#cyber-and-careers

I think i can balance the both

Thats fair. Why does your degree only have letures at the weekend?

Aye, I'm just trying to get the whole situation straight in my mind 🙂

Im doing a cybersecurity and digital forensic degree so they provide week day schedule’s and week end schedules i chosen week end its a private university

Ok, I see. so similar to what Zumi mentioned.

Thats cool.

If u want i can share the website link of my university

Ok..so if you do find a job, You'll need to to be local, as you won't be able to move away

No need for that 🙂

There won't be cases like you will be completely not working. There will be cases from both internal and customers. So mostly you will be engaged with something. Still it depends on the organization you are working

So, at the moment, Alkalka, What do you do during the weekdays?

(If my questions are too invasive, just let me know)

I doing the university assignment and projects all the things related to that

Ok. How much time does that take up?

It depends on the work

what i'm getting at - At the moment, if your uni course is lectures all weekend, then all days are doing work on it, Will you have time for that when you are working 8 hours a day aswell?

Got it bro. Still I do have to pay the same big fee more or less approximate to the cert everytime I wanna do the renewal ryt?

So should I think about cert only on my switch or doing now itself is a good option?

If the concern is solely money, then it's not really needed that you get a job in cybersecurity. It might help in the future, but being able to afford to finish the degree is probably more important

What is ur advice for me do in wrong

I don't think you are doing anything wrong 🙂

For Comptia, no it's like 150 bucks iirc. plus you can also do their other certs to renew them as well.

for students*

However - Look at what your current time commitments are.

Then work out realistically how much time you'd be able to spend working. Remember, your uni workload will change throughout the year

https://www.comptia.org/continuing-education/learn/ce-program-fees

Okey thank you for ur words 😊

Gave +1 Rep to @olive orbit (current: #19 - 470)

oh CE Fees

It's pretty umcommon to find part-time work in cybersec. Less uncommon (but still kinda rare) to find part-time IT roles. Retail/hospitality/warehouse work are more likely to be flexible enough.

Last thing you'd want to to is to start a sweet cyber gig, to then be forced to quit in a few months time when you need to focus more on your dissertation

In my country there are least amount of jobs in cybersecurity so i have hopes to move to another country after i graduated

Thats cool. If there are few cyber jobs where you are, it will be less likely that you'd actually get one until you finish your degree.

If I was an employer, I would ask myself 'Is it worth me taking on this person who will just leave as soon as they are qualified?'

(Which will be in less than a year)

Is there any online platforms that i can work

Do u mean by leaving the country

I mean by leaving the company for any reason

Are working in a company

Could do a blog with your cybersecurity career progress and maybe earn something from that? It worked for me 🤷‍♂️

As for remote work - That can be tr4icky to get even for fully qualified people, although not impossible. An employer would want to be confident that you can do the job remotely, as they'd be unable to see you actually work

Alkalka - I'll clarify. Right now you are in Uni. As an employer, I pretty much KNOW that someone who is in Uni will leave the company when they graduate. Either to find hiyer pay, more interesting work, something more relevant... Regardless of where they go, they will leave my company.

If I have a similarly qualified person whos NOT in uni, the chances that they stay longer than a year are increased, in my mind.

Ur correct one of my friends also leaved the company after he graduated

Exactly. it's just how the world works. And employers know that.

So finding some other work - Working in a shop or something - The employer might be aware of you leaving in a year, but it's ok. You'll take a week to train, and when you leave it's easier to get someone to replace you.

You get your money, finish your degree, and all is good with the world

Ur correct now i can understand why in not getting a job in this field now

Thank you for your advices

Gave +1 Rep to @olive orbit (current: #19 - 471)

Anytime 🙂

I can see that theres a little bit of panic, but don't worry.

I mean, should be easy to get some seasonal work at the moment though

Can i ask u a question

Of course.

Are u work or u owned a company in this field how do u get experience when u at this time where im now

Well, I don't anymore - I work for my family business, but I did work in Forensics many years ago

As for experience.. i didn't have any, and I applied for a Graduate job

I'm at work sorry and haven't read since I last posted, so I'm missing a lot of context, but work on getting security+ before you graduate

Of course. Doing moose-stuff 😄

A degree and security+ can get you past a lot of filters

standard caveat - In india, you'll probably need a CEH aswell

Okey 😊

I thought id do CEH not security + is it ok

Only do CEH if you NEED it.

sec+ is a good shout, as moose/did you google says. He'll know more about certs than me, so go by his words for that

CEH is generally... not respected in a lot of places, however some places (Like india as mentioned) require it to pass the HR filter

Do u all friends

Im targeting in Australia

By HR filter I mean - If a security manager wants a junior analyst or something, they'd ask HR. HR don't know about certs, so get a list of 'Needs' from the security manager. for some reason, in India, they put CEH on there. so many jobs might reject you at the first hurdle simply for not ticking that box

Ok.. so.. Pop onto an australian job site, and look for the jobs you want. and see what they require. compare them, and you'll have a few common certs/themes

The CompTIA certs are well known, so are usually a decent shout

Okey, is it ok to not to do the security + and do the pentest +

Depends on the job you want.

@stoic cave Might be a better one to give guidance on that

He is not there i think he is busy

He'll see the ping when he gets a moment 😄

jobs and certs etc.. same as hacking. Enumerate - Get as much info as you can

Is he a ethical hacker or cybersecurity specialist

Pff. No idea. But he knows more about this specific stuff than I do.

Okey, i really spends most of the time learning from this platform tryhackme

jobs and stuff as a whole, I can help. The specifics... Not as much, I've not been in the industry for a while 😄

Ok i got the answer for my question from u what is the reason that im not getting a job thank you for that 😊

Gave +1 Rep to @olive orbit (current: #19 - 472)

By all means get a job if you need the money - Just might be tricky to have a full time professional job around Uni

Okay

Im now focusing on pentesting side and analyst side

Is it ok to do the pentest plus for that

Security+ is the baseline cybersecurity certification and the only certification I would recommend someone paying for themselves. I can't speak for India specifically, but in western job markets pentesting is not an entry level occupation. You typically need to spend some time somewhere else in the cybersecurity industry before moving into pentesting.

Ok then im not going to buy pentest + at the moment

Guys do cyber companies pay more?

Im going to start the security +

Compared to other software engineering jobs

It would depend on location, job market, experience, etc.

Yeah, that's too broad of a question to answer fully.

Guys, who are BBH pros, what do need to know to start doing something on sites like HackerOne?

Hi everyone, I'm quite new here. Just saw the black Friday offer, Is it worth the subscription for the access of premium room? Wonder if learn skill here is enough to qualify a job?

Hi galileo, I'm not as experienced as some of others but I've found thm to be a strong core path, I'm pairing it with chatgpt/mimo n obsidian for note taking and have found it more than enough to spend any extra hrs on. That n YouTube - you can learn as much as you want

TryHackMe, or any of the learning platforms, on their own will not get you a job in cybersecurity. They're good for personal growth, but that's it. If you're looking to get a job in cybersecurity, you will likely need to obtain a degree or build your professional experience in the computer industry. As an example, many start on Helpdesk.

What you get for the cost of the subscription is more than fair, in my opinion

I'm curious, since I already have a career n pension (train operator for 12 yrs) what cyber security position would actually b a move up or lateral
(Current salary 72k)
I'm not in a rush to leave my job, I was thinking of investing 3-4 yrs of my time to studies n getting certs

US Rail? I'm not in that field, but I would read the US Gov RRB FAQ. It seems like you potentially lose your pension if you take another job before annuity starts paying out

It's privatized so I wouldn't lose my pension but it would be penalized in a way if I got another pension

I'm not worried about that tho, I'd love a change in careers, physically and mentally, I'm sick of trains

It's calpers

My first job in security paid $85K as an analyst. I was also changing careers and what really helped me was finding a security job within the industry I was already working in. The knowledge I had of the industry was a big help in landing the first role.

Thanks for the reply. I've made up my mind to give it a try. Previously I went to local uni for a master course, but everything they taught was so shallow that leaves me feel like learning nothing after the graduation. It's a terrible experience imo. Always make me think I shouldn't have waste my money and time on it..

Gave +1 Rep to @stoic cave (current: #18 - 479)

hmm never rly considered that it might be for a similar field, but i guess that's a possibility

Derailing your career to jump on the cybersec wagon

I need some help with finding the billing organisation for trythis.click
I tried various sites but couldn't manage it

red teaming or blue teaming in india??which field is best to adopt

Good question, can someone elaborate?

All you need to know is basic english and knowing how a website works
The english is due to all the scope requirements that someone might have so you'll understand what you're allowed to do and what you're not allowed to do, and talking to the company when reporting the vulnerability
Knowing how a website works, all you need is just the basics, maybe learning about the general vulnerabilities that a website can have

you don't need to be an expert to start, but understanding that in the beginning you might not find much and/or find duplicates

Well at the moment my English is ± B1, I know how to use Burp Suite, Metasploit, Nmap, all sorts of tools like nickname scanners, mail, domains, I also know some vulnerabilities like XSS, Command Injection, SQL Injection, well the most basic.
Now I want to learn Reverse Engineering, well, and maybe html, css, JS.
Is that enough to get started?

I would say u need to be good at programming languages before thinking of cybersecurity, so yeah practice until u have a good understanding, it will help later

Well I know C at a basic level, and also now repeating Python from w3school site, maybe you know if this site is good, or better to change?

yeah, that should be good enough, maybe also look into how html does stuff, js and sql

Hello, I'm a fresh cyber security graduated student. I'm currently confused of what to do after graduation. Can anyone give me a head up or recommendation of what I can do? like certification and stuff?

Guys I just did premium subscription for a year. I don't want auto renewal. Will "cancel subscription" option under manage account setting stops the auto renewal. Just wanted to confirm not to cancel my whole 1 year sub.

Can someone please confirm this

When I cancelled once my monthly subscription it stayed valid until the expiration of the paid period and it wasn't auto-renewed , so I think that it is also true for annual but I can't guarantee 100% 😄

Sounds good but I want confirmation for 1 yr coz don't want to screw whole sub 🥲

it doesn't renew if you cancel, even if it's monthly or yearly

and you'll still keep access until the amount of time you have paid for has ran out

yeah i cancelled a personal sub because my org paid for a licensed sub and the personal one stayed through the rest of that year.

?

Depends, there are a lot of ressources to learn languages on the internet, find the one u prefer.

#general Hello..!

Welcome 🙂

Thank You..

i think good, at least i cant find better)

Quick question for the fellow SOC analysts:
What are the 2 main pieces of advice you would give me to be good as a SOC analyst (I'm currently a junior)?
Feel free to share your valuable feedback 😉 🤝

I am not an analyst anymore, but here are a few tips that helped me get a ton of experience during my time working in a SOC.

1. Jump on every opportunity to learn something new. Whether it is a detection that comes in that you have never seen before or whatever the case. A lot of people get deer in the headlights, and are scared to try something new. Tap your seniors for guidance when you need it, but jump on those opportunities because that experience is where you learn the most.

2. There is so much material and courses out there, but focus on learning things that will directly help you at work. This can really help you advance and be a great help to your team.

3. Lastly, work on your ability to communicate. Get used to asking questions in meetings and reach out to other teams to build relationships.

Hi, would it be best to seek out a help desk role before or after achieving the A+ certification?

A+ is pretty basic , you probably may get helpdesk role even without it but it would be plus to have it 🙂

I have mongodb rules when i do logtest the rules trigger correctly when in real the rules does't go to alert.json i can see them in archives.json but are not goin to alerts.json altough the logtest is working find

Suggest posting this in #infosec-general instead to get more traction.

hi everyone , I did the isc2 certified in cybersecurity then the Google cybersecurity professional certificate and I'm hooked now doing Soc 1 on try hack me, I feel like there is room for growth and having an impactful career in protecting networks. my question is as I am looking for entry jobs in the field but I always see jobs that require more certifications and or degrees it I.T and im wondering if anyone could point me in the right direction when it comes to just an entry position with no prior experience required . I would really appreciate it.

A job that many cybersecurity professionals have started out with is helpdesk. After that many work as security or SOC analyst.

Those 2.are good

Soc analyst doesn't mean heaven be careful

There is also grc information security analyst positions

Mon To Friday and no shifts

It would depend on ones interests as there are folks who can't stand doing compliance work, doing risk assessments and all the GRC stuff. 😅

Excellent feedback, thank you so much!
Is there any specific certificate to pass as a SOC analyst in order to be valuable in the market?

Gave +1 Rep to @karmic hare (current: #2382 - 1)

Hey everyone I’m making a career transition and looking to break into the IT field. Has anyone here gotten hired off their portfolio projects (like was that a deciding factor)? Or does anyone have any cool project ideas that I can do to show skills in Python, and Bash shell.

thank you for the feedback . i appreciate it.

Gave +1 Rep to @vagrant cargo (current: #654 - 7)

Can you tell about how you got into Soc, certs required, and basic knowledge?

does programming gives you a good pay????

Hi all, I'm currently looking to career-change into cyber security and currently have no background. Are there any tips as to what courses to get first / any entry level jobs that'd be good experience for me. (Just from using THM I enjoy the offensive side more but I know you dont just walk into that type of job.)

Check out this path 🙂

https://tryhackme.com/r/path/outline/jrpenetrationtester

Many thanks! I'll get stuck into it🤝🏻

Gave +1 Rep to @keen tundra (current: #12 - 620)

Does HackerOne only has web hacking or does it has other types of hacking (e.g. binary exploitation, hardware hacking, etc)?

Scopes on H1 only usually only allow web app testing , sometimes even that is limited 😄

is there a bug bounty website for binary exploitation?

Bug bounty platform doesn't have to do anything with it 🙂 . Companies that're advertising their bug bounty programs usually don't allow binary exploitation in their scopes 🙂 .

oh okay. I hoped that there was a way to do binary exploitation in a freelance type of way like bug bounty. Thanks for your time.

Maybe take a look into Synack Red Team?

@keen tundra i am confused which field is in demand red team blue temaing please help me

Do what you love

If you feel like attacking is more you then go for red team

If you like defending is more you then go for blue team

If you feel like both attacking and defending is your thing and can’t decide then do purple team

Red teaming is often used to check that a companies blue teaming works, so both are needed in many fields.

thnks alot

How to find first job

Like i completed ceh and ejpt

And i want to grab my first job

Build a portfolio and apply for internships or entry level roles in cybersecurity, also consider earning CISSP and CompTIA certifications as you progress

Penetration tester or vulnerability assessor are ideal starting points, of course you must have some good understanding of security protocols

Really depends what you want to do. Have you got good knowledge and experience in IT or programming? Have you got a degree? (not essential, but it can help).

The CEH is less in demand in most places, very few recognise its legitimacy; even though it's on the DoD 8570 list. The company that runs it has a bad reputation after various allegations relating to activities towards some staff, also, a lot of the CEH content is plagiarised from other sources.

eJPT is a really good introduction to the certification process, but it's really only the very basics. It's likely not going to help you get a job, though it is good to understand everything within it to help your own progression. You should look at what specific employers are looking for, and go for that. OSCP is a common request by employers but it's fairly pricey, so you might have to find an employer to sponsor you onto it. CPTS, CRTO, CRTP, CRTE are more reasonably priced, but not as widely recognised

Damn, so ur sayin ceh aint worth it no more? i wanted to do ceh course w em

Hi, could you help me pls.
I finished junior penetretion path. I wanna practice. Which rooms(CTF) I should choose?

Some companies still do request it, but it's very expensive and of limited value as a training tool. You're better off focusing on a practical cert like OSCP, CPTS, etc, CompTIA certs like A+, Network+, Security+, etc can be beneficial. Certs can be expensive though so you should have some help with this from your employer

yeah landing the first job isn't easy. I still haven't landed one from when I got my degree. Job market is rough but it's best to keep trying. I've seen internship applications popping up

Hi guys im looking for advise, just finish my ms102 and have a ms104. looking at the sc-100. should i go for it or is their something better i should be looking at to get into a soc

Start with some guided CTFs like these ones 😄

https://tryhackme.com/r/room/basicpentestingjt

https://tryhackme.com/r/room/vulnversity

https://tryhackme.com/r/room/easyctf

You can learn more about Red/Blue teams careers here 😄

https://tryhackme.com/jr/careersincyber

does one without bachelor's degree in computer science or any IT-related able to apply cybersecurity/pentester/red team job with A+, sec+, pentest+, ceh or equivalent cert?

Yeah , why not 🙂

Those are all industry standard certs 😄

i heard from some guy who commented on youtube he having hard time to find job with a+ and sec+ cert just because he dont have the bachelor's degree for it. in the end only got a helpdesk job with low salary payment

You do you my brother. Those certs are really good and they show how committed you are to this field in addition to projects, CTFs, relevant skills. Focus on yourself and you'll eventually get a good job! Just be hopeful! Be positive! you can do this!!! 😄

thanks for the motivation ❤️ i wont give up and will keep the passion going 💪🏻💪🏻

Gave +1 Rep to @zinc kindle (current: #2385 - 1)

Well , nothing can guarantee you a job neither certificate neither a degree . Those certs are industry standards but you will also probably by given to perform some task from employer . Also it depends on the area of the world where you live , somewhere they're worth more than in other places 🙂 .

you are definitely right, better build solid and versatile skills before venturing into the industry. thanks for your explanation . ❤️

Gave +1 Rep to @keen tundra (current: #12 - 639)

Hi, anyone here working/learning cloud security ? for context I got AWS practitioner + Az-900+ Sc-900 and currently I'm studying for Az-500. Is there someone can give me some tips / or guide me to get the most knowledge I need to dive more into the cloud security ? anything I will be grateful for !

What are you interested with AWS certs 🙂 ? Practitioner isn't oriented towards security , it's meant for people who just want to get familiar with AWS cloud 🙂 .

I know, just wanted to learn more the cloud services available and see main differences between aws & azure. however I noticed that where I'm located , Azure is dominating the cloud market & most of the companies are using it.

Both Microsoft and AWS certs will get you covered by how the cloud works and gave you foundational/general knowledge about the cloud which is the most important thing after all 😄 . Only thing they differ is that AWS focus on Amazon cloud solutions and Azure focuses on Microsoft solutions 😄

which career looks good

penetration tester or red teamer??

or

engineering thing ???

is purple team a mix of red and blue team???

Yes it is 🙂

Yes

so, in purple team they do both , how comes 2 skills at once ???

Yes , like full-stack developer work with both front-end and back-end technologies 😄

where do these people get employed???

Work for companies , work as freelancers , have their own business 🙂 ,...

i guess there is a black team or something of such??

Do you mean black hat?

and what does this one get to do ???

How to start freelance? Or even get hired? Any suggestions?

Don’t do black hat… they’ll catch you

i don't get you at all, please explain it

who to catch me ???

Black hat is an unethical hacker.

Just like any other freelance job , advertise your services and try to get some clients 🙂 . Good portfolio can help you with that . Certificates can help you with company empoyment but they aren't a guarantee 🙂 .

Thanks, so advertising where tho?

Gave +1 Rep to @keen tundra (current: #12 - 643)

cyberspace is very suprising to a 15 years old boy

It is to all…

i once heard about green hat and pink hat,what do these mean???

https://www.techtarget.com/searchsecurity/answer/What-is-red-and-white-hat-hacking

thank you, for these !!

Gave +1 Rep to @keen dagger (current: #2385 - 1)

LinkedIn could be a good place , also on-line communities where people from that field communicate ( Facebook groups , Discord channel , ... ) . You can also make an account on web platforms like Fiverr and UpWork and try to advertise your services there . I'm talking about web development/cloud freelancing right now . It's very hard to work as a freelance pentester . Bug bounty can be interesting as a freelancing model for security enthusiasts 😄 .

It's generally a coalition of the two job roles.
i.e., the red team sit down in a room with the blue team and run through test cases in real time.

Truly appreciate it, thank you KGB.

Gave +1 Rep to @keen tundra (current: #12 - 644)

I don't think I've ever seen a situation where one person is asked to do both. Might happen in a small org, but a small org is unlikely to have robust enough controls to justify dedicated security personnel operating on that level.

got you now!! i aprecciate you all!!

Also, this is rubbish lmao
Black and white hat are military terms. Red hat is an operating system, and the rest are just made up rubbish to make hackers sound cool (with the possible exception of Blue hat being a Microsoft internal thing).

Either way the terminology is... Dated... To say the least.

what is M.I.T.M and R.U.D.Y , WHAT DO THEY MEAN

MITM - Man In The Middle

In my place it's common 🙂 . Those kind of people are usually team leaders/managers on projects . They're familiar with both stacks and they coordinate actions between front-end and back-end team 🙂 . They don't actively do any work on project , those're responsibilities for SMEs from respective fields , they just give finish touch to it , approve the project , coordinate actions between teams and are responsible for CI/CD process 😄 .

It’s the basic definitions, mate.

Sorry, to clarify, full stack, yes, purple team comprised of one person doing both, no

No, it's the definitions as written by people who don't have a clue what they're talking about lmfao

No one is going to walk into a pentesting team and start talking about green or red hat hackers. If they do, they'll be laughed out the door.

Hi

Welcome 🙂

hello everyone i am new here and new to cybersec

Welcome , good luck on your journey 😄

Hi

Welcome 🙂

Is physics often a prerequisite to study Cybersecurity in unis?

If you’re self learning cyber particularly interested in Threat Intelligence or a SOC analyst what would a job want to see before hiring you. Is it possible without a degree or certs?

FBI lmao

hi guys could someone please inform me how the market is for malware analysts or any forensics position in general, and how the demand might change in the future?

Just here to say hello and learn from the posts in here. Also looking to segue into this career arena from a different background.

What is your background?

I'm doing the same thing.

Hello everyone

Some banking for a few years, and then some government work dealing with collections

nice! I'm coming from being a music teacher lol

Cybersecurity, when you zoom out and look at the tech industry as a whole, is not entry level which is why you are seeing roles revolving around security requiring experience. To satisfy those requirements, people usually fall into two camps, obtaining a degree or working in a different sector of the tech industry and moving up. A common starting point of a lot of security professionals is IT, more specifically helpdesk. Those roles, ie Helpdesk Level 1, don't have any experience requirements and take people if they have an interest/willingness to learn/basic computer competency. The other side is going through a 4 year degree program, obtaining the Security+ towards the end (not necessary but helps as it's often required contract wise), and then applying for security roles, ie Cybersecurity Engineer.

What industry are you transitioning from? How many years of professional experience do you have?

Oh nice! Talk about a major jump lol. What made you want a career change?

Same as above, what are you transitioning from?

I know one big thing is me being tired of dealing with the general public face to face lol

Do you have a degree or any prior professional experience, in any industry?

yeah it is x) haha I need the change because being a music teacher isn't very well paid unless you work at a very high level. And I just needed a change to something very different and future-thinking.

The thing about certifications is that they don't really mean anything on their own. They are used to quantify professional experience. If the person had no other professional experience or a degree, the comment makes sense. Helpdesk is a common starting point for a lot of professionals..

yeah dealing with people can be energy draining but also rewarding if it is the right people. I feel the need to work with more adults haha

They're prestige unlocks, Activision gonna drop them in the Christmas patch

Have experience in the industry, have spent enough time in industry to build relationships with contacts that can vouch you're able to do what you say you can, hire a lawyer or two, extablish a business, obtain business insurance, etc etc

Helpdesk is a common industry starting point, I'd say more for SOC. For Threat Intel, having served in the military in an intelligence shop is common

I feel this 100%

Adults over children will be a big upgrade lol. But then you realize that some adults are just huge children, and you start to question the education system all over again

I'm looking to take at least one of the blue team certification exams that are out there.
So here's my question: has anyone taken TCM Security's new PSAA certification? If yes, what are your thoughts on the exam? Is it worth spending 200 bucks on? Considering the cost of BTL1, is it worth spending as much?

What's the reason for taking it? Are you currently in industry and need the CPEs/CEUs?

Looking to break into it and also as a personal goal

Break into what, cyber? Do you have a degree or prior professional experience in the computer industry? Do you have professional experience in any industry?

Yeah
I'm currently doing my masters; hold a bachelors in IT
Have done a couple of internships before

Do you have experience to go along with the Masters?

Outside of the internships

Do you have any certifications already?

Not outside of those internships, unfortunately

Took the splunk certified cybersecurity defense analyst last year

OK, that can potentially hurt a little. Having a Masters without professional experience can cause you to be overqualified when applying for entry level roles. Your salary band will be above the intended rates and the company will be hesitant to bring someone on that could leave earlier than what they have planned.

If you're looking to get into security, and you have a degree, Security+ is the baseline cybersecurity certification.

It's the only certification I would recommend you to pay for yourself. Get the organization to pay for other learning.

I already have the date for my CEH exam scheduled this Jan since the voucher was sponsored by my uni

Not the same, it's good that it's free to you, but the view on it is finally changing. At least in western markets

I see; do you recommend that it would be worth taking security+ on top of the CEH? Wouldn't it be better to invest in something like btl1 or psaa?

You're trying to get into security, Security+ is the baseline cybersecurity certification.

Blt1 is not a security certification, as far as I am aware, and PSAA likely do not have the HR reach of Security+

I see, but isn't BTL1 a blue team certificate?

Yes, sorry, tired

No issues! Appreciate the advice and your patience for putting up with my questions 😅 Thanks again!

Modified the response

In short, you're looking to get past HR and meet contract requirements. If you look at listings, the commonality between most will likely be Security+

Is Pentest a good cert?

I already have the class paid for through my company but was wondering if I wasted my time.

Assuming you're talking about Pentest+, if it's free I don't think it's a waste

Greeting from RSA

guys i am doing my cybersecurity degree from us university as an international student. i really want to have summer internship but the problem is i dont have that much of a good resume. i have my interest in web security. what route can i take, what steps do i need to take to secure an internship this summer? any help would be appreciated

ok, now i understand !

making a bunch of projects that you can add to your resume might help

I came from being a hairdresser for almost 20 years. Started in tech at 37 as help dek lvl 2 (studied for about a year before to get foundational knowledge down), and now a year later I'm working mostly in security. I have no formal schooling or certifications. Just passion and dedication (and a lot of luck). I do need to get certified still, per the request of my boss, if I want to officially transfer to the security department. But all of that is to say, it's possible to beat the odds and get your foot in the door. Not everyone will get so lucky but that shouldn't deter anyone from trying. 🙂

Congrats on your success 😄

Thank you! ^_^

Gave +1 Rep to @keen tundra (current: #12 - 686)

I'm transitioning from a military career with no degree so looking for any courses that can get my foot in the door

If you're beginning check out these two paths 🙂

https://tryhackme.com/r/path/outline/presecurity

https://tryhackme.com/r/path/outline/cybersecurity101

Thanks for the reply, ive completed the first path, almost finished the second and plan on continuing more paths afterwards. However what steps should I be taking outside of THM?

Gave +1 Rep to @keen tundra (current: #12 - 696)

Which field of cysec are you interested in 🙂 ?

@broken idol

@elfin halo please don't post Web3 projects for jobs in this server.

Hello!
If there is any frenchies 🇫🇷 here who would have a bit of time to talk about the French job market in cyber security, it would be much appreciated!! I am hoping for some advice, any feedback is welcome! Many thanks 😊

Welcome , greetings to France 🙂 🇫🇷 . Check out job-board maybe you will find something useful https://discord.com/channels/521382216299839518/775144008853749770 . Also LinkedIn could be a valuable resource for job market 😄

Just from using THM I'm drawn more towards the pen-testing/ethical hacking side of things it feels easier to pick up

Burp's Web Security Academy is a great resource if you're interested in web app vulnerabilities 🙂

OK, thank you! Will look into the job board 🙂

Gave +1 Rep to @keen tundra (current: #12 - 698)

Many thanks i'll check that out!

Gave +1 Rep to @keen tundra (current: #12 - 699)

morning all. I'm currently a servicedesk (1s/2nd line) engineer with about 4 years of experience and looking to branch out into Cybersecurity. I've already started the tryhackme paths which has been great and looking to be doing the google cybersecurity certificate at the end of this month. Moving on next year I'm looking to do either CCNA/Network + and Sec +. Would this be a viable path for an entry role within Cybersec?

CCNA/Net+ are oriented towards networking 🙂

They aren't really security certs although they cover some concepts 😄

I'm aware. I'm mainly looking to upskill my networking as well in the process as my impression is that its a vital part and not really my strongest point

I would recommend CCNA then if you're interested in networking 😄

mainly in preparation as well for sec+

Ah why CCNA over net+?

More recongized in the field , CISCO is industry leader after all , you will also learn CISCO specific syntax and get familiar with CISCO iOS along with general networking concepts 🙂

Hello ,
I'm 32 years, and I'm a Microsoft administrator.
Is it easy to make a career shift to penetration testing?

It's not easy , but it's possible 😄

Good morning, my fellow hackers. I'm currently a Quality & Test Automation Engineer as well as Full Stack developer. I'm currently doing a lot of deep dives and studying to try to make a pivot into cybersecurity, specifically into pentesting. I started THM a few months ago and currently on the Complete Beginner path (finished both Pre Security and Intro to Cyber Security paths earlier this year). I feel that I'm starting to get a refreshing feel for networking and just IT overall, but don't know if I'm ready to make the pivot career wise. Is there a possibility for me to get at least entry level positioning into cybersecurity with my current progress and additional tech skills or should I continue to learn and take certs to build further knowledge? (NOTE: Edited for clarity at 0817 EST)

Hi, im 30, have 7 years experience as a software developer and looking to branch into cyber security. Is ethical hacking or pentesting a viable path, not sure as well if ethical hacking and pentesting are the same thing.

Yes it is 🙂 . Those two aren't the same thing 😄

cheers thanks for the input!

Gave +1 Rep to @keen tundra (current: #12 - 706)

Oh my, is one a subset of the other, have you got any sources i can reference to get a better understanding

Check out this one 😄

https://tryhackme.com/jr/careersincyber

Thank you

Gave +1 Rep to @keen tundra (current: #12 - 707)

quick question anyone possibly have any good projects around cyber that I could make a start-up on and work toward it for a good 2-3 years that could be worth pursuing for that long during my time in college. Looking for some small profit on the side I could work on maybe to grow it in the future as well .. just wanted to get peoples opinion on it. thanks hope all is well for everyone (pls dm or ping I dont really check this much)

I have gone through the info on the provided link, am i correct to say, an ethical hacker is a red teamer?

Yes you are 🙂

Awesome, thanks

Gave +1 Rep to @keen tundra (current: #12 - 710)

Hey everyone! I’m looking for info on entry level grc jobs. What are some alternative job titles I should be looking for because I haven’t gotten a ton of hits on just looking for “grc analyst”

Are there alternative titles for compliance based roles vs risk or governance based?

"Can someone guide me on how to secure my Kali Linux system so that no unknown activities can run on it? Please share if you use any methods or tools yourself."

Hello people. Looking for some advice here- I was hired for a entry level Blue Team role and for the past year I have learned and experienced a lot of stuff and love my work but I am still unsure whether to remain in blue team or start working to switch into a red team role coz the pay in blue team is lower generally and your capabilities are dependent on how much you know the environment and past experience. So should I switch or should I just toil in blue team roles?

Try some red team learning paths out and see if you like them!! Im currently on the "red teaming" one at the end and although its hard its so so fun when you get somewhere. Plus, having knowledge from both sides of the spectrum wont hurt at all!!

Thanks, I joined THM for that purpose only so will definitely check those out. It should probably level up my log analysis as well I hope.

Gave +1 Rep to @swift kestrel (current: #1585 - 2)

Yeah defo! I've done the jr pentester one, and the first web app pentester one too. Id say they are both really good starter ones, THM is a great resource. The learning curve is massive though lol which I think is where the extra pay comes from, because sometimes it makes my brain explode a bit and I have to take a break

Check this one out 😄

https://tryhackme.com/r/room/linuxsystemhardening

hello everyone im a college student majoring in cybersecurity and am trying to get a entry level job but don't know where to start any pointer ?

Let me know if anyone needs amazon referrals, just go to amazon(dot)jobs, and give me the job id and resume. Will put referrals.

Disclaimer: I don't get any money out of this cause now companies dont pay referral bonus if you personally dont know the person. So you know, just dont be hugely rude if I miss your dm for couple of days

Before posting stuff like this, please talk to @cobalt escarp to verify your recruiter status. Otherwise, it's definitely spam to post it once, let alone 3 times.

it depends how have you installed it

is it a host

isit virtual machine from vmware or virtualbox

or is it from a bootable usb with persistence

Would you say that Network+ is just as necessary as Security+ when trying to create that baseline? I did Security+ first and am now reading a bit for Network+

Try to look at job-board 🙂 https://discord.com/channels/521382216299839518/775144008853749770

well, no, the “necessary” certs are whatever is listed on a job description, and job descriptions will most likely list Security+ as a preferred or required certification

in fact, depending on your sources, the Security+ is the “most mentioned” or “most sought after” (for lack of a better term) certification by employers in job descriptions

so it’s pretty much a baseline standard for fundamental security knowledge

for example, if I were a hiring manager for a SOC role, I would like to see a Network+ or CCNA for the fundamental networking knowledge, but I would prefer a Security+ over a Network+ because that, at least, tells me that I can use security terminology with you without requiring me to explain security terms

You should have a good understanding of networking when going into a cybersecurity role. Understanding the content of the Network+ will certainly be an advantage to you. And, while the CCNA is a bit more intensive, it could also benefit you. Basically you need to be able to explain what different things do in a network and how they do it. You don't need to know every bit of how to set up and configure a full network, but it doesn't hurt to at least be able to configure a computer, manage a firewall (e.g. on a Windows/Linux system), and understand other devices, protocols, etc. You'll certainly learn plenty about it as you progress.

Hey guys im a career shifter what certificate should i get to enter in cyber sec any recommendation?

choose appropriate path according to you interest and than persue certification, because there are diff certs for diff need, start with junior and forward to experienced certs like OSCP.

Gaining a certification isn't going to ensure you a role, especially in the current climate. You need a deep understanding of computers, operating systems like Linux and Windows, networking and at least a basic understanding of computer programs. You'll likely gain more skills in those areas as you progress in cybersecurity.

There are a lot of roles in the field of cybersecurity, and you can look at the range of Learning Paths on Try Hack Me to see what skills you should learn to pursue those roles. As for certifications, the Security+ is considered a good general knowledge certification for cybersecurity basics. You might also consider the Network+, or at least to understand its contents. While certifications show a certain level of comprehension, you should supplement these with other activities, like having a home lab to build and implement tools/systems to understand how they work, maintaining a blog, doing writeups, taking part in CTFs or doing bug bounties.

If you're just starting out in cybersecurity, I would first recommend getting comfortable with things in THM, progressing with the paths, and consider picking up one or more of the Tribe of Hackers books discussing various roles in cybersecurity. Feel free to ask questions here about anything you're interested in

thank you for info guys ❤️

Are you using Kali as a VM Or As your host OS...?

While cybersecurity certifications can be expensive, and employers should be paying for your training, they might expect you to have certain knowledge/experience already. It can still be the case that many employers will expect you to have at least the basics with Security+ a solid foundation

Use Kali as a vm, in NAT mode, and only for playing Try Hack Me over the VPN and you should be fine. There's always a risk connecting to a network but the platform's rules and general good behaviour of the community means you're not going to be at much risk. Also, you should always have backups of your VM and its contents, keep regular snapshots. The intention of Kali is to use it for pentesting, so you do need to have it available to host services for targets to connect back to, etc... You aren't supposed to lock it down, and you shouldn't be keeping anything too sensitive on it.

You can do things like keeping your notes and sensitive information on your host machine, amd backed up to an external hard drive or cloud storage, etc...

Hey there are some french here ?

If you'd like to chat, you can join and talk in #general. This Discord is English-speaking and if you'd like to chat to people directly, please see #rules and ask individuals in the channel before you contact them directly. You can also verify yourself as follows:

Hello everyone! I am working as System Administrator for 3 years and now I would like to switch into Cyber Security. My company will send me on a Fortinet Course for Network Security so I can learn how to implement basic Network Security on Fortigate firewalls. I bought black friday Premium deal and my question is will I get enough general knowledge about security on TryHackMe rooms, courses and paths ? Do you have some recommendations ?

guys I need help in solving a couple of the questions from the SOC learning path on THM

the question I'm struggling with is from the "Cyber Defence Frameworks"

the room name is MITRE and the question is;
2) As your organization is migrating to the cloud, is there anything attributed to this APT group that you should focus on? If so, what is it?

5. What platforms does the technique from question #2 affect?

pls help me guys. ur help will be much appreciated 🙏🏻

can anyone tell me what do we need to access web application

Ohh thank you soo muchh for guide mee thank you

Gave +1 Rep to @rugged delta (current: #20 - 437)

"I have installed Kali Linux as a host operating system on my laptop. There is no other operating system on it, only Kali Linux. What do you use in such cases? Could you explain the steps to secure it based on your experience?"

i wouldn't recommend using kali as a host

maybe vm the best

Anyone who can tell me the path for becoming a pentester

Check out this path for beginning 🙂

https://tryhackme.com/r/path/outline/pentestplus

I believe so. Try hack me is great and has basic knowledge all the way up to advanced stuff. It's a great place to practice, though the information can be a bit fragmented. If you need a training plan laid down better you could probably go for like a udemy course for Comptia Security+, then CySA+ if you plan to go incident response. There's probably a whole lot of other jobs that could use your experience as a systems admin as well like with vulnerability management. I was surprised when I came to Cyber from systems administration just how surface level a lot of people's understanding of the systems they're using are. It seems a lot of people like to learn about the theory of cybersecurity without getting into any technical detail and it's a great advantage I see people with systems admin experience come in with. They're not afraid to learn how the systems work at a deeper level.

I understand your suggestion about using a VM, but right now I’m at a student level and my laptop isn’t very powerful. I’m on a budget and can’t afford additional resources or setups at the moment. For now, I just need to temporarily secure Kali Linux on my system while I’m learning and practicing. Once I have the resources or when I need more isolation, I will consider switching to a VM. Can you guide me on how to secure Kali Linux in this temporary setup?"

what do you mean by "secure"?

unless there's some backdoor or supply chain attack I haven't read in cyber news today, I would assume the Kali Linux distro doesn't have any malicious packages by default

it is already secure

if you put ufw and access internet via proxychains or smth

idk i wouldn't recommend using it as host os

Well how about live boot ? Isn’t it a good idea ?

it shouldn't be used as a host OS

and it shouldn't be your daily driver as well

Thanks man !! ❤️✨ will look after it !!

Gave +1 Rep to @fluid fiber (current: #2412 - 1)

"You're right, Kali Linux doesn't have malicious packages by default. My main concern is making sure my system stays secure from any unauthorized or suspicious activities while I'm using it. I just want to make sure nothing unexpected happens while I’m learning and experimenting."

Thank you very much for these suggestions. It was my Idea to start from Sys Admin so I can cover networking, systems, server , everything because I think also it Is a great background for future security positions. You cant defend something if you dont know how it works 😄

Gave +1 Rep to @fluid fiber (current: #1595 - 2)

if you want daily use linux os just use ubuntu or mint or something else

and if you want kali just make a bootable kali with persistence from usb

Agreed. It might also be a great background to make you more versatile. Blue team or red, everyone can use some sys admin experience imo.

I think kali doesnt even have the firewall setup out of the box?

its not meant to be a daily driver

I do have one more question tho , what course do you recommend me on tryhackme well I started with cyber security 101 .. also I do take some extra classes about Ceh

Okkey
"Thank you for your advice! I believe this will be really helpful for me, and I appreciate you guiding me."
I’m new to all of this and currently at a student level, so I’m really grateful for your help, especially considering how busy you must be. Thank you so much for taking the time to guide me.

Gave +1 Rep to @potent cloud (current: #2413 - 1)

Not really I am not even working

I am also student

I kind of like cyber sec but at the end of the day it looks useless in this crisis

no job positions at all

Is there no scope in cybersecurity right now? Are there no job opportunities available?

i dont think so. real question is what you can bringe on table

Still remains immense scope and abundant field, but there is shortage of cybersecurity workers with millions of unfilled positions, that's why companies often struggle, competitions exist in roles and demand is often for skilled ones which far outstrips supply

All depends on your determination

Thank God, cyber security is my dream, and I am determined to pursue it no matter what challenges come my way. & I will prove to myself that I am capable of achieving this and making it happen.

Gave +1 Rep to @worldly dragon (current: #1595 - 2)

keep it up

Ohh thank God....

Thanks✨

there are job opportunities, but right now, it’s mostly for mid-to-senior-level roles

hence why everyone’s complaining about how cybersecurity isn’t really entry-level (because it isn’t)

Well cybersecurity has always had a stigma for not being entry-level. It's generally because, in order to get into it, you'd be expected to already have interests in IT, programming, networks, cloud, or one or more of several other areas, both as your own interests, and as how you make a living. Hence, why most cybersec jobs ask you to have some prior experience, and/or a degree and/or certifications, or that you take part in things like CTFs, bug bounties, have a blog, do writeups about your activity (THM machines, events like meetups/conferences, technology you've learned about/explored), having a home lab (this could be your home pc, some spare computers, networking kit, virtual machines doing interesting things, an AWS/Azure/GCP account); basically being able to talk about tech and the cool things you've done, personally and professionally.

Obviously, the more experience you have the better in such things. Certs/degrees are good indicators, but they want to know your skills/passions, and what you can bring to the table. There are companies that will hire for SOC roles straight out of college, but you might find your first role in helpdesk/support/IT/QA/programming and build on that. You'd generally at least need to have the basics of something and a passion for exploration and learning, and being able to demonstrate it

which is why I already said that cybersecurity really isn’t an entry-level field

eh it's entry level in that you just need to show you can work on it of your own free will without needing a college course. And those same things can be said to SWE as well anyway, if you have personal projects and not just uni projects it looks signif better

Guys I'm working in SOC L1 for like 6 months. My interest lies in red team or pentesting. Just started doing some ctfs.
Any idea for switching sides after few years in blue team for exp gain ofc ?

hi

Well having a knowledge/experience of SOC/blue team is a real advantage when transitioning to pentesting/red teams/purple teams, as the ability to understand what techniques and tools are in use can produce better outcomes for your exercises, and better results for your client. And understanding how the whole cybersec apparatus operates can help you excel in your career going forward

Hey all, I was hoping for some guidance on what roles I should be looking towards next with my current resume? I wasn't sure if I should start applying to AppSec roles or pentesting

Post a redacted version of your resume instead of a file.

cc: @broken idol

Got it, thanks to you and @broken idol !

Gave +1 Rep to @dense dagger (current: #20 - 438)

uhmm hellp guys, I got a final interview for a VAPT role as intern. anyone can suggest a course that would help me review?

Anyone have some advice on part time help desk roles, I work full time on a 5 on 5 off pattern so have some time to gain some experience in the field. Doesn’t even have to be paid as that would mess with taxes just anything to put on the CV for the future would be fantastic. I currently work in security (CCTV atm) and want to gain the necessary skills and quals to potentially change careers to cyber in the future. Any suggestions would be amazing

For the moment I’m working my way through the paths on here. Gonna try and bolster my knowledge but I’m aware from different reddits and stuff that experience in some form of IT helps massively

not a huge fan of your template, but i wouldn't toss it based on that. Education should be at the bottom of your list, not the top. Professional experience > all

I would reorder it so that professional experience is first, certs second, education last. You've been in industry for 4 years, your education is the least important to explain to an employer why you are qualified for a new role

hey every one can you tell me free rooms

Majority rooms are free 😄

https://tryhackme.com/r/hacktivities/search?page=1&contentSubType=free

Makes sense, thanks juun. If I may ask, what template would you personally recommend?

Gave +1 Rep to @flat sedge (current: #11 - 787)

awesomCV. It's in latex, so you can't use it with any office applications.

Is a degree necessary or would doing a lot of different certification programs helped to get my foot in the door I know degrees can get expensive fast.

I don't think that degree is necessary in today's world 🙂

For cyber security that is

I just see a lot of stuff that ask if you have a bachelors in job postings

Does anyone know the best courses you can take to get your foot in the door?

Which area of cyber security 🙂 ?

I’ll be honest I’m not completely sure whether or not I would prefer blue or red

Long story short I work at a job I’m miserable at. I’ve always been intrigued by cyber security, so I was tempted to swap to doing something new. I’ve been at this job for around 10 years now and ever since the business went corporate they’ve taken and taken and taken everything away from us and this past year, they took even bonuses away from us. And for a job that I’m only making around 70 K a year at working at $30 a hour and is a production based job and that’s with me working a lot of overtime, I just feel like this job I have been doing doesn’t seem to have anything positive going for it. It feels like we are 1 step away from them making it a non production job and cutting my pay with how corporate greed works and I am just ready to try something new.

You can start here with TryHackMe , see which path best suits you , then continue to specialize in that particular field 🙂

You should consider reading the Tribe of Hackers books. They're usually pretty cheap. They're a series of interviews with various cybersecurity professionals in the industry and they can give you insights about what you might like to pursue

Can someone kindly give me an advice,
If someone is pursuing a cybersecurity carrer especially a pentester role should that individual take a normal bsc. Computer science degree or a bsc. Cyber forensic degree.

Seconding juun's advice, this is the resume template I used for my current role in DFIR (besides the top / current job), experience > certs/skills > education seemed to be the way to go for me, could use as a general guideline if you'd like

thank you both for an example of what TO do.

Gave +1 Rep to @crystal cradle (current: #660 - 7)

Random question. I have a job opportunity coming up and the main software of use is HCL appscan. They offer a demo, so I really wanted to play around with it before my interview. The problem is, you cant request a demo without a work email. Im a student with neigher a school or work email. How can I go about trying the demo? You cant even reach someone over there unless youre a large business looking to do business with them

I'd say watch some videos on it

and write down the steps

and try to memorize them

cus some software companies really do not allow to test or demo their software unless you have a corporate email

so

I can understand why. Thanks for the tip

Depending on your path . If you plan to be more on the business side after your done with cyber engineering ; transitioning to more on management, business side , leadership role and etc. Yes minimum a 4 year degree. That is most requirement for major companies. Yes ,it is HR requirement. Depends on what is your career goal.

It would definitely help

I wish we had this 18 years ago before i started my career in cyber.

Yeah , THM is a fantastic way to start and get familiar with concepts 😄

It is so much fun THM. I truly LOVE IT!!!!!

I have a useless 2 year associate of general studies certificate. But I really didn’t want to have to restart college and go into debt in order to get into the job. But I mean if it’s a must I would do what I had to do. I just wish I could finish out a bachelors for free or fairly cheaply. I don’t think I could even get Fafsa because last year I made like 77k because I had a lot of overtime and my wife made like 30k. So I’m probably def over the amount to where they would cover anything at all

I don’t think the fact that I have 2 kids would have even helped with that. I am not sure what the Fafsa cutoff is but I doubt it’s very high

No, dont say that. It shows you are willing to learn and complete a task and assignment given to you. Every degree is useful.

My boss has a bachelor degree in Business general. He loves Cyber and etc. With the business general degeee he understand and know how to relate the ask from shareholders and C executive.

He is a VP

The challenges we as an enginneer or analyst is trying to explain we cannot be cheap when comes to secure a corporate environment.

You will figure it out once you start working in cyber lol

So a degree is a must have. But do places pay for you to go back to finish your bachelors while working for them per chance?

And if so also would a computer science or software engineering degree be better suited to have?

Must have if you want to work for bigger traditional Corporation vs a Startup

What if you work for a startup for a couple years and then try to move up to a bigger corp? I guess startups wouldn’t pay very much tho

Of course if that is what you are truly passionate . Binaries , low level assembly language, embeded systems and etc......

A.I. ML..etc..

Also the local college here overs a bachelors of computer technology and design with an emphasis on cloud computing and cyber security.

But I’ve never heard of that degree before I looked at the local college

The computer science and the software engineering I’ve heard of plenty. But that last one sounded odd. Like computer tech sounds like working on hardware to me

Oh I’m dumb

That was the one below it that I was reading with the cyber security part

I mixed up 2 degrees

BACHELOR OF SCIENCE IN DIGITAL TECHNOLOGY & DESIGN WITH A CONCENTRATION IN CLOUD COMPUTING & CYBERSECURITY

This is the one the local college offers

Focus on the training here on THM. Start here . And what do you want to do Blue teaming, Red Teaming or like me Purple Teaming.

Find what triggers your curiousity

You will find the force in you like a Jedi.

There are plenty of online cyber degrees

Focus on certs

Yea I am planning on finishing out the courses on THM and such and I have a couple web sites I heard I could get into on order to get better at the work

Yup

TCM, OWASP, Hackerone.

Idk how good those are but I was told about them.

I wonder if I could find a course specific bachelors that wouldn’t be as pricey as some others. Like I don’t want to end up dropping 60k just to finish out my degree 😭

Focus on certifications

Hey guys, I’m a senior in high school and I’m currently in a cybersecurity class, we’re supposed to be doing certification testing closer to the end of the year (I’ll have to get back on what cert specifically tomorrow). I plan on going to college for Cybersecurity as well, would there be any good starting jobs to look for while continuing my schooling?

Internship

Try to take a look at https://discord.com/channels/521382216299839518/775144008853749770 😄

LinkedIn could also be helpful 😄

Ask ChatGPT !! I swear...it will.narrow down

But would certs even really help me though? I just want to make most of my time because I’ll be honest. The job I’m working at is slowly killing me. It’s miserable and corporate has made everyone up there hate the work.

Yes! 100%

This is 3 months ago, i interview several candidates to join my team. 1 candidate had certs and no degrees 1 year as a T2 support. Another had a 4 year computer.engineering (aarogant little prick )

Quick question: I'm new to learning cybersecurity as I'm looking into diversifying my potential career paths. I already have my bachelor's degree in Sociology and Criminal Justice/Criminology. I've also been working in a prison for the past two years as a case manager. Do you think my experience in criminal justice would be beneficial for this field?

Guess who i hired ?

Any recommended certs to go for?

And I’m guessing the better mannered one lol

Nice...volunteer at your local PD as a cyber analyst

The guy with the certs. He was googling for answers while interviewing.

It is not all about what you know and what you can do. It is about attitude and personality

lol I mean kids these days don’t know how to actually talk to people.

I'll need to look into it. I know the police captain really well so I might be able to score a nice volunteer position lol

The attitude of willing to learn and find out

Dude...that is the best ..i wonder what type of forensics tools they have .

I dont know it all but i am sharing from 18 years in the industry

It's a small, underfunded PD in a rural town, so I'm guess not much 😬

I’m on my mid 30s. In interviews I’ve always been straight with the people I talk to. I tell them if I don’t know something but also tell them if they teach me then I will def put what I am shown to work. I have been at my current job 10 years. It took 10 years for a corporation that bought a company to completely strip the company of all its dignity.

It is fine. You get your foot in the door and you have cyber security on your resume. Build your resume

Not suprise

I had the same attitude when scoring my current position. I went into it with very little experience, but I told them that I was a quick learner and that I was always looking for new ways to implement information. It was enough for them to hire me, and before my old boss left, he said that I was the best hire he ever had

Im a burnt out cyber security.

Im looking into more academia . Teaching and Research. That is my next career move.

Security Researcher

I work in a dental lab for the NDX dental company.

I just had scaling done both side

The Painnnnn

I'm a burnt out physical security lmao. Currently manage 150 felons and make sure they have resources they need to succeed

Did you see the news CEO of UHC got shot in the back

We are all broke. Sorry .

I did see that! Crazy stuff. Bet it's got a lot of higher ups of the company scared

Ah you had buildup I take it? I don’t do all that fine of stuff lol

Do you accept gold bar ?

Do you accept World of Warcraft gold?

I have an account with like 1mil or something like that

Yeah so . I just got done on Team chat , tommorrow. We are having a critical meeting concerning physical security and our CEO

Yup

Defense in depth

Physical is one of it.

Also space. lol in my lab I literally do one thing all day. I put teeth in wax. Fake teeth. XD

Yeah that is what im getting acrylic. Temporary.dentures

$30 a hour and I stick acrylic teeth in wax

I have two missing molars

Interesting! It might be the turn of a big shift in physical security. Usually, CEO's aren't gunned down in the street like common thugs, so we'll need to see what this leads to

Are you in NA?

What is NA ??

North America

Yeah .. midwest

Westsideeee 4 life !!! Tupac

https://tenor.com/view/all-eyez-on-me-gif-13777335795178786311

Lmao

There is a chance being that NDX is one of the larger labs. That we could end up with your case

You got your drs last name?

So we are discussing our concerns on COPYCATS!

Who will.be the next CEO ?

Back in 2013, the Colorado Departments of Corrections executive director was assassinated. After that, there was a lot of changes to how the prisons operated. Might be seeing some similar changes

Physical security is so important

I see a ton that come through the lab. If it’s a Dr we use I bet you it would be me working on your case haha

I am keyboard warrior. I stay in and avoid human contacts

I work remote and from home

Honestly that’s what I would prefer to do

It is scary

Lol, that's how I'm trying to be. I'm too much of an introvert to be talking to hundreds of people a day. It's helped me break out of my shell a lot, but it's also exhausting

I got my furry babies . Im good

It’s not that I hate working at a place. It’s that I hate working where I work and at the same time if I worked remotely I could actually be around my kids more

Lmao

Omg i know that feeling

Ok google the top 10 certifications for beginners

Let me know which one you find sexy

https://tenor.com/view/dance-gif-14970445956021859891

My friend sent me a list of cyber certifications and holy crap there is a lot. Super expensive too haha

Ok can you post it here

https://pauljerimy.com/security-certification-roadmap/

That’s one of the main reasons I’ve been looking into Cyber security. I make $30 a hour currently and I don’t really actually care to make more because me and wife’s pay together is enough to live and be happy. And Cyber I mean could def pay a bit more than I make but I mean I don’t really make that much haha

I’ll talk to you guys tomorrow though. I have to get up early to take wife to get LASIK done in the morning.

I did my CISSP i failed.

Currently i have no certs.

Ouch

Lol

But because im not into.it

I have cloud certs and devsecops certs .... and working on my OSCP

https://tenor.com/view/kali-linux-hacker-anonymous-skid-gif-20396503

If I'm trying to get into cybersecurity, do you think it's worthwhile to set up a virtual machine running Linux to practice with?

I would recommend to 🙂

Yes

Cool 🙂 I've already been doing research on how to do so, but nice to know I'm on the right mindset

Having a homelab, even VMs running on your pc, is super useful and helpful to figure out how things work

Thats running on a VM

Akali Linux. They should have use that name. Not Kali. Lol

You guys know Akali

Thats her my future wifey

Lmao

Saves you lots of $$$ on hardware

You'll make it happen. I believe. At least if you can get off League 🤣

I'm highschool student and Computer Network Architects seem cool
is it a good job to pursuit?

Definitely the right mindset. Virtualization (not just VMs) is a huge tool to have in your belt from a cybersec pov. There will no escaping it in enterprise level networks.

Would you do it if you never got paid anything?

sure

Then yes

sound cool and i would like to try

maintaining server

Not that difficult. Just grab an AWS account and you can play around with all the fun toys you want. If you want to learn more, the magic search term is "homelab"

K i'll explore more in my winter break

i'm still busy with semester test

it's even harder now cause my education system just change to encourage people not to go to university

😭

They're doing you a favor. Universities are usually behind the market, sometimes by decades. In order of preference, jobs want to see:

1. Experience
2. Training
3. Education

Homelab projects will get you #1 or 2 for the price of a few cups of coffee, way less than you would pay for #3, assuming you're in a country where you pay for uni.

Frankly, nothing makes a degree quite so worthless as everybody having one. Supply & demand

I'm still going to university in Germany though

I think i will just go for computer science course

By all means, do. Just don't leave your degree to do all the heavy lifting. If you start working on projects while you do that, you can have 4 years of experience before you even land your first job.

yes that's what i'm planning to do

study university + self study on project + work a side job

oof

I hope i don't get a full burn out again

Just remember: people don't burn out because they work too much. They burn out because they don't believe the reward is worth the effort.

But if you really are willing to this stuff without getting paid, then the work is its own reward, and you'll be surprised how hard you can go at it.

I'm currently busy with high school work rn should i try to play with AWS first, learn C, or learn cs50x

btw I'm busy with German, math and physic

I would say AWS > CS50 > C

You should be able to jump into AWS right away. You'll want some programming knowledge at some point in time but it's completely unnecessary for getting started.

CS50 will get your feet wet with C as well as introduce you to fundamental programming concepts. I struggled for 15 years to understand programming because I was trying to learn languages without understanding the concepts, and C was one of them. It was miserable.

I would even caution against making C your first language unless you are into hardcore intellectual challenges. CS50P (to learn Python) or CS50W (Python and JavaScript) are both viable options.

I got experience in Python and javascript but not so much

Python and JavaScript are the two most in-demand languages. Python in particular is used extensively both in AI and Cyber. Nothing wrong with either of those.

okey

Thank you for believeing in me..

Gave +1 Rep to @winter hemlock (current: #1609 - 2)

Anything in technology field or the digital world is a good field.

Long live the God of Python. !!!!!

Python or C first?

Hey all, posting here to get my cyber security career started. I’m currently working as an IT Security Analyst, with previous roles in software development, looking to find a job as a junior penetration tester, with end goals of being a red team operator. I currently have my eJPTv2 and PNPT, currently working on CRTE (expected january 2025) and doing CPTS (expected march 2025). I also have a bachelors in comp sci. In my spare time, I learn about malware development from Sektor7 and refine my skills in rust to build my own tools. Im also working on Machine Learning tools that can do things like generate shellcode/payloads.

Would love to get connected with professionals in the field and network 😁

Hello everybody 🙂 I have a Red Team internship and I will have to develop an automated framework for AD pentesting. What do you think about that internship subject will I do some red team mission or will I be stuck in the dev of the framework? Does this sound like a good project? I'm a second year bachelor student in IT and that's going to be my first experience in Cybersecurity

You can start with path 🙂

https://tryhackme.com/r/path/outline/presecurity

I'm actually almost done with pre security myself I got part 2 and 3 of Linux funds and windows funds then I'll be finish with pre security my question is should I use LinkedIn to look for my first help desk job, I've only used Indeed so I'm not experienced with other sites like glass door and LinkedIn.

Yes , why not 🙂 . Also check out https://discord.com/channels/521382216299839518/775144008853749770 and see if you can find something useful for you 😄

Hello

any ideas for final year projects in cyber security?

Can school students get discount on premium? Or is it for college and above?

Nvm, AOC 30% off will be enough for me

Anybody recently take the Sec+ ?

No, but I might start working on it soon

Hi guys, i'm interested in going to university to study cyber security or potentially software development. However, I received an offer for a university with easier entry requirements for Web Design and Development, do you think these courses intertwine with each other? And could I possible go into a cybersec/softwaredev job with the Web degree? Thanks.

I think that’s a great path for moving into information security! I’m no expert, but from my perspective I think it’ll be super valuable to get familiar with the development lifecycle, and then pivot into Cyber from there. You could probably push towards DevSecOps

I recently took and passed it! Are you prepping for yours?

Thanks, thats what I was thinking, perhaps going for a postgrad in cyber, computing or software?

Gave +1 Rep to @trim reef (current: #2439 - 1)

Simple Penetration Test: Set up a vulnerable machine (e.g., using Metasploitable or DVWA) on VMware and perform penetration testing. Include steps like information gathering, exploitation, and mitigation recommendations.

hello everyone

Can you get any kind of Certs through the paid try hack me courses?

Welcome Robert 🙂

Welcome 😄 .

They can help you in preparation for some certs 😄

whats a good first cert to start with?

COMPTIA+?

is that what its called haha

Good question

@charred yarrowHave you gone trough the hack fakebank process?

I have not gone through anything

I am still new in this

going through beginner courses

The CompTIA A+ is good ff you want it on your resume to get past HR filters but the info is very broad and doesn't give you the greatest start into IT or Cyber. I got it because my job made me get it and now im working on Network+ and then Security+ and probably RHCSA and then I'll see. But if you are completely new then the A+ is a good foundation and then you can move on to what you find more interesting.

OH WAIT

i think i have gone through the hack fakebank

yes

ahh i see

so from A+ how many more do i actually need haha

it depends on what you want

you can do the trifecta which is A+ Net+ and Sec+ and that is kind of like a good standard set but it really depends on what you want cuz if you want networking jobs, you could go the Cisco route with the CCNA and onward. IF you like linux and server type stuff, go RHCSA or LPIC route, then you have the AWS and Microsoft 365, and then at the cyber level you got so many security certs at higher levels that actually hold weight and thats a different animal but thats after you choose a path and get experience.

https://partners.comptia.org/docs/default-source/resources/08314-it-certification-roadmap-nov2020-update-8-5x11-online

this is a good roadmap and it shows comptia certs along with other vendors certifications so you can get a general idea of the path you can take.

TryHackMe does not provide any sort of certification if that is what you're asking. As a FYI, certificates and certifications are not interchangeable as they are not the same thing.

What's your goal? Do you have a degree or prior professional experience in the computer industry?

i have a diploma

and yeah i wanna work in cyber sec dept

Was it an accredited 4 year/bachelors program?

Also, what type? Was it a STEM degree?

Sorry , we can't help you with that

Just ignore them

All I have is an associates of general studies certificate. I am looking at ways I can go back to college for a lower amount of cash. I just can’t afford to go back at the tuition rates that even the local college here asks for because I got 2 kids and I have to put their needs first. And idk if Fafsa is gonna do diddly squat for me because between me and my wife we made like $100k last year together. So that’s why I was asking about certifications and such. I want to get into cyber security but I don’t really know much on what jobs actually would take seriously and what they would scoff at.

Look into WGU 🙂

What do you do now, if you don't mind me asking?

If you said earlier, sorry

Yea I could do that one. I’ve seen WGU but still $4k a semester would still be a decent amount. But if I absolutely had to I would. It’s just I’d be saving a while before I could go

They offer payment plans

I work for NDX dental labs. It’s basically a place that makes the dentures and partials and crowns and such that dentists give their patients

Yea but I have never liked having to deal with interest. Paying full price when I can is always better for me. It’s how I’ve always done things

Understandable, I would look into scholarships

A common starting point for a lot of people in security is IT, with a role such as Tier 1 Suppor/Helpdesk. I don't know your financial situation, so you'd need to look to see if you could make that jump.

What does IT pay

Given that you have an associates, you may be able to get into a NOC or SOC

You'll have to research the companies around your locale

Ah i got you. Those are the group places aren’t they?

Where you work on a team

I mean you work in teams across the industry

Yes but I meant like outside of business groups that get hired on by companies

Idk the right words

lol having a mental block right now

Private practices

How about for IPS or IDS?

I'm not sure what you mean to be honest

We cannot assist you with your school work

Like a small cyber security company that sells its services to businesses

That's a MSP, Managed Service Provider

Ah

SOC and NOC refer to Security or Networking Operation Centers, which can be a service provided by MSPs, but arent exclusive to MSPs

I got you

They don’t require a specialized degree?

When a degree is a requirement it's not always requiring a STEM degree

Some may specify that it has to be though

Ah I got you. But most are requiring a bachelors that I’ve seen

That is correct

I just want to do an internship and get in lol. But even the internships want you to have a bachelors

Internships are typically reserved for those in degree programs or higher education in general or high school in some cases

Given that you have responsibilities, looking at IT Helpdesk/Support roles may be your best option right now

Yea I guess I could look into that. I also going to look into scholarships and such to see if I can get back into chasing a computer science bachelors. I just don’t want to end up getting into a lot of debt

Hi, i've completed my high school/higher secondary(in india) in 2023. I want to get into IT but i don't any IT knowledge cuz i'm completely new to IT field. As i was looking through the internet i found a four month course which is about cybersecurity and thinking of taking it. and i have heard that cybersecurity is not a entry level to IT. so i'm thinking to go with certifications. So what certification roadmap would you recommend for me. Thank you.

is Comptia ITF+ a good start?

You have a path on THM oriented towards people interested in Comptia certs ( Pentest+ but it has overlapping material with other certs too ) . Check it out and see if it suits you 🙂

https://tryhackme.com/r/path/outline/pentestplus

i don't have basic knowledge of IT, comptia pentest+ would be a good start?

If you're just starting in IT , I wouldn't recommend to chase certs right now 🙂 . Start then with these two foundational paths on THM and check out the careers article to see which career path best suits you 🙂 . After you get along with fundamentals you can specialize in the cysec field that best suits you 😄

https://tryhackme.com/r/path/outline/presecurity

https://tryhackme.com/r/path/outline/cybersecurity101

https://tryhackme.com/r/room/careersincyber

okay👍

thanks kgb

I am just requesting for ideas uk

Is NOC useful for a Red/Purple Team career?
Or is SOC a more preferred option

He already gived you a great idea for your project; setup a a lab and do some pentesting/hardening. You can also setup Splunk with Atomic Red Team; try some attack and do the mitigation

You can add ids/ips if you want and make them send logs to Splunk

Bachelor of Science in Digitsl Technology & Design with a Concentration in Cloud Computing & Cybersecurity vs a Bachelors of Computer Science. I’ve not ever heard of the first degree so I wanted to see which of these would carry more weight for entry level job approach. I haven’t figured out if I could get scholarships and such yet to pay for college but I can’t apply for them without enrolling first into a degree. But I don’t know if I would even be able to afford to go and probably won’t be eligible for Fafsa. And I know I’d prolly end up needing an actual Bachelors in the end no matter what I do so I’m looking at a foreign degree to me that my local college offers and a computer science with emphasis on AI that’s offered by WGU. But yea I’m in a pickle but I mean long story short that’s why I’m asking about the degrees

Hi everyone,

My name is Manoj, and I'm thrilled to join this community of Tryhackme and cybersecurity enthusiasts. Here's a bit about me
About Me:
Experience: I have 4 years of experience in cybersecurity.
Current Role: Working as a Platform Data Specialist, focusing on securing and managing data platforms.
Previous Roles:
2 years as a security trainer, where I developed and delivered training programs on various security topics.
Extensive hands-on experience in penetration testing, vulnerability assessment, and implementing security frameworks.
Interests:
Security Architecture: I'm particularly interested in security architecture, designing secure systems, and ensuring robust infrastructure
It would be helpful if you could guide me through the process of becoming a security architect, including what skills are needed and how to acquire them

Hello everyone!! I want to get an entry level cyber security certificate, which one should i choose? Security+ or CEH or else?

If you're looking for your first certification, then Security+, combined with Network+ would be a good entry into the field

Is it good to have for cybersecurity as per the job perspective?

Thanks

Gave +1 Rep to @thin cape (current: #2442 - 1)

hello guys

I need help

if someone can guide on how to get started as a bug hunter?

You can start with this path 😄

https://tryhackme.com/r/path/outline/webapppentesting

Actually maybe this if you're really on the beginning 🙂

https://tryhackme.com/r/room/webapplicationbasics

well thankyou but this is web application security

is this what everybody calls bug hunting?

Yes it's mainly focused around web app vulns 😄

let's say I completed both the room and path

what next?

also, what platform to find bugs on?

Well it will take a lot of time to complete this , you can also check Burp's Web Security Academy 😄

can you provide a link to that

and also answer my another please if you can

https://portswigger.net/web-security

thankyou so much sir

@keen tundra

Check out programs on Hacker1 and Bugcrowd 🙂

ahh thankyou so much, you've been a great help today

There's also a dedicated channel to bug bounty 🙂 https://discord.com/channels/521382216299839518/743858961593139361

ohh I added into my channel list

Good luck on your journey 😄

yes, thankyou so much sir

also, does cisco's CCNA course helps understand Networking deeply?

which is I guess on Netacad

Not deeply , it's a foundational cert 😄

ohh

but it's great to learn Networking from right?

Yes , definitely 😄

well, I should get started then

thanks again

Would you recommend the CompTia Network and security + as first certs to try break into cyber as a IT professional

I would but if you're really on beginning of your journey , focus more on knowledge than on certificates 🙂

they’re great certs for foundational knowledge, but you would be hard pressed to get into any position through certs alone

the important part is to get actual IT work experience before breaking into cyber, which is usually through the help desk or similar roles

currently working in it support role while spending alot of time on THM

alright, I would recommend sticking there for a year or two then (1) find someone who can get you in or be promoted internally if possible, (2) spam certs within reason, (3) complete projects, and/or (4) polish up your resume

thanks i appreciate the advice, any specific certs to go for (uk based), also my workplace hasn't really got place for promotions so ill probably need move to some corporation, any beginner roles to look out for in the future providing i have 2 years it experience with some certs

Gave +1 Rep to @fierce acorn (current: #362 - 15)

generally, Security+ is the baseline cert, but I’m not sure how popular it is in the UK (I’m in the US) nor what other certs are popular there; you will have to do your own research on job postings unless someone else has insight

a beginner security role is usually SOC analyst

I'm massively lagging in certs, I am pretty senior now in the UK and have made it there having only done SEC401, but I'm a big security nerd outside of that

Looking at doing CISSP next year just for the sake of it so my CV doesn't look terrible

if you’re senior, then certs don’t matter much outside of CISSP or certs from big name companies like SANS/GIAC or OffSec

I wouldn’t worry much unless you have a lot of whitespace on your CV or resume, which would be odd for someone in a senior role

Should I print off some resumes to bring to an interview? I know that used to be a considerate thing to do but I’m not sure if I need to do that in modern times

This is for careers, so I doubt it’s the right channel tbh, maybe #infosec-general