#cyber-and-careers

that would change my life too as a broke college student lol

bro it would change a lot of ppls lives trust me , 10k is not low my frined

you can do bigger than it

I use to work tech support for a company but they fired me so right now I’m on unemployment

So trying to level up my skills and study

at this moment 2k and a half of dollars would really make my life

just gotta keep trying

yeah thats a solid decision

For sure. Definitely not giving up at all. Things are just insanely tough right now and my resources are limited. So college is not an option at least until I’m in a better role

u can keep sending cvs out too , maybe you'll find something new

yeah i feel you

Yeah, been doing that. It’s only been about two weeks but I had an employer tell me my resume was impressive but they’re not moving forward.

lol

lmaooooooooo

thats actually a thing already 😂 😭

all my linkedin emails begin with "thank you for applying, unfortunately..."

Yeah it sucks man but we will get to where we want to go

ofc bro

we already used to it

i remember that for my first job

i got me for 1 month sending cvs out

You Wassup!!!!

on the street, for anything that could hire

i just got an interview 2 months after

but before that i was feeling like i was real useless and not hireable like that idk lol, i was almost selling ice cream on the street

Well that’s inspiring man. Job market is very different. Seems like they want you to have a masters to pick up a phone these days it’s insane

For real lmaoooooo

and sallary will be like less than 2k

and you can be sure that will be very crowded

Maybe they want skills as well
I mean, Each university produces 1000s of graduates but only few got skills

However, Many people are not graduted but got skills

They excell in their feild with skills only

I saw a job post they wanted a level 1 help desk to have a masters in computer science. Not logical in any capacity. Considering I’ve done those jobs and excelled at them easily. Lots of these jobs are just disconnected and want degree porn for simple jobs, and then on top of that. They want to pay someone with a masters degree an unlivable wage for that simple task

I SAW A LOT OF JOBS LIKE THIS LIKE YESTERDAY

is ridiculous !

im trying to apply to help desk just to elevate my level a little on the market

but its not possible

i dont wanna guess what they are asking for ciso jobs

40 years of comproved experience with linux and 3 degrees on computer science , economy and biology

I feel bad for the graduates. Imagine you have a masters and you think you’re going to get a job making 6 figures easily and then they’re like “yeah we want to only pay you 15 bucks an hour while living in LA.”

.

good night friend

thanks for the talk

Take care of yourself, going to get back to studying myself

Well, I have seen my friend who didnt had a degree in Film Making or Journalism. He went for a job with those having degree. Idk how but he did convinced his employer for being better then all. Now he is manager at a local new channel where he applied. Hence proved, Skills are better then just having a degree to greif

Yeah I have no doubt that happens. I guess the point I was trying to make it the market currently is skewed against people who don’t have master degrees or bachelors even for entry roles and it wasn’t like that before.

Well thats a solid point
Even if you get a Job, Its not worth that to pay your bills

Like I get shells to teach at a school

Cant even pay my bills if I wont freelance

When I went to Asia, they wanted a bachelor degree for flipping burgers.

Insane market requirements like that are spreading all around the world

Since I am from Asia
I verify the statement

lol

It’s crazy man

Glad we can now freelance

Free from Job stuff and Job Hunting

So this is something that comes up rarely in my line of work. But I never know how to deal with it when it does. How do you explain a tech related work project you've done to a non techie manager without A. sounding condescending. B. selling yourself short?

I imagine it comes up every day for people in IT careers.

If I try to explain what I've done technically they will think I'm being condescending. But if I dumb it down too much it'll sound like it wasn't hard to do.

Focus on the why and what, Not just the how:
Why: Explain the problem or opportunity that your project addressed. Why was it important? How did it align with business goals?
What: Describe what you did in terms of outcomes or changes. Focus on what it does, not how it does it.

Ask ChatGPT to explain it for a 9-year old

Yah, that's even better 😄

Some good methods

I'm a school teacher that has to teach STEM and I feel my bosses eyes glaze over when I try to explain what I'm doing. Which leads me to sell what I'm doing short all the time.

Like when I tried to explain I was teaching material on PID loops.

They need pictures drawn in their head with your words. A lot of people wont understand things without having a "picture" of it.

Perfect for storytelling 😂
(just looked it up on)

Start with the word "Imagine" and it will automatically create a picture for your story in their head

Oh I guess I didn't need to worry about seeming condescending or selling myself short. I said basically "Point 1, Point 2, Bad news about point 3, Point 4" and they said "Sorry to hear about point 4". So they didn't even read my message.

I’m launching a business today anyone wanna look at my website and tell me if it’s good or not?😅 I coded it all and hosted it on GitHub so it’s not like square space or anything like that. Don’t bother trying to hack it, you can’t😉 (pls don’t hack it)🥲

Good luck with your new business 🙂 🫡

Thank you! I posted the site in #general

Gave +1 Rep to @keen tundra (current: #145 - 51)

Looking good tbh, just maybe upload a little bit higher res image of Jacksonville 🙂 . Good luck 🙂

Reading the comments above, it does feel that in this day and age that you need to have a definable project completed to get a chance at a job.

A degree does not showcase experience and that is what employers want to see more then anything

Well, I think it depends of the country and companies, I'm on my last year of computer engineering, got into cybersecurity 1 year ago, where I concluded a small cybersecurity analyst course from my University, been doing tryhackme pathways, have some homelabs I have setup and show cased them on my portfolio.
I have applied for many SOC Analyst positions and all denied my application, only 1 company called and showed interest but as soon as I said I didn't have my bachelor's yet, they said they could not sign a contract because it was mandatory for applicants to have a degree completed.

So I'm at a cross roads. I'm trying to become a penetration tester and I dont know what certs to get that dont cost over a thousand bucks... I know the OSCP and CEH are popular ones to get past HR but they're just too pricey. anyone know of any good popular certs that dont cost an arm and a leg? Just to get an entry lvl pentester job?

I've been listening to some podcasts lately and the advice I've received from them is to:

1. Join a community and ask questions. Why do you want to join this field? What interests you?

2. Learn the basics, the fundamentals and make your way up step by step. Also don't think it's something you can just finish in 2 to 3 months. There's a lot to learn, so calm down and take it step by step.

3. For career wise the biggest take away I got is not many companies will want to hire you just because you completed an online course and you've got a certificate. A good look would be having some experience working for example an IT desk support position. The host of the podcast said this because it opens your eyes to the fundamentals of things, additionally while you are working you can pursue the CompTIA Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP), Systems Security Certified Practitioner (SSCP) or GIAC certifications.

Additionally communicating with the management of the company you are interning tell them that you'd like to join the cyber security department is a way to enter in as well.

if you mean “popular” in which everyone knows about them (even HR), then unfortunately, there aren’t a lot of other “popular” red team/pentesting certifications based on that criteria

CRTO, CPTS, and PNPT (and others that haven’t crossed my mind at this moment) are red team/pentesting certifications that don’t break the bank (as compared to the OSCP and CEH), but again, they aren’t as well-known as an OSCP or CEH outside of the InfoSec community (exceptions apply, obviously, and I guarantee there is a great number of job posting that mention these certs anyways)

regardless, “entry-level pentesting” is a bit of an oxymoron because certs often do matter, but companies would prefer to see a history of prior work experience in InfoSec (unless, of course, you had an internship with them, had a referral/connection into a position, or just got lucky)

Yeah I was looking at the CRTO

as my next course of action

hi everybody

keep in mind that those list of certifications you mentioned are unrelated to each other, have different price points, and require different experience levels

• a Security+ has no experience requirements and is considered an entry-level certification
• a CEH just has a hefty price tag but has a bad reputation in the InfoSec community because of the EC-Council (and the fact that it doesn’t put you through a simulated engagement)
• some of the certs that you mentioned that are offered by ISC2 or ISACA (CISSP, CISM, and CISA) require documented work experience before you are actually granted the certification (the CISSP notoriously requires 5 years of work experience before you are granted the certification)
• additionally, the CISSP, CISM, and CISA are intermediate/advanced-level certifications that don’t fit in the same list as an SSCP, CCSP, or Security+
• the SSCP and CCSP are decent certifications, but a Security+ would sort of make a SSCP redundant and associate-level vendor-specific certifications from AWS/Azure would be much more helpful than a CCSP
• have your employer expense GIAC certifications for you, because I guarantee that you don’t have $9k USD lying around for a single training course + certification voucher

CRTO is fun as hell, but it's not entry level pentest, and pentest is not entry level to security. There's a lot of context and background you need to do pentest, and almost all of it is building trust that you will not break the companies infrastructure. Pentest does have a lot of risk, and a company has to be able to trust a tester to not break shit beyond the agreed on scope.

What is the most entry-level type of security that I should be looking for a job in? (I havent figured out what Id like to specialize in yet, so I'm willing to hear all options please!) :)

the most "entry-level"? probably SOC analyst tbh

I had thought about that as well too but I wasnt sure

regardless, assuming you don't have prior IT work experience, it would be better to start with foundational IT skills and experience at a help desk or something else

Thank you

@fierce acorn hey can I get some advice

Please

Great info, but why does the EC-Council have a bad rep?

I heard you needed the OCSP to get an entry lvl pentest job

from a pentester in my local hacker group

Incorrect. It's a very common HR gate, but more important than any cert is the history and background for the job.

• plagiarism of an entire blog article by an InfoSec professional
• shady business practices
• sexism accusation because of a poll they posted on LinkedIn

if you can look past those transgressions, then the CEH is a good HR bypasser

OSCP does not get you a job, it's one way to open the door.

CEH is only good in India.

Even DoD has removed CEH from their list of security certs on the latest revision, IIRC

good

Damn, I had no idea, thanks.

Gave +1 Rep to @fierce acorn (current: #1150 - 3)

So how does one get a history of pentesting real company infrastructure without being able to pentest real company infrastructure? YOu're saying even if i hack every box in HTB and get OSCP and OSEP, I still cant land a job? 😦

well, yeah, because it's a box, not a real-life scenario

companies love documented/actual work experience

actual work experience doing the job im unable to get?

Im confused

It depends on the company. I'm not saying you can't get a job as a pentester, I'm saying that you have to have some background that indicates you can do the job, and that you understand what the job vs what others think it is.

There are many routes in to security, and pentest in particular. What I'm saying is that if you focus on that one aspect of having a specific cert, you are likely missing out on many experiences that will make you a better tester and employee.

^

and the fact that the majority of people get jobs because of promotions, referrals, or connections into companies

What do you suggest I specifically do then?

Your current job should also be helping you to get your next job - you need to figure out a career plan to make that transition, you can't just expect that you can work as help desk, get a cert, and assume you can make the jump.

im a sys admin

trying to become a pentester

Great. So what do you think a pentester does?

what's the business value in a pentest?

finding vulnerabilities in their network and providing different solutions to resolve them in priority of risk vs cost

Nope

You are sort of on the right track, but a pentester does not determine what the remediation path is

i know that

i didnt say that xD

So lets take a step back: Please define what you think a pentest is

a vulnerability scan that you pass off as a pentest /s

a security exercise that simulates a cyberattack to identify vulnerabilities in a computer system

providing different solutions to resolve them in priority of risk vs cost is exactly saying that the pentester determines remediation. Risk vs cost is not a decision a pentester makes

i didnt say thaey make that decision

they just tell them options

they dont choose

Also not correct. A pentest is a security assessment that is an evaluation of specific operational or functional security controls and mechanisms

thats up to the CSO

I just pasted the answer google gave xD

Yeah, I know.

It's wrong.

i guess my english isnt as good as yours. it looks to me like you just reworded what i said

to my knowledge of english

to me it just looks like arguing over semantics

Ok. Good luck, then

dont just shut down

Im trying to communicate

and get information

so you're saying everything i've been doing in TryHackMe over the past several months, wasnt pentesting

Correct

was just a big ball of nothing?

It's not nothing

but it's not penetration testing

You are learning many things that are useful and valuable on a pentest, but a pentest is rigidly defined for what is allowed.

Ok how does one learn how to do penetration testing? if not HTB and THM? and OSCP?

A pentest is at least as much reporting as it is technical work.

IMO the technical part of pentest is the easy part. The hard part is all the report writing.

Thats the easy part for me as i have to do a lot of technical writing when creating SOPs and writeups/reports for my network builds and changes i do for my current job

Thats the part i already have years of experience with

Ok how does one learn how to do penetration testing then? if not HTB and THM and getting the OSCP? @flat sedge

Sysadmin is a good place to start. Look at the controls in your environment, and think (but do NOT test) what you could do to ensure they are functioning as intended. Pay attention to compliance audits, and policy and vulnerability scan reports from your security department.

Do you have an internal pentest team? Ask if you can shadow them on an engagement

Unfortunately they're out of state.

Most pentesting is done remotely. That should not be a problem.

Thank you for the clarification, I was just passing along what I've been researching!

Gave +1 Rep to @fierce acorn (current: #933 - 4)

I just wish Cybersec was as clear of a path as every other field of study in the world... i swear i picked the most confusing path to excel in xD

every step you take, is the wrong one

I feel this lol

its like walking in a boobytrapped pyramid without a torch. floor tiles falling into punji pits, arrows flying every direction from wall slits

you know what you want to do but everything in the world is trying to stop you

and no advice is correct

Me: The cybersec field is soo fun! I'd love to do it for work!
The World: There's a huge demand and no one to fill the roles! We'll pay loads for people interested in it!
Me: Awesome! What do I need to do to fill said roles?
The World: Dont worry about it, go fuck yourself.
Me:

https://tenor.com/view/triggered-gif-22863588

Everyone has a different perspective, and comes from a different place. Often, there are things that may be right for one person and place, but aren't universally true for all positions and paths.

One of the big problems in security right now is actually in common with dev and sysadmin: no one wants to hire junior roles and train them. It's expensive, and the business cost for developing talent is significantly more than just hiring someone with a higher salary.

but then people cant even self teach if the employers wont

they're just fucked

xD

Your best bet is to look at job reqs for mid to senior level roles, and put time into your current role to gain experience in those domains

So what would you think is the best way to get into a job as a junior?

Answered as I asked, thanks

Get a degree in CompSci, or work somewhere in IT to get started.

Im in my last year in my CompSci degree

I was just going to try and look for the best IT Support/Helpdesk job possible to start out

Help desk, sys admin, net admin are all easy places to get into.

Most importantly: understand that you can have a degree, but your absolutely best way to get hired is to be social. Develop your social network with other tech people.

CompSci BS is probably going to price you out of entry-level help desk; a net-admin, sys-admin, or jr dev would be a better fit.

Go to local meetups, if there's a local maker or hackerspace join and be a part of that community.

Thank you for your input :)

You welcome.

One thing that I see a lot with recent undergrads is that they are very heavy on the theory, but not as good with practical.

Regardless of your background, I strongly recommend setting up a homelab and modeling it after the kind of place and thing you want to do.

You want to understand how to manage systems? Great, set up a homelab with some kind of domain controller and join other devices to it.

Do you have any recommended resources on starting up one?

You want to be a developer? Cool, learn git, learn how to automate CI/CD, learn not just how to develop, but how to manage your development practices

VMs are super cheap, if you have a recent-ish computer it's trivial to run a VM or two locally

Most cloud providers also have a free tier, sign up and use it.

Appreciate it all, thank you!

Want to be a pentester? Cool, start to understand how CIA and DAD relate to each other, and be familiar with the cyber kill chain. It's not technical, per se, but it's definitely extremely helpful to understand as a process of compromise.

What's the usual charge rate for pen testing a company's system?

In the US

for small company's its between 4000 and 15000 for big company's so expensive maybe 50000 $

oooooh tryhackme just posted a new job listing on linkedin

it was already mentioned in #jobs-board if you want more information

you gonna apply?

oh, ok. thanks

Gave +1 Rep to @south moat (current: #2314 - 1)

already have...

What's the job?

you welcome bro

oooh.... Hope you get it

thanks

Sorry to jump in the conversation, so I guess I'm on the right path, last year of Computer Engineering, having some experience in IT, have set up homelabs and built a portfolio around them to get my hands dirty, having the cyber analyst course also from my Uni?
Currently unemployed, been both applying for IT helpdesk jobs as well as SOC analyst and 98% of the companies still reject my application.
I must be doing something wrong? Lacking the social skill you mentioned perhaps?

IMO, social skills are going to be the main driver when you are in a customer facing role, both help desk and SOC are typically customer facing. As someone who is also socially inept, this was an uphill climb for me but it is possible.

I do have social skills too, as I worked many years dealing with customers, I meant, lacking the social interactions and connections

Oh, anecdotally, I'd say the connections are not as important in these roles. Unless you do high profile work and work in very public circles, let your resume and your technical skills carry you to the interview

Well my resume is not carrying me anywhere yet

Maybe at the C Suite level, sure, but those roles are typically rife with nepotism anyway

Also note....this is a numbers game, not only is this a hyper competitive market for both employees and employers, but if you work for a "for profit" organization and apply to their jobs, they'll also be going with most likely, the cheaper of the candidates. It is very often a tale of "We can train them" as opposed to hiring someone who has more implicit knowledge that likely salaries higher

In the US I feel like this is less likely the case, but in my roles in hiring in UK, contential Europe, and Australia, this was the mindset

keep your CV/resume to 1 page and your coverletter to 1 paragraph

My bet is that it's your resume, in some way. That kind of background should be a callback. Several of us sometimes help people tune their resume, if you want to redact and post screenshots of it here.

Single biggest advice I can give: don't shotgun the same resume to 100 employers. Take the time and align your bullet points to things the job is looking for.

I'd agree with this ^

Everyone has a customer, always. Even if it'm not client forward, my customers as a SOC role and pentester are the other internal groups that I have to interface with to do my job

If your resume has unrelated things on it, it will stand out negatively. It takes more time to cultivate a bunch of resumes but it's worth it when you're looking to hire someone and you note the extra effort

One thing I have heard that I like is that security is about building bridges.... until it's time for them to be set on fire

Working in Swiss Secrecy for a time meant that I got to burn bridges ALL the time

Especially working a cyber or infosec job, you have to be especially cognizant that you do not work in a vacuum. Your customers in the SOC are the organizations and system owners for things that you have a dashboard to monitor

Your role is NOT to tell them what to do, just make them aware of things as they come up and provide a recommendation if asked.

"We are getting deprecated TLS warnings in our policy scan from our monitoring agents." is an informational alert, not an emergency. Don't start fires if you absolutely do not need to

That's probably the issue you described, I shotgun the same CV to 100 employees.... I will try to take the time and update the bullet points to what the job is looking for.
I can post some screenshots

Profile section contains real name. In the US, this resume would be an auto-reject for formatting. It doesn't actually tell me why I should hire you. Fully 25% of the entire page is spent on things that don't add perceived value. I advise US candidates to not include pictures or any other info that could be affected by a personal bias. A personal statement is fine, but yours is taking up a lot of space and is clearly something to just reduce the amount of white space. Don't include training unless you got a real industry certification, or it's an actual accredited degree.

If you are still a student, it should be clear that you are primarily focused on an internship while you complete your Undergraduate or Associate's degree.

Thank you, I will take the advices in consideration and make the appropriate changes

i'm so confused about my career

everyone is

which certs are most important for an entry level in cybersec?

comptia security+ and certified ethical hacker?

and/or something else?

most important? whatever your local job market says

as a general rule, I like the Security+ for what it is, but others have reservations about it

Honestly

What I am learning now is that certs are just there so that companies can take money from you in another way. Hands on everything and make projects if you can.

and the CEH is laughable from both a technical and business perspective (on top of the hefty price tag it already carries)

Doing a lot of theory is nice and all but experience is king.

that’s one way to look at it, sure, and I know you’re not generalizing the entire certification industry

but there’s a reason why the CEH is meh, and why certs like the CRTP, CPTS, PNPT, and OSCP are supported by the InfoSec community

No some are worth it cause its hands on knowledge. Like what you said, and I agree XD I just wish I knew sooner cause I got a ton of theory certs and honestly hands on is the way I am learning. <--- Way better btw

thanks, i won't waste my time on that

Gave +1 Rep to @fierce acorn (current: #633 - 7)

yeah for sure experience will always be better, but sometimes certs are required for some jobs

i've even seen it on job listings

personally i'm already in my career but i'm trying to make a switch

i want to switch within my company

so i'm definitely going to try get some info on what they require

Its honestly not a bad move. TBH Internal switch is way better then outside hiring

agreed 100%

i like my company and i have years of experience here

which would be helpful even in a cybersec role

or helpdesk

whatever

i'm just concerned about a paycut haha

The way linkedin is lol. You got this man. The pay cut might be worth it to get a better set of skills.

Customer service can only go so far

i don't work in customer service haha

i'm an analyst

but yeah for sure i perceive cybersec as having a better future

if your company is paying for it, then might as well get it lol

free HR bypasser

hmm not sure

i will ask

lol that is a good way to put it

i'm not sure how much they'd be willing to pay for this kind of thing

but they'd definitely assist with the move by helping me get another role

my manager has suggested it

since i told him

he said he would talk to people and try help me as much as possible

yeah, it depends on the company

large companies will easily pay for SANS/GIAC certifications (depending on tenure, experience levels, and willingness to train), but each SANS/GIAC certification is $9k USD for the training course + certification voucher

dream goal is to work for a company that will drop around $22.8k USD on me for a SANS Institute Graduate Certificate in Incident Response

4 SANS/GIAC certs for a discounted price 🤷‍♂️

Im really into maths and statistics but also in cyber security. Im hoping to do a statistics/stats and maths degree and get (a) certificate(s) around the 2nd or third year to land a job in networking afterwards. Eventually climbing to a cyber security role.

Does that idea sound far fetched?
My concern is whether the statistics degree will be a disadvantage when compared to other candidates with a cyber security or computer science degree.

that would be amazing

not at all far fetched, people go into cyber sec without a degree

i get what you mean, if your applications were up against someone with the exact same amount of experience and same certs, maybe you'd be at a disadvantage

but honestly even then, things like practical and personal skills may be prioritised more

i am speaking from generally how employers choose candidates but feel free to jump in if you are already in cyber sec and feel differently

Thanks for the answer, neon. The reason I’m not going directly into a cs degree is because I would have more opportunities in other job sectors if push comes to shove (or at least - I believe it would be more versatile)

guys i have question, its mandatory to know all scripting language for penetration tester or cyber security? also powershell?

It isn't . Focus on one and master it .

I would love to see a jack of all trades who’s a master of all (hint: there isn’t one)

thanks dear, thats huge.
also i dont know if you are advance or professional could u advise me for cyber security roadmap?

Gave +1 Rep to @keen tundra (current: #139 - 53)

If you're complete beginner , start with new "Cyber Security 101" path on THM , it's a great resource to start with

im actually not new, but i started with fundamentals, i would like to join a red teammer. could u kindly give me some advice. i want learn almost every path

There's also "Red Teaming" pathway on THM , check it out 🙂

i know, thanks dear. sorry for took ur time, last question what level are you? also whats ur field?

I'm Purple Team kind of guy .

bruh what?! did u learn mostly from tryhackme web?

Yes

my mind start blowing! pls at least tell me how many hours did u study? also how long have u been on tryhackme?

Since late 2020

your great!
so became a purple team require anything extra?

Well , your need to learn a little bit of both read and blue teaming 🙂

You also have SOC paths on THM if you're interested in blue teaming

actually my goal is purple team but i thought its almost impossible for me, since im 26 years old guy, who graduate other degree

Nothing is impossible , just keep practicing 🙂

i will, im studying almost 6-8 hours 4-5 average

do u have any extra advice for me? for purple team?

You're doing good , just keep going 😉

thanks dear, give me some advice, should i join a team or just keep going solo to hero?

Gave +1 Rep to @keen tundra (current: #137 - 54)

Whichever you prefer . I'm more solo kind of guy personally

can u work alone?

There're positions in cysec that you can work alone like bug bounty, pentest freelancing,...

which one is most dangerous also which one is huge for profit? also difficulty?

im asking too many question -_-. but ur rare to find

What do you mean by dangerous ?

for ex, network is dangerous for hacker to access cuz they can do anything with it, so as a cyber i have to work against them in this dangerous way

bruh do u thought im gonna creating nuclear lol

Still looking for what's dangerous my dude

It is a strength to be proficient in scripting but it is NOT a requirement.

lol

thanks dear

Gave +1 Rep to @dense dagger (current: #20 - 420)

morning

afternoon

correct

hi everyone

im new here im just starting my cybersecurity jouney

i need help with what to be using to practice , am i to download kali-linux?

and what are the things i need to know that will help me more please?

Have a look at #start-here

We also have an ongoing event for cyber beginners. https://tryhackme.com/r/resources/blog/new-cyber-security-101-path?utm_source=discord&utm_medium=social&utm_campaign=cybersecurity101

thanks im done with this im doing this presently https://tryhackme.com/r/room/pyramidofpainax

Gave +1 Rep to @dense dagger (current: #20 - 421)

Yeah that’s a great room and I believe its in SOC L1 Path

yup 🙂

ok thanks so much man

Gave +1 Rep to @dense dagger (current: #20 - 423)

Hey guys, I was wondering what you actually do in a cybersecurity job. What kind of tasks you have?

Cybersecurity is a pretty wide range of jobs, this will also depends on the organizations hierarchy and roles and responsibilities

For my role, I am the cyber risk manager and I also perform incident response as our organizations incident manager. These two parent responsibilities carry tons of actual functions underneath them

this is like asking what you do in a business job

cybersecurity is a vast field, and if you are planning to transition into it, you will have to choose a specialty

on top of that, cybersecurity is a subset of information security, so there are more jobs to choose from there

my role as a L1 SOC analyst specifically triages, investigates, and/or escalates alerts created by our security tools, but we have L2/L3 SOC analysts, GRC analysts, security engineers, and managers/directors on our team as well

hi can anyone help me pls with this q in the new path in thm in cryptography
Knowing that XRPCTCRGNEI was encrypted using Caesar Cipher, what is the original plaintext?

https://www.dcode.fr/caesar-cipher

🇫🇷

wrong channel btw

i got it !!!

Hey looking to network with y’all! Here’s my LinkedIn - https://www.linkedin.com/in/kevin-botana

Hi there, got the opportunity to have a Cisco formation offer to pass CCNA, could it be a milestone to do Cybersec later or should I start with something more direct like Sec+ or other stuff. Thx

CCNA is a good foundation for learning networking which is a must if one wants to jump into cybersecurity

Ty 😁

Hello! I passed my CISSP exam! Would another CISSP be willing to take a quick look at my application?

Application to what?

I would assume to apply as an ISC2 member and for a CISSP holder to sponsor him to obtain his CISSP

Aahh.. if its the endorsement process, I've been reading that it is quicker to have it done by ISC2.

Hey y'all, I'm new here and I want to go into this cyber security career, any help on how I can start?

Start here

https://tryhackme.com/r/path/outline/cybersecurity101

Thanks man

While learning on tryhackme and applying for help desk roles is the path im on at the moment it doesnt seem to be enought

Is there a way for me to work on a project that i can showcase on a resume that would put be above others in the job front?

Does anyone know of a few examples of some projects to work on to get into help desk and work up from there

I think it's overall about writing scripts on Github and overall about automation - hacking tools for educational purpose, having portfolio website.
Then also participating in CTF's and also scoring bug bounties to show off your skill.

Going to networking events.

I guess having a portfolio website and showing ctf on that does make sense

I have only posted some on my github of some past ctfs

also being active on LinkedIn writing articles and showcasing your achievements

kinda goes hand in hand

scripting and automation will be rather hard to obtain since how do i showcase original scripting in such as vast field. Would need advanced coding knowledge that i do not have

I mean, then you most likely need to invest tons of time into coding too now.

The Bug bounty idea does sound like another good idea thought, i heard bounties are normally very low and that the bug hunter is at a huge disadvantage.

I find that getting helpdesk job is almost impossible as like 100-200 people applying for the same position, so you kinda need to be the best one to get hired.

So the only real point is to be noticed

I mean for somewhere like eastern europe, it's okay.

Since there is quite frankly zero obligation for the company to pay out a bounty at all.

Yeap

They can easily take the report and pay nothing and another person will still hunt bounty for them no issues.

this reason you must do trough third party

who deals with all of this

Even with a third party it still happens

Well in a sea of bad options its the only decent one

Doesn't matter really

The main thing that you get recognition and that you found something

It increases chances to be hired

I have an endorser. Just wanted to make sure the part about my experience looked okay before submitting

I am still so confused what to do 😭

Have you completed thm paths already?

no not yet

i want to start a certificate at the same time

i think i've decided to go with comptia security+ now

Good choice for a beginner.

I think anything is good as long as you start

thank you

Gave +1 Rep to @lethal slate (current: #698 - 6)

thank you

Hey, everyone! 👋

I’m currently enrolled in the Google Cybersecurity Course and have just completed the Computer Networking module. I'm particularly interested in developing my skills in offensive penetration testing.

I would love to hear your suggestions for pathways or resources that can help me enhance my skills in this area. Also, I'm eager to connect with fellow learners and share our experiences!

You can find me on LinkedIn: ||www.linkedin.com/in/niranjan-hirematt-21448625a.||

Thanks in advance for your support! Looking forward to connecting with you all!

Hi Niranjan, good to see you.... welcome to the world... definately will connect , I am also on similar path... cant suggest anything in THM as I am also new...

You can check out jr.pentester pathway on THM : https://tryhackme.com/r/path/outline/jrpenetrationtester

Which cybersecurity course is best for job oriented?

Hi guys, i'm studying for do de ccst, maybe you guys have some material for help the study, or some place where can help with it

https://tryhackme.com/r/path/outline/jrpenetrationtester

You have CISCO free SkillsForAll program

Hello everyone, I'm new here and I want to pursue my career in Cyber Security. I have been learning from TryHackMe for quite some time and right now I'm completing my SOC Level 1 room. Please do help me and let me know what to do in this journey.

When you finish SOC1 you can continue with SOC2 if you're interested into Blue Teaming 🙂

Okayy.. Thanks

Hey when do you think it's more appropriate to take the sec+ exam? After finishing l1 and l2? Thank you

Gave +1 Rep to @keen tundra (current: #85 - 83)

You can find what fields are present on Sec+ exam, just type something like || Comptia Sec+ Exam Objectives || on Google . In short , alongside SOC1 and SOC2 path you should also familiarize yourself with encryption,computer hardware,buffer overflows,web vulnerabilities like SQLi,XSS,networking,etc.Majority of those fields are also covered on THM, and I would recommend you to use THM along with the official documentation to prepare for the exam. You can also check Jr. Pentester, Red Teaming and Offensive Pentesting paths on THM , they cover a lot of things that's also present on SEC+ exam , use them as a supporting material for your studies 🙂 .

https://tryhackme.com/r/path/outline/redteaming

https://tryhackme.com/r/path/outline/pentesting

https://tryhackme.com/r/path/outline/jrpenetrationtester

Hi!

I am currently a senior in college and 3month intern experience as a cloud security engineer. I have achieved CompTIA Security+ after the internship. Besides, I do not have any experience or projects and I think that I have a lack of knowledge.

I am graduating this may 2025 and looking for entry level full time positions such as security admin, Information security analyst.

I do not have a lot of time left but I was wondering if I could get advices about what I can work on (courses or projects) to get the first full time cybersecurity job.

Thank you for your time!

heyy just completed SOC Level 1

Thank you so much for your help

Gave +1 Rep to @keen tundra (current: #85 - 84)

Hi Team. I work as a Technical Support Engineer for a Specific Software. Also, We are a 3rd party BT internet provider to our clients as well. I configure routers, having an understanding of how the network works. I want to switch my career to Cyber Security and am very interested in it. Please guide me on how to prepare my CV, which ATS should recognize. Thanks

Anyone had success on pwnedlabs or cloudbreach can recommend their course/bootcamp?

guys i have a question, if i reset a room and finishing again do i reciev any point?

as far as I know you don't receive any points, but you can update your daily streak by doing so.

No

hi

Hi I'm beginners!!

Hello

Has anyone ever seen or heard of someone going from basic IT into entry level cybersec?

https://tryhackme.com/r/resources/success-story

Legend

Does someone have any feedback about IBM Cybersecurity Analyst Professional Certificate?

How would I put TryHackMe progress on a resume? And what would be considered worth it to include?

You can get a certificate when you finish a certain path oh THM , you can put them on your resume .

So like SOC Level1? What about the "Top N%" leaderboard thing? I see quite a bit of people advertising that on their LinkedIn accounts.

Hi , appreciate any help or info in advance , so my scenario , currently serving in UK armed forces just put my notification in to leave , currently doing , cyber 101 , then looking to complete SOC 1 analyst , what other qualifications on the side would I need to step into a cyber role onto Civvie street , ie Comptia qualifications or anyother quals that I can walk straight into a cyber job in a years time

I just stacked a ton of CompTIA certs

Yes, when you finish a path like SOC1 you can get a certificate as proof of your competence in that field. You can also N% thing on your LinkedIn it won't hurt anything 🙂

Check out this path on THM . It's meant for people seeking CompTIA Pentest+

https://tryhackme.com/r/path/outline/pentestplus

where you can find certifications for compleated rooms?

You can claim certificate once you finish the path like Cyber 101 or SOC1 , there are no certificates for individual rooms

but if i completed soc1 for example like month before and want to add sertification to my resume just now, how can i find it?

got it, thank you

Greetings mates What layers of the OSI model do firewalls operate at? is not transport and network? my mother tongue not english then i difficulty understanding hint im sorry

They operate at levels 3, 4 and 7

But I guess this is not the correct channel for this question

#room-help

tankfulmate

You could put path completion in an extracurricular section of the resume if you wanted. It is not experience or education.

Anyone here?

Hello if I were interested in getting a cyber job what would be the first job y’all would recommend getting

Many thanks

Gave +1 Rep to @keen tundra (current: #74 - 104)

IT Technician

and work your way into it from there

Perfect I’m in college and that would be a good thing to start with

you're well on your way, then

while you're working as like an IT Tech, explore the certifications you can get for cyber security, and what the different careers available in the field are

you will need to specialize in something, because within the field there are sub fields where you may be doing totally different things

in one part of cyber security, you may be taking apart malware and figuring out how it works so you can detect and remove it. In other, you may be searching through the compliance center in M365 for phishing emails to figure out how one of your users got hacked

I want to specialize in response tbh

Definitely a good goal

go for it

It’s awesome with cyber security so much variety

100%

I feel like doing it in relationship to computer science is a good idea lol

Yeah, I got my degree in Computer Science and now I work in Cyber Security

Helped me a lot

Both fields are amazing

Tryhackme helps a good amount with the training

yeah it's pretty good for introducing a variety of concepts

definitely I’m thinking about mostly specializing in defensive hacking

@keen tundra I'm wondering. Do you work for THM?

If they work for THM they would have a staff role

make sensse 😄 Thanks

Gave +1 Rep to @stoic cave (current: #17 - 466)

Where is the best place to talk to someone about codes?

Anyone from Canada ? I have question , im a cybersecurity student and in April - June i have an internship also in June im graduating. Best recommendation for WFH jobs i can apply ? Business, corporation anything !

y

No, I don't 🙂

I have completed the SOC LVL 1 path as of a couple days ago. When adding this to my Resume would y'all put the learning path as a project or a certification?

I would put it as neither of those. It's a personal interest, not a project, and it's certainly not a professional level certification.

It goes to show interest and personel development/interest, not a baseline for competency or experience.

#programming

Any advice Crest or Comtia quals , which road should I go down

You can go with Comptia they're recognized in the industry but focus on the knowledge primarily

So would comptia pen test+ be better than crest pen tester

I would recommend comptia

Both of them do not have a practical examination.

CREST is only good if its a requirement for the job or your employer requires it for a certain client.

Pentest+ is good for DoD but it doesn't really dive into doing pentesting practically.

Okay many thank appreciate the response , just looking for the qual that would get me noticed by employers

IMO, if you wanna learn pentesting, HTB CPTS is a good starter certification.

Check your local area about what certifications the employers look for.

After what pathway on try hack me should I then do security and network + or would I just need to do the one

In meaning do attempt to do the CompTIA exam network and security +

You have this pathway oriented towards people who want to get PenTest+ , but you should use it alongside other resources , not as your only resource

https://tryhackme.com/r/path/outline/pentestplus

You can check these modules if you're interested in some networking

https://tryhackme.com/module/network-fundamentals

https://tryhackme.com/module/intro-to-networking

I highly recommend that you complete the Network+ and/or Security+ first prior to completing a PenTest+

first of all, there are so many other domains of security, and not everyone enjoys or will become a pentester

second, even if you disagree with me, the PenTest+ renews the Network+ and Security+ but not vice versa, so you would have mismatching expiration dates if you do obtain a PenTest+ before a Network+ or Security+

lastly, if you actually want to learn pentesting, as previously mentioned, the PenTest+ isn’t a hands-on exam

I’m just looking at a route to take into getting first job into cybersecurity upon leaving the military just looking at what qualifications employers in UK will be looking for

Thanks for information above appreciate the help seems like CompTIA quals are more beneficial than Crest

can you say what your role was in the military?

wondering because if it gave you experience in cyber, then you might have something to go off of

if not, generally it's advised to start with something like IT Tech and work your way up

Engineer and telecoms and no sadly nothing to do with cyber

well that's not nothing, though

I'd say look for something like systems administrator

well actually first you'll wanna decide what part of cyber security you wanna get into

because there are so many and no two are the same.

like in one position, you might be digging through email message logs to find out how someone got infected with malware, in another position you might be using low level systems knowledge to dissect how advanced malware works so you can gain insights on how to manage that threat

totally different lines of work and specializations

so you'll need to explore what's out there and find out what you want to do and pursue that

Appreciate that thank you for the information

hello im blerti

im a biginner

can you guys tell me about cyber

Start here

https://tryhackme.com/r/path/outline/presecurity

i dont know how to

Just start the path and go slowly , everything for beginners is explained there

in the website

ok

can you tell me where are you from

thanks

Gave +1 Rep to @keen tundra (current: #71 - 111)

Anyone have any work experience for Y10 london

Cyber security

hey, i want to work in cybersecurity by creating my own enterprise n stuff or just on my own, im young but im learning, could som1 explain to me how i'll be able to build my own things, learn how to do cybersexurity and quite eerythings in fact! i'll apreciate it !

From what ive heard, especially since you are starting here.
Complete all of tryhackme, which may take a year
Go do HackTheBox

If you want to do projects and have at least some theory and practice understood, you can follow or do solo projects such as setting up your own environments in Windows Server 2XXX or Azure

Overall though, make sure networking is your biggest competency

Afterall, cyber is just rebranded information security, which in of itself ties together network security and general security principles and practices

However, since I am in here.

I am doing projects and thinking about doing write-ups for tryhackme. What else can make my resume stand out with the little "professional"/working experience that I have in tech

And I do want to make it clear, right now my goal is to work in a NOC while still having a strong security knowledge-base

Running your own business is cool, but I'd still recommend getting some experience before sailing away into the deep end.

the harsh truth is that you won’t do “cybersecurity” by yourself and without a team

cybersecurity is a team sport, and unless you’re a one-man consulting company, then you will need a team of specialists that use their skills together to build a good security program

lastly, I implore you to actually gain valuable work experience before you try to run your own business

do you guys put anything related to thm on resume?

i dont think certificates are worth anything, but i thought about putting in the hobby section something like 1% tryhackme user or smth like that

I only add it as a hobby

Like literally one bullet point of “TryHackMe”

IMO, TryHackMe top scores is not a good indicator of skill level and its better if you can talk about stuff related to the job description.

for a hobby section I always state what the hobby is and a very short sentence about it.

I do, but more the QA testing I did

hi, how i can learn cyber security

You can start here

https://tryhackme.com/r/path/outline/cybersecurity101

ty

Gave +1 Rep to @keen tundra (current: #64 - 123)

Hey friends. Seeking advice on how I can break my way back into IT. I was an IT Specialist in the Army. When I got out, I started driving trucks for a living for the last ten years. I want out; I hate it more than anything. The problem I’m running into is that since I basically have nothing but trucking on my resume, I can’t escape from it. It’d be great to land a SOC job, but even some low-level help desk job just to get out of my job would be good. What can I do to possibly get some traction? I have been programming and running Linux servers for hobby for the last 20 years, mostly running services for game guilds. Cheers.

If you used to work in the military, I think you worked in the security field?

I wouldn’t really call it security. Mostly just assembled networks that were designed by someone else. Kinda brainless operation. By no means did we ever touch anything in the realm of even sec+

IT has many fields and is very broad, have you determined which career you want to pursue?

I’d like to pursue cybersecurity

You should learn python, it's very easy to learn. Then you determine the industry you want to pursue and learn the correct programming language for that industry

Cyber security is also a broad field. Specializations in the field may do totally different things from one another that you can build entire careers from

I'd suggest exploring the fields within cyber security and determining which one you're most interested in

You should learn python and after you have enough knowledge, you will be fine learning assembly

Right but you don't need to learn assembly or python if you're doing a Security Analyst role for an enterprise windows shop

I’m fine with programming. Just the issue I’m running into, since I don’t have a silly piece of paper, recruiters see my resume and see truck driver and think I barely know how to turn on a computer

So they never reach back

Probably best to start in a smaller role, like IT tech

Cyber definitely isn't an entry level field

I can’t even land a help desk role for 10 bucks an hour.

Assembly is a low-level language, understanding it will give you a lot of skills in network security because it is very closely related to computers. Assembly is not a required programming language when learning cybersecurity

Have you looked into getting like a CompTIA A+ certification?

CCNA, CEH,.... certification

Yea. I just gotta find the time. I work 18 hours a day every day.

u can learn it

I'd say that's your best bet if you want to look competitive among the entry level positions

Then work your way up from there

Only issue is. I can’t afford less than 25 bucks an hour either lol

Also make sure your resume looks real spiffy

Put some jargon on there and what not, leave off anything not relevant

That would be my entire resume then. Empty

Skills also matter, qualifications are also important

“I did IT in the army 10 years ago”

nice

It's gonna be rough to get a role for $25+ an hour off the bat

That’d be all I could put on lol

Unless you live in a bigger city or something where the minimum wage is already high

there are many different types of CVs, you could make a skill based one.

I’m in the greater Milwaukee area. Is pretty bummy

The cheesey state

Yep

Yeah that's tough man

Hmm, trying to think of options. I know if some companies that help vets get into tech roles

I'd say just shoot for some certs for now. If you can get like some of the CompTIA certs, make your GitHub look nice, you could find you something for $25+ an hour.

code and put it in GitHub

Oof. Never thought of that

yeah I found out about different types of CV/resumes a few months ago lol So if you have skills but not the professional experience skilled based might be a good idea to go for.

Yea I think I’ll just knock out A,N,Sec,Linux+ real quick and see if I can land a Linux admin gig. I’m running an authentication service that handles discord/mumble access for an Albion online and Eve Online group on a Debian and FreeBSD server. Stick to what I know.

Does anyone use tryhackme details on their resumes? I did see one job posting on LinkedIn that was asking for hacker rank on hackthebox.

I'd advise against that

When we've seen that on applicant's resumes it's honestly been a bit of a turn off in the room

Ah

Could be different for other organizations but it's just known that it doesn't carry any weight

That’s fair.

Don't get me wrong, I think this service is great for exposing yourself to lots of topics and such, but it's not really good for the resume

Oh so far it’s been great. I told the signup quiz I was an absolute zero experience noob. And it’s taking me through a lot of refresher stuff like the OSI model and what not.

Stuff I long forgot about

Haha yep, that's awesome

But big CTF competition rankings can look good on resumes

And any vulnerabilities you've found as long as they're not stupid

I have no idea how I'm going to get into the field myself. I'm currently researching possible paths while learning

I'd definitely 100% recommend anyone to start by entering into a related field and moving into it

Like Sys admin, Help desk, IT Tech, etc

I think I’m just gonna go Linux admin route and then finish my degree in cybersecurity that I started but couldn’t finish due to work.

so cybersecurity is one of the few routes into IT left that do not explicitly require a tech background- it's extremely helpful, and you can do a lot to make yourself a good candidate for a SOC analyst role without that Bachelor's or equivalent. Having a good homelab that you can talk about is a huge selling point, especially if you have tooling in it similar to the employer's enterprise

I would recommend getting a compsci degree over a cybersecurity. it's more recognized and cybersec programs are almost universally pretty bad.

Oh for real?

Absolutely. Are you looking for a bachelor's or associate degree?

Bach

For an AS, I think it's less important - but focus on getting a survey.

For a BS, compsci provides all the foundational topics you'll encounter for security, and the compsci is more recognized* than cybersecurity, with few exceptions for specific universities and programs.

*more recognized depends on region, the university, the program, and whether or not the employer is actually aware of a good program

Oh. Right on. I’ll keep that in mind. Thanks.

Gave +1 Rep to @flat sedge (current: #10 - 784)

Hi , right now I'm preparing for CHFI certification, can anyone tell me is it worth to find job in cyber security easily?

Or any try hack me path that help me in preparing for CHFI practical work

?

Since CHFI is oriented towards forensics you can check out SOC1 and SOC2 paths on THM since they contain some rooms regarding that topics

https://tryhackme.com/r/path/outline/soclevel1

https://tryhackme.com/r/path/outline/soclevel2

hi peeps

https://tenor.com/view/kto-lbow-hi-hello-hi-there-gif-25347432

I would be interested to go on the penetration tester/red team path, but Iam not sure what chances would I have just with a certificate. do you need to have some xp in security before starting as a penetration tester?

The more evidence you have of stuff that you have done to learn will work in your favour. So record every lab you do on here and other platforms. No experience should never be a dead end but it can hurt. How much trainig have you done?

oh wow, never thought of recording them. does it help? here I'm still currently about 40% done on Cyber101 path, following a IT School as a Sysadmin and just some 1st level Support for some years. But specifically in Security no exp, or much knowledge

from February I should start intervieweing and I should be having done a certificate by then. this is why my question about it.

are we allowed though to record the labs?

yes

Yes, that's the short answer

Certificates don't really mean anything either, they are different from certifications.

almost all pentester jobs, even junior positions, require prior experience in security, and almost all security jobs, even junior positions, require prior experience in IT

as I always mention, referrals and connections are the best way to get in

and a certificate is different from a certification, as a certification requires you to take a proctored exam that actually tests you knowledge and/or skills in the topics that the exam covers

ugh, ok then I meant a certification

anyone can get a certificate from a finishing a course

really thanks a lot for this idea, this is a good one

should I get in the recoriding only the VM, or the entire screen, with the exercises?

I assume he meant do writeups about rooms, such as explaining what you learned and a step-by-step walkthrough of the room

that would be a lot of disk storage required to record rooms lol

luckily, I bought a 12 TB storage box just because it was a very good offer. Now it looks I can use it 😄

whatever floats your boat

oooo I might start doing that

Not record as in make a video of your labs sorry. Record as in take note of all the labs you have done. Keep a running record of what you've learnt and when asked you can refer to things you've learnt.

I have a running tally of the last 2 years worth of personal developement because i have no formal qualifications either.

That is exactly what i meant. The other benefit to that kind of thing is you actually learn to take good notes which is essential for a good pen test 😄

can I ask, what kind of things do you make note of?
or is it just full walkthroughs you note down

Anyone know the next big conference/summit like defcon? I'm trying to go to one

DEF CON is considered to be the largest InfoSec conference worldwide, so you won’t find any other conference like it

you can find conferences you can attend here > https://infosec-conferences.com/

Awesome, thank you for the information

1 to 10 how hard do you think it'll be to join the security team at Microsoft. (i mean getting hired as e.g. a SOC analyst)
If you have any experience working for or applying at MS or FAANG in general

i know they get a crazy amount of requests for internships for example, but maybe for more niche roles the competation could be less ridiculous, IDK.

They get a crazy amount of requests for all roles. Most of the employees at FAANG are contractors too.

If you have a niche skillset that they need, they will more than likely seek you out, as that indicates your niche is well niche

That may not have worked in their favour when applying for an internship

A) Companies offering internships are generally looking for prospective future employees who they can mould from scratch, and
B) they may also have felt that it should go to someone who needed the leg up

weird thought but I've got both software engineering(12yrs) and it(4yrs) experience now im almost done with a masters in cyber but im starting to feel like im pushing myself towards grc roles,

mind you pen-testing and cti where my original targets since i didn't want to stop programming even if its a minor amount then narrowed it down to cti for a goal, but with my background and the masters would GRC be a better end goal?

trying to workout where i should be focusing the majority of my efforts, hoping can get some insights on if i've actually alligned myself up for grc or if i should keep aiming for CTI roles

There are no URLs in that message.

hi something makes me wonder and it's uncomfortable. My professor who teaches network training at the university. says that no one will teach you anything properly in this cyber security. why should anyone look for a competitor for tomorrow?. Tomorrow he says he teaches his own friend and brings him here. True, I am learning self in my own capacity. but words like these make me uneasy a little. is it really going on?

yes and no, alot of the stuff you'll learn on training platforms(THM,HTB) is usually standard and common practices for essentially common vulnerabilities, always going to be more advanced stuff being gatekept tho whether its methodologies or use cases

then I'm going to get stuck somewhere in this learning journey.

most the time what you can learn is all you'll need but cyber is also constant learning

What i do in the lab, step by step. Even if i take a wrong path i note that. Essentially my own walkthroughs

Hello everyone
My name is Prince, I’m 52 years old.
I live in the UK.
I have done Cybersecurity boot camp but finding it difficult to get a job.

Am I too old to get in the industry and would appreciate any pointers to help me break through.

Of course you aren't. You can start with these beginner friendly paths 🙂 .

https://tryhackme.com/r/path/outline/presecurity

https://tryhackme.com/r/path/outline/cybersecurity101

Thank you

Gave +1 Rep to @keen tundra (current: #58 - 141)

Hey guys! I am currently a highschool student and I've started learning how to hack and how everything works for about a year. I've decided that a career in cybersecurity would suit me. I would really appreciate any kind of advice from you, regarding (but not limited to) where I can learn more specialized knowledge (TryHackMe is awesome for beginners, but what about professionals, where do they learn from?) and if you have any suggestions or know (maybe if I am lucky if you actually are) somebody who works in this area. Thanks in advance for every reply!

THM also has some stuff that's definitely above beginner level 🙂

If you're interested in pentesting check out Red Teaming/Jr Pentester paths on THM. If you're more into cyber defense you can check out SOC1 and SOC2 paths. They are both beginner friendly but as you progress through them things will start to get more serious 🙂

Where in the UK are you based?

Greater London specifically West Thamesmead near Greenwich

If you're willing to move to Bristol, there are tonnes and tonnes of entry-level roles in cyber

or commute

https://careers.uk.leonardo.com/gb/en/job/R0012633

Here is an example

Work on Defence projects, start off on SC clearance for a year then get your DV

Entry-level role gaining experience, a degree plus clearance whilst being paid, not a bad deal

Hey which book is best for entering cyber / network security, in your opinion?

I have 2 book to consider

Cryptography and network security of William Stallings, 5th edition

Network and System security of John Vacca

I am college student, have some CS knowledge

My professor has his own text book but he did recommend students to do additional research

on other resources

Well , you have gamified lessons on THM and interactive labs. I think that's way better of some book 🙂

I must admit that it depends , but especially if you're beginner I would recommend you THM over some probably outdated book anytime

Hi Prinzo, may I ask which boot camp did you do? is it only for UK? 😄 I live in Germany...

Thank you. But, to be honest, does THM have some playground for very "basic attack" such as Eavesdropping or ddos?

Besides, I have to do final paper exam

So obviously, I need some theoritical knowledge

Well , it doesn't , that is some edgy stuff , by egdy I mean something on the edge of legal/illegal 🙂

Cryptography and network security by William Stallings because of it's in depth coverage of network design secure and strong theoretical foundation, it's the best if you're looking for general overview of protocols and intrusion detection systems

Also Vacca isn't bad if you're up to for more practices or just network security

Yes, it’s only in the UK

Yes, I don’t mind relocating to Bristol.

is there a chat for the german roles market?

“Navigating the Cybersecurity Career Path” by Helen Patton

at this point in your career, you should really be learning about how to succeed in cyber before you consider joining it

Thank you very much for this.
Any others will be very helpful 🙏🏾🙏🏾

Gave +1 Rep to @mortal quartz (current: #2337 - 1)

I have my first panel interview on Monday for an internship as cybersecurity person and I'm definitely nervous lol. Anything I should know or tips?

did you have previous interviews or no? I would assume you already passed a phone screen or a technical interview at this point

Only a phone screening with a recruiter, It's also goign to be a panel with their ciso and dirctor of i.t

dang, that quick lol

I kinda doubt that it's the final interview no? I wish it is lol

expect a mixed bag of both HR and technical questions, but with a lot of emphasis on the HR questions because it’s an internship

employers usually look for more soft skills and what you did outside of the classroom for internship positions

That makes me less nervous lol, that I can bs ....

How likely is it to get offered a job after the intership?..

depends on the company, but it’s very likely

why hire externally and go through the process again when you already have a fresh new blood that is already trained and willing to take a pay cut compared to an experienced individual?

I don't have certs right now but If I get the internship then I wanna see what they're looking for and based the certs there but like I wanna aim for cpts ..... then oscp ...

it’s a win-win for both sides; a new person gets a job, and the company doesn’t have to go external for hiring

tbf we got coop in canada, half my salary is paid by the govvernment.

coop -> internship

co-ops also exist in the U.S. lol

oh damn actually? Thought it was a canada thing lol

that's cool

Agreed agreed.

you’ll see it more in the public sector/federal government side of things for internships

the CIA has a 2-year co-op, for instance

2 years?1

if you don't get a job after that with them .... that's just crazy

yeah, you go to school when you’re supposed to, but during the breaks, you work for them

so it’s essentially a guaranteed internship for 2 years

That's nice, we have something like that for our end in canada, the damn hiring process is stupid crazy tho, over a year of wait plus lie detector thingy andother stuff

the famous three-letter agencies are like that as well

the CIA notoriously takes over a year

my friend who got an internship with the FBI is still doing background checks, polygraph tests, and security questionnaires even though he got the job offer at the start of this year

Jeeeeezz

I mean they better do that but that's roughhhhh

2 drug tests and polygraphs per month lol

and this is for an internship, not even a Special Agent position with the FBI

you need to be 23 years old to become a Special Agent, so he can’t even be promoted as a Special Agent when he’s done with the internship

guys im currently studying cybersecurity at university. And I feel that everything on our course, throughout the three years is covered in one module within computer science...

cybersecurity is a relatively new buzzword in academia and universities, so a bunch of universities just hobbled together what they thought was cybersecurity into programs that aren’t good enough

of course, there are exceptions (Georgia Tech or ASU, for example), but if you didn’t go to one of those top schools, then you’re behind

get an internship to learn what’s in the real world, complete rooms on THM/HTB, network with professionals, spam certifications, or do whatever you need to fill in the learning gaps

yeah thats very true my uni started the course last year... and on the government site it says since 2021 and 2023 theres been a 32 percent decrease in jobs in cybersecurity

not really, in the next ten years, there’s an expected 33% increase in InfoSec analyst jobs according to the BLS
https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm

and the National Cyber Director for the White House repeatedly says that there is a talent gap of 500k jobs, but I’m very doubtful on what he is saying tbh lol

this is assuming, of course, you’re from the U.S.

na im from the uk sadly

we got different statistics here

which is expected honestly lol

I know there’s been a struggle with IT jobs there

yeah everyone on my course says that people do this course and get good jobs in the US but i wanna work in the UK

Hello all, I would like to ask for opinions and ideas. I am unemployed and strugglin to get into work. IT is the field just incase you didn't guess. It would seem that there is little opportunity for people to get the experience, learn and meet people in a similar area. So I thought that rather than sit around I would prefer to start something that would provide that space to like minded people. Like a Maker space, but for people into IT and cyber. Does anyone know of a space like this? or group that is currently doing something similar in their area?

Blessed what course are you doing and where? are you in the UK

Blessed what course are you doing and where? are you in the UK

Idk if i should be doxing myself in a in a cybersec discord. But yeah im too dumb abt this stuff. Cybersecurity and Forensics BSc at Univeristy of Westminster

don’t worry, your information is probably posted somewhere in an online people OSINT database lol

local conferences and organization chapters should already have this; for instance, the CSA and ISSA already have worldwide chapters

there are membership dues and it probably isn’t what you’re looking for, but I would say that huge associations that have local chapters are probably your best bet

OOO, nice one, thanks sp3ctr4l!!! will take a look

and you should really attend local conferences as well > https://infosec-conferences.com/

a ton in the EU, specifically in the Netherlands and Germany

also, if you can eventually make the flight and afford accommodations to Las Vegas in August every year, Black Hat and DEF CON are the conferences to go to

I am in the UK. It looks like the ISSA is in america only. Not to sure about the one. I am more interested in networks at the moment and basic IT, possibly the A+ course.

is your job to give me more paranoia ?!?!!

Just look up your name online. There’s alot more out there then you think

you do know that it's just public records lmao

What should a 2024 graduate (masters degree) do to navigate this job market? I ain't eligible for new grad role or intern roles.

Damn you’re kinda fucked unless you have previous IT experience

I’ve seen people not mentioning their masters degree in resumes but another way is to also try to network with people and let them know your skillset and your willingness to work

Networking is a powerful skill to have and being able to be seen by other people like joining or helping in your local cybersec conferences, conducting talks, etc.

Yeah, basically less than 1 yoe. If I not mention my masters on my resume then I gotta prove how am I in the US (basically I'm on student visa). Yeah, I do network every now and then. Visit conferences (local as well). Idk how to portray myself on willingness to work and learn on the fly

Not sure how it is in the US and I see your dilemma of not being able to redact your masters degree. Is there other government-related sponsorships or events where you can potentially get hired?

I meant to say that my undergrad was in my home country and came to the US for masters degree. If I remove my masters degree from my resume, how can I prove that im in the US?

I don't think I've ever had to prove that so far. Are you being asked to prove your residency?

I was just speculating tbh, I need to get an interview to actually know what do these people ask for legal status

I think that's a good idea. Are you having trouble getting interviews for entry level jobs?

Yeah, always getting the automated rejection. Ik my resume is ATS compliant (checked through friends and few recruiters). It just boils down to no experience and sometimes sponsorship in the future

ah I see, that's no fun.

You might want to start by looking at smaller companies that do manual review of resumes. I started by applying for my city government in person

Then there was a small MSP that I moved on to after that, and I just stepped my way up by starting out with these smaller businesses and organizations

Do govt even take applicants who are on visa?

some will, city and state governments that don't require clearances

I have applied to almost everything that I found on linkedin and then visited to their portals.

I think finding a local city government is a great foot in, if you can find a position that's open

google for things in your area, MSPs, Hospitals, Educational Institutions, Governmental Entities, even small business healthcare providers such as Physical Therapists, etc.

Then call around and ask about opportunities. That's what I did. A lot of those guys don't post on linkedin or indeed, at least in my experience

I should try this and also whom should I ask for if a person picks up the call?

local job boards might be good. Or maybe a recruiter in your area who can connect you with potential employers

tell them you're looking for IT related positions in the organization and would like to speak with someone who could talk about opportunities

usually they'll start directing you to the right place. HR is always a good place to start if you're not sure

Will try tomorrow in the morning

sounds great, where about in the states are you from if you don't mind me asking?

Currently in Massachusetts but willing to relocate anywhere in the USA (on my own as well)

What do you specialize in within the tech field?

Right now I'm open to everything but my aim is for cloud security or red teaming

I see, do you feel knowledgeable to handle a microsoft/windows enterprise environment in a security analyst/systems admin type role?

Yes, I can learn quickly if I get stuck anywhere

like deploying GPOs, working with InTune, MECM, Azure AD, managing users, using ticketing and change management systems, Exchange Online, all that sort of thing?

Havent used InTune or MECm but can do other things

Just trying to get an idea of what your experience is as far as your personal development and skillset, I might know some people I could talk with about reaching out to you

Yeah, no worries

Also when the portal asks for references, whose reference should I provide? I have only 1 reference

See if some of your old professors would vouch for you

or any current ones if you're still in school

That makes it 2

None that im close to

might be good to connect with them closer

often they'll know people too, and if you're in-good with them, they can put in a really nice word for you. I've found a lot of people get interviews by just having a friend recommend them to an employer friend of theirs

I will try to contact one of the professors that I knew personally

awesome, sounds like a good idea

also doing what you're doing here is great. Socialize, make friends, get to know strangers. Find people who live in your area, or are in your field. Tell them about your job hunting arc in life right now. Networking is very powerful.

someone eventually is bound to know someone who will want to hire you

Yep I do keep doing this eventhough I get tired of getting no response

if you mean the U.S. government, then it’s a no if you need a security clearance or work in a regulated sector (e.g., rocketry, so SpaceX isn’t an option)

yeah it can be a bit of a chore

Hello I have a question I want to learn ethical hacking from zero how I can do that ? And is there any one can help me

well I guess the first thing to know is that you can spend entire careers in sub-fields within "ethical hacking"

so you should probably figure out what's out there, find what sounds the most fun to you, and start doing that

You can start here

https://tryhackme.com/r/path/outline/cybersecurity101

any role that requires TS or TS/SCi is going to take a long time. OPM has a stupid long backlog still from the pandemic, last i heard.

it was 18 months for a friend who had to go through TS/SCI so their employer could put them on a specific contract

Normie TS isn't that long anymore, SCI and the Alphabet Boi stuff is still forever

You also need a Masters, for Special Agent, at FBI. But yeah, that process is grueling and the role is more than likely contingent on passing all their hoops. So even if they got an offer, it's not guaranteed until they are in the building, which even then things can change.

Hey you guys I hope y’all doing well , Iam a new graduate student from bachelor of cyber security… I was looking for some advice and things I could do to enhance my ability to land a role is there any certs or projects I could do ? Thanks

Hi, I suggest looking into IT roles as another avenue. While you’re there, network with people in your local area and show your expertise through projects and CTFs.

Projects that has different use cases like an AD lab where you can configure users and policies and maybe also try to attack it.

You can add things like an EDR or SIEM with the ELK or Wazuh stack.

If you’re starting out, you can also do TryHackMe and complete the accompanying paths.

IMO, for anyone starting in Cyber, the #cyber-security-101-path and #security-engineer-path are good to do.

Yes I bought the yearly plan for Tryhackme also pursuing sec+ planning to get my splunk as well

Start applying to security roles, you have a degree. Security+ would be the only certification I would purchase out of pocket.

I need some reviews on a resume

Not sure about posting it though 😖

Hey quick question would you guys put tryhackme paths as certs on your resume. and if not certs then as what ? or would you just avoid using tryhackme on you resume ?

It can't hurt anyways 🙂 . Besides that THM is one of the recognizable platforms in the field tbh .

Me too. I'll send you mine if you send me yours.

Thoughts on resume?

Plan on adding more just updating

Certifications and certificates are not the same, your skills shouldn't be overly broad categories or soft-skills, remove interests.

You don't need to put that you were working in a hybrid/remote/in office role. Again, keep soft skills out of your work experience bullets. The 2nd and 3rd job entries don't really have anything of substance in their bullets.

Awesome, thank you for the feedback I'll make those adjustments 🙂

Gave +1 Rep to @stoic cave (current: #17 - 468)

Even if they provide educational paths and can teach people something they aren't generally any formal certifications like cisco or comptia, instead of labeling them as certifications consider them as relevant skills, but you should base on specific skills like practical experience, etc...

If employer percieves them wrongly, you could just avoid mentioning it altogether especially if you already got rich resume

Thank you @magic ingot that makes sense

Gave +1 Rep to @magic ingot (current: #1546 - 2)

I’m just trying to figure out how to make my resume sense I don’t really have experience in this field

You might wanna try highlighting that degree in statistics which you want to pursue for a computer science one, prominently should be featured in education section or detail any academic projects or internships

Even better if you had any online courses like coursera for example so you can show the initiative better

I see what would you put the coursera courses under ?

Like relevant coursework or just certifications, if they're relevant to the position you're applying you can even create a specific section so you can make them stand out

wouldnt contractor mean it's somewhat easier to get in since it's not an unlimited contract full time job and there's less pressure maybe? 🤔

Would you recommend replacing interest with something like an objective or just removing interest to shorten resume and remove filler?

Would be nice to focus on something that adds value, if your object aligns with with the job, but statements can clarify your goals or they can be tailored for some specific positions, just don't forget to include interests that relate to the qualities

Sorry for interrupting btw

no worries and any recommendations (assuming you've looked at the resume)?

Didn't read everything, just a second

It's fine just consider adding brief summary at the top that encapsulates that experience, it's preffered to be easy to read with consistent formatting and clear headings

Thanks I'll def add that it does feel like it was missing something

Gave +1 Rep to @magic ingot (current: #946 - 4)

i would rethink the "meeting monthlyproductivity" .. that has a bit of fishy taste like "just fulfilling exactly the requirements.. not more, not less"

The US don't seem to like it, but it's good to have extra curricular interests in the UK. Stress on the extra curricular.
Saying that you volunteer at ABC, enjoy badminton, and like reading books about trains makes you look more rounded as a person and gives you something light to talk about with the interviewer.
Caveats being:

1. Those go firmly at the end of the CV
2. Don't lie... Chances are you'll be asked about them.

Not sure about anywhere else. Worth asking around locally.

this is what I do with my CV as well.
I also have a membership section only if I am a member of a professional association, but only have it there if im applying for the jobs in that field.

the U.S. emphasizes extracurriculars if you’re applying for an internship while completing a degree program

I didn’t know Google professional certificate could be used in resumes , it’s not that professorial haha

If you have it, and are/have been pursuing other accreditations, like Security+/CISSP/OSCP/a degree, etc... It can indicate your interest. It is quite rudimentary, but it is geared towards people new to cybersecurity altogether. I wouldn't dismiss it outright, but if it's the only IT/cybersec accreditation/experience you have, I wouldn't see you progressing in the hiring process

Nice 😊

it’s better than nothing, but you can’t lie and say it’s a certification, which many people seem to be unintentionally misunderstanding

Nah but I thought in that section where it says certifications you only suppose to put certified vendor based certs that are require for job descriptions? True

correct, and I know you’re referring to the resume previously posted in this channel, but I just wanted to make a point that you can’t list a certificate as a certification on your resume

This might sound risky and on edge but I feel like your experience don’t really matter to cyber roles unless it’s directly related to the position u want to apply for for example if I done SIEM with splunk for log analysis in my previous job and my next job requires that too that’s where it becomes relevant otherwise putting worked in a supermarket for 4 years wouldn’t do anything

sure, but again, putting that you worked at a supermarket for 4 years is better than nothing