#cyber-and-careers

I’m studying really hard to get all the knowledge and break very hard as well

with 3 rooms a day you'd finish in a month

give or take

with 6 rooms a day you'd finish in 15 days

but that's overkill

you will not learn like that

I am currently working with whatever time I get i just sit down and study

Yeah, true. I’ll be finishing all the rooms but at the end I would forget everything pretty quickly

No point of rushing that hard

you got it

point of THM

is the knowledge

no cert no leaderboard

knowledge

Yeah, thank you

Best of luck to all of you as well

For SOC companies are asking for these skills.

Hope this helps

Skills & Qualifications:
Recognised industry certifications, such as Sec+, Blue Team Level 1, CySA+, CISSP, SC-200 are desirable
Excellent verbal and written communication skills.

mhm

so

sec+ is fundamental theory of cyber

cysa+ is the CompTIA cert for the role of SOC analyst

BTL1 is a fundamental practical cert, you could skip that one for CDSA. Both of these are hands on meaning you will be doing labs and finding flags from exercises, no multiple choice questions

CISSP requires 5 years of experience, it's for veterans

SC-200 is microsoft's cert, it's alright.. some companies value it more than others.. depends..

typically what happens is u have a degree and sec+, you get into the role and then the company pays for cysa+ / btl1 / cdsa / sc-200 depending on what they choose for you

you're not expected to have a cysa+ or btl1 before even entering the job

it would help ur odds of getting the job

but you're not expected to have it

So for a person who cant get a degree because of family life, house loan ++. Dont have the chance to quit my job to study for cybersecurity in university.

I should just become as effcient i can at Example Tryhackme, get certain Certifactions and Hope for a job? 😅🫡

TryHackMe is a great way to start your journey in my opionion 🙂

Aight. Cheers

good breakdown

I am currently working on developing my skills in cybersecurity, specifically in the Red Team field. I have a question regarding the importance of taking the full CCNA course for my targeted career path.

Question:

Is completing the full CCNA course essential for understanding networking sufficiently in Red Team work, or would a solid understanding of basics (such as IP Addressing, Subnetting, and key protocols) be enough?
If basic knowledge is sufficient, what resources would you recommend focusing on to cover the necessary networking skills for cybersecurity

what if you skip the sec + cert and only study sec+ and just do the CDSA or the cysa+ I think it will be enough?

You should get familiar with networking but you don't necessarily need to take CCNA exam 🙂

Hi KGB, Are you currently studying or working in cybersecurity?

This is more like a hobby to me for now 😉

okay 🙂

what interests you in cybersecurity ?

soc or pentesting?

Red teaming 🙂

thanks bro , I understand now that I don't need to take the full CCNA course or exam to advance in cybersecurity, as long as I gain sufficient understanding of networking basics.

I would appreciate it if you could recommend the best resources or platforms to learn the essential networking knowledge required for Red Team activities

Nice, Have you completed everything on THM

Nearly all 🙂

Check out these two modules 🙂

https://tryhackme.com/r/module/network-fundamentals

https://tryhackme.com/r/module/intro-to-networking

awesome, you are a pro then. I like red team. but i need to be realistic as well and i think i will be able to secure the job in blue team easily then red team.

thanks

Gave +1 Rep to @keen tundra (current: #5 - 1481)

Yes , you're right . You have higher chances in getting blue teaming job in comparison with red 🙂

awesome thanks

Gave +1 Rep to @keen tundra (current: #5 - 1482)

yeah. cool. Thanks

Need Python Advanced For Hacking

https://tryhackme.com/r/room/pythonforcybersecurity

Check out this room 🙂

I know certifications are one of the most important parts of seeking out a job in cyber, but I am wondering what degree out of computer information systems, IT, and comp sci is the best. I have never spoken to anyone who actually works in the field and listening to a bunch of people online say a degree is useless just isn't feasible in my case. I am currently in computer science (cyber security) and I am considering switching between CIS and IT. Just looking to get input from others

Hey, everyone. I had a quick query. I did CCNA (Switching and Routing) first. Then jumped to Google Cybersecurity Cert. However, do I need to learn Server/System administration , such as - Windows Server , Red hat etc. or cloud servers, such as- AWS, Azure etc ?

Honestly, jumping from one branch to another can be really tempting but focus on one branch and master it then move to next can make you feel confident in what you study, otherwise on the learning journey will definitely take long. In my opinion, if you really wanna get into cyber security, this field is not entry level so a solid understanding in fundamentals like networking,computer hardware, linux is essential then go for cybersecurity, you will be confident to apply to a job.😀

I see. Thanks for the advice!

However, Networking, Server Administration and Cybersecurity are 3 different branches, right?

Yes, you are absolutely right, they are 3 different branches in IT

Can I learn all of them (part-time)? I got 3-4 years till I actively look for a full time job.

However, cybersecurity is not an entry level

Yes you can, but first you need to grasp the fundamentals to start learning cybersecurity

I know a bit about python, linux, sql and other related stuff. They covered introduction in Google cert. I am also currently doing the Advent of Cyber 2024. I'm currently on day 10. So far, everything looked understandable (some concepts and tools were harder to grasp as a beginner).

Do you have any IT background or new to IT

Well, I used computer (mostly googling video games and cartoons as well as playing games) since I was around 5 y/o or something around that. Other than that, I had some basics on HTML, C (not much) and Python. I use PC for gaming, movies and browsing mostly. I don't know if you can call this "IT background" or not 😂

compTIA A+ certificate can be a good start

Okay

Hello everyone, can anyone please provide me referral for cybersecurity internship? Just in case if there's opening then please let me know in DM.

I honestly went from nothing directly to THM. Isn't it enough? I feel like the pre security and complete Beginner as well as intro to cybersecurity are sufficient enough to start

To start learning , yes 🙂 , for work , no .

Don't know If that a a good idea tho. I am learning the jr penetration tester now

How far should i go then? I had a plan in mind to finish the penetration testing path, then offensive security, then i would go to finish the port swigger web apps. Thought that should do to give me a lil start in the field

Cybersecurity typically isn't an entry-level IT field. A common approach is to gain experience in another area first, such as help desk support or systems administration/development. While entry-level cybersecurity positions exist, they are rare. You'll likely need to seek out larger companies that can afford the investment in extensive training for a new hire. Apprenticeships may also be a viable option, though they often involve a lower salary.

Continue applying directly to cybersecurity roles; you might discover a team that's a good fit. Networking is crucial, so attending local meetups and events to increase your visibility is highly recommended. However, consider broadening your search to other tech roles initially. Gaining experience in a related field could make transitioning into cybersecurity easier later on.

To gain knowledge, feel free to use THM but for work especially as a pentester, individual needs some skills like report writing, and communication etc... so, i recommend starting form 1 then reach 5 then 10. Not the other way.

As for i am from Egypt, any cybersecurity role would be perfect for me. I mean, even the minimum wage would be enough for me to keep learning while working, so considering my circumstances, I think a direct pentester job could be possible if found

I can work on that simultaneously, do you have any resource that you recommend me? Especially the report writing?

I believe, In cybersecurity, pentester is not a entry-level job but look for a SOC analyst job.

Pardon me, I don't have any resources about that.

Some companies seem to want to hire a new person for SOC analyst

but say having a security+ cert helps

I hope this helps 👇

Yeah but rarely, atleast that is what i believe

So starting as SOC then go to pentesting?

But wouldn't that transaction lower my salary a lot then since they are different branches? I mean they wouldn't consider my knowledge in SOC while giving me a role or a salary. At least that's how it's in here.

Well, cybersecurity entry level jobs in our country requires mainly to configure firewall devices. I got this info from the instructor who taught me CCNA.Security is really poor around here except for big companies with a lot of money.

That's why i am not planing to work in Egypt. I will be looking for a remote job for sure!

If i didn't get any. I will focus on bug bounty lol

That can be helping because you will know what to avoid in a pentest and also the experience you get as a SOC is valuable for a pentester

Is it the same case there in Egypt?

Jumping around while learning can mess up your learning so focus on to the basics and then with the strong foundations you can achieve a good carrer in desired role.

One step at a time lol 😆

I think I am going to learn some basics for entry level jobs in Networking and Server Administrator for entry level jobs as I also learn cybersecurity part time

Don't worry i am not jumping like that 😂 i am following the paths of THM throughly, but i will consider that SOC idea too. Thanks for the time.

BTW, is there a specific cert that can boost my chances to get a direct job in pentesting?

After getting a job you can communicate with the security team works with you and decide along with the job.🙂

I don't mind learning other branches of it. But IT held desk and administration in Egypt is just being a secretary for real. It's awful. And the salary can't feed a cat

OSCP is the Gold standard in the industry, but to get there is the hard part

Yeah. That seems great! Though still gotta wait 3 years (minimum) for full time job in IT btw. I'll just keep learninng stuff till then

Hi guys can anyone guide to that is CEH certification is enough to get job in UAE at any field of cyber security

I see. That's enough to know for me now. Thank you man

Gave +1 Rep to @charred knoll (current: #424 - 13)

I heared that CEH is really valuable in 🇮🇳 not sure about 🇦🇪

Is there any one from UAE, or who is working there?

May be

It may be , but I am not familiar with 🇦🇪 job market so I can't confirm 🙂 .

The easiest way to know is try to search your desired job in linkedin or any platforms and look for what they are demanding, and then strategies the plan 🤔

@warm hinge oh that's great

Sometimes its came to mind that CEH is just a scam there is no jobs in this field i mean cyber security

Same here, i also didn't hear from anyone about taking CEH

Sounds cool though XD

"Certified Ethical Hacker"

😆

Certs from companies like CompTIA and Offensive security can be helpful.

But keep in mind Offensive security is not very beginner friendly(it is hard)

Check out these 👇

👍

Nice

Have a great day guys

You too!

Hello

Happy holidays!

I got a second interview. Any advice ?

I want my first IT job in SOC, how possible is it? I'm planning to get BTL1 next month. I've studied in uni for some time for cybersec major, was subbed to THM for more than a year and was preparing for sec+, but never passed it because of regional problems within pearsonvue, but I do have knowledge about fundamentals of cybersec. Moreover, I have experience in coding in python and c++, and have a bunch of simple beginner-medium projects. Mostly it was automatisation.
If here are any SOC analysts, what advice would you give and recommend as for my first job in IT ever?

is very valuable in many countries a pre-requi... to work in cybersecurity

Hey can you tell me where i can learn networking for free for cybersec purpose

Check out this room 🙂

https://tryhackme.com/r/room/networkingconcepts

Also you have a CCNA course from JeremyITLabs for free on YT

So this would be enough and after completing this I can proceed to operating system

Actually I have done google bits and bytes course by coursera but I wanted to get some more knowledge to complete my fundamentals

I wanted to become a pentester

Networking is a huge topic depends how deep you want to dive into it 🙂

If you wanted to become a pentester what would you do from beginning to advance

Means how should I start with free resources

Yeah i know about that , thats why i was asking you that what things i should learn

Start on THM Pre-Security>Cyber 101>JR. Pentester>practice doing CTFs and networks on THM , also check out jeremy's course if you're interested in networking

Ohk but the thm platform providing this thing for free or paid

Yeah i will checkout the Jeremy's playlist

Majority is free 🙂

Ohk

Thanks for the help

Btw I am completing the advent of cyber task daily too

You're doing great , keep up the good work 😄

This is not true outside of India

CEH 😂

CEH. Ew 🤮

I want to learning hacking and many more my life career

Hi Amir. i am in UAE currently rounding off with studies at red team hacker academy. i did some findings and i realised most companies demand for a degree in IT or any computer field and for these certifications : CSA, Sec+, CEH, thats for a SOC role becuase thats where im heading.

THM Says: You'd make a great Penetration Tester

Now who would give me a Job 😄

Figure out what role you wanna pursue then make a roadmap to get there, study all the time and work hard, you can definitely get to your destination soon 🙂

Hi guys, how can i chine and be a better candidate for the job market beside certifications ?

the role is red team operator

To shine, you could participate in CTFs, attend conferences, develop projects, and enhance your communication, problem-solving, and critical thinking skills. Stay current with relevant topics and tools. With consistent effort, you can achieve your aspirations.

This role is not entry level, you’d first have to gain some experience in other fields to become a better candidate for such roles.

i have 2.5 year in the field of red team operator as im currently unemployed. ive done mission for red teaming before when i was with the two companies

hello guys trust you are all good. Merry Christmas everybody

Merry Christmas to you too 😄 🎅 🎄

Hello guys ,Merry Christmas! When does the side quest end?

You have time until Dec 31st to get raffle tickets 🙂 . Side quest will stay even after that 🙂

Thank you!!!

Gave +1 Rep to @keen tundra (current: #5 - 1558)

Merry Christmas to everybody

Merry Christmas to you too 😄 🎅 🎄

hello guys ! i wanted to ask one question ;please help me ; i wanted to know that how would i get internship in cyber security domain ?

Merry Christmas to everybody 😄 🎅 🎄

Do u have any idea whether ccna is beneficial for getting an soc internship or job?

Merry Christmas to you too 😄 🎅 🎄

CCNA is a networking cert 🙂

Does that mean it has no value when applying to cybersecurity roles?

Networking is related to cybersecurity so it should have some benefit right?

From what I heard it's very reputable and might help out in finding internships at least

There is a cisco overseas office here too which that might help in

True

understanding the fundamentals and a solid foundational knowledge can really help you to become a SOC or any field in cybersecurity

and again, cyber-security jobs are not entry level most of the individuals start from a IT help desk or system admin and then work to get to the desired position in IT

hope i could help you 😃

My classmate who's still in uni has a part time soc position so I might get lucky too

Yeah thank you

i wish you can land on your dream job

Networking is important for cyber security but CCNA won't probably get you an SOC job 🙂 . It's an entry level networking certificate 🙂

ccna is basically a networking program inclined. for soc, u need sec+ csa cysa+ ceh

CCNA can help you get SOC job, most of the time you spend time looking at network logs, so networking knowledge is a must

That's not exactly correct

Merry Christmas everyone

Merry Christmas to you too 😄 🎄 🎅 ☃️

these are the requirements in UAE big boss

Perhaps in UAE, from what I have seen in SOCs here is that certificates don't tell much about actual skills, I would hire someone with only CCNA than someone that has bloated their CV with beginner certificates. I wouldn't call CCNA beginner, it's already rather intermediate networking one. CEH is pretty worthless here, sec+ is usually requirement in U.S. Never seen anyone asking for it in Europe. (So what matters is also where that person is from and what SOC he wants to join)

exactly. here in UAE those are the requirements for a SOC role.

Is he also in UAE? I did not look.

Appears he is.

Then I apologize, I got ahead of myself 😅

its ok no issues

your contribution is also valuable. i am here to learn also

I mean in addition to the rest of the certificates, not as a standalone

You don't think it adds anything to the resume?

It's good , it's an industry standard for networking 🙂

i know this is server is more tailored towards cybersecurity, but if anyone can help me, how would someone get into network engineering w no experience or relevant degree? I know about network+ and ccna but is there any more certs or similar stuff you can do

For network engineering, the CCNA is a widely held standard measure of basic networking skills. Using tools like Packet Tracer (free with Cisco NetAcad) is a solid way to understand networking

If you're on beginning of your journey chase knowledge not certs yet 🙂

Yeahh ik, i went through the networking course from THM and also bought the jason dion network+ course and just studying from there so far but i just watned to know for future reference, so i have a clear path and i know what to do

You're on great path and you're doing great , just keep going 🙂

Thank you!

Gave +1 Rep to @keen tundra (current: #5 - 1574)

Is "Certified Blockchain Security Professional™" from Blockchain Council worth taking? BACKDROP: I would like to know which blockchain security cert is available. I like that certs usually give you a good ladder of skills to climb up to, its more structured than self-learning without a cert as a goal. But I have no interest in Ethereum blockchain, am familiar with Rust which Solana is build in. So I am looking for something generic (generici in blockchain as in NOT specific to Ethereum chain) to "glow up" my cv.

Merry Christmas everyone! I had fun coming to this channel to check in with y'

y'all

shoutout to the ones that kept coming back. Going to try and keep the momentum!

and I just realized I sent this to the wrong channel but oh wells! haha cheers.

Hello, I dont know where to post this. But why 😭 did i lost my 107 day streak? Yesterday I did only 1 task because I was busy, and somehow my streak was reseted, I take tryhackme really seriously and I learn something everyday thats why I had a 107 daystreak... Isnt there anything I can do about, this is a glitch or not?

You can ask staff to restore your streak 🙂

Can you tell me how can I do this please? On tryhackme site or here on discord?

You need to contact them via email

Ok! And I send them this screenshot and the reason? Is it okay?

Yes 🙂

Thank you soo much !!

Anytime buddy , hope that you will get your issue resolved 🙂

Hey everyone looking for some GRC advice as a mid level non tech guy transitioning into Cyber GRC which cert should i focus on to get my first GRC job? I did the ISO lead auditor 27001 and Security plus but now looking for my next cert to help me get my first grc role! any help or advice would be appreciated!

ISO27001 LA is a pretty powerful cert in Europe, where are you located?

Along with Sec+ it should be enough for a GRC role, try to optimise your CV and apply to as many roles as you can

I'm from Manchester England! Thanks I'll try to work on my CV was going to do the cisa to shore up my chances because I've been rejected from 4 GRC roles this year their response was lack of experience which I'm trying to address applies for GRC intern roles but haven't been able to get in they tend to favour university gap year students

CISA is a good cert for this area, but I would not recommend doing it unless you have some spare money and time. You'd already satisfy any need for certs from the employer with the Lead Auditor and Sec+. Just try to apply more, as you might get rejected from tens of roles before you land your first one. It's especially frustrating in the beginning.

Also try to target the roles that have ISO27001 LA or/and Sec+ listed as one of the recommended certs

Hi, Everyone, new to this group and career. Want to get some certs at beginner level to get entry level jobs at pentesting role. Any suggestions in 2025

BTW, i am from India. and I have 2 years of experience in DLP & Endpoint security/Antivirus technologies in implementing. Want to get into pentesting role. Here until unless i dont have certs. no one ask you

Ok , sorry 🙂

why you are sorry? 😆

i also have few months experience in Auditing in database, Data protection as well

anyone who can guide me to change my career?

Okay thanks will try again and be creative with my CV a bit more to try and get thru the finish line

Gave +1 Rep to @fringe spade (current: #277 - 22)

Might hit the ITIL cert to show them I took proactive steps as a non it tech guy transitioning to the field

Look up cybersecurity tierlist on Youtube for inspiration. There are hundreds of certificates, so it may take some time to select one to work towards to.

Guys do you think if completing Offensive Security path is enough to start OSCP labs right away or should I go to HTB after I am done for some additional experience ?

aw HTB has some great resources you should defiantly look at ...

Hmm that was my original plan 1 month of doing HTB before diving into labs. Still need to complete a lot of THM path. Is OSCP a lot harder then what is done in HTB like medium boxes ?

no man it dont

just take look at ctps path

HTB boxes is lot more harder and deeper spicily in AD things

ctps...in HTB ?

try hackme aslo cover good things tho

cpts

yes need to finish these first

which path did you take ??

@twilit forum would recommend the tryhackme pentest paths first before moving to HTB or some vulnhub boxes. I completed my CompTIA pentest+ Exam last week and going for OSCP now too 🙂

I have finished only the starting ones yet SOC Lvl 1, Cyber Security 101, Complete beginer 95%...did a bunch of other paths but are far from finished

ye you can do this one two

Yes this is what I planned to do...thx

I have only Sec+ going straight to OSCP now XD

i found HTB more complex than THM

but THM also is a great place

yall think doing all the red pathways on thm would prepare you to start doing htb?

have to set a goal once i finish 5 medium boxes on htb should be a finnal act before buying the labs xD

I think personally that is the logical previous step.

@fathom rune not really, I did some CTF rooms as well. I would recommend doing the paths, some rooms and then moving on

i dont think you need read team path for HTB cpts

im trying to specialize in network pentesting over web app does thm go over kerberos & AD?

HTB covering more topic on somethig

yea in some rooms definitly

but would say HTB is your better choice for AD

for exmaple : network protocols

Yes I am terrible on AD so far most stuff was linux - webpage hacking heh

@twilit forum same haha need to learn AD

HTB covers more network protocol

even AD

step by step i guess

dam im just starting out & web app stuff keeps getting thrown at me b4 i can have fun with AD

hey.fdg so you have OSCP or at least tried it ?

no, dud i have HTB CPTS, THM offensive-Pentest + CompTIA pentest+ + Jr penetreation tester path certs

the price is to high

wow nice I see yes it is but I think HR would love this no ?

i dont think so, they just care about that OSCP thing

But trust me, CPTS is much more harder

hmm I think mentality will soon change...

ye i hope so

Are you working in cyber. sec ? I think I will risk that money to get a better job offer although i can't complain...my goal is to get remote work option as a next step...this is what i miss terribly i don't care if i end up as SOC analyst I think certs are just a way to land a nice job...that is why after entry certs most people don't see the point of doing more.

ye i work as a read teamer in some compony, ye man certs just for get'ing a better job or its a sign that they can trust you , but handling the job is more important i think

Nice! I did a little job hopping so now I am looking for that final step where I will be happy with salary as well as work arrangements...so far my experience was always looking the other way on couple of things just to land a job (there were always some draw backs). With this hopefully I will have enough opportunity to chose from.

Remember THM certificates of completion != certs
Big difference

I think real THM certs are coming

And how do you know CPTS is harder than OSCP if you've only done one of them?
(Or, more to the point, what's your basis for trustworthiness on that statement)

Wouldn't surprise me. Has there been anything announced to make you think that?

its just a thing that you can put on your resume

Yes Muiri look at the AMA from THM founder on redit

He answered to someone

Neat -- you got a link?

see some vidoes you will find out dud, everyone talking about that

https://www.reddit.com/r/tryhackme/comments/1hk6qk5/ama_im_a_tryhackme_cofounder_ask_me_anything_2025/

You will have to search through it tho

So... Trust people on the internet. Don't trust you specifically, aye?

Yeah, I had the link to the AMA, was hoping for the comment lmao
Cheers anyway though ♥️

Although yes, that is the rumour. I'm the opposite. I've done a bunch of Offsec stuff but none of the HTB certs, so I can't comment personally on a comparison either unfortunately.

Curious
Cheers for looking that out

OSCP ?

OSCE³

Plus OSCP, yes

Pff teach me

We'll see how much that's worth in a year now that Offsec have been bought out though.

Ok back to my original question THM of. security path plus HTB 1 months plus labs enough to pass OSCP ?

`- I've done both learning paths and have done the OSCP exam (didn't feel like the 10 day CPTS exam that holds little weight in HR was a worthwhile investment). The CPTS goes far more in depth on everything. Even the most basic topics are explored a lot more (e.g., nmap, transferring files, shells and payloads). Another major difference lies is in the manual exploitation of misconfigurations that you'll see in CPTS, particularly on the web apps. OSCP doesn't cover that much web material, and a lot of it will hinge on some type of CVE with a public exploit. So if a web application is vulnerable to command injection, the CPTS will require you to manually exploit it, whilst the OSCP will likely have you find an exploit script on GitHub or Exploit-DB that will do the command injection for you.

Who knows -- maybe there will be a new monarch on the throne this time next year

Passed the OSCP and doing the CPTS currently, also been pentesting for 2 years. CPTS has so much more knowledge in it and I have learned some stuff while going through it where OSCP is just horrible coursework. However, OSCP holds more weight for a job. I recommend doing the OSCP for a job but doing the CPTS coursework to expand your knowledge of topics you may know only vaguely.

CPTS is like an actual course, and OSCP is like the cliff notes. OSCP material is extremely thin. I find CPTS material to be much more realistic, especially the exercises. With OSCP, many of the machines are set up as CTF boxes.

In real environments, boxes are set up for a reason. Users interact with them and leave behind artifacts. Web servers are probably being touched by IT staff with administrative access to other things. In OSCP, they're set up in a way that's completely convoluted. Web server that's domain joined? The only logins to it might be only local accounts. They have no access to the database, even though a real web server admin might need to look at that once in a while. And there's also some random package running on it because it has to be vulnerable somehow.

OSCP challenges generally speaking, are a thrown together mish mash of random crap. The HTB boxes tend to be more like a real environment where someone built them for a reason.

There's also a question of methodology. OSCP, for example, heavily teaches Metasploit. At this point, Metasploit everything is heavily signatured, so using it in the real world, outside of maybe some of the scanning scripts, is pretty rare. That goes generally for a lot of what they teach. The material is dated. In terms of domain privesc, they don't teach anything about Windows domain ACLs at all, but that remains a pretty big way to escalate privileges, since they aren't as visible to many as a lot of the low hanging fruit. CPTS offers decent coverage of them, and even walks you through finding some of the more common problematic ACLs. OSCP is dated and unrealistic.

CPTS is far more like what you're going to find in a real environment and is going to be better preparation if you're going in to pentesting. OSCP is far more like CTFs and will not prepare you for real world pentesting, but will get your foot in the door.

send more ?

read this comments on reddit shaman

https://www.reddit.com/r/oscp/comments/1avnd1m/how_is_oscp_different_to_cpts/?rdt=46363

That sounds pretty consistent to me 😆
And there we go, you've sent the link as well.

But yes, by all accounts CPTS is harder... but it's nowhere near as well recognised yet.
HTB have a huge amount of weight to throw around in the CTF arena though, so they'll be gaining reputation as a certifying body fairly quickly.

Heard that from my colleague that more value is coming to HTB and THM, anyhow HR is the goal to be fair...Thx for this info.

I'd imagine there could well be merit in the claims that the training material is better too. My memory of PWK was that it was quite high level, unlike the 300 level ones which often do deep dives.

The HTB certs and academy material are brand new. No excuse for those to be dated at the very least.

ok going to do one more aoc before heading to bed have to do 3 more then i am starting my Of. Sec path hehehe hopefully on saturday....

Thanks for your input guys much appreciated

This is also the issue THM will have as well, and they're starting a couple of years later. Will be interesting to see how quickly these gain traction. That's assuming the "innovative process which is different from everyone else" is accepted by industry too, tbf.

Enjoy!

Hey, I'm a recent graduate from Canada. I have completed my Master in Computer Science. I have got interested in Cybersecurity through workshops and I don't have any industry experience. But I'm willing to learn and make a career in this field. What can be my beset way to get a job or experience in this field?

@stable herald check the messages above

@undone shore hey I've read your about me section and write-ups on your website, I saw your collection and want to ask, now having the list of certs you do, do you find all were necessary to get where you are today?
Meaning would you advise against any of them?

FYI, they are GMT +0 so it may be a while before a response

Cheers for the heads up 🙂

Huh. I forgot about that blog
Hm, I wouldn't advise against any of them (i.e., I don't regret sitting them). They've all been helpful from a knowledge standpoint if nothing else.

That said, career wise they were definitely overkill. When I applied for the internship which led to my current role, I had OSCP, OSEP, and CRTO. That apparently stood out just a little lmao. Could easily have backfired though (for context, I'm the one who handles our internship applications now. If I saw someone applying with a similar set of certs they would definitely get an interview, but I would be really interested to hear what they hoped to get out of it). I'm in a senior position now, so those certs make a bit more sense. I do use what I learnt from most of them frequently -- either in my own work, or for helping colleagues on other tests. Not done a whole lot of WiFi hacking since OSWP, but we'll skip over that one .

So, TL;DR: career wise, no, although having a few of them definitely helped (OSCP still tends to open doors).
From the perspective of wanting to absorb a lot of technical information quickly though, yeah, absolutely. They're a great way to learn (and demonstrate) skills across technology.

That said, if I were to go back to 2019 and start again, I would probably try to add in more Cloud Security stuff somewhere.

Hahaha all good I wanted to check it out prior to asking incase you had already gone over it, thank you greatly for the detailed reply.
Do you plan on taking any others - or not really that applicable given your role now?

Perhaps I should resurrect that poor blog and do a post on this at some point

Aye. As far as "hands-on" certs go, I want to go and do my CRTL at some point this year. Picked up the materials on Black Friday, but haven't had the chance to go through them yet.
The next big one will probably be CISSP, although will need to check when I hit the experience requirements -- not sure if degrees stack with certs. Everything I've done so far has been technical, which is exactly what I've needed. I'm at a stage in my career now though where it would be better to know (and demonstrate knowledge of) more domains than just pentesting.

Hey everyone just saw a job opportunity available at my company in England... for a cyber assurance practioner.... but they are asking for NIST Cyber Security Professional (NCSP) Practitioner certification was wondering if anyone has any idea about this or how i could get it? I searched on google but just found expensive courses costing like 4 thousand dollars which seems prohibitively expensive...

Hi I am also looking for internship
For these role security analyst and pentester remotely

I have done 5 certificates in Cyber security foundational

Also have some practical hand experience

My interview is coming up on the 2nd. Wish me luck. Any advice? I really don’t have that much details about the position? What questions do I need to ask?

Interview for what role? You can use your favourite search engine to find questions typically asked in interviews

I will make my Pentest+ certification tomorrow, any hints for pass of the exam?

Helpdesk/cybersecurity analyst.

https://tenor.com/view/nothing-jesse-suntele-savage-beauty-never-mind-it-was-nothing-gif-11834810461984277053

you also got OSCP under the previous pricing model didn't you? IMO the new pricing model isn't feasible for an individual to pay for under normal circumstances

I did, yes. Cost me just over £1000 from memory. 60 days lab time.

Select the correct answers

This is a good hint!!! LOL

trying to break into the cybersecurity workspace im currently in a bootcamp at unc charlotte at the end we receive a voucher for a comptia cert imma go with the security+ . after that imma go into the army reserve to get a security clearance. What would be a good set of certs to have on me resume for a beginner ?

If you have a specific role you want to get into, than any cert that links to that role would be a good path to go for. Otherwise, you can probably take the Cysa+ and Pentest+ right after your Sec+.

I took the Pentest+ right after my Sec+ and then during the study guide, they recommended to take the Cysa+ since the content is almost similar, so I did.

Those are all entry level ones and then it really depends where you want to go from there.

Do you have a degree or prior professional experience in the computer industry? Prior professional experience in any industry?

Also, for the reserves, what's your intended MOS? Have you talked to the recruiter? Have you taken your ASVAB? If so, did you score high enough for the MOS you want?

I am asking this because I do not actually know anyone in the industry and such but what is the experience that would be valued for a SOC Analyst, after all I currently don't hold a degree and while I might be learning I know many people value hands on experience so i thought maybe doing log analysis like the Alpha thing we have now or Blue team thing would be valuable but im unsure.
Obviously I have some time to get there yet but I would like to know how to provide value and what I should be focusing on since doing it the non traditional way and stuff makes it harder for me to actually get experience such as an internship.

just gotta say I love the profile banner lmao

haha

Guys i know that in order to have safe accounts is to turn on MFA and also have complex and long password. But is it fine (meaning safe) to have a short password (around 10 characters) so i can remember it?

because what if im in urgency and i need to log in an account but cant remember the complex one

Where do you guys save your passwords?

It’s better for a password to be long, rather than complex. 10 characters is way too short

do you use the same password in most of your accounts?

You can always create longer passwords consisting of a few words that are easy to remember, for example: “1ThisPasswordismyelephant”

It’s best if these words don’t make too much sense, but are easy to remember still

yeah thats what im lookin for

No, because jf there’s a data breach or I’m a victim of a phishing scam then a threat actor can easily access my other profiles/accounts

If you have trouble remembering multiple passwords, try to use a password manager

But don’t store them in your web browser, as it’s really easy to exfiltrate passwords from those

i use my notebook

i have it undermy desk

That’s not too secure, but still better than storing them in your browser 😛

how is it not secure

you think the scammer will break into my house and steal my notebook?

oh i have an app its called sticky notes

i use it for taking notes from something

is that fine to store my passwords there?

Well, someone can still break into your house, steal your computer with the notebook. Not the best options. Also when you lose the notebook you don’t have access to your accounts.

No

its a desktop app

not in browser

Never store passwords in text or other types of documents on your PC

If you want to store them somewhere, use a password manager

It’s more secure and easy to use

Hi everyone! 👋
I’m Dhruvi Mittal, a first-year B.Sc. Computer Science student at RV University, Bangalore. I’m just starting my journey in cybersecurity, and I’m really excited to learn more about this field. I’ve recently completed a certification that introduced me to topics like digital forensics and vulnerability management.

As a beginner, I’m looking for career advice from those who’ve been in the field. Any tips on building a strong career in cybersecurity, essential skills to focus on, certifications to pursue, or how to secure internships would be incredibly helpful. I’m eager to learn and grow, and I’d appreciate any guidance you can offer. Looking forward to connecting with all of you! 😊

whats thaat

@fringe spade is it fine to active my number in my gmails?

step 2 verification basically

You can research that. It’s a tool that stores your passwords in a secure way on your computer/phone/cloud.

SMS is not the best way for 2fa, as these can be easily extracted in phishing attacks or SIM swapping, but it’s better than nothing

An authenticator app like Microsoft/Google Authenticator is better

Or a physical key like a YubiKey

what if someone tries to enter my acc (he found the password somehow) and he cant access to it unless i allow it through my phone

im not sure if you've ever seen the option where you allow access to your acc through your phone

Yes, that is usually secure . It’s also similar how the Authenticator apps that I suggested work.

Just make sure to not get frustrated when you are not finding any success just keep pushing until you get the job done because for many people cybersecurity is a very hard field
And as for internships
You are indian so you can apply for isro or drdo winter and summer internship and for that they have some prerequisites

I am also starting but for me it's filled with frustration due to not having any prior knowledge

okay thankyou so much

I’m on my way as we speak

Your pfp is amazing xD

kali lincox

Is anyone here who changed his career into cyber security?

https://dontasktoask.com

Please don't do this.

Don’t do what

Post the don't ask to ask link.

I wouldn’t have to if he asked a proper question

The content of that site will teach him for future endeavors

And as a moderator I'm going to ask you to stop, they're wanting to have a conversation with somebody who's recently transitioned, or in the process of doing it.

That's why they asked for that question.

And as a member I’m telling you he’ll run into that link many times if he’s going to transition to this field and asks questions in that manner.

I know he wants to have a conversation, but if he just asks the questions he actually wants to ask he can get answers.

The answer to the question he asked now, will be no more than a “yes”, and then the follow up questions have to be asked. It’s a waste of time

Whereas if he just asked the questions that interest him, people can chime in and answer

Not in this server they won't run in to it. 🙂

Good for you pal

Have a nice day

Now you're aware of this, if you continue to post the link to other members, you'll be breaking rule and moderation action may be taken.

Whatever

.

wtf... dont be a jerk dude
we're here to learn

Correct, and I’m teaching you something

The conversation was over already, so not sure why you try to continue it

You are funny

Should I start Jr Pen test first or SOC1 learning pathway?

I have something that stops that from happening

🔫

Thanks

Can you get a job in cyber if you have a record?

A water pistol..?

Yes it shoots 10mm water shots

I do love the insinuation that owning a gun will stop someone from breaking into your house. Very optimistic

I guess not

I mean, if you continue to rob a house when a gun is pointed at you, then that’s on you if you end up winning a Darwin Award

I does stop someone

Permanently

I mean, yeah, but alternatively you just rob the house when no one is home...

Or, if you're in a country which allows eejits to walk around with firearms anyway, you point your own gun at the home owner first 🤷‍♂️

don't worry about those who are not willing to help man.

Are you trying to get into Cybersecurity? what do you do now?

I don't know what to do, I have a degree in cyber security, I'm doing the whole cyber projects and TryHackMe thing now and no one wants to hire me. The only thing I'm missing is a certification, which I'm studying for. People on Reddit say "don't apply to cyber yet, apply to these jobs instead." When everything I've been doing is tailor made for cybersecurity. I don't even know how to make CVs for those other jobs because I have no experience or knowledge in them so how would I even get hired for them as well? I feel like I'm going crazy and I need help. (UK cybersecurity graduate)

I mean should I get a career coach or something ?

I've been applying for graduate jobs but they always give me psychometric and psychology / personality quizzes that I keep failing

And junior positions want a year or two experience

I understand it can be challenging at times and overwhelming.

I would say, don't stop applying at jobs you want (Even if you believe you're not qualified for). While you're continuing to apply, I recommend people to try and network as much as possible. Anything you do with THM and such sites, post that on your LinkedIn profile. Show the community you're active. There are a lot of recruiters out there who are actively searching for candidates.

Also, look for local cybersecurity conferences and local meetups. These events are great to network and meet a lot of people. Show people that you're active and willing to learn.

Going to those sorts of meet ups/conferences also allows you to find people who are on the same boat as you, if not, who have more experience and are willing to teach/mentor. When you find those people, stick to them and ask questions. Anyone who is willing to help would love to answer any of the questions you have, whether that's a technical question or career paths, etc.

If you're active like that and not give up, doors will be open.

Lastly, if you can get a copy of the "Tribe of hackers" by Marcus J. Carey, get it and read through it. That book helped me so much when I was trying to make it into Cybersecurity and encouraged me not to give up.

Hope that helps!

The bit that universities always neglect to tell you is that cyber security is not an entry level sector. Hence the junior positions wanting a year or two (minimum) experience.
Certs might help a bit with hiring, but it's the experience you're missing (and I can say from my own experience that certs do not help with that).

Everything seraphm said is good advice. Networking is crucial if you want a foot in the door without the experience.
That said, there's a reason people traditionally came into cyber through other sectors first. It's worth casting your net wider just now.

You haven't mentioned what roles you're looking at either, so just as a side note: offensive security tends to be harder to get into than SOC. I graduated 18 months ago -- many of my peers did get jobs as SOC analysts. Some have since moved to pentesting. Very few started there.

Pentesting out of school is rare (unsure what market we're in, but what muri said is also true for US)

UK market 😆

My home turf

Oh OK lol

I hadn't read back up yet

All good

I live in a place where the technology market isn't developed so there aren't many meetings and things like that. I guess I can travel, though. I haven't tried it yet because I don't know how effective it is and i'm shy so it makes me question it more. The shyness also makes me feel cringe about posting on linked in but If I have to... I will look into that book as well, thank you!

Gave +1 Rep to @humble cosmos (current: #531 - 10)

On resumes, tech/engineering resumes are very different from normal resumes. My recommendation would be to lurk on the tech/engineering resume subreddits to see what feedback people are getting. You can also view/participate in job hunting twitch streams with BanjoCrashland (blanking on his actual name) who works at Black Hills Information Security

Jason Something

Plenty of places you can ask for help with CVs as well. Here included.

This is also true

I just don't know how to make cvs for them I've been applying to help desks as well with my cyber CV but I'm guessing they don't look at it because of that

the graduate jobs just say cybersecurity but the specification is that of SOC job. I apply to SOC as well when I apply to normal jobs as well.

What are you actually hoping to do?

Is that american or british streams?

Its been 6 months I just want a job at this point

The jobs you're applying for aren't entry level -- the scattergun approach won't work very well.
What are you wanting to do?

What do you enjoy in cyber

They are US based, but advice is pretty similar across western job market

Few stylistic differences tbf

But largely the same

Yep

Technically it is entry level cause it's for graduates i'm just not the one getting it

To this, when you have a degree and apply to Helpdesk, you are more than likely overqualified. This situation has the same outcome as being under qualified, in a lot of cases, with your resume in the deny pile.

Graduates as in graduate degree or graduates as in recent undergrads?

Okay, so it's graduate positions you're applying to. Do you have an example listing?

bachelor's degree in cybersecurity and digital forensic

Can't say I've ever hired for help desk, although honestly I wouldn't consider it a disqualifier considering the job market here

Portsmouth?

sunderland

I was talking about the role you were referring to

Worth a shot. Few grads around here from Portsmouth who might have been able to help.

oh its jobs for recent grads in american

I'm assuming you are adding an s like y'all do for math?

Wait, what, American?

Yeah, ok

Well now I'm confused. Which side of the pond are we talking about here lmfao

I was translating to american for him

They were translating. They are in UK

Also, hey, you guys incorrectly removed the "s" from "mathematics" tyvm

so you one of them Portsmouth grads?

Don't see an s after the h in mathematics, tyvm

Lol

Nah. Abertay

Ah

It's a plural!! 😆

I don't believe there will be people from mine there was like 10 people in my class

Do you have an example of the kind of grad job you've been applying to?

e.g., is it (rotating) graduate schemes, or actual dedicated jobs? Or both

everything that i saw on linkedin and now gradcracker like nhs, fti consulting,

sellafiled

EVERYTHING

Yeah, you definitely need to go out networking 😆

I take it with class sizes of 10, Sunderland don't have much of a hacking society / alumni network?

No, not really

Try to get to your nearest Defcon / BSides meetups if you can. Well worth travelling further for conferences as well -- especially student led ones. I'm not too familiar with the English landscape there, but Securi-Tay and Le Tour De Hack (boooo) in Scotland are good examples.

Student led conferences are good because the sponsors are generally out to head hunt grads. That's the benefit of sponsoring a conference at a university

Am I even still a grad anymore?

6 months out? Yes

yayy

You've got like 5 more years

Lol

They always look for people in their 3rd year and I feel old

See if you can get involved with any local online groups as well

You're looking for something quite specific (a role designed for literal grads straight out of uni, on a team equipped to support that). Cyber being how it is, you're much more likely to find that by going to the source.

Any that you know from the north east?

See, when you say north east I think Aberdeen...

how do I do that

Isn't that Scotland ?

Networking. Conferences. Getting involved with groups. Alumni if you can find them. Etc

Yes

England ain't my forté

I thought you were english 😭

Scottish

That said, I know Leeds Beckett have a very active society

@proven crag weigh in please

If it's for a cyber job I don't mind anywhere in uk

Huh. Sunderland is basically on the border

Plus or minus an hour

For a society Durham, York, Leeds, Edinburgh and preferably Newcastle are alright

Yeah only an hour from Scotland

Scotland is a big place 😆

Leeds is probably your best bet as far as student societies go. James can weigh in there when he wakes up.

oh i mean Edinburgh

Edinburgh has local Defcon, OWASP, and BSides chapters

A good shout if you're looking to network, although a bit of a trek

But I'm not a grad from leeds and im not a student

Most of them don't really put a restriction on who can join. Again, James can comment a lot better on Leeds Beckett than I can

ok

I will feel old though

Do you go to any of them?

You are literally 6 months out of uni lmao

I'm 22 I'm practically dying

Occasionally. One of my colleagues runs the OWASP chapter. Really should go to that more often.

I mean. I'm 23 and I'm still happy enough around the Abertay Hacksoc.

I would feel so awkward 😭

When's the next one?

You're walking into a room full of student hackers. You really think you'll be the most awkward person there?

That's also assuming there are no mature students lmfao

For OWASP? I actually haven't a clue.

They usually don't go to these things

Plenty showed up when I was at uni 🤷‍♂️

when I went to these thing it felt like I was trying to talk and force connections with people and it didn't sit right with me, I didn't know what to do with myself

One way or another you're gonna have a much easier time of it if you go and speak to people. It's a shame your uni doesn't have a society / network of its own. That's usually one of the best resources for finding jobs.

As I said, you really think you'll be the most awkward person there?

I don't wanna be alone😭

Well go and network 😆
If you're struggling, you could always try setting something up yourself as well. Not least because that doesn't look half bad on a CV

AHHH

How do you even do that sort of thing?

In your position? I would start with your classmates, any alumni you know, new students on your course, etc. Have a biweekly/monthly catch-up. Head down to the pub, have someone do a mini presentation, chat, etc. Get the word out, get more people involved in the local area. Post on LinkedIn / Twitter, etc to invite folk along. Use that to build a localised online community alongside, and let it expand from there.

That said, your best bet is still conferences and existing meetups if they are available.

And on that note, it's 20 past 4. I'm going to sleep. Feel free to ping / DM if you want a hand

Good Night

Thank you!

Np 🙂

guys im 14 and want to do cybersecurity, but almost 50% of tutorials use linux. i have a windows laptop, i did think of getting a VM to run linux but it slows down my machine quite a bit. should i get a cheap laptop or PC to run linux? or is it unneccesary?

if a VM is not an option. if you can get ahold of a simple raspberry pi, from there you can run quite a few flavors of linux.

what do they do?

You can use THM AttackBox 🙂

singular domain though....

One of the many upsides with Linux is that there are many distributions that are aimed towards restoring life into old hardware by not being as resource heavy. If you could find some old hardware (thrift/second hand stores) you could install Linux on it and get acquainted with the OS. Otherwise, both the AttackBox and Raspberry PI suggestions are both good. I would also recommend checking out the Linux rooms on THM as they cover the basics of directory structure and basic commands. You could also check out WSL on Windows which allows you to install a Linux core that can be accessed from the terminal - you will not get the GUI experience out of that though.

okay thank you so much!!!

Gave +1 Rep to @earnest berry (current: #1667 - 2)

Currently at 45 paid members and between 20-25 that regularly attend currently.

We don't currently run our own external event due to funding but we do have external speakers and people going to various conferences around the country, particularly BSides Leeds, steelcon and Securi-Tay but also the local DC group (DC151). We also used to and are starting again to get involved in helping out with DC151, we used to help organise it and for whatever reason our society stopped but we now have people volunteering again

We absolutely welcome our graduates to stick with us afterwards as well, if there's space on the coach up to Dundee we often let them tag along for free partly because organising payment outside the SU for a graduate is funky and partly because it's like a pension scheme where they were a member over the years so it's a way of giving back to them.

Does that include graduates from other universities?

Also, cc @opaque karma ^^^

As if you sleep.

@

try out a flavor/distro of WSL

Unfortunately not because we have to fill out a risk assessment form and all that rubbish for getting a coach 🥲, also tagging you for your information @opaque karma

That being said if you time the train well from Leeds you can get to Dundee for £16 (each way) direct usually and I do know some people who go by train

Oh, I meant more the regular meetings

Ah the regular meetings at DC151 we all individually go to but everyone's welcome to that ( http://dc151.org )

As for our society meetings I can ask but historically we've not as we're supposed to get SU approval before anyone external visits and it's a bit of a headache, that being said we definitely ignore the SU for some stuff so I'll find out if that's something of interest

Main issue is if you want to use the university computers for a practical we can't provide that so bringing a laptop would be recommended for any practicals but yeah I'll ask about having external people allowed to come to meetings as we have graduates and there has been some past interest

I believe uni of Leeds can join our societies as well

Also worth noting that Huddersfield's society is growing as well I believe

I don't know, I feel like being with a bunch of students isn't going to be good for me...

I would feel out of place and that I'm intruding, especially since outsiders aren't allowed.

why do you act as if you’re a part of an entirely new generation when you’re around the same age as college students lol

the unfortunate news for introverts like us in the cyber industry is that you’re forced to network and talk to people

They are all from the same uni and you "aren't allowed" to go if you're not.

I know people can just ignore the rules but I'd rather go to events where I'm allowed to be there

yep cybersecurity was like distant dream! But I feel I am little late to start all of this now! Not that I don't like what I currently do but yk I was thinking to start on weekends and then scale up! Other demotivating factor is, I have lot on my plate! Entire week passes like, lightening speed......wooosh. So I wanted to talk to someone who had done the transition recently, yk all the management, is worth choosing this lane as a full time profession etc etc!

Regarding work, I am a content writer and do SEO and all! Till now I was working from office but now transitioning to freelancing, just got 2 good and long projects! So even if I shift to cyber security I keep the such freelancing projects alongside.

hey guys! i'm a senior cybersecurity major planning on graduating this may. i've really been slacking on finding out this information but what does employment look like in this field? what jobs should i be looking for and what things (certs, etc) should I have prepared before I start applying? Thank you!

guys i cant figure out task 4

from what is networking

Try to ask here https://discord.com/channels/521382216299839518/522158539129618453 🙂

what is a syntax of 10.10.10.10 and were kan i find that?

thank you

Gave +1 Rep to @keen tundra (current: #5 - 1658)

Hey anyone from digital forensics background??

I switched from the intelligence community to pentesting about 2.5 years ago. It’s been a very interesting transition, so I’m happy to help however I can. Feel free to reach out if you have any questions!

Oh nice!! Will do

Tell me more

Sure. Feel free to shoot me a message…happy to answer any questions you have.

that's fair but if you're leeds way feel free to drop by DC151, there's people outside the uni, it's every second wednesday of the month at cross keys and you can get updates on their twitter and website (https://dc151.org)
Also welcome to join our discord if you'd like to chat to people there and get to know some of them 🙂 just drop me a message if you want that

I don't think it's never too late. You might have an advantage to get into it since you're freelancing.

It'll all really depends on how bad you want it and how much you're willing to sacrifice in a way.

I've had friends saying they want to transition from Finance to Security, but they want to make the big bucks right away and don't want to take a pay cut since they have a decent job and sometimes life happens and it's hard when you have to take care of your family and such.

I think it's feasible regardless, it's just a matter of being patient and working toward the role you want in my humble opinion.

All I know is that time passes by sooooo dang fast....but even taking baby steps at a time, I think it'll make a difference because if you think about it.

I also like to mention to take a look into an IT role and then transition from there as well. Like if you don't have any IT/Sec experience at all and you're struggling to find a jr role in security, sometimes taking that IT Desktop support role might be the opportunity to get into security. Plus, you're not losing knowledge at all in those roles either.

@broken idol @flat sedge

Security is pretty broad, if you have a specific role you're passionate it for and know you want to get into, I'd say find related certs that can help support that role's experience.

If you're open to just learning a bit of everything and just want to start gaining real world hands-on experience, I'd say look for some internships now and for certs, anything entry level security certs. network+, sec+, Cysa+ I think are some good ones to dive into.

I would also say, don't be afraid to not apply because you don't have any certs. It's def challenging but it doesn't hurt to apply. If anything, you'll be gaining some interview experience.

A lot of these certs is really to get through HR (though you learn a lot while studying for them) but I would say go for it and apply while you're taking care of your school and other certs on the side.

@prisma mauve @ashen pulsar going through some unfinished rooms/paths I started a while back and this is from the intro to Cyber Security path which I thought was relevant and it's well put together that I thought might help.

How can I start learning?

People often wonder how others become hackers (security consultants) or defenders (security analysts fighting cybercrime), and the answer is simple. Break it down, learn an area of cyber security you're interested in, and regularly practice using hands-on exercises. Build a habit of learning a little bit each day on TryHackMe, and you'll acquire the knowledge to get your first job in the industry.

Trust us; you can do it! Just take a look at some people who have used TryHackMe to get their first security job:

Paul went from a construction worker to a security engineer. Read more
Kassandra went from a music teacher to a security professional. Read more
Brandon used TryHackMe while at school to get his first job in cyber. Read more
What careers are there?

The cyber careers room goes into more depth about the different careers in cyber. However, here is a short description of a few offensive security roles:

Penetration Tester - Responsible for testing technology products for finding exploitable security vulnerabilities.
Red Teamer - Plays the role of an adversary, attacking an organization and providing feedback from an enemy's perspective.
Security Engineer - Design, monitor, and maintain security controls, networks, and systems to help prevent cyberattacks.

Would you recommend Sec+ as a necessity? I have A+ and am not sure if the $ investment is worth the Sec+ or if I should just go through THM + other platforms later on

I would recommend going for it.

I was in a Help Desk role for quite a few years before making the switch to Security…I decided to skip the network+ and went straight to sec+ mainly to feel like I was making a step toward it.

I think it’s great for a couple of things, you gain that fundamental knowledge (plus THM rooms for some hands on experience), and you’re always showing that you took initiative to get the cert which HR/recruiters take a look.

Look at what some of these job postings require from a cert perspective and you’ll see most of them will have sec+ cert.

So for me, I believe it’s a good investment to put into the sec+

And sometimes those postings don’t necessarily say “required” but to have a sec+ certification, it’s def a plus for a lot of employers

Do you have a degree or prior professional experience in the computer industry? Do you have any professional experience in any industry?

Remember, certifications do not take the place of experience. Certifications are quantifying your professional experience. Cybersecurity is also not an entry level area within the industry as a whole, which is why you see entry cyber roles requiring experience.

Then How to start our journey? Any guideline?

Without a degree or prior professional experience? You can either obtain an accredited 4 year degree or build professional experience. If you're not wanting or cannot obtain a degree, a common starting point for folks is IT Helpdesk or similar.

My advice is going to be more centered around western job culture, just FYI.

How can I apply for Helpdesk? Is there any requirements! I am still pursuing my CS degree! But I wanna land on Cyber security job field! Although I know flutter for development! But I dont feel like alive when developing! I am dedicated myself within this field! So can you suggest how can I apply for helpdesk? Any requirements or tips

guys i know this PROBABLY isnt the best place to ask this but im currently in 9th grade and i really need extra curricular hours- i was wondering if theres anything that i can join online that can also count ( related to cybersecurity or code)

If you're in school, focus on finishing your degree. You didn't say where you were in your degree, but if you're not past your 3rd year summer, apply for summer internships. Once you get to your last semester, take the security+ and start applying for cyber roles. Like how cybersecurity is not entry to the industry, pentesting is the same for the cybersecurity field. You're more than likely going to have to work in some other areas of Cyber first before transitioning.

We don't know what requirements your school has in place for what counts as hours. Ask your teachers or the individuals running the program you're in for suggestions.

okay

But most of the job required 2/3 year experience! Even if it says entry level! So can I apply those as well? And I past my 2nd year just now

Hey everyone!
I now have 13 cybersecurity licenses from Coursera (Microsoft professional cybersecurity analyst course) and (IBM generative AI course) I’ve been applying like crazy and am not getting anywhere. I was wondering if anyone has any pointers on what my next step should because I feel as though I’m starting to get lost.

Do you have any professional IT experience?

If you’re not it’d be good to apply
To helpdesk jobs too

Build up experience and you can still apply to cybersecurity job in the meantime

You should also look into getting a more “accredited” cert like sec+

I’ve tried applying for help desk when I see one but still no luck.

Okay, I’ve heard people mention that before, I’ll check it out! Thank you:)

Gave +1 Rep to @muted terrace (current: #188 - 38)

You might want to look at your resume too and see how you can tailor it

And don’t forget to keep networking! This, what you’re doing to showing up here and asking questions and just getting involved…keep doing that. You’ll continue to meet people and sometimes even people who are willing to teach you

@quick sierra

Will do! Thanks for saying that, it’s definitely something I needed to hear 🙂

Gave +1 Rep to @humble cosmos (current: #491 - 11)

Hello, I have a question

Anytime! Let us know if you have any other questions

Those Coursea certs don't really have any value 😦 . If you want to get certified pursue an industry standard cert. in the field you're interested in 🙂 .

The thing is that I have finished SOC Analyst at some other page(don't know if I can mention it cause don't want to get timeout or banned or get a warning) and at the same time doing the Jr.Pentester Cert. at tryhackme , once i have finished that cert. I want to do the eJPT exam.

However i am interested in cloud security as well, so i am unsure if i should wait a bit for to do the eJPT exam. And do the cloud security cert or should I do the exam first and carry on with cloud securiry after I am done with the exam ?

Finished the Google Cybersecurity Cert and planning on taking the CompTIA Security+ within the next couple of weeks!

Thank you to the TryHackMe team for creating a platform that has kept learning fun and engaging (AoC). Fingers crossed we can keep up this learning pace into the new year

Learning new things can be so addicting lol

Trying to finish it for over 7 months....the theories are boring.

the Google cybersecurity cert is free of charge?

Congrats and good luck on your Sec+ exam 🙂

Kinda ... you can watch the content for free and only the graded exams are blocked... as soon as you're prepared you can get a subscription for only a month and do all the graded exams which shouldn't be too hard because you have like unlimited tries (3 tries every 24 hrs)... so it's not free of charge but cheap in comparison

I guess that's one reason why they don't seem to be valued that much from an employer perspective

send me the link

Please don't get me wrong but my take is that if you can't find the course on Coursera yourself, cybersecurity might be not the right thing for you 🙃

i have completed ejpt bro

i just don't know whether it is from google or someother site

thats why i asked you and thank you

Google Cybersecurity Professional Certification on Coursera

Don't mix it up with the cert for Cloud, I think it's nearly the same name

how can I connect with tryhackme for a collaboration with my college community focuses on cyber security ? can anyone help me

You'll need to contact support.

I'm just curious how many hours a day people are putting into their cyber schooling?

or how many hours a day you did put in to make it! lol

@humble cosmos very true! Especially life and responsibility. Plus even if I do not switch completely to cyber security, which I truly wish shall not become the case, I would be gaining so much knowledge. One thing I realized so far in life, it's all about not having regrets and seizing up while you still have a chance! So better utilize time in doing something constructive! A few puzzle pieces here and there and at last it's gonna be a perfect match! Thanks for the words captain!🔥

Gave +1 Rep to @humble cosmos (current: #460 - 12)

cyber schooling? are you referring to an actual formal education in cybersecurity (i.e., a degree program) or something else?

Either classroom or self taught

well, for formal education in the classroom, it depends on the degree program and how rigorous it is

I spend, at maximum, 10 hours a week doing my homework because it isn’t difficult work, just tedious

I'm just asking how many hours a day people are putting into their education. whatever that might be. 🙂

I already mentioned that I personally spend 10 hours a week, at maximum, which comes out to nothing for some days and cramming on the weekends lol

college students who have a lot of free time manage to procrastinate a lot

I'm layed off of work right now (in construction) and things aren't looking great for the near future so... I thought now would be a good time to learn something different! I'm putting in 7hrs a day learning CTFs, python, linux, windows, and info for certifications.

self-taught is different as there is no set deadline, and the only one that can hold you accountable is yourself

yes. true.

the main problem with self-taught starting from scratch is that’s hard to put down relevant stuff on paper

for instance, no degree, certifications, or relevant work experience just put you at the bottom of the pile in a mountain of applications

Thank you!

Gave +1 Rep to @keen tundra (current: #5 - 1684)

Hi guys i need some bug bounty advice

https://discord.com/channels/521382216299839518/743858961593139361

Hi guys im new on this world of Cibersecurity, I have experience programming in React, Python, PHP and I have knowledge in SQL
I have not real experience in servers or such
My question is, where should I start? What advices do you have for me?

And excuse if my english is not that good, its not my native language

Thanks!! 🙂

I'm new too. WELCOME!! I've only been at it about 2months now Part time. I'm layed off of work for the winter so I'm now full time and self teaching. lol I'm learning Linux, Python, and windows command line, then I am doing certifications on Udemy (working on security+ right now) and then the capture the flags on THM. Watch Youtube videos on your "roadmap" to whatever direction you want to go to see what you need to learn. I'm working on learning several things at once to break it up so I don't fall asleep or get bored! lol I leave my THM stuff for the end cuz I could do those all day long. lol that's my reward for doing all the other not as exciting stuff. lol

I'm going with a digital forensics analyst path. So I'm watching videos on things I'll need for that, tools, websites, etc.

Thanks for the advice, I'm gonna spend some time looking for the path I wanna choose
And sounds great that about taking THM as a reward after boring yourself with theory haha

Gave +1 Rep to @limber crown (current: #2533 - 1)

Hi

Yes! It's a good reward! Do the thing you'd RATHER do, last. 😆 and if you're not sure of your path yet, then I'd start on A+ info unless you're bypassing the help desk job like I am lol then start at network+ or security+ along with Linux, python and windows command line. Udemy has great courses for free or cheap!

i actually found a website that offers 100% coupons on udemy courses

Ummmm.... care to share? I usually add them to my cart and wait for a sale. Lol

yup for sure buddy

private ?

https://couponscorpion.com

...

most of udemy courses are time wasting

define “time wasting”

they’re designed for introductory or supplemental learning to whatever skill you want to learn

you can’t expect to get a job from them; that’s just a misguided viewpoint

Has anyone heard any good news from anyone starting in info sec in relation to getting hired

Hard to find a good one : those courses hardly explain the "what" and the "how" ... and most don't address the "why", so you learn how to do things but you still don't know why. Without this "why" part, you can't adapt and amend to specifics and contextual needs as best fitting. It's sad, time consuming and useless.

I hereby announce that my new year's resolution is to get better everyday at web app pen testing and make a career switch from QA to a cybersecurity role.

Good luck on your journey 🙂

Awesome

so is there any books recommended around of SOC or Red team :/ I feel like I'm done of beginners coerces it's not cover a lot of deeper things

Are you familiar with powershell or any scripting

yep

@agile igloo can you please reach out to our admin team about any job oppurtiunities.

Check out the #bookclub channel. There's loads of book recommendations for Red/Blue learning from basics to advanced, and loads of other options

thx so much

Gave +1 Rep to @rugged delta (current: #21 - 445)

Hi all, Im a sofware engineer lookigto pivot into syber security. Currently studying for the Security+ exam. I have 2 questions. 1) Are there any THM rooms that help supliment Sec+ studies? 2) What advice do you guys have for my situation in pivioting? Thanks!

Nice, keep it up. Using that "free" time to study will pay off in the end. Don't give up, even when you think you're doing a lot but don't see any progress. Don't believe those lies. If you want it, you will get it. Kudos to you for learning new things!

Good for you for wanting to make the switch! When I took my sec+ (about 6 years ago or so), I remember just going over any "introduction" type of room in THM. Anything that was fundamental I thought helped me have a good understanding. I'm sure there are a lot of new rooms now, I can help check in a bit and see if anything would be a bit more specific toward sec+ but I think you'll be fine with anything fundamental.

I also used the study guide from Daril Gibson. He has a mobile app that I downloaded and helped me a lot to study on the go and do a lot of mock quizzes. I also liked the way he would teach things for each question, it told you why the other answers were wrong as well as why the one answer was right. This helped me a lot because when I would go through each question, I would look at all the answers and be confident to say why some of those answers were wrong.

Also, not sure if you have done this already but if the company where you work at now has a security team, reach out to them and ask them for any questions, advice, etc. or even ask to shadow them. Pivoting within the company is always great if that opportunity is there....but with you asking to shadow, you'll get to learn how they do things and you'll understand a lot faster since you know the environment there. If you keep showing up and showing interests, next they time have an opening, they may even look at you first to bring you onboard.

thank you, very much appreciated, and good advice!

Gave +1 Rep to @humble cosmos (current: #430 - 13)

my pleasure!

Should I move to a cybersecurity degree instead of a CS degree if I want to be a penetration tester?

Hello, I got a question if we were to compare AOC side quests with particular practical cert exams what would be the level of skill required to do each would be? For those who have already attempted any practical cert exam weird comparison but I wanted to know the difficulty level for those cert exams.

Yes because I think that cybersecurity competencies tend to align more with pentesting than CS competencies do. Theres benefit to both, but if you're specifically interested in pentesting, I think you would benefit more from cybersecurity.

Do not do it. Pentesting is not a beginner role for security, and you will benefit from the breadth and depth of the compSci degree.

Additionally, cybersecurity specifc degree programs are of.... not great quality (with few well-known exceptions). Even if the security degree is well known, employers may be reluctant to hire a security degree over a compsci degree due to the general perception of security degree programs being inferior.

So stay in cs and get certifications ?

Certification for what?

for penetration testing

You shouldn't be spending money on your certifications - they are primarily a business requirement.
The only time you should spend your own money on certs is if they are an absolute HR filter requirement for a role you are otherwise qualified for.

I know of a very small number of people who were able to graduate with a bachelor's degree in security and get hired as a pentester immediately, but those people had a LARGE body of projects and demonstratable expertise. As a 'typical' graduate, you will not qualify for those roles.

IMO instead of pursuing certs, pursue learning projects in your homelab and share your projects publicly in some way.

mmmh thanks for the advice

should do that then

!

you could also do bug bounty programs and compile the vulns you find into a document (obviously excluding the company you done it for) and putting on your resume what vulns you have found. although not the same it still counts as experience

Not really.

It's definitely a good thing, but it doesn't count as work experience.

Consulting does count as work experience, as does independent contracting. But participation in bug bounty is not employment.

The only part of bug bounty that is considered as experience is the fact that you actually get to do things for yourself. Employers don't only look at your skill, they also look at how good your interpersonal skills are

Experience includes teamwork, communication, and actual situations lived in a corporate environment

That's still not work experience. You can be knowledgable without having work experience; that won't count against you.

Listing bug bounty as employment will absolutely cause a lot of questions you won't want to answer from a competent interviewer.

What constitutes experience is being employed or contracted to do specific tasks for a business, government, or other non-profit organization.

It's not relevant work experience, it's just as good as doing projects to showcase your skill - I'm saying this as an employer who interviewed people for SWE positions. Skill potentially lands you an interview and that's about it. Interviews are very psychotechnic, so how you get through them matters past the point where you get called to one

@flat sedge what are the cyber security degree programs you know of that are of quality

Internships, employment, contracting are all things I would expect to see on a resume.

If bug bounty is on t he resume in work experience, it makes me question the candidates organizational abilities and understanding of what is expected in a workplace

The best approach to showcase your skill would be to include meaningful and well-documented projects in your portfolio that simulate real problems

If you got collaborative work then that's a plus, it showcases your ability to communicate and you'll definitely gain some points

SANS, carnegie mellon, MIT, air force academy are all good, from the top of my head.

++ for Carnegie Mellon, they're overall great for IT

I agree with all that, I just would not expect to see independent learning projects like that in the work history section.

And their scholarships can be very generous

What if it's in the extracurricular activities?

what are your thoughts on WGU's bachelors of cyber security and information assurance?

Definitely, can't guarantee it's ethical

Or meaningful, lol

I don't know anything about it. It's an accredited but very new university. Stick with a type of program that's well known and doesn't vary wildly in quality.

obviously for work experience it would be questionable, but i feel like listing it as general experience or like knowledge would help and show the employer you know what youre doing on real life targets, obv multiple things will be taken into account but i feel like it cant hurt

IIRC WGU is also a tier 3 or 4 school for sciences, you'll never be a 'top candidate' from there based on degree alone. Not like ivy league and MIT.

for me, cost was a huge factor

"General Experience" and "Knowledge" aren't resume sections. "Work Experience" definitely is. Calling anything "experience" that isn't work experience in a resume or CV context is misleading at best and dishonest at worst.

WGU is quite affordable. Around $4k per term (6months)

so where could i put the vulns ive found in a resume if i was making one or would that be more of a during and interview being asked about what exactly i have done prior to applying?

maybe a link to your github?

i use a question mark because I don't know for sure if that's the best option. I do know that employers want to see how you can offer value to their operation, and github allows you to showcase real world problem-solutions.

Independent Research - if you have discovered actual 0 days, that's an awesome credit to have. I would be very very careful about putting what vulnerabilities you've located from bug bounty programs -that may violate your contract with the bug bounty platform and program.

"How cybersecurity really works" Sam Grubb
A hands-on guide for total beginners

Hey I tried to go for infosec but realized I need foundation first despite what my scam bootcamp told me so what should I do to improve my chances for a help desk role

Have Sec+, will get A+, Net+ and Linux+ but what about personal projects or other self work resume things?

If you have Sec+, skip A+. Think about what domain you want to specialize in, but do you have any other IT experience?

thx so much

Gave +1 Rep to @woeful tinsel (current: #2538 - 1)

Do you mean like dfir or something? pen testing was the dream, but I will probably be focusing on something easier to land first like general blue team and defensive buisness security in a SOC. At this point it's just about not getting evicted

cant really think about any of that until the whole foot-in-the-door phase is over

Right, so I'd recommend you start to take a look at entry level support desk and help desk positions for your first entry into IT

Thats the goal, do you have any suggestions for personal projects to get a h.desk role?

The barrier for entry to help desk is very low, look at local positions and see what the task requirements are. Then you can figure out a project.

My job is hiring a temp IT Field Technician (about 4 months), it's in San Diego County.

Hey everyone! 👋

I’ve been really passionate about cybersecurity and have been wanting to dive into some projects in this field. However, I’m a bit stuck and not sure where to start. 😅

Have any of you worked on or created any cybersecurity projects? If yes, could you please share some suggestions for beginner-friendly projects I could try out? Your guidance would mean a lot! 🙏

Looking forward to hearing your ideas. Thanks in advance! 😊

Assuming you haven’t done this yet, I’d start doing the various pathways on THM as they build a pretty solid foundation.

Then, depending on what specifically you want to do in CS search online for labs in that area

Any advice on breaking into cyber security? Near completion on a level 3 data analyst course at my current job, but pen test/ethical hacking sounds interesting in CS

Seems like Network+, Security+, eJPT, PenTest+ are good certs to get from what I'm reading up on. Then as many hands on labs as possible evidence on blogs, github etc to present in interviews

👾From Public Administration to Cybersecurity: A Journey of Resilience and Passion 👾

I’m a 38-year-old Ecuadorian with over 10 years of experience in public administration in my home country. Two years ago, I made the bold decision to move to the USA in search of new opportunities.

Starting over wasn’t easy—I began working in the restaurant industry, a field I knew nothing about. Long hours, double shifts, and steep learning curves became part of my daily routine. But amidst this, my passion for cybersecurity remained constant.

Determined to formalize this passion, I pursued an Associate’s Degree in Cybersecurity through the online program at Tecnológico Espíritu Santo in Ecuador.

Transitioning into the cybersecurity job market has been challenging, especially with my professional background rooted in different industries. However, I consider myself someone who adapts quickly, learns fast, and solves problems efficiently.

Currently, I’m halfway through the Google Cybersecurity Professional Certificate, which is preparing me for the CompTIA CompTIA Security+ certification. Additionally, I dedicate time daily to hands-on training on TryHackMe sharpening my technical skills.

Beyond that, I’m also offering SIEM consulting services to companies back in Ecuador, helping them strengthen their cybersecurity posture.

Every share of this post, every connection, and every opportunity brings me one step closer to my goal: securing a role in the dynamic and ever-growing field of cybersecurity.

Thank you for your support, and feel free to reach out if you have any advice, opportunities, or connections to share!

Hi

I'm interest in being an computer network architect
where do i start?

Check out some CCNA material . You have a free course from JeremyIT labs on YT 🙂

what is CCNA ?

Cisco Certified Network Associate

certificate 🙂

https://www.youtube.com/watch?v=H8W9oMNSuwo&list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ this one right?

Yes 🙂

what does the 200-301 mean?

exam code 🙂

Is there a certificate like the OSCP that SOC/Blue team roles hold in high regard?

Maybe BTL1 and 2

https://http.cat/

i don't think it's API

That might depend on which location you are in.

as in country?

yes, as BTL1/2 are much more recognized in the EU than any other region

there aren’t really a lot of SOC/blue team certs when compared to the multitude of pentesting certs

the CySA+ comes to mind for work in the U.S. public/federal sector

I want to learn ethical hacking, how can i start I have experience linux and networking little bit of bursuite but don't what to do next ? Is there anyone who can guide me ?

Welcome 😄 . You can start here 🙂

https://tryhackme.com/r/path/outline/cybersecurity101

Hello. I'm a broke student in Information Security and Assurance. I'm trying to get certificates and gain skills.

Does anyone have any recommendations in terms of free rooms or ways to earn money online that a student from an African country can do?

Can I get advice as to which skills to get and which are useable I'm my situation? I'm in Zimbabwe.

ISC2 has a free entry level cert with learning pathway. - CC(certified in Cybersecurity) if you think a cert might be helpful for you

there are also loads of helpful modules around the TryHackMe site

this may be a dumb question but how many hours do you work as a SOC analyst, google says 24/7 and obviously nobody can work that long, is it a normal 9-5 with weekends or some other work/life schedule

Depends on the job

And working rights in your country, for me most are 8 hour 9-5s. Some are 8 hour shift work including weekends

depends on the job and your assigned shift

some work normal 8-hr shifts during the day, while some take nighttime and graveyard shifts

additionally, you could be on-call or work extended hours if needed for an incident, for obvious reasons

Certification

In the US, for shift work, it's organization dependent and heavily depends on who they're supporting. A common scheme is a three shift setup, with something like 0800-1600, 1600-0000, and then 0000-0800. I've had cases where I've showed up on sites during travel and their first shift started at 0600. They were industrial though, not SOC.

For reference, first shift is your core hours typically

I am not sure you'll get advice specific enough for your needs here. My recommendation would be to try and network with local groups/people in your area that you know are working in tech. See if there are any student clubs you could join as well.

You can go to #start-here for a few references. TryHackMe has quite a few learning paths and independent rooms available, my recommendation would be to start at the beginning (#pre-security-legacy-path) and work your way through the content.

Penetration Tester Roadmap

Hi, I am starting in the field of cybersecurity, and I would like to know your opinion about this and and what would you add to this roadmap.

1. Basic IT Skills//
    CompTIA A+ (220-1101 and 220-1102).

2) Networking Skills//
 CompTIA Network+ (N10-009).

3. Linux Skills//
    CompTia Linux+

4. Coding/Scripting Skills//
   Python

5. Security Skills//
   CompTIA Security+ (SY0-701)

6. Job Role Path//
   Penetration Tester in THM, HTB and udemy courses

Do you have a degree or prior professional experience in the computer industry?

australia

?

get this man a job ASAP

UK based and wanting to break into CS.

Looking at getting CompTIA A+, CompTIA Network+ and CompTIA Security+ as a starting point.

I have no degree and no experience

I SAID ASAP

Start with Cyber Security 101 Pathway on TryHackMe #cyber-security-101-path

You don't need 3) Linux Skills//CompTIA Linux+ so you can skip it. For Python you can finish Python Automation course from Coursera or there is a module from Google Cyber Security Professional Certificate called Automate Cybersecurity Tasks with Python

I would after CompTIA Security+, Go to #junior-pentester-path and #red-teaming-path . I believe that will you definately prep you for OSCP, also HTB's CPTS is nice but its up to you cause OSCP is recruiter's favourite.