#cyber-and-careers

That's not my problem honestly they can do whatever they want with it

And therein you become a problem to the moderation team whose job it is to stop that kinda shit from happening

You're creating problems though, which is your problem, there isn't a need for the attitude.

You're also breaking a rule 🙂

I'm not breaking anything

You're aiding in the possibility of distribution of Malware 🙂

You're warning me and not him for asking that in first place, are you trolling or?

They asked a question.

You choose to answer.

I didn't warn you either, I pointed out the rule you're breaking.

@broken idol if: "you reach the current top level on the website, level 13 (0xD)" why I still don't see this "Advanced Rooms"?

Because you have "Cyber Crusader" title temporarily 😄

F*ck, Thanks for remembering, I really hate this title :)) Still don't know why I clicked "redeem" :)))

Gave +1 Rep to @keen tundra (current: #44 - 195)

Should be gone soon.

Me too🤣

Yeah I know. I mean, I don’t base my learning on THM. I know python very well, web-dev +/-, I have some projects in mind and also I started doing Blue Team labs designed for SOC. the problem is as you mentioned soft skills, and in order to improve those soft skills, any real-practice would be nice, just to know how it looks like in reality, not on some paper or prepared labs.

which is why I always recommend getting your foot in the IT door with a help desk or similar entry-level job

or a referral

i followed exactly this advice 🙂

currently working as a help desk but they also have Security positions inside the company id be elligible for in future

it’s how I did it too

I was promoted to SOC Analyst after a year in the help desk trenches

hey guys, how can i get voucher prize?

you made it out of the hood

Hey there. So, changing my computer's DNS server allows me to lookup dns addresses without my ISP knowing what I'm doing?

Because I wouldn't be using their default recursive DNS server, right?

They would still know

Think of the concept of “recursive DNS”

Is software engineer a good entry level job for aspiring pentesters/red teamers

Yeah, I’d say so

Gives you strong grasp of the fundamentals of software, coding securely, etc.

If you also do roles such as dealing with code reviews, building unit tests, etc.

Ohh sweet, they say help desk roles are even better but most help desk roles in my country deal with hardware more. Theres like few of that role that somewhat deals with AD and stuff. I also enjoy coding more than troubleshooting printers lol. Thanks for ur input.

Gave +1 Rep to @dense dagger (current: #19 - 433)

Altho helpdesk rolewith access to AD is my ideal

Wdym?

https://tryhackme.com/r/room/dnsindetail

I mean, that depends. DoH to a server not controlled by the ISP should stop them seeing what you're looking up

Of course, it's slightly moot considering your next traffic will probably be to the IP address you just looked up...
Then again, half the internet is behind cloudflare now (slight hyperbole but 🤷‍♂️)

Or just use a VPN and be done with it

What means by help desk

Hey all. Looking to get into IT security and not sure where to start. Any help or start points would be greatly appreciated. Looking to start a new career path.

Helpdesk is a job

#start-here

Is devsec ops a future proof role?

With ai and offshoring and all

How does one go from software dev to cyber, if you consider soft dev and entry lvl job

software dev has different levels, cyber presumes alot of knowledge prior to entry

Thank you. 👊

Gave +1 Rep to @stoic cave (current: #17 - 471)

@broken idol

Looks like it spammed on other channels too

Please don't advertise without engaging with the community.

Okay

Can we get a job by using try hack me certs??

They can help but they can't guarantee you a job 🙂

Worth remembering that THM is not a certifying body. The things you get at the end of paths are certificates of completion, not certifications. At the end of the day they mean absolutely nothing when it comes to certifying your ability.

It all depends on the job you're after. If you're going for something very low level (e.g., internship, apprentice, junior role) with no other experience, then it might be worth including them as a way of demonstrating the kind of learning you are interested in (and that you go out and learn for yourself).
Otherwise it's a waste of space on the CV.

Good for your LinkedIn though 🤷‍♂️
... as long as you don't put them in the certifications section

Why shouldn't I put TryHackMe certifications in certifications section?

They're not really professional standard, or even a way to verify you done the work.

It’s in the first msg Muiri said, THM is not a certifying body.

so, uhh...anyone have Network+ PBQ's? xD

Because they're not certifications.

They prove that your account has completed training pathways. They do not prove that you completed them, nor do they prove that you completed them unaided (i.e., lack of proctoring).
There's also no real challenge there -- it's all just training materials, so no proof of achievement either.
On top of that, THM doesn't really have the weight behind it just now to stand up and guarantee that its certificate holders can perform to the same standard as entry-level certs do.

On a more social level, if I see a CV with those listed as certs (or top x% as an achievement), it's an instant indicator that you've misunderstood what the platform is for, and are out of touch with what actually counts as a proof of ability. i.e., it's a heavy red mark against your application.

To anyone wanting to get into CyberSec, I am on my last year of computer engineering, I had 3 months experience in IT some years ago and I want to start my career in cybersecurity. From what I have been told and it makes sense is that I need more experience in IT because that is what most companies are looking forward. I followed @flat sedge advices and changed my CV, and today is going to be my second interview for a ServiceDesk IT position in a very well known company in my country that also provides Cybersecurity training, so I am hoping to grow inside the company and if I do land the job, whilst continuously learning about cybersecurity, and get some more certifications, hopefully one day just make the leap into a SOC analyst.

Good luck on your job interview 🙂

I printed the certificate from my phone, and there was a formatting error. What can I do to correct this?

don’t try to cheat your certification lol

Hello there, I’m curious what are some certifications you should get when looking for a job in the cyber security and IT field then?

Entry level, which includes CompTIA certifications, intermediate level(CEH) and advanced certifications (CISM, CISSP, etc...)

Thank you

I don’t know how to bump your thingy that I keep saying but thanks Tusk lol

I apologize but is there anyway to get certifications for cheaper? I was looking through them and saw they are a little bit expensive LMAO

I would not recommend CEH unless its a specific requirement for work or you live somewhere where it is highly sought after.

Certifications are often paid for by employers to upskill their employees.

I would not recommend any “cheap” certifications as there are a lot out there that are predatory in nature.

So how can you show your skills when trying to get into the field? I am currently looking for a internship and I have no previous experience in a field that is highly competitve with a bunch of smart people

That is fair, thank you

Gave +1 Rep to @dense dagger (current: #18 - 434)

There are different ways. Off the top of my head are the following:

• Home labs
• Open-source contribution
• Upskilling in different areas
• Helping out in local conferences and other non-profit orgs

Networking is also a big deal in landing a job/internship. Getting to know people in the field or your peers and getting them to vouch for you is something that works immensely.

Thank you so much, this info is stupidly helpful. I do have two more questions so I appologize for my ignorance LMAO

1. I'm guessing for the open-source contributions is to just look through GitHub and try to find things to work on?

2. What do you mean on "Upskilling" is that working on different projects I find or...?

Yeah, that can work or you publish your tools which you use and you feel like have value. I guess what I meant was being able to develop specific tooling and improving on your programming skills. You don’t necessarily have to contribute to open-source projects.

Honestly, anything that you develop by yourself (whether it be re-using code from other people) and publishing it in Github already is a big deal imo.

I meant upskilling in different areas and not just focusing on one thing. Cybersecurity is an added layer to existing IT. If you don’t know how certain technologies work, you won’t know how to secure it.

Right now, I’m studying up on email security like DKIM, DMARC, all that stuff so I can better understand it when I try to break or bypass it.

Ok so going into different skills got it

So anything from your own bash code or mods to certian tools would work as well? Again thank you for the information this helps a lot

Yeah and being able to understand the underlying technology. As an example, if you’re a SOC analyst; how are you able to detect Kerberoasting?

How can one understand what Kerberoasting is if they do not understand how Kerberos or for that matter, how AD Authentication works.

Let alone, how can you prevent it in the future or mitigate it (if the underlying issue cannot be fixed).

Lol as someone who ain't not know what that means thats a really good point! Thank you again cause now I got a pretty good idea where to go from here! Thats why you're the GOAT

I disagree, there are so many who are better than me here 🙂

anyone tell me can please tell me what skill set i should mention in resume for a entry level job

Anyone has experience working as a Jr Cyber Hero for ThreatLocker? If so are you willing to share the pay range?

It should tailor fit to the job role you’re applying for

E.g., highlight your developer/programming experience if you are applying as a developer

yeah but still some skills that should be there.. im looking for entry level job roles

I don’t think you’re going to get a decent answer about that here.

I have almost a year professional experience as an Information Security Specialist and I have Sec+. On top of that, I want to let recuiter know that I know about offensive security. How can I do it if listing TryHackMe certs are red flag?

Look at the job description, understand what they need, and tailor fit your resume for them.

If you’re going to apply and highlight Java but they want Python, you’re gonna have a hard time. ATS and initial HR screening may just stop you right there.

can you tell me some sites for resume making or ats checker trust ones ?

and which projects i do should or should include in my resume ?

If in your job, you currently practice some form of offensive security role, you can add that to your professional experience.

You should also tell the recruiter what your intentions are, moving up to a different role, and why you’re the best fit.

I’m not aware of any, sorry.

As I said, it should tailor fit to the job you’re applying for.

no worries

okay,thank you

I wouldn't include CEH on any good list of certifications, to be honest.

Entry level are priced to be affordable, as a way for people to get their foot in the door in industry. Higher level certs are intended to be paid for by the business because the real value in certs is that they prove expertise for client/customer/compliance reasons.

There are no tryhackme certifications. They are certificates of completion, which do not have any value in the workforce.

it is good to do ISC2 Certified Cybersecurity? currently it is free

Security+ is the baseline cybersecurity certification

Certified in Cyber i think was labeled as "prep" for it?

It’s not “free”

You pay the $50 annual fee

That’s how they get ya

yes but ig it is cheaper than others

the $50 fee is basically neglible, and employer should be paying/reimbursing for that

if they don't reimburse for it, re-evaluate your reasons for getting and maintaining it

does it has good value ?

No, I wouldn’t say so myself

Good value in what context? My advice is always the same for certs: Does this open a door to a job, or is it otherwise required by an employer?

Their curriculum was OK, not much but the industry is also saturated with so many beginner courses that you can pretty much learn what they have for free.

If so, get it, but the employer should be paying for certs and annual fees to maintain the cert status.

I haven’t seen it in any job postings, Sec+, CISSP, and CEH still seems to be the top dogs where I come from

If you are just getting started out, look for the jobs posting that has the role you want. Then start working towards those requirements. Dont' get a cert just because someone says it's good or bad, look at what you actually need to get your foot in the door.

CEH is garbage, and I devalue any organization that lists it as a req

I can just feel the copy-pasta HRs do

I get that in India it's still highly valued.... But it's a trash cert and EC Council is s a garbage company.

If HR can determine the reqs for a job without manager or expert input, I don't want to work for that company

Here where I am, its still honored and people seem to think its a good cert

It's a huge red flag

I've worked for some real garbage companies, HR should not determine what the needs are for hiring manager to fill a role

same here as well. people are after cert like CEH n all

again, if you aren't in India CEH is absolutely not worth it.

And if you are in India, your employer should pay for it because it is no longer cheap.

have you looked at the Irish immigration rules, and the Irish remote work rules? If you don't know what the eligibility requirements for Ireland is, you are doomed to failure from the start.

can please help with it bit.. because i have gathered info from YT

are you from there ?

Maybe you should look for the Irish laws

And not use YouTube as a primary resource for immigration.

i need offer letter from employer

@lusty haven Please do not DM nor send friend requests without asking first. It is against server rules.

really sorry for that

As Juun said, TryHackMe doesn't do "certs".
Putting THM in as an extra curricular activity (and listing how it helps) is not a bad thing, especially if you don't have prior experience in offensive security. That said, your existing experience is likely to be a reasonable basis in and of itself.
As a general rule though, you use either experience (e.g., anything professional which is tangential to offensive security) or project work to demonstrate knowledge of offensive security.

The issue comes when you conflate a certificate of completion with an industry certification. They are very much not the same thing, and messing that up on a job application is just going to make you look like an idiot

i heard that theres websites that pay you to find vulnerabilities in other sites would that stand out to employers on a resume?

Are you talking about bug bounty?
It's not exactly uncommon, but it's definitely a good thing, especially if you're after an appsec job

what about if you wanna be on the red team?

That's generally an experience and certs thing.

so if i rack up certs and get my foot through the door with help desk then red team would be a challenge to obtain?

I mean, racking up certs only to go into help desk isn't necessarily the way to do it. An entry level cyber role should be obtainable at that point (caveat being, check your local area).
Red team is usually a specialism from pentesting though, so you'd generally go that route into it

I see, thank you for explanation

Gave +1 Rep to @undone shore (current: #9 - 795)

Guys how can i make my accounts super safe? Is it by only adding a step 2 verification and a complicated password that you wrote on your notebook?

Give me some tips

ok thanks for the tip 👍

Gave +1 Rep to @undone shore (current: #9 - 796)

for your personal accounts? (1) very lengthy and complex password and (2) MFA enabled

if you want even better security, try passwordless authentication through biometrics or hardware keys

whats MFA

multi-factor authentication

you already mentioned it when you said “two-step verification”

btw is phone sign in a good authentic log in?

what do you mean by “phone sign-in”?

or.. if you sign up with another device lets say with a PC and as soon as you log in your phone says someone is trying to log in your account. "Accept" or "not"

i meant number one

where you put your personal number

when you try to sign up in your account

that has nothing to do with MFA

unless you mean receiving a verification code

yes

that’s MFA through text message, but it’s vulnerable to SIM card swapping by a very persistent attacker

It's better than nothing, but it's not the best

Can I turn my TryHackMe learning into a career? or would I still need a degree? Like obviously I would if I wanted to work for the FBI or something but just like in general. Can I?

Aaaahhh I see. So if take my learning and apply it to be shown some companies could be interested, because I already have the knowledge etc..

Thanks for the link too

Indeed, thank you for the advice

bro that link is just

I know for a fact that Google does hire the most Phd's than any other company and boasts about it. They had one guy there program simple games like tic-tac-toe to minecraft servers.

Paywall and I'm willing to bet that the companies listed in said article are FAANG, which aren't really representative of the actual job market.

With a degree, you get paid more than your non-degree peers, you have more opportunities open to you from a contract requirement perspective, and you get an Alumni network

anyone ever pentested pharmacies?

whats the best military gig to get w cyber?

Kind of an odd question to specifically call out pharmacies. I'm sure some have.

If you're talking about the US, you have to test high enough for the MOS or Rate on your ASVAB, they have to have slots, you have to be physically fit, and you have to pass the school before you get your assignment. You're assigned based on the needs of that branch.

*for simplification I excluded the Order Of Merit list in my response

To the person who didn't ask the question, I can see how it could come across as odd. However just because you don't obtain the meaning of the mystery, doesn't mean it is absurd or suspicious of nature. Hmm...

Do you have an actual question?

its oddly specific xD

what branch were you, if I may ask?

None, my life path is just unique in that I've had a lot of exposure to how it works without actually being in or being a child of a military person.

Interesting! If I could have avoided enlisting, I would have, but life is just so tough. Do I regret enlisting? hell no. I do believe I couldve done something more with it, but I wasnt doing what I wanted to be doing, and I wasnt good at what I was doing. Ive been doing aircraft hydraulics systems for (going) 8 years, and got tired of it, i quite literally was squirming to get out. That's where I applied and got approved for skillbridge, where I can change my career path to cyber security. and here I am. sorry bout the long post.

No worries, that's good that you have a path forward

I'd keep an eye out on USAJobs for veteran preference postings and if you have/had a clearance, sign up for ClearanceJobs

im on linux fundamentals. im resuming work and my terminal(machine) isnt up and the button to open isnt there???

on tryhackme

scratch.. found it

Hi Everyone, I am currently pursuing Security Analyst path but in this path only a few courses are free and other require subscription, can anyone please guide me on how I can learn those skills for free from some other platform or any youtube channel?

Professor Messer’s Youtube channel. TCM Academy has recently released free resources like Linux 101, PortSwigger Web Academy has free web application courses, OpenSecurity Training has multiple courses on OS internals, debugging, etc.

Thanks for your response

Gave +1 Rep to @dense dagger (current: #18 - 435)

Surely will check Microsoft Learn and other link you provided

can anyone give me idea of cyber security project , just a simple one, cause the deadline in 3 days

Sorry, won't help with acedemic or work, I wish you luck!

How do I install a qradar software in windows 11

Have you checked Google?

Ya but there older versions

I just did a quick search and it seems doable. You just need to deploy it as a VM.

where did you learn bug bounty

Burp's Web Security Academy is a great resource for that imo 🙂

I wrote my first official CTF write-up and pretty stoked with the solution. Who else does write-ups to demonstrate their capabilities to new or exist employers?

https://github.com/webbie003/BSides-Gold-Coast-2024

:hammer: twitch_swify2008#0 has been banned.

wish i could not struggle to find a job in cyber without a degree in this world

Yooo, I’m trying to find some decent websites for free pentesting experiments to get more familiar with bug hunting and exploring, I’d do hackerone but im not looking to get paid at the moment and competition for the small gigs is fierce, not really the best practice environment. Any suggestions?

this is pretty cool bro i hope you get alot of views on it

Google has tons

Use your resources

There's no such video , don't waste your time

@cobalt escarp

Hey i want to find a team who can hack commercial websites without getting caught...

You won't find it here, we don't do that, btw that's illegal

okayhh i was just testing this chat , i am safe now...wink...wink

r u guys into compititive hacking

https://tryhackme.com/games/koth

woah thanks

Wow so cool bro

If people are asking illegal topics, can you please ping a moderator, and don't mini-mod. 🙂

This is illegal anywhere, not just in here, but it's agasint our community rules

study then tell us how to do it

but i can tell you this, after you connected to the website you want to hack open the terminal and imput this "#IP rm /root" it should do a scan of all root directories of the target

What's mini-mod 🙂 ?

Imposing rules and not alerting a moderator to an illegal question.

Which rules am I imposing ?

You won't find it here, we don't do that, btw that's illegal

What is a rule in this sentence ?

It's now what is said, it's the manner it's handled.

And how am I imposing anything ?

That was just regular answer

is cyber security the same as penetration testing
or the penetration tester can do the same stuff in cyber security but in a different way

Hey guys, I want to purchase a small (13-14”) budget laptop for SOC (I have just starting learning but need a machine that will last me long; I want to start my career with it). so I was thinking what to purchase: Mac or Windows? My budget is about $700, and I already have an iPhone and iPad so being in Apple ecosystem would be cool. I also have windows desktop but I want to use my laptop primarily for study and work.

Cyber security is broader term than pentesting. Pentesting is like a sub-category of cyber security 🙂

Yooo peeps, a simple question that I hope to get everyone's perspectives:

Is 3 months internship sufficient to really understand and master the fundamentals of information gathering techniques? (Eg. OSINT, Digital Forensics, Recon etc) Or would 6 months be better?

cybersecurity is a broad subfield of IT, which is an even broader field

there are many different career paths in cybersecurity, including security operations, security engineering, threat intelligence, vulnerability management, incident response, digital forensics, penetration testing, auditing/compliance, application security, network security, cloud security, ICS/SCADA/IoT security, and physical security

and each of those career paths also have their own specialties as well

It's about the time that you spend, it's about what you learn 😉

dont get u

Its not about how much time you spend learning it, its about the quality of what you learn... you could spend years trawling youtube for content and not learn very much but spend 3-6 months with a good mentor and you'll be set for life. Learn from a good source

You need to constantly learn new things 🙂

also that

In that case, should I apply for an internship or entry-level roles in a company? Just graduated from pre-uni and hoping to land a role (either internship or full-time) asap

yes, go get one asap.

Hey all! I’m a senior Python backend dev with 4+ years of experience, plus 5 years of experience in security, but physical security.
If I want to move to cyber security, what should I consider? I can’t really afford starting from entry level or internship, but then again - 0 years of experience in cybersecurity.
Is there some experience I can get on a side in cyber sec, that would count? But at the same time keep my day job.

Windows for sure. There are many limitations that come with MacOS, particularly for M chips. Like you won’t be really able to start normal Kali Linux in VM.

Thats not somethign i'm willing to advise on... its a life decision for you to make friend.

is it ok to put pentesting related skills in my resume when applying for a helpdesk role/entry level sysad role

Of course, it demonstrates a genuine interest in all things IT

guys i have a guestion

what is an salary of an ethical hacker with a cissp

Depends on the location

lets say uk

or netherlands

Utilize a tool like glassdoor or your preferred search engine to conduct a query.

There are a lot of factors

which sector of cyber security gets has the highest salary

on my way to become a cybersecurity

as with most things I'd look at which aspects you enjoy more rather than which earns more. there's a point in which a little more money doesn't mean much, but hating your job does

Road is long

you know this dude is serious when he has a “hacker” pfp

After 4 years of grinding, i finally landed a job as product security engineer with no certificate just cs degree. Best of luck yall 💪

congrats !

Congrats bro 🥳

congrat bro can you please tell us what are the steps you take to land the job

Hi guys, I am a cybersecurity college student who is looking to interview someone who has worked in the field in any capacity for at least 2 years.

I would prefer to do it over a Discord call or Zoom but we could also talk in DMs. Any replies are greatly appreciated, would take no more than 30 minutes of your time

Congratulations 🎉

What is cs ? Congrats though

Computer science

I’d like to add onto the other guy about VMs, because of the different architecture of MacOs (ARM) vs Normal windows (x86) you would be unable to use a lot of vulnerable VMs to test your skills. Eg. metasploitable

What is a red teamers average salary

Is this a good message to send a recruiter that I have no previous conversation with:

Hey Kelly! Just wanted to reach out about a couple applications that I had submitted recently. One for "Cybersecurity Specialist" and the other for "Junior Penetration Tester". I was just wondering if the jobs were still open or if I might need to look for other positions that might still be hiring?

ChatGPT says this might be better:

` Hello Kelly,

I hope this message finds you well. I’m reaching out to inquire about the status of my applications for the Cybersecurity Specialist and Junior Penetration Tester roles. I’m very enthusiastic about the possibility of joining your team and would appreciate any updates on the hiring process.

Additionally, if these positions are no longer open, I’d be grateful if you could let me know about any similar roles that might align with my background and skills.

Thank you very much for your time and assistance. `

I think your message suits the question better, ChatGPT seems to be writing a storyline for a book with the "I hope this message finds you well" it's rarely used in asking questions like these and just seems funny 🤣
If you still want to use ChatGPTs message I'd remove the I hope this message finds you well and replace just keep "Hello Kelly," and if you agree that you want to apply for similar roles you can use GPTs message. The thank you message is good. It depends on the prompt you give ChatGPT and you can always ask them to enhance those messages to your liking or tell them to provide multiple variations.

Gave +1 Rep to @stiff oriole (current: #1170 - 3)

That's pretty much what I was thinking too. I did remove the "I hop this message finds you well". I customized a couple other things and sent the message. Thank you for your thoughts and confirming that I wasn't being over the top

Gave +1 Rep to @vagrant cargo (current: #2347 - 1)

Yeah, no problem!

I have computer science degree, during my time in college I participated in cyber security competition, write security blog, build my own website, build software from scratch, learn how to write documentation, build my own vm and workstation, doing research as an assistant, etc. Basically learn shit ton, and mostly hand on. During the interview I'm trying to explain technical thing I did.

What happens next?

Wdym

What’s a good way to land a cyber security job. I’m looking for entry level of any sort. I graduated college in information systems and currently taking IT courses on top of THM

Hi guys! I’m new the Cybersecurity and I was wondering what this server was abt? Would it be possible if someone could brief me abt the server? (Also I hope I’m texting in the correct channel)

#start-here message

K! Thanks

Gave +1 Rep to @keen tundra (current: #33 - 252)

Is it in bad taste to do a Zoom interview for a new job at my current place of work or should I plan to stay home for the interview?

eh.

I'd have it home, or outside the current employers premises.

That's what I was thinking but wanted to make sure

Hi mate, sorry for messaging you after few days but is this the one your talking about?
https://www.youtube.com/watch?v=e3Mph7kqE1E

OR this one

https://www.youtube.com/watch?v=q-e--04cfqU

hi there

does anyone know the scop of SecOps?

That depends where you live, skillset, their budget, etc.

yeah, but you should be enabling MFA everywhere, not just Gmail

can anybody explain the basic difference between bug hunting and pentesting?

pentesting = getting payed no matter what. bughunting = payed when you find something. 😉

um, any other difference brother?

also, are these both ethical or are we considered grey hat hackers for doing so?

the main difference is in contract / employment

everyone can be a bug hunter, but you need a contract for being a pentester 😛

ohh thanks

so, to be a bug hunter, can you give me a guide or something how to be?

https://tenor.com/view/debug-debugging-bugs-kill-it-bug-gif-20336819

you are a bug hunter now xD

https://tenor.com/view/cute-gif-4258015470609419345

I have done courses regarding penetration testing. Also the studies in cyber security in my university. I am looking for job in penetration testing.

I would appreciate any guidance in hunting to find the jobs/projects

LinkedIn could be your best friend for that 😄

hii guys

Hi, welcome 😄

i have a doubt

my qualification is 12th and im learning ceh right now . when get complete ceh can i get job in cyber security ?

you can get a job in Cyber Security without certifications . What matters is to like the job you want to do and to show them your skills , your knowledge . You can have an OSCP and still don't know how to proxy , spoof etc etc . What's the point , if you feel me .
Cheers !

maybe thats dumb question

Linux or Windows for daily use ? (for a Cybersecurity learner)

both - Work on writing reports and emails on windows and read logs in linux.

Both ... use some VM to have it all !^^

dual booting is good or not ?

Too much work, just get a decent pc and do VM

i did this before so much hassle, get dual monitor

1 monitor for vm linux and other 1 for window

Just start. If you want a platform look at bugcrowd

Register as a hacker

Just don’t fall out of scope. That will lead to bad things

Hey guys has anyone heard of this Ucertify prep exam website

seems legit to me

they arent on the authorized partner list though with comptia

So I thought I would ask for opinions

Hello guys I'm new here, I'm a 2nd year cybersecurity student with a big interest in pen testing. Any tips to improve my skills?

You can check out these resources 🙂

https://tryhackme.com/r/path/outline/jrpenetrationtester

https://tryhackme.com/r/path/outline/redteaming

Cheers!

anyone know of a company hiring a entry level soc analyst in San Diego, CA, USA , im in my 5th month of cybersecurity bootcamp at SDSU.

Check out on LinkedIn , I'm sure you'll find something, especially in CA 🙂

100 applications in linkedin and other sources so far xD

There's also jobs channel on Discord, check it out, maybe you'll find something there 😄

https://discord.com/channels/521382216299839518/775144008853749770

😮 thankyou

Hello guysn for a recruitment I had to pass a CTF and I have to write a penetration report. I looked a little at what is done on the Internet but I admit that I do not know where to start... Could I just take a report that is already done and modify it accordingly?

Find a report template online, there’s plenty

I just found some I'll check thanks !!

Gave +1 Rep to @fringe spade (current: #270 - 21)

You can check out TCM's resource on how write a pentest report 🙂

https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report

Awesome thanks a lot

Gave +1 Rep to @keen tundra (current: #32 - 282)

Hi

Hi , You can refer this link where you can find out the great options. https://github.com/The-Art-of-Hacking/art-of-hacking/tree/master/pen_testing_reports

Entry cyber is so fucking awful trying to break into 😦

because “entry-level” cyber isn’t really entry-level

most jobs are mid-to-senior-level positions, and even if they don’t have experience requirements, you’re at a disadvantage to those who have had internships, certs, projects, etc.

Theres a problem with the entire cyber industry, something that this server tends not to suffer from, and that is elitism. It's good that there is none of it in this learning environment tbh.

yeah, but it’s also good to set expectations to those who are new to cyber

as much as pentesting sounds fun, the chances of your transitioning/obtaining such a role with very little to no security work experience is very slim

Without looking specifically at career starting are there any rooms/pathways/other sites that u would recommend trying out to determine if pen testing is a potential interest for a career?

Do you have any examples? Things being labeled "elitism" could just be people being blunt/real.

People don't always have the best tact in the industry, just a byproduct of working in tech

As someone yet to break into the scene, so technically an outside observer, i've seen good people demoralised and disincetivised by other communities refusing to assist learners, i've also attended lessons and been forced to teach lessons that are aimed at non programmers with the intent to introduce the basic fundamentals of programming.... The content i was contractually obliged to teach was nothing less than a brain dump from a very experienced programmer demonstrating... "Look how good i am i bet you can't do this"

So whilst my label "elitism" is strong and how i wish i'm wrong, i stick by what i said. There is too many people out there with the mindset of i did it the hard way so you can do it the hard way because i'm better than you... and like i said... definitely not an affliction that this community has!

I see your point and perhaps my comment also lacks tact

I owe a response to the message you took the time to write, busy at work. Ping me in a few hours if I haven't responded to you

I'll be firmly tucked in my bed snoring like a hibernating bear.

Lol ok

I would recommend researching other specialties first, as sites like TryHackMe and Hack The Box already give you a taste of different pentesting tools (not necessarily a feel of the day-to-day job of a pentester though)

you can use sites like CyberSeek (https://www.cyberseek.org/) to explore different pathways for you, and I highly recommend Helen Patton’s book “Navigating the Cybersecurity Career Path” as an introduction to cyber careers and how to get the job you want

My school mainly focused on defense/logs/infra so attack is a bit of an enigma for me that I wanted to dig into to either rule out or look into further

you could do some of the red team pathways on THM or complete a certification like TCM Security’s PJPT

gives you a pentesting knowledge/skill baseline without committing too hard into a career path

Knowing how to attack will make you a better defender and knowing how to defend will make you a better attacker... always good to know the methodologies of your "opposition"

Ah well that's why I wanted to look further into it since it wasn't really covered beyond juice shop and metasploitable

Thats a start, i'd follow the good advice @fierce acorn just gave and try out the red team pathways, something like Jr Pen Tester to start with. Shouldn't be too taxing to get through!

Hopefully you'll meet humble individuals who are very willing to help you. 🙏

I hope so... i pride myself on being a good teacher and helping others get good value from the lessons i teach... Unfortunately alot of people i come across don't share that mentality.

Hey, I just finished TCM’s 12-hour YouTube course on practical ethical hacking. I’ve heard mixed reviews about the second half, but I’m curious about where I should go next. I’m not very familiar with THM yet—I just signed up, and it’s recommending the Red Team path. Should I start that right away, or would it be better to take a networking class or something from FreeCodeCamp? Or maybe a more in-depth Linux course? Thanks, everyone.

#start-here

Start from the bottom on THM and use it as a refresher if you want

Work your way through the paths and hone your methodology

thank you will do

what site would you all recommend for learning programming and more pentesting courses?

can anybody guide me to learn cybersecurity, networking, linux, bit of programming, etc to become a bug hunter and finding my first bug?

You can go to #start-here to learn more about the TryHackMe learning platform and potentially learn some of the materials you mentioned

hi

Do you recommend that a college student (like me) takes a part-time IT job while studying? Or should I prioritize trying to land a cybersecurity role directly? I have to work either way, regardless of whether it's this job or another one.

I am absolutely bored of my (non-IT) job (here in the United States) after 3 years, but my part-time schedule (3 shifts per week) will align perfectly with my classes, and the money is adequate for my simple needs. My job already told me that there are no opportunities for students, and they don't hire for cybersecurity positions.

I have few bills, live at home too, and I am wondering if I should:
A) Just ride it out at my current job until I am competitive enough to apply for internships (probably until at least the beginning of 2026)
or
B) Try to land a relevant, part-time job, working helpdesk/any entry-level IT jobs ASAP to become a stronger candidate by the time I shoot for internships

I am (very slowly) going to start learning on my own on the side using TryHackMe + other resources. Realistically, I am hoping to look for something like a security analyst role once I am close to graduating/recently graduated (in at least 2.5 years), although I do enjoy programming. University is going to be one of my highest priorities right now. I have lost all motivation to even try at work, but I just go through the motions anyways lol. It just feel like my job isn't helping me get any closer to working in cybersecurity at all.

Any and all opinions are welcome, and are very much appreciated. I take every bit of advice I can get! :}

Do you like really love it kinda stuff?

Like programing, hack (Ethical), Etc.

Then if I was you I would choose B

What I mean basically I would do what I love doing I don't want to die doing something that I have

I want to live life and do the things I love doing

I was trying to land a straight up programming job (full-stack dev) before going back to school, but that didn't work out
(I stopped the search shortly after only 150ish applications)

I'm pretty honed in trying to work in cybersecurity instead, idk if I can actually program 40/h week,
but I would love to incorporate programming skills somehow

I completely agree with this sentiment,
and I hate working my current job, although it was kind of interesting for the first 2 years 😪

What is the job your in?

I work in a security alarm company (which ironically doesn't have any opportunities here for students, and doesn't hire for cyber at all)

we get alarms on our computer screen, and call to see if everything is okay,
then oftentimes call police/fire/ems to go check

You would produce products, services, anything basically
If you're doing it with your love like inside your heart you love doing that

Kinda boring

what do you mean?

I am volunteering for an open-source community right now that focuses on programming (as a moderator for them),
but I haven't contributed to their codebase (yet)

I would fake my age and work as a freelancer 🙏

Haha

I don't have to fake my age lol,
but regardless

really appreciate your advice :}

Hope everything works out for you

Cya

Thank you, I hope everything goes as you plan as well 😇

Gave +1 Rep to @next swift (current: #2352 - 1)

Heyy

Is there any opening in anyones company for 1 yr of exp?

In red or blue team

Hii

Hi, welcome 🙂

Thanks

Did you guys help me because my attackbox/kali eror,im take patch on windows cmd..

What's the problem ?

Cant conect to the server

My virtual machine says "failed to connect to server"

If you aren't premium user , your AttackBox don't have Internet Access

Im premium user

Since im play on the windows AD,my attack box and kali little eror😭

verify and provide a screenshot of what's going on 🙂

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

I am going to do some research on this later but does anyone know a path on how to approach cryptography? I did a short search yesterday and all I saw was someone recommending getting a PhD in mathematcis and computer science before getting a job in the field but that's pretty far out from where I'm at now. Things like certifications that may be related would be helpful too.

Check out this resource if you're interested in crypto

https://tryhackme.com/r/room/publickeycrypto

oh ya i saw this room in part of my search yesterday! Thanks for the link.

Check this one also 🙂

https://tryhackme.com/r/room/cryptographybasics

sweet, thanks for the quick response

Hello everyone!

I had query regarding my resume. I'd appreciate of someone who hires cybersecurity engineering roles could give me some answers.

I am a fresher in my final year of uni. I have done 63 professional certifications. How many certificates should I showcase on my resume?

Certifications or certificates?

I have both but certificates are more in number.

Certifications are mostly from coursera.

I'm gonna go out on a limb and suggest probably not many of them.
Feel free to post a redacted version of your CV and happy to take a look though 🙂

Does anyone have links to some internship opportunities

Take a look through #jobs-board

Thanks

Gave +1 Rep to @stoic cave (current: #17 - 473)

i am planning to take exam in entry level in cyber security.

I don't have any knowledge in this area just have a few knowledge in operating a pc and laptop.

You can start learning here 🙂

https://tryhackme.com/r/path/outline/cybersecurity101

thank you. yes i am starting to learn here.

Gave +1 Rep to @keen tundra (current: #28 - 329)

hello, would like to ask a question regarding career choices, im conflicted between taking security+ or taking a certification with proof of practical skills such as PJPT/PJSA or BTL1. Im currently an IT Assistant and would like to land a cybersec position as my next job. any tips?

Check your local job postings, see what people are looking for

I would recommend going for a well-known HR bypasser like the Security+ first, but yes, check your local job postings

I highly doubt U.S. positions will be asking for a PJPT/PJSA/BTL1 more than a Security+ though

Worth going and speaking to people in your area as well. Network. Go to conferences. Get your face out, etc.
Ask them what they're looking for.

Although yes, I agree, as a general rule Sec+ is likely to be a stronger choice.

so the ideal route right now is to study for sec+, then maybe learn the practical skills from thm/htb/homelabs and just include it in my skillset. im from the ph and lots of job postings either asks for CEH sec+. was just conflicted by the fact that these certs are purely theoretical

I mean, screw CEH if you can get away with it.

EC Council suck.

Yes though, that's a way of doing it, but you'd be better speaking to people locally about what they expect to see.

yea ive seen lots of negative feedback regarding ec council

and their pricing to their exams

costs more than what the cert can give :v thats why im thinking of investing more in other certs

might take sec+ for now and get monthly subscription to thm

Hello world!!!

Hi, welcome, nice to meet you 🙂

What would be the best alternative for CEH. I don't know why, however, ceh is quite a requirement to get a job in security field.

Maybe Pentest+

Hi !
I'm in my 4th year of studies in cybersecurity (France).
I've 2 years before having my Master (so 5 years after highschool).

I really want to work on SOC, being network analyst, or other similar cyber job.
I'm working on the SOC(1) on THM and learn few things that changed my mind.

What may i try after this room to complete my path ?
I don't necessarly want to work in France, but maybe Finland, Sweden, or Canada.

I want, later, to pass CCNA, CEH and BTL (https://www.securityblue.team/certifications/blue-team-level-1). The least one enjoy me.

If someone does work in this domain, i'd like to talk to know a bit more about how it is in real life, which certifications are good, or not, and what do I have to focus on.

Thank you very much, and sorry if my english is not perfect, i'm working on that too.

Hi , welcome , nice to meet you 🙂 . Those 3 certificates are all oriented towards different fields . CCNA is oriented towards networking, CEH is oriented to general cyber security and BTL is oriented towards blue teaming. I have a CCNA so I can help you if you have any further questions for it 😄 .

Stay away from CEH unless you absolutely need it to meet the specifications on job postings (unlikely for France afaik).

Hi, thank you 🙂
Is CCNA worthly for a SOC job ?
I mean, isn't there other certifications, maybe with lower prices, to begin ?
As i'm student, i really don't have the money to pass CCNA for now...

Gave +1 Rep to @keen tundra (current: #27 - 334)

Ok, thank you
But why do I need to stay away ?
It's hard ? or maybe not worth ?

It's outdated, outright wrong in places, and comes from a company with an abysmal reputation (plagiarism and a few scandals in the last few years come to mind).
The reputation of CEH is down the drain for that reason, so many employers don't care about it these days either. The ones that do tend to be... Backwards... To say the least

CCNA is oriented towards networking ( how networks function, routers,switches,firewalls,routing protocols,etc. ) . If you're interested in SOC positions , BTL can be a good choice 🙂 .

@abstract fjord cc/ ^^^

Ok, i never seen anything about that, thank you !
U save me a huge pack of money xD

Ok, i'll stay on BTL !
I knew it last week, but never seen anyone with.
Maybe i'll try after completing both path of SOC in THM, to give me some experience with the common tools and mindset

For SOC stuff you'd be better off with BTL and vendor specific stuff afaik. Some of the Splunk certs, for example.

Although general certs like CCNA for networking will never go down badly. A solid technical foundation is super important.

Knowledge of cloud security will benefit you a lot these days as well

So I have to focus on BTL and explore specific stuff.
Seems right.
Is there a list somewhere with recomanded certs ?

And are THM paths for SOC good for a job ?
I know that it's better than nothing, but do my future manager know it and know what i worked with it ?

Yes, I had somme certificates with LinkedIn Learning on cloud security

SOC paths on THM are a great starting point 🙂

Perfect, some exercices are hard ^^'

Heh, you're getting to my limits for blue team hiring knowledge there.
From a pentest perspective, putting THM down as an extra curricular activity on your CV -- especially as a junior -- can be helpful, as long as you don't put too much stock in it. I'm not sure about the blue team side of that though.

Ok, is should be the same... I hope.
Thank you very much

Gave +1 Rep to @undone shore (current: #9 - 800)

guys i was creating a tool using python, very basic tool in which i would send arp request and catch arp reply but in that i can change the content of the arp packet such as changing my mac address and ip address now the problem i'm facing is that if i change the ip address obviously the arp reply would go to the changed ip address so what should i do in this situation, i was recommended that i should learn about port forwarding but i don't understand even after read some topics about it. Do you know what i should do in order to get arp reply from ip address that i am not connected to

got that mofoing security+ feeling like a god damn duke dennis

i look at everybody as a bum now

im the shit

Congrats 🥳

hey i think OSCP is next and then OSXXX

Good luck in your journey 😄

What is OSXXX? 😮

he is the final boss ,,,

EXP-401

this mofo is the last dude u wanna mess with

BTL is great for entry level SOC. I would also suggest splunk certs if you don't already have them, maybe pick up one of the AZ security certs when they're on discount, and would suggest to participate in some blue team oriented ctfs like belkasoft or cellebrite and have a blog for your writeups to live in that you can reference in your resume

Hi
AZ for Azure ? just seen the prices, and I understand why u say "wait for discount" xD
But ok, thank's i'll check it 🙂

howdy hey :)

I found this site : https://cyberdefenders.org/starting-point/?next=/online-labs/6133c324-7aef-4a75-b1ad-91f92e799ac3/
Do u know it ? It seems to be great for a start

I've not used it myself but have heard some good feedback about it from buddies of mine

And for the blog, should I write my THM exercices too ?
I don't really know how it's supposed to work

perfect, I will try after THM's SOC paths

I usually recommend https://letsdefend.io/ alongside the BTL1 course, very good supplemental material and it gives you something to talk about during interviews as far as experience / projects you've worked on.

And for the blog, should I write my THM exercices too ?
I would say writeup practice is good regardless, but if you're focusing on SOC, writeups for SOC-based thm rooms, as well as keeping track of letsdefend / BTL1 labs, will be more important to focus on rather than non-SOC related rooms

thank you very much for all of this !
are you a soc expert ?

Gave +1 Rep to @crystal cradle (current: #715 - 6)

Nope I'm in forensics, but I work closely with our SOC team and have a bunch of buddies in SOC / detection engineering :)

great !
I don't really know about forensic for now, but it must be exciting and a bit stressfull xD

Anyone here in canada ? Im graduating cybersec in June and i have an internship to do in April … Is there any place good for looking at opportunities, ive tried so many things from the government to linkedin and indeed but i always get turn away … is it because i dont have my diploma or am i too early ? Km stressing because i really love the field and we were promised jobs but its hard to find

Hi

I'd say comptia Security+ is a good one to get if youre new and want to jump into SOC.

Is it correct with my focus ?
I really want to work in SOC, and i'll try to focus on networks

I'm also a student and I also want to get into SOC and most jobs I see ask for security+ and in general is a good cert to have. I'm going to be getting it as most of my teachers have recommended it and its cheap too, but I get a voucher from my school so I'll be saving a bit of money:D.

Oh Nice !
I hope that you could have it without any problem ^^
I'll keep it in mind, thanks student mate 🙂

Gave +1 Rep to @winged horizon (current: #2357 - 1)

No problem, goodluck to you too, we're all gonna make it🥹

Good luck guys 😄

Ofc we will !
So maybe let's see you in a meeting or smth😉

hi,i want using rust in cyber path,what i msut choice my cyber path/roadmap,plz recommended! thx

Not sure I understand, you want to use the programming language rust in a TryHackMe pathway?

is not good?

i new in here sorry for stupid questions

No worries, just trying to understand what you are asking

i want learn cyber security,i understand exsisting many path(offensive,defensive,redteam,blueteam,penetration testing) and i want using maybe for script rust language

Try going to #start-here to get a better idea of the path forward

Don't focus on all path at the same time. Try to filter out our specific goals and figure out your dream job path.

Does anyone have any reference for VAPT job or internships?... if have please dm me

Idk

Hi everyone I was hoping for some advice regarding how to look for internships I'm based in south africa however we dont have many internship opportunity's here and started thinking I should probably start looking for international companies. Mainly interested in pentesting and red teaming.

Try to use LinkedIn 😄

You can also check job board on the server

https://discord.com/channels/521382216299839518/775144008853749770

🙂

Thank you very much @keen tundra

Gave +1 Rep to @keen tundra (current: #24 - 371)

Hello, guys! I am currently enrolled in a cybersecurity program at my university, but I have a problem: I don't know which path in cybersecurity I should pursue. Do you have any opinions or tips that could help me with this? I would love to specialize in something more specific.

Check out this article and see what fits you the best 😄

https://tryhackme.com/r/room/careersincyber

well what would be a good road map for some one who wants to get into pentesting, i'm 29 and got into try hack me because i always had a love for computers but felt my family didn't have the money for me to go to college so i decieded to just work in the automotive field

You're going to need to make a transition to the industry, your entry point is more than likely going to be Helpdesk roles, which may mean a paycut. You need to decide if you have the ability to take that paycut.

well i absolutely can since most of what i've done so far has be 18 to 16 and hour jobs

pay not hours sorry

I would also say don't base your expectations of the career field off of TryHackMe. A lot of pentesting, and cybersecurity in general, is report writing, as in 80-90% of the job.

If you're looking to transition, I would review Professor Messer's A+ course until you have a good grasp on that material

makes sesense, i only got into try hack so i can try learning some stuff i didn't already know

Well my goal was to get my comptia A+ first then to maybe try to do some projects.

I would just study, don't get it necessarily, and start applying

I'm currently trying to get into the SOC analyst role, and I find that it's a good pathway into other strains of cybersecurity, especially if you're new in the industry.

@somber epoch don't like the automotive field? I'd think that has similar income, and less competition?

i know but it was never a passion for me

Ok. I understand.

I have a teacher that currently works in the Cybersecurity field for mitsubishi, maybe just get a few certs and transfer from your current position.

@winged horizon well at the moment the place i am working at is shutting down due to the owner selling the place, so i am in the middle of studying and trying to find another job as i do so.

@winged horizon Thats a smart idea.

Got it, well maybe in your new application you should add your new tech experience and you might land something more in the tech world that youll enjoy!

hey guys i got my Sec+ which certification is good to get ? any suggestions i usually dont like MCQs but yeah

Sec+ is a really good start that will even land you a job, ISC2 Cert [CC] is free and has good weight for the cybersecurity industry.

true I've been technically a jack of all trades. I've done warehouse work, shipping an receiving, preventive maintenace on both jocky trucks and box trucks and i'm currently at a scrapyard.

is that CC one going to impress the HR ? i really cant sit and not learn i need to get me a well recognized certification after Sec+

No, ISC² has been on a downward trend

Since they're going to be applying for Helpdesk, there are typically no requirements for professional certifications. More often than not it's do you know the components of a computer and do you have the willingness to learn.

I just saw a post today on linkedin from a hiring manager that showed a list of 5 highly recommended certs for entry level cybersecurity, sec+ and ISC2 [CC] was on the list as well.

To be honest ive seen Sec+ everywhere

i havent seen CC in many job descriptions

yeah sec+ is more known, but if you just want to add experience and certs to your name I recommend CC, otherwise hands on experience like projects, will be the better add on to your resume.

Cool, is it in their job descriptions for the roles they're hiring for? LinkedIn rewards people for posts like that because they generate impressions. They can put that post together, but do they actually live by it is the question

Certifications are not experience, personal projects are also not experience.

Experience, when on a resume, is specific to professional experience.

bro i know experience beats everything but we talking about a post graduate who wants to put his foot in the door so recuiters would know he so eager to learn and certs are the best way to demonstrate that also blogs THM walkthroughs perhaps projects

It's best to look at the roles you'd like to apply for and not necessarily rely on overly broad certification tier lists

In my resume I include project experience, not necessarily relating to job experience, if I haven't worked in the industry there is no other way of referencing experience.

facts

but here is the thing even the entry levels ones be like " CISSP , CISM , SEC+ , OSCP "

It can go in an extracurricular/projects section, but it doesn't belong in the experience section. Your experience section is also any professional experience you may have, not just computer/tech

haha foreals

like bruh how the hell am i suppose to get the CISSP when i never worked more then 3 years in IT

You have to remember, entry cybersecurity is not entering the workforce entry. Pentesting is also not entering cybersecurity entry

good point

you really do have to start from the bottom almost not relating to cybersecurity like IT support or helpdesk, to just get hands on experience with anything relating to tech

If you're a postgraduate, apply

The problem with being a postgraduate is that you're likely going to be priced out of entry level roles. Companies don't want to take the risk of you leaving so soon as well.

i had some offers for cyber and help desk but they like 40k or 50k

horrible

gotta start somewhere

Depends on where you are living

But entry level salaries aren't typically 6 figures. FAANG and high COL areas skew the data

i guess imma find me a internship or something i havent tried that bad i only applied to 10 jobs and heard back from 6 of them

i gotta apply like 1000 a day

Shotgunning your resume isn't a good thing

work at that 50k job for a year and then apply to something better

yeah thats why i dont do it

Internships are also typically reserved for people in school

i mean we could use internship as professional experience

Yes, but if you're not in school you more than likely won't be considered

What's the good plan for someone with no prior diplomas and certs ? 🤓

Without a degree or prior professional experience, you're best bet is likely going to be something like IT Helpdesk

Jesus, i have to find a 0day on hackerOne now

😏

Why?

Well, idk if in France it's the same, but they start to take you seriously with a Master

I am not familiar with France, but I think @tacit bobcat is?

Sorry Hydra if you're Portugal, I can never remember

yeah but not super familiar with French degrees

I mean, unless if you are very talented which is somehow acquired in time

Your french Hydragyrum ?

Let’s just be honest none of here could do no 0day exploit

my take is that you need to be on very specifics technical domain to start exploiting specifics 0days

I'm a lost Canadian

Why lost ^^ ? I mean, Canada is freaking cool

For those who studied for sec +, is it better to go through some thm rooms while also doing prof messer videos + study guide?

Why not 😄 ? You have this pathway oriented to people who're interested in Comptia certs 😄

https://tryhackme.com/r/path/outline/pentestplus

Hi

Hi

Hi , welcome 😄

Hi , welcome 🙂

You've already been asked not to do this.

i love CISSP

I don't

Its due to HR writing those ads, the hiring manager is not expecting that

from where do You start learning step by step

?

You can start with this pathway step-by-step 😄

https://tryhackme.com/r/path/outline/cybersecurity101

What about Microsoft cyber security analyst certification? Is it good start in Cyber security?

That's pretty basic 😦 . Coursea courses don't really have any value .

I really need help to start 😭. I tried Microsoft cert but it s feel bored

Free certificates like those on Coursea don't really have any value 😦 .

CompTIA security+ is a good start then

Yeah , that's kind of industry standard 😄

I started with google cybersecurity course

Then I moved to the htb and thm

They provide great value 👏

I see som YouTube video they toled that Microsoft sc-900 is a good start ...

I'm confused

You can start learning with it , but don't expect to get a job after finishing that couse 🙂

Try things out if you don't like then don't do it

Surely It won't land you a job but it can improve your skills

Ok thank you for those advices i will go with security+

Other question please! Did security+ have labs and practice exam?

I think that it has PBQs 😄

😆

hey, i would like to find a low entry cybersecurity job.... how do i find one in my area?

anyone here today

You can look at your country's job board of choice

LinkedIn, Indeed, etc

🩷

Is trying to get a job as a SOC Analyst out of 2nd year as a Cyber Security student unrealistic if I get CC, Google Cybersecurity course, CompTia Security+ and the tryhackme SOC Analyst path? I've heard you usually need helpdesk experience but I've also heard a very few number of people were able to skip it. I'm also documenting my learning journey on LinkedIn and figured maybe networking events from ISC2 could be a gateway to that entry level analyst job. Any advice?

Just trying to parse your question, are you saying you're currently in school as a second year undergraduate?

Yes

I've already done a lot of research but I would like the opinions of some real people in the field if that makes sense, and thank you for taking the time

You should work towards finishing your degree. If you need to work, you're going to need to look at part time jobs in the area around campus. You can also look to see if your school has student work opportunities.

Internships applications for summer 2025 are currently open at a lot of organizations, I would make sure your resume is on point and start applying for those

Will I not be able to get a job in the field before finishing my degree you reckon? I thought the earlier I started getting experience the better. I already have 2 part time unrelated jobs but I wanna get my foot in the door in the industry early

You're a student, you can't commit to a normal work schedule.

Your experience will come from internships and or student work opportunities at your school or coops in the area.

I mean I only got 9 hours of uni a week (although I'm a full time student)really so I reckon I probably could commit to a part time at least, I'm just wondering if they'd even consider me as I haven't finished my degree

whos keen to finish hard rooms together ? on tryhackme ?

@wild bramble you can 100% get a job as a SOC analyst with a SC-900 certificate

Its an entry-level certification for an entry-level role

I have seen people get a SOC analyst role with no technical commercial experience or certifications it all boils down to the hiring manager at the end of the day.

I wouldn't advise on banking on that, obviously you do what you can to increase your odds via on-topic personal projects, certifications and naturally some commercial technical experience in a role like on the helpdesk but the idea that an SC-900 certification is not valued is hogwash

I would digress. Its not an entry-level certification. Its more of a foundational certification. Kind of like the Cloud Fundamentals cert from AWS.

fundamentals is an entry-level certification

as its the fundamentals...

Literally the first thing you do when learning something new

is learn the fundamentals and yes that can be enough for a SOC analyst role as a SOC analyst role is not that technical of a role. Obviously it varies from one organization to another but for the most party, CSOC/SOC analyst roles are entry level and require no experience in cyber security

No its not. Entry-level is different. Take a look at SC-300 and SC-200 which are associate certifications.

Most people who are hired into a SOC role is either a recent graduate or someone from the service desk with a year or two experience.

You're focusing too much on Microsoft's classifications rather than real-world usage.

If you have a SC-900 certificate it demonstrates you A. have the fundamental knowledge and B. interested in cyber security.

This is enough for most organizations to be hired as a SOC analyst

I have seen people with neither of these but a few personal projects and a certificate such as SC-900 be hired too because of this reason

Yes but you’re trying to say that SC-900 is an entry-level certification when in fact its not. Plus the SC-900 focuses on the Microsoft suite of security tech.

I am saying SC-900 can get you an entry-level job like a CSOC/SOC analyst

Yes a lot of CSOC/SOC analyst roles are within MSPs which work primarily on a Microsoft tech stack

SC-900 is also a very high-level certification, its not just focusing on the MS suite, it covers the fundamentals of security, compliance, and identity concepts as a whole not just within the context of Microsoft so its a great cert to get if they're just starting out on their career

You probably could but I’d argue its not more on the cert itself but your skillset/willingness to learn.

Agreed, the cert demonstrates that easily to the hiring manager or recruiter on your CV amongst a sea of other applicants

Fucked up but you got to play the game

I wouldn’t say that. SC-900 relates itself to its Microsoft suite of products rather than in general which the Sec+ does.

Have a look at the curriculum its high-level

I know, I have the SC-900

Then you know the knowledge learnt is not exclusive to the Microsoft eco system

Its applicable elsewhere

and transferrable

You could say it that way but in the end, its really not.

Even the training is directed towards how to use Microsoft products

https://learn.microsoft.com/en-us/training/courses/sc-900t00

Sure, it teaches you best practices and whatnot, and I agree that’s transferrable across different domains but in the end, its a vendor certification. Vendors gottsa push their products.

So you think learning the SC-900 ultimately only teaches you about the Microsoft suite at a fundamental level and does not teach you the fundamentals of security, compliance, and identity concepts?

In hindsight, yes. In the training path curated by Microsoft, only 1 module focuses on the general concepts and then having 3 other modules that focuses on Microsoft products.

That's just incorrect 😄

We can agree to disagree but that’s how vendor certifications work.

No one is saying it is not geared towards the MS suite, but it is not exclusively useful to an MS tech stack for an entry-level role

That suggests they're operating under muscle memory rather than understanding the subject matter and technology they're using

I mean yes, that’s what I said earlier, it will teach you generic concepts but in the end its a vendor certification. Its full value is realized if you work with their products.

No one is saying the opposite?

But you’re marketing it as an entry-level certification when its not, its a foundational certification aimed at teaching the user the Microsoft security tech stack and its capabilities.

I never said that

I said you can get an entry-level job with an SC-900 such as a SOC Analyst because you can

as a SOC Analyst role is an entry-level role

It can and does directly help you in doing so

This is what you said: #cyber-and-careers message

You're playing on semantics

Whether its foundational or entry-level is irrelevant it can help someone get an entry-level role and it is valued by hiring managers

Certifications are used to quantify professional experience and they don't really stand on their own when it comes to job hunting.

Its not just quantifying professional experience

That is literally what they are for

Its not how they're used exclusively

When I am looking for someone for my team, if I see they have done independent studying an example being industry certifications. It not only indicates their technical expertise but also shows whether they have a genuine interest for IT

It says a lot if someone goes out their way to acquire a industry certification on their own accord

This goes hand-in-hand with things like personal projects, I would also make the argument certifications are primarily used to show technical expertise rather than professional experience, which is mainly shown via their commercial experience listed on their CV

Though certifications can also do that to an extent too

A bunch of certifications and no experience does not tell me anything other than that you are cert hunting and can memorize take a test. Which has a negative connotation. It does not tell me how you interact with others, if you can write a report, if you can make deadlines, etc.

Correct, I don't think anyone here is making that argument

It's the counter argument to "all you need are certifications" which I believe was stated in part above

What we are discussing here is whether an SC-900 can get you a job as a SOC analyst which I am arguing that it can

I never said that ;D

Alone? Probably not

That's cool if it can at your employer though

See

Alone you can get a role as a SOC analyst with an SC-900

But its not guaranteed and I wouldn't suggest that approach

SOC analyst is not really a technical role

Its entry-level

Most of the time organizations will train you on the job if you have an interested and foundational knowledge

The way that is written, and the message above the one you linked, is inferring that's all you need. It's also why I said "in part" because you didn't directly attribute

best way to get into it would be do everything you can to be competitive, such as picking up a relevant certification or two, undertaking personal projects and formal education

No its not

I literally said "I wouldn't bank on it"

"I wouldn't advise on banking on that, obviously you do what you can to increase your odds via on-topic personal projects, certifications and naturally some commercial technical experience in a role like on the helpdesk but the idea that an SC-900 certification is not valued is hogwash"

This is what I am talking about

Then read the messages

Missing the context of the discussion...

People are acting as if a SOC analyst is not an entry-level role around here

I see you responding to KGB, who said it can't be relied upon, and they were replying to someone who asked for good starts in Cybersecurity. You have to remember, a lot of people asking those types of questions in this server have zero professional experience or a degree.

Its what most people in cyber security start off in

In the grand scheme, it's not

It literally is

Cybersecurity is not workforce entry level

No but SOC is

SOC falls under cyber security yes

but its not the same calibre as other professions within cyber

Which is fine, its a SOC analyst role

You can get a SOC analyst role without commercial experience

If you have certifications, personal projects and formal education it is possible

Its like working on the helpdesk, you learn on the job

Would they prefer someone with technical experience? obviously? Do I recommend they don't get technical experience? No but is it still possible and does it happene regularly? yes it does

But perhaps this is a regional thing who knows

My only experience is within the UK

is tryhack me paths enough to land an try level IT job, or do you need need a further qualifcation?

What do you mean by work force entry level? Like with no schooling or no prior industry experience?

sort of, mean like helpdesk to start

thought cyber secrutiy was very diffricult without formal education

not sure what entry level roles in cyber secrutiy are, but would you be looking at CCNA and other certificates, without a degree?

As in you're entering the computer industry, your first job

Entry for cybersecurity is typically 3-5 years of professional experience, without a degree, in something like IT or another STEM field

just finished my first year of a 4 year degree in civil

Ah ok, I think it's getting a bit better with coop jobs but I get that those aren't "real" to same degrees as a full time

toying with the idea of dropping out if i can get a helpdesk role

then trying to study from there

If you're in a degree program, don't drop unless you absolutely have to

still 3 years to go tho, so haven't invested too much. salaries aren't too great in civil, especailly for the first 5 years

Degrees allow you to meet contract requirements, you earn more than your non-degree peers, and more

What have you done cyber security wise? Is it something you're doing hobby wise that u want to make into a career/switch degree majors or just something you have a general interest in/like the salary range of?

Civil what? Engineering?

General interst, software and IT is interesting, but current job markets scares me off studying it. If i could get work experience in the industry, then go from there, I'd give it a go

yes sir, don't mind it, but not much of a passion for it.

Can you switch to something like EE?

I wouldn't drop your current degree altogether even having a degree at all would make certain factors easier

Dropping your degree is not recommended

I've done some intro units, and looking at later 3rd to 4th year content, bit afraid. Uni offers network engineering, sharing 2nd year content with EE

What made u consider this change?

Civil is alright, long hours and onsite often. Pay isn't very good though. Of course 10+ years of experience it'll start to get good

Personally, if you don't like civil, I would look at transitioning to EE or ECE. You could also change your degree entirely to Computer Science

live in Australia too, so civil has a bit of overlap with mining eng

our main indsutry

I will say, you can get into some interesting places in Cyber with an industrial engineering background

If u like cyber perhaps a shift to cs completely would be better

Or engineering

thing about Australia, civil and electrical are the only safe eng options

we've offhsored or automation, so you're risking it with mechanical

How is cyber jobs in Australia?

EE's not bad, but I'd find it hard to justify studying eletroncis side, instead of core electrical (which is required for more grid/power generation job i think)

can't say I'm too knowledgeable, alright mid - senior, but we have a surplus of grads

lots of interional students, so trying to land a grad job is pretty hard

Oh yall got a lot of international students there ?

Canada level amounts

Cs and software have been swamped pretty hard too

Do u want a grid/power generation job? I think u should look into potential crossover jobs like did you google? suggested

Goes back to what I was saying, having an engineering background in Cyber can be important. Critical infrastructure needs protection

Do certs matter in Australia too ?

Electric, Water, Gas, etc etc

was thinking this, but the units that share content with cs and software, are found in the electronics major

defence is one of the bigger indsustries for that, not much is designed here

we have a pretty diffirent market to USA here, from what I understand you can get away with less qualifcations

but you need some experience to start from somewhere

Might need to move to Melbourne then

Us ain’t it for me

majoring in that area of EE, would proabbly limit your ability to switch into network, software and cs related stuff

you in Melbolunre too?

Yeah bro 🤣🤣

nice, me too

Nice bro we should connect

Look up ICS/SCADA Security

I think that right now with your uncertainty of where you want to go you should continue a degree potentially switching majors if u have 0 passion for what you are doing rn and try picking up a job on the side in help desk to beef up ur resume but dropping out should not be on the table