#cyber-and-careers

It's definitely smart to have resumes specifically tailored to the type of role you want. That's a great start.

If that's what you want, not sure what your discipline is for computer engineering

???

you act as if an entry-level individual can drop $1,649 USD on a single certification, when they have a variety of other needs and wants they desire

I would do it

I’ll be a homeless matter fact but get my oscp

I’ve been thinking about doing the same thing. My resume needs a lot of work but a template will help.

Actually I’ll get kicked out but I’ll spend all that money on that

what I lack for me is the practice in using kali linux I think but I actually have general understanding of Cybersecurity concepts and other skills needed. what I just need is practice

Let's not give bad advice, you shouldn't prioritize certifications over real life expenses

It’s real life experience buddy

this doesn’t account for the fact that a certification doesn’t guarantee a job, so you’ll be homeless while job hunting for a long time lmao

Certifications aren't experience

^

And I am not your buddy

yep thats the thing hahaha hit me up if you find one and Ill do the same

That particular one is really hands on

Still not experience

Oath I’ll be homeless

Let’s see who’s gonna land a job

Me or you

it’s still not real-life experience, and others argue that a PNPT is much more realistic

For some folks, that would also mean their spouses and kids go homeless as well.

It seems like u haven’t done ur research

I am already employed

Stop it

Get some help

Get some friends

we all know than an OSCP is one of the most sought for certifications in the world, but you are arguing “real life experience,” which an OSCP isn’t

Let's stop feeding the troll, just ignore them

Good luck

is OSCP really that expensive? I heard you need expeirence to get the cert right?

It is very expensive

no, it’s $1,649 USD for the course + exam attempt

.........

I don’t think there’s an experience requirement iirc

Perhaps you're thinking of the CISSP?

Not that I remember

CISSP has the experience requirements

ahhh that was CISSP

my bad

Mmhmm, 5 years or 4 + waiver.

CISSP is around $749 last time I checked, but yes, it does have the 4/5-year experience requirement

It's also one that companies will absolutely pay for

It helps them on the business end

what you really want is SANS certifications

around $9k USD per cert lmao

Mmhmm! The specializations afterwards have additional experience requirements as well.

is there anyway like a cert that states that you undertand NIST and ISO27001?

It’s funny how you call oscp expensive and then talking about “ SANS IS WHAT YOU NEED “ amazing :))))

I have one and I don't know what to think lol. Businesses do like them and will send employees to them

I didn’t call the OSCP “work experience,” and SANS certifications are recognized globally and will be paid for by large employers

Eh, kinda. CISSP goes over those in general terms.

CISSP is really focused on risk management, which has a lot of overlap with NIST 800.

and we were talking about certs that your employers will expense for you, not if you can pay for a SANS certification out of pocket

CISSP is how the business unit interacts with cyber

stop straw manning my statements

For requirements certifications, you'd have to look in the industry you're in

I believe ISO has a certification

this one... any clues?

Yeah, in general terms. It's the only thing I've taken though that had questions on those standards.

I know there are power grid related requirement certifications

Pretty sure it's expensive and you don't need it unless it's required by contract more than likely

NIST publishes all their stuff for free

can you just say in your resume taht you have a depp understanding of NIST without a cert to back it up?

I wouldn't unless you've worked with it extensively at a job

any ways to back up statemetns such as "DEEP UNDERSTANDING OF ISO27001 and NIST"

work experience

Can confirm as I'm reading 800-30 and 800-37. 'Did You Google?' is correct.

or work projects as well

I wouldn't write that anyway unless it's a cover letter

Im from the philippines and most of the require ISO27001 understanding and NIST

You use NIST in the Philippines?

Huh

Def not unheard of.

as a basis? yes

is any stem degree good?

Pretty much unless they call out specific stem degrees

@stoic cave https://dict.gov.ph/wp-content/uploads/2024/02/NCSP-2023-2028-FINAL.pdf

yeah, you will see Information Security, Cybersecurity, Information Systems, Information Technology, or Computer Science a lot for degree titles

Sorry not going to click that

I believe you

some will also have a catch-all “or related degree” statement

yeah yeah all good

its a gov site

just saying hahaha

Best way to protect yourself is to not click anything

yup

Doesn't matter if the site is official or not

Again, 'Did You Google?' is correct.

true though

but im just saying, its a government site lol

anyway

Government sites have never been compromised. Ever.

any suggestions for a template for a resume?hehe

There are no URLs in that message.

LaTeX template called AwesomeCV is what I use

any links ?

nahhh its not true, especially here in the philippines

Learning lesson, a huge part of cybersecurity is research

okay okay thanks, I appreciate what you are doing

My recommendation is to do some research utilizing your favorite search engine and read up on latex as well as look at some templates. The editor I use is Overleaf.

okay thanks bro imma do what needs to be done

Do yall send your resume with a pdf or docx?

.pdf, as it retains formatting

Hi

Hi , welcome , nice to meet you 😄

@broken idol

Please don't do this stuff here

PDF

I vote for PDF 🙂

Please ping somebody from the moderation team when something like this happens, don't take it on yourself to stop the behaviour.

PDF is harder to edit.

There have been stories where recruiters have edited a CV

KGB already ping you so I don't think it was necessary to ping you again and again. 🥲

It was more of a going forward 🙂

I won't make that mistake again

It's not a mistake, we just like to know when somebody asks an illegal/unethical questions 😄

Hey guys, Im currently a junior in HS. I'm currently looking into going to college at WGU for Cybersecurity and Information Assurance , it includes 15 certifications including CompTia net+ sec+ pentest+ A+ etc at no extra cost. Just wondering if anyone has any recommendations for a better online college, or a better degree to get/ things to look for in a degree. Eventually I wanna do pen testing so something geared towards that. Thanks.

Having taken the WGU course, if you're a self starter it's great, it's a structured version of Udemy or Coursca. The certs have bumped around but in the end you will have multiple CompTIA and ISC2 certs all will help you get into the industry, in the meantime, WORK ON YOUR LABS!!!!! 🙂

Hi family

Aye Capt

Sup

Thank you, I'm sorry if its a dumb question but. it is an actual college degree right? i've never head of cybersecurity and information assurance and havent seen it offered in many other colleges.

Gave +1 Rep to @wheat quarry (current: #2365 - 1)

Just returning the Hi 🙂

Any dating site

Or free proxy for anonymity browsing

Not from this server.

If something is free, you're the product, and if it's free, it probably won't be good.

No dumb questions, don't ever be afraid to ask a question! Also, IDK is an acceptable answer

just looking forward in life 🙂

if someone gives you crap for asking even an obvious question, first off, nothing is obvious, clarity is always good, second that's on them not you

appreciate that

thanks for the help man

anytime

I mentor a group of people getting into cyber and some of the simplest questions, which normally would go unasked, lead to the best discussions

Do not be afraid to say whatever you feel

yes, WGU is accredited by the NWCCU

accreditation is what makes a college degree legitimate, not if it’s offered by other colleges or not

great thank you

your a student?

no, but I’m planning to go for their MS in Cybersecurity and Information Assurance and MBA in IT Management after I graduate with my bachelor’s degree from my current university

gotcha,

what are you currently studying?

cybersecurity lol

so a cyber degree not CS?

yeah

I’m not willing to go through calculus, physics, and chemistry classes just to monitor, triage, and investigate security alerts 🤷‍♂️

Im so glad to hear you say that, did some research people reccomend CS over cyber because you have more options but I'm not tryna learn data structures and algorithims

glad to hear you found success with cyber

Thanks

you do have more options, and I understand that I pigeon-holed myself into cyber

it’s why I was also considering an IT degree

I just dont see myself transitioning to something other than cyber

about this, there are major criticisms about the program, including their spam of CompTIA certifications that are mostly theoretical and not practical/hands-on

hmm

it’s still an accredited degree, but grabbing a PenTest+ doesn’t mean that you know how to conduct a penetration test properly

right

you would know the procedures and reporting aspects of it, but not how to actually do a pentest

so personal labs and research would be good

or other certifications like the eJPT or PJPT

I would get the CompTIA certifications on your own probably, a lot of free online resources, if you plan on doing WGU you fulfill that credit automatically

so if i get the certs now the credits are done?

Yeah

yeah, you can transfer them in as credits, but you have to pay out of pocket

that’s literally $1000+

might be cheaper then spending a few months learning it while paying uni

maybe not

its an option ig thanks bionic

you do get the vouchers for free during the program though

depends on the instructor/professor

I know some community colleges in the US have "college" versions of the vouchers that are cheaper and will pay for them

just to go back the CompTIA certs arent hands on?

comptia is muitple choice

hmm

which makes it easier

ill look into it thanks

multiple-choice, multiple-response, and some simulated questions (performance-based questions)

so theory then yea

it’s more on the vocab test side of things but still applicable to the real world

just not hands-on or practical at all

but good information yea?

absolutely

I would say a Security+ is a great certification that serves as a baseline for fundamental security knowledge

if you have it and did the exam legitimately, then I can expect you to know what a VLAN, proxy, NGFW, CASB, MDM, and VPN (and other terminology like that) are

Security+ is enough to get your foot in the door tbh

at help desk or something higher?

you may have to do helpdesk first but those roles don't usually require certs

I would disagree that a Security+ is enough to get your foot in the door, as entry-level security roles are not really entry-level

what do you have on your resume as a SOC analyst?

my resume? my degree, skills, work experience, certs, extracurricular activities, and projects

curious what kind of projects you do for cyber?

I have a VM home lab on my laptop, and a group of friends and I used AI/ML to create and detect malware as a capstone project

dang

I’ll probably throw on a coding project as well

that seems like a high bar

you learn that from uni or self study?

both

I have 11 certifications all from self-study and self-funding

you just have to put the work in

where did you learn AI/Ml for that project?

well, my friend works for State Farm, and he did all of the AI/ML stuff (I did the detection part)

very cool, thanks appreciate the help.

Do you have prior professional experience? It's not really recommended to do a Masters directly after a bachelors with little to no professional experience. It will price you out of entry level roles and companies don't really want to take the risk of someone leaving quickly due to overqualification.

yeah, I will have a year of help desk experience and a year of SOC experience when I graduate with my bachelor’s

The reason behind that advice is due to cybersecurity degrees being newer. You really have to vet the curriculum to make sure you're getting a quality degree. Some are very much not great. Computer Science has the benefit of being around longer so it's curriculum is developed and pretty much standardized across universities.

and I’ll probably use an employer’s education benefits as well, if they even offer it

You two are mad active 🔥

Degree and security+ is really all you need, I went into engineering roles

I’m active pretty much only here as #general is often THM-related stuff, which it’s supposed to be

and nerds throwing out cybersecurity jokes

so a degree in cyber and sec+. Thanks

Gave +1 Rep to @stoic cave (current: #17 - 474)

Aren’t you in Australia ?

You will be overqualified for Helpdesk with a degree and security+, imo

Nope

I’m pretty sure u said that

Definitely not

Yeah, start applying for whichever roles you want as you near graduation. I wouldn't recommend a masters

as I said, I’ll probably just use my employer’s education benefits when I do get a role

have them pay for it and encourage it

Those do come with strings sometimes, just fyi

Work for the company for X years after you receive Y funding

which I already plan to do, if it’s a good company lol

I mean to be fair I have had to use Calc, prob and stat, and lots of algebra

I mean, what’s your job role?

cloud and app security manager, but at that time principle security engineer, and security risk analyst

then that makes sense

@raph better work on in here on that, what is your background?

ok

Do you have any prior experience in digital security? or IT tech support or anything IT?

no no, in my situation am doing data science and artificial intelligence at school. To keep it short am still a student

that's perfect

So do you enjoy the ML/AI side of things?

yes and i wish to apply my knowledge of ML/AI in cybersecurity

that's a great place to start. How far into school are you and are you working or looking for work?

looking for work and about to complete my master 2 degree

If you're looking to get into work, I would suggest getting any intro level security cert (Sec+, CySA+, ISC2 CC) thing along that line, and apply for security analyst's position, idieally one where you would be doing data analysis on large swaths of security info.

having the masters will help

most only want a bach

thanks for the help i really appreciate

Gave +1 Rep to @wheat quarry (current: #1176 - 3)

no problem, cyber is a large area, there's lots of stuff to do, so other than working your Labs! make sure you find a section that you enjoy

for example I love networking and app development and so I focused on web app pentesting and network forensics

and certs like CEH, CCNP, and things like that

AI is fairly new to the security field at large and there are few certs out there so having first hand experience via school is great!

what i really want to learn in cybersecurity is web app pentesting for the moment

Good thing for you there is a new path in THM just for that

Under Learn -> Paths -> Web fundementals, and then Web App Pentesting

thanks for the help

Gave +1 Rep to @wheat quarry (current: #955 - 4)

anytime

Why there are no junior remote positions 😦

How can I learn pentesting if everyone wants experienced pentesters?

Sadly that’s just reality at this point as more companies are starting to push for return to office more

More competition now more than ever to land those junior penetration tester spots.

What I can offer you is some guidance; keep doing CTFs, document your bug bounty/CTF journey

Network with locals if you have cybersecurity meetups

Put yourself out there

It’s not what you know, it’s who you know

I'm aiming for a pen testing job and I'm new in the cyber world, so that means a lot of competition out there in the wild?

Yes. Hacking is the “sexy” job of cybersecurity. You will unanimously see more competition for a Pentesting role more than any other.

It’s not impossible of course, but you will need to prove yourself; especially if it’s a remote junior job at this point.

do you think the learning path of jr pen testing in tryhackme platform is enough?

It will put you on the right path!

nice then i think that will be a lot of fun, anyway I have studied a lot of theory actually, what I need right now is to get my hand dirty in practice

To get job? No. Do you have a degree or prior professional experience in the computer industry or any professional experience (as in have you held a job)?

Because pentesting is not an entry level role within cybersecurity. It's fairly niche. Cybersecurity itself is also not entry level in the computer industry.

There's a lot of risk involved with both

actually I quit my job and came back to study, I studied web devloppement for 2 years and then switched to cybersecurity

so I know about web architecture and programming languages

but i found it more fun in cyber than programming

same question but when you finish SOC 1(to be taken), google cyberseceurity cert, isc2 intro to cybersecurity and has a computer engineering degree (im working now with networks and building data centers but didnt touch active components yet I just to managerials of the project)

I just wanna hear your thoughs

if I can get a SOC 1 job with that HAHAHA

I think SOC jobs are more entry level than a pen testing jobs

I know that pen testers needs experience in the cyber world and it is a not an entry level job but I'm still studying for it as my entry level lol

I think pen testing is like a topping for entry level, jsut letting the employer know you have that kind of knowledge or skills

as long as you have the skills and knowledge, any job can be an entry level for you

so I'm trying to learn and practice as much as possible so I can get that entry level

I need to give it my 200% efforts

just chill from time to time bro, to avoid burn out

best way is to lose a game and than feel bad that you spent in on a game than learning HAHAHAH (thats me)

I work with a lot of very cool, very smart blue teamers. Security engineers and analyst doing very Sr work 🙂

I know I'm resurrecting an old thread, but I didn't see that I had received more messages about this.

I had my own IT business that received payment from the startup farm business. I did pay taxes on the incomes. I wasn't paid a consistent wage, but I did receive pay at different points in time while working there. It just wasn't the same as a big corporate environment since I was the only one in my IT business.

I managed the social media, went to farmers' markets, setup and managed the website. I did the inventory management and updated the products pricing and availability on an ecommerce farmers market website.

Thank you for replying

Gave +1 Rep to @stoic cave (current: #17 - 475)

I got no degree, trying to break into cyber too 😭

Thinking of doing comptia Cerys

Certs**

Good luck on your journey 😄

Thanks but honestly idk what I need before even applying

Gave +1 Rep to @keen tundra (current: #19 - 450)

I have no connections in cybersec. I started to learn pentesting about half a year ago and suddenly I got laid off 2 weeks ago. I thought about changing my career to red team pentester and just build skill on the fly as an intern or junior even if it means massive salary decrease. Yet there are no job offer on the market at all and I do not want to stay jobless for more than 2 months if luck will be on my side. At the same time I do not want to do what I did up to this point, because I feel burned out.

Is there some other way to enter pentesting? Should I go for SOC position and then somehow jump into red team after some time? Would that help?

can someone help me ??

Ask here 🙂 https://discord.com/channels/521382216299839518/522158539129618453

love that thank you

Pentesting is not an entry level field, SOC L1 would be easier to get into. Do you have any experience in IT?

Some as DevOps and some as software engineer. And a little bit as SOC as I had quite few responsibilities related to cybersecurity. Mostly tools implementation and cyber paperwork like for example risk management or OSS management.

Still paperwork bores me extremely. I really do not want to check licenses, write reports, browse scan results and score the risk using using CVSS or NIST. It just is not my thing.

Yet at the end if I will not find anything then I will take whatever there is just to earn cash, even if it will make me miserable, such is life.

Well, pentesting is also mostly paperwork

But with your experience I’d try to apply to some blue team positions first and then maybe move onto pentesting when more roles are open

Valid point.

Maybe stupid question but how do you people document bug CTF journey. Just by writing dates of event or do you also include some other data?

Bug CTF?

for example

I'll provide some examples. This one is documenting how someone walkthrough'd a room in THM:
https://medium.com/@CarsonS/tryhackme-cyborg-writeup-f0bcacd3e38a

Here's one of someone who found a SSTI + XSS + WAF bypass:
https://infosecwriteups.com/bug-bounty-writeup-2500-reward-for-session-hijack-via-chained-attack-2a4462e01d4d

Mainly it's just writing up your experience and methodology used, it showcases your knowledge and your own methodology. Also like someone else stated, pentesting is a lot of report writing as well, so this would be a good opportunity to work on how you'd explain your findings.

thanks

Gave +1 Rep to @hybrid bison (current: #556 - 9)

this is where im at. im contemplating doing WGU for CS and then breaking into IT and working my way up to a cybersecurity role

I just feel like i wouldnt wanna switch to anything cs related over cyber

my community college allows me to get CCNA, CompTIA, and Security+

so might as well get a specialized degree

i understand that. i feel like a general degree... generally is better, no pun intended?

I mean objectively yea

thats just my personal opinion though. comp sci is a great degree

also takes longer tho WGU advertises 62% finish the cyber degree in 29 months compared to 36 for cs

i mean yea

do you have the option of transferring from a CC?

i feel like either is enough for cyber tho

im not in a cc rn

hs still

ah i see

maybe sec+ and like 2 years into your degree would be enough for an internship?

idk tho

itd be great to get my associates, get hired in an IT role, and then work on CS or Cybersecurity

since a lot of my research says cybesecurity isnt nessecarily an entry level industry

what would entry level jobs in cs be

like you, i have no interest in getting a software developer job

that seems pretty entry level. its oversatured though at an entry level

that's what i've heard

Ik a CS degree is better but i feel like the cyber one and the certs would be enough for some sort of entry level job

maybe im wrong though

had a few people tell me thats how they did it tho so idk...

devsecops is under cyber?

is comptia security+ worth anything? Especially in pentesting?

wondering how a developer can transition to

it’s relevant for entry-level roles, not specifically pentesting as you mentioned

it’s a broad overview of security fundamentals

I see devsecops as sys admins with some cybersec tasks.

Well better than nothing 🙂

true, as the Security+ pretty much satisfies most certification requirements on entry-level job postings, especially with the U.S. Department of Defense

I got no experience too in IT and no degree

What certs should I get

I recommend the CompTIA trifecta of A+, Network+, and Security+ to start, but that’s around $800 for the vouchers (assuming you pass them on the first attempt)

I was thinking of aiming for SOC analyst level 1 bc that’s probably the most entry level I can get

A CS degree can be very beneficial. A cybersec degree will be dependent on a lot of the focus and content. There are excellent and average degrees of all kinds. You should focus on your goals, but your aim should be to understand how things work in order for you to perform and benefit from the role you intend to pursue. You should definitely check what kind of content is taught on a particular degree program.

You should gain an understanding of how computers work, have knowledge of programming/software engineering/systems engineering/linux/windows/networks and software, and you should be curious about learning these things, both through the knowledge you gain from your degree and in your own curiosity exploring technologies you want to understand.

Certifications are generally seen as a necessity in a lot of roles, and many companies will help you earn the ones they adhere to for work. Other orgs will expect you to have some certs/knowledge already. Some will help you get more as you progress

I have Security+ but it seems to be useless in Europe, no one really cares about it.

I’m a developer that’s probably trying to switch. My game plan atm is to get a few certs, starting with the OSCP and then applying to lower level positions pen testing or red teaming.

Damn that’s pricey gotta study hard

I still recommend getting IT work experience while studying for those certifications as well

Learn how Windows, Linux and networks work, and know how to do junior admin tasks on these. Those skills are very useful in cybersecurity

yeah sadly we'll have to start from zero lol

but thanks for the input

Yeah they're pricey, but they're the bottom rung of the learning ladder. The basics of the profession

What about HTB certificates are they respectable?

But I don’t think being a dev makes it easier to get into infosec, it’s a totally different field.

what course/guide are you following for oscp?

define “respectable”

What roles do you have in mind? I don’t have any degrees so idk if they’ll hire me. I’m currently doing customer service at an ISP learning about networks

Yessir

Are they seen as similar, as good as OSCP?

Cuistomer service is a good start. I'd suggest continuing to learn and improve your skills. Set up a home lab, even if it's just a few VMs, or some old computers

entry-level work such as help desk, T1 support, desktop analyst, etc.

the pay isn’t good, but you have to start somewhere (or you can just meet someone who can get you into the industry)

I don't think so, from an hr pov

^

not yet anyway, pnpt maybe

giac

They're not well known yet, but they are gaining ground. You should see what certs are desirable to particular recruiters, but also consider pursuing the things you're interested in

Ok, thanks for the info.

HTB certifications are respected in the InfoSec community in the sense that HTB is a well-known organization, and their training and certifications are rigorous and thorough

the problem is that they’re new, so they don’t have HR reputation yet

PNPT wouldn't be as indepth as OSCP, so you'd still probably be expected to pursue OSCP, whether a potential employer will help with funding or not

True they are new and also their certs are way cheaper than OSCP

yea but I've seen it on a few job posts, its like the smaller cousin of oscp afaik

OSCP is extremely expensive at least in my mind.

i really dont want to do ceh, can i do ejpt for starters? or should i jump straight to oscp?

TCM's training is excellent and is really good especially at the foundations

ceh is the biggest waste on money

I was laid off so I need to pay for it myself

noice, can you recommend resources/methodology

a guide

Don't waste your time or money with eJPT. It won't teach you anything that you wouldn't learn on PNPT/OSCP/CPTS. Also, don't pursue CEH unless you're in India, or a particular employer requires it

CEH lmao

Congrats but it also means you were extremely knowelgable and experienced before taking it or really good at learning.

i was thinking htb blue cert + oscp

well balanced

my brain tends to shut down after 15 minutes of reading :/

OSCP is intended to train you from the bottom up, if you fork out for their 12 month option

But that price...

yes, I'd say that OSCP is the only cert from OffSec that really benefits from the 12 month learn one subscription

Take notes, take breaks, develop a habit, and you'll develop a method

i said ceh because a lot of hr doesnt know or care, theyll reject you if you dont match the keywords 🤷

the other certs can be easily done in 3 months

Yeah it's exorbitant. Out of reach of many people these days, but sometimes it might be an essential price of admission, unfortunately

Nice commitment. Now give me a tip how not to fall asleep after 15 minutes of studying and actually remember the stuff 😉

set a script to zap yourself

good one

Notes, revision, building up your abilities. You need to develop yourself, and put in the work. Nobody will do it for you.

Start with 5 minutes a day/one hour/two hours. Set a schedule, build the habit

My brain is the issue. I want to but it just shuts down.

It'll still be on you to train yourself. If you build a habit, you'll build resilience. And if you have ADHD, a doctor will be able to determine it and help you.

Well I may try, why not.

OSCP is expensive, but having it might get you a good job and that more than makes up for it. Start saving, learn on here for now. Don’t hit up the OS labs till you know what you’re doing.

Other certs are cheaper, but also far less prestigious.

frankly, shut down tiktok, any other instant dopamine activities for like a months and watch your brain heal, don't reward yourself before you've done a set amount of work, and follow progressive overload

it will take discipline -> ignore your feelings and body tiredness -> do what you said you will do in x amount of time

Be careful, because, even though it might be a requirement, it isn't an assurance of a job. You'll need to be able to demonstrate your ability to perform. Hence practicing plenty on THM, doing CTFs, etc, can help you improve and learn new things all the time

Oh for sure, but I’ve taken the OSCP before (didn’t pass) and I don’t think you could pass it without knowing your stuff

I definitely agree with this.

I use gaming as a reward for finishing lessons.

speaking of adhd does anyone here have adhd and a job cause i feel like the reason why im not trying harder to find one is cause i feel like i have no chance lmao o(<

You get to know your stuff by spending more time learning and hacking. It's generally recommended that you average between 2-6 hours a day, 5 days a week when studying for your OSCP. Obviously the time requirements will be higher when you need to learn more

preach

@tacit bobcat

Yeah that looked pretty sketchy

In what way? It's a linktree and I'm looking for a job...

🙄

We don't generally allow self promotion here

Looking for Security Awareness, Cybersecurity Education & Learning roles!

it is my second day learning in THM but their labs is really fun, getting started well in the new world

Likewise. I'd do X amount doing certification work, X amount on TryHackMe throughout day and evening time permitting; reward rest of evening doing what I want.

I'm a firm believer in doing small-medium chunks than doing a huge amount of hours per day, consistency to me is key rather than burn-out mode... especially with a family, etc.

Yeah, this is not my first rodeo by a long shot, including teaching myself how to code. Bite size lessons are the way to go. I think the culture of staying up at all hours trying to cram things into your brain is only useful for memorization, not developing skills.

Yeah, massively time depending. But I have 2.5 years of my job at the moment before I transition to cyber, so it's a consistent burner for me.

as a hiring manager, if I see CEH there are a lot more questions you get that you won't want/be able to answer

ask my pentester trainees, one of them has CEH and he got a more difficult questions than the other SOC candidates, because I wanted to be sure he understood he would not be doing pentest for a long while. We hired that candidate because of other stuff, but his interview was definitely a lot harder because of correcting wrong and bad info from CEH

what certs/and else do you require of a guy coming into cybersec from web dev?

Unless the role specifically requires CEH, it's a pass

We don't require any certs. Just good knowledge and practical projects and work experiences to support that knowledge.

"Into security" is also a bit inaccurate, because I would evaluate a candidate with a web dev background differently than a junior network engineer, even if both are applying to a SOC role

but oscp is a good package to get all that under your belt?

OSCP is not a thing you should pay out of pocket for

I'm fairly senior, and my personal limit for out of pocket for personal interest certs is $600.

IMO the primary reason to get a cert is business requires you to do so

If you're a webdev, start looking at how the devsecops and pipelines actually function, and start asking questions about what tools are being used to perform security functions within the pipeline. Also start talking to your QA about what the "shift left" is about and how you as a dev can support that

@flat sedge What path would you recommend for dev -> red teaming

The renewal, while annoying, provides some level of confirmation that you're staying current with the material.

Certifications that don't expire or don't have some mechanism of ensuring that you are staying up to date aren't worth it, for you or the employer.

OSCP was the exception, but that has a renewal now

Yes, but you'll have to repeat the exam, or do another of their certs within 3 years (or gain CPE points through other training courses and verifiable criteria). At least one of their new certs only has a 3 year lifetime before renewal (no + edition, no permanence)

First, transition to a security role. Pentest is not entry level to security, and red team is not entry level to pentest.

Another thing you can do that is close to your current skillset is bug bounty. It's a good way to demonstrate competency in the domain although it's usually not reliable enough to make a living on.

👍

Been looking for SOC opportunities in my country, there are currently zero but there was one that got my interest, it's a Security Analyst role which uses stuff I already learned at THM from the SOC L1 path and I received feedback from them today telling me that they would contact me further regarding my application as they have reviewed it

Good luck buddy 🙂

It's going to be tough if I get the position since I've never done it in a working environment but I hope they give me a chance to prove myself and that I can adapt within 2-3 months of practice

What types of things have you been practicing?

Practicing maybe malware analysis but that isn't part of SOC L1, on the other hand studying Splunk currently

No Starch press Practical Malware Analysis is a great book to start with

Our shop is a rapid7, crowdstrike, defender SOC, I would suggest getting familiar with the popular tool sets, making reports, threat hunting, etc

also, would be good to get to know defender for cloud, AWS security tools, etc

I would suggest the THM SOC labs, and also things like AttackIQ's cert courses (free) on Mitre https://www.academy.attackiq.com/

@wheat quarry I am on the way to complete the SOC L1 one, I've been suggested before about the things you've mentioned, though the position I'll be in, I won't use those tools as it's not exactly a SOC position, as for the SOC labs, those I will do later once I finish the SOC L1 path

What is the position you will be doing entail?

sorry if I missed it and you already said

one thing I wish my SecOp Analysts knew was Probability and Statistics, or basic machine learning techniques 🙂

Setting up a couple of VMs with something like Wazuh is great home-lab practice as well

Indeed, a full Wazuh lab is great on the resume and experience

IMO ML is 45% misunderstood, 45% mis-applied, and 10% used appropraitely

especially LLM

for sure, business has no idea what AI is

there's a tendency of humans to think of the ML outputs as being largely reliable, and for certain classification use cases that is true.... but the general application is usually more costly than doing whatever the work is using traditional automation

we're doing a lot of a real ML work in the SOAR space and it's awesome, that's why I bring up getting a basic understanding at least 😄

lies, damned lies, and statistics

3blue1brown has some great videos on what AI is and how it works

indeed he does

love his visuals

yeah, AI is great for statistical applications. For anything else? Super questionable at best

yeah we're working on RAG on internal local fine tuned LLM's and, it's interesting to say the least

first run-in with AI/ML, the very first step is to understand computational statistics methods first. Using something like R or numpy

I still wouldn't trust RAG not to hallucinate

still need a domain expert to review outputs

finding those is harder than it sounds

you need a data analyst / socialogist 😄

Yep

Which is why I think it's a waste of time for 99% of orgs who want to use AI/ML and LLMs as a silver bullet

agreed

at least for how most people are using it

we're not using LLM's so much as ML

same technique, honestly

and it's mostly computer vision, or unorxidox uses

mathematically yes all the same

at least if you are using the most modern CNN and VNN techniques and algorithms

i'm not as familiar with other ML processes, peak AI to me is still A*

my work is mainly in GIS, LIDAR and FLIR

I have some grad school experiences with LIDAR and FLIR, but not a tone

ton

I wrote some code to process lidar information, but that was so long ago, I have largely forgotten it

Right on! I don't run into many people that know that space

it's difficult to break into that space

it's so niche, and if you don't learn on the 'right' hardware, you get frozen out

my university had us learn a SBC called XMOS. It's pretty cool tech, but the hardcore engineering crowd looks down on it

I'm in digital security at the core, but app sec puts me into some cool projects in my industry

and when I was wrapping up that project, XMOS moved from general RTOS-like to audio specific

which didn't help me at all

Hello,
Is it possible for foreign IT Bachelor students to find internship opportunities abroad?,
What challenges might foreign students face?

depending on which country you are thinking about.

in the U.S., definitely Visa sponsorship

for example if you are a foreign student trying to come to canada, it is going to become increasingly difficult

Central Asia

I can't talk about central asia sorry

which countries are you looking to find internships in?

that should, at least, narrow down the people who can chime in

US, UK or Canada

I thought you said you want to do an internship in central asia

or do you mean you are coming FROM central asia?

most likely that

Actually, I’m considering doing an internship in the US, UK, or Canada, as I think those countries offer more opportunities in my field.

Well if your looking into Canada, I would be pretty hesitant. Others can chime in but as a CS student who's a citizen here, its extremely difficult to find a job right now. Mainly because 1) Canada isn't super forward when it comes to tech and 2) the influx of immigration has recently flooded the market. The government is about to go conservitive in the following election (next year) and they are going to cut off immigration for a while. On a secondary note, Canada is extremly expensive to live in now, as well as you may face some discrimination since the Canadian population has a very negative view on immigrants right now

I am actually thinking of moving to a differnt country after I finish my degree because of the job market. So I would be VERY hesitant coming here

I understand the challenges you're mentioning, especially around job competition and living costs. I’m still researching options, but I’ll definitely take those factors into consideration. I’m also looking into other countries like the US and UK, where there may be more opportunities in tech. I appreciate any further ideas or advice

hey guys , need some career advice here, im almost done with my degree in computer engineering , so i have have some knowledge about different computer architectures and how they work + have done some projects in them and have been interested in embedded systems and how to secure them but i heard that the job market for embedded systems isnt that good or there arent many job openings in that field unlike in cyber , should i look for something in cyber related to my field, im really passionate about cyber security too and the political and legal aspects of it , should i forget about embedded just take it as a hobby? cuz most of the time its more research based work rather than something operational like cyber sec , what do y'all think , need some advice because i have a year left to pick something , then next year im gonna be in the military for another whole year " mandatory conscription not by choice" but then if i have a certain skill in one of those fields i can gain experience in the military which will be good , but if i dont have a good skill my fate wouldn't be that good and i could be transferred in a remote area or something where the most technical thing they do is use the radio xD what are yall thoughts + advice thanks in advance.

I'm only a shallow hobbyist in the cybersecurity field so I cannot make a comparison, but at least where I'm from (middle of europe), embedded is definitely not an area with a bad job market (if you're talking about Firmware development etc.).
Embedded developers need to not only be able to do the microchip programming, but also understand the hardware, and be able to quickly find the relevant bits in a datasheet with 200+ pages of some IC and how that relates to the code you're trying to write. It's a harder skillset to aquire on your own because it requires hardware, not just an internet connection.

As an example from two recent job postings of the company I work in, one for a frontend dev and one for a firmware dev: We got tons of applications for the frontend dev and did not have time to invite everyone for an interview who seemed competent/fitting on the CV, but the applicants for the firmware job were extremely meagre...

It's probably true that there are less embedded jobs in total compared to most other software areas, but the competition seems to be much less fierce. But like I said, I cannot speak for cyber, and perhaps it differs based on region

Hi room, please what’s the level of python, JS, and SQL language understanding does one have to learn before going into cybersecurity especially the SOC Or Penetration Testing path?

INTERMEDIATE OR ADVANCED?

Pentesting, Intermediate or better, SOC, not really, you'll need KQL more than SQL

depends on the role and the organization

with the team I’m on, SOC Analysts use Splunk’s Search Processing Language (SPL) more than anything

what do you mean exactly by not reliable enough to make a living on?

There is no guarantee you will find a bug, a bug that pays well, or get a payout at all. You can put work in, but not see any results/rewards

How hard is it? Like I can actually put a week of effort in tryna finding a bug and I won't be able to find one that pays a hundred dollars?

You are competing against many other people. If someone finds a bug you found and submits it before you.. then you are out of luck. It’s best to be very knowledgeable or have a niche that gives you a competitive edge against others

Yes it’s hard

If you are very keen on doing this. I would suggest looking for easier ones. They have a rating system on bugcrowd. Good luck

That is correct, nothing is guaranteed

Oh man. YT makes it sounds easy lol

I will take a look.

it can't hurt to try, right? I mean it even if I didn't make money, I can gain experience out of this. Right?

Okay! Thank you!

Gave +1 Rep to @fierce acorn (current: #414 - 13)

For sure bro, you’ll gain experience doing this. Just follow the scope to a tea

ok i'll give it a shot, thanks

Gave +1 Rep to @merry axle (current: #2372 - 1)

thank you too

No problem 😎

I’m currently reading books on the comptia certs will these be a good start for a pen testing/bug bounty kind of style? Any other ideas or recommendations as to some other things I should learn or do to get better? For experience I’m pretty much beginner just establishing a learning path.

You can also check out this THM path if you're interested in Comptia certs 😄

https://tryhackme.com/r/path/outline/pentestplus

Ty I will check it out

Gave +1 Rep to @keen tundra (current: #17 - 479)

If you're just starting out, you can go to #start-here. If you want want to make it a career, do you have a degree or prior professional experience in the computer industry? Do you have any professional experience, ie have you been employed at all?

No I was planning on getting these certs people have been saying these hold more weight than a degree

Not sure where you got that information from, but that isn't true

Certifications are used to quantify professional experience. Certifications without experience will not assist you. That being said, a degree with Security+ can be enough to get into cybersecurity.

Security+ is really the only certification that I would recommend paying for yourself

Well I was planning on getting experience on my own along with the certs learning programming and completing ctfs and labs

Is your current field STEM?

I see you edited your message

None of that is professional experience

No I miss typed I meant use the books on the certs first to learn the basics then while learning that learn coding. And then practice sim labs along the way

But it’s real world experience is all the hiring managers seek is a degree and certs?

Well I guess it’s more simulated experience*

It's not real world experience and would not count towards experience requirements/professional experience

You could put that stuff under projects or extracurriculars on the resume

So you need college then you can’t just prove it through like def con and ctf?

Experience or a degree, if you don't want to or can't go through a degree, IT Helpdesk is a common starting job looking for those to build experience

You also need to qualify for things like Defcon, it's extremely competitive

Well thinking about it here’s my situation I am doing business all self taught but I’ve always been passionate about computers. I guess my plan was to just get good at hacking and do like bug bounties ctfs for fun and just try to get good at that then combine them in the end. With that in mind what would you recommend I do?

See above. if you're not going to do a degree, you need to build experience, ie with Helpdesk

Outside of trying to get experience to get hired. What would you recommend for learning ethical hacking and how to do it effectively?

#start-here

Ty

Gave +1 Rep to @stoic cave (current: #18 - 477)

Again, this is for fun

Have you seen the Learning Roadmap on:
https://tryhackme.com/r/hacktivities

Ahh great thank you for the insight i appreciate it 🙏

Gave +1 Rep to @lone tide (current: #2373 - 1)

Hi! I hope this is the right channel for this question. I'm a unistudent looking to complete my bachelor relating to cyber security next semester and I'm browsing for ideas. Are there any new reports/research that has been published that you would recommend someone looking into?

I want to choose hacking field any guidance where to start

man nmap

You should go to #start-here

i am planning to take an entry level exam.

Hello!! I'm pretty new here, but I've been doing THM for a few weeks and completed the Pre Security and Introduction to Cyber Security learning paths. After doing these paths and learning about the different careers in cybersecurity, I really like digital forensics. With this in mind, what should I do next? Also, is there anyone who is currently doing digital forensics or anything like it, and how do you like it?

Damn you're fast, within a few weeks you managed to complete both paths?

Well, I probably should have said a month because I started Oct 18th. But yes I did finish them.

When I finish my schoolwork that's mainly what I spend my time doing.

Same here, I usually come home from high school and spend my time doing THM mostly, recently it has been slower as I had CAE C1 Advanced examination

A month sounds more reasonable though, I started at Nov 21. or smthing like that, and I've finished presec and working on cybersec 101 myself

I recommend scrolling up and looking at the careers people have posted though, definitely someone in digital forensics up there

Thank you!!! Also good luck on the exam!

Gave +1 Rep to @vagrant cargo (current: #720 - 6)

How do you like cybersec 101?

I enjoy it quite thoroughly actually, I completed Google Cybersecurity Certificate before it and learned a lot of core fundamentals and now love the hands on experience I'm getting from THM.

Oh wow that's great! What other certs do you have?

I have some simple ones from CodeCademy, which are just simple foundations of ethical hacking and cybersecurity core fundamentals, I don't really have any important ones, but I'm only in high school so I think it's good for now.

I've thought about going for Sec+ or Network+, but I don't have the resources or time to study currently.

I think this is the wrong chat to discuss this though :D, maybe we should go to another.

Hi guys! Currently an IT Assistant. This is my first job, just contractual, 6 months. I would like to land a cybersecurity position someday. Should I take sec+ now and start looking for a new job? Or renew and complete a 1 year experience from my company, and just take Net+ for now?

Depends 🙂 . If you want to change careers and move into cyber security than go for Sec+ , if you like on your job and want to pursue a network/sys admin career go for Net+ 😄 .

Hi guys im new here at this forum and i have some questions regarding carrer and opportunites. I have worked with IT almost 30 years , started young and it was my hobby growing up as kid. I have worked in different roles from support, processes, it-architect, it-manager and so on. During the last 10 year i have been involvded and managed securityproject/audits and handson security. With this background i try climb in more in I-security but dont have any formal education/certificate and son on? I have looked at Google Cybersecurity Certificate but i hesitate taking it via Coursera if its to basic? I say this with humblness but i want to proceed and do the right things though my time is limitied with familylife and work... Please help me out 🙂 Tryhack is a lovely forum and learning 🙂

Coursea courses can get you some knowledge but they don't really have any value on the job market 🙂

I started out my carrier with google cybersecurity certificate now I moved to thm and htb

i would like to shift to cybersec asap soo i guess sec+ 😄

Than yes, go for Sec+ or Pentest+ 😄

cuz i was thinking before that i must take ccna/net+ before shiftin to cybersec but i guess i just need to take courses regarding networks to gain fundamentals so that i can tackle the sec+ easier

CCNA/Net+ are geared towards networking 🙂

soo i dont necessarily need it. got ittt

thanks man

No , you don't . Although they have some overlapping material with Sec+ , some networking knowledge is still required for cyber security 😄

i previously passed isc2 cc, have you taken that one?

and how far is it from sec+

in terms of difficulty

i plan on taking sec+ in a few months

No , I haven't 🙂

You have a great path on THM geared towards people who want to pursue Comptia certs. Although it's geared particularly towards Pentest+ there's still a lot of overlapping material between the two 🙂 .

https://tryhackme.com/r/path/outline/pentestplus

Also check out Professor Messer on YouTube 😄

https://www.youtube.com/watch?v=KiEptGbnEBc&list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv&pp=iAQB

Hi everyone
I want to choose a career in ethical hacking any advice for me

I have done alot learning here at THM and find it very helpful but hard sometimes. Been away from technical stuff som yeas

Why dont they have a value?

Why did you continue to HTB?

Check out this article and see what best suits you 😄

https://tryhackme.com/r/room/careersincyber

Because they're free,easy and you don't need to pass protcotred exam to obtain it 🙂

Actually I kinda do both tryhackme and hackthebox as both platform provide practical experience

Does anyone do Bug bounty on HackerOne? I need some help starting in it

You can check out the #bug-bounty channel to discuss the best ways to engage in such activities

As i assume... 😦

thm 🤝 htb

Isnt it HTB 250 $ very expensive compared to tryhackme? Or is it another type of site?

chat, why is it so difficult to get an internship, i have 2 priors at a global tech company and a government organization

and its like every company is just denying me, i could score super well on all of their tests yet still be denied

what should i do and like im broke!! /hj

thoughts on positing potential job opportunities in one of the channels?

with specific learning paths that would assist in the passing of the certification, as well is potential internship opportunities. There could be an admin controller of this page to ensure validity of opportunity.

You can check out some job opportunities in this channel 🙂

https://discord.com/channels/521382216299839518/775144008853749770

How useful do you guys think a honeypot will be for my portfolio, and what should I even do with it once I have it running. I've seen it here and there on the internet as good projects to have.

Google what a honeypot does and what information you can gain from having one.

Are you in school?

We have a jobs channel, KGB posted it. Posters are vetted. Also, if you're talking about THM when you mention certifications, THM does not provide certifications.

Certificates != Certifications

Pentest+ is an entry level?

What do you mean by entry level 🙂 ?

I mean entry level certification?

To get first cyber security job?

yeah

It is good for that purpose 🙂

What about taking both security+ and pentest+ ? Is it a good choice?
I'm sorry I'm asking so many questions 🙏

If you think that you can do it , why not 😄 ?

PenTest+ won’t get you far if you don’t have prior work experience in security, and frankly, the certification is decent because it satisfies U.S. DoD 8140 requirements, if you live in the U.S.

other than that, you will learn much more hands-on skills for penetration testing with an eJPT or PJPT

PenTest+ does go into business requirements and reporting though, unlike the other certifications I’ve mentioned

Thank you i will be back with others questions 😅

Gave +1 Rep to @fierce acorn (current: #382 - 14)

I would recommend either CPTS by HTB or OSCP by OffSec instead of those.

Keep in mind that certifications should be paid for by the employer. There are cases where you can buy the certification and course by yourself but the reasons are few and far between.

Oh ohk thanks

anyone from ireland im looking for a fresher job in cyber

Take a look at job board 😄 https://discord.com/channels/521382216299839518/775144008853749770

thank you

Gave +1 Rep to @keen tundra (current: #16 - 523)

I'm not in Ireland, but you can look into Expel. I applied there last year and I remember hearing an announcement that they're expanding their operations into Ireland. MDR/SOC type work I believe. They were friendly to candidates newer in the field and have good ratings from employees, but at the time I applied they were starting to look for slightly more experienced people so idk if the jump is as easy

Hi everyone!

I’m a nurse transitioning into cybersecurity and currently learning with resources like TryHackMe, Codecademy (Python & Linux), and Professor Messer (Security+ prep). I don’t have a degree in this field, so I’m focused on building a strong skill showcase.
What’s the best way to demonstrate my skills to employers, and are there specific job titles or paths I should aim for as a beginner? am i using good resources?

Your resources are great for beginning 🙂

Thank you! Do you have any tips on how I can showcase my skills effectively to stand out, like specific types of projects or ways to structure my portfolio? Also, do you think focusing on TryHackMe and Security+ is enough for landing a junior role, or should I add something else?

Gave +1 Rep to @keen tundra (current: #16 - 526)

Sec+ is an industry standard certificate , it should be good for starting 😄 . THM has a plenty of beginner friendly material for free 🙂

Thank you! That’s great to hear. I’ll keep pushing with TryHackMe and preparing for Security+. Do you think creating a GitHub portfolio or documenting my progress with small projects (like scripts or labs) would help when applying for job?

Yes definitely 😄 . Good luck on your journey 🙂

Thank you so much! 😊 I appreciate the advice and encouragement.

Gave +1 Rep to @keen tundra (current: #16 - 527)

You have a degree though, yes? I don't have direct experience with transitioning fields, but you may be taking a paycut when you transition. You'll need to look at your finances to determine if that's feasible or not.

As a sometimes hiring manager, having a degree of any type will get you past HR, you will need some experience regardless or training you can show, but having a degree will help get you to the hiring manager and past the HR blackhole

That's why I was asking, degrees are typically required due to contract requirements

indeed, I was piggy backing the degree in transition part 🙂

Yes, I have a nursing degree, but I’m prepared for the possibility of a pay cut as I transition into cybersecurity. I see it as an investment in a career I’m passionate about.

Depending on the sub field you go into it may not. Do you have experience with HIPAA and the medical applications in use in the field?

I’m familiar with HIPAA as it’s part of my nursing background

So, with a degree and no prior experience, with a little study you could do well pay wise in GRC

There are also a few niche certs like ISC2's HCISPP that are management level, healthcare related digital security certs

However, I’m not necessarily aiming for healthcare cybersecurity specifically—I’m exploring different cybersecurity subfields to see what fits best. Do you think my background would limit me to healthcare, or could it also help in broader roles like SOC analyst or penetration testing?

Gotcha

No no, it's not a limit, I'm just a fan of using your pre-existing knowledge base

I see

Are you looking to get working sooner than later in digital security?

Yes, I’m aiming to get into digital security as soon as possible, but I want to make sure I’m building a solid foundation first. I’m focusing on gaining practical experience through platforms like TryHackMe and building up my skills in Python, Linux, and cybersecurity fundamentals. I want to ensure I’m well-prepared for a junior role, even if it takes a bit of time.

Do you have any industry certs yet?

I don’t have any industry certifications yet

OK, so aside from starting with the cyber 101 path in THM, I would suggest getting the Comptia's Security+ or ISC2's CC

Thanks for the suggestion! I’m definitely planning to start with the CompTIA Security+ certification. I’ve heard it’s a great foundation for beginners. I’ll look into ISC2’s CC as well.

Gave +1 Rep to @wheat quarry (current: #822 - 5)

It is and it will get you past HR on the cyber security front

they usually want a degree and an industry cert

Don't discount your softskills either, I'm sure you picked up in nursing work

sometimes it can be hard to describe those on a resume'

i just saw this, and was just wondering if its possible to break into a cybersec role without a degree? im working on Security+ and Pentest+ .

Absolutely

In fact I have no degree (high school drop out)

depending on what you want to do will direct your learning/cert path

without a degree it helps to have multiple certs, and some exerience, even if it's home labs

It’s reassuring to know that Security+ can help me clear HR barriers

to be honest im not sure as i have more of a web dev and IT support background. i started a Pentest course a couple weeks back

Yeah that's one of the most frustrating parts of finding work, you have to get past HR who is just looking at a checklist of stuff from the hiring manager, they have no IT understanding

No that's great. Web Dev leads nicely into web app pentesting

if you write API's and React front ends it's easier to tear apart others 😄

Thats reassuring, Thank you soo much 🙌

Gave +1 Rep to @wheat quarry (current: #720 - 6)

No worries, I'm an app sec manager, and I started as a PHP API developer in the way back

I’ve always been into computers and tech from a young age, but for various reasons, I ended up choosing nursing, which I now find frustrating and unfulfilling.

whats a basic workflow as an app sec manager if you dont mind me asking?

like what's my day to day?

yep

what sort of task do you find yourself doing on a regular basis?

Oh sure. So like today: check defender for cloud for alerts, check secure scores over time work books (all in azure), SAML integration with SaaS HRIS system, review of 3 repos source (2 api's and 1 iOS app) for security review before push to markets, and check with SecOps and Engineering to see if they need any help with the automation tasks I gave them last week including automating the gathering of data for vuln management and the reporting visualization to PowerBI

sound fun 😆

that's the boring day to day

there are fun days where I break into buildings with cardboard to prove a point

but that's not often

Have you done the comTIA Sec+ exam ?

🤣

From Comptia I have... A+. Net+, Sec+, CySA, and the stacking

literally working on CISSP/CCSP study between chatting in here

ive got access to the Cermaster Labs and practice exams for A+ N+ and Sec+, is there anything else i could use to prep be for the Sec+ exams. Ive noticed some of the braindumps online of example questions are limited and most of the time wrong😫

I was wondering if I could DM you occasionally when I need guidance or help with any topics? I’d really appreciate any advice as I go along.

Yes and that's standing to anyone in here, you may DM me

Thank you all for respecting the rules, particularly rule 8, I do appreciate that

For Comptia, I used Mike Meyers (educator not mass murderer) and Jason Dion's courses on Udemy, for all my comptia prep, although I do see there is a PenTest+ path in THM

Thank you so much for your help and advice

Gave +1 Rep to @wheat quarry (current: #651 - 7)

awesome ill look them up. I've been struggling with the Sec+ content in all honesty. Realy appreciate you taking the time to answer these questions

Any time, I found the Dion courses, but particularly the practice tests for the comptia certs was very helpful, that and using quizlet (app/website) for flashcards and quiz training

Thanks for that, perfect timing as well as Udemy are doing the courses for 11.99👍

Gave +1 Rep to @wheat quarry (current: #598 - 8)

😄 They are kinda like steam, they have a sale every other week, keep a good wish list

I have like 300+ courses purchased and like 50 on my wishlist

I never used them before I've always used Corsera but I'm definitely going to give this a go 🫡

similar idea

but, do just blindly buy a course

Wow, how do you manage your time to do all these things?

anyone can make them, and materials vary ... that's why I called Jason D out by name

ADHD and Coffee

.....

😂

I have a learning disorder ... I can't stop

if there's a book near by ... imma gonna read it

wow i wish i had that disorder

i also have a learning disorder, i cant start

man, thats sooo cool

That can be tough, especially with dry material

..... CISSP being one of those

so I use my ADD super power to take 20 to 30 min game and/or chore breaks

just as it gets boring and I know I'm not remembering anything I'll 'take a jog' mentally or literally

second, if you have ADD you have to gamify everything you do ... or you won't do anything

is the CISSP worth perusing or is it more a senior staff role?

it's always worth pursuing, but yes it's a management level cert and it's dry and boring

wanna hear about asset classification? ....

we can use the Bell-Lapadula model

....yawn

oh gosh if its anything like what we had to do for GDPR when we had to classify person information and stuff then ill put that off for a bit 💀

GDPR covers a very small section, but yeah that's the idea

Sec+ is kinda dry but it's foundational

CySA is tools focused for blue team, and PenTest is the same for red

CASP is their 'management' level cert

CySA and PenTest were the most fun

in the comptia lineup

did you get the Pentst+ cert?

haven't taken the test yet, read the book and did the udemy course

work would prefer I get my ISC2 certs

why ISC2 over pentest?

i mean comptia

...cause I'm a manager now blah blah blah

🤣

I've been an operator for a long time, this is my second manager position and I'm having trouble letting go of bash

how many years of experience did you have before you got your 1st management role?

20 but I wasn't aiming at being a manager

Oh my

When I started my way into cyber Julian was only know for having written a little IP scanner app called strobe

did you have to get secury vetting and background checks?

Yes, I've worked at national labs

PNNL, Palo, and Brook

ahh that makes sense i suppose

just out of curiosity, did you follow the formal education route in cybersecurity, or was your path more self taught and experience based?

No, not at all

high school drop out

autodidact

I started as a network cable installer for an ISP

in professional IT

in cyber I would have to say when I learned GW Basic and then later my first 9600bps modem, that soundly put me into digital 'security'

That's really inspiring to hear

to be fair, "better lucky than good" and I'm def lucky

I've been presented with some awesome opportunities

Luck is definitely important, but it sounds like you’ve also worked really hard to take advantage of those opportunities when they came your way

I keep a folder of old project work and notes, and was looking through it the other night ... OH I remember that, hey Yoda do you remember such and such project? .... oh dude..barely

It wasn't easy, there is no easy route, much like any work you will need to put in the grind

The trick is to find what you like in digital security, learn it, use it, and find work that's balances the best of keeping up in the field you love and using it practically

u right

*** Delete if not allowed***

I’m switching careers from strength and conditioning coach to cyber security. I am enrolling in tryhackmes stuff and I am pumped!! My buddy who is a blue team dude said Cisco has great free resources as well. He loves tryhackme as well. That’s how I found out about this place! With the combination of these 2 information hubs at my disposal should this be enough to get my feet wet and find a job after about 6-9mo of studying and getting certs from both places?

I was recommending certifications for entry-level folk

It's possible in that short of a period. I would suggest making sure you have an industry level certification, a degree OR IT/IS experience

What would be a good place to look at for starters in the industry level cert? Would Tryhackme or cisco help with that part of it?

To get past HR most places want you to have either/or a comptia or ISC2 cert, Sec+, CySA/PenTest+, or CC.

Sec+ minimum

And you can use sites like Udemy to get courses if you're a visual learner, or amazon has good books on the certs

Prefessor Messer on youtube has most comptia stuff for free

and then when I am ready I buy the test and take it?

you buy a 'voucher' to test

you they usually last a year

there are lots of places to get discount codes for anywhere from 10-25% off your voucher

and then I take the course and pass it like any normal certification? I am thinking of a license in my field takes about 6-12 months to study and then you take the test and pass to get your license. Then you take CEU's to maintain it. Is this pretty similar in the cybersecurity world?

Most certs don't have a required course, some have required experience

you study the material, at your pace, or you can take a course, most your pace still, then you test when you're ready

okay cool! So comptia etc are the same thing ?

Comptia don't usually have requirements

ISC2 sometimes do

If you are a student buy your test voucher through their academy page for cheap

and when getting into the field you have to get past HR and the hiring manager so there's things you'll need for both

Great point, you can also get discounts with your courses on say like udemy

https://academic-store.comptia.org/certification-vouchers/c/11332?facetValueFilter=tenant~user-type:individual&

Their academy page if you’re a student

Okay. Just so i am understanding. As I am navigating switching careers... I would need to get an industry standard cert. Comptia is one of the certs some HR places would accept? So If i go through that course and pass it That atleast at a bare minimum gets me in to interview potentially? And then I would keep educating myself on a more specific area for eg. "pen testing" to further niche down as I go through the career? Did I get the jist of it? Sorry, My whole career has been around training athletes haha

Yes that's a great place to start

as always, I recommend looking at job postings in the region/market you're interested in to find in-demand certifications

great thought

however, you can never go wrong with a Security+, although keep in mind it's mostly theoretical in nature than hands-on/practical

the Security+ is the entry-level certification for baseline security knowledge, so it's a good starter point

CompTIA certs are highly regarded in the IT world

If you’re new some suggest to take A+ then Network+ then Sec+

^ which is what I did and recommend for others, if they can afford it

if you're not a student, the vouchers combined cost over $1000

That stuff gets expensive lol

and that's assuming you pass the exams on the first attempt

luckily, I'm a student, so I took my A+, Network+, Security+, and CySA+ for around $800 lol

but others are past their student years

yeah that's about what I paid

and then you have to keep the credits up 😄

yeah, it's annoying, but I'll probably just spam Udemy/PluralSight courses

until I get my CISSP, which renews all of my CompTIA certifications

😄 that's what I've been doing, up till the CISSP, that's dry no matter how you approach it

then I just have to worry about a single certification instead of multiple

CISSP/CCSP are next up for me

but CompTIA allows you to renew your "highest-level" certification to renew the rest

so my "highest-level" certification rn is the CySA+

indeed

Same in the comptia line, was going for pentest but work diverted me

I'm going for PenTest+ rn strictly for WGU's transfer credit lol

Nice another Owl

Not too bad at all. My last license CEU was 4,500 lol

that's worse than Cisco's CEU requirement costs lol

CCIE was expensive!

CCNP wasn't too bad

yeah, the costs associated with a CCNP and below aren't bad, considering the ROI for them

I miss working on the 6509's

Well my CEUs are 20 hours every 2 years. I took another license which checked the boxes and gave me another few letters which it all is a scam imo but I do learn some new things here and there.

that's how I feel in the cert industry

But I heard this world is pretty similar to my old career I was in.

yup

So im used to it

very similar

"alphabet soup" is what the InfoSec community calls it

especially for OffSec certs

OSCP, OSWA, OSWE, OSCE, OSDA lol

and they have certs for every little sub category

SANS/GIAC certs too

Yup. Exactly like my current worl;d

Funny not funny 😄 welcome to the party pal

you have a leg up, you know the drill on how to study, cram, test, repeat

GCFE, GCFA, GCNA, GCTI, GOSI, GSOC, GCIH, GBFA, etc.

Okay I'll start around the beginner route for awhjile and navigate ciscos stuff and tryhackmes stuff thats free and subscribe to tryhackme. Then i will start moving toward either the Comptia or the route thats a little more pricy but more beginner friendly. I appreciate the help you guys.

That's a plan!

anytime, that's why we hang out here

Yessir!