#cyber-and-careers

i know geneva, but not leon 🦧

no it's not my job, it's just a way to gain knowledge, i can do that without going to school

My kids are spoiled

But my youngest is a hustler

and when you see people having a doctorat in science or whatever they don't even get hire every time 🦧

The kid literally goes up to people and tells them to give him some money

And he is cute so people keep doing it

He walks around with pockets jingling with coins

This kid is 2

Hi. 👋
I have a question regarding penetration tester certification. Our company is helping to put together a procurement for our friends company and one of the requirements will be penetration tester certification (intermediate). In addition, I am looking to get one too. Googling and reading through dozens of different certifications offered by different companies, I realized that I have no idea which ones are "legit" (so to speak). So far CompTIA Pentest+ advertised by THM, seems what we need, but I would appreciate any pointers and suggestions on which penetration testing certification to look for and from which company.

Hey rich I'm no expert but hackthebox has a pretty legit one

I'm sure you'll get much better answers but that's the one I'll be trying to get once I'm done with the thm material

https://academy.hackthebox.com/preview/certifications

For france i think this may help 👇
https://www.linkedin.com/in/menacyberwoman

• Jonathan Dale Lawrence Harvey - https://www.linkedin.com/in/jonathan-dale-lawrence-harvey
• Jack Lamport - https://www.linkedin.com/in/jack-lamport-contract-cyber-recruitment/
• Matthew Saxton - https://www.linkedin.com/in/matthew-saxton-391b56214/

@wide mica I meant paid certification you get after finishing exam.

define “intermediate”

if you’re asking about certs in general, then the PNPT, CPTS, OSCP, and other practical pentesting certs go into that “intermediate” category

if you’re asking about pentesting certs specifically, then the scale is a bit skewed as what’s “entry-level” and “intermediate” for pentesting aren’t really entry-level nor intermediate

the PenTest+, although it’s offered by a recognizable name brand (CompTIA), doesn’t test practical skill in a simulated engagement

Anyone here do cyber tech masters?

What is the best way to contact this Discord admin about sharing a new job posting?

Try to ask here https://discord.com/channels/521382216299839518/521771811768107008 🙂

thank you KGB

good day guys. please i wish to ask is CCNA a must for cyber security

No , it isn't , CCNA is a networking certificate 😄 . You should have some networking knowldge for cyber security but CCNA isn't mandatory 😄

thank you very much KGB

Gave +1 Rep to @keen tundra (current: #7 - 1125)

What are you hoping to get out of this?
Actual pentesters on staff? And in which country?

If you're UK based then you probably want one CHECK team lead for app and/or infrastructure (depending on the job role), and CHECK team members otherwise. Either way get them with prior experience for a new team. Experience is the important bit.
CHECK isn't necessarily the best way of doing it (nor is it necessarily required, depending on the job role), but it's the standard for the country.
Otherwise OSCP is still the baseline practical pentesting cert (for now). That's pretty much universal at this point, although others (CPTS, for example) are beginning to get more recognition.

I believe that CCNA is not a must cert, but learning CCNA can be really helpful because learning all the networking and if you have a job as a network administrator then it will be advantageous in your carrer, so that you know what measures should take to protect from the attacks or plan attacks to test the security.

Thank you very much for the tips , i have just sent an email to that person, i so appreciate your help , that is very kind of you

Gave +1 Rep to @charred knoll (current: #980 - 4)

thank you very much

Gave +1 Rep to @charred knoll (current: #838 - 5)

I have a genuine question, I’m 19 currently studying software engineering. (1st year) is it worth it to get certificates now even though they will be expired by the time i am looking for a job ( end of 4th year ). Or is it worth it to just continue what I’m doing and stay on hack the box and try hack me. My end goal is a soc analyst.

Thank you for your reply. 🙏
After going through certifications you mentioned - all 3 of them sound like something we need (not only theoretical knowledge, but also practical), however now I don't understand the difference between them (while they have different abbreviation, they all basically affirm practical knowledge of a pen-tester).

OSCP doesn't expire so I imagine, this is more for junior pen-testers, right?
PNPT & CPTS sound closer to what we were looking for, but as I said, I don't understand the difference, besides examination company.

Yeah, now I understand that. We were initially looking at CompTIA Pentest+ certification, but after your input about practical skill, I guess there are better options.
To not make this any longer/complicated - for the procurement, if we need a person who will have to do network auditing and penetration testing of a web-application on that network (before handing it over to the client), which certification would you suggest to go for? And last, following question - (after 5+ years picking back up this pentesting path from hobby level) if I want to be able to land future job as a pentester and apply for such web-application auditing/pentesting procurements, which certification should I go for?

Gave +1 Rep to @fierce acorn (current: #349 - 16)

Stay on THM and HTB for now and see how it goes 🙂 . If you find out that this is really the career that you want to pursue and you have an opportunity , you can go for some industry certificate 😄 .

Thanks. Yeah from what sp3ctr4l wrote and what I replied above - I'm starting to look more into OSCP and PNPT/CPTS certs now.

After I finish junior pentesting in tryhackme is certifcation trusty

THM certs don't really have any value on job market if that's what you are asking 🙂

😭🤍.

So sad

But cpts have great Job in htb right

I mean great value in htb

Sorry, just curious. Is RUST used anywhere in Cyber Security? I know Go and Python are particularly popular besides shell scripting. But what about Rust? I am probably going to learn it well either way, I like it.

No, but you can say you are top 3% on tryhackme and that could mean something.

What means by that
Top 3%

From where you got the information

What is means?

Well, it means that you studied diligently and completed more modules than the remaining 96% of other people who ever registered on THM.

I am pretty sure you can sell it well to some HRs. Might be less impactful in startups where you are interviewed by a team lead.

I got it means if I finish the more modules more means that I finish

96% of register people right?

Who no finsihed the modules but what benifit with that ?

Well it's an achievent that can bear some value on the resume, unlike the THM certificates of completion.

Great !

But it means u finished the modules who dont people finish it right

I should finish modules so much pentesting , blue team

Red team

I am not sure hoiw it is calculated. Harder rated rooms and newer rooms should give a little more points. This is what got me to 3% including both pre-security ones

I finished presecuritu and introduction to cybersecurity

So inshallah means I gonna be top with u 🤍🤣

Yes , they do 🙂

I can recommend doing the cpts path, then doing oscp

Exact opposite actually. Percent means nothing to anyone. It's literally a meme. Do not put it on a CV.

Completed learning paths under extra curricular activities can be good though.

See here:
#cyber-and-careers message

Remember that THM aren't a certifying body (yet). They don't provide certs: they provide certificates of completion (which are indicative of some level of skill, but not proof).
CPTS is an actual examined certification, albeit a relatively new one.

When cpts new right u mean the versions

I mean it's only been out for a couple of years (max) and doesn't have as much weight behind it yet as some of the more established ones.

That said, it's rising rapidly.

Look I prepare for it just let me finish the basics in tryhackme after I will go to htb

@undone shore so u mean years for cpts

And it will expire

They just mean that the CPTS has only been out for a few years (just checked and its been only out for 2 years).

The CPTS also does not expire.

Its been 2 years for it,

From relase

why

please how can i add the rooms i have completed in tryhackme with my achievements(75 rooms, top 5%, 13 badges) to the experience section of my linkedin profile

can someone either bully me into thinking this is a bad idea or if i should actaully do it... I'm thinking of making a huge East Coast Con something like def con but instead, this will primarily be more focused on workshops / villages / certs instead of speakers and talks obv it will take some time its not my intent to make a huge con like that next year I also do have experience hosting cons however I don't know if I should pursue this.. I have a small team in a different discord just throwing out ideas

thats wonderful. good one

I couldn't find other way but i hope this will work, you can go to my profile and click on the click profile badge id and then screenshot the first image 😉 and can post it to linkedin.

ok thank you

Gave +1 Rep to @charred knoll (current: #739 - 6)

Have a great day

thanks. wish you same

Thanks

Gave +1 Rep to @rain raptor (current: #2477 - 1)

I'm currently working as a trucker with no background in IT. I'm looking to get into Cyber security and most likely getting my foot in the door as a SOC analyst and then later looking into PEN testing to see which one I'm more interested in. I'm working on getting the Google Cyber security certification and then the CompTIA security + . I'm in the New York metro area. Can anyone recommend other certs, portfolio projects, or CTFs that I could do to help expedite my path that would translate to real world valuable experience? Also, what kind of salary can I expect in this area?

You can check out this pathway on THM if you're interested in Comptia certs , in fact it's geared exactly towards Pentest+ 😄 .

https://tryhackme.com/r/path/outline/pentestplus

@keen tundra thank you!

Gave +1 Rep to @keen tundra (current: #7 - 1149)

If you have no IT background you can start with compTIA A+ which is a great certification to start with

Where Tryhackme is a beginner friendly platform, Hack the box is more of a robust platform if you want to focus in cybersecurity

Is it 100% necessary or do you think I'll be able to pick up the concept through the security+ cert and try hack me?

Well, tryhackme can be a great way to start cybersecurity but compTIA A+ can give you IT fundamentals. For example, in cybersecurity one should know about networking, so when it comes to networking he must know how the the hub and switch works. This certification will introduce you to all that basic stuff before learning the tier2 knowledges. After compTIA A+ the CCNA certificate can be beneficial to learn security+ cert, because if we know to protect but doesn't know what to, can be challenging.

And also consider learning Linux because where ever in IT, Linux is inevitable.

please can anyone share SOC analyst pathway

Makes sense. I'll look into the CCNA cert as well. Thank you!

Gave +1 Rep to @charred knoll (current: #616 - 8)

Yeah, I noticed it keeps coming up a lot everywhere I look. Do you have any recommendations for where I could learn it comprehensively?

You can start learning from tryhackme

You need to create an account on hack the box academy to learn this ☝️

Gotcha,Thanks again! I have about an hour or two per day to study. I get to review flashcards throughout the day. Since I already started the Google Cyber security Course I'd like to finish that before jumping into something else. Do you think I should focus solely on that or should I squeeze in some time to learn Linux or perhaps also do the A+ every now and again? I know A+ should've probably come before the cyber security Course but I'm already paying monthly and I don't want to waste money.

Before completing the cybersecurity course feel free to learn linux which is a beginner_friendly course and you don't need any prerequisites to learn that, then compTIA A+ and, if can, start learning programing languages like Python, which can also be beneficial, and also keep in mind that in tryhackme the linux fundamentals modules is not completely free but on hack the box academy it is free of cost.

Thank you tremendously! One last question I promise. Aside from Indeed and Zip Recruiter, are there any other ways that you recommend to look for potential positions. I'd like to get an idea of what kinds of salaries are out in the New York area and what are the job requirements for entry level positions. I'm not seeing many or perhaps I'm putting in the wrong search terms.

Gave +1 Rep to @charred knoll (current: #567 - 9)

Linkedin can be a great way to search for jobs.

In cybersecurity security what kind of job are you intrested in

SOC analyst, I heard It was the easiest to break into Cyber security. Since I'm new I'm not entirely sure what would interest me more but I'm focused on getting my foot in the door first.

https://tryhackme.com/r/careers/cyber-security-analyst

Thank you once again 👍🏽

Gave +1 Rep to @charred knoll (current: #524 - 10)

Have a great day 😀

thank you very much!

Gave +1 Rep to @charred knoll (current: #483 - 11)

Another option (if you don't have a job now) could be to apply for an IT position (desktop/help desk support)....and get some hands on experience there with computers, that will def help out for your future security role (I know it did for me).

It would also be great if you join a company that has a security team because from there, you can show interest and eventually get hired/transfer from within the company to a security role.

And I always encourage people to continue to network with others....you never know when one of those networks will say "hey, actually I have position open now if you're interested"

Just some thoughts.

Hey @warm hinge

Please ensure you have read our community guidelines on advertising:)

🦧

A+ is good for entry level support desk with no work experience. Working at all in a professional environment is fully half of what A+ tries to teach. Getting into a SOC usually requires knowledge more advanced than what A+ teaches; I would say at least a year of entry level IT work in any domain is an acceptable starting point, but the person looking should always look at local job ads to see what employers are looking for.

It's counter-productive to recommend a cert to someone if their local market does require it.

Depending on your tolerance and background for administrative work, compliance or GRC are also fairly common entry points to a cybersecurity or information security career. What's your current tech background?

What would be considered an entry level role for compliance/GRC?

Hey guys! for a front-end developer who wants to switch to cyber, which career path would benefit from my past experience?

Take a look here and see what best suits you 😄

https://tryhackme.com/jr/careersincyber

thanks!

Gave +1 Rep to @keen tundra (current: #7 - 1172)

tech writers, administrative assistant to director, junior compliance analyst. Note that GRC usually requires other qualifications and knowledge, such as an junior college degree or similar

Got it, thank you!

Gave +1 Rep to @flat sedge (current: #11 - 790)

@tawdry sun honestly getting on with an msp on the helpdesk can be a meat grinder but you very quickly get hands on with lots of different configs and tech. I administrate a wide variety of setups from on-prem to cloud to hybrid Google and Microsoft , I support pos software, hotel booking software, accounting software, I do networking. I’m the only one on the desk that can do Linux and you do everything in between. You learn very quick at an msp and get hands on with so much

I work as a truck driver so I'm looking to break into the field making close to what I make now. I know it might take longer to build a portfolio that would allow me to make that much but I really cant afford to take too much of a pay cut right now.

How much could i realistically expect to make working for an MSP?

Im in the New York Metro Area

I help a church run network cables and set up cameras but nothing too in depth that I think I could put on a resume. My dilema is that Id like to be close to what I currently make as a truck driver. It's a stretch I know but I can't afford much of a pay cut.

Most entry level IT roles are in the 40-60k range in the US - I don't know what your take home is now, but it's very unlikely you are going to be able to jump into a 100k range without having some kind of relevant experience. Running cables for church AV stuff and network isn't really in-depth enough

You can certainly set up a home lab, and figure out how things work (and ought to work) though! It's not a substitution for actual experience but it's a good way to get interest and to help open the door for the career switch

Honestly msps are low pay. I took a pay cut knowing it’ll pay off soon

I get that and totally understand…it’s definitely tough. Sometimes we have to take risks (although easier said than done for sure).

Stack up on some certs on the side and keep on doing THM rooms to be active then also be active looking for roles and hope you can land something that wouldn’t feel like you’re getting a pay cut.

Yeah I went into this know that there was a strong possibility that I wouldn't be able to transition for a while. Honestly, Im looking 10-15 years down the road. There's a way high ceiling in cyber security that trucking so even if I have to wait 2 years or so, it still worth it. In 20 years truck will be driving themselves.

How long ago did you transition? and how the timeline looking in terms of a promotion or career upgrade ?

That's a little too much of a cut for me right now. I've considered setting up a home lab but since I'm just getting started, I don't really know yet what I need to invest in so I'll first familiarize myself more before purchasing anything.

Yea this is true. Sounds like you’re in the right path. Keep it up!

a good first home lab is a single laptop that you can run multiple vms on - i would reocmmend minimum 8 cores and 16GB of ram, more of either will give you more flexibility and a larger virtual environment to sandbox

how soon into the journey would i need to set one up? I'm still in the middle of the Google Cyber Security Course.

Coming up on 6 months. My supervisors have already expessed interest in making me either a sys admin getting or getting over to the NOC

But for reasons they won’t promote me until I have been there a year

Im actively applying and SA/NOC/SOC Analyst jobs too

whenever you get the money set aside for the spec you want

Congrats. I have heard that sometimes it pays to move laterally to another company than grow with one. I wonder if thats the case for most companies.

exploring and understanding how things are set up is critical to having the context of CS and IS work, and not just knowing the theory

It does. The pay will go up more by going to a new company. But what i have over my coworkers is my homelab

If this is your first job, you want to stay there for a minimum of 1 year, 2 years preferred. If you jump too early/too often, it looks bad because you don't actually have a good understanding of the role you left

But rn is also 1. A hard time in tech in general and 2. No one has reqs until the new year and/or layoffs are coming

But in the meantime I just get certs, build my homelab, learn as much as possible

Tbh I never got A+ and at this point my supervisors would rather I go for more advanced certs. But I got lucky getting a job with no certs. The day they offered me the job, that morning I had taken my sec+ exam

That’s fair

What are you aiming your sights on? like what would you like to be doing in CS?

And if you wanna know I took a >$30k pay cut

I mean everyone wants to be a pen tester right?

That’s why most of us are here

But I’d be happy in blue team roles as well

The first goal honestly is getting into the SOC. But I also realize being an SA or being in the NOC are invaluable to pentesters as well so I’m happy to get into those roles. I don’t see a specific path. I kinda just love tech of all sorts and like learning it all

Im thinking the same thing. I've read that it's easier to get into Cyber as a SOC analyst so Im looking to get in that way. Are you in the US?

thats a pretty hefty pay cut btw

Yeah. And it’s easier as SOC because there are more blue team jobs than red team jobs

Yeah it is I had a support system that meant my life style didn’t change at all

So I also lucked out there

I was able to take the hit even tho it still sucks

Be grateful. that's awesome. It sounds like you're taking full advantage of it too. I'm looking to connect with people near new york to see what their experience is like in the industry. But I'd like to know how things work out for you too. my time is limited so I'm gonna get to studying a bit. I wish you the best. thanks for the advice.

Yeah no worries. Good luck to you too

thanks for the advice. I appreciate it.

Gave +1 Rep to @flat sedge (current: #11 - 791)

No worries. And just a heads up, it is against the rules to DM or send friend requests without asking first

Probably should've read those. sorry

thanks for the heads up

One more thing, get involved with your local community. There’s tech groups all over. There’s multiple local defcon groups that do regular meetups, Linux user groups, etc. networking always helps

Definitely. I was looking into meetup today but didn't get around to finding any. I want to finish a this security+ cert and get some experience with Try Hack Me before meeting up. Id like to show up with some experience however little it may be.

Hi

Even with no experience man. You are just there to learn and hang out. No need to feel like you can’t go without experience. In my experience defcon people are good people who are willing to help. That’s the whole point of defcon (and the wider hacking community like thm) If you want to find defcon groups you can search the defcon forums

https://forum.defcon.org/node/231675

not sure where you are but this is a local nyc group

don't need to impress anyone man. A lot of people look for people who are interested/curious about security....I've hired people who have had less experience than others for a specific role. Now don't get me wrong, yes....have some fundamental knowledge in general but no one it's going to judge you for that.

If you feel rejected and intimidated by someone just because they're looking at you less.....then they're not a great leader at all or anyone you should be wanting to learn from anyways.

Be you, show your interest, the more you show up, the more someone is going to notice you and things can happen from there.

And always know that there is never such thing a "stupid" question. Ask away.....people will teach you as well....be curious...get out there for sure.

and when it comes to roles....yes, some def may required more experience than others but honestly at this point, your focus should be to get your feet wet....anything you can possibly learn from others and sunk in all that knowledge.

Said so much better than I can

Is PenTest a waste of a cert, actually

I appreciate that. certainly there are those types of people in all industries! Right now I just don't know what I don't know. I think after a bit more exposure ill have plenty of questions. I'm definitely not afraid to ask. lol as you've all seen. just wanna have more to ask.

If I have Pentest+, CASP, some college, and some experience through THM, will I be able to land a job in security?

Also working on my ccna

most def. I dont' know if anyone has mentioned it yet but look up "Tribe of Hackers"....the very first one that came out although there are newer ones. But that book helped me out so much when I was trying to do Security full time. It encouraged me so much to keep going because I get it, it can get frustrated at times and even disappointing because in the beginning we def need a lot of patience but look it up. It may help you as well.

I agree. It’s very difficult and takes lots of dedication, failing over and over and willingness to keep going

In my humble opinion, certs are good for some knowledge and mainly to get seen by HR. but what you're saying now is def good enough to apply for jobs. It's a matter of getting passed HR and then doing well during the interview process.

Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
by Marcus J. Carey and Jennifer Jin ?

And keep learning

yup! that one.

yea def, I agree

👍 thanks

Gave +1 Rep to @humble cosmos (current: #1226 - 3)

Awesome, thanks

Gave +1 Rep to @humble cosmos (current: #984 - 4)

I’ve found through the people I’ve met and connections I’ve made in this community, it’s my tribe and it’s definitely what’s motivated me to keep pushing through and learning

that's good man. I'm glad.

so yeah it's worth it and the right people will encourage you to keep learning and keep going and will never shame you for not understanding something. i've found the hacker community more than any other community honestly is willing to help, but not do it for you. which is the best way

Hey I am in HS. I really want to do Cybersec for my career. I don't really do to much except play tryhackme. Is there anything I can be doing at all rn to get ahead?

How much longer do you have before you graduate? With your THM experience, you can probably start looking at some internships. That will add up even more to your experience. On top of that, maybe look at some of the intro CompTIA certs. A+, Network+, and Security+

I think that would probably be a good starting path in my opinion.

Dont know if this helps any but udemy has some decent courses, and if you catch them on sale you can get the courses pretty cheap like 10-50 bucks cheap depending on the course. Im doing 4 cybersecurity courses on there. might be something worth looking at

Im in 10th grade. I graduate in 2 years

nice. I personally would start looking into internships or even social clubs for high schoolers. Not sure if there are any around your area or even within your school. Since you have a couple of years as well, it wouldn't hurt to look into IT courses....just something around computers fundamentals (similar to what the CompTIA A+ provides).

Are you hoping to continue education after HS? or just wanting to find a job right after?

Most likely go to uni on a track scholarship.

Yea I got an A+ book from Mike Myers. Idk if ima actually take the A+ as its pretty expensive and idk how useful itd be to me

i would start off just researching what career you want in cybersecurity and the skills and qualifications you need to be successful in that career. and then worry about what certifications you need. A+ is widely recognized in the tech industry i will say

Yea. As of now I got 3 in mind. Incident response pen testing and grc

But i wouldnt mind starting off as any other role

Ik cyber is like a advanced profession

Zeak have u done overthewire

I tried it

I dont really get it tho

Hackthebox has some heavy free material too

Use YouTube walkthrough

Alr

You still learn

Over the wire confused me so much. Wasent sure on what to do.

I got the Linux basics app on my phone which is okay but a little to "gamified" for my taste

Yeah it helps a lot to do a walkthrough with chatgpt + obsidian notes or whatever notes u like using

Personally I think phones are wack for anything other than texting

100% lol

Whats obsidian notes

I use 3 monitors, 1 for youtube, 1 for core material and 1 for obsidian notes

And the core one has split screen , others split too at times

Obsidian is awesome n free

It kinda works like neural linking , it's your own brains Wikipedia

But u gotta use chatgpt w it imo

Oh it looks sick

Because it will write the notes and link them for you

Will def download

Is it easy to learn?

Yeah I learned w maybe 3 YouTube vids then just dived in w chatgpt

Whats so special about linux anyways? Ik its used a lot in security but never really knew why

Have u bought the tryhackme sub?

Not yet

Havent needed to

🧐 well u get to use diff os, Ubuntu n other stuff w stuff loaded already so it makes intro to new stuff easier

I got Ubuntu

After u use Ubuntu n unix based stuff u really don't wanna use powershell

Ah

Oh then u are using a type of Linux already

I lowk suck at powershell

Ye

I use it on ma vm

Well powershell looks gay after using Linux imo

N it has nmap n a bunch of other things u can easily dl

But u can use whatever u like , personally like the bash interface

I think the 125$ sub is well worth it

I can access vms on my work CPU n scare my coworkers

https://tenor.com/view/hacker-man-hacker-cyber-gif-26053963

For tryhack?

I definitely agree with everything you're saying. I also use obsidian notes and it's great.

Or htb

Yeah

Htb is like 400+

Il proly get the monthly subscription for tryhack

As I wont have time all year

Only really got time over breaks as I got school and athletics

Well u gotta make time if u want it to b your career

It's kind of a lifestyle

Kids don't get good at fortnite just jamming on their breaks

This is so true. I spend a a lot of my time on THM or any other means of studying.

I'm also in 10th grade

Noice

I work 8 hrs a day n study 2 after work, and off day 8 hrs of study

I know there are people out there doing 10-12 hrs a day living n breathing that life, n they will b the ones getting the job I want

I'm at the very least trying to fit in 4-6 hours a day during the week and 8 on the weekends.

Nice man, 👌 do u do htb yet ?

Or what is your planned path

I'm thinking first thm 100% then htb

Not yet, mainly THM rn. Should I look into it?

Prob after yeah

Well, my goal is to get into digital forensics

It's denser thm will get us rdy for it

Oh ok👍

sub for THM is totally worth it in my opinion

but I'm also able to expense it at work lol so I'm good with that

but it's def worth it

I definitely agree with you.

Its been great so far

Yep ttyl @woven tulip gl on your studies

Byee. Gl to you too👍

Looking for help with kali and using toolkit

Read the man pages

woow i have learnt alot from the convo. thanks a lot guys

I will test this on Upwork by adding it to the profile description. I'd say that my boss reacted positively when I told him about my rating, but we are focused in scraping with evasion, not security.

Oh sick

Damn tf

On a good day i can only get a hr

school and sport eats all my time

do we get cyber job offers here?

Check out https://discord.com/channels/521382216299839518/775144008853749770 🙂

Ppl do more then 8hrs if thm a day

Damn

up-work is useless the asked for registration money to complete job 😆

ok

lol good for them.....I can only do 30 min to an hour tops. At the end of the day I'm fried and just want to relax.

How i feel. 6 hrs of school 2hr track prac and 1-2hrs of hw

Bout 3hrs of commute total to

commute is a pain for sure

Anyones place of work using tryhackme or hackthebox academy at their work? I really wish more workplaces used these learning platforms to train their cybersecurity workers

we just use our individual subscription and we're allowed to expense it. I don't mind it because if I ever leave the company, my THM account wouldn't get affected

but we do leverage some rooms for practice for sure

Hi guys, I am preparing an interview for an internship on pentest and I must achieve a CTF. To do so I already know that I am going to search for the flag on a crypted archive file and I am seeking for rooms to prepare this task !

Check out this one 🙂 . It's half-guided and it has a part with some password protected files 😄

https://tryhackme.com/r/room/agentsudoctf

Hi all, I started a job as a level 1 support technician 3 days ago, it's my very first professional experience in IT my goal is to get into the cyber side blue team kind in soc.
Are n1 support positions a good place to start? And how can I progress?

Any level in the intro IT world is a good place to start, level 1 included. It's effectively a foot in the door that'll provide you with practical experience and a ground level of technical knowledge.

I'd recommend (others may say different, be open to other views!) starting with a good foundation. Pursue an A+, Security+, maybe something from TOGAF or CCNA(prefer this tbh); these are all very useful and will give you a good general grasp of security architecture and network understanding.

Replying for notif, soz

good evening!! anyone from the red team up right now? i have a technical interview in a week and some tips and advise would be nice 🙂 its my first tech interview in a cybersec role (offensive security analyst)

Ok thanks ! I currently have an associate degree and I'm working on the ccna too.

Gave +1 Rep to @iron whale (current: #1230 - 3)

Just remember that you're always a student. Don't settle for just knowing how to drive when you're trying to be a racecar driver. You can always add new tools to your belt, and you'll look a lot more appealing as a candidate. Degree + Certification + Work Experience is the golden triad, make good use of it.

Love it @iron whale - 💯 truth

100% this. I have worked in construction for over 13 years. Always been interested in computers since i could use one when i was a kid. Finally took the plunge to get into the IT industry and starting my Degree in Febuary in IT and netowrking

For a junior cybersecurity role, how you prove your knowledge and skills? Also, as a junior with no experience u must work on site at the Z-company or u can work also remote, from home?

thanks in advance

I never heard of that job title....but I'm going to start looking for it! Been wanting to move into red team for a minute

You can have the knowledge & skill (proving it depends on there focused task at hand, or your hands on work). Getting that in person interview matters for alot of employers. If they want you to learn certain tools learn them whether it is splunk, elastic search elk, and etc. Some times the mundane tools no one wants to learn may pay it off for you. Take this with a grain of salt.

Hey good morning THM crew I'm curious about my certification journey how I should proceed. I got my CompTIA A+, Security+ and was thinking about going for the Cisco CCNA next to get networking under my belt but if my ultimate goal is to go red team pentester would I be better off skipping to CompTIA pentest+ or even the OSCP type certs instead?

I would recommend you to read CCNA official guide books but you don't need to necessarily take the exam and get a certificate 🙂 .

How can I capture the data traffic of other computers with my Linux machine on same Lan network

Use Wireshark 🙂

I had used tcpdump but i don't know that how i see domain name of the websites use by other users

according to my job description, im going to be a junior VAPT

i think the tech interview is kindof easy but i think im just nervous. basically they told me to prepare 2 vms, 1 attacker 1 attackbox

then just enable ssh and http access, scan the network, find the attackbox vm, bruteforce it

but im kinda confused of what to bruteforce :\ and what tool is best for this

Kind of weird. Are they telling you to set up your own vulnerable VM?

yep. therefore i have a vulnerable red hat linux, and ill attack it with my kali linux

just a graybox activity i guess

just to show that i can do basic stuff

What comes to mind is brute-forcing ssh that uses a bad password. Probably utilizing Metasploit.
For http you could have an apache server, maybe an outdated version that has a major vulnerability that is exploitable using Metasploit again. Or brute-forcing the login just like with ssh. Could also be vulnerable to SQLi and such.

graybox?

Anyone got a link to some good or decent AAR templates? All I find is usually for like, law enforcement and military.

Because AARs are a military thing, that's why. What type of document are you looking for?

I've been on both ends and I know everyone may have different opinions but this is what I usually tell people who are trying to get into Cybersecurity. I know how it feels to go through interviews without experience which I always hated it, I mean I've never liked interviews period. I've always been the person that wishes I can show people I can do the job.

Anyways, I always encourage candidates to be themselves, especially with a jr. role. Someone interviewing for a jr role, I'm expecting them to know that the candidates have little to no experience at all, so there's that. If all the experience you have it's THM, CTFs, and things like that, then say that. I mentioned before that I've hired candidates that have had less experienced than the other potential candidates. I love to see someone who is hungry for Security, someone who is humble enough to say "I've been trying to get into Security but it's been challenging finding a role because of my lack of experience. The only experience I have and continue to be active in, are places like THM" and I like hearing that because it shows honesty.

Skills can be taught, but soft skills are rare. You want to show that you're capable of working with others. Every company is different, every hiring manager is different....but I'm always encouraging young candidates to be themselves, network with different people, go to conferences when possible, etc. that's basically the "knocking on doors" action, the more you show up, the more you'll meet people and you'll be noticed. That's a good thing to have.

And as for working from the office or remote, it all depends on the company. Hope that helps!

That's a valuable perspective

i know some info about the vulnerable pc but not fully disclosed - gray box

is metasploit better than using hydra in terms of ssh bruteforcing

guys i am trying to get my first role in CC i am almost done with SOC Analyst L1 road in Tryhackme , is there anything else i should pursue or shoud i start applying to jobs?

For the purpose of solving THM tasks, there is little difference, it becomes a matter of personal preference. For larger tasks Hydra is faster than MSF, but could be less stable. Medusa is my personal favourite, but I had good runs with ncrack, too.

I recommend getting your certs. Although dont take my advice for much since, Since I dont know a whole lot.

ohhh thanks for this! btw i have a question

do you know any websites where i can practice sql injects?

Gave +1 Rep to @hot spire (current: #1645 - 2)

There are SQLi rooms on THM, then there is OverTheWire. If I recall correctly, later Natas rooms are solved via SQLi. You can also try DVWA Linux.

You have plenty rooms on THM , you can also check Burp's Web Security Academy 😄

cool didnt know thm have those!! thanks a lot @hot spire @keen tundra

Gave +1 Rep to @hot spire (current: #1230 - 3)

I am saving up for CCNA to get more into netwroking since in am not a CS grad and i got ISC2 CC for security basics and princaples idk if thats good enough

Hey all,

Any active professionals able to offer some advice please?

I’m currently working in NetSec but looking to pivot. I do enjoy offensive sec but in the UK the job market and salary offering isn’t all that great compared to my current salary and time investment required to achieve the required certification.

For SOC I like the idea of doing something like threat hunting/intel or incident response, but working through SOC L1 12 hour shifts is just a no go, I’m assuming there’s alternative paths to TH/IR without doing L1 SOC.

In any case, would it be easier to pivot from red to blue, or blue to red in terms of technical knowledge.

Thanks

Kind of depends on what kind of job you want to get, but generally security + is a good cert to have.

is google cyber security cert nearly as good? they seem pretty comprable

You will gain some knowledge with it , but it is pretty much useless on job market 🙂

Well I was going to supplement it with my uni degree

not worth it? better off for comptia?

Not sure, But usually comptia is the better choice

Yeah 🙂

Thanks guys!

thing is i cant afford sec+ really expensive , to my currency atleast

Thats understandable, I recommend just learning about it then (through youtube videos and cheat sheets). The only reason you get the cert is to verify you have the knowledge.

sec+ is currently on sale btw

its like 100 quid off

Yes and nope, they are a pentest thing too.

Because they took the concept from the military

You know the document format is different

There was one example AAR

I can't find it tho

Searching AAR is going to yield military results, you're likely going to have better success searching for documents that more align with corporate speak

That's why I asked if anyone has a good link

.

I asked what type of document you were looking for...

AAR template

Is this post engagement?

after actions review lol

When I say post engagement, I mean fully completed. Not just the end of a day within an engagement.

I understand the eJPT is a started certificate, which i, completed. How long do you estimate it would take to study for the OSCP?
I was thinking 2 months.
But I’ve been doing more research and certain people with 20+ years of experience have failed multiple times.
They aren’t necessarily in cyber security but generally in IT roles.

It all depends on the person. Personally, it took me about the whole 90 days to be fully ready. I finished the whole course within 45 days then the labs took me around 30ish days to complete.

Hello , does anyone know how can I get permissions to post on the thm-community-media channel ?

I think that you will need to verify first 🙂

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Hey Guys,
Is there anyone who have completed C|PENT or LPT from EC-Council?
I need some help to solve a few AD machines in Practice Range.

What is your current level of knowledge? Which one is your last cert?

An update to this (That whole section was a rant)
I'm 23 now, Got a few certs, got a job while in Uni then, while it was low pay, it really helped me alot then. Thank you for taking your time to listen to me then and giving your advices ❤️

Thank you @stuck rover @quick forum @pseudo creek

Gave +1 Rep to @stuck rover (current: #49 - 171)

It actually depends, You can do it in 30ish days to prepare but it'll be a bit packed, also depends on your level of understanding

is majoring in cybersecurity bad or should i just go to CS with cyber

I would say basic ?
I understand the method of enumeration, initial access, exploitation, post exploitation, pivoting and privilege escalation.

But for instance, if I didn’t have lolbas or gtfobins I wouldn’t get far.
AD is a different beast though. I was exploiting windows machines based off of third party software or services installed on them. But not exploiting AD services, if that makes sense.

Majoring in cybersecurity isn't necessarily bad, it's just that a lot of schools have lower standards for the training they provide; as in, they don't cover things in as much depth as you should really grasp. You should go CS if you have the opportunity, as it will give you a broader scope for opportunities after

that makes sense thank you i appreciate it

Gave +1 Rep to @rugged delta (current: #21 - 441)

With a job ?

Question: I'm debating getting another cert or practicing HTB to try and help my career. I have a CS degree, a fairly large portfolio of reverse engineering / low level programming projects. and a SEC+. I'm debating either doing HTB for more pentesting, or grabbing a cert. Idk what cert I'd want to get is the problem.

CASP? CYSA? Pentest+?

Is the job market for people with bachelors degrees really as bad as people on YouTube make it out to be?

I’m getting a bachelors in software engineering but adding Certs on top of it for Cyber.

Yes

I have a CS degree, Sec+, and 2 years of exp and can't get a job right now.

I can't get a job doing things I'm overqualified for.

Thats pretty discouraging

I have a coworker who wants to get a SEC+ and do cyber. He doesn't have tech exp. I don't know how to break the ice to him that he's not getting in unless he's incredibly lucky.

ChatGPT is taking over

it's not lmao

Then why u still without a job? xD

cs degrees don't mean anything anymore

lmao trash troll

They do.

I have experience in software engineering. And I've wanted to switch to cyber security for so long.

"Cybersecurity is not an entry level field" while there's entry level work in cyber it's rare and hyper competitive to get

a lot more "entry" level stuff in cyber prefers you have 2-4 years of development / it /tech exp from what I've seeing and hearing.

Before going to OSCP I would rather have you complete Cisco's Cybersecurity certs (they're free and with labs)

That would be Junior Cybersecurity path and Ethical Hacker path

That is correct due to what you said in your previous message. Cybersecurity's entry positions are entry to cyber, not the industry as a whole. Degrees cut out that initial 2-4 years of experience requirement and provide you with an item that is likely required by contract. Reading back through messages, overqualification is a thing and can hurt your application. Companies do not want to bring someone on that will leave faster than their projections allow. Your compensation requirements will also more than likely be outside of what they have provisioned.

I don't really watch Cyber professional help YouTube, what are they saying?

I am complete beginner and wanna get into cyber security for ethical hacking related roles..I have 2.75 yrs of IT experience. so what kind of projects that I can do and add into my portfolio to showcase during my interviews? I am currently taking the Google's Cyber Security Course.

Security+ is the baseline cybersecurity certification, so you're going to want to get that. My recommendation would be to try and get your company to pay for it. Pentesting is a small niche within cyber that you're going to have to work up to. If you don't have a degree, you may find it a little more difficult as well.

Ok, I just want to note that i currently work as a sys admin, and before that, IT support for an ISP. Do you think some of the concepts in these pathways might be too basic ?

I am not having a degree, that's why I am asking about portfolio project ideas....

Feel free to skip anything basic, I'm an intern in GRC if that helps, I got my job explaining stuff from those pathways + BTL1, feel free to take a look around it, but if it is way too simple, go for the OSCP, I'll definetively go for the OSCP as soon as I'm done with CPTS

So, I'm nearing the end of my bachelor's and have around 6-7 months left, I have no skills and want to enter the field of cybersec, I want to be flexible in both red and blue teams, but after learning from the THM site, what's next? LIke if I want proof of skill then I'd need something substantial like projects? I just mean I'm confused what to do after completing THM if I want a job? Also, I'm thinking of doing pythong for data science with cybersecurity, will that be a good idea?

Also, I was planning on doing master's if I don't have the relevant skills by the time and projects to land a job in a company, I know the trend in my region, small companies are mainly offense based and big companies need defence people, which is why I'll be doing both and be flexible in both of them, considering substantiality, I'm thinking doing some kind of development or just as I said above, python with data stuff.

Hello everyone! I'm looking to build a career in cloud cybersecurity and have completed the Google Cybersecurity course as well as the Microsoft Azure Fundamentals (AZ-900) certification. I'm uncertain about my next step: should I pursue Security+ or the Azure Security Engineer (AZ-500) certification? I would appreciate any guidance or advice you may have. Thank you!.
P.S. : I am pursuing my 3rd year in Computer Engineering

i just tried contacting this community college near me about their "Information Technology Support Assistant Cybersecurity Specialist" certification and I'm thinking i might do it. It's way cheaper than a university and it prepares me for the comptia+ certs including sec+ and a+. then after that I'll probably do the +certifications. What do you guys think?

You'll need to look at what organizations around you are requiring on their job postings. If you have the opportunity to attend a four year degree, that will 100% outweigh their certification. That certification program name also just sounds like a mash of buzzwords, to be completely honest.

Security+ is the more agnostic certification and will likely give you more lateral movement career wise. I would focus on completing your degree right now though and come back to certifications when you're in your last semester.

I would be all for attending a four year degree, im just worried about the gen ed aspect of it such as english or math. Im also concerned about student debt

I'll answer your top paragraph in a bit, but doing a masters right after a bachelors isn't recommended. It's going to price you out of entry level roles. Your offensive roles are going to be a small niche with less positions when compared to defense. Offensive also has a higher experience requirement due to the level of risk associated with that line of work.

Gen Ed makes you a more well rounded member of society and also helps you with report writing, which is 90% of security. If you're concerned with debt, there are many scholarships and grants that you could apply for, you can also attend a cheaper community college first to get through your Gen Eds and then transfer to a University.

Since you have IT exp: 1. https://www.youtube.com/playlist?list=PLB6hQ_WpB6U0WeroZAfssgRpxW8olnkqy
2. https://github.com/gabrieltorrens/getting-into-cybersecurity-for-it-pros/blob/main/resources.md

Hi, THM-community ! I'm in my late 40s and want to change into IT, especially cyber security. How are my opportunities in getting a job without a degree but making some certificates ? Any ideas or experiences ? Can I make a "career" in that ?

You need to evaluate if the move is right for you based on your current responsibilities and requirements. Can you afford to take a paycut? Are there opportunities in your area, or will you have to move? Does that affect children or your partner if you have them?

I already thought a lot about exactly that questions as you mentioned and I'm sure to go that path to be a security analyst in the first step. I changed many jobs in the near past just to reach a certain income but never did what I loved to do. Therefore I very appreciate if someone give me advices how to forward ..

Recommendation would be to redact your resume and post an image of it here for review

Buddy, I've been cleaning machines all my life and you won't see anything else in my CV. I managed my own company for industrial cleaning for 12 years, but that's it in terms of content. With my plan to switch to IT, I am deliberately doing this background

Has anyone used clicked to get some real world experience before getting hired?

CISM, CISA, CRISC would be good next steps. Do you want to stay technical or go into management?

Apologies if I am assigning hostility when there is none, but I am not your buddy. Resumes are very important for technical jobs and follow a specific format. The goal is to review the resume, get it into a good format, and relate your previous experience to jobs in the tech sector. You do you though

Technical. I've been told I should look into an OSCP

sorry for the "buddy" but that's what the duckduckgo translator makes when I type in german. Thank you for the informations, i get what you intend to message. I'll work on my resume and share it with you when I finish it (no translator, thats my own typed text)

Gave +1 Rep to @stoic cave (current: #19 - 482)

OSCP is reasonable for that career path, but do not pay for it yourself. It's priced for business customers, not individuals

Thanks for the advice !

Gave +1 Rep to @hushed condor (current: #746 - 6)

Okay ty

Gave +1 Rep to @flat sedge (current: #11 - 793)

Yes you are right about focusing on completing the degree, but doing an internship is mandatory in this semester as a part of the curriculum.
I have been applying to a lot of internships but none of them are responding as I don't have any prior experience or any renowned certification.

Hey guys is GRC a going entry into Cybersecurity?

I at the moment have a degree in Cyber and security+ but I’m not sure on scalability starting in GRC

Thank you in advance to any responses!!

The initial advice still applies, even though you added another variable. That being said internships really only require you to be in school, FAANG and other popular companies aren't really representative of typical internship requirements, which leads me to believe your resume may need some adjustments. I would verify and then post a redacted copy of your resume for review.

@stoic cave I've DMed you my resume please review it

Please do not DM without permission, it's prohibited here

Sorry I didn't knew

Verify and post a redacted copy as an image in this channel

I am unable to send the image

How do I verify

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

You need to verify using the link I provided above

.

Please review it and let me know what changes should I make

I will later as it's late, but a quick question. What do you mean by "job simulation?"

Is that an internship?

There's a website named FORAGE where you can perform some job simulations which are made by the company which partnered with forage like in my case mastercard and tata. These are made in a way that you can learn something from it while you also get to know what the person in that role is needed to do in that company.

Some people like to call it as virtual internship but I don't think it is one

I understand, so I think I'll do defense first and then offense, but then what should I do to gain experience in Offense? I mean to get entry level jobs you gotta have some projects and skills built up, and then there is the thing that if I get a job after my bachelor's, I might get time before I do masters but if I don't, it's a direct masters path, which is why I'm trying to do job before masters.

you can't pass off Forage job simulations as "work experience"
https://www.canva.com/design/DAFl7ChBdDM/r4eSUvu_ANmkqukuwM7_6Q/view#1

frankly, not a lot of employers will care about Forage's job simulations for verifiable work experience, but you can mention them in job interviews

the german market works quite differently than the US / UK market. however the lack of people in IT might give you a chance as "quereinsteiger", however you need something to show some skills. you also need to be aware of that the entry payment will be low compared to your current one. i would recommend to do something more substantial than just a course, perhaps rather going the VWA way as "informatik-betriebswirt". this requires 2-3 years though and some suffering. the question is, and thats just honest, not in an offensive way, whether its worth it for you to go the difficult road with no guarantee about the outcome.

For resume, the general advise is that write your content as bullet points and not a paragraph. And make sure that the point is in single line. Avoid the white spaces in the end. Try to frame the points in a way that it goes till the end of the line (at least 80%), not the middle. Also the content of the skills, you can write that in a single line or modify it based on Languages, Framework, Softwares etc.
Also do use bold letters in your resume, like bolding any number of anything important

Hi everyone, I'm not new to the cyber security world but I don't really have a lot of knowledge, I watch videos, tutorials or stuff about cybersecurity and I'm currencltry doing the THM advent of cyber. I want to get into this world and maybe land a job. I have IT experience because of my school and I work in a IT company. I was thinking of taking the CEH certification but I'm not sure because of the price.
I guess that my question are: is the CEH worht it and if not, what is the best certificate/course I can do?

Look for jobs you're interested in witin your area, see what certs they ask for.

The fact is that a lot of job in my area have like "certs are required" but don't specify a single certification, I'm just curious of what is best to start

Where do you live?

call them and ask 🤷‍♂️

Italy

Ceh would probably be wasted then, it's only really asked for in India.

oh really?

Yes

Don’t bother with ceh

General advise: Apply for the jobs irrespective of what they have asked. They just write too many things.

thank you very much @gritty peak , very usefull informations. I´ll intend to make my part-time bachelor in "Hochschule Niederrhein" for "Cyber Security Management" beginning in winter season. With Tryhackme (and perhaps Hackthebox afterwords) I want me to prep for certificates like CompTIA Sec+ & Net+. Am I on the right path in your opinion, any suggestions ?

Gave +1 Rep to @gritty peak (current: #264 - 23)

I was asked today that what was I trying to do? Let's suppose I enter the cybersec field, get jobs etc. now what? what's next?

i think the bachelor is more important first hand than the certs, but it doesnt hurt to work on tryhackme, cause thats easy to scale. in the 2nd step, id apply for jobs right away, so far i have rarely seen job requests with any certs required, most required a bachelor degree

By 2nd step you mean after bachelor degree ?

exactly

or when close to end, when writing the thesis

the german market doesn't value these certs too much, rather as nice to have than really demanding them. different story when it comes to ccna or microsoft certs, but then rather for the network or administrative part

how do you know the expression "Quereinsteiger" ? Are a native german ?

jep, also was 3 years placement officer at jobcenter 😉

so i can tell a bit about the market

du bist ja ein richtiger Schatz auf der Plattform und mit deinen Infos ! Thanks a lot !

yw ^^ and stick with english pls 😉 they dont allow other languages here

yes, Sir 😉 may I add you as friend ?

sure

Could I also pls add u as a friend? And maybe also ask u a few questions

Hii @gritty peak and everyone willing to help me with an answer
I am going into cybersec for the purpose of law enforcement, I am in it already, please I would like to bank on your experience as to steps I need to take

yikes, i can only talk of german market, i have no idea about anywhere else

Oppps, thank you.
Generally, what would you advise for anyone seeking a career in Pentesting?

Gave +1 Rep to @gritty peak (current: #259 - 24)

well, the german market works that way, that a degree is more worth than a cert. a cert is just a qualification. when you are young enough, id rather study cyber.

when id be 20 years younger, id do ^^

for me personally, its not an option anymore to get into an entry role, cause the paycut would be really bad

in my former life I had been an industrial cleaner, had 12 years of it my own company, since it became bankrupt cause of corona. Now I'm a project manager in a service company. What would you prefer I should focus on, considering the payment and time for study & co, ? Thanks in advance (age 47)

Gave +1 Rep to @gritty peak (current: #251 - 25)

you mentioned you study half-time, thats fine 🙂

also what i do ^^

but with a different goal

nice ... what r you intending as you wanna tell ?

i already work in IT management / infrastructure .. thats boring.. however my benefit is, i am in a large public administration, so i only need a sheet which states "fachlich fundierte grundkenntnisse" and i can switch the department

what i do is called informatikfachwirt (there is no translation for that), which will serve this purpose

when you'll finish ?

and thats fine then for me, every cyber related stuff for me is hobby, perhaps i might do bug bounties for some side money

about a year plus 2-3 months or so

I'm very appreciated to get in contact with you here ... will quit for now. thanks my friend, see you in later Q&A's 😉

tc ^^

Hey would anyone here know what libraries I should look into and what project should I create in visual studio, C++ when coding a program that interacts an application/website?

Thank you

Gave +1 Rep to @gritty peak (current: #246 - 26)

How popular are phyiscal pen-testers and how does one get into such a career?

Physical Pen-testing is a pretty niche career, it actually requires a lot of trust. Usually companies aren't going to make you a physical pen tester out of the blue or randomly. On average you need at least a good track record working as a software pen-tester first, maybe 2-4 years of trust

I know a physical pentester that has physically pen tested NYC companies, so thats my source

I see... Thank you. I was looking into something about that last night and thought what an interesting concept, but not sure what it would entail, but that's so freaking cool.

My advice, practice lock picking!

Yeah its awesome

my source loves their job

Lock picking is a good skill to have as a physical pen tester

you can open doors with it

I know lock picking. I work in forestry and the amount of idiots I had to free from chains because they think us cutting down a few trees are saving species, but in fact they're causing more harm as trees need trimming else they're killing each other out. So that's a skill I have.

Awesome, you are already well off, you just need to build rep at a company that offers physical pen testing

Because if you fail on site while doing physical pen testing, its classified as a failure of course

usually its a one try thing

Yeah.. Well guess there's not much of those this side of the planet.

Anyways, will do more research on these companies and see if I can get one to hire me as a freelancer until I've got enough rep in it.

You don’t really need lock picking for most physical pentests, strongest focus should be put on social engineering skills

I think thats obvious

so besides social engineering

lock picking is good

Any thoughts on cryptography as a career

I am fresher so I need a mentor or guidance to help me getting ceh certificate

its cool, i recommend

you should keep up with quantum however

quantum and cryptography will be good to know together

since one of the fears of quantum is that it will break modern cryptography

Yes but are there enough jobs

I dont suppose you fine folks have any advice for landing an internship position unpaid is completely fine(can support myself for now shuffling cardboard), Really enjoying what im learning and would love to be of use while i learn! Bonus points if theres any tips for navigating a market like we have here in NZ

Are you US based?

sadly not im New Zealand based fantastic scenery, terrible job market XD

Try to check out https://discord.com/channels/521382216299839518/775144008853749770 🙂

awesome ill add that to my channel list

I don't know anything about the market there but, if I was starting, I would try to disclose a CVE

You can always set that experience as a Freelance Security Researcher

And it pays

good idea ive got one on the cook but its super niche in its industry but the impact is pretty crazy for the companies involved

Or move, here in Europe it's quite easy to get an internship if you know your stuff

actually considering it, might be nice to live in a city where you can go out for a meal after 8pm XD

What is everyone's recommendation for entering the network security or policy writing side of cybersecurity? I have another internship this year on either the SOC side, again, or general cybersecuirty but I'm interested in network security and policy.

Hi everyone, so I have just graduated with a BS in CS with a focus on cybersecurity. I am wanting to get into the cyberspace but I dont have any technical experience with IT or Cyber. I am currenty working on my Sec+ and then going to start on my CySA or Pentest

In yalls experience, how should I set my expectations and how should I align myself in order to succeed. I figured I would probably start in IT and work my way up, but wanted experience from people in the field.

Is anyone from India, is anyone even getting hired in India in Cyber security?? Cause I think in India companies give a lot of value to cliche tags rather than skills? Am I wrong to believe that? Please give me feedback

Try to apply to cyber internships and helpdesk roles

Help desk is probably the say to go for myself. Thank you

Honestly just apply. You might get lucky and get that sweet "entry level cybersecurity job" if not you could just do helpdesk. Make sure you do some projects

Yea, I'm trying to get some levels in tryhackme to show some "skills" and I have some plans for projects. But I'm not really sure a good place to start

@chrome spire

Well what certs you got

What education do you have

What experience?

I'm working on security+ now, I have a bs in computer science, focus in Cybersecurity

Associates in engineering

Did ya learn a lot there

I have Linux experience and some basic knowledge of networking

I sure hope I did

Oh nicee

Not sure how to apply them to projects that I could publish

Well I mean there is some stuff

I would recon u just go through the tryhack rooms learn a ton of stuff and take loads of notes on the rooms

Yea

What im doing rn lol

I'm thinking of building a basic password manager and deploy a local server for it to query to and from

I think that would be a nice project

Thats a great start

Im sure you learned a lot of programing from ur CS degree which will make you stand oht

Yea

Was it from a notable uni if u dont mind me asking?

Mainly java, but I took a course on SQL, took a couple of cybersecruity courses, networking course

It was accredited, but it was not a top college either

SQL will be useful

Oh alright

U can also go simply on reddit or yt and search for project ideas

Yea

I recon you buy a cheap computer and turn it into a SIEM

And setup some vm servers on there

I was thinking of programming a pi to make it a modem

Install some firewall stuff

Thst sounds rlly cool

Similar to Network Chuck

I love network chuck

Coolest project ideas

Yea I have some old laptops I could use as a vm for pen testing

Thsts perfect

One project I did was simply run a minecraft server locally

Fun project. Learned a lot about how windows servers work

Or I could just run a VM at the same time on my computer and get it's ip and pen test that way

I should learn more about windows

Including servers and powershell

U could. I personally dont like as it gets rlly messy and i get disorganized lol

Yes it isn't the best

Theres a "Investigating Windows" lab on tryhack thats good

Helps with the ins and outs of windows

Hmmm ok

I might buy the premium version to get access to more rooms

It would be cool to also take any projects and code then in multiple languages

I need to up my Wireshark game also

Yea im considering it to

Rlly hard to find time cuz of school and running

What are you in school for?

But i might buy a 1 month for over the break

HS lol

OH

Well lol

Good luck with that

Yea

Ya boy tryna make it in this cyber thing

Its mad fun to

there is a 30% discount on the annual subscription in the AOC rn. I got premium like 20 days ago and its been worth it for me.

Like a code?

Damn

yea AOC2024

7.35 a month

O dam

Does it stack with student discount

idk, do you get a student discount in HS?

It said so

Students in US and UK i think

I missed out then

thought it was only college

Idk why it would br

Start as Software Engineer or Have a very strong side project for cyber security. Make sure write security blog whenever you have time. I would avoid help desk with a CS degree. I don't have any cert either. Currently work as Security Engineer. You want to be strong at foundational networking skill. Security+ can open some door tho, I noticed some companies required it.

Hello everyone, hope you are doing well. I am a beginner in cybersecurity and i am enjoying THM. Currently i am in pre security module. My question is in order to get a job in cybersecurity do i need to get any certifications after i complete either a SOC or a Pentester roadmap. I currently do not have any background in IT. But have bit of knowledge in IT, through doing online courses. I have heard people saying that you will need to do projects as well to stand out. Can someone please shed some light on this. Thanks

If you have a bachelor degree with focus on cybersecurity and you did not slack off during your studies you should be equipped for a junior role in the field. Ideally, you should have interned and got practical experience, too.

Either way, applying for junior roles seems appropriate at this point. You may want to get more knowledge in the area you want to specialise in (or seeing better job prospects in your area or country) - this is where THM may help.

If you have some specific roles you want to apply to and need to adjust your CV, feel free to DM me.

What background do you have?

Great thanks

Gave +1 Rep to @hot spire (current: #999 - 4)

Background is in sales and finance but i am good with computer. The only thing i did not do is study computers and now i am worried as i have heard companies filter out people who dont have IT background. I dont know if certifications will do anything. Youtube is flooded with so much wrong career advice, everyone is just trying their best to sell their courses.

Hey everyone, I'm Chetan. I'm currently pursuing my btech in Harvard as a CS Major and I'm a tech enthusiast. Regular programming didn’t really excite me, so I decided to dig deeper and started my cybersecurity journey this month with a TryHackMe subscription. I’m really interested in becoming a penetration tester because the job profile seems super exciting.

Some people told me that I need to start with blue teaming and learn foundational concepts first to be good at penetration testing. Is that true? How should I go about this path, and what projects would help me get better?

For a junior role it could be a challenge, that you may overcome with a formal certifications. Depending on what you want to do (cybersecurity is massive, you will have to specialise) you will know, which one is appropriate. Starting with pre-security on THM is fine, you may later decide, where do go. It’ll take some time to study though.

Offensive is very overhyped but very niche in terms of real job opportunities. Defensive is indeed required by more organisations, so it’s easier to find a junior role.

Do I really need to start with blue teaming and learn its concepts to get into red teaming, or is that just a myth?

Basic concepts overlap with red and blue teaming 🙂

No knowledge is excessive. Foundations are the same anyway

I see. Thank you all for helping me out! I'm also open to making new friends here who share a similar mindset and want to grow in their careers together (as long as it doesn't violate the community rules and guidelines lol).

Good luck, I find penetration testing fascinating as well.

Ya true, do you know which is easiest role to get into in cybersecurity?

If your background is finance, GRC might be worth exploring. Quantitive risk analysis will be familiar. But really, you’d answer a question first, what do you want to do and why do you want to be in cyber.

Orgs having a dedicated GRC function are usually over 1000 people, or even bigger. Aim for that.

I will look into it. Thanks

Gave +1 Rep to @hot spire (current: #853 - 5)

anyone can get an android application decrypted, changing code inside and recompile it? contact me for more details and price quotation

Hi

Hi , welcome 🙂

Correction I am in cybersecurity 101 half way, already done with pre security lol.

Please suggest certifications for security analyst role and projects. Thanks

Just in case if i don’t do any certifications. How can i make my resume stand out? Do projects count ? Chances of getting a job?

Do THM certifications count?

I'd suggest as you don't have any IT background You should really put certs like Comptia A+, security+, CYSA+ in your bucket

It will cost too much time and money. Comptia exams are too expensive and are all theoretical mostly. If I don’t have any choice, I would have to get them.

I was thinking of finishing the try hack me pathways as soon as possible. I want to start looking for job in Jan.

I totally agree with you, certs do matter in cybersec but you can also make your resume stand out by doing cool projects

I don’t want to be a downer but it’ll be hard to find a job with just one completed pathway. Cybersecurity is slightly larger than that and the requirements are higher than spending a few hours on a CBT,

Yes will have to search bit more and definitely i am going to add projects

Ya i agree with you, i reality i guess you need either an IT background or certs under your belt.

Do you know which cert i can get that might help me to get into IT. Please list 1-2 thanks

I have tried bunch of other career paths in IT. But I really like cybersecurity and i want to make my career in it. I am studying hard at the moment. Just need some right direction from experts in the field.

If I were you, I would complete some introductory trainings on THM to better orient in the field. I would then choose the area you want to specialise into and checked the job offers in your area or where you ready to relocate to. If there are some, I would then focus on the job requirements. This will include certs, if they matter for those roles.

You are now asking for a very generic advice that, I feel, will not be useful. Given that you say it’s hard for you to afford generally accepted entry-level certificates like Sec+, you need to be strategic and focused. Please complete the entry pathway first.

Thanks seems like a good advice. For now i will just focus on the path and meantime i will start searching for job roles to see what is the requirement to get into and based on that will go with the certs.

Gave +1 Rep to @hot spire (current: #748 - 6)

Enough chat for today getting back to studies. thanks heaps for the advice

I believe that beginning with fundamental concepts, such as those covered in the CompTIA A+ certification (for which many video resources are available), followed by Linux and networking, and then pursuing further certifications, is a sound approach. However, I've discussed this with others, and they've suggested that while certifications aren't mandatory, demonstrating practical knowledge is crucial. Many advise focusing on building a foundational skillset before pursuing advanced certifications. Therefore, my understanding is that cybersecurity roles are generally not entry-level; it's often recommended to gain experience in roles such as help desk or system administration before pursuing specialized certifications.

Well it is security, you have to have something show you are competent. It is not like something "hey just put random guy here and pay him". That could be a disaster when breach happened. Learn foundational skill, it is not like you will go in and hack. You will do paperwork like develop policy, managing locker for physical security, fix networking issues, develop software tool for encryption, etc.

Time management is probably the most crucial skill. My schedule is chaotic, because there always something to new to do everyday.

Developing encryption software is actually hard.

yeah it is not 1 man work. They usually tag you with Mathematician and actual computer scientist, then send you the algorithm for you to implement

Thanks for the advice

Gave +1 Rep to @charred knoll (current: #454 - 12)

Thanks for the advice i have watched vides on comptia a+ core 1 and 2 and i have watched security + videos as well. I guess this is not enough of a proof that i have the knowledge probably they will look for certs just to verify.

Glad that i could help

If you allow me to dm you, i can send you the link for compTIA A+ free videos

I already have the course on conptia a+

Thanks

Noted, thank you

Gave +1 Rep to @hot spire (current: #673 - 7)

hey is there anyone online?

Many people are yes

Hello everyone!
It's a pleasure to be here
How are you all??

Are there any mods available?

hi - what advice would you give a junior in data analytics (not in cybersec) to pivot into pentesting as a career?

Practice pentesting

Learn about pentesting

Do pentests on hackthebox

Hello , welcome 🙂

CTFs != Pentesting.
That is a really important thing to not mix up.

Pentesting is a job role. It includes many of the technical skills you'll learn by doing CTFs (and it's good to do them for that reason), but the overall aim is very different.
The real world will not have a guaranteed path to root, and even if it did, the aim is not just to find it. It's a very different feeling from anything you find in a lab, and requires a different approach.

Also remember that the end product of a pentest is the report, not the work done. If you want to practice pentesting, practice writing reports for all the vulnerabilities you find in your CTFs (and I mean all of them -- not just the kill chain you use to get root). Missing headers, insecure TLS configurations, config misconfigurations which reduce security, etc, etc, etc. All the boring stuff that no one ever cares about in a CTF but that you need to care about when evaluating the security posture of a system.

And for God's sake do not go into an interview and tell them that you have experience pentesting from doing HTB

thank you for these insights, Muiri, do you have any concrete advice on how to make a career pivot into pentesting?

You're already in tech, so that's a good start. Does the company you work for have a security team?

yes

I would start by saying to your management that you're interested in getting into security and seeing if they'll help you to upskill on securing the data you're working on (e.g., if you're using AWS for analysis, see if they'll put you through some of the AWS management and security courses).
At the same time, have a look to see if your security team are doing any outreach. Some security teams do sessions with other business areas to raise awareness, etc. If yours do that then get yourself along and start making friends. If not, reach out to someone anyway and basically just get your name out there. Don't explicitly ask for a job (they may or may not be hiring anyway right now), but networking is everything.

A lateral movement internally is the "traditional" way to do it, so you're actually in a pretty good position right now.

also CTFs are fun and Pentesting is for the most part, Dull and Boring.

Depends on your mind set.

It can certainly be more monotonous at times, yeah

Pentests are 99% boring. If they were exciting all the time, that organization needs to take a step back from doing pentest assessments and focus on the fundamentals of securing the environment.

I would also add, on top of what every one else had said....see if you're open to any of the jr security roles. Yea, it's not a pentest role but it'll benefit you for pivoting right into security, then you can also learn a bit of the defense side which can tight back to pentesting. Understanding the infrastructure, applications, web sites, etc. of a company can help you have a fundamental idea of what to attack. Also, sometimes you can pivot from within the company to their red team if they have one and you can continue to dive into pentest even more on your own while you're gaining cybersecurity experience as a whole.

Just a thought!

I wanted to be a pentester/red teamer and the more I got to work with Blue teams.....the more I actually enjoyed just understanding the aspect of a pentester/red team and how they do things but then apply it on the defense side. Starting through a jr role also allowed me to explore cybersecurity more. I was blessed enough to have join a small security team which we did a little bit of everything, so that helped me know what I liked more....at least for now.

thank you all!

best of luck!

Hi! I just wanted to add that when hiring, some companies, at least here, indicate that solving similar problems on THM or HTB, in addition to real experience, is a plus for the applicant. Maybe you had a negative experience related to this? Can you share

Hey Muiri thanks for the great information! I'm wondering if you know where a great place would be to learn the technical writing skills like the pentest reports?

Gave +1 Rep to @undone shore (current: #10 - 805)

There's a huge difference between listing ctf as ctf and calling it pentest experience. That's where the issue is.

It's a plus, for sure, but it's not pentest experience. As Juun said ^^^
Essentially it implies that you have technical skills and that you're willing to put the work in yourself. HTB ranks are quite commonly used for that. THM points don't have quite the same weight behind them because there's not really a competition aspect. That said, including the THM paths you've worked on, or the HTB Academy modules you've done, etc, is a definite plus on applications for junior positions because it gives the recruiter a rough idea about you, and means they can discuss it with you in an interview.

Good question 😄
Technical writing generally I highly recommend Google's material:
https://developers.google.com/tech-writing/one/

It's a really useful set of guidelines, even (and perhaps especially) for people who are already very proficient with English.

Learning to write pentest reports without experience is a little harder though. There are some resources floating around -- I seem to remember a Github repo full of example reports at one point. Will try to look it out.
I believe ZeroPointSecurity also have a dedicated course, although it will be expensive and I can't vouch for it personally (purely because I haven't done it).
I know there are other technical writing courses floating around as well.

Personally, I would suggest going through the Google guidance then using it to write reports in the correct format for THM / HTB full-pwn boxes.
My own Wreath network has a section on report writing and encourages you to write it up properly... If the THM infrastructure plays ball and you can actually get the network to work
The other one I did to highlight the whole "pentesting is more than just rooting a box" thing was Hip Flask (also on THM).
Full disclosure for both of those: I did not have a lot of professional experience when I wrote them lmfao

One of these days I'll try again I think. Put out a guided box designed to simulate a real pentest. The process is very different to anything you'd have to do in a lab. Technically it's a similar set of skills, but there's a lot more to it than just the technical hacking.

Thank you that's some seriously great information! I'm on the Wreath and also seeing you've created quite a few rooms! I'm gonna take some time on these and learn what I can hopefully make it to "legend" status like you one day! Thanks again for the information and cool blog 🙂

Gave +1 Rep to @undone shore (current: #10 - 806)

I wonder if there are gamified learning platforms to learn GRC skills like THM or HTB have done for the technical side of Cyber Security

really enjoyed the advent of cyber GRC day with Dr. Gerald Auger that made me want more gamified GRC content on THM!

My pleasure. Give me a shout if you do a report for Wreath and want it looked over 🙂

Hey all, currently studying for sec+ using Prof.Messers guides/practice tests, what are some other resources y'all found helpful for studying for sec+ specifically?

(Have completed Google cybersec course & grew up building PCs, otherwise I'm a complete noob to cybersec)

Hi Muiri, Can you please give me some advice on how to get a entry level job in cybersecurity i am currently new to cybersecurity and i am on the 101 pathway. I do not have any tech background but i am very much interested in getting in cyber security and i am currently enjoying it. i have not decided yet which pathway i want to choose as there are many factors and also the time constraint as well. for starters i am looking to get into the easiest role where the hiring is more and your don't need tech background or experience. What certification would you suggest me to get. I am over 30 years and i do not want to waste time. Thanks.

Gave +1 Rep to @undone shore (current: #10 - 807)

hi i am new for this things can any one guide me from where to start , i am confused

Welcome , you can start here https://tryhackme.com/r/path/outline/presecurity 😄

hi everyone, does anyone know where to get links for tools?

Which tools 🙂 ?

for pentest

Just use Kali VM , majority of tools comes pre-installed with it 🙂

alright

Kali Linux
You can use github as well
https://github.com/topics/pentesting-tools

thanks Serene and KGB

You are welcome 🙂

I went with Darril Gibson study guide, the app and test exams he provides. I didn’t know about prof messer until like a week or two before my test and I didn’t want to stress about switching over.

What I liked about Gibson tests, is that with every question, it tells you why the other answers are wrong and that helped me so much to go through each question.

Having a mobile app helped a lot, instead of playing a game or scrolling through social media while pooping, I would do a quick test 🤣🤣 but hey, I passed so it worked.

That's a difficult position unfortunately. Do you know what kind of role you're after?

Cyber security is traditionally not an entry-level sector in IT. The traditional route is to go through another area first -- often help desk, or potentially systems administration / development / etc.
Entry level roles exist, but they're uncommon. You'd generally be looking for companies which are big enough to absorb the hit of hiring someone who needs a lot of training, and willing to put that effort in. Some places offer apprenticeships which are an option as well if you can take the pay cut.
For sure keep looking directly in cyber -- there's always a chance you'll find a team you really click with (on which note, networking is really important, so find local meetups / events / etc and make yourself known ASAP). That said, I'd look a bit further afield as well. See if you can transition into tech, get a bit of experience, then go from there into cyber security.

For what it's worth: I went straight into a pentesting role from university (technically before finishing university). By that point I was almost finished with a degree specialising in hacking. I had my OSCP, CRTO, OSEP and OSWE certifications. In other words, I had the technical background to do the job.
It was still rough for a while. People moan about the lack of entry level jobs, but there's actually a very good reason for it. Cyber security (and especially pentesting) is not an entry level sector. Even with the technical ability, there's a lot you don't learn until you've worked in enterprise.

• How to communicate with non-security techies.
• How to communicate with non-techies, period.
• Common deployment patterns. How things are structured, both per-project, and on a macro scale across the organisation.
• Common issues. Why these are issues. They don't always map up with what you learn in labs. In many cases the things you learn in labs are actually not what you care about at all in practice.
• How to measure risk properly. e.g., a TLS certificate using CBC ciphers is not a high vulnerability, no matter what Nessus says. Risk profile also depends entirely on the organisation and how mature their security posture is, (as well as who is making the decisions).
• Many, many other things you only gain from experience.
  If you're joining a team where people will sit down to teach you that stuff on the job then that's awesome. If not, you're better learning it before taking on a security role.

incredibly insightful advice all!

How stable is career in cybersec? Do corporates see it as a cost-center -> prime target for layoffs?

*in your experience / the pulse you have on the industry

I'll second everything Muiri said.

Some security roles are more insulated, if only because large companies have regulatory and compliance requirements for staffing that, quite frankly, do not exist in other areas of IT operations.

The biggest gap that I've seen in cybersecurity BS and MS graduates is that they are familiar with a lot of things and they are generally better at writing reports..... but they don't have a good grasp of the context of how everything fits together. That understanding can really only be gained by doing it as part of the job.

thanks!

Hey yall, I will be joining a AppSec Engineer role, any tips to be prepared? What should I look forward to?
(I have a degree in cybersecurity but we didn't acknowledge app security that well)

This is a good description for an AppSec Engineer role. Of course it's not definitive, and yours could be broader or narrower in scope
https://www.hackerone.com/knowledge-center/application-security-engineer

Can you pm me which app you used, if its not allowed to tell public, because advertising or something like that

It's funny you say that about graduates being better at writing reports actually...
What I've found is that academic writing generally translates very poorly to technical writing (and I hold my hand up in saying I've been guilty of that as well), Graduates tend to have very good linguistic skills, but as a result their reports can be extremely verbose which is not ideal.

Done

I definitely prefer that over the garbage reports that don't have any actual information 😕. The writing style can be taught

agreed with the academic writing bit needing to be unlearned in a corporate setting

can you be more specific on which roles are more insulated, please?

Also true

I never knew there was an app! This changes everything thank you!😂

Gave +1 Rep to @humble cosmos (current: #676 - 7)

Hahah game changer. Np!

Hey
You guys probaly get 150 questions about this each day. But maybe this is little bit diffrent.
Im a Norwegian who have been working as a security guard now the last 15 years. Decent pay but boring. I got a family and kids, so going to a University for a Bachelor is a no go. But i applied Technical College / Vocational School. Its 2 years study and possible to with the job. But thats not before August 2025, then i thought i need to improve and learn, so i can try to be "ahead" of the class.

I looked at Coursera++, but i think 60-70 dollars per month and im not sure if those "certifications" are worth it. Also hard to find similar that will provide me with CompTia++ guideance.

Will TryHackMe be a good options, little bit cheaper and looks solid. When i look at what i would love to inside CS, i think SOC looks exiting and maybe a good entry level ?

Any shot callers or hiring managers that can comment on the effectiveness of having tryhackme modules, boxes or pathways on resumes. Specifically a resume that has experience in full stack web development, some onsite product technical support experience, and cpanel administration?

It can go on the resume, but it's not experience. It would go under an extracurricular activity section. As for effectiveness, that's subjective, but it shows you're doing self learning outside of your work role.

THM is def a great inexpensive resource and you get to learn a lot. THM has personally helped me get familiar with Cybersecurity fundamentals as a whole and also hands-on experience on specific topics. I actually still go back to fundamentals every now and then which helps me apply it at work (with what's relevant).

THM has great intro to cybersecufrity paths and all that content will eventually help you take some odf the entrly level CompTIA certifications.

thanks for the perspective

Gave +1 Rep to @stoic cave (current: #19 - 483)

I like hearing when people are active in sites like THM, especially if they have job experience at all. It shows your active and continuing to learn. I don't think it hurts you to add it to a resume either under some "continunous education" category. Every hiring manager is different and of course roles are different within companies. Some would for sure require you to have an extensive amount of experience while others may not (like a jr/entry role)....

To sum it up, I like seeing that and how I mentioned before, I've hired candidates that have had less experience than other candidates and the reason why is because I was mainly visioning myself working with those individuals. Technical skills can be taught for sure but people/soft skills are rare.

Hope that helps!

thanks, that does help. Just trying to find ways to increase the chances of getting in the room to show the soft skills...😂

Gave +1 Rep to @humble cosmos (current: #621 - 8)

I hear ya. For as long as you're "active" all around, I think you'll eventually find doors that will open. I mean being active with THM (hands-on experience), reading books, podcasts, one the most important one -- networking. Networking I encourage a lot, go find local conferences, if they're free, even better. Find meet ups, etc. LinkedIn is a great source to get "exposed"...for example, whatever paths you complete in THM, post it in LinkedIn......there are recruiters out there that are actively looking for those types of candidates.

When you network with people and continue to show up....you'll get noticed.....you never know someone eventually might be like "hey by the way, I know of this position that is open that you may be a good fit for it, would you be interested?"

I only say that from experience....I started knocking on doors and thankfully found people who were willing to teach me and even better mentor me....you find those and you want to keep them close to you....that will be of a great benefit in the long run.

thanks for the advice, I'll do what I can . Its a bit of an everlasting irony, being the most effective way to get a job is to spend money. but, the longer without one theres the two way vice of decreasing funds, and the fatal judgement of "gap in work".

Gave +1 Rep to @humble cosmos (current: #573 - 9)

for sure man....totally understandable. Don't give up. You got this!

I would just be careful using the word education, as it has a pretty specific meaning when it comes to resumes. If you already have an education section, it can possibly lead to confusion as well.

thats a good point, I think I would just place it at the end with a few other items that would be considered "extracurricular"

Do you have twitter account..i really love to follow

Did anybody here take part in a real bug bounty program?

Thanks Muiri for taking out time to answer my question. The things you have mentioned is a hard reality. I am going to try with everything i have to get a job in cybersecurity i know for me its a bit long road. I might also look for other entry level positions in IT so that i could start my career. As you mentioned the importance of networking, i will start networking as soon as possible. Thanks again for the valuable advice 🙂

Gave +1 Rep to @undone shore (current: #10 - 808)

Hi my name is Michael, I am a sophomore college student at Texas A&M University studying computer science. I am just starting to look at the cyber field and am trying to figure out what I need to do as far as certs go to go from a cs degree to a cyber job. I know I will receive a Cyber Operations Certificate from my college when I graduate, and I was wondering if that has any merit or cert equivalent. I also am looking at the CompTia certs like A+, security+, so forth as well as the Google certs like the IT professional and cybersecurity professional. Any thoughts are welcome, thanks!

Specifically for the role of SOC Analyst (L2) or Incident Responder (L3) or Penetration Tester (Entry) from Europe would you immigrate to Canada or USA and why?