#cyber-and-careers

Indeed, zip recruiter, etc. Or, a a third-party recruiting firm you can talk to. Direct messaging on LinkedIn has not been a good way I've found roles in the past; although I have heard from people who were able to get jobs that way.

What do we think here about setting up a self-website? I see a lot of tech people doing that

I have no luck in those things 😕

Can anyone tell me if one can get job as DevOps engineer remotely being a fresher

Also what is the pathway to learn skills that are used to play CTF like king of the hills

Learn the tools, then learn the process of using them

Like learn hydra and JTR and then watch someone doing a CTF where they use them, youtube youtube youtube

These two willbe enough

To get started

Just post a bit about stuff you do, I get recruiters in my inbox quite regularly, and my linkedin is all but optimized for it

little things, projects, stuff you saw - just not the usual "People of the world, hear what I have to say!"

you'll get the attention of a network rather sooner than later

Are you guys having a hard time finding remote work?

Hi Guys, I wanted to get a beginner level role in cyber starting with IT to get practical experience with the fundamentals of networks and operating systems. I saw these guided projects on Coursera on TCPdump, Wireshark, etc to build a portfolio of experience. But the catch is that those are expensive ones. Can anyone recommend me a cheaper but effective way to do this?

you need to get real work experience in IT to get in cyber. I would recommend studying for A+ or Network+ and applying for sys admin/HD position

after you start making a living, spend your money on cyber projects and go into cyber position after 1-2 years in

any work at all lol

If I get experience in a cybersecurity office for 3-6 months will it help my resume to actually get a job or is anything less than a year not good?

Like a fellowship/internship type of thing

Or masters with placement

Which one will help my chances more?

My experience in looking for a job with CompTIA cybersecurity+ cert in hand. WITHOUT having A+, Networking+ and at least a bachelor's degree in actual computer science.... YOU WILL NOT BE CONSIDERED. Mind you, I started this pathway with strong encouragement from a friend who is an actual Network Engineer working in the top levels of the field. It simply does not matter what you have in hand as no company is hiring without the extra criteria. I have been applying NONSTOP and have received ZERO call backs. This is beginning to look like a rip off and you may as well just go to college and start from there

thanks for your transparency and sharing your experience.

Gave +1 Rep to @radiant jay (current: #2553 - 1)

I received my cert end of Feb 2024...

Sec+ cert?

Yes

same, and I have the A+, Net+,Sec+. tracking several job listings that keep getting reposted but at lower and lower pay ranges. Hr is pushing market value down

I read that before starting my bachelors in Cyber. Idk if you've looked into it but, WGU offers a pretty good Cyber program.

This is not a good sign for anyone trying to change carreer paths

I agree on the most part of what you said, but college is rudimentary imo

It is absolutely and yet no company is hiring outside of it

My experience at least

And that is with insider knowledge too

From my experience in university, the beginning is very rudimentary. I'm a little over 50% completed with program. After Net+ I'm beginning to really get into core Cyber concepts. Learning about how to do things like using tools, learning attacks, learning how to encrypt files. If you have a lot of time on your hands and can commit to a lot of studying, WGU is competency based, so if you understand the concepts you can take your test whenever ready, saving you time and money.

i have a BSc and comptia trifecta

What would say is the barrier to your career?

How long you been applying?

9 months

ATS?

You listed all you have and still say you are applying for jobs but haven't gotten any. My question is what do you think is holding it up?

Applicant Tracking System is my answer, because i'm left unsure

That's why i was trying to clarify with your opinion versus the metrics

well, the reposting jobs at lower salary ranges is an observation i've made from tracking job listings and what stats i get from applicant totals(depending on the job board)

I've consistently read from numerous people that landing a job in the field is really competitive. There are so many factors behind why a hiring manager chooses the candidates they do, it's tough. Continue building and I think you will strike opportunity eventually.

Strange, I observed higher qualification barriers to lower paying jobs in the field. Higher demands yet lower wages

as well as insider knowledge from a friend that works in another industry, but for HR and thats what they do to find salary ranges. when the applicant pool drops below a certain threshold, thats when they start iterviewing

there is also that, 18yr experience for slightlly above minimum wages

It is indeed tough but for an entry level position it is basically cutthroat

or a gishgallop of technology proficiencies that sometimes require being a part of the actual dev team to have that experience

Agreed....

i mean, that is basic statistics, just hoping its before retirement

Are you uk or USA

Wish I could be of more help. Sounds like you've done a lot already. Hopefully things work out for the best. Goodbye.

I respect the tryhackme community but all this really is a promise of a dream, but it's carried out to you on a wet paper towel. Without ample pre-field experience, a tenured resume that is written perfection, demonstrating that you sacrificed your life for your career, and literally a person inside pulling strings for you..... It's not going to happen.

US if you were asking me

Im in the uk. The advise I've been given is grab a help desk role whilst going for certs, build some experience at the same time

Funny that was mine too.

And a year later after applying to all types.... Nada

May be different in the US, but the jobs markets here seems we don't need a degree for entry level

In the USA they will lie to your face and say you don't but then disqualify you because you don't have a degree

Then you stay entry level for abit gain experience get your certs then get into Cyber Security properly

All entry level postings have almost a journeyman level of skills and experience you need to bring

Indeed, Linkdin, all garbage lies of entry level stuff

I've also been told to just apply for everything, apparently alot list alot of stuff but would take less just to weed out those that try to wing there way in

[entry level position!]: please hold a CISSP

THANK YOU

Gave +1 Rep to @cinder orbit (current: #431 - 13)

CISSP, CEH, CISM, CISA, GCFA, GCFE, GCNA, GCIH, OSCP for $18/hour lmao

Exactly. This game is officially rigged

Don't they all require years of experience on the job?

yes

Trust and believe I have done so. I would probably make better money and hours as a car salesman

That's the kicker, ENTRY level is just that, entry level, zero experiencce

You gotta think money long term, making a career change generally means a pay cut initially

I would graciously accept the cut...if it was available

Yea I'm happy to accept a year or 2 on less for a career on substantially more

That's exactly my point as well. I am very happy to take the step down in pay so long as it actually leads to an actual career in the field.. It's just after everything I have found, come up against, networked over.... All I can say is good luck to you all, who are struggling to find work in this field

Internships in the US are expected to be part time, or 3-6 months. If it's a full time job, make a move to a new role within a year is somewhat of a warning sign. Not necessarily bad, but you could expect an interviewer to ask questions about it.

I'll throw my $0.02 into the hat on experience and getting into cybersecurity - multiple employers I've worked for have hired based on attitude and perceived ability to learn, not experience and knowledge.
Having a lot of great qualifications doesn't do anything to get the job offer if the candidate's attitude doesn't align with what the hiring managers want in that role.
Skills can be taught, but attitude cannot.

I agree, how does one measure this without an interview though?

Not speaking for everyone, but I've found the language used in the resume or CV to hint at the candidate's mindset. If the resume doesn't speak to the recruiter for the role, you'll never get past that filter without an 'in'. Entry level for security also is not the same thing as entry level for IT; it's best to treat security as an entirely different type of job, with the expectation that the candidate needs more background and knowledge than something like entry level help or support desk.

what kinds of things on a resume speaks this language specifically? projects, certs.. i mean, resumes are pretty limited in actually voicing anything. do you mean in the cover letter?

How the candidate chooses to format things, and the way that items are presented speaks to what the candidate thinks is important and how much time is spent optimizing the resume for this role. If I get a boilerplate resume that has everything and kitchen sink on it, it usually goes into the bin while the tailored resume does not.

I have a degree but no certificates

You're further ahead than a lot just starting

Like the resume written to perfection as previously mentioned. You can simply use one word or another and it won't matter. The person reading the resume is what makes the decision and it's biased at best, arbitrary at worse

I think AI is filtering resumes nowadays

That's not what I'm talking about.

AI is no better at filtering resumes than the typical regex, to be honest. In a lot of ways, it's worse. Having the right keywords that the recruiter can filter on is the most important step to having a human look at it.

And yet that is precisely what I meant in my previous statement

I don't think attitude counts because I present myself as someone willing to learn but I have no experience so I never even get to the interview stage

Exactly

I'm sorry, but everyone is claiming to be "passionate learners" now and it doesn't separate you from anybody else

First steps are getting through the filter - once you get through that, recruiter makes a decision to get a basic interview to see if you've been honest with the resume. If you make it through that, there is typically at least 1 more interview for technical and possibly another one for personality/team fit.

Exactly so you agree

👍

Strongly recommend working for at least a year in a related IT domain before making the jump to security, assuming you don't have other background (such as an AS or BS in related area of study).

100% agree with that

not really, it's more how you say it, not what

So having a cybersecurity internship isn't gonna help me at all?

Having a home lab that you do some interesting things in can be used as a substitute for experience, but 90% of the time, security is looking for attitude and having a lab where you've done proof of concept for enterprise stuff is HUGELY beneficial to the team

an internship is usually reserved for students

it will definitely help you, if you have an internship

This is eactly what I am saying. They say everything that the surface level tells you otherwise

Intership: good!

Except its not

obviously, having internship is better to have none at all

I don't say I'm passionate learner per se I show it with my projects maybe I'll say something like that in like a cover letter but I'm showing more than saying

I'm also aware there are differences between internships in the US and europe, and I assume the rest of the world. In the US, internships are reserved for students and recent graduates, usually if you didn't graduate the previous semester or if you aren't currently enrolled, you won't quality for a US internship

And no algorythm will pass that along, like I've been saying

Are you USA based?

It's totally fine to have a Personal Learning or Continuing Education section that you include your homelab and other projects in

@flat sedge you mentioned the key words in resume; are you just reading job post and extracting those? or something else

Internships are for students, I'm thinking of doing a masters

I would hold on that

Good luck with that! Hope you succeed

You can often have keywords in your CE section that will help you escape the filter trap, assuming you can speak reasonably well about how that applies. Such as, "I set up a home lab environment that included a basic devops pipeline" or "homelab had a AD/DC that I hosted a local domain on and had different types of workstations and servers join"

Last time I wrote a job req, i gave the recruiter a list of keywords and synonymns to look for

if you are are enrolled in a MS in compsci or security, you would qualify for that internship

And theh answer to you being USA based ...is?

Nothing is clear in this industry is it

US i assume, as they spoke of knowlege of the US intership program and not europe

I don't assume

how do I know what words to use for my bullet points based on job req?

Hello, im just curious how long have you been into cybersecurity?

job req has tasks in it; what do you know that checks those boxes? it's OK to not have 100% coverage or to substitute equivalencies

By the mere avoidance of the question, it seems like they are not US based and so are merely speaking on things they don't really know of here.

I don't answer questions that are obvious in context

So just purposely obtuse

Depends how you see it I've been studying it since 2021 but I never gotten a job in it yet

No we know why the career fields are affected so

Seems like a gatekeeper of sorts

thank you for that; almost all of the employers include softskills in their requirement section. Should those be outlined in the resume or they are tested during the interview?

Gave +1 Rep to @flat sedge (current: #11 - 794)

The problem with matching words to the description is that they say to give out hundreds of applications but If you tailor your CV everytime and customise your cover letter everytime it would take like an hour to apply to just one job and then nothing happens anyway

Making all thhese keywords pretty damn arbitrary

Thanks for the response, im really new into it but I think I have the correct roadmap to follow, have you achieve important achivements like certifications or projects besides your studies?

Gave +1 Rep to @opaque karma (current: #2553 - 1)

QA and security have some things in common..... Everything is contextual. In a lot of ways, an infosec or cybersec team needs to be able to have a broad and contextual understanding, and be able to explain why two identical findings in different contexts result in very different triage and handling

I've been doing tryhackme and now I'm studying for sec+

that's actually a great start; I did the same thing

got it thanks 🙂

Since graduation

So I get that you are getting frustrated by the employment processes you've been through and I sympathize with that. But if I read your resume and it doesn't tell me how you're qualified for the role you are applying for, you are definitely not getting a call

I've also had read and interviewed candidates that had service industry and restaurant work on the resume. Because the candidates were able to relate tasking in those jobs to security concepts and familiarity with some of the security tasks on the job req

Juun you seem very knowledgeable. are you a reclutier?

I don't know how to write a CV some people tell me it's perfectly fine some people say it's not optimised

It's not a hard and fast rule, but tailoring the resume increases the chance you'll get called back

Several of us here regularly review resumes and CVs, feel free to redact and post screenshots here and if anyone is around, they will likely take a look and give you feedback

Person does not answer questions so obvious in context

I dont like to assume thinks

things*

Not a recruiter, team leader and now a security manager. I have been a sys admin, developer, security engineer, software quality engineer for devops-ish.

Well they're an @$$hole and a liar

Thanks for making it more obvious

that makes perfect sense, but i think what (atleast) i am talking about. is having all the listed necesary experience, and often more, and still no calls. so, the search can seem rigged. and having round-a-bout answers to the questions isn't really helpful

If its bad, Is there someone who can put my experience into words for me, maybe for a fee? I'm not very good at writing these sorts of things

I totally get that. I wish I could give definite 'you should do X' but so much of job roles and resumes is contextual. Having a job req you are applying for and a sample resume to go over can be really helpful.

No, that's fine. People do it all the time.

Oh I can't upload photos

You'll need to verify your THM account to post photos

I wouldn't put the THM stuff in Experience

I would also separate the things you got compensated for in a different section than Projects

formatting is ok, but very MS word standard. Don't add certifications unless you actually ahve them, or you anticipate actually having the cert by the time you expect to start work (generally less than 30 days)

Office, Adobe, AXIOM aren't skills, those are products. If you want to show competency with a product, be sure it's listed in the tasking for the role you used it in

Skills are also an area that is kind of polarizing - I personally don't care one way or the other, but a Skills section should be things you are good at and not a list of things you are good with, if that distinction makes sense

@flat sedge can I get the Pentest+ rank 🤔 please

You mean role? Sure, link me to your comptia page to validate. You can DM it.

Appreciate it

It's also kind of sus to have a skill in something listed but no project or job tasking that uses it

Uni?

And everyone knows how to use office

If it's a thing everyone knows how to use, you don't have value in listing it to be honest

Put things that are differentiators down

unless you are being filtered by it

If an IT role is filtering on MS Office, you are better off not working for that company

just my hot take

https://tenor.com/view/jobies-funny-itsalwayssunnyinphiladelphia-bitter-unemployed-gif-4766778

I would expect that if you list Ubuntu as a skill, you have some part of your resume that describes the tasking you did in ubuntu that demonstrates that competency

That's real

So good quality labs can be a good substitute for the work experience, paired with the right attitude, tailored cvs and I guess some certs won't hurt to prove your knowledge a little further

that's a good takeaway. But be careful about what you call Work Experience; there are a few exceptions, but the hard and fast rule is that if you were not compensated for a job, it wasn't work history

How do you fit all your university projects into one cv I thought it should be concise?

So here's an unpleasant truth about certs: they are not a demonstration of competency, they are a checkbox on the business requirements side of things.

whats your take on freelance/contract how do you incorporate this into a resume

Yea so I'm thinking get some good quality labs/projects done and evidenced well. Should help me stand out and hopefully negate for lack of in job experience

It should be as long as it takes to communicate what you did. For the first job, you don't have much. I expect a page, maybe a little more if there's a lot. Like if you were an overachiever like @undone shore or @quick forum .

If you can document your lab on a git forge, that's a cool thing to see as well.

I'm so bad at documenting my work, I always think I need to do something massive to be able tosay something

It's work experience, but I wouldn't include every freelance contract. Relevant contracts only. "full history available on request"

in this case then, dates are not an important factor?

Exactly, so I could be up front and honest and say I have no in job experience but general experience through labs/projects, maybe link them to a portfolio to see it.

To me that would show the attitude to the industry and continous learning/development.

Hopefully an employer could see if I can do it well in labs etc on my own back, then it all needs is a few tweaks to whatever systems they use

They are still important, because technology moves quickly and being a sysadmin 6 years ago is several kernel versions back. Things have changed, and you need to show how your knowledge is up to date and relevant. Some thigns are timeless (database design) and some are not (initv vs systemd), depending on what you used then.

I would not call it experience; that sets the wrong tone from the start. "Personal Projects" "Continuing Education" etc would be my preference instead of calling a home lab "Experience"

Alright, I need to go run a couple of errands. Local gamestore has my order in, so I need to go make a pickup and get dinner.

Good point, and do you think if I had enough, good quality ones I'd stand a chance to negate work experience

No worries, thanks for answering

thanks for the perspectives Juun

Gave +1 Rep to @flat sedge (current: #11 - 795)

"Negate work experience"? That doesn't make sense. You can replace work experience, in a limited way, with projects. But your expertise in projects that you weren't paid for will never fully replace work experience in that subject

I think I'm trying to say like make up for lack of the work experience I guess 🤣

You'd hope they'd see the value in projects you do in your own time. I'd imagine people put out some pretty solid stuff from home projects

It can fill the gap, a bit. But you will never learn a thing as robustly as actual work you were paid for compared to a personal learning project

That sounds like a challenge 😜

Hey guys, I am looking for advice to get a career in cybersecurity. I'd appreciate if you guys have some advice. 🙏

I am a second year college student, and a few months ago decided that a career in cybersecurity would suit me the best

I have since then started preparing myself for the field, exploring. And found THM, which has been an incredible asset in my learning journey.

But now I am looking to get an internship, not only as a college requirement, but to actually get real world experience.

But the thing is, it's really hard to find one, as most postings are for full time jobs only. I'd appreciate it if you guys could help me out to where I can get internships.

the fact you wrote $0.02 instead of two cents says a lot about you.. I'm just not sure what

Other side of the pond but I would agree with that one (for pentesting at least)

where are you located? in the U.S., you can use Handshake to find internships

Not in the U.S., no. I am in India.

then speak with your professors, university counselors, mentors, industry professionals, or friends in India

Already doing that. But no tangible results, unfortunately. That's why I reached out over here.

Thank you for the tip, I have set this year as a target to prepare for a job in IT so that I can start 2026 with a change in career. I read that people recommend getting the A+ before Network+, and I also saw a resource by Professor Messer for A+ preparation. Could you give me any more suggestions on the exam and preparation?

Gave +1 Rep to @mystic drum (current: #872 - 5)

Appreciate the advice, nonetheless.

Hey so I wanna go into cybersecurity. In high school I missed the security+ by 6 questions I wanna try doing it again with more preparation this time but should I also go to college and get a degree or should I just go straight into working? Like what would be the benefit of doing the years in college over just working, I am worried because project 2025 is being put in place and I don't want to be overrun by college debt because I didn't have the gpa to qualify for scholarships in HS.

You'll have to decide for yourself whether going to college is beneficial for you. I understand that it is ridiculously expensive. You do deserve an education, but while a degree in computer science might benefit you in getting a job and an increased salary, you can still get a job by being passionate about cybersecurity and doing things like certifications, CTFs, participating in communities, going to events, maintaining a blog, doing writeups, generating and maintaining an interest in the field.

I would suggest reading the Trive of Hackers books to see the kinds of things you need to pursue to benefit you most

hi can i get a opinion about CEH ver13

Theres a lot of people who have gotten jobs without degrees, if you have the initiative, and frankly if youre still in highschool so you have a ton of freedom and time, you can individually work on certifications and skills to move into I.T and then security

Years in i.t support or sysadmin are gonna do miles more towards security than a line on a resume saying you went to X superfluous college

I agree with this. Extensive experience in IT, including roles as a system administrator and being in the armed forces, has been invaluable in ways a course or certification alone cannot provide. It not only offers theoretical knowledge but also shapes the right mindset and attitude.

Depends on how you like to study - books, videos, etc. there is no wrong or right answer as long as you studying lol. I’ve been studying on THM. If you struggle with a topic, you can dive deeper using ChatGPT or YouTube

I was curious to know what current professionals think of this BAS my community college offers: https://rrcc.smartcatalogiq.com/en/current/catalog/academic-programs-and-areas-of-study/computer-science-program/computer-science-degrees/secure-software-development-bas-degree/

I'm wrestling with doing something like this, or just going for the CS degree

frankly, most employers will check if you have a degree with an appropriate title, not so much the classes you take

no one has the time to audit and check every course you have taken in a degree program, nor do they have the time to audit and check the learning material to know the curriculum taught in the classroom

just don’t

CEH is good only in India, and you wouldn’t want to associate yourself with the EC-Council regardless

Hey guys, I am looking for advice on how to get a career in cybersecurity. I would really appreciate it if you gave me some suggestions. I completed a cybersecurity course and interned as a technical support in a company. But now I am looking for a starting career in Cybersecurity. I have tried many ways to get a job. It's been almost five months, and I'm continuously looking for a job. All were needed experienced people with two years or more. If you can please give me some suggestions to get a job. it will be more helpful for my starting career.

get a certification like the Security+, consider a degree program (if you can afford it, but I assume you already have a degree by virtue of an internship), create projects such as a home lab, build connections and network with others, upskill, etc.

It's a cliché advice, but I'm always suggesting to start looking for sysadmin roles at companies who have a working SOC and pivot from there. Another viable route could be to join an older shop with on-prem infra which let's you build a SIEM/SOAR for them in your free time. I've done this and it was great - Wazuh, OpenVAS, TheHive, MISP. It will look great in your resume.

Hi, I am a graduate student with no professional experience in cybersecurity, but I am a Tryhackme user. Can anyone give me an idea of leveraging my Tryhackme participation as experience on my resume?

THM should only factor in to hobbles really.

I'm really more worried about whether or not this curriculum appears to be garbage. The idea of minimizing non-related classes is attractive, but I don't want to was years taking classes that aren't going to teach me anything useful

what I meant is that the degree requirements for most jobs are mostly like an HR checkbox, in which they check and verify (1) if you have a degree and (2) if you majored in something directly or similarly related to the job role

employers don't have the time and effort to go through every class and verify if the class taught you the required skills for the job, which is why they give you technical assessments (such as LeetCode problems) and interviews

as far as your question of "whether or not this curriculum appears to be garbage," that is mainly on you to research about the program and ask others about it; through a quick skim of the curriculum, it looks like a good program, but any university can make their program sound like the best program in the nation

the degree is the first important goal as @fierce acorn said you can grow up your skills there is a lot of open source information in the Internet . for example if you have BCs CS cert the HR know that you have the main concepts about the computer and then they will just test you in other things that need practicing like problem solving & Design Pattern & algorithm .... this is in the programming career and it's the same with any other technical majors

specific in technical majors the cert as it important it's also not important in the same time it depend of ur skills too

Hey guys. Do you think the need for cybersecurity professionals will decline with the advent of genAI ? What will the future look like for us when generative AI becomes very strong.

Hi everyone, my name is V, and I’m a 23-year-old computer science student passionate about cybersecurity. I have my CompTIA Security+ certification and am currently studying for a networking cert. I need to find a job to support myself, ideally starting with help desk or entry-level IT roles.

I’d love some advice on:

Which affordable courses or free resources to take.
What labs I should focus on (I love hands-on learning!).
Any tips to build my skills or make my resume stand out for entry-level jobs.
I’d also appreciate guidance on getting into roles like help desk or other beginner IT positions. Thank you so much in advance for your help and suggestions! 😊

Hi, it may be just my opinion, but i think, after the initial hype slows down a bit, that genAI will give some new fields to work on, i.e. the AI is also something that could be attacked and needs to be secured

https://tryhackme.com/r/resources/blog/free_path

Thank you, @golden imp! I really appreciate it!

Gave +1 Rep to @golden imp (current: #2556 - 1)

you're welcome

True. But in that case, which aspect of cybersecurity should one focus on today?

it's hard to predict the future even with a crystal ball. but i'd say, that all cyber topics might still be relevant. one might also watch into genAI, i.e. how they work, where are their errors, how are people misusing them and how can i protect a company against that

Did any used Whiterabbitneo?

LOL, AVG is blocking app.whiterabbitneo.com as it is allegedly a phishing URL 😄
I was about to give it a try.

Really phishing?

Thanks but i'm in Myanmar(burma) and i want to have some cert as well for me i want physical class to have connection with, the CEH ver 13 has physical class (and i have limit online resources due to our country situation )

Gave +1 Rep to @fierce acorn (current: #339 - 17)

if not what should i get or do
i'm currently still learning cyber security by myself
i have diploma in IT from TMC academy (i'have been a jr odoo dev for a while)

Should i start with learning path: Pre security or The ultimate guide for begginers

Yes , why not 🙂 ? It's a great place to start your journey 🙂

try to look into some of the fundamental certs you've been reading about A+, Network+, Security+, etc. while you still look for a job. I would recommend still looking for Technical support gigs....mainly in IT...help desk support, desktop support, etc. as this will help you pivot into Cybersecurity as well.

Don't get discouraged of what experience requirement these roles ask for. I'd recommend to still apply for them either way.

A book that helped me fight to get into Cybersecurity was the Tribe of Hackers (the 1st one). If you can, get a hold of that book as I'm hopeful it will encourage you and give you a better insight as what to do next.

And lasty, keep networking. Go to local meet ups if there are any, keep talking to people online, in forums and get involved with your LinkedIn profile. This will help you get exposed and sometimes that's another avenue for landing a gig in Cybersecurity.

I did the free Certified in Cybersecurity by Isc2.. it was pretty basic, but the way they worded questions ticked me off. lol

that's a good start

Why not help here so everyone else can benefit from the advice? 😄

If you have the certs, I would be happy to add them to your account so users know your advice is the real deal.
I don't see you in the OffSec community 🤔

you just have to transfer him 0.001 BTC before he helps 😂

I know who you are 😆 No need to lie to me

https://tenor.com/view/fishy-gif-18064542

by looking at his profile pic, you would need to play a game before you ern your cert

Anyone online here work for epic, ubisoft, riot, etc? Looking for advice on the most beneficial overall resume points that would make me stand out for these employers. TIA!

Prior professional experience is probably going to be the biggest factor, given that they (the companies) are seen as "popular." I would also go in with the understanding that the job will likely grind you into paste.

Thanks for the input!
I have been a mobile home installer for over 10 years, so i cant imagine it can be much worse lol. But i def understand what you mean. "Its a privilege" kinda thing.

And i think you might be right. Im trying to find a career i enjoy, and also make a decent living. im certainly willing to put the work in to climb the ladder, but i dont want to be anywhere that i cant even get on the ladder to climb.

Gave +1 Rep to @stoic cave (current: #19 - 488)

Unlikely you will land a job there with no prior experience. You can look at common requirements for sec positions in gaming industry and find something relevant that you can land on; then after couple of years of experience, go there

Hello All

I am looking to forge a career in cybersecurity and I am looking for all methods to obtain stair step training that will lead to a 250k salary in 254 months as well as recruiters, recruitment firms, and organizations that provide direct hire opportunities for cybersecurity engineers any direction is greatly appreciated.

*I am looking to forge a career in cybersecurity and I am looking for all methods to obtain stair step training that will lead to a 250k salary in 24 months as well as recruiters, recruitment firms, and organizations that provide direct hire opportunities for cybersecurity engineers any direction is greatly appreciated.

?

yes did you google what is your question

I also would like 250k salary in 2 years please, thank you in advance

It's 11 years and some change

254 months

I see their second message says something different

i'll accept 1.5 years no less

I am confused by your messages. Are you asking for a job? Check out #jobs-board. Are you asking for career advice? I am going to assume English isn't your native language, not an issue, sentence structure is just a little confusing.

Maybe a bad discord question, nevertheless thanks for the reply and job board link. Have a great evening.

Is a Security+ worth pursuing as an undergrad student trying to secure an internship?

Just apply to the internships, you don't need certifications for internships.

You also don't need to do internships in Cyber, they should still be in the computer industry, if you want to work in Cyber. So don't limit yourself when searching.

That helps a lot because I've seen plenty of software engineering that I've kind of veered from for the sake of focusing on IT/cyber

Yes. I did it last year, and it's a good, "Foot-in-the-door" kinda cert. Amazing for internships, but requires other cert pairings and projects, for full-time jobs.

I may also need help in knowing where to go from the Security +. I want to secure contracts or even a full-time job. I don't know if I should go for SOC Analysis, or Pentesting.

hey guys , anybody here who is interested in becoming a cuberSec engineer?

Good morning guys

From Nigeria

Probably some, why?

i wanna become one

Hey everyone, I'm looking for the first role as a SOC analyst. Do you know of a remote job for this role? without experience

You can find roles like this on LinkedIn and other job sites, as well as the #jobs-board channel occasionally. You might need to demonstrate your abilities and skills with various tools and technologies, as well as an understanding of cybersecurity, IT and networking in-depth. Prior IT/cybersecurity experience, a degree and/or relevant certifications can be a requirement and would certainly help demonstrate your abilities

Yes, I'm looking every day on LinkedIn for new opportunities but there are not so many in Israel at the moment, so I started looking beyond the sea

If you are looking for remote opportunities you can expand the location to be out of israel

Not necessarily true. For security roles, there is generally a requirement to be positioned in the country where the role is available, due to security/regulatory restrictions. An organisation might have an office in a country providing international services but they would have resources and a legal mandate to do so

ohhh

You, uh, know they're free, right?

can anyone recomend a good way to get a pentesting apprentaship in the uk or start the career with out needing to got to uni as i not the biggest fan of school but doing my a-levels now

perferably physical

Physical pentesting is not common. It can be part of a job role, but it's unlikely to be the entire role.
I don't think I've ever seen an apprenticeship for pentesting either, granted. Remember: cyber security is not an entry level sector in IT, and pentesting is not an entry level job role in cyber. That doesn't mean that uni is necessarily the way to go, although a degree does go some distance towards bridging the gap.

The closest I've seen in the UK are apprenticeships which rotate through various job roles in cyber -- generally alongside a degree.

I suspect you'd have more luck trying for a software dev / sysadmin apprenticeship then aiming to migrate from there.

aright thanks

Dumb question but do you think they will take THM as a reconised coruse or should i start doing other things aswell

anyone hiring devsecops consultants? The company i was consulting to just announced their closure 😦

or devops, am flexible..

Try to take a look at https://discord.com/channels/521382216299839518/775144008853749770 🙂

Depends on the organization.

Depends on the role.

Heard people here are mostly coming from I.T. fields, wanted to make my way over and say hello 😄

I'm in hardware service and slowly heading towards network administration

Currently 19yrs in IT professionally. Not counting the time spent in my teen years taking advantage of AOL and other ISPs on dialup in the 90's during my teen years.

Well , I have a CCNA cert. which is kind of network related 😄

I'm heading towards that certification myself! How tough was it for you? My employment also wants me to get a cert of that value

It was fairly easy imo 🙂

With how much networking knowledge prior?

And did you take the exam online or in person?

Well I had some but nothing special , I learned some new things on my CCNA journey . I took exam online 😄 .

Lovely to read, gives me hopes for myself 🙂

It's a foundational cert. at the end of the day, it shouldn't be hard 😄

Oh I see, thought it was more of an advanced one. I've been scared to set it in motion for a while haha 😅

Well people are overexaggerating CCNA online , it's maybe harder than other foundational certs. but nothing special 🙂

How much time did you spend studying? And what resources did you use?

I used official guide , took me around 3 weeks to prepare . People are also recommending course from JeremyITLabs , you have it for free on YT 🙂

I shall make it a goal of mine to get the CCNA before summer then 🙏

Haking please

Good luck on your journey , feel free to reach out if you need any help 🙂

I love the support you give, you also have a friend here! Reach out to me for anything 🙏

Love the initiative!!

Let's hack friend

Thank you 😄 .

Gave +1 Rep to @edgy coral (current: #579 - 9)

Current job role: Sr. IT Systems and Network Administrator - but also handle 90% all things security related here.

Does your organization hire Junior Sys Admins? As someone with their A+ & Net+ (about to have Sec+) I'm curious what kind of tools/processes someone in a junior role would use. Things like AD? Thanks in advance.

Gave +1 Rep to @undone rune (current: #874 - 5)

Anyone with knowledge on my question above feel free to share. I'm planning to apply for entry level/junior roles after I earn my Sec+.

Check out https://discord.com/channels/521382216299839518/775144008853749770 😄

thanks

Gave +1 Rep to @keen tundra (current: #5 - 1841)

The CCNA content is intended to be entry level. If you know enough to go through a home wifi router and ensure DHCP is turned on, you are prepared enough for to learn the material, IMO.

Oh wow, yeah I configure routers for businesses so I suppose it's time 😅

CCNA? 👀

I am here for that too.

That's noice.

oh wow, i didn't realize that. and cisco has free training for it avail on netacad

No they don't. It's just a small construction company. I oversee 35 work stations - 1 physical server with 3 Hyper-Vs, 8 saws and tables all connected via PLC at 2 different plant locations here in Florida. 12 Printers and 3 large format printers.

PLC-connected saws? 😄

Hello everybody guys, i passed the EJPT exam 😄 i would like to know where to find my first job as junior pen tester, do you have any country/company reccomendation? any tips would be great ty really much

Yup... Here in the main office it's all Truss (roof and floor) designers and an engineer... Out at the plant locations we have multiple PLC Saws and tables for cutting the wood, laying out the cuts to put the connection plates on and rollers.

How much was that test ?

You're going to want at your countries preferred jobs board to see what they're requiring. Do you have anything else besides the EJPT, such as a degree or prior professional experience in the computer industry?

Costs adjusted for location are available on the EJPT website

Thanks , chatgpt ses 249$

Was just looking for a roundabout

Sounds unethical and potentially illegal...

I hate this new generation of people who use a potentially (and often) incorrect GPT/LLM than actually spending the 10-30 seconds to Google the correct answer

nostalgia ... i could just hear the famous dialup tone which most of them would have never heard in recent days 🙂

No, i just have the EJPT, no technologies background

I paid 249$, but now should be in promotion at 200$

What do you guys think. Picking up cybersecurity as a career or as a hobby?

Pick one and it could also lead to the other

Do it for career and you think it's so much fun you'll also do it for hobby. Do it for Hobby and then think why not earn some money that way too

Both 🙂

Hi everyone hope all is well, currently a service desk analyst trying to get into cyber security. Doing the level 1 soc training course and I’m really enjoying it. learning more blue team stuff. If any one had any pointers for me to study on it’ll be much appreciated:)

Just got an interview to a pentesting company. I'm applying for Jr-ish position. I've been given 3-4 days to pentest a web app and write a report. Any tips n tricks or should I just do everything the same way I've been doing in all web app ctfs?

For context I have no prior job experience. I am graduating as BSc. this spring and been doing quite a few ctfs lately

Congratulations! This sounds like an awesome opportunity. I hope all works out well. I don't have specific advice to give except for use GPT as a tool to help you pentest/write that report. Best regards!

Right!?

Now to find some of those roles as remote work.

@agile igloo Hello, I'ev recently pinged you, and you've ignored me, please DM or ping me when you're here.

hey hackers, i am not sure if this is the correct thread to post in , but i was wondering if anyone would like to help me with finding experience opportunities. I just finished my CCNA and i am looking for a job/internship to start collecting IRL experience.

You should consult local jobs board.

LinkedIn

And TryHackMe's job board on LinkedIn

I have a LinkedIn account that i do read on a daily basis and i will be checking out the THM job board. My main concern is what job title should i be looking for that will give me a good opportunity to learn about networking while actually having no field experience.

Congrats on getting CCNA 😄 . You can check out job-board here https://discord.com/channels/521382216299839518/775144008853749770 🙂

Anything other than CCNA?

Hello I need guys I need help. Have you guys completed J.Penetration Course ? I was studying and came to walking through application part and could figure out how to change password . Could you guys help me?

Hello all,
I'm currently taking the tryhackme cyber security 101 and google cyber security courses and have gained significant knowledge thus far. I'm currently in the restaurant industry and would like to find something in the I.T. field(remote jobs) now as I continue to further my cybersecurity knowledge, or would it be best to continue working in the resturant until I gain a certifications? Thanks in advance

You could gain valuable experience for your CV through I.T. helpdesk jobs, that's where I started! Spent some time in telecommunications helpdesks as the foundation of my career. Do work on certifications in the meantime! Best of luck

In addition to what @edgy coral mentioned, you could also see about getting a job at a local computer repair shop that also does managed services or handles jobs for the local governments and businesses in your area. That is how I started out for professional experience back in 2006 vs my previous hobbyist experience.

True that, this was my second step and where I'm currently at as I'm growing my qualifications. Our firm takes jobs for the government's projects occasionally and it's a great addition to your experience

And that's also the point where you'll ACTUALLY learn things.

SO TRUE! That's where I learned more about digital forensics and data recovery tactics.

Bless my coworkers for teaching me their secrets hahaha. Before being hired I had no idea about routers and their management, now I set up vlans and firewalls for businesses. Do you use data recovery software on Linux or Windows?

Both really, depends upon a few factors. Main factor was how much the customer was willing to pay. Some wanted to know if it could be done and would pay just the diagnostic charge of $165 USD - so we'd use OnTrack DR software for that. If that didn't work out, then I'd use a linux based tactic and if it panned out we would charge them just for the recovery media and give them their data. If it didn't work out and needed to possibly go out for DR to a 3rd party then we'd let them know. (This was all 2006-2014 pricing) Thankfully no longer doing that work for that company, hated telling people bad news as to why we couldn't recover Fluffies pictures

Hahahaha I get you, thankfully data recovery is a tiny part of our service shop, but we do get the occasional bad news. I once recovered data from a corrupted drive for an old couple that does shows on the radio, got myself a shoutout on-air 😂

Awesome! My favorites were when someone would come in for DR or even a virus removal. Then comes along the husband asking if we could make the information disappear (before we would even start processes). Only to find out some shady crap going on... either cheating or pedophilia crap. We always did 3 fold backups of machines when they'd come in for DR or Virus removals because you never knew what you'd find. The 1st Backup done was always a forensic image with writeblock enabled, then tossed in our safe under lock and key. Then the other two backups were incase something didn't go as planned and had a restart point. However once something like child p**n came up or any other crime fitting the bill, work would stop immediately and law enforcement would be called. Then they'd have us continue the work, do chain of custody and they'd come up with a reason why to "initiate traffic stop" or something off of our property.

That's crazy, I've not been employed long at my place but I don't think we ever had freak stuff like this. We do get the occasional pink videos from computers, big deal or whatever, but we never had that... I don't know how I'd deal with such findings mentally

Was it a frequent occurrence for you?

Happened twice as for PC drop offs... But at the time we did all the digital forensics for the Local PDs and the County Sheriff's Department there. Until they started getting their own IT staff that could do the work

Most of what we got when they'd come in from the LEO's would be usually just investigation for stolen money from an employer or spousal abuse that was documented but the spouse attempting to destroy the PCs and such.

Yeah you guys got a lot more serious work than we do.. ours is just businesses or family computers not turning on or being too old to function

This year we got tons of outside work for some European/Government projects going on which isn't the most pleasant but my god if I had to deal with such illegal content I'd pick ladder climbing and rack placement any time of the week

Lol. I actually (to an extent) enjoyed the illegal content side of it. Until it involved kids, that is where it was a gray area for me. Mainly because of the whole "cannot pass judgement" and go on a "vigilante" kind of thing.

Now I enjoy a not so quiet life as a Sr. IT Systems and Network Administrator of a roof/floor truss construction company. Handling all things including but not limited to cybersec and even basic web design for the company web page

That's amazing. I want to live life in your field one day 🙂

I don't even want to live my life here. Lol, rather be on the pentesting side of things... Speaking of cybersec, gotta enroll some new employees into knowbe4

Hahaha we can trade 😂 jokes I wouldn't last a day

Knowbe4? You aren't the person on the subreddit who posted some job listings for tennese and such right?

Nope

I enrolled everyone in this company here (the administrative, clerical and truss designers) into KnowBe4 phishing training because back in 2021 (before I came on board) the company was nailed with ransomware.

Come to find out they were using all the same username/password on all computers including the SERVER! And the previous admin was keeping the backups plugged into the server instead of removing them after the backup jobs completed. So even the backups got nailed

Even recently used the Phishing topic from the AOC2024 task in a short video showing them all what happens on the backend and how it happens. Been slowly working on a lab setup at home using a Dell Server and 4 HyperV's simulating our work environment to show just what could happen if that ever happens again

How hard is it for them to absorb that information in your personal experience?

And yet I still find time to go fishing, play video games, go hunting or spend time with the GF... lol

That's the spirit.. 8 hours a day of work?

Bingo!

With my 8 hours I barely have enough time for gym and 1 hour of cybersec learning

And honestly its harder for those that do not grasp the technology side of things. I only have a couple of them though and they're not afraid to ask me questions

OR those that are afraid of change.

For those users, (as well as the others) I try to keep it short, interesting and relevant. Which is harder for me because it's a lot of information to convey at times.

So, would you say that you don't really enjoy what you do at the end of the day? Or are you just chasing an opportunity better suited for you?

At the end of the day... on the Admin side of things.. No I don't... On the Cybersec side, yes I do.
A lot of my day here is spent twiddling thumbs, going through THM/HTB or other resources until someone pages my desk phone with an issue.

I personally thrive in a high stress environment like a SOC or a Major Incident Coordination center. I find a certain peace and calmness, can focus and work. Much like Hurricanes, I find a certain peace and calmness within them and within myself during them (I live in Florida)

Ahhhh that explains it, I found your secret

You're a Florida man!

Lol... Born and Raised native

So how often would you get paged during the day? 5-6 times?

I WISH! on avg... Maybe 5-6 times a week! I'd say maybe 2xs a day unless we rolled out an update to the Alpine Software. Like we did in December, then it's a crap shoot

Hahahaha so you practically get paid to be on THM and HTB 😂

Yup

jesus that's 1 incident per a day+ 😱 I think that means you're doing well at your job!

Yup, and you factor in there are probably 35 workstations (thats counting my 5 remote employees as well). 15 Printers (3 large format printers), multiple Saws and tables connected to computers, 3 locations (2 plant locations and the office here), 1 Server running 3 Hyper V's.

The rest of the employees are laborers so they don't really touch the computers other than the ones on that are used for the saws and tables and those are on isolated networks.

that's a lot of potential vulnerabilities that you've thought of 😎 Did you study cybersecurity?

And by study I mean took a dedicated path straight out of school

Nope... I actually started as a hobbyist. Building and repairing computers back in the 90's (my teen years) and poking around things that I shouldn't have been on the old AOL Dialup days. It grew from there, constantly learning and toying around where one shouldn't (according to the status norm).

Hahaha so essentially you didn't learn ethically (despite not actually having malicious intent)

90% of what I know I learned on my own or from on the job. I just took my certification exams to get certs back in 2017 because it became increasingly hard to find work and prove it all.

EXACTLY

Any certs that you'd say gave you an edge?

Sorry for the interview style questions, I suppose you understand your knowledge is invaluable 😅

Oddly enough, my CompTIA trifecta and the CySA+. My CEH is basically just a dust collector... Lol

Ugh I'm so not looking forward to getting the CompTIA trifecta 😭

The trifecta as long as you grasps the concepts was fairly easy.

What about CYSA+?

I don't know with the current exams in place, but I know when I took the Net+ and the Sec+, the Sec+ was easier for me than the Net+

I actually hear that a lot. Net+ has a lot of focus on materials used for networking

CySA+ was a cake walk compared to CEH

whaaat!

Yea. But I'm going to say what helped me prep for it was the Pentest+ room on THM and DionTraining Cysa+ training videos.

CEH was mostly laws/regulations and a few outputs asking what the tool was used. Very little to do with pentesting, the CEH practical I've not done. Only because I'm going to by pass it completely and go after OSCP

Hahaha I suppose it really puts the "E" in "CEH"

It's supposed to, however they themselves weren't (probably still aren't) all that ethical. There's been some plagarism and sexists things that have happened with them.

28mins and log out for the work day!

CompTIA exams are ironically the easier exams compared to the vendor-specific or specialized exams

So true, however those vendor-specific ones will test you on their tools and usage a lot more than CompTIA will. Yet, the CompTIA Pentest+ is supposed to be more difficult than the CEH. Not sure though, as I took the beta version of the latest and didn't pass it... Missed it by 5 points

Those 28 minutes rarely ever pass quick 😭

15 mins left though

So true! But this helps as well as the occasional text from the GF while she’s stuck working in the hospital helps too. lol

Ahh, sounds exhausting what she goes through :/

Is she a nurse?

She’s a respiratory therapist

does this look good so far for the isc2 section? this for my resume i already had the rest of my resume looked at

PLEASE PING ME (this channel moves fast)

the blacked out parts i got help with too but i m just asking aout hte certification

Edit yes its called isc2 certified in cybersecurity certification

Hey. I hear a lot about certs but nothing about the clearance you need also. Do you need a security clearance to work in cybersecurity?

unless you're doing any government work, no you do not need security clearance to work in cybersecurity

Isn’t most of the work government… I mean I live in Washington DC…

The vast majority of cybersecurity work is done for private entities, and does not require an official """security clearance""", though those private entities might have their own version of it.

All the jobs on indeed need clearance it looks like

what are your search terms?

Cybersecurity

Well yeah the first option on the list requires a TC/SCI clearance because it's government work

Specifically national security

is there a specialization you're looking to do? because cybersecurity is a pretty broad term. Also being in the DMV area, it's a lot of government jobs in that area. If you search somewhere else like New York or San Francisco, you'll likely see less government jobs that require clearance

There's also a T-Mobile position that only asks for a GCIH cert

It all depends on where/what you're looking for.

I need to look in the private sector then

Yeah any public sector stuff is gonna need clearances for the most part.

Which is entirely possible to get if you can find a sponsor, it's just tedious and time consuming

I’m just need in anywhere really public private it don’t matter

What about a degree? How come nobody wants a degree?

Certs certs certs…..I got certs up the wazhaaamm

The cyber security industry is... Weird.

Some people value degrees, some certs, some just proven ability, some want tons of experience regardless of any of those things, some want all of it

And sometimes you just get lucky

there's no real degree path in cybersecurity, because the landscape is changing so much. As long as you have the knowledge of how systems work, networks interacting, or how applications work, you can find a job.

In my experience a lot of the certifications also have different tiers of recognition of your abilities too.

Idk if I can post links here, but here's a pretty comprehensive list of certifications you can get https://pauljerimy.com/security-certification-roadmap/

with a tiering system of how each certificate reflects your experience level

you live in the center of the federal government, so obviously you will see a lot of jobs requiring a security clearance

you get a clearance through employer sponsorship if you enter the federal workforce as a civilian

it isn’t that nobody wants a degree, but it’s just that some have differing views on the value of a degree

and you don’t need to spam certifications for no reason either

Where you are, yes.

If you're interested in Government work, you need a degree

Guys this might sound strange to ask but this youtuber got his account supposedly "hacked" since he cant log in. He emailed youtube and this is what he got

oops i cant upload pictures here

You need to verify, but I'm not sure that would go in this channel anyway

is it fine if i can post the email that he got in any way?

Just to clarify wording, I would probably change federal, in federal workforce, to public/public sector if you're referring to both contractors and federal civilians. Federal civilians are those directly hired by insert agency and receive a paycheck from the United States Government, which is typically what is meant when someone says federal workforce.

It's a small, somewhat annoying, difference

I'm not sure what you're trying to do tbh, we don't really do drama here. This is the careers channel

my mistake then where can i ask my question?

a degree is not a government job requirement. some positions it is not flexible on, however, there are a lot of personnel with no degree working federal jobs.

I don't know what you're trying to ask?

a youtuber that im friends with (he has a channel about "Learning Arabic") somehow he cant log into his account, he emailed youtube and he got an email back by saying we dont have enough proof that your the actual guy (I can send the whole email that he got if thats fine). My question is (because im trying to help him) how can he get his account back ? Do you guys have any knowledge with this specific situation

If you're talking about the government as a whole, sure, there are positions that do not require a degree. If you're talking about any sort of systems engineering, cyber engineering, cybersecurity, etc etc I can almost guarantee that it's required. The caveat there is that DOD 8140 is changing things a little in the defense sector, so you'll start seeing requirements change over time. Wouldn't expect anything drastic though.

this isn't a tech support channel...sounds like he will have to take it up with Google/YouTube

That's automated and they need to provide enough information to recover the account.

Which means remembering their password

Other than that, contact Google support.

I'm don't mean to nitpick, but I spent over a decade as a 2210 in multiple gov agencies, to include DoD. I made it as high as the GS-14 level with no degree of any kind.

You are correct, DoD 8140 is their directive for establishing qualifications with regard to their cyber workforce. Outside of the defense world, with the exception of the IC, if you are applying for your first federal civilian role (cyber or not) you can leverage a degree or you can use experience. And if you have no basic experience, well, you can plan on landing yourself a role in a SOC, if you're lucky, doing tierI support. Most likely you will have to begin in a help desk support function if you're that green.

anywho...government cyber jobs and federal contracting roles are very competitive. And if you have no clearance to begin, it's tough for many to get sponsorship (especially in the DMV area) where there is a lot of cleared talent.

I don't mind and don't think it's a knitpick, it's just that the landscape has evolved/is evolving, even moreso over the last 4½ years I've been in the space. I literally couldn't bring people on because they didn't have a degree. I also understand that that workforce code is a bit of a catch-all, so it doesn't really give me an idea of what you were actually doing . I will say, to make it to 14, without a degree, is rare now from my annecdotal perspective.

true! 2210 is the black hole of government technology roles. I held a few...INFOSEC, APPSYS, ENTARCH.

for sure on that last part...I may have been an exception to the rule. I do know at that level, and being a supervisor, I didn't want to go any higher lol

Lol, yeah, you basically have to have the incumbent leave/retire/pass to get to 15. I don't even want to know how to get to SES

Hello!!

thank you very much!

Gave +1 Rep to @keen tundra (current: #4 - 1880)

comp tia security+

Hello , welcome 🙂

Hi guys! It's my first day using try hack me and I'm excited! I think I can learn a lot of things here!

yea you will!

I have a lot of free time, and all the time! Today I sat for over 8 hours!

living the dream

Job market is rough, apply local

Thats plenty

Of course you can 😄 . Feel free to ask something whenever you need help 🙂

I wanna create a website/blog to document all the stuffs i'm doing, is it okay to have it under my online username or is it better to use my real name

Hey guys! I was just wondering if anyone could tell me if I’m wasting my time applying to jobs on LinkedIn and indeed, is there another place or way I should be applying?

You can check out company’s career pages too

Linkedn has like stagnated some roles and sometimes easy apply feels like a scam

Is there anywhere I could go to see what companies are hiring for specific roles or do I just need to jump around and find out on my own?

What i do is wait for news if a company has some open roles, check their feed out on Linkedin and then check out their site to see of they do have open positions

Okay I’ll try that out, thank you for responding!!

Gave +1 Rep to @whole frigate (current: #2573 - 1)

I am not sure if theres a place like that, even i am searching for it

I have many contacts working in Software so i usually ask them if there are open roles in security alone in their team or something that way i know if there are openings or not

No , I don't think you're wasting time 🙂 . You can also check https://discord.com/channels/521382216299839518/775144008853749770 channel maybe you can find something interesting there 🙂

will do! Thank you!

Gave +1 Rep to @keen tundra (current: #4 - 1882)

i neeed job soc analyyst

what certification carries the most "respect" in the cyber community? also what sector of cyber security would you expect to see the most grown and in demand in the next 5 years?

The CISSP is difficult to earn, I’d argue it’s one of the most respected Cyber certs.

thanks for you response REV!

Gave +1 Rep to @tall frigate (current: #1269 - 3)

Tis mine honor, sirrah.

Maybe OSCP is the most respected but again it depends on the field of cyber security . BTL is respected on blue teaming side . Comptia certs are also common 🙂

thanks for the response, i will be considering this! what sector would you say is in most demand right now? red teaming or blue teaming? feel free to go in extra detail or PM me

Gave +1 Rep to @keen tundra (current: #4 - 1895)

Hey. SOCs and NOCs have 24 hour shifts right? I mean cybersecurity is a 24 hour industry?

It’s not just a regular 9-5 right?

Guys what course is better for ComptTIA + ? Myke Meyers or Proffesor Messer

A lot of people are recommending Messer 🙂

I think it's easier to land a blue teaming instead of red teaming job 🙂

But I saw that in messer's course he has only 9 hours of content and Myke has like 30 why

Why don't you watch both and see which one better suits you 😄 ? I always try to combine a few different sources when learning something 🙂

awesome to hear!

I watched both . And read the book. Mike Myers wrote the book. Messer gives a little more insight into the material

But Mikes book has links to study practicals and software

And Mike has visual aid in his videos also

Hey all, I was wondering what the main difference between pentesters and red team was? As I’ve recently learned they aren’t the same thing.

Yes. They generally work in shifts.

Not a whole lot of point in only monitoring 9-5

Red teaming is a broader range term , pentesting is one of the red teaming activities 🙂

Pentesting looks for vulnerabilities, usually in a specific application or system (including a wider network, etc). A pentest is generally only interested in technical vulnerabilities (even if the impact of those vulnerabilities may be social).

A red team engagement is more about the wider security posture of the organisation. It's taking into account things like social engineering, and generally executes most of (or a complete) killchain. A red team op is generally adversary emulation (i.e., mimicking TTPs used by a specific group)

That is incorrect

Is course careers worth it? does it give you that extra push? or should we just focus on comptia certs

If anything a red team engagement is a more specialised form of pentesting, not the other way around.

Course careers?

https://coursecareers.com/explore/it?campaign=1jl&a=6c6aa2eb

wait, isnt that considered a bootcamp

Heck if I know. I've never heard of them if that tells you anything 🤷‍♂️

If I saw that on a CV I wouldn't glance twice at it. That said, that doesn't mean it's not more recognised elsewhere

Okay so red teamers go through a more intensive process from a wider scope to identify what the threats doing compared to regular pentesting? Sorry i’m kinda new to it all just trying to understand all the career paths.

yeh i was just looking around and stumbled upon it

Essentially, yes.
A typical pentest is a week or so max. They can be longer, and they can be shorter, but that's a rough ballpark.
A red team exercise can take months. There's usually a full research stage at the start, and the scope is generally significantly wider.
e.g., the org might ask a red team to emulate a current threat which they are particularly concerned about. The red team will then go and develop capabilities to emulate the tactics, techniques, and procedures used by that group. If they're doing initial access testing (doesn't always happen -- sometimes it's an assumed breach scenario), they generally do OSINT / footprinting in preparation for an initial access phase as well.
Then in the actual hands-on portion they execute the kill chain and basically see what happens. It's scenario testing of the organisation as a whole (whereas a pentest focuses on finding all technical vulnerabilities in the scoped system).

Oh , my bad then 🙂

All good 🙂

Ahhh okay I see thank you! Sorry if it was a dumb question 😭

Gave +1 Rep to @undone shore (current: #10 - 816)

Very broad question, but what can I expect from a phone screening for a cyber intern position and how can I prepare?

Should I expect to answer technical questions?

Again, apologies for how broad the question is, I know it varies widely from company to company

Nah, all good 🙂

I would expect to answer some simple technical questions, but remember they won't be "out to get you" -- they'll just want to establish who you are, your attitude to the work, and roughly what is your level of technical knowledge.

It will likely be more of a chat than a formal interview for an internship

Awesome, thanks for the insight

Gave +1 Rep to @undone shore (current: #10 - 817)

It is likely going to be introduce yourself. What makes you a good candidate for the role.

You will tell them your experience. They will take note and send it to hiring manager. Recruiter doesn't do technical interview

Who says this is the recruiter?

Probably a chat to make sure you're a legitimate applicant.

Does anyone have an input on vendor specific certs? I’m debating on Az-500 or CCSP. The main goal for me is to get a broad knowledge and to have an advantage in a resume. I’ve started preparing for AZ-500; however, it seems like they just want you to know how to click buttons in Azure. Thank you!

anyone here TRYING to learn Python and feeling really overwhelmed? Uggg.... I HATE python! Linux and windows command line I'm going well with by python SUCKS!

Sounds good, thanks

Gave +1 Rep to @broken idol (current: #1 - 3219)

Wait till you start learning java and c💀

Hi. I got a "chance" to get into a Cyber school. 2 Year school. Vocational school .. Sadly it cost 15k Dollars for 2 years. But its studentloan freindly in Norway. So it wont ruin my economy. . Im enjoying try hack me, but i feel the school is "basic" when it comes to Cybersecurity. The theme and the subjects they go trough. But its probaly easier to get a job with that maybe ?vs Tryhackme "hard" for 2 years + get certifications. Dream job is SOC, but i can also take a entry level IT job to start there

I don't know that I'll be doing those. Lol

What is your end goal for learning python?

I'm looking to get into digital forensics but when I started just at a general cyber career, many sources said to learn python so I started to try to learn it. But idk that I'll need it for digital forensics?

I haven’t met anybody that has a actual job in the field of study. Does anyone on here have a job in cybersecurity?

Plenty here do

we’re all grifters pretending to have a job in cybersecurity /s

Does most people here have education or coming from selflearned?

Learn the basics before learning python. There’s a lot to learn outside of python coding. Check out the cyber defense path it’s pretty in depth

You're going to need to build professional experience if you dont have any already and are not intending on doing a full 4 year degree. IT Helpdesk is a common starting point and Tier 1 doesn't require anything other than an interest in the space.

Digital Forensics is difficult to get into, frankly. Not to discourage you, just to give you a heads up on what's ahead. If you're new and looking for content to learn, take a look at the #pre-security-legacy-path on THM

Hey there! New here and new to cyber-security. I have recently finished the presecurity pathway and on my way to Cybersecurity 101. I have an interview incoming and they would ask questions like this :

User input: filename and keyword (both strings)
It had a Powershell scripts which includes these two parameters.
Then some more code to create a tempDirectory and run powershell.exe from that temp location.
We have to tell if there is any vulnerability and how to exploit it.

and

A user has reported that they have found a vulnerability for an open source project hosted on GitHub. That source code has a storage account (blob storage) endpoint mentioned. The hacker has shared a screenshot of the output of nslookup <FQDN of storage> with us.
In the screenshot, dns name resolution is failing. We have to explain if this is a valid vulnerability.
Which course/section do you guys recommand me to focus on? The job posting is for Security Researcher.
Any help would be greatful. Like what sections/ path or any other resource or any input. Thanks.

Why is it tough to get into? Any thoughts on what 1 step below that would be? Lol like another goal to aim for but keeping on the same course?

hi guys hope y'll are well. please i need a clarification on this: what is the difference btn a soc analyst and a cybersecurity analyst?

SOC analyst monitors and responds to incidents in real-time/near real time while cysec analyst is broader range term reponsible for a broader security posture of an orgnaization and risk assessment 🙂

You have a career room on THM which explains positions/job roles in cysec 🙂

thank you KGB

Gave +1 Rep to @keen tundra (current: #4 - 1919)

Here is the room link btw 🙂 , sorry for my late response 😄

https://tryhackme.com/r/room/careersincyber

Thank you

Gave +1 Rep to @keen tundra (current: #4 - 1920)

Someone like me who is going to give CEH , also doing tryhackme labs daily , and trying to do some projects , as a 3rd year what are the important aspects that i need to take care along with the CEH before applying for internships ?

If i remember correctly, the mentors told me certs aren't necessary for internships, that the best thing to do is just go ahead and apply, especially if you already have academic experience

I would clarify with them just in case

I am currently doing Btech in CS , but just a decent CGPA(7) , i was thinking heavily to do ms in cyber in germany . Am I thinking in the right direction ?

That would be a question for the mentors. I'm just a cyber student myself but was lending a hand with your last question. If Did You Google? is online later, they can give you more solid advice

I had done quite some googling , first I came with doing Mtech in India , but I didn't saw much hope here , so gave a thought to outside MS , I also took some advice from some experts like Rijul Jenjen , he said ireland , new zealand were some great options cause , here in India we get not enough salary . Well thanks for your time !

Gave +1 Rep to @storm geyser (current: #772 - 6)

Of course man. Good luck on your journey

Thanks man

Hi everyone,
I've a question for the community, today I failed my GPEN exam from 1%... I paid myself with their study programm but while I'm pissed to have spent so much money, I'm wondering if it worth it to do a retake. I've the knowledge, I just poorly managed my time on this one that led to some question that remained unanswered (skipped...). I've already a foot in the cyber world and two other GIAC cert's (GNFA & GCFA) and not really planning to go red teaming/pen testing soon.

Thanks in advance for the advises

I'm not qualified to speak on this because you're at a much higher level than I, but from my surface level perspective I think $900 is a lot of money to spend on a retake if you don't plan leveraging that certification. At the same time, I believe you would pass it if you took it again, and GPEN is, from what I'm reading, a prestigious certification to earn. I suppose it comes down to how much do you need that $900?

SANS/GIAC is a prestigious organization known for their world-class training and is considered to be the cream of the crop of InfoSec training, so yeah, it sucks

but as mentioned, it comes down to how much you need that $900; otherwise, you will have to get funding from somewhere else, most notably from your employer

people usually expense SANS/GIAC certs/training through their employer

Will reflect on it... Thanks for the advises!! 🙂

Hi everyone

I need your opinions/suggestions about my progress in cybersecurity. Who may help me?

Everybody here want to help you 🙂

In 2023, I graduated as a Telecommunications Engineer. In 2024, I decided to start a new chapter in my life, focusing on specializing in cybersecurity. Below, I’d like to share the achievements I’ve accomplished so far:

1. I started learning Linux and Python at the Hack4u academy. Highly recommended!
2. I participated in my first CTF organized by Cisco Latam, where I also completed the Junior Cybersecurity Analyst Career Path course. I managed to rank in the top 100.
3. I completed and earned the Google Cybersecurity Certificate.
4. I’m currently studying the learning path and premium labs on TryHackMe and LetsDefend, with an active annual subscription. This is my main focus at the moment.
5. In December, I participated in and completed the Advent of Cyber 2024 by TryHackMe.
   My next goals include obtaining the Security+ certification and a certification in AWS or Azure.
   My objective for 2025 is to land my first job in cybersecurity. What do you think about my progress so far? Any suggestions or advice to keep advancing on this path? I look forward to reading your comments!

Congratulations by the way, on being like a top 0.1% of the ethical hacking community. Best regards, may thine journey bear good fruit.

What do you think about my progress so far? --You're way ahead of me, and I've been doing this a few months longer than you have. Sec+ should be a breeze for you, and I think you can absolutely land a job in Cyber this year. Any suggestions or advice to keep advancing on this path? --You clearly have the right drive to learn so I presume you will continue in the right direction there, begin networking locally if you haven't already, go to local events pertaining to Security, Networks, anything related to roles you want to assume. Work on your resume, and being interacting with individuals in your area that are in the field. Always keep in mind, "how can I add value to this organization?" Practically, you want someone to pay you to help them do something.

Thank you so much for the kind words and encouragement! It means a lot to hear that I'm making good progress. I'll definitely take your advice to heart and focus on networking locally and refining my resume. Your support and suggestions are truly appreciated!

Gave +1 Rep to @tall frigate (current: #538 - 10)

You're welcome . Coincidentally, I am preparing to take my Sec+ very shortly. If you have further questions, feel free to message me.

Does anyone know if the eJPT cert is worth it? My main reason to get it is to prove to myself that i'm learning and that i'm on the right track. Will the cert provide any other value in the experiences of the people here? Any insights would be appreciated.

not really in terms of HR checkboxes (i.e., an HR professional will most likely not know what an eJPT is if it isn’t specifically in the job description)

you can mention it in an interview, and if a hiring manager is aware of it, then it can be a bonus to your candidacy/resume

oh thanks for the reply - from what i've read on reddit people say its pretty basic the content, however, again, i just want to use it to demonstrate to myself i'm better than who i was a few months ago as the prices isn't that horrible. I will keep your second point in mind when i'm interviews then!

Gave +1 Rep to @fierce acorn (current: #321 - 18)

you can also check out TCM Security’s PJPT, which is more hands-on and requires report writing

iirc, the eJPT has multiple-choice questions, while the PJPT requires actual compromise of the AD Domain Controller and a written report regarding methodology and findings

TCM’s PNPT has some HR clout, but it’s much more vast because it has an external portion to it, and it requires a debrief

does the PJPT teach you how to write reports in their path? as i've never really written one before

yeah, it gives you a template, and it shows what to include in the report

other than those two certs (eJPT and PJPT), there aren’t really any “entry-level” pentesting certs I can think of

wow, thanks for mentioning about PJPT - im looking at the website right now. Thanks again for your pointers today

just keep in mind that these two certs (and other “entry-level” pentesting certs that I didn’t mention) won’t have a lot of HR value; you will have to move up to the OSCP, GPEN, eCPPT, CRTO, CPTS, etc., for that

and obligatory reminder that pentesting isn’t really entry-level, so it will be a hard road ahead but anyone can do it if you have the correct mindset

i will remember this message [edit i have saved the mentioned certs in my notes app]. My current main focus is the A+ exams whilst learning pentesting along side (admittedly the ratio is a bit wonky atm ha!)

Do we have a pentesting/ethical hacking certification roadmap here on the server? I'm trying to decide which certifications to go for first, like eJPT, PJPT, Security+, or maybe a networking cert, idk. I’m not sure which ones would have the biggest impact without jumping straight into big ones like the OSCP, for example. Also, considering my budget, since I’m still a student

Not a roadmap but an outline of certs that are divided into categories of difficulty.

https://www.linkedin.com/posts/mohammad-abubaker-281b14214_cybersecurity-certification-guide-credits-activity-7227123257085165569-ZNNL?utm_source=share&utm_medium=member_ios

that list is interesting lmao

the Security+ and CySA+ are so out of place when compared to the rest in their categories

Oh please no. That graphic is shite

PNPT as beginner lol

i.e., rubbish

whoever made that should be in HR

It's almost as bad as Tux's roadmap from a few years ago, and that was literally made as a meme

I saw this on LinkedIn a few months ago, and I was shocked at the number of likes it received

OSCP is generally considered entry level, but as Juun likes to say, you probably shouldn't be paying for that yourself.

The "standard" certification chart is here:
https://pauljerimy.com/security-certification-roadmap/
Full disclosure -- this is also arbitrary and makes some interesting decisions, but I've yet to see anything better, or more comprehensive.

My bad haha but thanks for the input @undone shore and @fierce acorn

Gave +1 Rep to @undone shore (current: #10 - 818)

All good lmao

Also, christ alive that Twitter card is out of date.

Make sure to actually click the link rather than using the embed

October 2020. That would do it

Anyone on to ask a couple questions ?

Thanks, guys! eJPT > Security+ > CEH > OSCP? Is that a valid path? idk, I’m kinda lost when it comes to certifications. For example, I was thinking of getting the eJPT or Security+ while I’m still in college

I’m basing it a bit on the job requirements in my country and the certifications they ask for

Muiri you got a minute?

is coursera good to get certs and get hands on experience for entry level jobs IT

personally, I would recommend Security+ first as a baseline level of knowledge, as it isn’t hands-on and is mostly theoretical

and what is “my country,” if you don’t mind sharing? in the U.S., where I’m from, the Security+ is a requirement or preferred certification here

and, in general, CEH is mostly valuable only in India, but if you’re basing it off where you’re from, then pursue that

also check out TCM Security’s offerings (PJPT/PNPT), Hack The Box’s CPTS, and Zero-Point Security’s CRTO, but again, you have the right idea with following your job market for certifications to obtain

keep in mind that Coursera courses give you a certificate of completion, not a certification, because they don’t have a high-stakes exam associated with them

they mostly won’t give that much resume value in terms of HR checkboxes, but there is good learning value (and you can mention them in an interview if you think that would make a good answer)

so “get certs” is incorrect, but “get hands-on experience” is a possibility

Oh, I'm from Chile, South America. Here, the cybersecurity industry is something relatively new. Just last year, we updated the old cybersecurity law that had been in place since '93. Right now, there's a shortage of professionals in the field

ah, then I recommend talking to industry professionals there (which I assume you are) to shortcut your way into the industry

and, yes, if you see Security+, CEH, or some other certification in the job market there then ask about it

so whats a good place to study for projects and learning and goof value overall

Thanks, I go to all the talks, events, and CTF competitions I can. I'm not a professional yet, I'm a student, but I want to prepare as much as I can to land a good job when I graduate. For now, I’m a 'Programmer Analyst,' it’s a technical degree here.

Gave +1 Rep to @fierce acorn (current: #312 - 19)

So, I’ll focus on Security+ first and then eJPT, at least to take them while I continue studying in parallel

There's path on THM for those who are interested in Comptia Pentest+ certificate 🙂

Really? thats awesome

Oh you're right!
https://tryhackme.com/r/path/outline/pentestplus

TryHackMe (you’re here already!), Hack The Box, Udemy, TCM Security Academy, LetsDefend, Splunk training, Microsoft Learn, AWS Skill Builder, etc.

even YouTube has decent video courses and ideas you can find

Yeah , there's also a learning path on THM 🙂 . You can check it out on the link below 🙂

https://tryhackme.com/r/hacktivities

thank you !

Gave +1 Rep to @keen tundra (current: #4 - 1940)

Hack the box and install splunk for siem testing is a good place to start

I want to study for the oscp but I can't afford PWK-200 right now. What are some free resources and stuff I can do online to prepare?

https://tenor.com/view/flightreacts-cringe-gif-19831193

thank you!

hey guys hp y'll are well. woow thanks so much for this. i was about to ask about this. i aspire to work in cybersecurity as a blue teamer and presently im preparing for my ceh exams then undertake CSA cert. i wanted to ask if it was enough to get an entry level role, seeing this just clarified everything. once again thanks alot guys

Gave +1 Rep to @glossy dock (current: #2578 - 1)

please do not follow that roadmap

it's clearly made by a person who is not knowledgeable of the InfoSec certification industry, nor the level of depth of what those certs cover to make a reasonable categorization of the difficulty of each cert

this is a much better visualization of the various certs in the InfoSec industry, but there are some interesting decisions and caveats
https://pauljerimy.com/security-certification-roadmap/

additionally, anything other than the CEH are not valued EC-Council certifications, if you consider EC-Council to be valuable despite their history lmao

thanks

Gave +1 Rep to @fierce acorn (current: #280 - 22)

Hi I'm from Chile also 🇨🇱 Happy to help you if you need anything 🙂

Wow thank you! that would be so helpful! can i DM you? 🇨🇱

Gave +1 Rep to @slate pier (current: #466 - 12)

sure, go ahead

If I was interested in working with law enforcement (doing blue team work, like Digital Cyber Forensics), should I still do red team exercises? Advent of Cyber was my first introduction fyi

Why not 🙂 ? You need to know how the opposite side is thinking 🙂

Any ideas on what skills will be beneficial besides programming ? I was thinking AWS............

Very true haha. Thanks KGB!

Gave +1 Rep to @keen tundra (current: #4 - 1958)

More knowledge won't harm 🙂 . Never 😄 . Grasp as much as you can 🙂

Hey, I have a question. Can you get your foot in the door in cybersec solely off of THM ? and By "foot in the door" I mean things like internships and the like. If so, how would someone go about that ? Like how do you include it in a resume if you even can include it in a resume.

If you have a really strong network, it's not impossible but it won't be easy.

Which learning path would you guys recommend for someone aiming to become a Sys admin?

I don't think THM has a path related solely to sys admin role but you can check out SOC1 and SOC2 paths 🙂

Yeah I was just thinking that maybe some of the knowledge will overlap with what sysadmins do

Yeah , it will , I would recommend you to also check some networking rooms on THM but be aware that sys admin is definitely not a beginner role 🙂

Do you have any advice as to what some beginner friendly roles would be? What should I pursue with a Bachelors?

I found a security engineer role that asks for 4 yrs of experience and although i think it would be a reach I'm thinking about applying for it

Well to be honest , I don't feel competent to answer on that question but somebody from the industry will probably reply to you shortly 🙂 . I can only tell you that it may be easier to land a job related to blue team than to red team activities 😄 .

Hy guys, Is Comptia+Security Certification really helpful for a starting job career in Cyber Security.. Everyday iam applying for many jobs. .. and connecting many people through LinkedIn . Everyone needs experience(minimum 3 years) in specific fields. how can a person get an experience without getting a chance for work??

you cant, its impossible. but that doesnt mean that an organization wont hire you. try to showcase your skills by showcasing independent projects/labs you've completed that's relevant to the position you're applying for.

Ah alright thanks mate

Gave +1 Rep to @broken idol (current: #1 - 3235)

Hey Guys i have a interview for this position what will you guys recommend to go over to best prepare for the interview here is the job description

Hello everyone. I don’t know if this the right channel but I need some help.
Three days ago I ve been a scammer victim to a website where I have made some crypto transactions.
The site is still available and I have login access to it with my account.
I known some fundamental hacking but I ask for help if anyone can help me get my money back or at least have access to their system
Thank wall and the channel of course

@broken idol

If you've been scammed, contact the police, revenge hacking is illegal, as per our community rules we don't discuss/help/teach.

Oh sorry I didn’t knew. Thanks for the reply

Gave +1 Rep to @broken idol (current: #1 - 3236)

TCM Security has a help desk learning path that’s free.

Hello there! I recently started upon my path in IT and am aspiring to study IT-Security end of this year. Right now I started a learning plan I laid out myself and would like some feedback: At the moment Im finishing my google IT-Support certificate, afterwards I will do the Comptia A+, before I start in the university I want to finish either CCNA or Security+ so that I can do THM and HTB on the side. What are your opinions? Much thanks for everyone trying to help newbies like me! :)

Did you try it?

Well CCNA and Sec+ cover different fields , so they aren't exactly comparable , maybe Net+ is an equivalent to CCNA 🙂

I have the A+ and I'm gonna do Net+ and then Sec+

Of course! But Im still contemplating if building a strong networking foundation would be more worth my time instead of the sec+

Nice^^ How long did the A+ take you?

Yeah its recommended to do it in the order i wrote

Like 3 months but only because I gave up in the middle and then I got motivated again and finished it

Alright! Thanks for the feedback :D

Gave +1 Rep to @remote laurel (current: #2581 - 1)

btw Sec+ is much easier and more fun than both A+ and Net+

Did you do it full time while working on it or did you work on the side? I do it atm while doing 8/5 weak

Half of the time I had a job and the other half I was at home studying full time

you can DM me for tips

I can imagine! haven´t even touched anything comptia related but heard lots of opinions that its quite dry and multiple choice focused

thanks for the offer ^^

Yes but I think that Sec+ also covers some networking fundamentals 🙂

I've recently taken 3 comptia exams, A+ (101 & 102), and Net+. I'm taking Sec+ sometime in the coming weeks. The study material you use will determine the dryness to a large degree. The program im in at university includes CertMaster Learn, which includes PBQ's & labs. So it's not all multiple choice. There's also a fair amount of book reading. The positive thing about CompTIA certs is they're accepted (perhaps a better word is respected) by most organizations.

I feel the same way. A+ and Net+ build a solid foundation for Sec+. I feel like most of the topics for Sec+ were review, especially because of how extensive I felt Net+ was (with regards to what I see on Sec+).

If you don't mind answering, is your job in tech?

I had my second interview and She didn't give me an offer, said she waiting on funding.

Should I send an email asking for a time frame. I need to give my current job 2 weeks to find a replacement and she got me in the dark.

She said Id make a great addition to the team but no offer

I lowered my asking price. The average is 85000 so s he cant say no

Not sure what this means, but the company doesn't have to pay you what the industry deems average...

i was just saying I asked for less based on what the average pay rate is.

the lowest i seen for entry was $85,000

Send a thank you for now, it does take time for an org to put together some sort of package.

Gave +1 Rep to @orchid raft (current: #2582 - 1)

This is high, even in the US.

It seems a little to much for me. I have no experience in the field.

You would get paid this after 3-5 years of cyber experience in the US.