#cyber-and-careers

If this is what companies require for junior position I am afraid to even ask who someone need to be at senior position. Probably a conqueror of entire galaxies 😉

if you would like, DM me your résumé and I can take a look. I do résumé reviews and cyber security job talks at hacker conferences and some of the universities around here. I’m happy to take a look.

If you would be so kind then sure. I will just remove sensitive information's from it if you do not mind and DM you later. I am always open for constructive criticism and tips.

It really depends on the company

Anyone with a career in cybersec in south of france willing to talk about getting a job ? I kinda struggle recently to get at least HR meetings and would like some feedbacks on my cv

It could be the way the resume is framed. Early in my career I had titles like “Systems Administrator“, “Network Engineer “, “Cloud Architect “. But a lot of my job duties included security tasks like network scanning, vulnerability management and patching, internal pentest, GRC / audits. So, even though my title didn’t say security, I made sure to tailor my resumes towards security so that I could start getting cybersecurity titles/positions (even though i’m doing a lot of the same type of work I’ve always done).

I've sent you DM.

Administration experience? What did that job entail and how long did you do it for?

what kind of cyber sec jobs are you aiming for?

Hi everyone, Vin here! I have a question similar to what "DADDY" asked. I'm new to Cybersecurity and I’m wondering — are there any platforms where I can do hands-on projects? Or should I just stick to the pathway created in TryHackMe for now?
Would love to hear your suggestions!

Stick with THM roadmap for the beginning 🙂

Sure Thank you

Gave +1 Rep to @keen tundra (current: #1 - 4733)

can i ask how much u get paid im about to do the same job?

is it okay if i dm you @jolly knoll

yes pls

dm me

Well, there's one question: if the university teaches CEH and OSCP in cybersecurity offensive, or not? If not, then why are we attending university, we can just go for the certificate straight away?

We attend it to gain connections, have fun and last bits of freedom before our life will get dark and miserable 😉

Oh and for a scrap of paper that a lot of companies actually require from people, even if they state otherwise.

hello i am new i would like some help i am a second year uni and to be honest i got zero knowledge and no real hand to hand practices and clearly its my fault so i am kind lost big time lost i made a road map i would like you guys to review it and check and help me in my journey if you guys don't mind and i got a big passion to learn from you guys

would it be possible to maybe add it as a screenshot or something

Will do right now

Do you have Comptia A+

No

I would go A+ -> Network+ -> Security+

You need to understand how things work before you start securing them - CPU registers, packet routing, encapsulation, Vlans, kernels, containers, etc

yup, have fun learning shellcode :3

Can anyone give me a roadmap to start cybersecurity if I have zero knowledge in programming what i have to learn
Please step by step guide

I would skip A+, but people have different opinions

you also might want take linux+ after security+ but before jumping into more advanced certs

i feel like that would make a little more sense

everything else seems solid just make sure you are doing hands on learning, build a homelab or something

https://www.udemy.com/course/the-complete-hands-on-cybersecurity-analyst-course/learn/lecture/45827571#overview

in no way am i associated with that course, but i would highly reccomend it...it was very good learning experience that was a little more hands on

hi is there anyone studying cyber sec in Perth Australia?

You can follow this roadmap 🙂
https://tryhackme.com/hacktivities

Hey everyone! 🙌 I’m looking for a cybersecurity internship to build more real-world experience. If you know of any openings or can point me in the right direction, I’d really appreciate it! 💻🔒

Country/Region/State? Current experience (even if not professionally)?

Thanks for asking! 🙌
I'm based in Delhi NCR, India.
Currently, I have hands-on experience through platforms like TryHackMe and Hack The Box, where I've completed practical labs in penetration testing, SOC analysis, and network traffic analysis.
I've also worked on real-world projects during an internship at Logix Soft-Tel, focusing on vulnerability assessments and network audits.
While I haven't held a full-time professional role yet, I have strong practical training and certifications like CompTIA Security+ and ISRO-IIRS Cybersecurity Training

Gave +1 Rep to @torn plume (current: #972 - 5)

hi broo same

Sorry, don't have any contacts in India, but it was worth listing in case others might know someone.

By any chance, do you know if there are any remote internship opportunities available? I’m open to working with international teams as well and would love to contribute remotely.

I will keep my eye out. Most of the companies I currently work with are all based in the US and internships are local. But I do have global contacts on LinkedIn, so I'll keep a watch

thank you soo much, I really appreciate your support

Gave +1 Rep to @torn plume (current: #848 - 6)

Hey sorry to just plug myself in here but are you aware of anything in the SoCal area ? I have 2 years of IT experience with a few certs and working on a bachelors atm

Not at the moment but will make a note in case I see anything.

It’s been decades since I started my career (we were still using dial up modems back then ☹️ ), so not sure if small IT companies are still a thing, but if you can find one, it’s a great way kick start your career. but, you have to sell the services you want to do. So a company pays you to come in and set their active directory. While you are there look for ways to offer additional services like scripts to parsing log or automate some security features or reports. when you work for bigger companies the opportunities are limited because somebody else’s already doing it.

I’m already in IT thankfully so at the moment I’m just working on upskilling. Do want to eventually end up in security but lately am enjoying working with networks a bit. I appreciate you taking note of it tho!

Take every opportunity to do some cybersecurity work - vulnerability management and patching, writing some automation, firewall configurations, etc. It's a lot easier to make a move into cybersecurity if you can show that you've been doing it all along, even when your title doesn't reflect it. What are your current job duties?

Mainly answering calls and emails with people needing assistance with their computers or phones

I kinda manage the whole account creation and deactivation of ppl coming into the company so I’m dealing with AD a lot of the time and permissions

Little bit of work in azure with remote workers. Enrolling them into the azure AD and laptops in Intune

Lately been working on some basic switch stuff like upgrading firmware and recently helping swap out some switches

I’m sure there’s more but I feel like the rest of what I do really falls into what a helpdesk position would do

If you are already working in Azure & Intune, start reading up on Identity Access Management (IAM)

If you are onboarding & off boarding people, also start looking at ways to automate the process

IAM engineering is a good transition from what you are doing into cybersecurity

Will definitely look into this thank you. I was not aware of this position

Gave +1 Rep to @torn plume (current: #758 - 7)

Not sure how big your company is, but you might be able to reach out to some IAM companies just to see to see what enterprise IAM products look like. Probably best to get approval from your boss, but if they're cool with it, check out companies like Ping, Okta, and Sailpoint.

Also look into Just In Time management (JIT) and Privileged Access Management (PAM). Entra (used to be Azure AD) can do both.

That’s the roadmap I’m following. I feel I’m learning a lot and the labs are awesome. Did you used it before? Did it open job opportunities for you?

dont wait to do overthewire - imo it should be mandatory to complete before you ask any *nix related questions 😆

Did I use it - yes
Did it open job opportunities just by itself - no 🙂

I appreciate your advice

All of you thank you I might avoid A+ because I belive me taking security+ might teach me a lot that covered in A+ is that right or am I wrong

Not really. You will learn some of the domains covered in A+ when prepping for sec+ but definititely not all. Take a look at the exam objectives & domains for each one as an example.

I think people tend to take A+ as a precursor to gain understanding of fundamentals but it's not required of course.

I am aiming to become a penetration tester. I’ve finished Jr Penetration Tester, Web Fundamentals, Cyber security 101 and Pre security on TryHackMe. Should I go for Web App Pentesting next (as per Cyber Security Learning Roadmap) or Offensive Pentesting (as per Tryhackme's Penetration Tester Learning Guide)?

Complete Web Fundamentals first then move to Web App Pentesting 🙂

Okay, thanks! 🙂

Gave +1 Rep to @keen tundra (current: #1 - 4746)

Do you know any sources or websites that can help me study let’s say I can’t take A+ is there any possible sources to learn the fundamentals that can get me good

Professor Messer has some good follow along guides on Youtube for A+, Sec+, and Net+

Sure. There are various ways to approach it. You could look at the exam objectives above and compile notes based on them or just use some of the well known instructors that will walk you through everything step by step.
Professor Messer has a series on yt that's free like the guy said above.
I also recommend checking out Jason Dion. He has stuff on udemy and his practice tests are super helpful.

take notes whatever you do and be prepared to look at them over and over again.

thank you so much

btw if you have a decent understanding of the fundamentals of IT, you are fine going directly for sec+ imo. you could always take a few sec+ practice tests to see what you'll be exposed to then make a more informed decision 🙂

i mean i will watch what you guys recommend me and read a book about A+ when i am ready like i have good understanding fundemtal of IT then i can go sec+ right

CySA or SAL1 first?

CYSA has a bit more use currently than the SAL1

SAL1 isn't recognized as an industry standard yet.

CySA is the more recognized certificate currently, but the SAL1 path on THM will actually get you the experience you need to know how to use the common blue team tools. CySA is a lot of theory work (know what you are talking about)
Sal1 is a lot of on hands work
(Know what you are doing)

Thank you!

If I have Sec+, is it worth getting CySA too?

Guys, I’ve been in cyber for 6 months now, my position is Account security analyst. Can someone help me with a little guidance regarding the career path? It’s ok to go SOC level 1 analyst, or there are any other path I could choose? I am a bit confused. And also how much of tryhackme career paths help, can I have success on a interview if I study from them?

What are your current job duties?

Resolving incidents regarding Account take overs, mostly from phishing emails or texts. I do use a SIEM tool to look for any suspicious IPs or any other IOCs that would demonstrate an account take over. And some other tools that helps me in gathering info about the victim in order to make a decision.

that should be an easy transition into SOC work. You could also check out IAM engineer jobs.
In regards to your question about interviews - only interviewing will help you become better at interviews. I recommend find a local meetup group for IT professionals and ask someone if they will review your resume and do some mock interviews with you. Also see if there are any local hacker conferences (B-sides for instance).

It really depends on what you want to do for work. The sec+ meets DoD requirements, the CySA is encouraged for further knowledge.

Ok, got it. Thanks for the info!

Gave +1 Rep to @torn plume (current: #698 - 8)

Hey guys. I'm very interested in starting a career in cyber security. But I'm a little unsure on where to start.

@fleet tiger Bro just complete learning paths on tryhackme. Gain the basic knowledge, earn certificates after path completion and refer youtube for interview questions for CyberSecurity & last but not the least,. try to find job in cyber.

@sudden lodge sounds so simple when it's put like that lol. Alright im going to start on completing try hack me paths

@fleet tiger All the best for the journey 🙂

I believe there's also a little quiz on tryhackme that can help you figure out which route you would like more. Https://tryhackme.com/careers/quiz

@wild wagon thanks, I'm going to try that out as well. But from what ik so far I'm leaning towards the blue team

Gave +1 Rep to @wild wagon (current: #1865 - 2)

That's the path I first went as well. A couple of challenging spots but don't give up, remain consistent. Plenty of people here to help you through any confusion.

is it worth taking CISSP and getting the Associate of ISC2? I heard you can't list CISSP on your resume, i am able to substitute one year of experience from my school/cert and i have two years of experience from my internships that fall under the domains

so i would only need two more years

@wild wagon thanks for that. Imma do my best.

Gave +1 Rep to @wild wagon (current: #1411 - 3)

Hey

Can anyone tell me how to create a virus for phone through link or opening a pdf like

That would be illegal

i wanna switch my job as soon as ( doing job as IT admin in school but doing copying checking of students as doing over time )
job is not for me
how can i start learning skill for freelance
and which things chances are high
like vurnability assessment or bug bounty
or anything else
in cyber security

Hey I am new and have a passion for tech, but I am new and have no experience where do I start?

Also I know a lot of the paths require a sub, which I can't afford, so how do other people get past this obstacle?

#start-here is a good place to start

Virtual Machine. What type of computer are you running (laptop/desktop, Operating System)?

Oh yeah I have Virtualbox installed and I set up windows 10 and started active directory on it

Install a copy of Linux on virtual box. Most people will recommend Kali. However, I’ve run into compatibility problems with some software. So I usually grab a mainstream distro like Ubuntu. Once your OS is running, you can use VPN to connect to the tryhackme boxes. I will say, when you can afford it, the sub is worth the money for speed alone. Running scans across the internet vs on the local subnet is a world of difference.

got it thanks

hi i am new i am doing cyber security certificate in coursera but i want to learn more any suggestion i want to do some labs an stuff to learn more

Anyone massage me dm

why, whatsup? @warm hinge im sure we can help you here

I want to learn hacking as beginner

Hi Guys Need some help!!!

I'm a fresh post grad. currently working towards a career in VAPT (Pretty hard to land a job rn 😦 ). and I already have the CEH certification. I'm considering going for the eJPT by INE next, and I wanted to get your thoughts do you think it's a good next step in terms of skills and industry value?.
P.S. I’d love to go for the OSCP eventually, but it's currently out of my budget.

#start-here

It's not a great use of your time and resources to go for a cert like eJPT (or TCM's PJPT, for that matter). You'll be covering plenty of theory about pentesting, but the exam is basically about firing standard tools like nmap, metasploit and burp at a handful of simple targets. If you want a good practical test, yes OSCP is still considered the standard junior pentesting cert, but other offerings like CRTO, CRTP/CRTE, CPTS, etc., are high quality and reasonably priced certs on the market.

It is really hard to land a job as a junior pentester and you might want to pad your cv/resume with things like a blog, writeups, CTFs, attend meetups/conferences, network with people on LinkedIn, etc.

Thanks so much for the detailed advice. I really appreciate you taking the time to respond.
Your perspective on alternative certs like CRTO and CPTS makes a lot of sense. I’ll definitely research those options in more depth, and start working on blogging and CTF write-ups to bolster my resume.

Gave +1 Rep to @rugged delta (current: #21 - 499)

Good stuff. Every activity you engage with can help, be it a point for your cv or something to discuss in an interview. Most people looking to go into pentesting start from an IT/programming/tech support position and work towards it. Pentesting is a highly competitive area, and your knowledge of other IT skills will help you progress further. Many hr departments recognise the OSCP, but it's not necessarily going to be enough these days. The other certs, while not always recognised by HR, are getting recognition by many pentesting teams as meeting a certain standard, though it's likely you'll have to do the OSCP at some point. With the price of it now, it's more in the realm of an employer to pay for it, which is why the other options are good for your own knowledge/skills.

as @rugged delta said, pentesting is highly competitive. That's because most companies don't hire pentesters. They hire a pentesting company to either do regular audits (like quarterly) or end of the year audits due to compliance requirements. It is a lot easier getting a job as a blue teamer that can pentest their own environment, than a getting a full time job as a red teamer. The offense only has to be right once. The defense has to be right all the time. Therefore, companies need lots of defense, all the time.

How to delete a name from a number and all information

Not sure we offer help with that here.

Probably just send an email to the app that has this kind of info to ask for your information to be removed.

🤝

Hello all

I wanna switch my job to penetration testing so do you all think CEH and other certifications do matter or skills are more important?

Certifications and skills both matter. CEH is a very bad cert. Unless you are in india, don't do it.

I think it also works in the US for some gov positions but overall it's a bad cert.

Okay then can you suggest something for beginners starting in hacking? Got experience with only SAST and DAST and that's not helping the career.

Also have ISC2 CC as of now

Request it to be deleted, good luck however.

If it's on the internet, it will stay there.

Hey guys I passed my net and sec plus exams a year ago and have struggled to even get an interview. Been applying like crazy and also tailoring my resume but still no luck. Have taken a couple Udemy courses on AI and GRC and working on my ISO 27001 currently. Would love any tips or advice on how to better stand out for GRC roles

Are the certifications all you have? Do you have a degree or prior professional experience in the computer industry? ie in IT?

What positions are you applying for?

Majority in talent acquisition but I also currently am in an onboarding support role with creating and monitoring tickets, tier 1-support etc.

have you gone to conferences or meetups?

I got that advice from both the ciso im interning for now and others online

supposedly thats one of the best ways to future proof a position

I’ve been applying to multiple roles like SOC, cybersecurity analyst, cloud, etc. but am now more focused on GRC

I have tried a virtual ones but I am looking into seeing if there are any weekly to monthly meetups around ATL

Any experience in general IT or dev roles?

I do not unfortunately

thats good, justs lookup georgia or "atlanta security"

That is where you need to start.

and there should be some linkedin groups

@burnt knot

usually these groups have meetups

It’s going to be hard to convince someone to hire you directly into a cybersecurity role when someone, who’s been troubleshooting technology for a year or 2 at a helpdesk, is also looking to move into cybersecurity.

We are also forgetting about the sys admins, nocs, etc

its really competitive networking is probally your best way, i work with people who didnt even have help desk experience or really the degree fall on to our team

anythings possible

Yea, networking helps as well. But in general, I have a bunch of resumes dropped on my desk, and most jr level people I hire have either worked as devs, in help desk, jr Sys Admins, or NOCs

I rarely hire anyone into a cybersecurity position that doesn't have previous technical experience that they have built on.

There's a hacker conference in Durham, NC May 16-18th; not far from Atl. Great conference, good for networking, and a cybersecurity career village (talks, resume reviews, mock interviews, etc).

These are all awesome! Thank you I joined them

Gave +1 Rep to @vapid kiln (current: #1136 - 4)

Thank you for this information! I’m definitely going to try and sign up. Appreciate the transparency. Hopefully can try and land a help desk or support role but even those seem to be wanting experience

I decided to document my whole journey on GitHub as I want to change careers. This in first place is for me to check my knowledge and to see areas where I need to put more work. In second place I was thinking that if I keep going with it for a longer period of time and don't give up this might be a potential good "portfolio" to my CV. Can anyone confirm here if my reasoning is correct and I should pursuit this path? I just want to see if this is not waste of time.

MY GH: https://github.com/rotni96

If you are planning to share this repo with potential employers, I'd change your username.

yeah this is something I will change for sure!

Not trying to be a jerk, but seriously, I've seen some resumes with email addresses like cooldude420@yahoo.com. Those go right in the "nope" pile.

As someone who regularly screens resumes I couldn't care less about the email you use as long as it is not profane, probably better to err on the side of caution I suppose

GRC is a pretty specialized role in cyber, definitely not something I would try applying to without experience, stick to more traditional entry level roles across IT and cyber

Not at all I know I need to change the username but my question wasn't related to that but thanks for pointing it out. I will change it soon.

Gave +1 Rep to @torn plume (current: #643 - 9)

Any advice on which cert I should do, currently working on PenTest+

I would also be careful about doxxing yourself through your github repo username.

why is that?

Do you normally hand out personal information to large groups of strangers?

Probably not that's why I changed it hehe, thanks!

Gave +1 Rep to @flat sedge (current: #11 - 835)

I’ve been looking at PI 🕵️ and cyber. In the uk you don’t need a licence apparently but you can’t get any of the fancy software unless you have links to the police eg. Kinda frustrating. Looking for input

I guess what's your question? My question to you is why would I hire you as a PI if you don't have a license?

I’m not sure they’re even a thing over here

I’ve read a few books and articles and some people don’t start off as an officer

They sometimes start off on small cases and just build a network from there.

Getting the Sec+ soon as my first cert wanting to eventually pursue a career in penetration testing, any guidance to achieve my goal would be appreciated!

Hi

I need A private tuttor for email penetration tetesting and red team

Ok

Ethical Hacking in General

Hello everyone,

I’m currently looking for a tutor or mentor who can help me improve my skills in email penetration testing, phishing techniques (for ethical purposes), and general ethical hacking. I'm serious about learning and would appreciate guidance, whether it's through private sessions or structured lessons.

If anyone is offering tutoring or can point me in the right direction, please DM me. Thank you!

guidance on passing sec+? invest in a good training course and take practice tests. jason dion has a really good one on udemy. if you're low on funds, professor messer has a free extensive training course on yt. cheers.

there are also flash card sets people have made online that quiz you on common terminology. i found those helpful. quizlet i think is the site

What do you mean "email penetration testing"?

I believe he means the phishing emails

Does he now?

What gives you that impression?

does a cert like this exist?

• certify an individual, like me personally
• on compliance frameworks like ISO 27001, SOC 2, ISO 9001, GAMP 5, FDA 21 CFR Part 11, ALCOA+, BS 10008

Basically a cert that says i am a nerd and can rattle off random compliance framework fact from the top of my head

Sounds like it is on the CISM level. Impressive list of compliance though. 😄

Yes. Look at Auditor-focused certs, most frameworks have a cert specific to them that focuses on training how to audit for that framework.

i just took every compliance framework that was in job apps i wanted to apply for

Prompt engineering for Jobs. 😄

Thats called AppSec

DevSecOps

or DevSecOps

or AppSec

🤣

LOL

Yes, I'm a Cloud Security Engineer, but have a background in AppSec, DevSecOps, and Vulnerability Management

but certain people on dev or sec teams might be responsible for secure code review

if your interested in app sec, alot of people start in swe

Usually the primary Security Team lays out policies and procedures and DevSecOps provides the automation and day-to-day interaction with the app team

I review the alerts and dashboards in CNAPP tools (Wiz, Orca, etc) to find configuration vulnerabilities within the cloud or application vulnerabilites (usually 3rd party libraries). I then determine if those pose a serious threat (verify findings). I write code to pull data into various reports by hitting APIs in various tools - CNAPPS, Vulnerability Management tools (crowdstrike, Tenable), source control (GitHub), etc. I connect the CNAPP tools into the source control system so that when a user creates a PR, I can track vulnerabilities through a product life cycle: the PR -> main branch -> build process -> container repository -> deployment pipeline -> kubernetes cluster (run-time).

oh, and I write a lot of reports

Yep, all of those. If it's non-intrusive, like a Database allowing user/pass auth over the public internet, I just check to see if I can connect to it. If so, I get with the dev or ops team to see why they are allowing any/any traffic to the database. If it's a new vuln that has come out, let's say for an app running in a k8s cluster, I test it in a lab environment (a cloud account I have built specifically for testing).

For most of them, I just allow the tool to provide details and pass it along to whoever is responsible. I don't have time to track down a bunch of accounts that are showing old & unused or enterprise app accounts that have been over provisioned. If someone pushes, I can see if I can access an asset and then use the overprovisioned account for lateral movement, but usually that stuff just needs to be dealt with and no need for me to duplicate.

If I build an application and need to run it in Azure, I usually have to create a service account (an account that isn't tied to a person, but tied to an application or service). Usually when people create these accounts, they aren't sure what kind of privileges it should have (Read GraphQL database, Write GraphQL database, Read from storage, write to storage, delete from storage, create users, delete users, read users, etc). So they usually set the account to have more privileges that it needs - mostly because when things don't work in an app "fuck it, give it all the privileges" is usually the go to answer. However, this is a security risk. So if I have an app that should only read data from a storage bucket, giving it write data is bad - a threat actor could exploit the app and have it write data. So Cloud-Native Application Protection Platform (CNAPP) tools check to see what type of calls the app is making to cloud assets and compares it to the permissions it has been given. If it has been given more permissions that it is using, an alert will let you know.

@crude sphinx I sent a message to you via email for a week now but I am yet to get a reply from you. I was enquiring to know how I will subscribe to your business plan for my students.

you just @'d a bot that can't reply or read messages btw. also wrong channel, see #site-support

So I got the Sec+ and I'm starting the TryHackMe Soc Level 1. Putting the THM Soc Certificate, what are the best hands on beginner SOC certificates. I've been looking at Blue Team Level 1. Are there any better/more hands on?

Thank you

Gave +1 Rep to @rugged sable (current: #84 - 95)

If you don't already have an IT background start there - otherwise follow the THM paths and start building out some lab environments with a focus on AD networks

from a hiring perspective, outside of GIAC and CompTIA, theres not really blue-team focused certs that many people care about - I suggest labs because a deep understanding there will translate to you being more prepared in interviews and generally more coherent

Hello Everyone , I am new here 🙂

Hello , welcome 👋 🙂

Is there any free pathways you would recommend? I want to learn the basics of cybersecurity and pen testing

Go here and select free roadmap 🙂
https://tryhackme.com/hacktivities

@torn plume you are doing job??

Yes. I work for a company doing primarily cloud security and security automation. I also work with people doing AppSec and Vuln Management

oh so can you tell me that

i am beginner in cyber sec

so how can a company will hire me

and they hire me permanently or partly when they need

Starting out as entry level IT. This will give you access to learning software and hardware troubleshooting, access management, and provide an opportunity to doing some programming (automation).

ohkkkk

Use the tryhackme rooms to learn windows, networking, and linux. Study for A+ for more information regarding software, hardware, cloud, and basic networking.

ohkk thank you another queation

how company will hire me

means they will pay annually or when they need me

In the US, you would create a resume and look for a local computer company. The resume should have any certifications, school, and experince you have.

i am from india

like a have doubt

I had teams in India that I worked closely with when I worked for global companies, but I didn't handle any of the hiring, so I'm not sure.

ohh but i want job in us

its my drem

dream

Most of the people that I've worked with that were from India were mid or senior level developers or security engineers. I believe most worked for companies that contacted to US companies and were approved to come to the US on a work visa.

But they had years of experienced and usually graduated with college degrees in computer science

ohh

i am confused that what type of company will hire me like a cyber security company or other company

what type of company you are doing for

In the US, my recommendation is to find a small to medium size company that needs a junior IT person to work in the help desk. But I don't know if it is the same in India

ohh how many years exprience you have

almost 30

whaattttttttt wooowww what is your pakage

if you are comfertable

I love my job and good pay

ohh that ohk

any advice i am just a beginner

Study for A+ and use tryhackme to learn windows, linux, and networking basics.

oohkk thank you for giving time

I am 18 years old. My goal is to get into cybersecurity (blue team). I have been learning Linux and networking for a while. I am out of my high school. My parents have strictly given me 1.5 years for whatever I have to do. If I am able to land a reputed job within the given time frame they'll leave me on my own else they'll make me do something I don't like. Someone said me beginning your career as sys admin is a good path. I cannot give RHCSA or any other certification because I don't have money as of now and parents won't give me too. They won't even allow me to do menial jobs. Could you tell me a path.

Are you in the US?

Can someone provide where to apply entry level jobs and internships

Country?

USA

Oh then IDK what platforms you guys use. Probably Indeed/LinkedIn?

Both

Has anyone here gotten a job in pentesting without a degree, or deal with hiring for pentesting positions? I have a couple questions i'd like to ask.

Hoping for any advice.

I’m thinking pretty far ahead, because I haven’t yet begun the 2-year network and sysadmin program I am planning to enter (hopefully this fall), so that I can work in IT as a path to cyber.

I assume that from basic IT I might find a path to SOC, doing blue teaming, since that’s what many do.

I am assuming I eventually want to do something like red teaming, but I’m not sure yet.

I don’t know if I want to do vulnerability research, pentesting, network security, cloud security, application security, reverse engineering…no idea which specialty will attract me. I expect that doing try hack me (I haven’t started that yet) will give me a great overview. Did I leave out any potential specialties you know of?

Can I get some pointers about how to get a feel for what I might actually want to do long term? I already know that due to the market and my inability to finance anything more than a 2-year degree, I most likely will need to follow a path in the job market like I outlined above, instead of expecting to dive in to my long term goals directly. Are there YouTube videos you like about types of security work and what they entail? Have you been successful approaching people for informational interviews? Have you done projects related to your long term job goals at some point before you had access to a hiring situation? How did you decide on your projects? Did you work alone, or on a team? Did you make a portfolio? Anyone have experiences finding free or low cost networking opportunities?

Some things I have thought of doing to get started are joining groups via LinkedIn, and reading the tribe of hackers books. And of course doing tryhackme.

I’m in the United States, and I attend 2600 meetings. I am studying a+ stuff and python, and reading “hacking, the art of exploitation” by Jon Erickson.

Thanks for reading!

India brother

okay

Passed my Pentest+ (pt-003) yesterday. Used some of THM's Pentest+ path to practice some tools that I was less experienced with.

Congrats , great job 🙂 🚀

thats awesome. congratulations

Wtg

Hello, I am a beginner in cybersecurity, and I want to become a pentester. I am preparing for the OSCP exam and enjoying the learning process. Can you tell me more about the job market and what additional skills I need to secure a good job with a competitive salary and also i want learn more give me some good advice. From Bangladesh ,Thank you.

I'm from bd too.
Hey 👋

It’s great to see fellow cybersecurity enthusiasts from Bangladesh

Is there any certifications that are available/recommend to underage people in the US? I am already working on my associates degree, and just want anything to help fill up a resume.

Are you close to 18 years old?

strictly speaking there aren't "age requirements for the COMPTIA exams, but if you are under 17 you will need a parent or guardian to sign off on the forms. Not sure about BTL1 exams but it really depends on what direction you wanna go in. @raven birch

Unfortunately no i am not

I was thinking of doing one like ITF to start off, would that be a decent starting point?

Also i was hoping to work cybersecurity in red team area

I’m from India and planning to become a SOC Analyst. I have a non-tech background + career gap. I joined a 2-month SOC course and want to know: Can I get an entry-level SOC job in India with this path? Would appreciate any advice or similar stories 🙏

Buy some genuine course which helps you with theory based on any online platform and on the other hand practise with Tryhackme & Hackthebox that will be enough as a beginner

Disagree, and I also don't agree with telling people to go buy courses with their hard earned money.

I would go to your area's preferred job board and see what employers around you are looking for in the role. I would presume they would want you to have some level of professional experience, so I would look at getting an IT role, ie Helpdesk.

Is it true if we are blueteam we have to be prepared to go to office in the middle of the night as first responder to a cyber attack???

It depends on the company as well right??? If I they only have 1 blueteam, then we have to strap on

Guys, how do I start on bug bounty? I have basic knowledge on scanning ports with Nmap and youtube said that Hackerone and popular bug bounty websited usually gets easy bug swooped by expert hackers.

hey, check out #bug-bounty and the specifically the pinned messages. there is some useful info.

Check out Web Fundamentals and Web App Pentesting paths on THM. Burp's Web Security Academy is also a great resource for starting 🙂

Hei Guys

Hi guys 😀

what's up everyone

Really depends on your position, the incident, if your on call. Lets say you are an incident responder who is on call then you could be but as a soc analyst i think it would be less likely

I havent had it happen yet

In my country (not everyone), 1 jobdesk tend to be filled by 1 person in a broad term, extreme case would be someone who works in IT could be handling frontend, backend, UI/UX, security, dev, or in extreme case, digital marketer 💀

Hello everyone
How are you all?
I am a Full stack web dev and now I am starting my Cyber Security journey can anyone plz help what should I start first ?

Check out this article #start-here 🙂

Hey

Anyone is hare ?

Sick name

What’s wrong with full stack development that you are switching to cs?

hey, how true is it that we have to be a citizen of US to get a job in SOC?

I mean, to get a job in a SOC in literally any other country on the planet? Completely untrue.

Need some1 to dump a forex related db for me msg me paying well

Not sure if this goes in here on in General, but has anybody started a cybersecurity department within their workplace since beginning THM? How did you go about it, and what resources did you rely on to make it happen? (I work at a non-profit that doesn’t even have an IT department, me and one coworker kind of just handle things as they come up and recently I presented the idea of starting an IT/Cybersecurity department and it looks likely)

What's the size / nature of the organisation, and do you have any previous experience with security design / architecture?

As in, in practice. Not on a CTF platform.

Church and school so lots of kids with access to internet who don’t know what they’re doing. And no real-life architecture experience.

Is the school not handled by your local district?

Non-profit private school, so no.

Okay. How are the "lots of kids with access to the internet who don't know what they're doing" handled just now?

What does the infrastructure look like?

To do what?

@echo off
shutdown /t 0 /s

Ah, you'll need @broken idol for that one

I have just the script you need.

We just had a company segment our network so they have separate IP’s and slightly more restrictions on their network, but we’ve been running the school for 7 years and we segmented last week. So you can see why we need to start putting some effort into this.

:hammer: joonseojunseojunrui#0 has been banned.

Okay, so you've got a segmented network. Do you have an asset inventory? Do you know how the infrastructure and network topology look just now? What security controls are already in place?

Didn't have you down as a troll

Nice. The ol' kick-ban.sh

They asked for a script 🤷‍♂️
Also, really?

You realise I'm the guy who setup a telnet rickroll, right?

They asked for a script without context.

I know, it is really funny

I'd have done the same. If I wasn't a moderator.

If it helps, I did the same when I was the community manager

My coworker is working on an asset inventory, and he manages our network, so he has a good grasp on that, but he has no experience in security. Basically our only security control is a firewall.

So nothing

A firewall, singular?
What kind? Where is it positioned?

The point of this btw is that there are a lot of things you need to consider with this kinda thing.

Priorities in my head would be:

1. Inventory -- figure out exactly what you have, and what it's doing.
2. Risk register -- what do you need to protect against?
3. Plan, Implement, & Document
4. IR strategy

Also, what are you using for identity management (email, laptops, servers, etc)

local AD, Google Workspace, ...

Uh, those are assets mate

Although yes, IAM should be coming under the security controls

Identity management is not assets. Users and service accounts are assets.

Laptops, servers, etc, are assets

Yes, I meant, how are they logging into those things

A laptop isn't an identity?

It's still an asset.

This is a school / church, so you're unlikely to be hosting anything publicly, right? Worst case scenario you're looking at a website for the org?

For sure, there’s a million things to consider. I guess with THM I’m learning how to use a bunch of tools, but not where to actually find them. Like when I good SEIM systems, I get like 3 options. So I’m wondering if there’s any good reference for tools and such that I should research as well.

Ftr, I would strongly advise getting a security architect onboard with this if you can. CISSP would be the certification to look out for there.
This is a big task you're taking on. Small org doesn't need to be nearly as tight as a bigger target, as you've already found, but it's still very easy to mess up.

And yeah, a few websites, but a CRM system with info for 9,000 people

Yeah, a SOC would be overkill for this

Riiiiiight, okay, not sure about data protection laws where you are, but I would definitely contract a professional if you're hosting that on premises

And by "info", does that include PII?

Yeah, it’s more that stuff that I’m interested in protecting. Not that I want my website defaced, but it’s people’s info I care about

Fwiw, if I was building this, off the top of my head I would be looking at probably four distinct segments:

1. Control plane
2. Office / administrative stuff
3. Students
4. DMZ

Each of those have different security requirements. For example, with the user estates (students + staff) you're most interested in DLP, malware / SE protection, and web filtering.

DMZ is more traditional network filtering, etc.

Even if it's hosted in the cloud or a SaaS platform, it might require adherence certain compliance regulations.

Aye, that is also true, but at that point it's less of a technical problem and more of a compliance problem.

If it's saas then it's up to the provider to protect their product

TLDR: This is bigger than some skills you will learn on tryhackme

Absolutely agreed ^^^

For sure, that’s why I wanted to know if anyone else had done this. I definitely need more resources

You need a security architect

Mostly. They still might have to call it out specifically if they have a SOC2 obligation.

That's American. Not my area of expertise, so I'll trust ya

This is the type of thing that I would have done as a major, months long project when I worked at a MSP (manage service provider)

On which note, that's probably the cheapest option here. Find a local MSP and ask them for a quote

You need someone with loads of experience to come in, evaluate everything that @undone shore mentioned (inventory, strategy, etc), write up a bunch of documentation and start implementing policies and procedures (both business and technical)

If you do want to build the capability in house then you're much better off employing someone with prior xp building these programmes out. This is not a small undertaking, especially with PII involved

Prison time speed run

Precisely, yeah

You are better off just asking "has anyone started a cybersecurity org" - the starting THM bit is largely irrelevant.

That said, the security requirements will largely come from the business unit, not the technical side.

This would be a very expensive person, just fyi.

Also true

CISSP and 10+ years of multi-domain experience. GRC is going to be hugely important to set up controls that make sense

vCISO programs are also an option, although the good ones (palo alto comes to mind) are not cheap

Apparently our network solutions company offers security solutions including a pentest team that can chart vulnerabilities. I would just prefer that we have someone who can manage inhouse instead of just trusting g they’re taking care of everything.

good option (vCISO)

That is going to be expensive, either way. The point of outsourcing is to transfer as much risk as possible, as cheaply as possible.

Just bear in mind you'll need to pay for that, and it will be expensive

Big orgs do that because it works out cheaper at their scale

Smaller orgs tend not to

If you don't have documentation and procedures to already answer the questions you have, you don't need a pentest

Yep. It's very similar to cloud. There is a sweet spot where cloud makes sense for very large and very small companies, it's similar to in-house vs outsourced security

Or rather, you might need a pentest, but it will be absolutely useless practically

although the bigger companies tend to both outsource some functions and keep others in house

If you don't have sane change management practices, a pentest is basically useless

No point in having someone come in and tell you that everything is insecure 🤷‍♂️

argument can be made about how pentest provides visibility, but i disagree that it's useful. If no CM, no one can take reasonable and justifiable action as to what was remediated vs risk accepted

Also that

Cool, well this has been helpful in an entirely different way than I was expecting, and I will be reaching out to see if I can get a quote from their security solutions team. Eventually I will see about building our in-house team, but I definitely want something up and running sooner than later.

Thanks all

Good luck! 🙂

If you are junior to security, definitely make the point that you don't know enough to know what is sane., especially if htere are legal requirements for what data the environment handles

“You’re right as someone still junior in security, I want to be transparent about the limits of my current knowledge, especially around legal and compliance requirements. I’m eager to learn more and happy to work with others who have deeper experience to ensure we make informed and responsible decisions.”

Hello, guys who can give me roadmap to penetration tester junior

@stoic cave hey yesterday I was being told by a community mentor that getting the comp tia trifecta isn’t necessary to get a job, and that A+ is useless. Thoughts on this ?

I’ve pivoted my focus from sec + to A+ w the goal of getting the trifecta to be better prepared for an entry lvl IT position. But reading this type of stuff makes me wonder if it’s another waste of time.

You can follow this one 🙂
https://tryhackme.com/hacktivities

Are you currently working in the industry? Do you have a degree or prior professional experience?

Entry level IT doesn't require any certifications

No I’ve been a train operator for 11 years with 5 years as a supervisor doing help desk admin type stuff but it wasn’t related to IT. More of a liaison between HR , central control and the employees

So what good is the trifecta for then or A+ cert?

Not really sure what you mean by Helpdesk admin stuff if it wasn't related to IT. Were you working with OT?

The application I was using is called hastus, it’s more of time scheduling/ logging software

Help desk meaning, answering whatever questions the employees had pertaining to their paychecks to their prescription medications and anything in between

So, uh, HR / parenting.
Not sure that'll help getting IT jobs

What type of stuff are you going for?

And where?

Got a friend who works for a gov contractor , I’d like to do remote help desk admin IT type stuff there . He’s willing to give me a referral

looking to get my foot in the door , I’m not in a rush n I’m willing to pay my dues on paper / thinking comptia trifecta would help show I’m serious about the position

Remote help desk, yeah, A+ is a shout

CompTIA generally

network+ then apply u think? or just finish the gambit

i don't know how long he will be there, so probably the earlier the better

Depends. If someone is referring you in, you should probably go for it

ye thanks @undone shore

Gave +1 Rep to @undone shore (current: #10 - 875)

Np

Hey so question.. This might not be THM related, but somewhat is.. I’m going after Pen Testing/Bug Bounty and also getting some Certs.. Should I continue with THM & then make my way into HTB, or should I just strictly stick with HTB. Not sure on what to do.. If I can get some opinions, that’ll be great !

the thm path is very good for introductory concepts and methodology

youll also find a bit more handholding which makes the process a bit less painful

ultimately youll gather the skills to feel more comfortable with tackling the harder difficulty challenges, on both thm and htb

personally ive found that going through ctfs with someone more advanced than you is eye opening, enter a voice chat and be open to help is a great way to make friends and allies that youll likely need when you face tougher machines

youll be surprised who drops in and their lvl of knowledge

https://tenor.com/view/rock-lee-training-naruto-motivation-inspiration-gif-26451407

@devout obsidian

Thanks for the tip, I appreciate you odee fam !

np, gl & hf

Have you considered a CCNA? Personally, I started of with it, so I might just be sentimental lol

Is it possible to get an entry level pen testing role because I’ve heard both that they’re more seniors roles but they can also be entry level for smaller companies. What do you think someone’s odds are at landing such job if they have a Cybersecurity degree, eJPT, PNPT, OSCP, a decent portfolio and profficiency in python, bash, HTML/CSS and assembly language? (Cause that’s my roadmap really)

I am a beginner. I am aspiring ethical hacker I don't know where to start from can anyone guide me from where to start.

me also

#start-here

Well, I’m not that experienced either but I can sorta guide you through my own roadmap if you want. I’m currently in a Cybersecurity degree but you don’t necessarily need it to learn, but it will help you get a job. First step is to learn HTML/CSS, you can learn it for free on freecodecamp.org you’ll need it for basic web exploitation and vulnerabilities. Then you should learn python for hackers, you don’t need full software engineer knowledge, just know how to automate processes and code your own tools. Then you can go learn Bash basics, it’s an alternative to python but it’s good to know both, after that you should build a script portfolio with python and bash scripts you created, it will help you down the line. Then you should complete the TryHackMe Offensive Path (after doing the intro of course), then you should get the following certifications in this order: eJPT, PNPT, OSCP. They will cost money and time and dedication, but once you have all these you should have all the skills needed, but it still wont be easy to land your first job. I’m at the beginning of my path so don’t take what I said for granted, it might not be 100% accurate but it’s what I scraped up along the way through my own research.

I appreciate it thanks a lot it's a great help

Thanks

Gave +1 Rep to @wide mica (current: #265 - 29)

Aayu main thing is to start doing rooms that are your level , so start with the learning path on thm

If you jump right into the CTFs , go with a guide / YouTube walkthrough

Ok I will look for it

if you decide to jump into ctfs and want good walkthroughs, check out darksec. Some of those old walkthroughs are what got me originally hooked.

"Then you can go learn Bash basics, it’s an alternative to python but it’s good to know both..."

Just a friendly heads up - bash (language) is a scripting language based on the linux bash shell, the same way that powershell shell is a scripting language based on the Windows shell. It enhances and provides automation opportunities primarily within and for the OS. Python on the other hand is a fully functional interpretive language. It is comparable to php, perl, etc. They are used for completely different purposes. It is very good to know python, bash, and powershell, but make sure to know the difference and use them appropriately.

Hey folks!
I’m launching my own cybersecurity startup and building a squad of contractors/freelancers to work on real-world projects with real clients

One must-have:
You should have a solid profile on HackerOne, Bugcrowd, or any major bug bounty platform, with real-world hunting experience. If you haven’t been in the field, this probably isn’t for you (yet)

If that sounds like your vibe, slide into my DMs or shoot me a message. Let’s build something dope

Just got an open question though, please anyone can answer

Seems like I'm kinda learning a lot all at the same time, and I'm really learning fast (covered quite a lot within a short period of time), like I'm 5x better at what I knew 2 weeks ago but sometimes I feel like I'm empty lol like I don't know anything in this space but at the same time I can see that I'm gettin better knowledge-wise in cybersecurity as a whole

Do you think it's a problem? sort of

No, I've found its best to typically put what you've learned into practice. After THM I plan on moving over to HTB to test what I've learned. Also helps to know the general knowledge of cybersecurity, how it affects our daily lives and stay up to date on current trends as things are always changing. Hackers are always getting smarter and companies are always getting better at defending. Me personally I'm always researching. There's always something new to learn. Cybersecurity/IT is a very broad field.

Thanks

Gave +1 Rep to @silent shore (current: #2858 - 1)

Hello, anyone doing the course with a full time job aiming to change career ?

I have a full time job in Cyber Sec, but I'm still going to do the sec engineer path to refresh my knowledge and learn some extra things. I will soon also switch to a Network Security Engineer role

There is a lot to learn, even when you already work in the Cyber Security space. 😃

Thanks, but I am coming from a non-tech background, it means I have to take a pay cut to get into the field?

Gave +1 Rep to @opal spear (current: #2858 - 1)

Studying for CySA+, what is the best path/rooms for that

I can't say for sure but I'd assume the SOC paths (SOC Level 1 and SOC Level 2) would be helpful with the CySA+, provided you already have the fundamental knowledge. I'm still working on the Cybersecurity 101 path and aiming for the Security+, though, so don't take my word for it

I went through all of SOC Level 1 when studying for my CySA+ exam. It was very helpful especially for reinforcing my understanding of the material in my course book. SOC Level 2 wouldn't necessarily hurt to do before hand but it goes a little deeper than the objectives for CySA imo. The only thing I would recommend doing from Level 2 before you take your exam would be section 7 - Incident management as that is 20% of the exam

That depends on what you are tranistioning from and your location I would assume. I transitioned from a job in retail management into IT and it did not require me to take a pay cut for example

has anyone done the cisco cybersecurity courses? are they any good for beginnners?

I was doing them before I started THM and will likely revisit them at some point just for some review. I'd say they're alright and feasible for beginners (provided you start in the right place) but they're definitely more of a traditional course style. Meanwhile, THM breaks stuff down into bite-sized chunks which makes things a lot less overwhelming. Also has the hands-on aspect that the Cisco courses mostly lack (aside from the Packet Tracer activities). They're a decent free option overall, I just personally prefer the style THM has

Oh and also, the Cisco courses do let you link to Pearson's Credly service for badges when you complete courses (which you can post on LinkedIn and whatnot) but I have no idea how much, if any, displaying those badges would increase hireability

Thank you for the info, any courses you would recommend on THM/Cisco for beginners?

Gave +1 Rep to @edgy orchid (current: #1871 - 2)

Sure thing! If you're a total beginner, the Pre-Security learning path on THM is a great starting point: https://tryhackme.com/path/outline/presecurity

If you wanted to try the Cisco ones, they also have learning paths such as the Junior Cybersecurity Analyst path. Cisco is a networking company, though, so you'll notice a lot of the courses involve networking concepts to a much greater degree: https://www.netacad.com/career-paths/cybersecurity?courseLang=en-US

Thank you so much!

Glad to help when I can 🙂 Best of luck on chasing that goal! Also, unsolicited tip, but if a concept is confusing you on either, not only can you ask in Discord like this but there are likely great videos to reinforce concepts you're not fully grasping. AI can also be helpful in strengthening those weaker areas as well 😎

Hi, I was wondering what skill set is needed for an entry-level job in cybersecurity. I started my journey a week ago and just want to check the list of mandatory skills.

And is there any type of remote role available for cyber security? Or does cyber security only have on-site jobs?

Well there are a variety of possible jobs in cybersecurity so its a bit hard to answer in that way. Depending if you want to focus on red or blue team.
This is definitely worth taking a look at. It goes over a few different career paths and what is required.
https://tryhackme.com/careers

remote is totally possible. hybrid is probably more common in which you work a mix of on site and remote

THANK YOU.
Blogs will be a great help for me.

Gave +1 Rep to @dapper depot (current: #249 - 32)

Sure thing.
#research might be of interest. People share blogs posts/research they've done.
Also, some gov agencies, private security companies and schools have cyber blogs. Definitely worth searching to see what stands out to you.

Thank you so much.💗

Gave +1 Rep to @dapper depot (current: #242 - 33)

Guys I got a penetration tester internship interview in an hour wish me luck

hey good luck. you got this!

thank you so much ☺

Gave +1 Rep to @dapper depot (current: #231 - 35)

stay calm, be confident. 👍

ahh I'm so excited

they literally called 2 hours ago and said "hey, you, us, in 3 hours, see you" and hang up 😂 i'm shaking

dang thats last minute too. crazy

yeah haha

maybe reread your cv or whatever and make sure youre ready to talk about previous experience or personal projects

yeah chatgpt been cooking for the past hour, i'm trying to make sure i remember everything i wrote on my resume

well hopefully you won't have to do more than one of these interviews if you nail it. best of luck 👍

thank you sooo much

Gave +1 Rep to @dapper depot (current: #223 - 36)

be sure to let us know after

alright

Good luck on your interview , fingers crossed 🙂 🚀 🤞

hi! except for sec+, sla1, and az-200, is there anything else that i can prepare for a career as a soc analyst?

Hey there

I need personal guidance about cyber Security career

Anybody can help me?

Ask away and people will answer here.

Okay

How I can start a journey to become Red Teamer?

Exactly where to start?

You can follow this roadmap 🙂
https://tryhackme.com/hacktivities

Thanks

hey guys can anyone help me to review about the cybersecurity master program from simplearn
which contain comtia+ ceh cissp
should i buy it or not

Hey I just need an opinion from working professionals on this internship-listing's requirements. Is it act:

Selected Intern's Day-to-day Responsibilities Include:

1) Design and enforce cybersecurity strategies to protect sensitive information and systems against cyber threats
2) Perform regular security assessments and audits to preemptively identify vulnerabilities and enforce corrective measures
3) Conduct detailed reverse engineering of mobile apps and websites
4) Provide cybersecurity awareness sessions to the clients and partners
5) Conduct research on the latest cyber threats and help develop strategies and reports to mitigate them
6) Assist development teams in implementing penetration tests as part of the Secure Software Development Life Cycle (Secure SDLC)

This covers so many different skillsets that it has got me wondering if cyber sec is for me or not. Is such requirement for internships the norm?

yo anyone here holds the CEH cert ? i am giving it next month wanted to ask for prep tips

If they're rotating you through different departments, I wouldn't be surprised. That being said, if they're expecting you to perform like a FTE in those areas, that's unrealistic.

Other than that, it kind of reads like HR wrote it without tech department inputs

This reads like it was copied from a list of services offered by a large cybersecurity company or a massive corporation's entire cybersecurity division, comprising several teams of people. They're probably trying to impress upon you their good intentions. If it's just for an internship, you should find out more about the company, what it's like to work there, see if you can network with any of them on LinkedIn

My issue is knowing which do and dont.
I think i may just stick to getting those captia and try hack me certs

In my opinion...your best bet is community college... You use less of your GI bill that way. I'm using TA to go to a university right now but once I'm out I'm going to a local community college. Tuition there is so dirt cheap (especially if you have residency in the state) that you could get multiple degrees from there.

I looked into a local tech but ArmyIgnitED showed me and

it just offered data analytics

Might be better to go online then... Only thing about going online is you won't get the full benefit of the housing allowance, but that also give you the ability to work full time and just go to school at your own pace

I was hoping to find a way to do like some have and go to college full time and use the ecess money for bills and shit. Im NG so i get state TA too

You can do that, but you would have to get out if I understand correctly... That's the only way I would think you could go to school full time

Not in NG since we are basically soliders as a hobby lol.

Ahhh, I'm active duty

No idea how guard stuff works

We get Gi BIll if we have X amount of time active, which took me 2 mobilizations to get, Fed TA, State TA, CAP, and i can still appliy for state grants just as any civilian could. My best friend is doing nursing school using all that and pocketing 3K a month.

I'd be trying to do that then

Yea im trying to9 figure out how he did it. He is actual making a document to give out to other to do it too

Hi

Which sector in cyber security does OSINT or is OSINT not in cybersecurity?

It's in the sector for both analysts making threat models and as a offensive specialist

OSINT is a big part of mapping the attack surface

If you want to test your skills throughout a variety of CTF-styled challenges while possibly getting cash prizes and a career opportunity I recommend you check out the sentinel DoD challenge

In my opinion, it is more SOC, but any other field in cyber can utilize this concept

True it depends on the goals when it comes to penetration testing and the methodologies utilized

And testing duration*

Thanks for Guiding me 🙂

Gave +1 Rep to @keen tundra (current: #1 - 4857)

I enjoyed full stack development, but I’m transitioning to cyber security to focus more on system protection, threat analysis, and securing digital infrastructure, which aligns better with my long-term goals.

Why is everyone switching to cyber security? Why no one is switching to coding?

@dapper depot It went pretty well and we completely clicked! He seemed satisfied with all my answers and told me to wait for results. Hoping to get the internship! Thanks!

Gave +1 Rep to @keen tundra (current: #1 - 4860)

Cool.
offensive specialist is my dream job. after this year im finishing highschool and go to Bachelor's degree in Cyber Security. but i wanna master red teaming more and there are currently no school that realy teaches red teaming.

Awesome. That is great to hear. Looking forward to good news!

I'm almost completely new to cybersecurity (not new to computers though) and I'm wondering if it'd be possible to get an OSCP certification with only 2 months of training? Or is 2 months really not enough time, how advanced is the exam exactly?
Any answers/responses would be greatly appreciated

hope all goes well brother, i hope i can be a pen tester in the future too

I was learning Cyber Security since I was a kid but I didn't fell deeper into it so I am revising and Updating myself

me too i am 15 and very interrested in cyber security😁😊

That's Great to hear 👏 😃

How do I get involved with cyber security/programming im completely new to it and always liked it and advice is appreciated

Hey guys I have a question if I’m studying for my sec+ and trying to land a job in help desk is me not having the certification why I’m not getting any interviews

Hey everyone! My name is velina I’m new here & I’m interested in Cyber Security I hope we can be great friends here and I can gain experience!

Hello everybody, I have a question regarding thoughts on my certification roadmap. Im doing THM paths right now cause I think the explanations are great. My current end goal is OSCP but I want to get easier certs along the way both for practical experience and to maybe land a junior role before OSCP.

1. eJPT v2 - Junior penetration tester INE
2. PNPT - Practical Network Penetration tester
3. HTB Bug Bounty Hunter
4. HTB CPTS - Certified Penetration Testing Specialist
5. OSCP

Anyone have thoughts on this? Better recommendations?

For help desk, the A+ cert would be more helpful.

What other tech experience do you have?

@torn plume i dont have any IT experience besides personal stuff and dealing with computers since i was 13

so should i add a+ for certs to help land a help desk spot?

i take my sec+ test the 31st i took it once failed with a 668 and positve i will pass this next time

Yes, a cert can take place of experience for entry level jobs. But the material on sec+ won’t cover the knowledge you’ll need for a entry level help desk job. Work on the A+ cert.

Also, if you can find meet ups and local hacker conferences - networking is key for getting your foot in the door.

yeah i've been told it helps alot if you know someone i just dont know anyone to be fair.. i will take my test and then focus on A+ thank you

are there any hacker conferences near you?

i would have too look that up

im in central nj

HOPE in Queens. Great conference. Went 2 years ago (unfortunately missing it this year)

@torn plume just to ask what is the conerences

i looked it up and they have a few by me but what exaclty is it

is it a place to learn?

HOPE (Hackers on Planet Earth) is a hacker conference. There will be talks all weekend about different subjects. People will have projects they are working on. There will be capture the flag and lock picking. Everyone is really nice and helpful.

https://hope.net/talks.html

there will be people new to cybersecurity as well as really really smart, seasoned cybersecurity engineers and hackers

ah i see this would increae my network

I live in South Jersey bro.
Currently working in IT Helpdesk but I am trying to moving up in cyber security.

You guys hiring lol what are you doing at the moment to move up in cyber security?

I guess we do I will check. This is remote position.
I already have basics networking knowledge and currently working toward Security+ certification and THM labs.

thm stands for tryhackme right

well i busted microsoft in stelling software i prove it pulled in nsa i only one with files that can stop them

real cyber sercury people need be able trace id threat and admit they want data they take it but u can encript it in way not even nsa can hack

i delt with live attacks for 3 years, id the busness ip address certifice used , what they was doing, what they was wanting , i even discover that microsoft made rasomware, this gave me expeace to find a new virus put on twitter this virus only tirgger when key words are used, and guss when was installed at same time musk take over twitter, kind makes one ask who made the virus this data gose to atf and fbi

ooo and best part this i found the busness who running it , and BBB wich i was talking to wants me take sight down , i kind fell throw the floor as no one ever told me take down a sight atf was warn lol sight running all this for atf botcenteal.com all they do is make viruses

best way to learn is get attack 4 key things u must be able do id ipaddress id what they doing or want id if there a defence stop them learn encription bouth hardware software to proteck said data

last if its a busness give them all logs , and give them 48 hrs stop, then take down servers, if it a hacker , just shut them down , goverment wont help as goverment is makeing software agest the free people so we now have proteck agest them, and my new ai server will do just that,

What in the ChatGPT filter did I just read.

I read it half an hour ago and just noped out

Hello to all does any one know of any remote job roles in IT has entry level or and any job in tech

I am currently pursuing my cyber security certification.

hi,how to match the task 9 of Cyber Kill Chain

Hello everyone. Do you guys know a resource i can use for NDA legal documents to cover liability issues when i operate as a free lancer in the cyber security field

Studied for the CompTia Security + Certification recently just passed and join tryhackme to gain hands on experience do anyone have pointers on build a portfolio for future jobs I do have an idea on what I want to do

You can get a lawyer/solicitor to do this for you. Unless you are one, you're not going to have the necessary skills or qualifications. Also, most people working in the field as freelancers are doing so through bug bounties, and usually through companies like HackerOne and Bugcrowd. Most companies don't hire freelancers for cybersecurity due to the risks associated with it, and cybersecurity is very heavilly equated with risk aversion and risk management. If you don't understand the legal requirements for cybersecurity work, why are you considering such a path?

Follow the paths to learn skills in the various roles you'll encounter in the field. Do both walkthroughs and challenges. You'll need to be able to demonstrate knowledge and abilities with various skills, so pursuing relevant certifications can help. Doing writeups on rooms you've completed, making blog posts about technologies you've learned, having a home lab and using it to practice building, testing and breaking systems, and then blogging about it, networking on e.g. LinkedIn, doing CTFs, going to conferences (like your local BSides), meetups, etc...

I see alot of freelancers using other resources to get work or contracts. I will be creating my own business tailored to affordable cyber security solutions for small businesses worldwide. The unfortunate part is trying to get my ducks in a row, I would need clients to sign some form of liability clause which I've seen some online in hopes you have any ideas. But hiring a lawyer would be the best option? if so, which kinds if you can point me into the right direction

To start a business, you'll need capital, a business plan, a DRP, a contracts lawyer, probably some form of corporate/commercial lawyer, business insurance, etc etc. There's a lot more that I haven't even listed and it's different in every country and state. On top of that, you're going to need to have a network that can vouch for your work, which is why most people work in industry for a while before going off and doing their own thing.

@lilac parcel I got this cert two years ago. Boson Ex-Sim Max and Afimov on Udemy allowed me to clear the CEH exam with a 91%, all I had previously was Security+/no IT experience.

Tried to reply inline... Here's my response again: @lilac parcel I got this cert two years ago. Boson Ex-Sim Max and Afimov on Udemy allowed me to clear the CEH exam with a 91%, all I had previously was Security+/no IT experience.

Hope that helps 🙂

So I'm actively learning about CyberSec SOC Analyst job. I'm documenting my journey on GitHub and commiting every day my notes/journal and my first step was to tackle the Windows Fundamentals in THM. I did two rooms and second room there show you configuration tools and tbh just touching surface. After finishing it I decided to get better know the tools myself and start digging with ai tools to make me a 10 exercises based on that room so I can make a mini-lab. I already made 3 of them and I got the impostor syndrome. I have very limited time to learn, english is not my native language, my current industry is transport so I basically have 3x things to learn in that limited period time. Im moving slowely but I want to learn well everything and I don't have to change industry tomorrow. To the point - can anyone check if that mini-lab of mine made bymyself is something interesting to do even for learning or in future when ill look for job i could put that in portfolio.. isnt that a waste of time? please just confirm that im not wasting time and im moving forward in my objective this will help to put asleep impostor in my head.

sorry for bad english im tired and i dont have time to redact it

gh: https://github.com/rotni96/thm_presecurity/tree/main/PreSecurity/Windows-Mini-Labs

I understand learning 3 things at the same time by technical English, wording etc., (im not native and my English is b1/b2 at most). I'm documenting every day of my learning process, so I'm learning how to do it, how I can get some processes faster so I can get more data and learn from it as I want to document everyday as far as I will do it everyday so I can see what areas I need to focus, what I need to learn, what I learned etc, etc... and then there is real content, real tools, real practice, theory, things that I will need for day-to-day tasks in my hopefully "future" job - atm doing presecurity module in thm but after that i want to start network+ and the process will be the same... idk if u understand now but if not lmk so I can tell u more?
so native speakers don't need to process that much of data and they learning faster then people like me, this is a big challenge and im facing it everyday

p.s. and again sorry for English, is late and wasn't in mood to redact it

Regarding the conferences/meetups, what do you recommend for people like myself who live in a rural small town, with a nearby city that I can't find any information on IT/cybersec-related events? I lack the ability to travel very far so driving a couple hours is pretty much out of the question, unfortunately

I really could use mentors in this space, to be honest. Struggling hard to even find entry-level IT jobs (which I know I can do, given the fact that I was studying for the A+ at one point) but I know that I learn best by doing, and through mentorship.

Maker spaces are pretty common places for hackers to congregate; I get that you may not have one in your town, but it's a place to start. Additionally, there are tons of online services to find meet-ups and other social groups

Well, I'm not specifically referring to hacker conferences but I will make a note of that. In general, I am in desperate need of a job but really struggling to find one. Really, my only option is remote (not against in-person, there just aren't any opportunities here), but every job I've seen asks for 3+ years of experience and/or a bachelor's in one thing or another. This is true even for helpdesk. It's insane. I'm okay with working entry-level while I study and grow my skillset, but I can't even find that (or so it seems)

Unfortunately that's kind of the nature of the beast. You can substitute work experience for practical knowledge, it's one of the reasons that a homelab gets stressed so heavily.

Yeah, I honestly don't know what to start with in terms of homelab stuff. I don't have much of a budget to work with, but I do have an old PC that I'm considering turning into a homelab. Gonna need to buy an SSD for it and touch up some things first, but yeah. Other than that, I'm clueless on what sort of projects would be helpful for me

You can start anywhere - a raspberry pi is a good place, as is an old PC that has at least 8GB of ram. To start with, that's enough to run the pi as a single node of something, and the old PC can run at least 1 VM, potentially up to 3 if you are confident in running headless or extremely minimal VMs

Not exactly the same but I have been playing around with an Arduino a bit lately. Would something like that be worth talking about on my resume?

The old PC was my previous gaming rig before I built my new system a couple years ago, so it's powerful enough for some basic VM usage. I just mean that I'm literally unsure what projects to do with the hardware lol. I'm usually pretty creative but I'm drawing blanks on what sort of cool stuff I could do with that

As personal interest? Yes. But unless you ahve one of the fancier Arduino's that is capable of running Linux, it's not particularly helpful in that regard.

As for what to do with your old PC, set up and tear down VMs. Figure out opentofu, ansible, terraform, and learn how to automate all that stuff. Set up gitlab community, figure out how to run a devops CI/CD pipeline.

Gotcha. I figured it was more of a personal project thing, it's just the Uno and some basic starter equipment. I just asked because if it was resume-worthy, I didn't want to miss out lol

What sort of VM software do you recommend? I've messed with VirtualBox for testing desktop Linux, playing around with older versions of Windows, etc. but not much beyond that. Are you aware of any THM rooms that could help me in these? Because beyond Gitlab, I have no idea how to do any of that 😅

So figure out a software stack. LAMPP is super common, and there are a ton of variants. Although it is fallen out in popularity, it's a 'classic' for a reason. Start looking at server software and what you can host yourself for cheap. Primarily, that's going to be FOSS - so look for common Ubuntu, Debian, Fedora applications and start playing with it.

Okay, but isn't that more relevant experience for people going into network engineering, cloud, etc? Would that really be helpful to get my foot in the door even with entry-level helpdesk type stuff?

It's all useful at some point. Think about what the tasking is for the role you want, and think about how to emulate those tasks in your lab.

I appreciate the tips and will write them down for sure. Honestly not trying to be a downer, just really discouraged with this sort of thing because I feel so lost. For all the stuff I feel like I've gotten down in my studies, it feels like there are a hundred more things I need to do before I can actually take a single step forward. Considering my age and circumstances in my life which make the lack of a job 10x more stressful, it's tough to keep myself focused on trying with all of this. But I guess I'll get there eventually

For the first six months in any role, you will be drinking from a firehouse as you learn to do that role. It can be very challenging, but it's that way with everyone and (almost) every place I've worked has been very accomodating: they want people to succeed at their job, because that's what makes the company money.

Oh for sure, but as I said, I learn best by doing and through the guidance of mentors, two things I can't exactly acquire unless I can get my foot in the door, but apparently I need experience/degree even to work helpdesk stuff. That's the part that's most frustrating. If I could only find a company who says "let's give this guy a chance", I'm sure I'd be able to do it. Just seems nobody is willing to risk it. Wish I would've realized that before investing so much time, energy and money into a career change

Also doesn't help that I feel like I tend to be slow/lag behind many others in this same position. Feels like some stuff really comes a lot faster to others than to me. Could just be that I'm not getting enough sleep lately, though

You might consider a vocational college or junior college as that first step - a CIS degree can be very helpful for that first entry level role

No freaking way I could afford college at this point and I'm not about to risk things on a school loan if I don't know for sure it'd get me moving. Not to mention I'm on borrowed time for some things (personal)

It sounds like you would be a non-traditional student - check in with your local labor board and see if they have career re-training opportunities, and the school may have scholarships or grants that you'd qualify for

Jr college/community college/vocational college all tend to be very cheap compared to most 4 year universities, and I hear very good things about WGU being extremely cheap if you are highly motivated to get through content

Oh yeah, I'm definitely a non-traditional student. Opted not to go to college for that very reason. There is a technical school nearish (about 35 mins away) but I'd need to find transportation as I don't have a car. The whole reason I opted to try making IT a career for myself was because I recognized the reliance on certifications and the prevalence of online training materials, and the goal was to move toward something in cybersec because it really interested me.

Basically, in terms of credentials, the only feasible option for me would be getting some certs because I have a family member who is gracious enough to have offered to pay for whichever cert I start with. The trouble I have there is that I studied for the A+ for over a year and while I'm confident on probably 95% of it, there are enough spots I'm shaky on that it concerns me. Considering the fact that I'd be using money that a relative is being kind enough to offer to me, I have to pass it on try #1.

I need a break from everything related to career stuff. Thanks for your tips though, I genuinely appreciate it

Ok i learned the basics of network, osi model , learn some good linux program now what next ?

You can follow this pathway 🙂
https://tryhackme.com/path/outline/cybersecurity101

Setup something like PFSense as your home firewall.

You're photo is that Ukrainian actor. Don't remember his name though.
I have a question with regards to the depth to which one should understand the contents in pre-sec/cybersec101/SOC-LVL1 etc. and how well they prep for different entry-level postions. Anyone can give some tips? I have some "CS/IT experience" and I am not sure where I stand and how well and deep I have to learn things for someone to actually consider hiring me.
Thanks to anyone in advance 🙂

Gave +1 Rep to @keen tundra (current: #1 - 4881)

Hey guys I was wondering how to set up a Cysec home lab for the summer until i head off to college
I was planning on learning wire/strato shark and other tools/vulnerabilities.
I have a windows PC and Mac Laptop that runs a dual boot Kali VM, what should I do?

windows PC has 48 GB of RAM also though i should add that

I would use it to build up and tear down infrastructure. Setup a small network, add services like AD, work through basic hardening on operating systems you're hosting, take notes, and then tear it down to set the next project up.

Thank you, I’ll try doing that, any recommendations of channels / resources to accompany?

Gave +1 Rep to @stoic cave (current: #20 - 508)

Man pages and vendor documentation

thank you gus

Hey guys I am pursuing a tryhackme jr penetration tester and its about to complete and I have understood the concepts and have hands-on experience through its lab what should I do next?

You can now simply focus on doing the Challenge rooms. There are hundreds on THM. You can start with the easy-levelled rooms.
Also, it's important that you do the pre-security and cybersec 101 path if you have not done it before the Jr. Pentest Path. They contain crucial information.

I have done pre-security already and have a computer science degree as well should I go for internship or should I solve more labs?

Internships are always a great idea to get real life experience. Do THM on the side in your free time, always a plus.

The Jr. Pentest Path won't get you job ready - Don't expect to be able to pentest in real life with that Path.

It's like extremely beginner level.

What do you really suggest? I am so confused right now what to do…

But it is not easy to get a internship with thm certificate???

Don't expect THM to get you any job or internships.

Also as you said, it is a certificate and not a certification.

Anyone could copy paste and get that certificate - it has almost no value.

Yeah but it provides a lot of help to build a career

I'd say it helps you find what you like in the cybersecurity world, but the certificates of completion won't be something a HR look at and be like "Oh wow, we must give this person an interview!"

An internship should be easy (Somewhat) regardless of THM. But for a job, you will need certifications or experience.

Than what will make me stand out for the interview?

For an internship?

Yeah

Yes for an internship?

What are you aiming for? A pentest internship?

Yes a pentest internship

Well you could then probably put out that you know how to use certain tools / how they work. (Which you learned from THM)
You could also do personal projects and build some passive reconnaissance tools (Just an idea) or other coding projects that are cybersecurity-focused since you have a CS degree.

But other than that, an internship is usually to learn, so I don't think they should expect high skills in your CV or in the interview.

That’s great idea to build some tools thanks!!

Gave +1 Rep to @obsidian rose (current: #68 - 134)

Thank you so much @obsidian rose for your time

Yup, no problem!

Are you in school?

No I am graduated already I have done bachelor’s in computer science I was a web dev I am switching to cyber security

Hey guys, wanna ask one question.

I want to apply for an internship as a SOC analyst tier 1. I don't have any work experience at the moment, but I have passed SOC Analyst L1 pathway, I'm also in the top 2% of the players. I have my own github where I have uploaded 3 scripts for filtering data in csv file. How seriously will this be taken by employers?

Guys I’m new on cyber security and I want the best and fast way to learn it

Alright, so internships are typically reserved for current students. You'd want to look for FTE. Pentesting isn't really entry level, so with something like Security+, you would be able to get your foot in the door with an entry cyber role and then work your way up.

Apply, if you are genuinely interested in cyber security it will come across, find a couple of recent cyber security incidents you find interesting as responses to interview questions cough Scattered spider and persistence via EDR

Roger that, thank you

Okay, Thankyou

Hmm that's not a half bad idea. Is it legal to do that? Do you think that'd be be a better idea than to do practice exams?

do contractors care if your certifications have expired?

i got an SRE cert a while ago it has probably expired and idk if i put it on my resume

You should be clear on your resume if it's expired, for me personally I more than likely wouldn't.

Companies often use certifications to meet contract requirements

depends on the sre cert, i think everyone has an expired AWS CCP in sre lol

its a devops cert, expired last year 😭

guess i will wait a little while before doing my sec+ too

what devops cert

SRE devops

thats not a cert

what is the cert

specifically

the actual name 🙂

i work in sre and interview / advise on hires. i can tell you what value the cert holds if its expired

this one

o

i have never seen that before

im sure its fine to include if expired, just write (expired )after 😂

apologies

i didnt know there is literally a "devops sre" cert, i have not seen that org before

my boss made me take it

Hey @rugged sable, you're a recruiter?

no I just did interviews

Oh, you're the interviewer?

yes

Guys l'm new on cyber security and l want the best and fast way to learn it

There's no fast way . Not for cyber security , not for anything . If you want to pursue some career path you need to invest a lot of time and discipline in it 🙂

Hi, I just want to thank TryHackMe for everything! I'm first-year-student in university and today I landed my first cybersecurity internship for the summer thanks to the work I put studying and learning stuff from here, thank you!

I'm so glad to hear stories like these 🙂 . Congrats on getting an internship 🙂 🚀

Congrats, nice to hear that)

Oh wow, maybe you could refer me for a remote internship opportunity lol

Is it possible to get a job in cybersecurity without a degree in IT?

Yes, but it is a little bit harder. Your resume will go through HR filters that will be looking for minimum requirements (certs and a degree in information systems, computer science, etc). Networking (people) will help because if someone submits your resume internally, it can bypass some of those filters, but you will always be at a disadvantage. I started my career in the late 90s where knowing Linux trumped having a degree, but even as I got into my 30s, with all the experience and networking (people), I started hitting a wall for salary and job options. So I went back to get my degree. However, it sucked b/c I was working full time and raising kids. So if you have the time and access to money (scholarships, etc), it is worth it.

@broken idol Or @cobalt escarp

Please don’t post surveys here

Hello everyone! I was wondering if any of you had any good recommendations for beginner cybersecurity projects? I looked up a few on YouTube, but I want something that can be for personal use (please lmk if that makes sense)? I see very often the creation of SIEM tools but I'm looking for something a little more beginner-friendly that I can implement on my day-to-day use.

Or rather, if those ARE beginner-friendly, how could I implement them for my personal use?

I'm seeing that most of these are focused on keeping organizations' data safe, but I kind of wanted to try out something that could apply to myself.

I just created my first VM with Kali, if that helps.

Thanks again!

whats the state of cybersecurity careers anyway? i assume its very competitive lol

Please don't post job postings without consulting with an admin 🙂

My bad. Will hold back. Thanks.

hey Helly, I am also interested in building a portfolio to better show my skills. I can't give any recommendations on the specific area you are asking for but i would love to hear any other projects you have build. I know building a vm on kali must have been somewhat of a challenge what else have you build?

Hey I have just. Completed " web application pentesting" what should I do next as I want to be strong in penetration testing any advice!

summer has come, what should I learn in these next 3 months before starting my bachelors in cybersecurity? Feel free to DM

Hello! I didnt know where to write this so I wrote it here... So I want to delete from my computer the Windows 11 operating system, can I do this without having another operating system installed?

Hello, is it possible to get a roadmap on what should we do for someone who is starting into CS?

In THM, they have a section called “Learning Path”. Can guide you on what you should do and modules to take !

Thanks!

Gave +1 Rep to @devout obsidian (current: #1883 - 2)

You can just straight up format your disk but it's better to have the other operating system you want to replace it with installed (assuming you'd want to switch OS)

No.

Oops

I don't refer complete strangers I know from Discord, sorry. Good luck on your career!

Was just kidding lol

the VM was the only one, I looked up a tutorial on how to set one up on YouTube, but now I'm browsing around to see what else I can do that'll be useful

If you are interested in AppSec and DevSecOps, a great project that shows some security knowledge is building a simple website but building out a full CI/CD pipeline for scanning and deploying the website. You can get a free GitHub account. Use github actions to perform sast and sca scans on your website code . Deploy it to AWS (easy and cheap place to host a website for pennies). Then automate a DAST scan of the site using github actions and zap.

Let me know what you find 😃

This is a great idea im going to look more into it

Feel free to message me if you have any questions.

This is actually perfect! I do have a little bit of experience with web development and it actually ties in with another project I had pending in the back of my head, thank you so much

Gave +1 Rep to @torn plume (current: #603 - 10)

You can follow this roadmap 🙂
https://tryhackme.com/hacktivities

Try to ask in #infosec-general channel

Thanks!

Gave +1 Rep to @keen tundra (current: #1 - 4912)

Quick question: I know that you don't necessarily need to meet 100% of the requirements/qualifications for a job but about how far away from those requirements would be advisable? For example, if it's asking for experience with PowerShell scripting alongside other major Windows skills, but I'm still early in learning PowerShell scripting despite being a Windows power user in most other ways. Would it be advisable to apply to a job like that or should I not waste my time on it?

About 60-70% is a standard recommendation. If you feel comfortable with that much of the job description, apply and emphasize your ability, willingness, and desire to learn anything you don't already know. If you meet more than 60-70% of a job description, especially teachable aspects, you're probably over qualified.

Good advice, many thanks! Just trying to optimize my time for companies that I actually have a fair shot at, thus why I asked

Gave +1 Rep to @pastel sedge (current: #2878 - 1)

I'm doing the same thing. Best of luck 🦾

Same to you!

Ok thanks

Gave +1 Rep to @hollow drift (current: #185 - 47)

Hey guys, I am starting my MSc in Information Security at Royal Holloway University of London. Tell me some good certifications to stand out in the global market. I am thinking of doing CompTIA Security+. Got recommendations to do the Google Cybersecurity Professional Certificate instead. Help me out, which would be the best

Take my advice with a grain of salt since I don't have any yet myself, but yeah, I'd say the Security+ is the best starting point for you. I have heard of the Google one as well. CompTIA is a very well-respected organization, though, as they've been around for much longer than Google (and definitely longer than Google has been offering certifications). Security+ is just the starting point, though. They also offer quite a few beyond that (CySA+, PenTest+, CASP+) and other non-security ones might be helpful as well, such as the Network+ or Linux+

Ok thanks bro

The Google Cybersecurity Certificate isn't a certification, it's a certificate stating that you finished their course. It's a very basic introduction to Cybersecurity/Python/SQL that talks about the CISSP, but then gives you a voucher for the Security+. It's not going to train you sufficiently enough to get the Security+, but they charge you $50 a month to follow it. I did it 100% in about 16 hours during Xmas week in between parties and hangovers using the free week they give you. Not worth paying for, but if you're new, it's nice to do the first free week to get the certificate at the end.

If you're doing the Security+, it's a good cert to pursue for junior entrants to get the base knowledge you'll be covering in your MSc and it's many peoples' first cert in cyber. After that, an employer might direct you towards certs like CISSP, CISA/CISM, OSCP, or others, depending on the roles you're pursuing. As Sec+ is a knowledge cert, there's no real practical aspects, and cybersecurity is a highly practical field

Thanks @edgy orchid @rugged delta , it's conducive. I will go for security+

Gave +1 Rep to @edgy orchid (current: #1425 - 3)

Should I be sharing my Cybersecurity path completion certificate on LinkedIn or add it to my resume?

If yes , then what all should I list as skills covered?

Also what are some challenges to try out now having finished the fundamentals?

Hello I am just little confused I had associate in networking where I learned networking basics and did some labs on packet tracer, some basics linux command. I have Network + certification. Over the last few years I know all about Cyber security principles in theory and right now studying for security plus exam. I know basics hacking in theory based. I am working In Helpdesk right now. I just don’t know if I apply for SOC or security engineer or what. I like to do penetration testing. How do I start labs from basics on THM? Also do I have to be expert in website languages or just basics?

Wdym by how to start labs on THM 🙂 ?

I was looking to start with basics to advanced labs. what I meant by challenges

I guess I will follow cyber security path along.
quick question when I finish cyber security 101
do you think I should start some basics challenges?

Yeah , you can start with easier/guided challenges once you finish Cyber101 path 🙂

Thank You
One more question. should I go for SOC analyst from helpdesk or I can still apply for security engineer. and Do I need to have web programming knowledge in detail ?

I'm in! HR called and we set up a start date for my red teaming internship. Dream come true! @mint kestrel I'm wishing you all the best brother, I hope you get to your dream position one day as well!

Ayeee congrats fam!!

Thanksssss ❤❤

Did you go to school to start your internship or did you just apply after gaining your certifications ?

I'm a CS undergrad and I applied for summer internship

Ahhh copy; congrats fam ! Wishing you the best of luck !

Thanks you so much, wishing you all the best as well ❤

Gave +1 Rep to @devout obsidian (current: #1426 - 3)

congrats buddy

tysm ❤

i hope i get an internship somewhere

just keep practicing and dont do anything illegal lol

yupp

doing the same shitt

try to also get some hands on with linux if you can and just learn some basic commands in the terminal

does anyone have experience with both maldev academy and sektor 7 malware dev course line, with any recommendations between the two?

what are ways to get a cybersec internship and get some hands on exp?

guys can anyone suggest me the best source to learn burpsuit for beginner???

YouTube there are so many videos

Just start with basics as they are important

yeah that's the problem there are so many

https://youtu.be/G3hpAeoZ4ek?feature=shared

Start here

burp's web security academy and THM's Burp module 🙂

🚀

Hi everyone, I'm currently working on improving my resume. While I don't have formal industry experience yet, I've completed a number of hands-on labs on TryHackMe. I'm thinking of listing them under a 'Projects' or 'Practical Experience' section to showcase my skills. I'd appreciate any suggestions on the best way to include this on my resume.

It would be neither projects or practical experience. Projects are things that you create and Experience means professional experience in the context of resumes. "Extracurriculars" or "Extracurricular Activities" are a better match

Got it

I am currently seeking an entry-level job in cybersecurity. Although I do not have industry experience, I hold certifications such as CompTIA Security+. I would appreciate any suggestions on improving my resume to increase my chances of landing a job.

I just posted yesterday about setting up a DevSecOps project in GitHub. If you have a GitHub account listed on your resume, hiring managers will review it. It looks impressive if you have a SDLC pipeline configured that showcases build, scanning, and deployment capabilities.

#cyber-and-careers message

Hi everyone

most THM burp modules are paid i think only 1 is free

yeah , you're right

Congrats!

Hey

Does THM have a job board?

Yes , it does #jobs-board 🙂

I mean on the website

This 🙂 ?
https://careers.tryhackme.com/#jobs

Yea, got it 👍

remote insternships available??

Check out the link above for more info

Hi guys

Do freshers getting hired in cybersecurity domain?

Iam struggling to get a job ....😓😓

hello

roots

how are you guys

i just want to ask how much time would it take to master the security engineer roadmap and average hours per a day

and thank u in advance

This would vary depending on your learning style and the foundations you have going into the learning path and how much interest / curious you are. If you have the basics down, it will be easier compared to learning the basics on the go.

hey everyone. i'm taking the comptia sec+ exam tmr and i was wondering what i ought to expect? i've been grinding out prof messer's practice exams and i wanted to know what kind of questions to expect. like are there any simulations i'll be asked to do or is it just pbq and multiple choice

It is just PBQ and multiple choice. Have you been taking any practice exams?

Hi

yeah. i bought prof messer's practice exams for it and i've been grinding those out

consistently getting like 85% or above on them

I'm about to start school next semester by going back and changing fields. My biggest concern is associate s vs bach vs masters. I don't want to be stuck at help desk but I hear nobody actually cares about the higher degrees?

My college only offers associates online but they are endorsed by homland security and FBI which i haven't seen from even D1 schools.

Thats about where I was when I took mine back in November. I felt comfortable while taking the exam too so I'd say your probably in a good spot. Make sure you are real comfortable with acronyms, take your time and you should do just fine

gotcha. thanks! the acronyms are def getting me lmao

Gave +1 Rep to @fading panther (current: #1147 - 4)

No Problem, Flash cards are the way to go with those imo

just beat them into your head lol

fr. here's hoping

https://www.reddit.com/r/cscareerquestionsOCE/s/uKQDbMfsEm

This is so depressing to read