#cyber-and-careers

These days you could honestly get really good at hacking. Sit outside of whatever company you wanna work at, find a hole in their security. Document it then walk in and show them and they may hire you.

Sounds like they don't have your best interest in mind :\

I'm in an odd position though, I work for an MSP and this is their first major US client, and before that I worked at the same location but I was contracted through an apprenticeship firm

My direct day-to-day supervisor is the homie who took a chance on me and really likes me, but trying to get me hired onto the team as an in-house staff member is like trying to squeeze blood from a stone

The IAM thing was a bone he threw me to get some security adjacent experience

Why don't you switch to IAM?

I'm currently full time IAM Consultant and part time RTO

Isn't that technically unethical and against ROE

It is

Yeah that's exactly how I ended up in Juvie

I was going to say that was like section 1 of room 1 I think

the opportunity existed and I tried to take it but the talent acquisition in the current company I'm placed with didn't like that I had no IAM related credentials (even though those don't really exist) and no degree. Even through I knew their IAM system better than literally anyone because I built it from the ground up. My supervisor tried explaining this to them but it didn't get through

So they hired some goober who I actually like but he makes significantly more money than me to maintain a system I built and documented

WDYM by IAM related credentials?

If I didn't have a degree they wanted to see some IAM related certification from either a vendor the company uses or some vendor neutral cert

Oh, because you said those don't really exist, but they actually do

And are really known

Well it depends on the technology but they do exist

Well since the hiring team wasn't aware of any it was as if they didn't exist at all

Oh I thought it was your opinion

If they aren't aware of any then what do they even know of IAM lol

They don't. They just went to MS Copilot and said "write a job description for an IAM specialist" and just went off of that like it's gospel

lmao

The talent acquisition team here... doesn't provide a good cost-to-value

Only if you have ill intentions.

Even if you don't, you're not allowed to attempt anything without prior consent

In a lot of jurisdictions in the US, merely possessing the knowledge and tools and using them on a business without expressly written permission can be used as proof of ill-intent

In the EU and the Middle East as well

Pretty much everywhere

They cannot get into your head to see if you have bad intentions or not
So it is a crime regardless

Yeah that's fair.

Heck, sometimes even if you do have written permission you can still be charged with a crime. Research the Coalfire Security incident where they were hired by the state government to perform a physical pentest on county courthouses

Correct. Even if you are hired - if you go further than the set scope, it's a crime

They got arrested and charged. The charges didn't stick but it'll still be on both of their records.

They didn't even go further than the scope. The police just didn't believe that pentesting was something that was legitimate and assumed that all of the documentation they had was fake

Fair enough from the Police

That'd be messed up.

The most important is that the charges did not stick

https://www.cnbc.com/2019/11/12/iowa-paid-coalfire-to-pen-test-courthouse-then-arrested-employees.html

In the US if you're charged it remains on your record permanently, even if you're not found guilty. It'll show up on every background check you ever take and it can lose you job opportunities.

Thankfully all of my charges are sealed because they were incurred when I was a minor.

A lot of places do not care if you were found guilty or not. Being charged is enough to make you a risk to them

Especially federal government contracting, they have to be incredibly careful so they just make a blanket rule that you're radioactive if you have felony charges levied against you.

all of that to say: don't do freelance penstesting without first informing the business or individual you're doing that against

and if you do inform them, make sure they've acknowledged it and not requested that you cease and desist

I think I'll stick to field work. Definitely don't intend to jump into free lance any time soon. Freelance before years of field experience seems like a surefire way to make a mistake that could ruin your career before it gets started

I started college in 2003 forced to drop out in 2005. I then had manual jobs, worked at a carpet warehouse for 11 years. Finally got my first IT job in 2017.

Anyone have any recommendations on where to get a cybersec job in the US? I've been using Indeed and Dice, but wondering if there are other/better boards to look for work?

Is LinkedIn a thing in the US?

There's also Welcome To The Jungle, not sure if it's a thing in the US

Oh that's right LinkedIn is US as well. I do have one and have used it a little. Guess I will try to use it more. Haven't heard of that second one, I will research that. Thank you!

No worries

No problem. Happy to give my opinion.
In terms of what will give you the best chance. Simply look at roles that you're interested in and locate the most commonly requested certification. I don't know if this is what others do but it seemed like the most common sense way to approach it.

Take sec+ for example. CompTIA is nearly a household name and its a commonly listed certification in job postings. In my case it seemed like a good place to start. I don't think it necessarily proves you can do a certain job (you should also have some practical/hands on experience even if in home labs) but you learn a large amount of surface level info to prepare you for understanding terminology etc.

Perhaps you could even categorize certifications based on that criteria. One would be certifications that introduce you to a range of topics and are more info based and two would be hands on practical experience based.

Better way to do this is: https://hackerone.com/opportunities/all

I have to take the Linux+ exam on tuesday, ive been grinding every linux course I could come across today for like 9 hours. Do I have a good shot at passing the test? I'm very familiar with computers and the basics but not Linux since I've never used it. Just want to hear some feedback on what my realistic chances are. I also have access to the Ucertify course for Linux+ which I'll be reviewing and reading.

Goodluck! I feel like you got this! I look forward to hearing how you did! (I myself find myself struggling in linux -_-)

You've only started using Linux and you're doing the Linux+ on Tuesday? CompTIA recommends you have 12 months experience using it and their own study guides/courses cover a broad range of topics. It is possible to study for it in about 2-3 months if you work hard. Their study guides are approximately 5-600 pages, approximately. You'll have your work cut out. Best of luck

Hello everyone,
I have 6 years of experience in IT Support, and I am now planning to transition into Web Application Penetration Testing.
Could anyone please share suggestions or guidance on how to get started? Thank you!

Do you have any practical experience? Oscp would be a good start if you don't have one

I recommend installing Manjaro Linux on an old laptop and use it as your daily driver for a month. It's gonna be hard to pass any Linux cert without knowledge of how to use it

Here's the bad thing about Linux: it breaks a lot. Here's the great thing about Linux: unlike Windows, the error codes you receive are actually helpful, but only once you learn the language of how they're presented to you

The reason I recommend Manjaro is that it's Arch-based, so it's simple to break and fix things, but it doesn't have the legacy support that something like Ubuntu has so it'll force you to figure things out for yourself and not just copy & paste blocks of bash commands from old forum posts

@broken idol @tight dew

I'ma come visit you 🌚

nah im joking

Highlighted parts don't do there, as they're not yours.

?

but it just says what ive done

You are confusing certifications with certificates

Projects are stuff you've created.

Not what you've done.

okay removed them now

some people show a few projects of theirs and link their github

i did put my github

and linked in too but

its kinda shit

thats true

anything else i need to change?

but like considering i havent even graduated yet, dont u think my CV kinda solid?

I'm currently learning Web Application Penetration Testing (WAPT) with PortSwigger Academy. I've also set up Kali Linux and am using DVWA for practice.

You should look up PentesterLabs also.

Guys, got a question regarding certifications

Right now I have Google and Sec+

Sec+

The one I’m doing right now is SAL1

I’m wondering what should be after that

Someone recommended me BTL1

How’s CySA in your opinion?

BTL1 is gaining some recognition in the industry for junior SOC analysts. SAL1 is very new and so isn't known as broadly. CySA+ is widely recognised, but as it's just a multiple choice assessment, it's not a good judge of your practical abilities

Correct me if I'm wrong, but isn't SAL1 the only SOC Cert that has actual practical skill demonstration using SIEMs etc... ?

Hopefully overtime it will gain more recognition if it is.

I mean, I would definitely hire someone with practical skills over someone with a cert that is basically built around a simple MCQ.

But that's my opinion.

It has some PBQs too but generally yes it is mostly a multiple choice assessment

If the choice is between BTL1 and CySA+ i would give a candidate with the BTL1 more attention. The practical element is there whereas CySA+ not at all.

The only issue is its not well known enough yet to hold water, Also it still needs some work overall.

Indeed. Painfully obvious when the soc simulator kind of broke on me three times lol.

Oh dear sorry to hear that.

It's still new - so yeah it's obviously not known. As for the extra work it needs, I didn't attempt it to know yet! 🙂

I think since it utilizes A.I. it would be nice if there was a practice scenario as a room on Try hack me and breaks down the components of a complete report that should give you a good score.

There is the SOC Simulator that gives you an idea of what the ai reporting analysis looks for.

SAL1 did feel wonky though in many areas, but yeah the whole cert and concept is new. Looking forward to seeing how it will improve.

To be fair, for such a new concept (Hands on SOC cert) and for it being THM's first ever cert, I think they did an amazing job.

Trust me I know what a catastrophic cert launch looks like.

They did fine overall but I still would have liked some specifics, also I felt like the timeline for being able to take the SAL1 exam if you had a CySA or BTL1 cert, was too short imo.

Absolutely, but i got it for free and they wanted honest opinions - i would be doing a huge disservice by not giving them my honest opinions. 😄

Of course, both of you are correct with your opinions. 🙂

Wasn't it around three weeks?

give or take that is still not enough time to get the core knowledge of what was required and that was also coming off of studying for the CySA the previous 2 months before taking it and passing within the first week of February.

Fresh off the CySA wagon? You had an edge if anything 😉 😄

I felt I was speeding through some rooms without really reading the information to grasp the knowledge and utilize it on a test.

4 months of Cyber Security professional training

The difference with that was I could absorb more info in a longer period and retain it.

Yeah i understand it would have felt a bit stressfull in that regard. I kind of went in to it experience only and got a bit lucky as well.

I wouldn't mind trying to do the BTL1 cert but I would like to find a free course and cert for that instead of paying for it.

Certs don't come cheap that's for sure!

I mean I got my CySA cert for free so I'm not complaining

Through work? Maybe they can finance BTL1 as well?

Through the professional training I got through a nonprofit organization.

Ah ok, awesome!

Hello Guys I am new here any helpful Advise

Welcome , what is the problem 🙂 ?

What does the THM community think about getting a MSCS worth the coin or no ?

How can we help you.

Im assuming you are talking about the best way to learn on this site. Follow along with the writeups and if you have a question now you have a virtual professor you can bounce questions off of (AI). Definitely integrate yourself with AI to help increase your learning speed but dont let it do the heavy lifting for you. I would suggest reading some textbooks on networking and computer architecture too. That way you will really understand what you are doing when you pull off a hack

THM is great but imo doesnt give the same depth that you would get on a industry level text

Thank you for Your Helpful Advise it is Very Helpful in New Journey 😊

Gave +1 Rep to @harsh ruin (current: #1845 - 2)

Of course. For the texts I would suggest the below.

Patterson, David A.; Hennessy, John L.. Computer Organization and Design RISC-V Edition: The Hardware Software Interface (The Morgan Kaufmann Series in Computer Architecture and Design) (p. 1). Morgan Kaufmann. Kindle Edition.

Fall, Kevin R.; Stevens, W. Richard. TCP/IP Illustrated: The Protocols (Addison-Wesley Professional Computing Series) (p. ix). Pearson Education. Kindle Edition.

Also looking at things from the forensics point of view is extremely helpful to see exactly what you are doing from the defenders perspective.

IMO any red teamer worth their salt should be well versed in network forensics. It really helps to see what the attacks actually do to the systems at a overview

Thank you for the recommendations. Both books seem like excellent resources—Computer Organization and Design for understanding hardware/software interaction and TCP/IP Illustrated for in-depth networking concepts. I’ll definitely look into them!

Gave +1 Rep to @harsh ruin (current: #1399 - 3)

Oh! Another good textbook about hacking. Covers low level programming and common operating system attack vectors. It would be good for a beginner as it will teach you a bit of C. Learning the programming language C is essential for understanding the operating system and many exploits

Jon Erickson. Hacking: The Art of Exploitation, 2nd Edition (p. 1). No Starch Press. Kindle Edition.

It looks Good for me Because I just Started 😊

THM is great to learn offensive/defensive work and has a lot of great introductory material. I would just suppliment what your doing with THM with a good textbook. Just a few pages here and there and then before you know it youve read an entire book on operating systems. Everything will make much more sense once you cover the operating systems architecture and networking basics. And honestly both those topics are so deep that it takes a lifetime of continuous learning. So be humble on your journey because we truly are the eternal student in this great field, its about enjoying the work and not loosing your fascination with the topic.

of course and Thank you 😊 for Some Good Suggestions

Gave +1 Rep to @harsh ruin (current: #1129 - 4)

@keen tundra @frigid sapphire - KGB and Army in the same discord channel lol... Havent seen that since Teixeira leaked the AF's intelligence on Ukraine...

right lmao

#ArmyStrong

Ok, then I will skip CySA then and aim for BTL1. Do you know how different SAL1 and BTL1 exam materials are?

Thank you! I’ve been grinding TryHackMe courses about Linux to get familiar and memorize all the commands. I also found a youtube channel with an entire guide on Linux+ objectives his name is Shawn Powers it’s been pretty fun so I’d recommend that! I’m slowly but surely feeling more confident about the exam lol

Gave +1 Rep to @frigid sapphire (current: #2809 - 1)

Keep us posted on how you do! Really cheering you on! And also, thank you for your tips too!

Gave +1 Rep to @tired yoke (current: #2809 - 1)

The training materials or the actual exam? 😅
BTL1: You get access to their training material for about 4 months. After the 4 months you no longer have access to the training material (you can buy extensions 30-60 days) but the exam is available to take any time you want and you have two attempts. You can check their site to see which modules/domains you get to train: https://www.securityblue.team/certifications/blue-team-level-1#domains
You do the modules in order and it's pretty straightforward the way they are connected - you feel like you progress during each one. Each domain have their own lab(s). Now for the actual exam; it's a true 24h exam, meaning you get allocated the full 24h from start to finish. You do an investigative lab (think a bigger/harder CTF) where you use the training and tools you've learned to answer about 20 questions.

SAL1: The training material is everything within the site and you have access however long you pay. I didn't do the recommended training learning before taking the exam but i can say it's pretty comprehensive for an entry level exam. https://tryhackme.com/certification/security-analyst-level-1/details So much so that even though SecurityBlueTeam have their own lab-centric website i felt like many of the rooms in THM helped me grasp certain things for BTL1 (and BTL2 for that matter as well). The training materials have more similarities than differences i would say. The exam however are completely different. SAL1 says it's 24h but it's not really; you're allocated 24h to complete three sections with their own time as you've probable already seen. One hour for a MCQ, two hours for a SOC Sim and another two hours for another SOC Sim. Meaning the totality of the exam is 5 hours.

Which to choose depends ultimately how much real world experience you have, imo. If you've never worked as a security analyst or in a SOC (or you're new and just started) i think SAL1 simulates that really really well; in a way no one else really does.

Thank you so much for explanation

Gave +1 Rep to @dire moon (current: #1846 - 2)

I’m a beginner

So taking SAL1 before BTL1 definitely makes the BTL1 exam much easier, doesn’t it?

Much easier is a bit subjective. But it definetly won't make it harder that's for sure! 😄

You got both of them, right?

Yepp!

After I get both, will I finally be able to get a job?

I recently graduated with a bachelors in cyber security

I know nothing is guaranteed but that should help a lot

What, hell you can get a job without any of them. They certainly are a bonus. Where do you live?

Sydney

Hahaha. This is not 2010 where jobs train you for job. They expect you know everything before hiring

There are some graduate and internship jobs but they have like 10 opportunities and hundreds of applicants

As someone who employs, if we're looking for complete beginner we expect to train you... 😄 It may not be 2010 and many things might have changed but if you want to get and retain talent some aspect of in house training is needed.

It's a tricky one, cause i dont know how australia really does it. But what about your bachelors thesis, got any contacts from that?

Well no

I know there are beginner jobs but they got lots of applicants and everything is extremely competitive nowadays

These certificates might be my only chance of standing out

Better than just applying and hoping for something to happen

I’m starting to think that applying online for jobs doesn’t work and I need to find a job on linkedin or someone in person

You already have a bachelors right? Might want to consider doing some home labs to put on your cv. Show that you have some practical experience. Not sure if you had discussed that above.
Set up a few vms. Perhaps a windows vm that forwards logs to a SIEM then emulate attacks on the windows vm. I started by doing that and even used some of THMs rooms to do so. It is a good exercise.

What about personal projects?

What is that

Something you've done outside of school work that you can showcase. Developed an app, a website, improved upon something etc.

It's extremely competitive yes but don't let that dissuade you. How many jobs have you applied for, have you been to any interviews? Any leads on internships?

Well I applied to many related IT jobs I could find in my city, most rejected. There was one internship that went to next level where I had to do an online intelligence test and I did pretty good but failed to get to next level

Don't know if "SEEK" is a good source, have you seen this three days ago: https://www.seek.com.au/job/83573851

Right now there is one graduate position I have applied to that I’m waiting to see if I get accepted. They said I will get the results by May 1st

Alright, hopefully they get back to you. In the meantime, send an application to PepsiCo! 😄

hi i have a proplem with openvpn

#site-support

Thanks I applied. It’s a bit challenging for me to get a job because I’m on a visa and lots of jobs require you to have a citizenship/PR

Gave +1 Rep to @dire moon (current: #1129 - 4)

I could be john hammond but because I’m on a temporary visa, they will hire Joe Shmoe because he was privileged to be born here

That is unfortunately the reality of the world we live in. It won't be the last time you come across those types of things especially if you ever deal with security clearances.

Are there any viable options where you come from, or is that a no go?

Well of course there is, if I’m ok with being paid much less, but I’m hopeful I can find a job here if I learn a lot and collect certificates to stand out

I will let you know in future if I make any progression or get a job

Yeah absolutely, please do! 😄 You've got great folks here to help so don't be afraid to write. Don't forget to take a breath from time to time, you'll do great! 💪

I was in a resume review session recently. The recruiter mentioned how brutal it is right now for juniors in the field. that the market is against us! - Thoughts ?

The recruiter is absolutely right. Horrible market. Worldwide.

https://tenor.com/view/caroline-cameron-sportsnet-awful-absolutely-awful-horrible-gif-11225079422258787761

how do we know this? is it because a lot of senior professionals are also looking for jobs?

• Oversaturation
• Devs switching from coding to cybersecurity

those devs should stay in their lane XD

They want more money so.

appreciate the thoughts @obsidian rose 🙏

I’ve been considering the Linux+… my current plan is to prepare for the a+ and see if I could be ready to take it by September 25 or not. Then prepare for and take the net+, then sec+. And then perhaps the Linux+.
Hopefully I’ll be employed in help desk at some point along the way and then go from there to SOC, and from SOC to something like pentesting.

Can someone let me know if it makes sense to become a sys admin at any point? I figure Linux+ would help with that…

Good luck and thanks for the YouTube recommendation

Gave +1 Rep to @tired yoke (current: #1847 - 2)

Yep, for sysadmin, that's correct.

I have question regarding the CISSP. is anyone here familiar with the domains required for work experience?

I have basically 8 years of experience in fraud ops., and I wonder is this is considered valid for domain 1) security and risk management , and domain 7) security operations

Thanks

Gave +1 Rep to @obsidian rose (current: #151 - 55)

I don't think CISSP really goes into fraud. It's more tech oriented.

thats my best guess too , although I did have some roles very similar to what SOC analysts do, and roles similar to threat hunting. thats why I am wondering if I can possibly get some years credited

I'm interested in doing cyber security

I don't know what I should do exactly
Can anybody guide me ?

Welcome , you can follow this pathway 🙂
https://tryhackme.com/hacktivities/

Hi, i am currently in bsc degree for computer and am intrested in pentesting and digital forensics. I am very confused what certificate should get first A+/security+ or i should go directly for ejpt/oscp.can anyone guide me?

eJPT and OSCP are for pentesting. A+/Security+ are for entry level CyberSecurity positions and cove overall CSec knowledge, not job-specific training.

Pentesting and DF are 2 different jobs, you can't do both.

Hi to everyone I am new to the Cyber Security Field. For the last 6 months. I have done Google Cyber Security Professional Certificate, Security+, Qualys Vulnerability Foundation and VDMR, SOC Level 1 Path in Tryhack me, AWS Cloud Practitioner and now I am going for AZ-900 and SC-900. I have some experience in IT and some background in Web Development but even though I have crafted my CV carefully I keep getting rejections in the UK for Junior / Entry Level Jobs . The problem is not the rejections themselves but I haven't even done an interview for the last 2 months that i have been applying religiously. Anyone with any hints, tips or any guidance specifially for UK Market?

What certificates would work digital forensics?

I wouldn't know, I'm not really in the DF part of cyber. 🙂

Ok, still thanks for advice🫂.

Gave +1 Rep to @obsidian rose (current: #144 - 58)

If you want a good certification but it doesn't have much HR value, try eCDFP.
https://security.ine.com/certifications/ecdfp-certification/
It's on sale right now.

Hello looking for advice on good starting points to transition career into cybersecurity. I have no background, no formal education beyond high school. I have been using THM and doing a number of the different rooms. I have started to learn a bit of coding that I do for passion projects as well. I have been trying to learn more about windows and linux machines. Is there a certification, a more direct path, or any reccomendations anyone has? I'm currently just looking for some "here's how to get into the door" ideas.

I started out where you did, focus on pathways into general IT; helpdesk, desktop technician, junior sysadmins will always be needed

if you have existing career experience see if you can highlight any technical achievements (e.g. I worked in restaurants and had experience with administrating and configuring the POS software + LAN architecture) otherwise focus on highlighting any soft skills or leaderships roles you had - above all you want to seem like a reliable, honest and likeable person

Thank you @ancient prairie I thought about doing how you said, general IT. I appreciate your feedback, I will consider all of this. Thank you for your time and your response. 😄

Gave +1 Rep to @ancient prairie (current: #43 - 221)

formal education looks good even without completing a degree.
coursera for learning work-related topics
certifications (not certificates) demonstrate your IT&Cyber learning (objective proof of your knowledge/skills) . If you can self-develop IT skills to obtain an IT job, you can do the same for cyber, but I would recommend starting in IT before starting to learn cyber.

Ok this sounds good aswell, thank you. I will continue trying to familiarize myself with basic level IT for now then. 🙂

Gave +1 Rep to @jolly veldt (current: #1847 - 2)

you're welcome!! enjoy the journey!!

Anybody here in security architect? I'm currently at my 2 years and half in the field. I would like to transition into cyber security architect in my 5 years. I would love to hear some advice on how to transition over, certificate to get 🙏

and just to certify IT is a really really vague term right? so like there's everything from consumer IT (job like) to enterprise IT (career like). And each field has it's own tiers. it'll be easier to volunteer yourself to get XP you can then leverage toward a job. eg. i started IT @ 300 headcount non profit and transitioned to remote IT.

Yes this is also true. I have noticed between the terms IT and Cyber Security there is a thousand different paths that you can take. 😄

100% - like global tech workforce - really diverse backgrounds, requirements, objectives where everyone finds their own way in.

This is all why I am going to graduate school at 30... The path from bachelors level work to the coveted DevSec roles is a very long path. An MSCS from a good school and coop experience from that program plus LORs from the professors in your program should help open some doors. In person interactions are worth their weight in gold regarding networking.

If your struggling to get a conversation from recruiters I would build a LinkedIn if you haven't already. Then start networking with people that are local to you. Connect with everyone in your industry, start messaging recruiters and ask them who they are hiring to get a feel for the market.

Linkedin really changed the game. I'm in IT as an change consultant role but slowly and surely I want to get into more technical skills. Need to get my Ms-700 soon as well.

(i studied theology btw, so aside of gaming had little IT experience, got my job through linkedin)

@median reef wanna connect on linkedin?

besides Linkedin what else do you use search for info-sec roles?

There's Indeed, too.

builtin is a decent job board

eJPT or CPTS which should I go for rn

I've been in IT adjacent/IT roles for the last 7 years. mostly around linux server deployment/maintenance. Trying to shimmy over to cloud security. doing a bit of self study and all that. Are there any intermediary jobs between "IT Eng" & "Cloud Security Eng"? I'm under the impression I'll need to make the switch in one solid go but thought I'd ask anyway

This might be me

Although not gonna do full switch, at least not yet

You can also check #jobs-board 🙂

i have 3 years of help desk experience and a sec+. should i shotgun a security job or get a sysadmin job next and pivot to security later?

You wrote a LKM rootkit? Nice!

can i see src? is it on github?

get a sys admin job, sec+ will help in any IT role. People may disagree but jumping from helpdesk straight into security, depending on the job, is a bit silly. If you want to go into a SOC analyst role, that may be doable.

im currently training with tryhackme and hackthebox to get my comptia security+, network+, and a+ certs to land a job as a soc analyst... with no college degree or previous work experience in the tech field, is it still possible to land an soc analyst job? or am i better off trying to get another tech job first and then transition into cybersecurity?

It is on github, It's on my personal github so no. sorry.

Lol

It's just a LKM rootkit, very easy to detect and remove even though it hides from procfs and sometimes sysfs, heheh

Not something special

btw, my rootkit-focused server has almost 1k members, I also own the lkm rootkit code collection repo, rootkit tmpout article, among others. Anyway

"I own a textfile of other peoples work that I show to a bunch of people" nice idk why you're spazzing out because I don't want to show it to you.

Do you have any projects listed on your CV yeah you have the knowledge but have you done any kind of project that can utilize your skills and prove to a potential employer the results you have attained.

I'm not freaking out, I just found it funny that you wanted to leave closed the src of an LKM rootkit that you probably copied from someone else, and not use it for anything. You said you created an LKM rootkit x64, you even cited it as a "reference", at the very least it's curious that it's not on github. It's like you say, "I have a CVE", but you don't want to show which CVE it is,just say it for the sake of saying it, what is curious, anyway, if you don't want to show it, no problem, I was just curious because I'm a Linux malware researcher

How can I achieve doing projects like that and certifying that I did them by uploading them in GitHub . For example like the Forage Simulations or setting up a Home Lab or AD ? Will it count more in my CV ?

I would say do personal projects do a home lab record some results have some documentation for example.

Ok 👌.Do you have experience on the UK market ?

I do not. I'm in the U.S. and am in the same boat as looking for work and what not.

Anyone currently studying for SAL1?

Check the #pre-security-legacy-path #cyber-security-101-path and #soc-level-1-path channels to find people at various stages of learning and preparation

Hey anybody here I am Ayush and I am a beginner in this...
Can anybody tell me that what's the jobs option for me after becoming a cyber security expert and what the salary I will get

Check out this article 🙂
https://tryhackme.com/room/careersincyber

Is A+ Sec+ and 3 years help desk good to get a sysadmin position?

Of course. You are very well suited for this.

depends, what was your duties in helpdesk? I only ask because sometimes helpdesk is just answering phones and putting in tickets and other times you're break fix

is anyone a current pentester? i need help deciding the future of my career not sure weather to go blue or red

Would RTO work for you?

im a big novice i know the basics of blue and red. I have read online pentesters mainly just do 80% paperwork and 20% actual pentests

how would RTO be?

This is correct. I'd put more of a 70-30, but yeah.

@obsidian rose are you a pentester?

maybe you can dm me how your worklife is?

I'm pretty new to RTO, so I haven't done an entire mission from start to finish as RTO is slow, stealthy and long term, but I'm sure I can aswer your questions if you do have some. Reporting also exists in RTOs, but since the mission is longer and not checklist focused, it can be better. But, it's really different from a pentest. It's not "Shoot everything and leave" kind of approach.

Evasion and Stealthiness is important. Quite a lot. It's also not solely technical, you need to develop TTPs etc...

Ya i've read RTO is a lot more better but ive also read that if blue team doesnt catch you it could be a bad thing

The aim of RTO is to not be caught...

how would you describe how RTO reporting goes? the same as pentesting?

I'm pretty new to RTO, so I haven't done an entire mission from start to finish as RTO is slow, stealthy and long term.
Haven't reached that phase yet.
However, what I know for sure is that this is not entry level. It's even harder to get into than pentesting.

So get into pentesting first, before red teaming.

Usually people go for: SysAdmin/NetAdmin/HelpDesk -> Blue Team (SOC, IAM, etc.) -> PenTest -> RTO

Some lucky ones could directly get into RTO after being in the Blue Team for some time, like I did.

However I do not recommend it because you pay the price with your mental health and burnouts lol. I'd rather take it slow next time.

hmm thats definitely interesting

ive seen that red paths are kind of on the low end side while blue has a lot of paths to take

SOC/Security Engineer/Threat Hunter/Incident Response etc

is there anything after RTO?

Red has actually a LOT of different paths you can take, but they are so advanced and uncommon that not a lot of jobs openings exist for them. They do, however, in government facilities. You, for example, have:

• Malware Developer
• Red Team Developer
• Red Team Operator
• Penetration Tester
• Probably Others I forgot.

this makes sense they are probably too niche

Niche is the exact word to use.

would you say you are satisfied with where you are right now?

Malware Developer would only be available as a job in GOV facilities or CTI companies that work as spyware developers for the government.

Why would a normal company need a malware developer? (No reason - unless it's with the gov.)

lol

thats true

The NSO Group, for example, needs them. As they create the pegasus spyware and works with governments. But other than that, not needed much outside.

Are we really ever satisfied in CSec?

#impostorSyndrome

Maybe I'll be satisfied after I pass my CRTO and CETP.

I feel like in any CSec everyone has an issue whether lack of tools to not enough action

and repetitive tasks

i read a blog post about a pentester saying all they do is vuln scans on the same web server

Not exactly true, but it's because of client restrictions. They just want a quick checklist of everything. There's no time for an actual in depth pentest nowadays. (EU Market)

I'm pretty new to red teaming (Professionally), so I might just be saying absolutely inaccurate information, but based on what I'm seeing at my workplace and in different ones around EU, this is what I can conclude.

i did most of the basic troubleshooting like figuring out why a built in webcam isnt working, doing password resets/unlocks, information gathering for stuff that clearly needs to go to L2, and it was all remote

thats ok i appreciate your insights as idk anyone else who is into cybersec

We have a lot of very qualified people here in the field, so I'll let them speak for themselves if they see these messages. Some of them are also very well certified.

Maybe I can come back to this conversation in a few months after I get more professional experience in the red teaming area. 🙂

Thanks for the answers DKob

btw i've had to do fixes that involved messing with the registry

If they have an opening for a junior position as Sysadmin, you can. This is how you learn.

But if you want to later on get into CSec, be careful, because recently a lot of companies are not allowing that switch.

So you better go directly into CSec if that's your goal.

One of the members here. #infosec-general message

that was in response to my question lol

basically im wondering how hard help desk to security vs help desk to sysadmin is

Help desk to Sysadmin is probably easier. They are somewhat correlated.

Thanks

Gave +1 Rep to @rugged delta (current: #21 - 496)

what about help desk to security vs sysadmin to security

Sysadmin to security is easier for sure.

looks like im going for a sysadmin role then

What is your end goal?

Security?

security

Then try for a junior security role first.

If it really does not work out, go for sysadmin.

Because it's becoming less common for employers to sponsor that jump.

but you just said sysadmin to security is easier than help desk to security

It is. When it comes to technical skills, it will be easier as a Sysadmin. (Technical-wise)
However, will the employer let you do that? I'm not sure.

ah

im looking for what's easier to transition to in terms of what a hiring manager would let me do

You'll be more suited for the switch as sysadmin.
But the problem is, if you wait until then, it might be too late.

so go for security asap if i want hiring managers to let me in

You lose nothing at trying. If it doesn't work, go for sysadmin. 🙂

Junior positions - try for it.

If it doesn't work -> Sysadmin.

The worst that can happen is that you'll try again in a few years as a Sysadmin.

But what if it works out now?

Think about it.

Some employers are nice enough to hire you as a junior and train you.

the unicorn employers

btw AI CV writers are the best thing ever

They exist. 🙂

Is it "normal" to go for a junior function at early 30s?

It's always normal and OK to make a career shift at any moment if you are unhappy. 🙂

Why it shouldn't? Don't limit yourself and if you want change career do it, it is better to try than regret.

I'm doing it right now. Go for what you want to do in life. No sense in working a job that you hate for the next 30 years, that was my logic at least

Hello again, @jolly veldt @ancient prairie i was wondering if either of you guys can recommend any free courses that offer certifications that would help began building my IT resume? If not I will shop around but figured I would ask here first. 🙂

Cisco Networking Academy has some free courses that are aligned with certifications (Junior Cybersecurity Analyst is aligned with CCST). Might be worth a look

Hello everybody, I have over 10years of experience in sales industry. I make really good money. I know is going to sound crazy but I am not passionate about what I do anymore. I do not enjoy what I do. I am not happy anymore.
I came across cyber security , and I decide to give it a try. I started watching couple video. I took the google cyber security & Security+ cert. I install VM downloaded linux and have been teaching my self About linux commands. I want to make a full career switch to cybersecurity. I am stuck at where to start. Sometimes I doubt my self so much. I feel I am too old to be doing a career change (I am 32) . I have always worked around tech. My job is in tech sales. So I am very familiar with how computers,networks,routers,mobile devices work.
I want to know if anybody has gone through a similar situation, and what have you done to overcome this challenge of a career change.If anybody has any advice for me, I really appreciated.

My only real advice is this: You are trying way too hard.
You are forcing way too much way too fast. Take a break and let it come naturally. Use Linux as your primary OS, get used to the commands and gradually learn. Rest from cybersecurity and come back when you feel ready to take it on

You have to remember are not a computer, you can't constantly work and expect to remember everything

And as to the age, don't worry

What you are is human, and luckily for us, our life expectancy is quite literally longer than a century

You have time

Hey there, I have a similar background to you being in tech sales for 3 years and I'm 25. For context, I got my CompTIA trifecta (A+ / Net+ / Sec+ ) in the last few months and I'm working on my second bachelor's in IT and master's right now.

My biggest recommendation is to learn how to network within your local and regional cyber community (such as ISC2, which may have chapters with virtual/in-person meetings you can attend). Attend SANS webinars and other free New2Cyber programs (such as Antisyphon) and train as much as you possibly can but don't burn yourself out.

Most importantly: document what you learn and really put yourself out there and network, network, network! if you're coming from a sales field you should know how to talk to people, especially professionals in fields you're interested in.

But first off, you should definitely have an end-goal in mind for where you wanna end up, whether that's blue-teaming in a SOC or red-teaming with pentesting, learn what you like first or else you'll quickly find yourself in the same dispassionate pit as you are in right now. Hope this helps!

Thank you for this, I will check it out! 🙂 Sorry for such a delayed response.

Gave +1 Rep to @next grail (current: #2817 - 1)

Burp's Web Security Academy is also free and I think it is invaluable resource when it comes to web apps 🙂 . If you're interested in that of course 🙂

Thank you so much! 🙂 Also nice to see you! I've been out a bit haha.

Gave +1 Rep to @keen tundra (current: #1 - 4606)

Thanks , nice to see you too 🙂

Gave +1 Rep to @icy osprey (current: #2817 - 1)

Thank you for that information. I appreciate the tips. Good luck to you on your cyber career path.

Gave +1 Rep to @proven haven (current: #2817 - 1)

hello

Is Pentest+ a good cert? Or is it better to get Security+? (Already have pentesting experience, and no other certs)

Pentest+ is more… managing pentests I would say?

Its a 90 item questionnaire and I wouldn’t recommend it unless its a regulatory requirement from an entity like a govt

I would recommend either the HTB CPTS or if you can afford it or your employer will pay for it, the OSCP.

^Agreed, you'd want a more hands on certification and the OSCP (if you have the means to get it) is a really good certification.

Oscp more recognized then cpts

I agree but OSCP is worth $1749, not everyone has that kind of money

I only know of https://www.isc2.org/Certifications/CC -- not gonna get your foot in a cyber door. IIRC you're a self starter without college right? do you want to work at a specific place? how soon? a fortune 500? non profit? industry/cause? anywhere that hires? As the more tailored your objective, the more tailored your preparation. So $500-1500 to obtain A+ and go IT at 65k/yr is a 43x or greater ROI. Same is true if spending 1-4k going to enterprise IT from consumer -- pays when you 1.5-2x salary. Still - you can helpdesk w/o a certification (less so in dot edu/dot gov) so if that can fund your cyber plan -- go for it. There's a $25 cybersecurity zero to hero humblebundle in bookclub channel if looking for low-cost knowledge.

Def get a job before oscp tbh

Ngl ion think the A+ is worth it

For most ppl

Of course, I agree but not everyone also can drop that kind of money just for a certification thats why its always beneficial that an employer will provide for it.

Good morning everyone, I hope you are all well!

Where can I find free security and cybersecurity certification? I am currently unemployed in Brazil, and I am looking for relocation in my country and also international opportunities.

Do you know of any job sites? Please

Certifications are paid, if a cert is free, it won't be widely recognised for job entry requirement.

Ok thanks

Gave +1 Rep to @broken idol (current: #2 - 3660)

@clear surge Please don't share external invites 🙂

okay

You can do the Google cybersecurity certificate (not a cetification) on Coursera. The first week is free, but after that it's about $50 per month. I did it in 16 hours on the free week. You can also do the ISC2 CC, I think they still have a free option, but it will eventually lead to you needing to pay an annual subscription, and you'll be expected to pursue their certs (SSCP, CCSP, CISSP, etc.) which are fairly pricey and have recurring fees when you're a professional. These would indicate interest, but you'd probably be better off going for a tech support/IT position to gain experience and build your skills and save money while finding an employer who'll help pay for your certifications

does anyone have some sauce on getting a job with no connections? or just building connections in general? I am applying to a good amount of jobs that i am decently qualified for, but i feel like theres really no way in unless you know someone in a company or have 10+ years of insane experience

rn i am trying to send out a bunch of connection requests on linkedin to build relationships with people but even that isnt working very well

How much does it cost to renew these “industry standard” certs annually?

Veries with the cert.

Usually $50-$300, depending on certifying body and schedule.

Some certifying bodies will also allow new certs to renew older certs, and have other renewal requirements like CE and CPE credits.

hello guys
anyone here can please guide me about the roadmap of beginner to bug bounty hunter and carrer in cybersecurity
i mean which course i have to do like in tryhackme presecurity jr penetration red teamer is enough?

That's a very good start - after it + some practical rooms you will probably have more or less an idea what to do next

okay sir got it

Hello, dear community,
How to land on 1st pentest job. I am in the IT field for some time, but shifting to cybersec. Unfortunetely without expirience seems hard to get 1st job 😦
I would appreciate some tips, thank you 🙂

I don't have any experience myself, but I'd think depending on the country you reside in you would need some certifications, which prove your skills and it's difficult to land a job as a pentester as your first job.

I'd say start studying, learn about the stuff you're interested in either through THM rooms or completing some other courses about Pentesting and cybersecurity core fundamentals

and as i said... it's probably easier to land a SOC analyst job first, which would later support your switch to pentester as you would know how things work by then

Guys, I am starting my own pen testing company

Pfp 😂😂

https://tenor.com/view/why-are-you-why-are-you-gay-pepe-julian-who-is-gay-you-are-gay-gif-15004128

😆 😆

Yes doing all that, hopefully will find something...

you can always start with helpdesk

helps you understand linux and windows better + strengthens the base skills you got

I am already in the field. I work as a network / network security engineer. just want to shift for fully pentest

Just employers if they see no expirience for pentest even after learning, they refuse. Was one company asking for a junio pentest with 5y of expirience 😄

Thats not junior i guess

Some companies really don't understand entry level and junior positions lol

yeah most companies actually put the experience like 5 years, but I'd still recommend applying as if you know your stuff they'll take you

Hopefully, some will do ctf like interview so i can prove i know something, but still a lot to learn 🙂

To me that should be a smooth transition, regarding the fact that you already a network / network security engineer. It also depends on how long you've been in the field. You may need to add some practical knowledge to your resume, mostly gained from the pentesting rooms

Yes, i thought so... yes i mention always in cover letters. But might be the ATS systems killing the CVs
I guess the 1st job is hard to get in but once in the field than is a walk in the park... maybe 😐

Thanks all for the chat. kudos

Looking for input: A company is flying me cross country for an interview for a junior position. Is this a good sign? is this normal? I feel like this isn't normal at all.

Is this for an initial or final interview? And is this a pioneer position?

final, what do you mean pioneer?

Hello all, I wanted to know what your thoughts are on a cybersecurity post graduate degree?

Oh. If it is a final one, I did come across it when I was still active in the techexams forum.

By pioneer, if the role or team was newly established or in the process of being established.

I'm unsure

Are you currently working in the industry? If so, is your employer going to pay for it?

I wouldn't say it's totally out there, if it's a reputable organization. You can hide a lot just talking through a phone/computer and companies are aware of that. They're likely using it as a final check before making final decisions. Anecdotally, I've interviewed with companies that would bring people on-site and have had peers do it as well.

mmk, ty

I would imagine that if this is a tight knit team/crew they might want to get a sense of who you are in person. Maybe they want you to meet the team and get their perspective on you as well. A relatively small investment for some extra confidence in who they're hiring. I'd take it as a good sign though. You must have done well in the initial interview(s). 👍

hello guys,
can you please guide me on how can I get started with internships and trainings within EU region? I'm new to this field of cybersecurity and have done pretty much of courses and certifications, I'd like to know how it feels like working in real world scenarios

what kind of certs you have ? in EU theres quite a lot positions in LinkedIn

I have a question too. After more than 10 years of sales experience,i want a reconversion to cyber security,cause it gives me the freedom i need. Started to learn the basics ( still going for the pre-security module ). What is the natural job i should go first to gain some experience before aiming for jr. Pentest ? Also,i am 41 right now 🙂

I would say any job you will get as entry level will seem like a downgrade for you, especially when talking about money. I'm seeing many folks that transition from practical security to Sales Security, I'm wondering why you don't stick with sales and be specialist in security solutions sales ?

i am working as a sales representative for Samsung. I don't like what am i doing anymore,because i am in direct contact with regular clients. B2C type of job. I was looking for a job in Cyber security,because of my age ( at 41-45 no one will hire you here in Romania,if you wish to switch to a better paid job,because you are considered old,no matter your experience )

Plus, the jobs in cyber security are waaaay better paid,even the entry level ones,than a sales job with 10+ years of experience

Hi

Hello

typical cyber job to get familiar with the field is soc analyst L1, but i'm sure it's low paying, you can work for 1 or 2 years and then go for L2 or pentester. However , I know many talented people who goes directly to pentest, but this requires dedication and many many months to learn

and I can tell for your case, no one is ready to hire directly a pestest from zero, unless he won/participated in some competitions.

i know it needing a lot of time to learn,that is way my mindset is "programmed" for at least 2 years of learning. So,SOC l1 is the place to start. and for the records,i don't think this kind of job is paid lower than 700 euros i earn now.

yeah I heard economy is bad in romania , but didn't expect it to be this bad 🙃

and yes,i took participating into ctf competitions into consideration.

even an intern in france/germany gets paid more

that's good, for pentest and ctf , once you get familiar with tryhackme, try joining Hackthebox, it's better platform for offensive security / red team

at my level of experience now,in sales i earn 750 euros. and almost all the jobs here are the same. that is why i wanted this kind of reconversion

i saw THM is good as a learning platform,but HTB is more like " i'm not gonna hold your hand,i'm gonna throw you to the wolves"

got an account on both.

yes, so once u get familiar with all aspects of tryhackme, the best thing to do is adding htb

htb is more for practicing and further advance into my study ?

yes, you can tell it's more advanced, especially for pentesters

another question if possible. sdo i need to learn linux inside and outside for an SOC l1 job ? seems a bit hard for me to actually understand those commands. so far i am doing the pre-security module and i am struggling with the task6 in the linux fundamentals part 3 module. the crontab command seems to elude me

I have a feeling back in your day, getting an entry level job was easy, but nowadays, us juniors have to compete with seniors who lost their job or are switching to cybersecurity which is so annoying and unfair

https://tenor.com/view/unsure-not-sure-fifty-fifty-kind-of-kinda-gif-5703140

do You need to be a math mastermind to land job in cybersecurity? Considering that vast majority of things consists of hashing and encryption

No, it depends on the specialization. I'd say you only need math if you want to become a cryptography architect.

also,a bachelor degree is needed or pure skills ?

Depends on what part of the world you are from.

In the EU (Most specifically, France, Germany and Belgium) a lot are having a master's degree as a minimum requirement.

So a bachelor + a master degree.

romania here

so basically i need at least a bachelor degree :DDD

https://youtu.be/5OD6nUHR1l4?si=VmTJLLqzjKSycDlc
Sir, This dude is also from Romania. Altho he was already working as a full stack developer. Maybe you can get something useful out of this video.

I am not sure if this is the channel to have my question answered. But I was curious to find out that when an OS in general does a complete sys update with update libraries and system patches, would a malware that is rootkit be eliminated? Or is that malware still lurking in the OS even after a complete update

Ask this in #general

i will have the same curiosity,but with a twist. After reinstalling Windows,it is considered to have a new and clean OS,but it's trully clean ?

Am I right or wrong?

Wrong on this part:

us juniors have to compete with seniors who lost their job

Positions are categorised into junior, associate and senior. They won't take a senior for a junior position.

So it's simply not possible to compete with them for a position, if this position is categorised for Juniors as they won't be allowed to apply or filtered out in the process.

If the position title is Junior SOC Analyst - you will be competing against other people from this level.

Done with mt Jr PenTest course. Can I start playing CTF’s or I should finish the whole PenTesting room labs?

Any suggestions ??

Finish the whole path first 🙂

Oh okay . Thanks

Gave +1 Rep to @keen tundra (current: #1 - 4636)

I have a quick question, how much do I need to know for SOC L1? I'm pretty sure that not much, but I am not sure what I need to know exactly. Does someone have a good list of interview questions, and can maybe list what concepts I need to know? Thanks in advance 🙏

Linux isint that hard tbh. I recon just googling and using chatgpt to learn stuff you dont know. If your confused on something google the topic and what you dont understand. Cybersecurity is legit just googling stuff

i can say that you need to know well the common commands and how they operate. for advanced commands in linux, no need to rush to learn them if it's hard, you will learn by time and experience

You will learn what you need to learn when you start doing hands on stuff. U dont gotta remember all the commands

easier to just have a note on desktop with all useful commands.. or at least the basic ones

I recommend noting stuff in a site like notion

Basically a notebook for whatever you want

No one remembers everything they learn, what's important is not to memorize, but to understand the core concepts of what you study, and ofc memorizing does help. But just write important things,

i am a bit more classic,using pen and paper

Which is even better imo

Just harder ahah

i didn't reached 41 going the easy way

You 41?

yep

Damn props bro!!

I am like 25 lol and I struggle a lot with studying

41 yrs old fart,with 10+ years in direct sales and retail,with over 5000 games played so far and former game tester for EA in 2012

In 2012 my dumb ass was playing games, instead of putting my diapers in bitcoin...

crypto is an ilussion,bro. if you really want to invest your money,my hands down advice is to go for real estate. purchase and rent. or do what i did. small investments in long term pies. i am using trading 212 and going for euro defence pie. adjusted myself a bit and put 80 euros in there.

Ofc crypto is bs.... I invested a bit in it, and I regret it. All of this shit is nothing but scam...

every month i put 20 euros in that. its small,but its there. at a 20% aa in 5 years i can almost double the investment. say the 5 years contribution is 1700 euros. the total you earn is 3216 euros....out of nowhere

as a side note,2 days ago i manage to revive a nintendo 3ds LL ( japanese version ). moded the console and changed the region for european,so i can have the normal english menu

that means you are on the right path. same as me. imagine i failed to get a proper anser for the second question of task 6 fropm module linux fundamentals part 3. since Saturday i was struggling to get that answer,trying different commands and combos. the answer was simple and all i need to do was to simply open the nano and read it.

happens to all of us. I am struggling with easy questions as well, and even feel dumb most of the times... Most important thing we can do, is to just continue do what we love and not give up

oh clearly i won't give up. i guess this is the mindset a cyber securitty guy has. never give up,never surrender

Not just cyber, in general with anything we do in life. Giving up is losing, and it's not what we want to do.

How to land into the first job of pentesting? Did cerifications are important?

Important not really, knowledge is more important. But they are extremely helpful yes

The correct room for such questions are in #room-help

Better ask there @dull tiger

as a joke : hack into their system and enroll yourself in there as an employee. extra points if you hack into HR files and put yourself in there with a $20,000/month

And telling them in the interview I hacked you and invited my self 😂

the best way to prove your worth

there was a sales joke that circulted the internet. i know it from quora digest. a guy was invited to and interview as a sales representative...the initial discussion went smoothly,and at one point the guy that held the interview asked him to sell his laptop ( the initial idea is to come up with a method to hook him up into actually buying that laptop/device/thing,a role play ) the guy took the laptop and exit the door,and the building,and stood in front of the building. after 3 mionutes the guy helding the interview called and asked for his laptop. the sales guy asked simply and calmly "is that laptop important to you ?" "sure,all the criutical info of the company is in there""how much are you willing to pay for that info ?" " i don't know...at least 100.000" " sir,i am having a great deal foir you, i can give you the laptop for 10.000,what would you say ?"

he ended up landing that job,because of quick thinking...

i imagined an interview for a job like this in a similar fashion,but with a twist. just poking into their network,search for vulnerabilities,compile a report and present it to them...with detailed breaches you find out

:DDDDDDDDDDDD

lmao

Testing without permission?

how else you can prove your skills especially if you're a beginner

That wouldn't work without prior permission, which you won't get.

It's illegal and you'll end up in jail.

Ya true

how can you actually prove your worth without ending in jail ?

if you're a beginner ?

i guess the best way is to have interns

You pass recognised certifications or do insane projects. 🙂

CEH can help ?

Where are you from?

romania

Then no.

CEH is MCQ and has 0 practical skills.

If you were in India I would say yes.

They look for CEH. (For some reason)

In the US, they do too, but less and less. OSCP is the norm now.

Ceh also have practical right ?

Yes, but no one does it, and when you say CEH, it's automatically assumed to be the standard MCQ exam.

CEH (Practical) has 0 additional value in terms of HR compared to the normal CEH.

What about ejpt

eJPT has 0 HR value.

However, it has a very good course.

Then what is good for beginners

OSCP is considered entry level in the US to get any pentest job.

Same here where I am, in the EU. HRs look for people with OSCP, CRTP.

And a master's degree.

But a master's degree is the norm here in the centre of the EU. (France, Germany, a bit Switzerland - not as much as FR and GE, same for Belgium) Pretty much everyone in CSec is required to have one.

Can someone land an SOC job without prior IT / Cyber experience if you have demonstrated knowledge and certs? Why or why not?

Depends on what part of the world you are from.

In the Middle East, yes. As long as you have a Bachelor's degree. A Master's is a plus.
In the EU, the countries that hire the most have a Master's degree as a pre-requisite, and then some experience to it too. (Internships)

But it is pretty common for students to do a lot of internships, it's actually part of the requirements to get your diploma. 🙂

(In the EU, at least)

In the US, IDK how it works for SOC. I can only guide you for offensive security in the US.

How the tates are doing there

Maybe consider working for them

going from jail to border crossing,back to jail,driving lambos in bucharest,jail again....

I thought they cared about experience more than just a worthless piece of paper called degree?

Heard they live in a warehouse, lmfao. They could only afford those cars because they chose Romania to live

if that supposed to be a joke,try again.

Incorrect when it comes to the EU. 100% correct when it comes the US.

because one of them had 5* in real-life GTA

Over 700 employees in my company, 100% of them have a Master's degree. People without it gets refused directly - and that's the case of each every cybersecurity company here.

What about Australia?

Absolutely no clue, don't wanna say misleading stuff, sorry.

Which country it is?

The same way the OSCP is a make or break for a lot of companies hiring pentesters, it's the exact same here for cyber jobs.

France, Germany, Belgium, Switzerland.

All the countries with high salaries

DKob,the master degree is required no matter what job you pick in cyber security ?

asking about EU

That's definitely not true in the US.

We also have HQs in Malaysia and Hong Kong, but IDK what are the requirements there.

A person I know got refused as a pentester here for not having a Master's degree. For context, he has OSCP, CRTP, CRTE. Told him to aim for the US.

So far I have a degree in CyberSec, Currently have Google, Sec+ degree, aiming for SAL1 and BTL1. Is it delusional to get a junior job with these certs or way too much?

That sounds like that's a company specific thing.

Not really, no.

The over ~50 companies I applied for all required it.

(And if that matters to anyone - the Big 4 also all required it here.)

Some people tell me to go apply for help desk first. My plan is to wait and study for certs and get a Cyber job. Is that a bad idea

By 'Here' I meant in my country - not my company. He couldn't find anything in France, Germany.

In Australia, I don’t see any Masters requirement so I think I’m safe

Yeah IDK what are the requirements there.

I have applied for some junior positions. Should I apply for these IT Support/Helpdesk roles too?

I can't guide you since I know nothing to Australia. I'd rather have someone who knows what they're talking about.

I can only guide you for the middle east and EU. I already helped over 8 people (My friends) get jobs there.

Middle east? What countries to be exact?

Lebanon, UAE

These are the countries with the most cyber jobs in the ME anyway.

The best cyber people in the world are trained in Israel

Heard they are the best when it comes to cyber security

I think you're confusing this with their Intelligence agency.

I saw a video where they use IQ tests to find their High IQ and train them from a young age and ofc they end up working for those agencies

Someone on yt said most of the recent advancements came directly from Tel Aviv

Have you worked there?

Yes. 🙂

So probably from there and immigrated to Europe, my guess

Thanks Habibi

https://www.reddit.com/r/tryhackme/comments/1jvhryw/cybersecurity_and_thm_saved_my_life/

Yes, I did take the plane. But I'm dual national so IDK if it's called immigration.

No worries habibi.

Beautiful story ☺️

Sal1 not marketable enough tbh

I know a Jordanian guy who is doing his last year and is in cyber security. I can refer you to him for advice if you’re ok with that

Sure.

Ik, but I like to have some practice before taking the BTL1 and I like collecting certs like infinity stones

Valid

I have a question. How many hours did you use thm daily? And how many rooms did you finish per day?

I wanna know what is the ideal amount that isn’t too much or too low

Trust me you don't want to take me as an example lol.

20 rooms per day then

14 hours per day

Over 6 hours per day after my full time job. I did THM, eJPT/eCPPT certification

eJPT is ~150 hours, eCPPT is ~100 hours.

I'm now doing CRTO.

So you went straight to red teaming

I’m on blue side

My full time is on blue side.

SoC analyst?

IAM Consultant

@obsidian rose brother, mind if I ask how old r u?

Pretty good age with your achievements. Seems like you finished masters very quickly

Is it even possible for beginners to learn proper fundamentals and land a job or its just marketing everywhere? I always thought CyberSecurity = someone who knows everything about computer science, programming, networking, databases and is a God in all these disciplines. But then my friend who started to learn webdev after 4 months of learning by accident landed a security job and they teach her during job what to do and she claims its not so hard as we imagined.

3 Years Bachelors, 2 years Masters (Double degree - CyberSec and IoT)

Ok

Mind if I DM you, I might use your advice, idk maybe you can help me figure this thing out.

I feel a bit bad about myself when I see someone younger than me ahead

I’m not old by any chance

Or I see some 16 year old kid hacks Rockstar with an Amazon stick lol

https://tenor.com/view/well-thats-understandable-i-get-it-that-makes-sense-thats-fair-thats-fine-gif-16971508

Yeah sure.

consider me envious

Seems like you need to accept my friend request

https://tenor.com/view/no-words-speechless-dismay-gif-7582357

**Reposting for clarity. I’m in the US. I’m looking for answers relevant to job positions here.

Can someone land an SOC job without prior IT / Cyber experience if you have demonstrated knowledge and certs? Why or why not?

Were you able to see my response to that?

May have missed it. I’ll look.

#cyber-and-careers message

I am currently working as Information Security Analyst. Haven't talk to the employer about the support, but I did ask the manager and director of what their thoughts were on pursuing a master's degree and both didn't really recommend, so wanted to know what other people's thoughts were.

Depends if you want to specialize in more areas. If u think you are currently secure enough with your experience and whatever qualifications you have then there is not really much benefit. Why did manager and director advise against it? Will it not aid career in the company?

Hi just wanted to know if there is any recruiters from UK here ?

If they aren't going to pay for it, I personally wouldn't.

If you have questions, just ask. If you're looking for postings, #jobs-board

Hello everyone, quick question for anyone that took pentest+ (V3) outside of THM and HTB is there any books you used? Seems recourses are sparse. Thanks in advance 🙏🙏

Potentially, but I wouldn't say it's the norm. Do you have a degree in lieu of the experience? Certifications do not stand on their own, just FYI, they're utilized to quantify the professional experience/meet contract requirements if you have a degree/prior professional experience. If you're just starting out and don't have a degree, or any professional experience, you're going to want to start building. That means doing time on a helpdesk or going and getting a 4 year accredited bachelors in a STEM subject (ie Computer Science).

Comptia will likely have a recommended reading list on their site. You can also see if Professor Messer has a course on youtube for it

A masters degree for entry SOC work? Where are you getting this info from?

Been looking but their study guild is (coming soon). I’m looking for a book and sybex reviews keep saying there is typos and wrong information haha. But thank you for the response!

Gave +1 Rep to @stoic cave (current: #20 - 505)

If they haven't released a study guide then you still have quite a bit of time to certify on the v2 exam. My recommendation would be to go with that version.

Ends in June sadly but I’ll consider it. Thanks again

and they haven't release study materials for the new exam? I find that unlikely. Materials are usually available well before the launch

It won’t let me send photos in this chat, but yeah, they have the cert master but not 003 study guild or training from partner

you need to verify in order to send images

https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-003-exam-objectives-(3-0)

Looks like Jason Dion also has material available

At least you not in jai

jail*

Unfortunately not. I’m starting to think this might be the wrong path for me tbh. I thought maybe I had transferable skills from my current line of work that might be valued. Had a few people it’s more so about the “know how” but I’m now seeing an overwhelming amount of stories that suggest that is not the truth lol.

Hey folks! I’m currently on the lookout for IT support opportunities in Sydney. If anyone knows of any openings or could point me in the right direction (referrals would be amazing too), I’d be super grateful. Thanks heaps!

Please don't advertise here 🙂

Nice. Thanks for sharing.

Gave +1 Rep to @obsidian rose (current: #88 - 89)

Yeah, I've felt like you too man. I would just suggest to let go of what is gonna happen completely. If it is something you love and have a passion for, it'll manifest. I never thought when I used to brew beer that I would get an opportunity to Commercially Brew, but low and behold, one day a dude came into the homebrew store, we hit it off, and I did my first commercial batch 2 weeks later. Just stay learning, stay motivated, and connect with people as often as possible.

Reach out to recruiting agencies and build your own stuff and something will happen, just my two cents

I hate seeing people want to leave the industry, the bottom line is that the world is insanely underprotected when it comes to cybercrime and the world will have to remedy this one way or another. Just like Australia is hiring out of country police officers now. Watch this space, especially in South East Asia

FYI I don't even work for anyone in the industry, I work for AusPost XD, I just see what the world is gonna look like in 5 years, let alone 10. Very least you can protect yourself, because the average person/company isn't keeping up

Hi all, I am currently trying to do a mid-range career change:

My main industry has been geopolitical analysis/OSINT in a public/private setting both for security, diplomacy and politics. I have a mid-range position currently focused on physical security for logistics and international companies. A lot of the ops or functions are very similar to cyber. We often work side by side in GSOCs, we both look at the security threats for a wide range of operational needs just from different angles.

I have recently learned I prefer heavy technical aspect of cyber, have taught myself to code, and built a lot of data analytics in my team. Geopolitical and security analysis is great, but once you understand the fundamentals it's really just about data collection and effective structured analysis. You lack depth anywhere outside of academic research or investigative reporting.

I would like to make a shift but of course would prefer to do so at a more senior level, rather than straight back to entry. I have my COMPTIA cert, just doing the Cybersec 101 on tryhackme for a refresher, I have advanced OSINT experience and coding with python, SQL, and javascript, I am going to do my CISSP this year (do you recommend doing it without the exp?). What's the prospect like for that jump? Is it pretty tough and what sort of other certs/experience would I need? I was thinking best option would be to move into a CTI role which as a I am essentially already a professional sleuth I think, works.

Is ec council ceh or cpent ai certification is good for start for job ?
please guys guide me

From the market itself and the over ~50 companies I applied for where the job description clearly mentioned it. A Master's degree for ANY (Cybersec) entry level job is a requirement where I am currently located at. (Country level) It's a take or leave situation.

As I said, a friend of mine has OSCP, CRTP, CRTE and he's not even getting an interview. The CV is being dismissed as soon as it is being received, even after referrals.

You mean is nesscary to have master degree to apply on in the job with oscp crtp crte?

Yeah unfortunately it's his case. He has all these 3 certs, but doesn't have a master's degree. Just a bachelor's.

IDK why it's surprising to some, the world goes beyond the US and the requirements change.

This is the case in France, Germany, as said above.

This is what you see literally everywhere, and I just picked this SS right now for a junior SOC position:

Bac + 5 means 5 years of Univeristy. (In here it means either an engineering degree or 3 Years bachelor + 2 years master's degree)

And another one, and it goes on and on and on... cc @stoic cave

Depends on where you are based. If you are in India, CEH is still very much accepted, but aside from that, you would have to check based on the job description.

ya i am from india but overall i am asking as i am new in this domain

Where are you based if you don't mind? That is really odd.. I can't imagine someone with a Master's degree would have to do a level 1 triage, scour through logs and stuff like that..

Of course I don't mind, I'm based in France.

Aahh... EU...

Yeah, I did mention EU multiple times. (With the specific countries) But I think Did You Google thought I was talking about the US - which I said does not requires it at all.

SOC L1 is almost non existent here as well. It's either fully automated or outsourced to Asia.

In my previous gig, security certifications are like meh and recognise Master's degree. 😅

We're developping systems right now to fully automate it too. (L1)

Don't get me wrong, the culture in that place is great though.

I totally agree with everyone that a Master's degree requirement is completely wrong.
The dude with OSCP should not have been refused.

Where was that at? Also EU? If so, not surprising.

Getting a CEH might be a bit too much for a beginner as it is quite expensive.

brother, it's outsourced to tunisia , almost all of our soc analysts works for french based companies

Headquartered in Luxembourg, but has offices in UK, France, and otherparts of EU.

ya thats correct as now i am doing pre security jr pent and red teamer from tryhackme

Correct. 🙂
Tunisia, Hong Kong are our main locations.

Oh, then I'm not surprised. Was it for an entry-level role?

soc L1 here takes around 400euros, so it's understandable

Yeah, that's why they outsource it I guess.
Our entry level SOC here is L2, and any other entry level job in CSec requires a MS degree.
I'm just justifying it with proof because I got called out for it.

Around mid to senior, but they don't discriminate when it comes to hiring though.

Oh that's weird. They tend to be less strict about the MS degree for senior positions, even here in the EU.

They are just strict when it comes to entry-level roles.

I worked in an office / branch around Asia that is why they probably aren't that strict when it came to it.

Yeah. I guess it's just a sad reality lol. 3 friends of mine had to stop working and go back to studying at college to get into CSec, They're currently at their grad year and I'm trying to get them a job at my company.

It's just how it is here. They care more about education than certifications.

¯_(ツ)_/¯

how to get started to pursue a carrier in Cyberseurity?

Tryhackme can be a good choice to get familiar with the concepts but i would say start from linux then networking

CompTIA A+ is a entry level cert to get into IT if you are new

For IT professionals, the initial step is to define your cybersecurity interests: penetration testing, bug bounty hunting, security engineering, security operations center (SOC) analysis, or malware analysis. Following this self-assessment, develop a comprehensive career roadmap.

cybercime happens on a daily, even on state-to-state level alone. I saw this news report with a Dutch army cyber commander and he said on a daily basis there are 2000 intrusions a day on the Dutch military cyber infrastructure.

You left a lot of messages, so I may have missed one just FYI. To clarify, you're using annecdotal evidence from personal experiences (yours and your friends) in France and applying it to all of the EU? I was unsure where you were because you were weighing in on 3 different regions of the world above. It's surprising because it's kind of ridiculous and somewhat backwards compared to other countries in the western world, not just talking about the US. cc @undone shore and or @quick forum as they're closer to that part of the world than I am. For their reference, discussion is based on the initial assertion that masters degrees are a requirement for entry level SOC work.

I appreciate the time you gave to read the messages. 🙂 Here's my answer to the points you mentioned.

I think you missed more than one message (including those from yesterday, which were necessary for full context), because you mentioned that I applied an experience from France to all of the EU. If you scroll up, you will see which EU countries I was targeting when I said "EU". I should have made this clearer - it's on me.

Regarding the anecdotal evidence: When the majority, if not all, of the positions you want to apply to (in the areas I mentioned) have this as a requirement, does it really remain anecdotal, or does it go beyond that? I guess we'll have to agree to disagree on this one. It takes very little time to check online for jobs in France and check the requirements and prerequisites. That's how it is here, not only based on experience. I could check for jobs right now, like I did when I sent you the screenshots, and would still find the requirement everywhere for cybersecurity-related jobs.

When it comes to your last statement, we are totally on the same page. It is ridiculous and absolutely backwards compared to countries like the US, and a few others in the ME region. But that's how it is here. Not sure why it sounds so surprising. Sounds ridiculous for sure but not surprising. At least not in here. It is the norm.

You could check yourself by going to the french recruiting pages and verify by yourself, I'd be more than happy to provide the sources. Same for Germany, Switzerland and a part of Belgium.

I always feel like I'm asking a dumb question, but I'm heavily considering using my GI Bill to get a degree for cyber security. My interests lie with pen testing, but when I use the military provided resources (ArmyCool, ArmyIgnightED) It seems to be guiding me towards degrees on technology Data and data collection, my question is: can that actually help me get into a career where Pen Testing is a thing?

Don't rely solely on the resources provided to you by the army, as there a lot of predatory institutions out there that exist solely to funnel money from the GI bill with no actual concern for practical application. They pay good money to be bumped to the top of the list of what the military recommends. Do you have any pentesting experience?

I'll DM you some resources for getting a degree fast and inexpensively if you're interested and there are lots of options for Cyber degrees online, but pretty much all cyber bachelors degree are going to cast a wide net, specializing in something like offensive security would be more of a grad-school thing.

No real world experience. I tested out a lot of paths on tryhackme and pen testing was the most satisfying

That counts for something, just wanted to make sure you weren't someone who'd only listened to Dark Net Diaries and watched a few Deviant Ollam lectures before diving into a degree lol

And yes I'm down for anything you can send me. I just figured a degree would get me hired faster than the certs route plus degrees look good on resumes and help with promotion within the army

It's certainly better than nothing, but I think the best course of action if you're Pentest focus is to build up towards the OSCP and you should start doing CTFs and making a portfolio of written pentest reports. The degree often times is just an artificial barrier of entry. I sent you some resources I've used to get a degree fast and cheap to get over that barier of entry, that way you can squeeze as much as you can out of your GI bill

Oh wait I missed a detail, You're still in the army?

I am yes. My current contract ends in 2028.

Enlisted?

Yeah, not the case in the UK either. A lot of folk go into SOC Tier 1 with BSc. I haven't checked enough listings myself to comment on whether that's even necessary, but masters definitely is not.

E4

If you've served in your current MOS for a full year, go find a career counselor and bug them about reclassing to 17C if you haven't already

Never even heard of 17C tnh

https://www.goarmy.com/careers-and-jobs/signal-intelligence/locations-stats-frequencies/17c-cyber-operations-specialist

When you get out, having that experience in your history will help score you a pentesting job better than any bachelors. Odds are you'll get TS/SCI too which helps you get all kinds of government contracts not available to mere mortals

Hey there, I'm a final year Computer Science student. Can someone suggest a final year project related to Offensive Security with AI

Thank you for that. I was looking into 25 series stuff but this is definitely more what i need

Gave +1 Rep to @vivid thorn (current: #2824 - 1)

Sure thing my guy, good luck! It's a hard job to get so be persistent with your career counselor. Get the list of requirements from them and check in once a month minimum with the progress you've made on those requirements.

Yeah, I didn't mention the UK cause I knew it wasn't the case there.

Fair!

Quick question for anyone good with resume building, Are summaries worth having in a resume? I just feel like something is wrong with my resume in general. Not getting looked at, at all.

I'm struggling too homie. Resume writing is easily my worst skill and all the advice I get seems contradictory

@vestal kelp @vivid thorn same here. I switched my “professional summary” section from a paragraph to bullet points and have seemed to get more traction with that. (I can see people from companies I am applying to are looking at my LinkedIn page). Can’t be sure that’s what the change was but having bullets seemed to give me more opportunities to add “experience” that isn’t directly related to my previous roles.

Yea I have had no luck in the past year and 3 months and my friend just got a job by referral. Too bad he's out of state.

I'm just unsure since I haven't had luck what to change but I put my resume into an ats system and I get about a 90% and been tweaking it throughout the year.

"professional summary" should be an accessible elevator pitch for the things you have actually done. It shouldn't be a place for things you have not done for a job, nor for things that are unrelated to the roles you have or have had.

send me your redacted resume's ill rate them 1-10 and tell you why

Can I pm you?

I feel like mine is like that but I could be wrong

yeah

I sent you a friend request since it didn't allow me to send a message

yeah if you have DMs open on this server you just got badgered by people all the time

Yeah like my buddy said, this isn't some nerd in a basement, it's an entire military division in N Korea lol

And to everyone saying everything will just be outsourced, it's a half truth

End of the day, countries are going to require citizenship/residency in the future due to citizenry allegiance reasons/punishments

I stand by what I said, don't think THM will get you a 100k a year job, but don't underestimate the demand either

Countries like Thailand and Cambodia have had both their kings specifically state the need for more cybersecurity and where I live in (Australia) I've had my info hacked out of government agencies

All it will take is a court case for liability and cybersecurity will be as common as physical security guards for insurance reasons

Not worth doing with my own money?

They think it's better to keep working, gain experience and do other personal learning rather than doing a master's. I could still do part-time if I wanted to.

Haven't really decided on which area to decide yet, but I do like the cloud space at the moment. Recently passed AWS security specialty, so I was also thinking of pursuing CCSP.

yep

I am actually going to school under the GI Bill towards a degree in cybersecurity. I just did my own research into schools and went from there. I am aiming for Red Teaming, apart from school, I also do side projects to enforce learning. I am coming from zero knowledge, but so far in these months I've been feeling very optimistic as I progress. I would agree that many institutions prey on those with the GI Bill but if the courses they offer align with the career you want (like red teaming, blue teaming, networking concepts, scripting languages, etc.) I'd say that's a step in the right direction.

Not a company i work for, but if you are located in manchester
https://nccgroup.wd3.myworkdayjobs.com/NCC_Group/job/Manchester/SOC-Apprentice_R9382

this is a soc position, for which you need:
Previous education and skills:
A-Levels or equivalent in an IT or IT-related subject
Have not already completed a course in cyber security at Level 4 (HNC) or above
and no other previous cyber security experience

ncc group is a pretty nice company ive heard

also i dont really know if this allowed? so if not please let me know. i just thought it might be a nice opportunity for new people

How do I fix this please
Any idea

Hi, my name is Patrick and I am passionate about cyber security. I am currently looking for my first opportunities to gain experience as a web pentester. I have a solid theoretical and practical foundation behind me - I'm learning on my own, completing labs on TryHackMe and learning about tools like Burp Suite, Nmap or OWASP Zap.

I'm willing to work unpaid or on an internship basis - I'm keen to implement in real projects, learn and build a practical portfolio. If you have a place in the team or can recommend someone who is looking for a committed person for simple pentesting tasks - I'd be happy to apply!

Hello
Software development with python/Django, PHP/Laravel Javascript, MySQL, PostgreSQL, and Cyber security, Penetration Testing and Vulnerability Assessment experience. I want remote job or project for making money.

Is anyone here who can help? Just DM me... I'll share my resume/CV there..

Try to take a look the #jobs-board 🙂

o

Does anybody have any suggestions on landing an entry level job in cybersecurity without certifications? I have not gotten any certifications, because I am not confident I will pass (no matter how long I study). I have severe test anxiety.

Hey everyone, hope you’re all doing well.
So here’s my update — I just got my Pre-Security and Cybersecurity 101 certificates this week. I’m doing pretty good so far. I completed the offensive side and I really get it — I’m passionate about it. But when I started studying the defensive side, I felt kinda lost. Like maybe I’m missing something or just not understanding it properly.

To be honest, I’m still a beginner. I’m originally from Egypt, but I’m currently living in New York. I’ve always loved messing around with networks and systems since I was a kid. I’ve always had a thing for breaking into stuff (legally of course!) and tweaking software settings even before I got into cybersecurity.

Right now, I’m stuck between two paths — Security Analysis and Penetration Testing. I’m not sure which direction to take, especially since I’m still at the beginning. I already know the basics of Python, which I learned even before diving into cybersecurity. I was originally planning to go into AI, but now I’ve decided to focus on cybersecurity because hacking and tech always fascinated me as a kid.

What I really need right now is someone to guide me and encourage me. I also love learning with others, discussing things together so we can both learn and grow. I’d love to be part of a community where we support each other, share ideas, and even explore things outside our main field.

So yeah — I’m just looking for advice, motivation, and people to connect and interact with on this journey.

Test anxiety is a common thing among test takers. You don't want to fail, and that's a normal part of being human. Perhaps you need to change the way you're studying in order to make sure you understand the knowledge a particular resource is trying to teach. When doing anything with computers, you're going to need to try out things and see what happens when you do things. I'd suggest building a home lab. It could be a few old computers, some raspberry pis, a few virtual machines or a cloud environment, or a mix. Don't look at certification books, look at books that teach you a technology.

There are books like The Linux Command Line by William Shotts and Automate The Boring Stuff With Python that have ways to read those books for free on the web. They're a fun way to dig into the tech and actually learn it. Having a study guide to prepare for an exam based on questions and fill in the blanks is not going to teach you technology, so no wonder you've got anxiety. You need to get your hands dirty. Do walkthroughs on THM, but also do challenge rooms (even if you haven't a clue how to start, just start). Many rooms have writeups available, so read those and go through them when you're stuck. Schedule time to be at your computer doing computer work. Then, when you know how to do some things on a computer, you'll be more comfortable using that knowledge to prepare for exams.

When preparing for exams, don't just read the study guide. Watch videos about the topic, take plenty of notes (in your own words). Many people use Obsidian or CherryTree or another note taking application. Make that part of your habit. Also, read one or all of the Tribe of Hackers books. They should be fairly cheap and easy to get. Darknet Diaries podcast episode 83 has a good discussion about this collection with the author and one of the contributors
https://darknetdiaries.com/episode/83/

Thanks for the information. I have definitely been going through the rooms here and feel like I am doing somewhat OK witih things.

Gave +1 Rep to @rugged delta (current: #21 - 497)

Okay well if you want to get into cybersecurity, certifications aren't the only way. You do need to understand a lot about IT technologies and infrastructure. You need to be able to understand large volumes of information and how to juggle it sometimes, how to follow or develop processes to get things running, or return things to their normal running state; that kinda thing. Learning plenty of Linux, Windows, some Python/Bash/Powershell, it's all part of the fun on the way to true uinderstanding. You can do rooms in THM, participate in CTFs, do bug Bounties through a platform like HackerOne or Bugcrowd, etc. Beibng in cybersecurity means frequently learning new things about how the world of cybersecurity works. In fact, many people looking to work in cybersecurity will start by taking a job in tech support or IT and build up skills and knowledge in a practical way while continuing to learn their tools.

Cybersecurity is not an entry level field, and there aren't really any entry level positions, but doing things like the Learning Paths can be a great way to get you clued in. Doing the SAL1 training path is good preparation for that as a certification you should be able for withing a few months. Having junior SOC knowledge would go a long way to opening the door for you to work in the field

I defintely have the IT experience behind me. I have at least 25 years of experience in that regard. The rooms here on Try Hack Me have beeen really good. I know that my strong suit is more toward windows based thimgs, but these rooms have helped me a lot with learning Linux

That's good, keep at it. A lot of what you'll encounter is based in Windows and Linux platforms, and you'll build on those skills along the way

Hello! To everyone
There is any cyber security internship for my College

You should ask your college/course trainers/leader about the expectations for internships. A lot of colleges have arrangements with organisations close to the college. You might also be able to search for internships on sites like LinkedIn and other recruitment sites

But In my college they not arrange anything.each student itself search for their own.thats why I am asking

Can you please recommend some internship in online

You will have to search for these yourself. That's part of being in cybersecurity. You know how to do basic things on the internet, I'm assuming

Have you talked to a psychiatrist about this? I'm not huge on taking a pill for everything but this is a problem you've worked consistently on and haven't made any progress you could probably benefit from some kind of short-acting medication to help you with test taking

Are you based in the USA?

If so, what timezone?

I am currently taking medicine for ADHD...which helps me focus for the most part.

Focus is good but a lot of ADHD meds can exacerbate anxiety symptoms (according to my wife who is a PA, but I'm not involved in medecine at all so don't take anything I have to say as gospel). Whoever prescribes your ADHD meds, talk to them about your test anxiety and see if they have any suggestions for supplementary medications to help

You don't gotta grit your teeth through it, we live in the 21st century we've got options!

The other thing is see if you can get tested for reasonable accommodations, most cert vendors offer them in the same way that you can get accommodations at a college for certain diagnosed conditions.

I'm not a psychologist but as a coach I can tell you that doing yoga nidra can help you a lot with these symptoms

However do take advise of a psychologist/psychiatrist as well since they can identify your individual patterns in a better way

Learning linux is in my experience just alot of handson experience. If you have a spare device or something that can be dual booted id try finding a distro that seems nice. For a beginner id look at linux mint, ubuntu, pop os something like that and just try to set it up for daily driving and then try to daily drive it here and there. This could also be done in a virtual machine ofcourse but i like having a device a bit more personally

That and tryhackme has thought me alot about linux

I second the hands-on experience thing, but the distro you should go with depends on what you're trying to get hands-on experience with. I recommend Manjaro linux for desktop experience and to learn more about the Linux plumbing system that will transfer well over to server experience. It's arch-based but with bumper guards, which makes it easy to break a lot of things but not irreparably. Lean on LLMs to parse error messages and explain to you what they mean and give you courses of action to fix them.

Alternatively if you want a good distro to give you experience with things that will come up a lot in both Desktop and Server support, use Fedora if you want a traditional release model or SUSE Tumbleweed if you prefer a rolling-release model

However the only incorrect choice is to not use Linux at all, so pick whatever looks enticing to you. Just not Hannah Montana linux

And keep in mind that Distros are not Desktop Environments, you can learn to install any desktop environment on any distro

Can i do well in cybersec if im not good in math or logic? i think i can always do some training to improve my logic skills

In theory maybe, but I wouldn't sell yourself short, a lot of people can become competent in math if you approach it with an attitude that it's a skill like any other than can be learned to a certain extent. Certainly well enough to get into Cybersec.

I tutored math for a while and once I could dig people out of the "I'm not a math person" hole they stuck themselves they went on to graduate with Compsci and/or engineering degrees. You just have to go back far enough to find the step you missed and you have to be patient with yourself

thank you!

check out the Math Sorcerer on youtube https://www.youtube.com/watch?v=sZ60bY2pJfo and get fired up about it, then use a resource like Khan academy to get to the point where you don't understand the methods anymore, back up a few steps and start relearning in it slowly and with as much detail as you can

find old math textbooks online and do problems from units relating to the topics you need to reinforce until you can do it without having to reference videos/guides on how to solve those particular kinds of problems, then repeat. You'll get faster with each step you reinforce

@vivid thorn thanks! You got my point across a bit better.

Gave +1 Rep to @vivid thorn (current: #1849 - 2)

Like in more words etc

Dont worry about math. I have done 4 math exams and failed each and every one of them along with my classes. Yet im working in cybersec and for math you have a calculator

thanks a lot bro. I've done a IT pre-course and im struggling a bit with math/logic

Gave +1 Rep to @dusk wedge (current: #184 - 47)

so i was wondering if i would be able to do well in a cybersec course.

like im interested in it but i dont know if my skills would be enough, because i've always sucked in math at school

I think you'll be fine, you can always ask questions about whatever your doing and people will help. Have you tried some tryhackme for example?

It's a good start for cybersec but for cybersecurity you need the fundamentals

i will try it

but i was planning to do a cybersec course. Is like one for free but it should be good

like they should teach evberything from basis.

i cant really speak for the basis of IT since i got that in school but for me the basis of cybersec was pretty much just tryhackme

tryhackme does have a nice learning path "pre security" . I dont know how much of it is free

a few parts of it are free iirc but honestly if you pay for a month of tryhackme to learn more it might be worth it if its possible to do a month.

i guess the mindset for learning cybersecurity should include the fact that you should invest a bit to earn more ( basically you will invest in your future job ) and 14 dollars is not much. but that is just my 2 cents

Hello guys, hope you are doing good.
I need your advice. I hold OSCP+, PNPT, eJPT and am an ex-maths teacher. I haven't worked in the field, yet and have ve sent my resume nearly 150 companies around the world (mostly Europe), checking Linkedin/Glassdoor etc and I could only get 1.5 interviews. Except for blue team/help desk suggestions, what other suggestions do you have for me (like other fields in CS).
And also I'm thinking of doing OSWA (solving port swigger these days), would it be a definite attention catcher along with my other certs ?

Thanks in advance!

What part of the world are you located in?

Have you been applying to Europe WHILE being in Europe or remotely from somewhere else?

I live in Turkiye. in Turkiye there I'm checking every related job posting.

Oh, then here it is. If you require a VISA sponsorship, it might make things way harder.

Not every company does that.

Unless you are dual national (or more).

Sooo, what would be your suggestion to me ??

Where did you apply in Europe?

(Countries)

UK, Canada, Australia, Germany, Austria, Estonia, Belgium, US, Sweden, Italia..

There's honestly no suggestion I could give, or that anyone else could give for a matter of fact.
If your CV is solid, and it seems like you got some solid certifications like OSCP+, then it's not a skill problem. It's a VISA sponsorship problem.

I'll have to mention that for this VISA sponsorship problem, I personally know that it happens quite often in France, Belgium and Dubai. I can't talk for the rest.

The people from other countries could probably help you more with the rest, I can't talk for them.

Best bet if you're wanting to relocate is try to get a job with a multinational org, wait a bit, then see if they'll support you emigrating to another country where they have offices.

Not many orgs willing to pay visa costs for an unproven job candidate

Down pat.

I have a friend that is in the same exact same situation as yours with the exact same certifications (even a few more), and yet he can't find a job. He's even French and finds it hard, so it's overall a market problem not solely a VISA problem.

@haughty patio, have you tried France? Are you looking solely for Off Sec?

If you have a master's degree, there are a few big companies I could refer you to. Got a lot of HR friends there.

What do you mean by "looking solely for OffSec" ?

Are you only looking for offensive security jobs?

Well, obviously checking for the possibilities.

Ah, then I can't help you. It's pretty dead here.

I don't have a master's degree, either.

Good news is that you don't need it in most countries.

been following this conversation. im from Zimbabwe Africa. what can you help with

Sorry, I don't know anyone there.

hie how are you. your story is just like mine. im from Zimbabwe. i love hacking and stuff and im willing to learn. kindly assist me please please please