#cyber-and-careers

Grades and expected graduation date are important for a graduate looking for a first job

maybe thats a american thing?

Or, more to the point, they're important for the hiring manager who has nothing else to go on

I'm Scottish

Holy shit my grammar has died a sudden death smh

dw mine too

TL;DR though: if I'm looking at grads to fill an entry level position, then:

1. I need to know if their graduation date is in one month or six, and
2. Their grades are (in lieu of anything better) a quick way to distinguish candidates

Obviously much less important once you've already got industry experience, but if I saw a grad (or intern) CV which didn't include those things I would be a bit suspicious

hello spanish ?

So question regarding grades ; college GPA , should I put my gpa on my resume? I mean I haven’t…. Since applying. Just curious

UK based answer: I would suggest your predicted degree classification.

No idea if you have those elsewhere

@rugged sable
Hi, I would like to ask you as an interviewer. Of course, all interviews are different, but I'd like to ask your opinion, what are the most common topics in interviews? For example, if the interview is for the position of SOC analyst. I'd be grateful for an answer

oh am in canada

alr tho

dont know, i have never worked in a soc or near a soc or interviewed for a soc

i do sys design / coding, so i just ask very specific questions. either they pass or they dont, i couldnt really care about who they are as a person etc. either pass the test or fail

for sys design there are some opinions but if you say "i used argocd once but hated it because refresh tokens doesnt exist in their OIDC implementation" i'll be like "yeah sound fair enough use something else in your design"

Trellelo trallala

Got it, thank you

Gave +1 Rep to @rugged sable (current: #84 - 97)

Grazie

Hello everyone, is using tryhackme platform an edge in getting hired. ?

cool to see people go from hacking banks to protecting them https://www.youtube.com/watch?v=TpsudRAvkU0 ... does anyone know of more podcast like this?

Hey guys

Started a work company

Hiring

Call

🌍

Me

Just some devoloper who can make a language

Broootgers

What language

Brooo

What language we use to make a language? Don't u know

Why are u in this server

Broo just life is hustle

Please don't post job posting before consulting with an admin

Has anyone ever done one of the TryHackMe certifications such as the SAL1 or planning to do the PT1?

And if you have done the SAL1, what’s the testing experience like and how does that work?

I ask since considering doing the PT1

Exam consists of stages, you obtain flags and do a report.

So some knowledge on making reports is needed

No, there is a template

For the SAL1, the testing experience is broken down into three stages—one theoretical and two practicals.

The theoretical is a multiple choice quiz, essentially—further details are available on the TryHackMe website. For the practicals, it uses what seems to be a slightly-modified version of the SOC Simulator.

I hope this answers your questions. 👍

Yes it does! Thank you!!!

Bro can you help me bro

Please tell me this

Looking at me, I like 3 things

1. Full Stack Development

2. Cybersecurity

3. cloud/DevOps

But I am not able to understand which has the best future and which has more jobs

How many jobs come up in India every year and how many people learn every year

• Best Feature = The job which interests you the most
• Though I'm not well experienced but still I would make rough comparison as:
  Full Stack Jobs > Cloud/DevOps > Cybersec

But keep in mind "more" does not mean you're gonna get it by the struggle of a day or two. That's why I would recommend you to first find your interest and look for local job portals as well.

Hey everyone!

I’m currently doing a cybersecurity internship at a product-based company, and I’d really appreciate some advice from someone with experience in the field.

The structure of the internship is such that we spend about a month with each security team to get exposure across the board. Now that I’ve rotated through all of them and have just a month left, I need to decide which team I want to join full-time — and honestly, I’m a bit conflicted.

Here are the teams I worked with:

GRC (Governance, Risk & Compliance): More policy-oriented and non-technical — I’ve ruled this out.

TVM (Threat & Vulnerability Management): This is split into three sub-teams:

TVM

EASM (External Attack Surface Management)

Infra Pentesting & Red Teaming

CSPM (Cloud Security Posture Management) - handles cloud security

AppSec: Focuses on application security, pentests products pre-release, and works closely with devs to fix vulns.

SOC: Blue team focused on detection, Incident response, threat hunting, and malware analysis.

A bit about me: I’m from a B.Tech CSE background with a strong interest in cybersecurity. I also have experience with coding (python,rust), AI/ML, and during my internship, I built a few automations that helped improve internal processes.

I enjoyed most of these teams — each had something exciting to offer — and now I’m torn between TVM (especially the Red Team and Cloud Security team), AppSec, and SOC.

I can’t decide which team I should join. Any advice or guidance would mean a lot!

It seems like it's a company that wants to encourage you to explore and dig in, finding where you feel you fit in, with the option to move around. Judging from your post it appears you'd like a technical role. While they're all going to involve some non-technical aspects, there's certainly a lot of interesting options. You should pick a team where you feel you'd be engaged, you'd find interesting and be willing to learn a lot of new things. All roles in cybersecurity involve a lot of study/research/practice, getting your hands dirty and being involved. A good organisation will encourage you to partake in interesting things from time to time involving other teams.

Most people starting out in cybersecurity will join the SOC as a first step, and it's a good place to learn and advance your skills. Once you reach a certain level of comfort there, you'd be encouraged to branch out. I'm guessing whichever path you choose, you'll be encouraged and required to undergo particular training/certification paths as you progress. Best of luck

Deciding to finally break into the IT sphere and I've got no certs and no formal experience. Probably should start with Help Desk or something? MSPs?

Does anyone have any advice on the live case part of a interview for security roles? I'm used to leetcode and system design so not really sure how exactly these play out? Is it assessing/walking through a incident from start to finish?

Yes, most people starting out will go for a role in help desk/tech support starting out as you learn the ropes. You'll have opportunities to learn and improve your skills as you go. While certs might be a necessity to show your learning, it's the quality of the learning you do that will stand to you, as your skills will take you to newer and better roles in the coming years. Developing good IT skills is essential, and they will stand to you in cybersecurity as well. When you're ready to go for certs, check to see which ones recruiters in your area are looking for first. You can always find other worthwhile ones as you progress. It is the skills that make you, the certs are a good indicator. So getting stuck in with practical activities, keeping a blog, doing CTFs, etc all add to your progress

Do you have any advice on what to look for when applying? I've been at least looking for Help Desk Tier I, and shotgunning emails to MSP companies around. PC Repair Shops are few in my city and they all don't seem to be hiring. I imagine I've gotta target as much Remote positions as possible?

I'm thinking I should be looking for stuff on also Zip and Indeed rather than just LinkedIn.

Do certainly look on more than just LinkedIn, and don't limit yourself to just one kind of job role. If you think you might have some of the skills they're looking for, then apply. Also, use an ATS checker (there's several online) to compare the role you want to your cv. It will allow you to modify it to be a better match for each role you apply for

Go to conrferences/meetups in your area as well if you can find them. Cyber/tech/Linux/programming/hackathons, etc. They'll help you network

Alright, sweet. Good to know. I'll see if I can manage to get something. Muchly appreciated.

you are on the right path but otherwise a few notes:

• if you happen to have local repair shops, just show up and ask
• be wary of the "shotgun" approach for applying, you really should be tailoring your resume on a per-application basis as much as possible
• look for local job fairs, colleges host them quite often
• look for local professional meetups (bsides, local defcon group, owasp meetup, etc..)
• look for paid internships

Ah, so I should be putting some extra effort into the individual applications, then. I've been using a kind of "one size fits all" approach to it so far, though I haven't really done more than 15 applications so far.

100% - I've linked this video probably dozens of times but I literally owe my entire approach to job hunting from it, highly recommend giving it a watch
https://www.youtube.com/watch?v=Air1c697tjw

Well don't mind if I do. I'll definitely give it a watch if it means I can figure out HR vulnerabilities, so to speak.

Thank you for your insights!!! I am leaning towards infra pentesting and red teaming

Gave +1 Rep to @rugged delta (current: #21 - 502)

Is there any cyber security expert or have experience in the field, can you please tell me what certification I need to get if my budget is tight!?
Please help me, it's for my future.

How can I get an internship in Cybersecurity or as a Soc analyst can anyone help me.

What do you want to do?

Moving forward, please don't spam the same question over multiple channels.

I wanna do bug bounty and persue career in cyber security after I become a bug bounty hunter. But the thing is my parents keep forcing me to study gain after I failed twelfth grade, but I don't want to cause I wanna get started in bug bounty as fast as possible.

Bug bounty isn't a viable income.

If bug bounties are not that effective then what would you suggest for beginners to start their cybersecurity career from?

People who claim to make "big bucks" in Bug Bounties, are defiantly not abeginner.

Yeah but I thought some small programs are good place to start for beginners. In general if I wanna get into cybersecurity, how should I do it? I thought maybe I can try bug bounties or intership or stuff like that.

Internship would be be better than BB.

If you spend 6 months and haven't found a bug due to not knowing what you're doing, isn't really viable.

I guess. I need to look for some remote internship (if I can find any) cuz cybersecurity isn't a big thing in my country 😭 😂

The whole concept of securing the internet is quite new in some countries of the world, so that will defintely affect the number of available opportunities for intending cybersecurity professionals

But I would personally recommend getting an on-site internship for a start, to get the feel of what it feels like to be among professionals first hand

if anyone needs some sysadmin work done I could use it hmu

Does any one here work as a security engineer or cloud security engineer? I am interested in how you got started in that career, if you're in it

Security Engineer is a bit of a catch-all role in the industry and doesn't really have a defined scope in terms of role. I went to college, got a STEM degree, and then started working as a Cybersecurity Engineer pretty soon after that.

can anyone help me out and take a look at my resume?

just getting started in cybersecurity

hey guys, I am looking for sth to hack.

I just joined this server.

you can go to tryhackme.com for challenge rooms or for example vulnhub to find vulnerable machines

or join some ctf's

If you post a screenshot of your resume with all your perrsonal information redacted (name, email, linkedin, workplaces, school names, etc.), people would be able to give you advice/recommendations. You should verify your THM account with the Discord server by following these instructions:
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Hi,
I would like to know, because I'm enrolling in university soon, how are the chance to get into cybersec/infosec with a degree in Electrical Engineering?

Also what do recruiters think of the cyber security degree's instead of normal computer science?

What did your work entail? Also happy to dm if that's preferrable @stoic cave

Well Electrical Engineering these days requires a lot of system configuration, network connections for control systems and cybersecurity as part of the process of managing such systems. It would be worth reading the Industrial Cybersecurity books by Pascal Ackerman. They're published as 1st Edition and 2nd Edition, but they should have been published as Volume 1 and Volume 2, as they are two books that build on one another as a collection.

There are differences in what you're expected to learn in a computer science degree and a cybersecurity degree. Computer science focuses on how a computer works and how to make it do things efficiently and effectively, so learning lots of programming and systems theory among other deep disciplines.

Cybersecurity degrees do contain a lot of computer science but are built on a foundation of Information Technology and Security skills, so you'll learn about operating systems, programming and scripting languages, penetration testing, SOC skils, cryptogrpahy, and many other practical components, and while you'll go deep into the theory, the objective is the practical application of your skills, so expect a lot of project-focused work as well as theoretical things.

Some people feel that CS is a more rounded skillset, that cybersecurity can be somewhat confined or more specific, but a huge aspect of working in any role these days involves a lot of sysadmin skills, whether you're programming, scripting, building in the cloud or in containers. You're going to get an appropriate mix, but comp sci might give you a deeper understanding of how computers work underneath (what happens in Assembly or C code under the hood), while cybersec/IT might focus more on what effects your changes make to the functioning of a system/platform/network/organisation. The deeper you go in cybersec, the more the deep CS skills will become apparent, so you'll have opportunity to pursue them in that regard too, as you reach more advanced topics

Does anyone know what kind of technical skills/question would be needed and asked during an interview for a IT analyst asset management role?

I graduated IT way back nov2007 back then cybersecurity wasnt a thing, i mean there is but not like today. i started working 2008 as jr linux technician specifically in red hat division team. At 2012 i transition to entrepreneurship, not related to IT. When pandemic hits i managed to get VA job as a web devleoper, video editor, media buyer. Now im starting to get back to the IT industry as cybersecurity analyst, im doing cybersecurity101 and sometimes i feel bored as those things arent new to me although there are challenging or should i say tricky questions that sometimes i got stuck for almost an hour. At my age i really dont know if someone would still hire me locally or internationally. On june 21 ill be getting my first certificate comptia sy0-701. After that ill take the advance certification cs0-003. Anyone here who've been in my shoes.? Im looking for a mentor i dont know if what im doing would pay off

At the first place I did tech writing, software acceptance testing, procedure development, integration, vulnerability research/management, and system configuration analysis. Moved jobs and now I do all of that plus cybersecurity/system architecture, networking deployment, automation, etc etc

I don't know that I necessarily agree with the assessment of cybersecurity degrees Subtlety. Reason being due to the curriculum not really being standardized, like CS. Did my cybersecurity degree play out like you described, yes. However, it was mainly due to the university having unique connections in and around the industry. I have noticed that a lot of other cybersecurity programs really only do the policy side of the house. Not to mention there are some just all around bad programs as well. In my opinion, CS or EE degrees are the safer choice due to their level of standardization. It will be a while before cybersecurity degrees get to that point.

Contact iaml33thacker@aol.com. He retrieved my metamask password in minutes and for a very reasonable price!

God I hope that email doesn't actually exist

I can't. Way too advanced for anyone in here. Speak to l33t haxor on AOL. He'll help.

... For a serious answer: no one is going to help you break into a wallet containing funds which you may or may not own, on a platform which you definitely do not own. That would be illegal.
Go through the proper recovery procedures.

almost guaranteed it does.... whether it's an edgelord or a skid, who knows

We can't help you with that

Meh, oh well. Either they're about to be very confused, or someone is about to get scammed.

@rugged delta @stoic cave Thank you both for the input. I'll take a look at the Industrial Cybersec book. Is there anything else I should take a look at? I'm from the EU if that matters.

Gave +1 Rep to @rugged delta (current: #21 - 505)

:hammer: terrydtemples#0 has been banned.

Hey I am security analyst for 1 year of experience know all concept of firewalls Specially Forinet , Fortieanalyzer , Fortiemanager , switch , AP, Hands on practice on SIEM (Wazuh ), SOAR (seceon), Know basic about AWS cloud security. Some VAPT tools(wireshark , nessus , metasploit ), Know Python and basica of mySql and also managing servers . So please suggest what next I can do and also I am little confused about the growth respect to Package in India and around world . Should I switch to Developer profile or stay and what should I do for enter in big MNC companies ?

and I am also confused about which domain I should choose cloud security , Networking or Cyber Security

All those roles/skils are cool, it depends on what you wanna do

Hi guys. I need some advices from you or someone who works in the industry. I have my first interview as an Ethical Hacker intern at a company and i`m a bit nervous since it's my first interview since i started to learn cyber. I trust my knowledge but the anxiety kills me. Any advice?

All job applications can be made after speaking to our admin team.

1. Be personable. They are not only looking for someone will skills but also someone that fits into their team. I have interviewed a lot of smart people, but passed because they were not a good fit.
2. OSINT. Research the company ahead of time. Hack your interview the way you would hack a server. Know what the company does, who the company interacts with (clients, vendors, etc). Most of that can be found on linkedin posts.
3. Ask good follow up questions. Ask why they like working there, how they got started at the company, what working there is like, etc.

Any suggestions on how to get an entry level Cybersecurity job? I have a MS in information security and assurance, but do not have the certifications to back it up. I am not great at test-taking, so I haven't pursued any certifications.

what are the techniques i have to learn to start bug bounty .currently i studied some sql injection from portswigger website 🙂

Burp's web academy is an invaluable resource , you're on a great path 🙂 . Also check out Web Fundamentals and Web App Pentesting paths on THM 🙂

focus on passing 12th grade dawg

Hey guys! Been a lurker for a while here and very eager and interested to break into cybersecurity, I'm currently finishing Google's Cybersecurity course and looking forward to doing learning paths and certs on THM soon. I worked as a research analyst and customer service for a combined total of 5 years but resigned last December. Would you guys still recommend to start working in IT helpdesk before I apply for Cybersecurity roles or will my certifications + homelab projects be enough?

Roger that.

My 4th year of college is about to start, and I want to build my career in this field. Can THM (TryHackMe) and THB (The HackerBuddy) help me do that properly, both in terms of practice and knowledge? I'm thinking about buying a THM subscription — should I buy it? What proper steps should I follow, from beginner to advance?

Yes

Buy it

Buy THM subscription first

finish everything in there grind all day

get certificates post it on resume and linkedin

after that do some other certs beside it to boost ur resume

What about HTB?

Yeah its worth it too

the CPTS certificate is good

but hard

The more experience and certs u have the better job opportnities u will be offered

So I should only practice THM ? Or THB ?

Or both?

Since ur beginner go all in in THM

later do HTB

Buy the subscription and grind all day mine is annual

its worth it if ur new to the field

Ok you also a beginner?

I have some certs not rlly i know alot about the field in general. Im just breaking into it too but i have a path to follow

My skillsets in hacking made me interested in this field

Ok could you please help me with this which subscription will be good? I was practicing and for few rooms it was showing like you need to buy it cuz they are premium based and there was yearly , monthly and business based permium

Buy the annual if u are serious about ur career, mine is annual and i'm able to access everything, the premium version yeah and for the hackerbuddy i don't know what the fuck is this so just go all in into try hack me

Ok thankyou so much

No problem

After buying this I will be able to access all the modules na ?

Yeah the annual tryhackme subscription (Premium) it cost around 100$ which is nothing so yeah worth it

Ok

Premium yearly it's showing and rs 299 per month like this

Written over there

It depends where u live

Are you from India?

Nah

I live in UAE

Ok

guys

i need some lil bit tip

i really want to pursue a cybersecurity career

but because of school, im very busy and at the end of the day, i have no energy and motivation left to learn it

should i wait for a month til i graduate high school and focus on clearly on learning the subject

or should i just half-ass it now?

Hey everyone!
I’m completely new to the world of programming, hacking, and cybersecurity. If you don’t mind me asking — is TryHackMe a good place to start for someone with absolutely zero experience?

I’m not sure if I should begin by learning Python first, or just dive straight into TryHackMe and pick things up along the way. I’m really just looking for a clear path to get started.

Any advice would be super appreciated. Thanks!

First, what's your area of study? Getting a career in cybersecurity usually isn't entry level - and no single certificate or degree can guarantee you a job.

In all reality, your best bet for a job working in cybersecurity is to work in IT first, especially if your degree is not computer science or cybersecurity.

If you ahve a cybersecurity degree, you should have already learned a LOT of the beginner and intermediate content on THM as part of your coursework.

I'm student of computer science with (specialization in Cybersecurity)

You are going to find a lot of the beginner content on THM to be extremely boring; you should have covered a lot of it during your degree's coursework.

If you only have an interest in cybersecurity and not in other domains, you are going to struggle to find motivation because a lot of security is context dependent.

So what should I do ? Like what would be the proper path that I need to follow

My recommendation is to find a role in IT that interests you; do that job for 1-3 years to figure out how that domain interacts with the organization you work for. Then, begin the lateral move into the org's security team. Shadow them, transfer in to a SOC role or security engineering.

Hello, everyone. I am going to learn about hacking.

So what youre saying is if i have a cybersecurity degree there's a possibility that i might find a job???

No.

You won't have access to the AWS or Azure path.

Or the certifications.

Then how to earn certificates?

Certificates = path completions.
Certification = paying for the exam and passing.

I thank you for being one of the few people to understand the difference between them and sharing the knowledge.

Gave +1 Rep to @broken idol (current: #2 - 3767)

So many people use them interchangeably while they completely do not hold the same value.

hi

why

They are a stand alone purchase.

weird

are they both seperate like do you have to buy them both

Yes..

Hey,
Anyone from UK?

Lots of people, just ask your question.

Thanks,
So i was wondering if anyone can help me with cyber security internships or part time jobs?

no

💀

i wanna some internships for stuff like pentesting side

Hey guys, I’m new on this server, and I am also new in this cyber security world, I have just started the free learning path on THM, so far enjoying it a lot, my plan is transitioning into this industry and land a job. Any advice on what else I can do or learn, or any other certificates I should take ? I’m based in Australia, I’ll appreciate every tip or piece of advice to help me on my journey 😃🤙🏻

Hey! I’m a kind of beginner in here too! And if I’ve to give some advice to myself a few months back, it would be:

1. Make notes of every single thing, like how you would try to explain that to a 10yo, in a 2-3line format
2. Implement what you learn, don’t stick to the room tasks only, try to apply the commands you learn apart from tasks and you might uncover some Easter eggs in the room!
3. Go for certifications, they’ll test your skills and they’re what every job description asks for!
4. Explore all you want! Don’t hesitate to ask for help in here and other channels, some will help/reply, some won’t.

I know they’re like very basic things
But sometimes you have to hear it from someone else.

You can follow that path from THM for now . It is very beginner friendly 🙂

Great advice man, thank you 🤙🏻

Gave +1 Rep to @still finch (current: #2898 - 1)

Thanks 😃

I was hearing that 70% of job posting for cybersecurity are for appsec

Hello, can someone explain what "THM" is?

what that means?

"TryHackMe". 🙂

I'm not gonna try hack you (sorry about the pun)

Thank you! 😂

No fret, I love puns! Expected one actually! 😂

Gave +1 Rep to @rotund cairn (current: #2898 - 1)

Oh, thank you ,how can I begin my journey into the world of cyber security from here?

I think I dodged a bullet... There are people who actually hate those. I know one or two myself

Make a road map

Write your goals

Reasons

If you're a subscriber I think one of the paths are your way. Otherwise check this: https://tryhackme.com/resources/blog/free_path

And download Obsidian

Take notes

If you're going the ONLY THM route that is

And you call them people? 😂

Nothing beats puns and dad-jokes. 😁

I use Joplin for that. I do have downloaded Obsidian but only yesterday

Ikr

Are they complimentary?

Ngl, it's considerably different. If I were to compare, I'd say it'd be comparing VS Code with Notepad++

From my initial impression, I think I'll stick on to Joplin for now - until I get the hang of Obsidian. Joplin is good, but I find the plugin ecosystem and templating of Obsidian to be better

Brofist! 👊

Yeah 👊

hey guys i got accepted into both computer science and information security specialist degrees from the university of Toronto, i've heard that it's very hard to land a job without prior experience, if so, should i choose the regular compsci degree and then work my way to infosec or should i choose the infosec degree?

from what i've seen the courses are pretty much the same except that infosec is more math heavy and includes the following courses:
CSC333H5 • Forensic Computing,
CSC347H5 • Introduction to Information Security,
CSC422H5 • Cryptography and Computational Complexity
CSC423H5 • Computer Forensics
CSC427H5 • Computer Security

also is an infosec degree less flexible than a compsci one?

Ya hello guys from slowloris or loic we can down website server?

If website server is not too big what to do?

Hey guys I want to learn reverse engineering from basics can anyone suggest a room

If you don't have a degree, you are pretty limited where you can start in industry - I would recommend that you look at the local entry level IT reqs (help desk, tier 1 support) to see what those are before you start planning to spend money on certifications.

Cybersecurity and infosec degrees vary hugely in quality, the CompSci degree will give you the background you need for everything in the ops side of infosec, especially if you take electives oriented towards that side.

Compile some binaries using your toolchain of choice and then compare the disassembly to the original code.

That's okay is there any room that walks through the process

That's cool, good luck

i've read that the uni i go to has a good rep and is usually ranked amongst top 25 globally

i'm in the UK, there is plenty of apprenticeships. however the ones i've looked at require some background or education in CS maybe google cyber security course would be a good start for you

How hard is the CompTIA Sec+ test ?

Currently seeking an entry level cybersecurity position. I have completed the google cybersecurity professional certificate course, I have my CompTIA Security+ Certification, and I'm currently taking the SOC analyst path on here. Would anyone have any ideas as far as places other then public job boards to look for a position?

Hey you lovely lot, just a quick question relating to the SAL1 and PT1, is there a link to any pages to reference perspective employers to who haven't heard of the qualifications so they can see what you can do once you have obtained the certificates? Like a syllabus I guess so they know what you're capable of.

https://tryhackme.com/certification/security-analyst-level-1
https://tryhackme.com/certification/junior-penetration-tester/details

Appreciate that thank you, I have seen these pages but I was thinking more of an actual "this is everything that is covered" type page, those are kind of just saying "this is why you should do the cert" or am I missing something?

Gave +1 Rep to @keen tundra (current: #1 - 5020)

A business will typically require certifications to demonstrate appropriate expertise to customers or auditors. Both of those are too new to have any kind of traction on that space. A good widely recognized list is the US gov DoD one, I think it's called schedule 8140

Directorate, iirc. Schedule is drugs

Guys, differences between networking and cyber security?

Networking is all about the connection of multiple computer or some alike devices, consisting of how they connect the mechanism behind it. while the Cyber security is the Branch or can say the discipline of CS where we deal with security of networks, apps, webs, anything of digital devices (

ah okay

Great,
I work as a cyber security analyst and i am in UK for my masters so looking for internship/part time job for the same.

@gilded jasper one can say networking as an core fundemental concept of cyber security

hi

what is best guide for fresher

to get into this field

anyone experienced can share your thoughts and insights? thankyou

You can follow THM roadmap for beginning. You can check it out on the link below 🙂
https://www.tryhackme.com/hacktivities 🙂

security analyst vs security engineer?difference?

But if I wanna do pen testing and red teaming do I go for
networking or cyber security?

Cyber Security lol

no, id go networking

you need networking for cybersec

so if you dont have any experience in networking i would start there

networking is often part of cybersecurity

"if i wanna eat, do i eat chicken or fried chicken strips"

A security analyst focuses on monitoring, detecting, and responding to security threats, he/she works with siem tools, meanwhile a security engineer designs and implements security systems, firewalls, and encryption protocols. Think of a security analyst as a detective, identifying threats, while a security engineer is the architect, building defences to prevent attacks

but security analyst is how easy

how do i easily get an internship or fresher job

i know 90% of companies doesnt invest on their security

but where are people exploiting can i see any discord server with bunch of such people?

Exploiting a company over their lack of security?

ya

You know that it illegal, right?

you work as a security analyst (which means u work) also u r in uk for masters (which means u r a student) also you are looking for internship or part time job (which means u dont have a job) what sorta statement is that

Right, sorry for the confusion and wrong statement. My MSc will start from September.

there you go

Maybe you can do bug bounty, its legal and earns money

Instead of shady exploiting

You can de exploiting legal but maybe start with sum else first

Like doing it on your own systems in a safe enviorment

Start with 2 first courses on roadmap, Cybersecurity 101 gives you a lot of basic general knowledge, for someone fresh it will be valuable info. It is boring not gonna lie, because there is a lot of theory there, but at some point all of it starts clicking.

I'm just finishing 7th semester of CS with specialization cybersec, and still THM Cybersecurity 101 gave me much more usable knowledge than few semesters at UNI (i know that's kind of sad :P).

First interview, 5 question interview, 4th and 5th questions I may have bombed.

4th question was asking me how I would troubleshoot a windows server that's slow. I forgot myself in the moment that Windows is still Windows and it's got task manager, so I'd start there to figure out what the problem is, but I stated that I haven't had much exposure to windows server so that's a question I can't answer at the moment.

5th question was to troubleshoot over the phone an old person not receiving emails the past two days from their son, and their son sends an email every day. I said that I'd first check connectivity to see if they're connected to the internet, then check whether or not they use a mail client or a web based email like hotmail or gmail and see if they can connect ot it. If they're using a mail client, check the settings to see if it's still got stuff like SMTP settings in there or whatever and that nothing is corrupted but beyond that, I couldn't think of what to do unless I was right in front of it and anything weird, google is my best friend with most things Tech so anything I couldn't inherently figure out would likely be found in google somewhere or on StackOverflow.

That was a trainwreck.

It's okay to not have all the answers in an interview. Saying you're not sure but you're still learning (or something to that effect) is still a good indicator. As for your answers, yes, Task Manager is a good first place to check, but if you're not used to troubleshooting it, then it might not be apparent.

Also, when the old person isn't getting emails, the first thing you check is to ask the old person if their son has sent the emails, or if he's having problems, but otherwise taking it step by step is a good thing.

Yeah, after the fact, I occurred to me that in order to receive those emails, they have to be sent in the first place. To double check to see if the old person's even heard from their son over the phone.

Apparently within 3-5 business days I'm suppose to receive an email as to whether or not I've made it to round 2, so we'll see. Round 2's supposed to apparently be more tech associated.

Yeah, under pressure it can be difficult to think of everything on the spot. Normally for a support role you'd have some training/procedures and access to the internet to search for a solution

For the second round, they'll probably give you a written/multiple choice/practical test to see how you perform. Best of luck with it

We'll see if I even make it to 2, but if I do, sweet. Apparently they said the position is competitive so we'll see what happens. 2nd interview is another phone interview, and the 3rd one's an in person interview or in my case a webcam interview.

Well don't stress too much about it. Be confident, relaxed, composed and honest

Will do, and thank you muchly.

Gave +1 Rep to @rugged delta (current: #21 - 506)

Hello, this question is for those in the field already. I am currently in a position where I can go back to finish my bachelors in computer science, grind cyber and hope that certs and projects land me a job, or get my a+ cert and look for an IT job and try to gain some experience now. I was just wondering if anyone had some insight into what might be the best way forward? I think all are practical, but I want out of the industry I am in now asap so any advice is welcome ofc.

Hi Everyone! If you where starting from 0 and wanted to prepare for OSCP what learning path would you take in 2025? Thank you ❤️

How much more of your bachelors do you have left?

What's your IT end goal?

If you have the opportunity, finish the degree. It will help you in the long run.

I got probably 2 years left and most just the comp sci classes. I have been enjoying cyber but have not explored enough to have an end goal in mind yet but I want some pretty lofty goals tbh

Hello, I have a legal background and I'm planning for GRC roles, are there any specific certifications that I should pursue

CISSP, CISA, CRISC

Ohkay, which one of them is basic one to begin with

What kind of background in law? You're going to want to tailor your resume, moreso than get a bunch of certifications, depending how much time you have in the legal sphere

i know this probs gets asked alot but is a cyber degree worth it?

Currently doing llb have 2 more years, can additionally also do masters for national cyber laws

Look at what the roles you are going for require. There are a huge number of certifications that are 'useful'... the key thing to remember is that no cert is going to be the thing that gets you a job.

Spend as little as possible to meet the job reqs, it's money out of your pocket that benefits the business for compliance reasons.

Do you think its feasible to get into IT support with completion of Google IT support courses and a European cert for windows server administration (in Europe)?

Look at the job reqs. If you don't know what skills the job is asking for, it's impossible to give you a reasonable answer.

True. I feel like it depends on the company hiring

That's what I just said. It's the company that posts the req, they are the ones telling you what they are looking for.

Im seeing some low requirement jobs though, its like i could go and apply right now without finishing my planned studies

Alternatively, they require years of xp and/or bachelor's degree/equivalent

So perhaps the appropriate question is if one can spin having certifications and certificates as some form of higher education in the IT sphere?

Higher education in this case is split into "professional" and "university" education

I'm working on my Bs for information systems and cybersecurity, then also going to get a cert if I can

Ohkayy i get it

Thing with bachelor degree is that moment you get into field you realize how much you dont know even having degree. However lack of it will disqualify you very often, specially from bigger companies. If you have time and possibility getting degree wont hurt you, but use also this time to learn on your own as much as you can and treat it as a chore you have to do.

I'm just finishing my degree now (CS + cybersec specialization), but moment i started UNI i started to work as dev at the same time (i was 35 and reeducated on my own), just decided to get degree to have it. And knowledge wise, university was utter waste of time, but i got paper that wont hurt me in the future.

You can always study at uni and try to find some time for self study and maybe pass a cert. That will definitely be an advantage on the job market.

There is one thing that i have to however mark as positive, UNI forces you to learn regularly, what makes you absorb knowledge easier and faster in longer period of time. And you can always make some connection, very often as someone without any network, connection in the field you can get these through UNI.

And it gives you access to student programs, which can very often be a easy way to get first job, and if you are good it can turn into permanent position. So a lot depends how much effort you want to put yourself

hey does anyone know about any internship opening in cybersecurity for college students in India

hey guyz can u guide me which college is good in gurgram and my suggestion is to join SGT university in gurugram is this good or any suggestion

Hey , Do you think I can find work with just a sal1? Or should I get other certificates? Or do you recommend something else?

Hello there, I just got mail. In that they've mentioned that as per selection for the internship i need to complete an assignment.
here's the details of that assignment:
Option 1: Vulnerability Scanning
Conduct a basic vulnerability scan on your network or system using tools such as Nmap, OpenVAS, or Nessus.
Deliverables:
Screenshots of the tool setup and the results.
A comprehensive report detailing:
A 2–5 minute video walkthrough demonstrating the tool in action and summarizing your findings.

Bonus (Optional)
Real-World Examples: Strengthen your content by including real-world case studies or examples.
Tool/Framework Recommendations: Suggest tools, frameworks, or resources relevant to your chosen topic (e.g., anti-phishing tools or security frameworks such as ISO 27001).
This is what they've asked in the assignment.
I am confuse that what should I do in this assignment?
do I need just combined two or three tools or I need to create my own vulnerability scanner tool?
what they actually want me to build?
what should I do for the bonus part? how I can implement this?
Please help me for this ASAP.

Means i can just combine one or two tools and show results?

Can you tell me what they mean by real-world example and tools/framework recommendations in the bonus section?

thanks for the help

They have given you very clear instructions. As this is for a job application, all I'll say is good luck!

They are asking for practical deliverables, if you aren't capable of doing this little bit, you probably don't know enough to do the job they want you to do.

Please don't use this server to assist with your internship, this is cheating and against our rules.

Hey everyone, seeking some advice here. I have a BSc in IT with a minor in information systems and 2+ years in Quality Assurance. I want to get into cyber security, does anyone have any roadmap advice? (Certs.. etc) can I start job hunting and start in a jr role? I’ve started a AWS associate course but not sure how well it lines up. Seems like a lot of information I won’t use on a daily basis.

Well since you're working in QA, that's a good start, indicating a certain level of knowledge and ability. If you login to Try Hack Me, you can see a learning roadmap that can help you determine your abilities and the paths you'd like to take. Simply going for a cert might not give you the full depth of knowledge for what you need. You'll need good knowledge of Linux/Windows admin skills, basic and developing programming skills, an understanding of networks, etc. And yes, AWS is one way to exercise your understanding of those things. And no matter what aspect of IT/computing you go into, there'll be a lot of things you won't use on a daily basis that you'll be expected to understand fully.

When you gain some familiarity, you might pursue something like the CompTIA Network+, Security+, etc. You could consider the THM SAL1 and PT1 certification paths otherwise.

same with me bro

Thats harsh. theres nothing wrong in asking for a little assistance

it is against the rules of this server according the Scrubz, so there kinda is something wrong with asking assistance in this sort of thing in this server (just my opinion based on the server rules)

ok sorry.

1. It's an assessment of their own abilities -- asking a group including industry professionals for help does not accurately reflect their abilities.
2. They would get an unfair advantage over other candidates who either don't have access to people who they can ask, or who have the integrity not to ask those people if they do.

I'll tell you one thing: I would be pretty pissed off (both as an interviewer, and as a more qualified candidate), if someone else got the position because they received help with the technical assessment.

you are correct

It's also against our community rules.

Check out rule 5.

Except that it is for work they are being paid for, it's completely inappropriate to crowdsource your job.

duly noted boss

hey can u suggest me some college in gurugram

hey anyone can suggest me from where i should start my cybersecurity career?

Check out this article #start-here 🙂

thanks

yo is the infosec degree from missisagua good?

That helps

Need some help ladies and gents, looking to get a laptop to go along with my desktop. I’m leaning more towards the cybersecurity path but I also want to be well rounded in everything. I spend a lot of my time in a different room doing my studies but I’d like to be able to do my work and be around my daughter. She’s only 9months old and I would at least like to be in the room with her and her mother. Looking for suggestions, something not crazy expensive but reliable and fairly powerful. Got around a $1,200 budget

And thank yall for the help, I’m still fairly new to this but it’s the first thing I’ve ever felt confident in making a career out of

BTW if you are looking for jobs through linkedin be careful for scammers. Just had some fun with one, described process here https://www.linkedin.com/feed/update/urn:li:activity:7333884766389219329/

Try to ask in #infosec-general or #general channel 🙂

Okay, thank you!

Gave +1 Rep to @keen tundra (current: #1 - 5051)

Hey, funny to see someone find my post from years ago lol.

All of us have graduated since I wrote that post. Most are still unemployed/working jobs not in their field. Some got amazing jobs from big tech right out of school.

Honestly, the degree won’t get you the job, but the degree opens the door. As long you aim for certs/projects while going through school, any program will be fine for you. I applied to hundreds of jobs with just my degree, but it took years of certs and relevant work experience combined with some projects/homelab to get interviews.

I’m now working as an Information Security Officer for a gov agency and a large portion of what got me here was what I mentioned above

huh, i got an offer but i live in spain (domestic fees) and studying there would be very expensive (would only do it for the uni rep more than anything), would you recommend going to a community college and working on projects instead

did people using only tryhackme gotten a job?

I know a guy who went to school for CS and used their red team stuff and is a pen tester.

So I think it carries weight.

I currently work in a Governance, RIsk, and Compliance role. Does anyone else work in the field presently in this server? I know it's probably a dumb question, but maybe wanted to know how many do (I'm burned out)

May I ask for some advice on my own career? I've been working in a GRC / Incident Response job, with mostly a focus on GRC the past few years. It's been a job that isn't too technical. I used to work in the help desk but had to stop because of an injury to my leg.

I have an AAS in System and Network Administration. I also have the following certs: A+, Net+, Sec+, Linux+, SSCP, and AZ900.

I'm trying to figure out what to do next in my career and was wondering if anyone could provide any feedback or ideas. I've been in my GRC role since November of 2022 if that helps also.

Pentesting carrer ? Courses?

Yeah I'm already doing TryHackMe, but I need to figure out something more immediate because my company has been offshoring. Not quite up to par to be pen testing yet

Whats a base level job I can get young?

Guys need advice, how do i choose in which cyber security line should i go in, i love offensive hacking that much is clear but i am unsure about in which line to pursue

Hi,
I am currently studying Cybersecurity GRC (the course I never wana take but I ended up here). So basically I want to be a penetration tester and the knowledge out on the internet is sooo overwhelming. I have prior technical knowledge (Comptia A+, network+ & security+) also comfortable with linux and bash.
I also have the basic understanding of wireshark , NMAP and playing with other tools too like hydra, hashcat.
Can you please help me in what should I do next and what sources to go for
Thankyou so much for your help.

I used to be in one. It has its advantages and disadvantages compared to other specialisations, but that would depend on your interests.

If that is your interest, why not pursue it? Unless you have a compelling circumstance precluding you from doing so?

There were some articles published in THM about folks getting a job in the field using THM materials. However, THM alone is not enough, you have to do networking and use other channels (e.g., blog, home lab, etc.) to demonstrate your interest.

For pen testing career is it always a good idea to start as blue team because from what I seen pen testing is one of the jobs that are one of the hardest to get in cyber rn im a jr sys admin 4 months 8 months software engineer

How are you guys? so i dedicated 5 months of my life learning cybersecurity, did 160 rooms on tryhackme, (pentesting and red teaming and web app pentesting), then i went on hackthebox and i "pwned" 100 machines but every time i ended up checking the writeup... I've got one more month left to learn, after that i gotta start earning because i made i promise that after 6 months i will be good to earn... any advice for me? what should i learn this last month? where should i look for noob pentester jobs? what should i do? please help.. i feel stuck :(, python -c "import pty;pty.spawn('/bin/bash')"

Yeah I'd like to maybe work in a SOC or incident response next. Are there any NOC jobs that are a good thing for someone to pivot into? I'm open to ideas. This is all kind of foreign territory for me. I'm just kind of concerned with continuing to pay the bills too. I've applied to GRC jobs as well, but I seem to keep missing the mark.

You did all that with a degree or without ?

without, my college degree is in physical education and fitness :))

Good shit, i’m doing the same without a degree.. Its gon be a bit harder for us to find a job, but its possible lol

i have only one more month left to learn, then i gotta earn... i'm thinking about learning the whole month C language...

maybe if pentesting jobs are hard to find, i might use the a.i. to create a cool tool written in C... maybe that way i'll land some work..

Continue learning with THM & HTB and also learn Python fam

Ima add yu to keep in touch

Hey guys can anyone send me your soc analyst resume that got you a job at a good company please?

Hi people, I am new in this communite, I expect learning with you

me too please

@oopsie0130 @dragkob

👀

Me too

What was the attempted ping for?

That's even your first message lol.

@broken idol Is Fedex bringing in a gift you got for me?

I recommend for both of u wgu university for cyber bachelors it gives u certs and affordable @low wyvern @devout obsidian

Is Jr Penetration Testing really worth the time? I have an intern in 2 weeks and during these 2 weeks, I want to improve my knowledge about cybersecurity. Ive already completed 2 beginner courses. Now I want to gain experience with Linux tools and the offensive side.
I also thought to directly start solving difficult CTFs but maybe this course would be a better starting point. What you think guys? Which path should I do?

You don't need to spam that in all channels, but to answer your question - that's up to you. If you lack knowledge do the path. If not do the CTFs.

Sorry for spamming.
@obsidian rose how did u reach to ur current level sir? You think CTFs really educate the person? I like to listen if you have any advice to give.

Personally I started on TryHackMe to train a lot, then I went for professsional certifications.

hi guys

Just do it step by step, everything is overwhelming until it clicks

CTFs let you use what you already know in practice. Do 2-3 with walkthrough or something to get general understanding how it works. Then start doing them without any extra guidance, even if you are stuck on something, then just come back to it later, more than anything it teaches you problem solving approach

@warm hinge so youre saying problem solving teaches you the most. But CTFs have lots of different ways to solve. I mostly took help to solve the ctfs Ive solved. Even though I have basic knowledge about linux, I still lack lots of knowledge. What would u do in my situation?

So in general everything is something you dont know at some point. So instead of looking for full walktrhough, if you are stuck let's say on, "i need to check what user accounts are on this machine", search "how to check users accounts on machine" instead of full walkthrough. You do it few times, it will become muscle memory

Or for example, ok i need to find some file "how to search files in linux" and then for example read manual later for search function etc

You dont know how to start reverse shell? Search for reverse shell cheat sheet etc.

There is so much knowledge to absorb it is humanly impossible to remember everything while doing academy/courses part. Even people who are seniors in different fields in IT, spend good chunk of their work day searching up solutions, syntax etc

I'm developer myself, i know exactly how things work that i have to implement, what is desired output, but still i simply dont remember for example how to implement something, so i just check it when i need it

Maybe it sounds cheesy but if you start with approach i don't know how to do it so i'm just bad at it, won't get you far. Break down every problem in smaller steps and figure out how to fix these steps one by one

If you want to get good in any field in IT, just become problem solver and treat everything you work with, is it a programming language, is it some command you need to use as tools you use.

And take time typing these commands yourself, dont just copy paste. If you dont know what some argument in command means, research, read manual. Take it slow.

@warm hinge Thanks for taking the time to write this advice ❤️
So the main takeaway is not to learn everything, but to become a problem solver. Searching things up is part of the process, even for seniors in the field.
I intent for a career in offensive security, and I believe this mindset will definitely help me along the way too.

Gave +1 Rep to @next geyser (current: #2907 - 1)

Good luck 🙂

Bet thank you for letting me know

Gave +1 Rep to @loud latch (current: #2907 - 1)

Curious… I’m working on a try hack me path ( pre security ) and I’m half way through it…. Should I start applying at help desk jobs to at least get that on my hands?

The different paths in THM doesn't necessarily get you job-ready, but you can always apply.

Could you explain to me what does ?

can anyone tell if BTL 1 or CCD is better. I just finish the google cyber security cert. I am going for SOC analyst level1

BTL1 has been growing in popularity the last few years and has a good reputation these days. The BTL2 is extremely expensive, and you would probably expect an employer to fund it through the training budget.

CCD is widely recognised as a quality practical SOC cert and worth exploring further.

The SAL1 from THM is new to the market but already having some discussion in the field. It's a mix of MCQ and practical tests

Is it worth doing CompTIA Security+ instead of just Pentest+ if going in Pen Testing area in accordance to job market these days?

just a quick question please, is ceh necessary for soc

Shouldn't be.

ok thank you

If you guys had the choice between studying IT System Administration or Informatics and AI for your bachelor's degree which would you guys choose for a career in cybersecurity and why? For extra information IT System Administration is way more practical including using virtual machines, administrating linux and windows, and setting up networks etc (basically doing what a real sys admin would do on his everyday job, it also includes some cybersecurity specific learning like cryptography). On the other hand AI and Informatics prepares the students towards the future of the AI, including creating and managing artificial intelligence systems and automating by using AI. They both have a bunch of math and programming included.

So can you please provide a bit step by step phase of this lifecycle that i can follow or get reference from
Thanks

Gave +1 Rep to @next geyser (current: #1907 - 2)

As a example (keep in mind that there is no perfect blueprint specially for CTFs)
Let's say you need to find a flag.

1. You have to do enumeration but you don't know how? -> Research how to enumerate server using nmap, try until you get what you need
2. Ok now i see some open ports, but i dont know what these ports are -> research specific port numbers
3. Ok, there is ssh port open, hmm what can i do? - research how can i get access using ssh
4. Ok i managed get ssh connection -> how can i now search directories, files, etc -> ok i learned ls, search, cat,
5. can i find a flag now? - There is this flag file i need to read

There might be many different steps, you might need to escalate privilages, you might need to add some script to file that have right privilages, there are many different steps, but point is instead of looking for full walkthrough from step 1 to last step, just try to find solutions for step you are in yourself, without written guide. You do it few times, next time you already know how to do perform these actions

Also approach like this will give you with time understanding what is possible, or what you need to figure out.

And for example look at this from perspective of person that will hire you later. They ask you, how for example would you check if our server is vulnerable? Then you explain step by step your approach what you would do. Remember specially on entry level position no one expect you to have real world experience, what they want to know if you can be taught things.

When we hire junior developers at my company, their programming skill is one of the last things we check, we want people who like what they do, and can articulate their process of thinking. Then we teach them all tips and tricks we know ourselves to make them better step by step

So during interview if there is something you don't know and just sit there and say"i dont know", you most likely fail, but if you say, hmm i'm not exactly sure, so i'd for example check documentation for X or i'd start with reading manual for that and that because i'm not familiar with specific tool/software that is correct answer

I'm repeating that few times already but if you want to be a good engineer (in any of CS fields) first of all learn how to become problem solver and everything else clicks with time

Security engineer cert when

i plan on double majoring in computer science/cyber security
any professionals think this is overkill? or would it help
i really like the both of them

Good luck

Do you have any experience in cyber? Getting a major, especially a double one before being employed in the field doesn’t look too good on your resume

A Computer Science degree is definitely more useful and more valuable, but if you want to do both, because you enjoy studying then why not!

as a cybersecurity student and someone who works in networking and with an engineering department, I'd say if you really enjoy computer science then go with that, that logical learning/computer language intensive path will only make you a stronger cybersecurity professional. Most things cyber can be learned without degree-level compsci knowledge, but not true vice versa.

Sec+ and Net+ are good indicators that you understand the standard knowledge of the field, but not a good indicator that you're actually able to do anything. CompTIA certs are generally considered a good indicator that you've read about the foundations of a topic and answered a few questions. You need practical experience with operating systems, coding, networks, virtual machines, the cloud, etc... Certifications are only useful if you're doing practical things with the technologies. Setting up Windows/Linux machines, applications, networks, learning how to secure them, to spot security issues, to hack them and suggest fixes are what cybersecurity is about.

You should do practical things like completing THM rooms, making a home lab (old computers, virtual machines, cloud environments, networking kit, whatever you can get or practice on), doing writeups/blogs about your explorations/rooms completed, participating in CTFs, learning how to do bug bounties, and also practical certifications that require you to use the tools to perform professional acts, produce a report... Things like the SAL1/PT1, OSCP, BTL1 and many others that require you to get your hands dirty...The Pentest+ will teach you the information about the practice. You need to get hands on

okay thank you very much

Hi everyone,

I did a "career test" and watched some YouTube videos, and my interest leans more toward the "defense" side of cybersecurity. However, I had an opportunity to work in a SOC for two months a few years ago, and while I liked what I did, I couldn't stand the shift work and on-calls.

Are there any cybersecurity career paths you would recommend that are less technical than a red team pentester but a bit more technical than a GRC role, without the night shift or on-call duties?

I did some research and found that vulnerability management analyst roles seem more like one of the many requirements of a "Security Analyst" position rather than standalone jobs.

As for GRC, while I do enjoy reading standard like NIST CSF and ISO 27002, I don't really enjoy too many meetings, and I need to avoid the Big Four at all costs (as they are known to work 70+ hours per week in my country).

It seems like I'm really stuck and running out of options. Any advice? Thanks!

you may just need to find the right organization. For example, working SOC for a school district is likely to be less stressful and less on-call duties as opposed to working SOC for healthcare or in banking.

A lot of established orgs that do SOC work have instituted a shift policy that allows you to work during daytime hours, as they'll have employees in different countries around the world.

Thanks, I didn't know this!

Gave +1 Rep to @rugged delta (current: #21 - 507)

hmm..but so far from my job search, most SOC job positions stated about shift works. Seems like not easy to find those that don't require that

It really depends on the orgs you're applying to. Shift work is still very much a thing in a lot of places, but better places have better hours

I think you mean masters

A major is just a focus area of a degree and typically involves your bachelor's degree

True, sorry

I'm debating between my cert, I want to get an entry level SOC role if possible. I need more hands on experience. I was thinking about taking the SOC path on HTB and then going for the BTL1 cert, and along the way deploying vms and getting familiar with log analysis and maybe doing some bash automation type of activities.

Long winded backstory aside. Should I do the SOC Path and take BTL1 or CDSA. I don't know which would look better on a resume( I got the Sec+ in April, tag me if you have advice)

Do you have prior professional experience or a degree? If you redact your resume, you can post it here as an image.

I have no prior professional experience though. I did just graduate with a computer science degree and I have a Security Plus certification @stoic cave

Start applying to cyber roles

You have a degree and a security focused certification already

Hey guys! For pen testing career is it always a good idea to start as blue team because from what I seen pen testing is one of the jobs that are one of the hardest to get in cyber rn im a jr sys admin 4 months and have 8 months software engineer intern exp just graduated with a cs/cyber degree

You think that is enough, I feel unprepared still. I only have book knowledge

No experience with a SIEM, and little log analysis experience. Though I have used UNIX pretty frequently

I've tried snort a couple of times

You're a new grad, it's expected. Setup a homelab, do some projects on that. You need to make sure you're resume is good though.

Yea... I guess so. That's why I want to stay diving into the SOC Path on HTB, so that I can get hands on experience and do home projects based on that

Like getting more familiar with bash and doing some automation

@stoic cave

Hmu on my dms we can do some projects after my trip.

Cool, I'll think on it!

I do have experience with launch and setting up VM's

I have a kali and w11 box we can work on vms

Yea I have a VM

I havent finished one of my projects I can send u the info for it is pretty cool imo.

Yeah, that's fine, just start applying though

And some Wireshark experience

@stoic cave what do you think tho?

I think I'm gonna spend the rest of the evening starting the SOC Path, might research about how to image computers

If it's free and "easy" may even do it a couple of times

nah this will be my first degree, i had previous swe internships but thats all

ty

Gave +1 Rep to @tall frigate (current: #268 - 30)

Just note, they were thinking of a Masters degree and not your bachelor's.

yeah i dont have any degree lol

Double majoring is fine

Is there anyone here who has gotten a job with the SAL1 cert?

Hello friends ! I am the beginner in Cyber security, Can anyone tell about how to make payment in Tryhackme ? I use debit card but it doesn't work ? What can I do ?

are you from india?

only the tryhackme team can help you with billing problems, and you can email them 🙂

Yes , I am from India

Ok , Thank you !

Gave +1 Rep to @crude sphinx (current: #61 - 148)

👍

Hi hope you all doing well, just wanna share Im planning to create a password verifier project. After it verify that the password is strong it will also check if the password is in the generated common password that contains 1billion common password. If you have any suggestion on my project im open for it😁

May be your international payment is not on

How do you intend to host it? Will it be a webapp or a downloadable?

Building it a webapp

Then you'll need to make sure it regularly deletes any and all logs that could reveal passwords

Yes ill make sure of it so that it is safe to use thanks for the suggestion

Gave +1 Rep to @low olive (current: #615 - 10)

No problem, make sure to ask if you have anything else

Or just want help on how to proceed

Sure ill share it here also the repo so that maybe some can contibute hehe

One last thing

I heard there was a pretty big dataset leaked recently

About 184 million logins

Might want to add those to your project, bc i guarantee they are in someone's bruteforce wordlist by now

Noted on that thanks again. Is it ok to reach out for you sometimes hehe

Gave +1 Rep to @low olive (current: #561 - 11)

Sure, no problem

I suck at programming though, so i don't think I can help with development

But otherwise go for it

First, you should complete your Computer Science degree. Changing your major now can extend your graduation timeline and cost, when it's not necessary. Second, don't work for free. If you're currently a junior, you'll have an opportunity to start applying for Summer 2026 internships this fall. I'd recommend getting your resume in order to support that. Lastly, while you're in University, take advantage of any student clubs or additional classes that focus on or around the computer industry.

Gave +1 Rep to @stoic cave (current: #20 - 513)

I know your reply isn't meant for me, but I'm one year away from finishing my undergrad, and then I plan on pursuing cybersecurity for my master's. Thanks for the info!

I'm an Applied Math + CS focus major, by the way.

Gave +1 Rep to @tall frigate (current: #266 - 31)

hi, i'm thinking of getting into cybersecurity as a career and because it seems interesting. But I don't know if the job market is very saturated or not. Is it really difficult to find jobs with degrees or certs in cybersecurity?

not that much

Hi guys i need a mentor

The lowest level of the market is saturated, like in most fields. You can expect some competition landing your first job in the industry. As soon as you have 2+ years of experience it opens up quite a bit. People with 5-10+ years of experience are heavily sought after. Expect to spend a lot of time studying, even after getting into the industry.

Hi I need some help. I am now pursuing Cybersecurity as my master diploma, am I ahve been told that the field of AI SECURITY is one good choice. Can someone pls enlighten about the course, its future job scope, the countries and companies recruiting, the courses to be learnt and the selection criteria?

AI is such an emerging field it’s likely impossible for anyone to give a detailed answer about what it will be like in the future, personally I would follow the fields that interest you over chasing trends or what’s hot

Had my first interview for Cyber today! It went ok and then I was asked for 'knee jerk reactions to firewall rules' and I did not pass with flying colors.

I guess focus on knowing the basic of Cyber Security as core then the other topics you can add on top as emerging technologies and topics

hello, would u guys say cybersecurity is less saturated than software engineering for example?

I'd say so, vibe coders be taking over

Hello. I just started using tryhackme. Im currently on the easy learning section. Although it is easy, i do find then difficult to use since im not familiar with some of the terminology or commands. I follow a guide for every tryhackme box. For every machine i use, i take screenshots to help me understand the process. Wanted to ask how have other members studied tryhackme or their methods of using tryhackme. Thanks

do u know any entry level IT jobs to working ur way up to a cybersecurity position?

I started on servicedesk and did skilled support after that before becomming a soc analyst

Vibe coding is less effective than outsourcing, however, outsourcing has become a prominent aspect.

thank u!

Gave +1 Rep to @hazy umbra (current: #2915 - 1)

Agreed, maybe i said it poorly but i think software engineering as a role is more volatile.

IT entry level is also being affected heavily from saturation so I do suggest to try your best, learn compsci anyways if you can, beneficial.

im majoring in compsi

but i dont know if i want to choose to go into cybersecurity or software engineering

i like them both

Stick with it, if you're trying to get into cyber then try and get some certs

You can do both, security swe is a thing iirc, I don't remember what it's called.

ah ok

Then just start with some certs, cyber sec 101 from thm is great all-around. In my current role some analysts are still doing their comp sci or they've come from different related fields but have shown they can learn what they have to to do the job

i js want to know what jobs i should look for to build experience for when i leave college ill already have some experience

for a cyber security role

oh okok!

I would say like a lot of entry level stuff, junior positions are definitely volatile but a lot of factors are affecting it.

Could also get into home labbing

this is the one ur suggesting right: https://tryhackme.com/path/outline/cybersecurity101

id have to take a look at it bc idk what that means lol

regardless just pick whatever you enjoy and stick with it. You can mix and match skillsets aswell. If you like development you can do security engineering or maldev reverse engineering etc.

Regardless of which way you go you're likely to find a job, dont get your hopes down, even if it takes a while. Job market at least where I'm at regardless is pretty bad for entry level.

yea thats the one

seems like a lot of roles not just IT related are bad for entry level

nowadays

Yeah, it worries me. Though once you're past entry level it shouldn't be too bad.

im currently doing this one: https://tryhackme.com/path/outline/presecurity

i js started

ill hop into that one after i finish this one

Yea i did that one aswell, few hours and youre through it. Good way to build foundations tho

Just follow the learning paths THM made really

yup

ok perfect

everything seems pretty straight forward for now. THM makes it more exciting and engaging to learn

makes me wanna keep going idk how to describe it

Consistency will help. Just keep at it. don't neglect your compsci either, do some projects.

i think ill make projects related to cybersecurity

like coding projects related to it

that way i can learn both at the same time basically

thanks for the help u two!

Hi

i am new in this career plz support me and teach me plz

Make sure you get your IT fundamentals down very strong before jumping into any career in the cybersecurity space. My recommendation is to run through a free CompTIA A+ course for this, even if you don't plan to actually take the exam, because it covers almost all the fundamentals you'll need to move into this sector

Send the video link🫂

??

👀

Professor Messer has full free Youtube courses on the A+, I'd recommend starting there. Also, for future reference, make sure you learn how proper web search and research skills. They'll be crucial with everything IT-related. Also, patience and politeness go a long way, especially when people are trying to be helpful

Thanks for your support bro🫂

same bro

No, brother, I'm completely new, and my biggest fault is that I don't know English at all. 😔

Hi
Im not happy with my current CV and I would like to hear your opinion on what is missing
Thanks

That's illegal we don't do that here

cant post pictures here for some reason

You need to verify first , follow instructions from the link below to learn how to do so 🙂

ah thanks

ngl, seems pretty impressive 🤣

Bro give me your instagram i.d

I suggest you to start by learning networking and if possible programming

Thats a solid base for the future

Also operative systems linux and windows

Yes you are right but i am using kali tool but not professional.but in programming which language example java ,phython etc?

i think python could be a good one

Kali is good for learning but its mostly outdated

Nmap and wireshark are still used tho

And some other tools

Try python

C++ C

Take your time on those

... Is it?

Where the heck did you come up with that

Yes it is you learn pretty basic stuff

for beginners it ks

also it aint that bad distro

u aint gonna put some beginner go install arch

in his first day

You're unlikely to make a professional do that either

Kali ain't a learning tool either. It's just a distribution which is deliberately setup to:

1. Include a huge number of security testing tools in its repos, and
2. Be easy to setup and manage

Makes it a pretty good standard for professional pentesting.

2. Thats the main reason why many beginners use it

Yes they do

@undone shore mind if I dm

Different orgs have different infrastructure and different ways of doing things.
As a general rule, if you're managing workstations centrally (which is usually the case for consistency) then you go with a nice stable industry standard.
The effort to maintain a custom image (which is usually completely unnecessary) is more than you can justify, unless you've got a very good reason to do it.

If you're not managing your workstations centrally (i.e., you're making your testers go off and install their own setup, which would be a strange choice anyway), then you'd have to be an idiot to tell them to go use something non-standard. Especially something with a higher setup complexity.

Bro tell me only 1 language and i want to ask it is important to be pro in language or understand is ok?

Remember: time is money in business. The more time your testers are wasting messing around with the environment, the fewer billable hours they can submit, which means your profits go down.

That and standardised setups are easier to justify from a GRC perspective

With regards to?

instra id shadow73z this is my instra id btw

So what would you recommend a beginner to start with?

If you want to learn Linux from the basics up, you can start with Linux Journey.
https://linuxjourney.com/

Also, Try Hack Me has plenty of Linux tutorials available

Whatever you want 🤷‍♂️
Kali is good for beginners to offensive security (as you identified).
I'd suggest Ubuntu or Fedora for a beginner to Linux though.

I agree

Fedora probably better than Ubuntu

At the end it just the user that decides which is better for him

or her

Or them

Ahm

Hi what beginner level certification should I do to learn threat analysis?

Other cybersec certificates that could help me learn more are welcome.
I have an mba 🥲 but just 1 year of work experience...not in the security field though.
Any idea what certifications to aim for?

@broken idol

hi there everyone new to this cybersecurity things and hackings ❤️ any recommend

Please reach to our admin team to post jobs.

you can start here:
#start-here

it actually doesnt matter what distro you use

kali is just debian

under the hood

u can use puppy OS and it will still run all the tools

the nice thing abt kali is that it comes with everything out of the box (overkill imo)

👆

Pretty much what I just said lmfao

Precisely. It's also not overkill if you're working professionally and need a new VM for each test. That saves a lot of time.

i meant if ur using it as ur main machine

since u suggested ubuntu or fedora i thought u were talking about a daily driver

my fault

Oh God no. Not for a daily driver 😆
I was meaning Ubuntu / Fedora for learning Linux as well, although those two would obviously be more suitable for daily use.

So I plan to go into a career in cyber for the army so I plan on going to Michigan state I’m thinking of doing computer science and then doing cyber 17a for the army maybe even get into the CNOQC pilot program for cyber now I’m wondering what is the best career path on tryhackme I know pre security and cyber security 101 but then do I go into soc or jr pentester or what

Or do I need to learn python first or smt

Interview/job question:
I applied for internal position. Had first interview with potential boss. I then talked briefly with the recruiter who told me they'd be scheduling second interviews soon. After this, I sent an email yesterday and the recruiter said that the guy I had my first interview with sent me a 30m meeting invite for tomorrow titled "Feedback on your application to the position".

I'm wondering if this sounds like I didn't get the job and they're going to tell me. OR if, because he's from a non-english speaking country, there's a translation thing here? Basically: should I prepare myself for rejection? lol

It depends what you wanna do first, if you wanna join as a pentester in the beginning then go for the jr pentester path first, usually people go into blue team/soc and then with some experience they slowly pivot into pentesting/red team because it is a little bit more intermediate

I think it'll be better if you prepare for yourself for a rejection, because if you do get rejected you were prepared mentally, and if you still get accepted or told for another round of interview, that's great, just my two cents

That makes sense. This is what I'll do probably.

There's no necessity to learn any language(python, bash, powershell) first or last, you'll learn it along the way for either scripts or automation so don't worry about that, you can begin learning the basics rn if you'd like or later in your journey

Yea, good luck, I hope it's just simple feedback and not rejection 🙏

"What do you mean that everyone in the company shouldn't have local admin?!?"

Im trying to get some hands on experience with pen testing tools and linux in general im getting a usb to run linux on its 256 gb pro usb 3.2 solid state flash drive what distro should i get? Any other tips would be appreciated aswell!

Hi guys, I am in the process of training for my Sec+ cert. If I ever, in my journey to becoming a cyber professional(Analyst), decide to shift to something in Pentest would I need to go for the Pentest cert or is a Sec+ enough to start in a pentest jr role?

So this summer just split up between doing tryhackme and python?

Plan to grind this summer going into senior year of high school like 4 hours a day

Applications for national rotc scholarship I think open in a few days

And also like what else do I need to spend time on this summer if I’m grinding like just stay on stayhackme doing the rooms all summer or switch over to smt harder at one point like hackthebox or somehow apply what I learn idk

You'll need a pentest cert to prove yourself that's for sure

That's sounds good, but it would be better if you spent some time learning some foundational knowledge for Cybersecurity, network and OS knowledge

Just go through THM learning things, don't rush too much, I'm still learning myself so I can't say things for sure, but check out this guy, he has a good roadmap https://youtu.be/iUAqNI_zTOc?si=NKXiwdDgtBiz21Pt

His other videos are also good

That’s what I figured. Thanks

Gave +1 Rep to @long merlin (current: #2916 - 1)

Good luck

Well finally getting some responses to my resume. Sent it to lots of people for criticims and worked on it. Fingers crossed I land something 🙂

Good luck dude hopefully something works out

Thanks.

Make sure that for every role you apply, you pass your resume through an online ATS checker along with the job description. It'll suggest changes you can make for the specific role

Before throwing any personal data (such as name, email address, physical address, phone number) that would typically be on a resume, check the ATS privacy policy and see what others have to say about how much that checker respects their own policy.

Thanks guys!

Do you guys have any recommendations for ATS checkers at all from personal experience? Just want to look around.

I think they are more trouble than they are worth.

I have had 2 candidates submit resumes that were very obviously AI assisted, and not only were the resumes very bad, but the candidates were also not great.

Understood.

Hey, I’m 16 and studying for Security+. Anyone want to team up to keep each other motivated

Guidance on breaking in the industry

Hi,
I am looking full time SOC role and I am seeking an interesting event happend with me while networking. I would like guidance here.

I am cybersecurity graduate and also recently passed BTL1 certification.
My current role based on previous project experience is as GRC analyst with experience in ISO27001 auditing and I also completed 2 cyber internships.
I am also learning continously with Letsdend platform and also complete Blue Team Labs Online, in order to keep those SOC, IR skills sharp.
Besides degree, small project experience, continous learning, targeted certification I also attend networking events.

Attending Cybersecurity Running club is something I have been doing.
Good news is, I recently met Client relationship partner of cyber company at the running club. As I shared about my experience and that I am proactively seeking role in SOC and I shared about my BTL1 which I passed just last week (28 May), he opened up door of introduction with SOC manger of oragnisation in next couple of weeks.

I am unaware what to do next, I have never come across this kind of situation. What could this really mean, how should I approach this?

I greatly appreciate your time understanding my circumstances and providing your invaluable guidance..

If its an interview, prep for it. Better to look at their job posting and see what tools they use and which you have actual experience on. Understand their business, this goes a long way imo. Many people don’t research much why that specific business may need a SOC. Talk about your value: why you’re a good fit, what you bring to the team, and what you’re good at.

Polish your resume/CV and get it reviewed by professionals. You can post an image of your resume here with personal info redacted if you want it to be reviewed.

Hiring is an investment for companies, make yourself look like a good investment.

Entry level cyber enthusiast, working on security 101 right now. Which is better eJPGT v2 or CBBH? Plan is to get into offensive security and land a job, and later on move to cloud security

eJPTv2 and CBBH are totally unrelated and address 2 different things.

can you guide me further? I am confused

CBBH is focused on web and bug bounty. eJPT does not only focus on web.

I'd also say that CBBH is generally more advanced than eJPT. They are not on the same level.

want to join a hacker community where I can get full support whenever I run into any issues."
hacker community that’s got my back whenever I hit a problem.

hey guys i want to ask if someone wants to do a entry level internship( paid ) ethical hacker remote job how much would one get

Hate to be one to burst your bubble, but doing an internship in an ethical hacking role in a remote setup is too good to be true. Also, if you are doing an internship, your employer might want you to be onsite most of the time as the expectation is that they will train you and it is easier to train face to face as opposed to remotely, more so the complex nature of the job.

Do check the mentorship offered in Hack Smarter. However, do note that as folks are doing it on their free time, you might not have the support you have in mind. Then again, in this field, you will almost always need to get your hands dirty and try something on your own in a controlled environment before others can help you. Just my 0.02.

Why not aim for cloud security directly? You'll probably need to start for an engineering role or anything within that line of work.

Thanks for your advice mate, that means a lot and tells me about next steps @dense dagger

Gave +1 Rep to @dense dagger (current: #22 - 454)

wow 0.02😥👻👻

😢

is it better than ethical hacking

just simply want to geta job so it could pay around 15k to 25k is this toomuch this it the info of got on the net but (am i dream ing

thank you for the adivice ill check out

Gave +1 Rep to @fickle grove (current: #12 - 828)

what about part time would that be possible and is there too much competition in this field

i did look this up in the net but now i think it the right facts

Ethical hacking or penetration testing and its subsequent specialization, red teaming is more of a specialized field. Companies would often require more experience (e.g., 2-3 years pentesting or maybe 3-5 years of equivalent IT and/or cybersecurity experience).

There are tons of different cybersecurity jobs that have a lower barrier of entry versus pentesting but as always it is dependent on where you are located, the job market, the companies around you, etc.

Bigger companies are able to hire people with less experience since they're able to train them with their in house team while more specialized but smaller companies mostly look for people with good experience already since they don't want to waste time training people and want to provide value as much as possible.

thank thank thank you so much more the info as i dont have anyone who i know who is in this field

Gave +1 Rep to @dense dagger (current: #22 - 455)

other field like soc meaning but i searched that there is a lot of competition in this field

There is always competition in any field, the best thing you can do and that you can control is making yourself stand out.

i ment it's more than the usual compe

how do i get the starting pay job in this means whats the magic to crak the interview means i heard that certifaton give the person push and good if a person does a projects or bug bounty but main thing is the obvi the skill of the person but what actually cracks the to land the job

?

Its a mix of different factors like your resume, how well do you at the interview, how you stand against other candidates, your background and skillset, education and certifications, if you were referred by an internal employee versus applied externally via their job postings.

you could work on your github page and maybe refurbish some of the old software and then the potential employers will see you can also read and write code

Why not?
I did two, and we offer one at work 🤷‍♂️

You're an exception and I think you know that. It's not impossible, but highly improbable. Especially if you're trying to do remote because they live outside of the country with the internship.

This is not me saying pentest internships don't exist, they do.

The probability goes up depending on the pool of companies you're dealing with in my experience.
Definitely far harder across borders though. Far easier if it's being facilitated by another trusted entity.

Again, we've got a remote placement available each year. There are three other security teams with us who offer the same. I can point at another bunch of UK orgs in the same pool with similar offerings.

Also not sure how I would have convinced orgs to invent a remote internship just for me. Kinda still have to apply to existing offerings

You know what I mean 😂

https://tenor.com/view/blackadder-gif-26896557

Muiri is trolling exquisitely today. It helps that they are technically correct.

I mean, I'm a sucker for a Blackadder reference, so no comment

One of the most underrated shows of the last century

Its not about what is better, but rather what you want to do on a day to day for some time.

You're built different. 😅 While the possibility is not zero, other factors need to be considered as you said which makes it not as straightforward as one hopes it to be.

👍

apparently a lot of tech companies are closing or pausing internships due to ai, by like 34% since last year or something along those lines. source == some economics youtube video

Internships should not be affected by AI replacing those roles, because internships are about students gaining work experience. If an intern role is business critical entry level, that business is horribly broken.

the logic is that a lot of entry-level career positions will be filled by AI automation. which is true.

cybersecurity departments cost businesses to run them, but they don't generate any value that can be easily quantified.

usually departments generate profit - sales, marketing, product management etc. with cybersecurity - it's hard to put a value on that.

business models run on "reduce expenses = improve net income". cybersecurity is an expense. if an AI can do the job, then we can understand where they going with this.

I personally think cybersecurity will be least affected by AI in tech.

When development definetely will and that is already happening. In our company you could simple see amount of work done by people who adapted AI in coding and who didn't. It is not only amount of code written because that is not a metric, but speed of finding solutions etc and experiments which would normally take few weeks, could be done in few days due to less time on research.

So in general (just some random example numbers) you could easily reduce your team of developers by 30-40% and have same results just investing in licenses for things like copilot. We tested that on almost 50 engineers in total and results we got was for every 100usd we invested in licenses we were getting 260usd back (i was presented with results, so not exactly sure how calculation was done)

Already got affected too much
I don't know if now or later but we should start seeing horrible bugs due to AI completion in non-big techs,
Also many of the "work" done like SOC operations started to use AI in different ways
Some companies Use microsoft AI-Copilot integrated SOC solutions that provide fully automated SOC analysts for everything, So instead of having too many engineers for the SOC there are much less for the role,

For sure this open "few" roles for "few" people out of this to "monitor" and "enhance" these tools

We are probably still about 10 years away from agentic AI coming anywhere close to a "SOC analyst" - and in either case I really just see AI enabling competent security folks to take on more complex use-cases and tasks, of course we will hear stories of idiot CISOs making broad cuts and bringing in "AI" teams to replace folks but we already know how that will end, for publicly traded companies definitely investors like warm bodies

I fully agree on this. These cuts/stories are to satisfy shareholders mostly. I personally would much more prefer to work with bunch AI tools that make my job easier (and doing that daily). Best way to make yourself redundant is to refuse learn new tools.

Even agentic tools need to be setup and monitored by someone

AI hindering learning means more bugs and issues, short term pain but it means experienced and knowledgeable workers will only be more in demand to fix the issues and there could be more cyber vulnerabilities than previously imo

I am not talking about "efficiency", I am talking about what's happening. microsoft already shipped such products, and I know a cybersecurity company which fully uses them, the analysts job is to "review" the analysis and the taken actions instead of performing and thinking of them

Sorry I'm not really following what your point is, however overall I would say folks aspiring to break into the field shouldn't let the what-ifs around AI deter them

someone help

Try to ask in #room-help channel 🙂

mb

does anyone know offhand, why when I try to share a badge on linked-in, it doesn't work? linked-in opens up but just to my home screen...

Works fine for me , try to disable browser extensions / ad-blockers if you use some , also try to use browser that's not Brave if you do so

ok, thank you. Just wanted to make sure it wasn't a "known" issue with a known fix/workaround before I took the time to figure it out myself.

Gave +1 Rep to @keen tundra (current: #1 - 5127)

Please don't promote here 🙂

I have an internship over the summer with a pharmaceutical company to be their network administrator. Do you guys know the daily tasks I will need to do will be? Also what things should I know in depth for the job? Thanks!

Every internship is a bit unique so I would really just reach out to your recruiter or contact at the company, but as a "true" intern nothing really will be expected of you, they will probably have you work on documentation and the boring but necessary shit no one else wants to do or has time to

They will explain all that. You should be spending a majority of your time as an intern learning what the job is, if they expect you to fix business critical networks on day 1 you should have a very very low expectation that you'll get anything but stress.

probably just mac address table, arp table, lldp, vlans, ping, traceroute

most stuff you will learn on the job

always good to progress towards ccna tho

guys i looking to buy a wifi adapter for kali linux vm but not more than 15$ could anyone suggest one

is this a good one i found this one TP-Link Archer T2U Plus

nope this is not a good one you will have problems with monitor mode on kali. also not capable of wifi6/ax but for that you would have to spend more money anyways

how much more

could you recommend one , i first thought of ALFA AWUS036NHA but its a bit on the expensive side

isn't wifi6 was for streaming and gameing ?

bro your budget is so low it is hard to buy anything with that, sorry! idk where you live but the shipping probably takes half the money. maybe just learn a lil bit about wifi hacking in general with a cheap adapter and meanwhile you safe for a good one? 🙂 i suggest you look for adapters with "Realtek RTL8811AU" or "Realtek RTL8821CU" they are cheap but okay for a first journey into that topic. the alfa stuff yea, they are kinda good i love them but believe me you are fine with a cheap adapter as it will take you a long time to learn everything you need 😉

My friends use a 5$ adapter and it works, if you are just testing/demonstrating that will work
If you are using it for actual work it won't

thanks 👍

Gave +1 Rep to @pseudo ledge (current: #1157 - 4)

Hi guys!
I wanted to share that I was recently laid off due to restructuring at my previous company, where I was working as a Senior SOC Analyst (L2-L3) and Threat Intelligence Analyst.
I’m currently looking for new opportunities and would really appreciate it if you could let me know if your company (or someone in your network) is hiring for roles in SOC, Threat Intel, or related areas.
I’m available to join immediately, open to global remote roles, and fully comfortable working US time zones.
Thanks in advance for any leads or referrals you might have.

I’m Darrel, currently diving deep into cybersecurity and just finished the Junior Penetration Tester path here on TryHackMe. I’m building a 50-project portfolio, sharing my progress on GitHub and Twitter — and I’d really love to connect with other learners, especially teens or young tech enthusiasts who are on a similar journey.

If you're into pentesting, ethical hacking, or just passionate about tech in general, feel free to hit me up! Would be awesome to learn, grow, and vibe together. 🚀🔐

Let’s build a strong tech tribe!

— @lime nest

Hey, I’m a junior aerospace engineering student from Turkey. I’ve been doing HTB and TryHackMe labs since high school, but I haven’t pursued any certifications until this semester. A couple of months ago I got my eJPTv2 because it was affordable and I didn’t have time to study for a more advanced cert back then.
Now I have three months to prepare for an advanced certification, and I’m not sure which one to choose. With such a cert, would it be realistic to find a full-time or part-time job while I’m still studying Aerospace Engineering? I’m also interested in eventually moving into aerospace-cybersecurity roles. Really appreciate any tips, thanks.
Questions:
Which certification(s) would you recommend for someone in my position?
Are there any certifications particularly advantageous for aerospace-cybersecurity roles?
Is it feasible to land a part or full time job (wage is not a concern, i just want to get experienced) with that certification while still a student?
After getting certified, which entry-level roles make sense to target?
In what ways can I integrate my cybersecurity interest with my aerospace engineering specialization?
Which topics should I prioritize studying?

I'm curious: how common is it for someone to start in one specific side of cybersecurity, then move to another eventually? The reason I ask is because I'm interested in pentesting the most, but I also have interest in security engineering and I know level 1 analysts are typically the go-to entry-level role in cybersec.

Would it make sense for me to focus most of my effort on a defensive security role like SOC analyst/security engineer while gradually building up to doing pentesting, or is it just a better idea for me to focus my energy on the role I ultimately think I want to get?

You should apply to whatever role interests you, and build your skills towards it. but if you have the skills and interest for another role, going for that is good too. And yes, many people have their first cyber role as a SOC analyst, but if you have a good understanding of other technologies, you might be more suited to another role. Transitioning into different roles throughout your career is a normal part ofthe job in cybersecurity

It’s very common. I see lots of people jumping different cyber disciplines and being able to apply their skills from the previous job

Hello, Guys! I hope everyone is feeling well today! I have a question, I'm wishing to start my career in cybersecurity as a SOC analyst. I finished the tryhackme learning program and obtained my SAL1 certificate. I'd like to know how I may best practise my SIEM and Splunk skills. I'd like to work as a junior or even helpdesk for a few months before pursuing a career as a SOC analyst, but I need to be stronger in my practice skills. 🤩 Thank You for all your advices.

how long did you need in total before you were ready to complete it?

If you mean just the SAL1 exam, I spent slightly more than four hours. But to complete all learning paths, I work with them for 5 months. i passed exam on second try, it was so hard

thanks for the answer, im on thm for like 4 months, I want to learn more before attempting it

Gave +1 Rep to @north beacon (current: #2920 - 1)

I suggest spending bit more time to simulation practice 🙂 Wish you all the best with it!

No harm applying for SOC jobs, as well as other roles in cybersec/IT. There's lots of walkthroughs and challenges you can complete on the platform to get more practice

Hello, any GRC specialist here?

Yes, what’s your question?

homelab. homelab. homelab. install opn/pfsense, setup squid, setup AD domain, throw in some e-mail + SQL servers, configure a reverse proxy + DMZ environment and try hosting something, then set-up a SIEM stack, throw agents on everything and log all the things. Then burn everything down and automate what you just did to re-build it - if done successfully this will prepare you more than 90% of entry-level candidates i see

Thanks, Droogy; this idea is fantastic! I will get ready myself in the coming days to establish my own home lab, and I hope my computer does not burn 🤣

Gave +1 Rep to @ancient prairie (current: #44 - 222)

You're right! I updated my CV today, so tomorrow I'll apply for jobs and challenge myself in interviews. In the meantime, I'll practise and do my best to establish my own home lab

i too am doing try hack me rn and have also thought of doing the certification soc or pentest(not decide which one ) but do tell me about how the job search goes i am eager to know

I had already started applying for jobs, but my CV was so horrible that I realised I needed to modify it because I had my career history in the table part, which didn't work well with the ATS system. Right now, it appears much better, so I should have a lot more positions visible, and some recruiters will be able to discover me easier. But I'd like to start with a position as a junior social analyst or perhaps a helpdesk first because I need to improve my language skills. There are a lot of opportunities on the market, but most of them require at least 5 years of experience in cybersecurity, so I applied for them as well just to see if anyone repond on them and give me some suggestions.

does anyone have sources how to write a proper federal resume or a professional federal resume writer?\

Thank you Vertey...I need to know the path to follow if i want to study for GRC

Gave +1 Rep to @fringe spade (current: #293 - 26)

if you can read, write, and speak English at a high-school equivalent level, you are more than equipped for entry level SOC work - so don't let that deter you from applying

What do you mean by federal? Generally the free resume templates you can find online are good enough to begin with - I haven't checked in a while so can't recommend any in particular

federal resume is used for getting in to the DoD

you cannot use normal resumes for private companies

DoD (department of Defense)

i have a clearance, cert etc.

gotcha, unfortunately I don't have any experience with gov work but I can say that I've seen a lot of resumes from folks who worked prior in gov and they all have extremely minimal formatting, very detailed and crazy long (3+ pages)

so probably wouldn't get too hung up on formatting but definitely seems like the more detail the better

yeah. i just dont know the keywords i need to reach or something

What do you mean you can't? Are you talking about as a contractor or as a federal civilian? There's nothing barring you from putting your clearance and such on a normal resume. If you're applying for federal jobs, you'd be applying through USAJobs, which you can import your current resume to or build a new one.

If you're looking to get into government service, now is probably not a good time, but they wouldn't expect you to have a specific resume off the bat.

i am talking about being a fed civ

i am currently a contractor

but i got my answer since i tried to applied to gs9-11 where they require a bs degree

which means i just gotta wait it out

so i dont have to tailor that job description to my resume?

ngl im a federal civ noob. i just got out the military

Tailoring your resume isn't inclusive of one resume or another. You should tailor the content to what they're looking for, but don't lie

oh okay

yeah i didnt lie especially the questionnaire they ask

There's also a federal hiring freeze, just FYI

oh

im not updated to news lately

It's been a thing since January

ive been focusing on sharpening my skills and getting certs

damnn

i gotta read some news

Will likely be re-upped in July for another 90 days

fuck ;-;

Re-upped means continued

btw i tried to find fed HR on linkdin but im just lost to what to type on the search bar.

They won't talk to you/they can't assist you with getting hired

You have to go through USAJobs

so cant network through them?

hmmm

Hello! I saw your post and this is something that I want to learn how to do. I just finished all three parts of Linux fundamentals and was wondering if this is stuff that I would learn in the Security Analyst roadmap or if there was other rooms I should try out.

I am unfortunately not completely up to date on a lot of new THM content so I'm not sure, however if the homelab idea is something that interests you then go for it - the fun part of learning for me is side quests like that

the concept is not new at all, you basically just want to try and recreate an enterprise environment as much as possible

That makes sense. Honestly I need to do more research into the uses of them. I always hear about making a media center and a NAS but I don’t know what I would put on there really.

You don't need to do the same projects as everyone else. A media centre is just a web server that allows you to browse through your videos and audio files and a NAS is just a storage computer with some software that manages storage more effectively than manually doing it on your pc. You can do all kinds of other projects in a home lab, depending on what you have, be it some spare computers, virtual machines, networking equipment, a cloud platform, etc... Basically you want it to be a learning environment that eventually leads you to being able to do useful things. A media server/NAS are things you'd expect to eventually integrate into your living room perhaps, maybe you'll learn some solid IT/cyber skills and get a job. It's entirely up to yourself

GRC is quite broad is there any specific job you’d like to do, as this field can be broken into smaller roles like risk analyst or compliance specialist etc.
But in general, you’ll have to be able to understand and conduct risk assessments, same goes with compliance, meaning that you have to follow different regulations and standards (for example in the US, NIST 800-53 or SOC2 is more in demand, and in EU you’d most likely worth with something like ISO27001 and NIS2), so it can also depend on your region. The G standing for governance is basically writing and preparing policies for you organisation and different departments.
As for a specific path, start with reading and understanding one specific framework, for example NIST CSF, or ISO27001, depending on what what you see in job offers in your region. Then you could focus on more sector specific regulations like PCI-DSS/DORA/HIPAA, which cover different fields.

I'm looking to get into SOC after my degree and I'm wondering if anyone has any advice on remote vs not remote? As well as any suggestions. Thankies

Guys, is the PT1 certification actually give you a cert that makes you get a job? Because i want to explain to my mom that I can use this certification to get a job or increase my chances of getting into the uni that I want due to the high investment of USD$297=MYR1,258.09. How do I explain to my mom that I wanna do it after my high school finals