need to learn other things like hardware related attacks?

What do you think?

This is a genuine question btw ^

I wouldn't think so. unless you're doing physical pentesting or testing a piece of hardware it makes no sense to know hardware attacks for webapp. You just have to think about what other categories can at some point be related to your main subject.

What if you get RCE on a server through a web vulnerability? now it's time to get access and escalate your privileges. Then it's time to pivot and move laterally inside the network. For all of this, you're going to need to know some network penetration testing as well.

However if you're doing bug bounty for example, you will rarely have to continue pentesting once you find an RCE. In most cases you are not permitted to get a shell or do anything. You're gonna have to stop and report the bug immediately. In this case network penetration skills aren't required as much.

Alright! Thanks for the info.

Gave +1 Rep to @vestal sinew (current: #1131 - 3)

A) Bug Bounty !== Pentesting. Someone hunting for bugs on a programme is not conducting a pentest.

B) If you get RCE on a web server on a pentest, you do not escalate privileges or try to move laterally. Chances of that being in scope for a web app pentest are 0, meaning as soon as you try it you're in breach of computer misuse laws in practically every jurisdiction. i.e., you're probably going to jail.

Pentests are very tightly scoped.
A) That protects the testers, and
B) It restricts the scope of work and sets clear limits on what the supplier will deliver.

As I said last night -- lab environments do not reflect real life testing.

Yes and No.
There's far too much to learn about technology for anyone to know in a lifetime. You're never going to be expected to know everything about everything.

That said, there are certain common topics which most orgs will expect you to know. Web and infrastructure are included in those.
If you want a good indication, have a look at the CREST certifications and the UK CHECK accreditation. It's... questionable in terms of effectiveness, but it illustrates the kind of stuff you'd be expected to do.

For reference, the first two levels of CHECK are CHECK Team Member (CTM) and CHECK Team Leader (CTL).

• CTM roughly reflects Junior Pentester level. It covers applications and infrastructure.
• CTL roughly reflects Senior Pentester level. It is split into two paths: Infrastructure and Application. In other words, you specialise.

Having said all that though, remember that tech changes constantly. The most important skill you can have as a pentester (or just a hacker generally) is the ability to learn new things quickly. That linked with the curiosity mindset -- the desire to learn everything that you can.

I never said pentesting == bug bounty. If you read correctly I was differentiating them correctly. Your point 'B' is mostly related to bug bounties and not pentests. By pentest I mean a pentest web+network

No, my point B is related to pentests. I am a pentester, not a bug bounty hunter.

You are highly unlikely to get a pentest scope which allows you to fully compromise a webserver and then pivot through a network. It just does not happen.

That's closer to a red team engagement, but even that is more tightly scoped.

You also said (and I quote):

However if you're doing bug bounty for example, you will rarely have to continue pentesting once you find an RCE. In most cases you are not permitted to get a shell or do anything. You're gonna have to stop and report the bug immediately. In this case network penetration skills aren't required as much.

You're correct with the second point. You won't be permitted to get a shell or abuse the issue for further access in a bug bounty either.

You are not correct to say that they are conducting a pentest.

For the record, the closest you're likely to get here is webapp + infrastructure + build review as a multi-phase test.

In that instance you treat it effectively as three different tests.

1. The web app test. If you get RCE, you demonstrate it. That could potentially involve a shell after consulting with the business. If you do get command execution you do the bare minimum to prove it, then stop.
2. The infrastructure test. This is where you scan the scoped hosts and/or network segment(s) for targets, and look for vulnerabilities. Again, if you find an RCE, you speak to the point of contact then potentially demonstrate for minimum impact if the business are comfortable with you doing that.
3. The build review. You get given access to a host or a set of hosts, then you check configuration. That usually does also include privilege escalation checks, but it is not just an opportunity to go escalate to root and abuse that.

I understand thank you for the clarification!

Gave +1 Rep to @undone shore (current: #9 - 790)

Np 🙂

I want to increase my chances of getting into security after college/university. Is it bad that all of my interships are in I.T? I graduate with 2 years in I.T experience (level 1 with a little bit of level 2 and networking?)

No

IT internships are fine

hi guys! a bit of advice please, i am a student in the 3rd year and i want to get an internship or my first job as a junior SOC analyst. what would be more important now: to focus on basic certs or to have a portfolio of different projects and participate in CTFs?

im in the same boat as you except my degree has nothing to do with infosec

does anyone has a portfolio website i can view? i would like to see how it should be built like

darn

i think if you have a passion, work hard and submit like 2 bajillion applications you'll get in

thats what im trying to figure out if i even have a passion for infosec, for me its between this and data science/machine learning engineer

Hello all, I've got some career questions for you all. I spent the last year at an MSSP working in compliance, but was let go in August. I'm noticing that even for jobs where my resume meets or exceeds qualifications in security, the application is simply sitting there with no movement. Even for GRC roles and Analyst roles, I'm just struggling to get seen. Including with and without a cover letter. Is anyone else having this issue?

If so, do you have any suggestions?

If you're currently in your third year, start looking and applying for internships now. Applications are open for summer 2025 at a lot of orgs. Don't limit yourself to Cybersecurity internships or internships at trendy companies either.

A couple of things. It could be your resume, so feel free to verify and post your redacted resume as an image here. Second, you could be apply for roles that are "too junior" which is causing the organization(s) to ignore the application as they feel you'll leave too soon.

Verify and post a redacted copy of your resume as an image for review.

I would avoid the shotgun approach when it comes to resumes. Job hunting is itself a full time job. You should go for quality over quantity and tailor each resume to the role and organization your applying to.

for me yeah but if you have 7 years experience its not really worth changing your resume for every position

besides the general objective stuff and whatnot

I disagree with that. Each role you apply for is different, and you will have different ways to represent your experinces to make yourself a more attractive candidate for what the employer is looking for. Some of the changes are subtle to reflect or target the new company's culture, and some are more obvious like re-writing bullets to reflect how your skills better apply to what the position is asking for.

i guess y'all are right

dont know how i will find time to apply to jobs with everything else

Hey for my Security professionals out there. Before getting into the field, what skills were you good at? Did you have a strong programming/scripting Background, Networking? I'm trying to fine tune my skillset and learn new technologies so I can get in the field. I feel as if I know in theory about a lot of these topics, but actual implantation is the issue. Hearing your stories will be very appreciated.

Also, what job roles/personal projects help you break into the industry or even feel like you have an understanding?

Hey Moose, do you have any tips for an upcoming cybersecurity technical writer interview?

Lets put it this way, if you are training to become a car mechanic and you cant do sign language in japanese while making a souffle, NO! YOUR NOT GONNA MAKE IT! (I am getting used to this spiteful behaviour) seriously though, most jobs would tell you, "if you are hammering nails all day, you might wanna buy a hammer but you can leave the rest of the tool kit at home". Others will chime in with, "but if you dont know how to use the other tools..." Find the job you want, talk to the people you want to work with, find the skills/certs you need. Work towards those. I called a company the other day about a starter position and they said their number one thing was not skills/certs but the persons ability with customers, after that they will train the person for what they require. I trained to work on ships as an electrician, transferring to houses required further training. I looked at WHAT WAS REQUIRED and learnt that, I did not go back to college for three years!

another bit I would like to ad. working in television. my brother works in it, tells me its a nightmare to find work. YOU HAVE TO NETWORK, if you dont know people you wont know where the work is and will find it harder. YOU RELY on the people you know. speaking to others in this field confirmed that, they all say the same thing. Its not what you know but who you know. obviously having some electrical background would help if you are going onset to work as an electrician (due to nepotism, one guy there has no knowledge of electrics, his brother was a supervisor and so he walked onto the set) .....so, knowing there was a mountain in front of me i thought i would start somewhere near the bottom, seems you always start climbing a mountain somewhere near the bottom. i found the most common regular tv show on internet movie database, found the section that listed who worked in the lighting department and started firing off connections on linkedin adding a note about wanting to learn about lighting and stuff. 42 connections sent, two days later, 1 received. it was the head of the lighting department with the phone number to the agency they use. a call, a two month wait for a position and I got a years guaranteed work on the number one show on the BBC in the lighting dept. this went against everything everyone told me. next you will get some one pop up and say that computers are different and bla bla bla... to me it seems this industry has spite written all over it.

Thanks @noble saffron

Gave +1 Rep to @noble saffron (current: #784 - 5)

I don't know how to exactly respond to this message but... Damn! 👏

The best thing, rather than speak to people on here, is to contact a company that you would like to work for. speak to a person on the phone or better yet in person, conventions or job fairs. Maybe go to the place and ask for 10 minutes with someone. Ask them about what is required to work there, how you maybe able to get what is required to work there. Do not ask for a job if they have nothing. If they say send in a CV, then do it after crafting that CV to meet the requirements you found while talking to the person. you will find there is a human element to it. how you come across in person can make a big difference. if you are starting from an entry level then maybe tech support is the way to go. it may mean a year at the bottom but that is where most "normal" people start, I did and have my whole life. wherever you go you will be new to that place and process. you are starting an industry it would seem, with no knowledge it would seem. so go low and start there. its a year, that flies by. get that experience money and cert. they will know you after a year and could help move you up. if not, move on! every job you get take what you can, progress where you can. you are not just there for money. jump in, today, find a company, speak to someone, get talking and learning from people in the industry.

I would caveat and say contact publicly facing people of the company, ie recruiters, and do not cold message/call the regular people that work there. If you have a connection at the org (Alumni, former coworkers, etc), great talk to them. As a regular person myself, I wouldn't want to be inundated with that stuff unless I had some form of previous connection, no matter how loose, with them. Otherwise, it's going to be a block 99% of the time.

Cyber is different in that you have a bunch of paranoid people who's job is to protect xyz against an onslaught of attacks, including social engineering.

Describing it like that it does sound like a bunch of isolated people (paranoid + social engineering)

that sounds like a horrible job, being paranoid for a living, screw that

I am guessing that you mean, someone getting an email and thinking "is this phishing". if so, then it would be a case of think about it and maybe ask for a second opinion if really not sure. I would not know rather theh just report it as phishing scam. if you are saying that the job makes you paranoid, i guess i should find another career option.

would tryhackme be a correct option to learn blue teaming? Or is it very much oriented in red teaming?

Yes!

We have dedicated blue team paths

yeah i am currently doing the soc level 1 path in THM. I was wondering if there are other good stuff to do after that

The SOC Level 2 path

The Security Engineer path

DevSecOps path

Have a try at challenge rooms too that make you do mini DFIR investigations and whatnot

alright. thanks. i wasn't sure if i wanted to commit for a yearly subscription.

Gave +1 Rep to @dense dagger (current: #20 - 416)

Thanks for the info

Gave +1 Rep to @noble saffron (current: #689 - 6)

There’s honestly nothing wrong with software engineering to security and cybersecurity/pentesting roles aren’t really keen on looking at what “tools” you use but rather your methodology. Experience with security is not limited to having cybersecurity roles, this can also be things like implementing secure architecture on your application, in your CI/CD, and creating standard and secure coding practices aligned with OWASP. We’d love to review your resume if you want.

anybody in this chat room has shifted to pentester role from a completely different domain, please shout.

nyc?

perchance

Yeah! You going as well by any chance ?

fucking pos car’s on board nav made me miss my original train by like 2 minutes and then the next in keeps getting delayed
like why tf couldn’t the one i was made to miss be delayed a few
and why is there a random gap in the middle of these otherwise consistent trains
ugh

NJT sucks

I was 2 numbers off of the grand prize at the closing ceremony,-,

One message removed from a suspended account.

Hello .Is it a good idea to get the CompTIA A+ certification to secure an entry-level job in IT and gain more hands-on experience, while simultaneously working on improving my skills? My plan is to build a strong foundation and, in parallel, continue developing my expertise so I can eventually apply for my goal job as a pentester. does it make sense?

I would rather go with Security+/Network+ or Pentest+ if you're already interested in security. A+ is pretty basic certificate .

You shouldn't need certifications for entry level IT, ie helpdesk

Assuming you don't have, or are not in, a degree program?

hello, I have completed my bachelors in computer application and pursing masters in cyber security in online mode (full time degree), and learning on tryhackme as well. What should i more to get a entry job in ireland ?

certifications?

i dont have interest in development or coding fields much

please suggest

By obtaining a masters, you're likely going to price yourself out of entry level salaries. I have to ask, are you currently in Ireland? If not, you're going to have to follow their immigration process which you can learn more about by contacting their Embassy.

no currently not in ireland.. im looking for a job there in entry level

please suggest what should i do to get entry level job?

Do you have the legal right to obtain a job in Ireland?

just google IT Cert. do labs like active directory and maybe a dns server

entry level / help desk mainly care for your soft skills and how well you can communicate to people

your soft skills / basic foundational questions / desire to learn / work well with teams

is the google cybersecurity coursera certificate worth it?

is actually very boring but yea it can help on ur cv

and u can learn some basics

i think that tryhackme paid paths are more valuable tho

tbh the length of the course is the problem

if you have foundational skills already (basics and some networking), continue to do labs, and study for your security+ 701 if you want a straight shot

even though the length of "landing the job" time differs for everyone. so many factors out of your control

IMO, no

The Sec+ has more value

Question, I live in Midland, Texas and it is big on oil, but not so much on technology. So job postings on Cyber Security are not very easy to find as in big cities. What are the odds of starting in a Cyber Security position remotely or even a hybrid position where I can work in office for a week and home for a week. Any suggestions, advice or positions I should be aiming for would be greatly appreciated. Currently doing Google Cyber Cert, TryHackMe and a Python Course just because I have a passion for Ai as well lol. Following the UnixGuy advice.

Anybody done any of the crest certifications?

@quick forum has, but they'll be currently working.

If I want to get started on bug bounty, what is the recommended amount of knowledge needed? THM rooms-wise

Web apps.

Owasp top 10

That sort of stuff.

#bug-bounty has resources.

I'll check it out. Thanks

Gave +1 Rep to @broken idol (current: #1 - 2888)

These two modules are also great resource if you're interested in bug bounty

|| https://tryhackme.com/module/advanced-client-side-attacks ||

|| https://tryhackme.com/module/advanced-server-side-attacks ||

Does anyone know if it's possible to get a job as a pentester in Poland for a foreign person?

Planning to move to Poland and get a job there

Yes it is possible, do you have any experience?

No, but I'm asking for the future

After finishing courses and passing certs

Yes, but I'd suggest getting some experience first and then trying to travel for work. It's not only about Poland, but basically everywhere

The market is also quite competitive in Poland

I could get in my country, Russia

The requirements are quite okay

If you're from Russia then it might be quite hard to find a job in Poland ngl

I don't want to be too political, but you're probably aware of the situation

Even before this war Poland didn't like Russia :pp

You could try germany, people here are quite liberal and try to differentiate between people from countries and politics of said countries

Well, maybe you are right. I considered Poland since it's my fav country

Don't worry, you'll have many polish people in germany, too 😅

Nope not CREST

Oh..

I'm getting that mixed up with CyberScheme... again

CHECK?

Yeah 😅

I know someone who’s done it. They say the materials and exam are absolute BS apart from other ones (like ZPS).

Ah ok - I’ll dodge that one then - just using that decent cyber security cert roadmap to pick out my next moves

how can i land a job at tryhackme

https://tryhackme.notion.site/Work-at-TryHackMe-6bd665d7bd3448348d04fa06f4b4ef66

where should i navigate after this page

that's the first test 😶

oh i love that

Hi

Is there anyone hiring a junior penetration tester? Please let me know.

#jobs-board

Anyone who has a computer science degree, how math based is it.

Depends on where you go. Where I went it was a class shy of an applied mathematics minor, and lots of people dropped due to it. If you go to an arts college where it’s a bolted on afterthought, that experience may be different

I agree with what was said above. Its largely a factor on where you’ll take it. Be sure to research up on their curriculum, graduates, and the department as an overall.

Could anyone guide me through the roadmap to get into Cyber Security Field from an IT support role? Any specific certifications? Also, what particular rooms I have to practice in Tryhackme? Much appreciated

You can start here || https://tryhackme.com/r/path/outline/cybersecurity101 ||

this is a popular security certification roadmap that is often referenced, but I do have some reservations about the placements of some certifications > https://pauljerimy.com/security-certification-roadmap/

the real answer, however, is that you have to do research on your local job market and local job postings and find what employers in your area are asking for

hello, im new in security. i want to be a product security engineer, where the main job is related to secure design architecture, code review, secure coding, etc. can you recommend me books (specifically for secure design architecture) or skills that i need in this field? thank you

Designing Secure Software, A Guide for Developers by Loren Kohnfelder

I think the #security-engineer-path and #devsecops-path in TryHackMe will also help

thank you very much, i will read this

If any openings relate to secops and cyber sec roles, please let me know

If a job application asks my current salary, is it okay to put $0 or something if I don't think they need to know that? Why would they need that information?

Depending on your location, you are not obligated to answer that directly. You can certainly say a number that will make it worth your while you make the jump.

That's what I ended up doing. I don't feel comfortable with my current salary so I figure if they need/want that information I can tell them what I want it to be.

Thank you juun

if i had to guess getting all these certs (which i understand is completely impractical) would probably be around $200k

oh i see hovering shows the cost

it's probably closer to $400k 😭

i crunched the numbers it's $454345