#cyber-and-careers

Like OWASP top 10?

Yep

I have seen some stuff on it but not confident

Learn all of that

By doing labs or watching videos?

Both

If u like think u good as it then go bug bounty or a ctf

Do a lab more better

Ohhh alright and where can I practice them? THM and TCM?

Portswigger

Have a ton of knowledge

And ut free

Hey there, isn't the format in which portswigger has shifted to a bit confusing?

Not sure but it have a lot knowledge

Maybe tcm

I have not explored Portswigger yet. I will definitely do it today after my shift

There labs are good but difficult, I ended up just watching it but not doing the hands-on practice

Portswigger it easy to difficult

That is definitely helpful, thank you so much!

No problem 😃

is jr pent tester considered a beginner path?

Yes.

yep, but I don't know any good resources to learn from.

i thought one has go for soc analyst and then jr pen like climbing the lader and the pen mostly req 2 to 3 yrs of exp

Oh I thought you meant the jr pentest path on TryHackMe.

what the best cert for an entry in to cybersec i am thinking sec+ but i am not to sure any thought's

👍

same i heard from u the first time , just googling and llm usage

I'm also a language teacher hoping to change careers 🙂

Heyy, which one?

I teach English

Also I completely get it, the pay is shit the conditions are shittier 🙂

I want to get into software and cyber infrastructure, but it is so hard without a degree

I have a question, I hope this is the right channel. I have a BSc degree where in my honors year I took cyber security path where I learned the basics. I worked as software dev after that for 2 years.

Now I'm trying to get PT1 certification. I completed Presecurity and Cyber Security 101 modules and I tried a little bit of the current CTF, and I feel like I am not even close to being able to do that exam, even if I finish Jr Pentester module. My question is, will it be enough to take that exam after finishing Jr Pentester module?

Btw I did my MSc with major in Cyber Secuity, but didn't learn anything from there because yeah, that's the kind of univeristy it was.

The more "easy" rooms I try and can't solve, the more disappointed I get. I don't know if this is supposed to be normal at this stage or not.

my impression is the Sec+ is a decent starting place. It's affordable and covers some foundation concepts. CCIE would be more prestigious but correspondingly more difficult and expensive. There are some GIAC certs that look rather pricey. Some certs have industry experience prereqs, but anybody can sit the Sec+. Net+ could be worth working towards too.

maybe work more on defensive rather than offensive to begin with?

Is that necessary?

I find the SOC path very boring.

if you want a job. You need to know what measures and countermeasures the blue team is employing. If it's boring you should be able to progress pretty quickly.

So should I do soc level 1 module before going down the offensive path?

Yes. The other thing I would suggest is doing some supplementary reading in offensive techniques to fill in the knowledge gaps. There's a book called 'Go Hack Yourself' which is fun.

Thanks. I will try to go down that route then.

Oh God. Hot Potato, Juicy Potato, Rogue Potato, Sweet Potato, and now Charming Potato.

Too. Many. Potatoes.

I just... love potatoes

Anyone have a line on some job openings, I can drop my resume

Hello everyone.can someone help me ?is someone have experience or already run about decoding speech from neural signals.?like neu speech decoding or something like same thing.let me know if someone already has.thank you

Does annyone get job with PT1?

Check out #jobs-board 🙂

Right now I'm a student as you guys are experienced in Cybersecurity what you think of what you need the most. I would like a project for my college on this please help.

Mr Potato

Hi Guys, I already got 3 certificates now!
Im working on getting my 4th now; after that, I wanted to get the Google CyberSecurity Certificate and the CompTIA Security+.
Is that a good way? Let me know your opinions!

Don't go for Google cybersecurity

Comptia is good enough

dose anyone completed ejpt certificate

I'm doing CompTIA Security+

https://tenor.com/view/pick-me-blake-shelton-the-voice-choose-me-over-here-gif-16888083

Hello, I'm excited to be here and eager to learn while making connections in this field. I look forward to sharing ideas and collaborating to tackle challenges together.

Hey everyone! I'm just wrapping up the SOC Analyst 2 pathway on TryHackMe after completing the Google Cybersecurity Certificate and the ISC2 CC course. I'm currently deciding between pursuing the SAL1 certification or CompTIA Security+. For someone on a SOC analyst track, which one would you recommend as the better next step?

I'm a bit torn between going for the SAL1 cert on TryHackMe or the CompTIA Security+. From what I see, Security+ is more widely recognized by employers, but SAL1 seems to showcase more real-world, practical experience. For someone aiming for a SOC analyst role, which would carry more weight or open more doors?

Considering maybe just doing both, thoughts?

are there any good study resources? aside of obviously doing the tryhackme rooms?

I've seen a lot of people say professor messer on YouTube is good for comptia stuff. I'm only a noob too though

In these days of ai-driven recruiting, I'd suggest both, if you can afford it. Sec+ will be good to have on your resume; the new THM certs may not be on their radar yet. First line human recruiters often know nothing about the field other than what they've been told to look for.

Do you have prior professional experience in the computer industry/similar or a STEM degree?

Yeah I was leaning towards both like you mentioned, it defintely would be a boost if i was to get both. I think the SAL1 is ore impressive but just not recognized as well as the comptia+

thank you

I honestly dont have a stem degree, and no prior experience either with cybersecurity. I pivoted from Data Analytics, which has some overlap but not much.

OK, you're going to want to relate your data analytics experience to cyber in some way on the resume. Security+ is the baseline cybersecurity certification and really the only one that I recommend people pay for themselves.

If you verify, you can post a redacted copy of your resume here as an image for review

That's annoying

Awesome, yeah that does make sense! I'm definitely going to add a couple soc analyst portfolio projects to my github to stand out a bit more too

are you a soc/cyber analyst now or not yet?

‏Hello, my dear, I have a simple university project for network security through Cisco, a brief is to make a full virtual network , if anyone have experience in this field, can contact me

Sorry but we can't help you with school work #rules

I'd love some portfolio ideas. My gitgub is so neglected. I thought I'd add some bash and python scripts for parsing files and such.

yeah it definitely would give a boost to resume, I'm going to use ChatGPT or Claude.ai to give me some guided steps on a full hands on project from python to splunk etc and add a READme on Github.

Github Copilot is good for code

Personally, I wouldn't. Do the research on your own and put something together. If you're looking to use it under a projects section of your resume, you're going to need to be able to talk about it. Saying "ChatGPT told me to do x" isn't a good look, imo

I agree. It's really important to me that when I'm entrusted with a role, I can perform every task that I've claimed to be able to do. Sure there will be some learning required, but if it's on my resume, it's got to be rock solid.

I've explored LLMs extensively in my day job and so do not trust them at all; I've seen them produce some really problematic output. One thing I do find quite useful is asking the llm to explain what a particular line of code does - this can be useful when I'm trying to figure out what is going on with an unfamiliar or complex bit of scripting.

Yeah, I totally get where you're coming from. I wouldn’t just blindly follow something and slap it on my resume. But I think for a first project, a guided one can actually be helpful to get a feel for the tools and process — as long as you actually understand it and can explain everything you did.

My plan is to use the first guided project to build confidence, then start doing my own projects based on what I’ve learned — and of course look things up along the way like anyone does in the field.

I’m using guided projects to learn, not to cheat.

• I’m making sure I understand what’s happening.
• I plan to do my own projects after building a foundation.
• I’m not claiming anything I didn’t actually do.

Also, the idea that you'd tell an interviewer "ChatGPT told me to do x" I think was a misunderstanding. When you complete a guided project, you're not just blindly following instructions, you're learning tools, techniques that become part of your skillset

sure, that sounds like a good approach. I'd prioritise other sources, though, and just use ai as a last resort or cross check. Remember it's got a massive footprint in power and water consumption too.

Yeah exactly, not just saying i'm ONLY using ai tools.

I just think it's a good stepping point

Need help

Anyone here a SOC . or studying to be SOC analyst

Maybe somebody from #sal1

Yeah, im a soc analyst

bro i have dm u

Hey guys can anyone help me i means just suggest i just choose cyber security path for my future

which area interests you?

which area do you enjoy working in as opposed to hating

if you're really good at analysing and finding those small detail SOC doesnt seem bad

I am totally new like i heard about soc today but i havw quite intrest in ethical hacking

sure is great for learning though..I have it generate code and explain what it did. or I have to understand parts to instruct it what to change

on this note.. what domain of ai and cyber overlap for an actual career I can apply to?

what do you guys think of this roadmap

Anyone?

well whats your question?

What to go for pentesting or defensive security

soc is an easier entry into the industry

Does it have high scope ?

Defensive security will have much more opportunities than pentesting, unless you're a pretty gifted hacker (imho). And once you get your foot in the door you can always keep developing offensive skills and then you'll be versatile.

Depends on your skills, interests, and background tho.

That was literally made as a meme by a guy in here a few years ago

@rancid adder

Oh you are still here Tux 😆

Hey,

I just finished the eJPT course materials. Is this enough or should I practice other things aswell?

@echo skiff sorry for the ping, but u did this one right?

I didn't even notice this was the meme lol

Advice anyone ?

I’m currently in a bootcamp which is blue team based

This is what u study and it started today , Week 1: Understand Cyber Security Principles
• Week 2: Threat Intelligence in Cyber Security
• Week 3: Cyber Security Testing, Vulnerabilities, and Controls
Week 4: Cyber Security Incident Response
• Week 5: Understand Legislation and Ethical Conduct within Cyber Security
• Week 6: Professional Skills and Behaviours for Cyber Security

How good would you say this is ?

I eventually want to purple team for sure bc red team is my fav but understand you need to go through blue first

Obviously I’m a beginner so I was thinking should I add python along side my bootcamp with some try hack me rooms (the free version )

To prepare for job interviews (unrealistic) and lvl 4 apprenticeship to actually get on it after my bootcamp

pretty good, depends on how deep the topics go and how much practical experience is being offered here though

what sort of assignments are you being given? are you being made to work on a sandbox or some sort of lab?

Honestly no practical experience

Just theory basically

I can show you the type of assignments

I had my first class today

sure, can dm me if you don't wanna share it here

It ends on the 22nd if august

Ohhh beautiful bro thanks so much

I'm currently learning cybersecurity on my own, and I'd love to connect with others to share experiences and lab work. Collaboration makes the learning process much easier!

Guys, as a beginner, how long can we rely on free resources to learn pentesting and other things that there in hacking???

what job boards have y'all had the best luck on?

F

you want the Looking For Group sub.

well at some point you're going to have to pay for the exams. But there's loads of good cheap stuff out there. I bought a Udemy course for a few bucks and several humble bundles with official prep texts, as well as good books on hacking and programming. The thing I like about coursera/udemy etc is that there's no adverts and that courses are well organised, thorough, and professional. Not amateur clickbait. Same goes for books - instead of trawling through the web for bits and pieces, you've got a well organised, edited, sequential delivery of information.

Btw do you know about Cisco Packettracer? Such an awesome networking resource.

True

Do Ccna instead

For a long time , plenty of free resources out there 🙂 . Majority of content on THM - around 60% - is free . Many platforms have tons of free resources , depends on what you're interested in particular 🙂

Hi i completed google cyber security professional certificate and i'm in my last sem of BS.
it's almost 1 month , i applied on LinkedIn but didn't got any interview call or job.
but they advertise 2k+ jobs open
etc.. bla bla bla. so similarly if i do oscp it's also useless? i want to know because i prepared almost 36%, and it's tough. i don't want to waste my time

hey @void prism, saw you are CEH certified..may I know how recently did you give it? and was it the theory one or practical

Hey guys i just wanted to get hands on cybersecurity . As a begginer can anyone help me like where should i start.

You can follow this roadmap 🙂
https://tryhackme.com/hacktivities/

Hello everyone. Is there someone from THM team I could speak to? I'm trying to get subscriptions for all my class, we are a cybersecurity school but the school have limited fundings and most of the sponsors money goes into the location of the building and the paiment of the teachers, so I'm trying to arrange something for all of us

please dm me so we can speak a little, thanks !

Hey everyone, I am kinda new to cybersecurity and still feel like a total newbie 😅
But I’ve finished a few certs___ like the Google Cyber Security Professional, Cisco Ethical Hacker, EC-Council Cybersecurity, and some Coursera courses.

Any advice for someone starting out?
I’d love to hear what helped you when you were new! 😃

Hey anybody online?

Hola!

U r newbie u will not able to solve my issue

How rude! You did not even ask a proper question, just if anybody is online

So question right, if you're a security analyst should you not have a functional understanding of how to red team and blue team?

Try me for size, what is it?

Also questions go into infosec-general or room-help

General technical/infosec questions go in #infosec-general and questions about THM content go in #room-help (unless they have their own channel). If they have say, a career or career related question, that would go here. There are other channels as well, like #programming for programming related questions

Thanks

Gave +1 Rep to @stoic cave (current: #20 - 520)

I need a senior person in cybersecurity who can guide me and review my resume bcoz am in my 3rd and searching for internships it will be really helpful

Hey y'all, I wanted to ask for some tips. I'm studying mechanical engineering, but I'm a bit stuck between cybersecurity and automation. What kind of skills should I learn to continue my journey?

automation. you’ll incorporate mechanical engineering into it soon enough

Hey , please be respectful to other community members

Try to reach out to support on the email below

hey everyone im new here just looking into learning more about cybersecurity to make a career out of it, any help would be appreciated. dm me

Welcome 🙂

Blue team yes, red team not so much. Assuming you mean actual blue/red team and not the marketing nonsense.

as a beginner i started my cybersecurity journey from cisco am i doing right?

Hey! A fellow GICSP holder!

Offensive and defensive security yeah

Red team is very niche and very advanced. A SOC Analyst I or even Security Engineer I is not very likely to understand much down that path.

if i dont know anything about CS should i start with THM pre security path or i should learn anything before that

pick a language and stick to it for a bit

build some small personal projects

and come back

You seem to be on the right path. The Cisco Ethical Hacker is fairly new, so it would be interesting to hear your input on it. I've found that it's better to be stick with what everyone suggests, such taking on the THM courses since they're very beginner friendly and give great hands-on experience. What I'm also starting to see, from a personal experience, is that if you want get your hands dirty and chase extra, knowledgeable details on any topics you're trying to learn is Hackthebox, along with their CTF events. I'm not trying to advertise or say that its better, but again, from a IT standpoint, thats what I've seen. I'm a premium user on THM and the pathway has been pretty knowledgeable so far. I've already learned a lot more from this than the past few years of just working IT, but that's because I was unsure of what I wanted to do with my career. Now I know what I want haha

learned python already

It's interested👍 👍

hey all, my company is currently looking for a senior security engineer. How are such requests handled in here if they are even allowed?

There is a #jobs-board channel for it, but I suppose you need to have the Recruiter role to post there.

@keen tundra Can you assign the role to him or should it be Jabba?

I can't , it needs to be @cobalt escarp 🙂

Drop me a DM please

Hey how hard is it to get a tier 1 help desk job with certifications..be honest am i going to be applying for months

@crude sphinx
Hello everyone

Tier 1 helpdesk doesn't require anything, start applying

Srsly? Wouldn’t I be competing with ppl better than me for a job though? Like with certifications and stuff

guys i got a simple question like what are the ways can hacker or cybersecurity person or ethical hacker earn except (job, internships, (bug bounty takes a lot of time and not guaranteed) consultation for big pros, freelance have to be intermediate and and difficult to find work in places like in upwork or so ))

and yes i forgot not to make money by seeling (course or bloging or tools

I got a question, what certs would you recommend to get for blue teaming after the SAL1. Like what other certs exist besides the btl1 that you would recommend. I want to try and land a job as a SOC level 1 hopefully

IDK, get the CompTIA Sec+/CySA+ combo to get whatever the stacking cert is those two things apply to

and the SAL1 is harder than both of those combined so you could probably study for like a week and pass them both

The CSAP, thats what those two certs stack into

You US based Dre?

Just did asssessment centre for cyber sec role it was so stressful

4 ppl including me were there and 1 role available 😔

anybody online?

hello

I live in India. Is it possible to get a cybersecurity job without the CompTIA Security+ certification? Also, should I invest individually to take the exam, or is it better to wait until I join a company that might sponsor the certification

It is for sure possible to get a job without Security+ or any cert. The main thing that matters is that you know what you say you know in the interview and have some solid skills, if you have that, it wouldnt matter if you have any cert or not. And yeah it is better to do a cert while your in a cybersec role in a company and go for more advanced certs as their cost can be covered by the company

.

@fiery halo it means a lot :}

hey im new here and want to get into pentesting, and need some info on it. can any pentesters dm me

hello I am new here and want to get into pentesting, and need some guildline help please

You should start by logging into THM and checking out the Learning Paths. Go to #start-here to see the first steps you can take on your journey. You can do a lot of the rooms in the paths for free, beginning with the Pre Security and Cyber Security 101 paths. As you progress you'll find yourself pursuing many of the other free walkthroughs and challenges. You get access to more as a subscriber

Also, check out #start-here and folow the tips in the message above

Welcome 🙂 . You can follow this roadmap for the beginning 🙂
https://tryhackme.com/hacktivities

Hi everyone, wondered if you can help me with some advice. I'm a software developer (fullstack web using javascript/typescript, sql, all 3 cloud providers and have python knowledge) based in the UK who has 3 years experience working in the field. I have dabbled a bit with tryhackme and even started doing the ISC2 CC preparations for the ISC2 exam when I was between jobs but stopped when I started my current role. I am now back on tryhackme and have started from scratch as it's been a while.

I really want to pivot to cyber security at some point as I am very interested in the field but don't know where to start as most of the advice online is for beginners and doesn't account for some people like me who are developers looking to pivot. Some people have suggested Application Security given my background but still not sure what certs I would need.

What would people advise I do to pivot into cyber security given my experience?

as most of the advice online is for beginners and doesn't account for some people like me who are developers looking to pivot.
The same kind of advice applies to you as you're still considered at the same level as them - even as a developer. Unless:

• You have solid networking knowledge: TCP/IP, OSI, Handshakes, Network flags, Wireshark usage etc...
• You have solid OS knowledge: Windows, Linux. (No, just knowing how to use windows does not count. We're talking Registries, Kerberos, LDAP, NTLM, SMB Shares etc.)

Having programming skills (nowadays) will be of very little advantage compared to other beginners unless:

• You're looking to go deep into Offensive Security. (Tool Development, Exploit Development, Maldev | For pentesting most tools are already developed.)
• You're in blue team areas where coding (without AI) is preferred and a big + : IAM, SOC Tooling etc.

Hi everyone! 👋

I'm completely new to cybersecurity and I have a background in computer science. I'm very interested in becoming a Cybersecurity Analyst , but I’m not sure where or how to start.

Could someone please guide me on:

• What are the basics I should start learning?
• Any beginner-friendly or free platforms/courses to begin with?
• Which certifications are helpful for freshers?
• How to build hands-on skills and improve my resume?

Any roadmap, advice, or resource recommendations would mean a lot. Thank you so much in advance! 🙏

You should consider starting from scratch with the basics of IT (Windows, Linux, bash, Python, Networking). You need to understand quite a lot of IT tech in the field to progress, as much of offensive and defensive security relies on those skills. You can start with the Pre Security and Cyber Security 101 paths on THM. Much of it is free. There's also tonnes of free content on every topic. a subscription will get you access to more indepth topics, including most of the Windows content, networks, etc. You should go to #start-here to get yourself set up and see how you can follow the paths to develop your knowledge and skills

i want to learn pentesting and i almost learned linux now what should i do next

does coursera cyber certification has any value for remote job?

Completely new here. Going through the pen test path on cybersec 101 for now and going through. Also work on comptia A

wanted to know if anyone in this group has had success getting a job going through the program and what they would suggest.

@obsidian rose thank you. I'm currently doing the cyber security 101 and will continue on with that

Gave +1 Rep to @obsidian rose (current: #36 - 270)

Need some job hunting advice. TLDR, I'm a little over 2 years into my cybersec career. I'm in the U.S and looking for a new job that let's me be closer to my family. I've applied to dozens of jobs and have gotten nothing but rejections or heard nothing back. It's gotten to the point where I have resumes tailored to every specific job field I apply to (Cloud, Risk, regular infrastructure, etc).

I'm starting to wonder if I should have my resume reviewed by a professional recruiter or take a resume review writing course, but that costs a lot of money and finances are tight right now. I wanted to know if this is something that everyone's dealing with before I spend anything.

Coursera stuff aren't really recognised as something that'll get you a job or even help you get you picked by HR.

Do you have any HR friend?

1. I can't speak to Coursera, so I'll leave that to someone else.
2. As for remote jobs, unless you can only do remote work, I'd heavily consider an onsite or hybrid position. Remote is great, but you don't learn as much in an office environment.

None I can think of.

To be fair the market is rough. I don't think a course about resume writing would benefit. Each HR is different and will have different preferences. The "Ideal basic CV with no colours and images" is just a myth.

Some HRs will say it's bland, others will say it's better for readability. Courses won't help IMO.

You have 2 years of experience in what?

Mainly infrastructure management. Palo Alto NGFWs, Panorama, firewall configuration, VPN tunnels, a tiny bit of load balancing, log analysis, also the Armis Centrix & ViPR tools (for network/asset discovery and vulnerability remediation assistance)

Even courses from a former professional recruiter?

Won't this recruiter give you their advice based on their own PoV ?

Yes, but his PoV is that of a professional corporate recruiter with years of experience.

Does that mean that the other recruiters will have the same PoV? And if not, then they're not a professional corporate recruiters?

It's just a few questions to make you think.

Not to target or anything.

I understand your points, but I'm stuck right now and I need to figure out if there's something I can do to improve it.

So a pretty technical role. What have you been applying to?

The only thing I can think of is the automated HR system filtering out your CV. (In case you have a lot of no replies) It's called ATS.

SOC, incident response, some cloud positions. Anything I can think of that matches my experiences.

You can do ATS-Friendly CVs. Search about it.

It's actually illegal in the U.S to have an ATS auto-remove resumes. Employers have to actually look at your resume before sending it up or throwing it away.

Well that's very much good news then.

Looking at your expertise I'm not sure how it would fit to roles such as SOC though.
From what I understand: You have big experience in everything related to FW configuration as well as overall network conf. (VPNs, LB etc.) with very little experience in log analysis.

https://www.reddit.com/r/recruiting/comments/y2md65/do_large_tech_companies_use_ats_or_some_other/

You want to shift completely or are you open to like more network/os roles?

Let me clarify, I have access to our enterprise firewall system, which includes all of our firewall rules. We got a lot of tickets and hunt group calls asking us to build out firewall access or to troubleshoot a connection.

I wouldn't mind a networking job. I'm lacking experience there and it would definitely improve my skillset.

would it be best to go red or blue team to get a career?

what's the current project management strategy? Waterfall, agile, devops?

Depends on what you're looking for and which one has the most job opportunities.

ahh im shooting for the red team

hey whats going on everyone?

new to all of this.
ive made it to sapphire league but am having troubles remembering what ive learned.

i havent been taking noted because ive never taken notes my whole life.
im thinking i need to but not sure how to do them without copying every word i read.

also is there a way to start all the way back over in THM?

Imo it's good to do challanges related to topic you did without using given materials and trying figure out based on what you learned

Explain please

After you do a section on one of the learning paths, try one of the challenge rooms which tests knowledge you have just learnt.

For example if you have just been learning about Local File Inclusion, find a challenge room which focuses on that

Yes and no, it's good to use reference material. In the real world you'll often use instruction guides to configure applications or hardware. Having notes/guides to fall back on is never a bad thing and you'll be doing it a lot on the job anyway.

Oh ok. @stoic cave Hello there, I assume you're from the US. Any take on this short conversation between Asmadeus and I? You probably have a clearer idea of the US market and could maybe provide some kind of insight.

TL;DR -> #cyber-and-careers message

We currently do agile

i am just a begginer in cyber sec field. WHat would be best course to start with ?

Do check #start-here

If you have a dedicated security team askn your manager and that teams manager if you can shadow what they do for team

dow anyone know where to download the new evilginx pro version from

I just completed 2nd semester. Doing cybersecurity
I can't decide where to focus
Read team blue team soc forensics
Any direction

Like which path I should take

fornfree

i had a question for you guys, i am confused.
HAVE YOU EVER GIVEN A DAY TO DO TRYHACKME ONLY?

and if yes? then how many rooms you complete in a day?

The one you're the most interested in

I was able to do 2 rooms. 1 hard and 1 medium

Both were of Forensics

And I was new in them so was exploring by Google and reading deeper also trying on the attackbox to get some experience. So took a little more than was required

Better to get your foundational knowledge first. Network, windows, linux, then move to either of them.

Could follow certification course knowledge pathway A+>Network+>Sec+ side by side learning about linux and windows file system and processes.

What do you guys think about the value of a source code disclosure discovery and ethical report on a resume? Big?

Hey I'm a recent graduate looking to land a role in cyber, but I feel a lot of my knowledge is limited from the lack of practice (I'm halfway through cybersec 101 and a good chunk of it is stuff I learned in school)

I'm looking to set up a "home lab" so as to practice what I learn, but no idea where/how to start. I currently have a couple VMs in VirtualBox but unsure if VMs are the way to go. Does anyone have any beginner-intermediate resources on how to do so?

Apologies if this isn't the right place to ask

It certainly is a plus, but it would still depend how you present your resume as a whole.

got it, i also caould do 2 to 4 medium mostly, so i was wodering if i am slow, i am a beginner.

I wouldn't compare your pace with other users as you would have different backgrounds and your learning styles might be different.

yeah that's great

Awesome. Thanks. Guess I'll need to pad up my resume with more things like that.

Gave +1 Rep to @fickle grove (current: #11 - 840)

hello guys i finished 3 years of cybersecurity and digital and i did 1 year in software development and games i have no work experience which i regret because i should of been looking for one is it better to apply to be as an intern or just get a job in it

Going to pass on to you what little info I've gathered so far:

Job market is severely oversaturated, there's a ton of talented competition, and you need something to show for your work. So:

If you have a strong resume, an awesome portfolio of your work, and you can demonstrate technical/applicable ability rather than pure theory, these will give you a leg up, but you may find that "just getting a job" won't be that easy, nor will interning. Create a list of all of your relevant skills, figure out what sector they fit into/what you're interested in, tailor your resume to fit the objective keywords to pass AI inspection, then work on becoming not just a student or a would-be, become a real, working professional by strengthening your existing skills, learning new ones, and synthesizing as much new/relevant information as possible.

Lastly, I'm told that if you understand ML on a fundamental level and can apply those concepts even at that level, that's a huge bonus. If you are good with programming/understand Python, C, C++, Ruby, PHP, etc. then you can specialize further with those, and it gives you an even better chance.

This is my current working knowledge as a beginner myself, so take it with a grain of salt, but this is what I have learned so far via networking and research. I hope that helps, and hopefully one of the vets can give you more/better info.

🙏 thank you

You're welcome. 🙂

That helps a lot. Thank you. Do you feel like on LinkedIn it would be helpful to add that you're also a regular developer? Say I have a small brand and like to ship some code and the site will update and grow over time.

Gave +1 Rep to @shell jasper (current: #1948 - 2)

I would say that any sort of experience you have is relevant, so long as it pertains to computer science in a broader sense. From there, I would personally try to approach things from the perspective of: okay, so, I know WHAT I want to get into. How does my regular development cycle inform potential employers, network contacts, or any other prospective individuals about my intrinsic skill compared against what they're looking for? To make that a bit plainer: What skills do you bring to the table? How is that stated in your work? What level of documentation do you maintain? Do you have a fast or slow development cycle, and why? A lot of this information can be conveyed by, yes, stating that you're a regular developer (however that comes across for you, I'd be more specific). In this case, I can identify that you're a either an application dev or a web dev, but if I'm wrong, that's where you want to be pursuant of more detailed/richer information. I think those are some solid start points, but I digress.

To answer your question: yes, I do feel that would be helpful. Anything to show that you have the aptitude, the applicable skill, and the drive to maintain that course.

Thank you! That helps with the entire perspective. I've gone to bootcamps and learned full-stack, but (reiterating to the career/budget), I don't really have a sass or ship too much. I'll take note of all that so I can keep it in mind. I have experience beyond that so I really have focus and not overdo it either. I know for actual resumes they will be more tailored to the employer. Fast and slow, there's several factors. I'd say a bit slow now as I am focusing on cybersecurity, but I've had jobs at a web agency (NDA) but it was pretty basic. I'll keep in mind my last professional job as far as work flow and what I have to offer. These days I'd rather keep things safe than do a regular developer job unless it's a mixture of both (and it should be). Not sure if those jobs even exist anymore.

Gave +1 Rep to @shell jasper (current: #1473 - 3)

Glad to have been of help! Ultimately, I think that pivoting away from pure full-stack development is a wise move, but you should always remember where you started, and, in the helpful advice of chick3nman , understand and lean into your niches. Make them work for you. Finally, understand that cyber (and IT in general) is leaning more and more into the higher-level, more technical roles that require over-all stronger programming or other relevant skills. Personally, if I had your skillset, I would attempt to translate the core skills that I am best at, and use those as the "abs" of your LinkedIn profile and resume while also using them as the "methodology" for further training them. Show off your skill, but be humble, and learn more before you say more. That, from what I've learned in life, is best practice. And for that reason, I will now digress and allow expert minds to weigh in further if necessary or desired.

hii everyone.. wanted to ask a question (hopefully im not being dumb. Or am i? 😭😭) im new in cybersecurity and tryhackme too. i currently am doing pre security course. wanted to ask should i really do cyber security 101 course or directly jump into penetration testing module? will penetration testing covers all the necessary topics from the previous modules or do i really need to complete those previous modules too to get comfortable with all the knowledge of penetration testing

Do Pre-Security, do Cyber 101, then attempt Pentesting. That's what I'm doing, albeit with a slightly different path.

same boat as you. But we will get there

do all the basics even though you may feel like you know them. might end up learning something new even a new functionality in case of rooms that has tools of the trade

https://www.youtube.com/watch?v=lV2zsCOLX30&t=2s

after doing comptia sec+ should i do that roadmap by thm for blue team? is it helpfull

Yes it's really helpful to build your foundation

You could also explore rooms like windows internals, linux internals to explore OS working

Hi guys, I would really like to get a job in cyber security but I would like to know if AI is going to "replace" it ?

🤣

😆

I just completed the SQL injection modules & want to test the skills Can any one suggest me some rooms of easy or medium level

i'm trying to get a jr/level 1 SOC analyst job do anyone have promising project idea plz?

It won't. You'll be fine. Be more worried about oversaturation of the market and competing with others.

Homelab

Setup an NDR system, setup your own siem etc

And for that you'll need as plingplong said a homelab. It can also just be done with vms

Homelab makes it easier tho

Most likely no, AI will help automate things and make tasks easier but it can't full replace individuals because again you need someone to look at alerts and verify if it's a true-alert and not a false positive, at least this is my understand im still a beginner so feel free to correct me if I'm wrong anyone

I would do the 101

Audit and compliance

Try this one 🙂
https://tryhackme.com/room/jurassicpark

Better question: how tf do you have CISSP with no prior experience?

5 years xp is literally one of the requirements to get it

I don't yet but I can work towards it with entire course being covered and training for free but ig it's too big a jump

I got offered a tonne of stuff from a company which they can cover and it just seemed like the highest level

Ig technically u can pass the exam and be an ISC2 associate but ye doesn't seem ideal

Every single one of these I can have covered for free

• CCNA and CCNP

Sorry for the dumb question tho I'm just wondering the like career path order and how the certs fit in around it

That's why I did if, I didn't mean to act like I had it

You literally cannot be certified by ISC for CISSP until you have 5 years experience, or 4 years + a higher education degree

I think one of the first things you ask yourself is what role or specialisation do you want to focus on?

CISSP or any certification for that matter are mostly a plus (though it can help you bypass HR filters), but wouldn't be the sole consideration when applying for jobs.

if someone has a CISSP cert but has zero experience in industry, that is a huge red flag

Hey everyone, I’m 16 and from Romania. I’ve already completed the Pre-Security path on TryHackMe and I’m currently working through the Web Application Pentesting path. After that, I plan to go through PortSwigger’s Web Security Academy and start focusing seriously on bug bounties.
I’m in a tough spot right now. I have the option to apply for Romania’s National Cybersecurity Academy. It offers a structured path, access to resources, and strong government connections. Sounds great at first — but there’s a huge catch: if I go, I’m basically locked into working for the Romanian government or institutions for around 10 years. That means less freedom, limited salary, and working in a system that’s known for being bureaucratic and sometimes outdated.
My alternative is to skip college entirely and go all-in on bug bounties and practical experience. I want to build real skills, earn through bounties, and eventually maybe even start a business in this space. My older brother isn’t in tech (he’s a video editor), but he can support me financially if I want to go full focus on hacking.
I’m trying to figure out what path will actually lead to better long-term growth and freedom in cybersecurity. Have any of you faced something similar — or skipped university to go straight into bug bounties or pentesting? I’d appreciate any advice from people who’ve been in the field longer.

So I'm being offered these certs to help me train for a SOC level 1 role specifically so I want whatever can help me achieve that

Is this your employer or a company that offers training to land you a cybersecurity role?

Note: I read your original post, but confirming to be certain.

It's a charity that's paying for the certs + courses/training for the certs too and they also have links to companies for jobs too

To be extra specific I did first year cyber security at university but a little bit into my second year I was forced to drop out to care for a terminally ill family members for multiple years and I got refused to student loans/funding to go back to finish my degree so I have to find alternative routes

Hello everybody ... hope you are find . Do you jnow any god books for learning web security ? I first look at something like "The Web Application Hacker’s Handbook Second Edition" but it's too old so I would like you to give me advice please

Try to ask in #bookclub channel 🙂

Thank sir

I’m an Indian student pursuing a BTech in Computer Science and currently relying on an education loan. I’m really interested in cybersecurity, specifically Red Teaming, and want to earn industry-recognized certifications. However, due to financial constraints, I’m unsure which certifications to focus on. Can someone help me with any advice on affordable yet credible options.

Since cybersecurity is not entry level and despite a passion for it, I want some opinions.
I'm graduating with a focus on cybersecurity but still a computer science degree. I'm thinking of trying to enter into backend programming or try and get into (after entry level IT) network engineering. Is there any reason why backend may not be ideal or could possibly restrict me from eventually moving into SOC? (I would still have projects, such as my homelab)

the rooms that im doing is leaning more towards security operations.. does that job title pay well as an entry level?

SecOps is a pretty wide field, but, say a SecOps engineer 1, which is the lower level or a SOC Analyst, will mostly depend on who you're working for and what market you're in, but not terrible pay(In the US at least), but as the message above you noted, cybersecurity roles are not entry level, IT is the entry

It's not the worst thing I'd say. It would not open you to other types of disciplines as opposed to other roles such as network engineer, IT support, etc. but its still ok and can be used to pivot into SOC

Ideally, you would get a role such as a system administrator or network administrator that allows you to gain experience with actual infrastructure

Backend programming is still good and can open a career path to these off the top of my head: DevOps, DevSecOps, Application Security, Penetration Testing

Hi everyone If anyone can give me some advenced Oauth2 vulns? (not sqli or JWE tocken forgery ect... some serious vulns that I might forget to secure it in a website)

You can take a look at this: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications.

You can use #infosec-general next time also to ask for general infosec related questions

okay thx ^^ and sorry for using the wrong channel

Gave +1 Rep to @dense dagger (current: #22 - 460)

no worries, theres a lot of channels so its easy to get lost

Alright, then I'm probably going to try and get into network engineering as a start(if I can, out of preference.), of course if I get a sysadmin job then I get a sysadmin job.
I highly appreciate it.

I don't recommend doing bug bounty hunting but if u insist on doing it, prepare to face struggles a lot. And yeah I would never join that Romania cyber academy,.

Cyber security is entry level ~ if u have the qualification and zero experience u could actually get in

TY for the advice. What do u think I should pursue?

Gave +1 Rep to @hollow pivot (current: #1478 - 3)

Soc analyst roles are easy to get but I can't say much since ur not in US

Some countries job require different thing

Or different methods

Hello everyone,I'm 20 and currently pursuing bachelors in cybersecurity,and I want to build a career in pentesting ,I don't have a mentor to guide me ,so please share your thoughts..

Connect with people in bigger servers

Join multiple

And make friends

Ask questions to people

And there ya go

You'll have a mentor one day

(I did it)

U can also reach out on LinkedIn

They actually help i

U

Also make sure u have multiple mentors I have 2 rn but I'm looking for a new one

Noted brother thanks a lot 🙏

Gave +1 Rep to @hollow pivot (current: #1185 - 4)

I do have request for mentoring but I be too strict and 😂 scare people away

Would you please recommend some servers

So find someone that meets ur needs

I will be more than happy if you mentor me

Trust me u don't want that 😂

Most servers I'm in now are private and have restrictions like

Must be enrolled in OSCP

Or

The ultimate goal is to gain knowledge

Wait I have a great resource

Omg

I remember

So u can schedule a meeting for free

With anyone

For assistance

If u can get close to them u could build a private connection

You'll have to figure it out yourself but I'll just send u a server

Yeah man that would be great

Okayyy

And please recommend courses I can start with

What have u done so far

I have not completed much courses

I just did a Udemy introductory course for cybersecurity beginners

And in thm I have completed upto active directories

What's ur goal?

I want to be a penetration tester

Stick with tryhackme complete the first course from tryhackme

And do a 1 box every 3 days to a week

Even if u don't understand

Review it and note it down

Have good notes

When ur done reach me

If u remember me by then

😂

Nah brother you have been great help

I'll follow you so we won't forget eachother 😂

is it valid for me to continue studying security+? I have a IT assistant job where i often interact with network configuration, microsoft azure, microsoft administrator and MacOS to ensure business communication and productivity runs smoothly and efficiently. But I have no certification and im a CS undergrad student. Is it still valid for me to study security+ and skip basic IT qualifications considering im on my way to have bachelors degree and have experience/internship in IT

With how the market is and from most advice given, though I could get lucky and have that be the case, I cannot agree wholeheartedly. Thanks for the thought though.

Gave +1 Rep to @hollow pivot (current: #1021 - 5)

I would suggest you look at job postings for where you're trying to go and see what they require. Some will require x and others may only suggest y. If it requires A+ or other certifications, then you must have them.

i have no clue what part of cybersec i wanna go at but i do enjoy working im tech and breaking into systems is more than building systems. i really love this line of work

i just hate certs when its too theoretical like comptia’s ones but it has to be done

Then I advise you get some ideas of what you want to do and look at what they require. I understand you may dislike theory but theory is needed.

I'd also wager that it'll be less theoretical than what you've experienced in CS so it won't be that bad.

yea totally i agree. like stiff such as change management and gap analysus etc arent in thm.

If u do like breaking then take a look at the practice cers like eJPT, PT1, OSCP

Oscp is like $800 💀

I guess more

Its a solid one tho

I'd only recommend oscp if you're entering into the market and don't need to worry about CompTIA honestly.

Depends on the role a one looking for

Better for the employer to pay for it than not

Yes if possible

I don’t know what market u do have knowledge in but in EU its kinda hard for pen testing jobs

Without certs

It's hard everywhere right now.

W r cooked chat

Cyber security isn't entry level, you have to kinda move horizontally in it.

:d

Yes

After doing some entry level IT honestly then you're fine. A lot of misconceptions on the Internet have propagated it as being entry level and I'm quite glad this server has dispelled such a myth.

However doesn't mean you can't get lucky

Like a programmer? And them specialize in cyber security?

no worries, i did get my first pen testing job with zero experience even tho the job did require experience. same with a soc analyst position which i later declined

Must've been a different time Ali

Which country ?

wasn't - it required experience too, on top of that its a pentesting company so yeah and USA

BUT

I'm sure there are ways yes, though going through IT would be better.

Why did you decline it? (The reasons are interesting)

id say this doesnt happen often most people start as a help desk

and move up to soc in a year or two

thats usually the way

Pentesting is more my thing and higher pay too also was remote

I see

You could get lucky nowadays if you have some experience like in a homelab but even then the current climate is really difficult.

HR is the only issue

So I wouldn't bet on being lucky.

Hrs are broken

yeah im gonna make a video on how the job market is LMAO

and how i got my job

people should know

its luck

LMFAO

Sorta. Hr is a main issue, however, to be quite honest, there are some things where it would be better to have an understanding and experience in IT, if I'm getting an application from someone who has experience and someone who doesn't, who do you really think I'll hire?

The job market not even for cybersec is cooked rn

It's across the board, at least for America.

really depends on the person, if i show my notes and skills with zero experience everyone knows im overqualfied so its almost also about the effort u put in

im even opening my own pentesting firm

i get the difficulty tho

Sure, however I must state I would still take someone with experience over someone who doesn't have experience in a professional setting, it'd only make economical sense. A lot of markets are having issues taking in entry level.

most hiring manger dont care about experience they care about skills HR is usually the blocking thing. - I talked to many hiring manager

They most definitely care more about experience

if u have zero experience and can demonstate ur skills

they prefer that even if u have experience

and no skills

A lot of them require it now.

Some may not, yes, however, a lot do require you to have experience in IT.

its possible but honestly the odds are against you big time

forget about IT experience, i never even had a single job

I'd say the certs themselves are worse regarding HR

and u have to be exceptional

pentesting isnt entry level

Or just willing to take shit pay

soc analyst however are

Soc analysts are entry level for cybersec but not overall, yes.

In fact the ones I've looked into still require IT experience of at least 2 years. Sometimes 1.

they say require but its not a firm statement - you should message the hiring manager or whoever is on the job posting

and doing home labs and stuff is normal

most people come in thinking ull get it like easily

Recommended is not a firm statement, required, is.

When a job posting says they require A+ certs, recommends experience in x, required is quite firm

again i had interviews where it was required and i never met the requirement

it required certain certs

i applied without them

but show you have something tho

Homelabs my beloved

yeah u should have them if your at lest into the field

I do

thats good

blogs?

Good practice for experience.

youtube?

Don't do blogs and definitely not YouTube.

wait where u from?

Us my man

we can a soc analyst poisiton open here,

i could have recommended you

but it closed a month ago

rip

Still gotta graduate with my degree so not a worry to me

i see

thought u worked extra hard and couldnt get a job

from how it sounded

😭

It's definitely something I hear every day I can tell you.

Job market kinda cooked rn

i hear it too but i think most people dont do enough work imo

they think getting A+ is enough

😭

and a home lab

Oh sure but this isn't even cyber specific, job market overall is kinda trash right now. It's not devastatingly terrible but the unemployment rate for college graduates has risen so far...

im halfway done with pt1

okay yeah i agree job market is trash

def is harder

all job market is trash

networking and making connection is so important now

cybersecurity aint as bad as others

referalls are the way in

yes all are and its beeen that way for awhile

you hear it every year

recession, ai, global job market, employees now being forced to wear multiple hats

Every year and what's going on statistically aren't always what matches.

i cant say enough since i havent compared it to others

but i would say id probably agree

There is an actual issue with the job market after covid and more than ever now. It depends area to area of course and how willing you are to take shit pay or conditions though, to be fair.

apparently entry level cybersecurity jobs are flooded since its the bot shit rn but there is a huge talent gap in mid and senior cybersec roles

everyone wants in

ali u shia?

I think cybersecurity is not that bad once you have some experience. However, even IT, especially IT is suffering in this market.

lmao i got my IT internship via family friend

I have deleted so called linkedin, its a really weird place people are like NPCs

i met few people in Owasp London

may go Owasp meetup in paris

no

yea thats the thing for networking

when is the owasp in paris ?

september

but i dint speak french

so idk if i should go

I don't think the internship area is bad, just the jobs themselves.

I also doesn't

Though internships are definitely not great for CS rn especially.

I may go

no interns are bad aswell

cos lot of CS majors

did u go to one in london?

nah

wait he speaking only be in French in OWASP Paris ?

not sure

back

YA ALI

r u shia

oh

Is it ok to be so open?

Just curious

:d

Openings in cyber have generally grown year-over-year outside of FAANG and other tech-driven companies - for example if you look at different verticals like Automotive or Finance, hiring is pretty steady for cyber. There is a bit of confirmation bias at play when you hear the market is bad, unemployed folks struggling to find jobs are generally more vocal and somewhat distort the reality.

TL;DR don't let what people tell you about the "market" discourage you from applying to places, but also maybe think about applying to places other than CrowdStrike or Google and you may have some more luck

Agree with that

you're right, however, I must admit that college graduate unemployment rates have definitely increased and I think that is a valid concern for someone like me who is about to graduate. Openings can open in cyber but I still have to get at the very least a year or two of IT experience before I can enter or for it to really benefit me, unless I get lucky and find a place that doesn't require it, which is of course possible.

Hey, sorry for the late response, I've been really busy with work. If you have a redacted copy of your resume, post it as an image here.

Who says you need two years of IT experience with a degree? Did you do any form of internship? Your degree is what substitutes for the experience requirements in entry cyber (analyst, engineer, etc etc) roles, typically. Anecdotally, I graduated in 2020, into the pandemic, and was able to find a job within 3 months of graduating. You're going to have to put the work in to find a job. Job hunting is a full time job in itself.

No problem, can I DM it to you instead?

No, that's why I said to redact it. Doing it here benefits the community.

Alright, hold on.

Here:

internships have been dry, only one. My degree unfortunately does not substitute for entry, they require IT experience which I do not have.

One internship is fine. Is your degree a STEM degree? Also, let me just ask, are you in the US/western world?

In the US, it is compsci.

Off the top, bring skills to the top, separate education and certifications, call your experience section "Experience", and your clearance isn't something you did at your job so it shouldn't be under Experience.

Is your template a modified AwesomeCV? If not, it looks similar, so maybe take a look at moving it over to LaTeX

I don't see an issue then

I don't know. I had a resume expert make it for me a few years ago. I'll look at LaTex though. Thoughts on removing my education? I've been in the cybersec space for over 2 years now and I've never used it in my job.

I would work on your CG bullet as well. Relate what you did in your Rate to the jobs you're applying for

I did basic work. Painting, standing watch, keeping logs, did some QMOW work that helped with navigation, but that's it.

The formatting could use some work, if I'm being honest. There's room for improvement. Do not remove your education.

What was your rate though? Did you go to A-school? If so, what did you learn there.

I was a non-rate (E3). I was going to IT-A School but I had to get out for medical reasons. So I never got any actual experience.

My cybersec career is my current job

People are going to ask what you did, you need to work that into your resume

If all you did was scrub and paint, talk about how good of a job you did scrubbing and painting

I had lifeguard on my resume for a while, it's OK for it not to be cyber related

Noted, I'll look into editing it.

As much as I would like to generally agree, there is too much conflicting advice from others in this channel. I will still apply to said jobs and do projects focused on them, however, I am not going to focus on only them and still focus on entering IT if needed and doing certs for them.

You do you. Myself & Droogy (Juun too because he agreed with Droogy's take) are just trying to give an industry perspective to help cut through the noise

The same number of people have for the other aspect of it. I see no issue in me preparing for the worst.

fresh graduates will generally have a tough time finding the first job in their chosen field, this is not unique to cyber/IT and merits its own discussion - as someone without a degree and was a late career changer (food service -> IT -> Cyber) I can definitely assure you that if you have a CompSci degree from a reputable school, can speak English reasonably well and have some decent soft skills then that is literally all you need for entry level work, you will be fine

Wow the market in the US is definitely insanely different from the one we have here in France.

What is the market like in France?

A master's degree is required for most CyberSec jobs. People got shocked when I said that in here but no longer than 3 weeks ago, someone from France was here complaining they couldn't find a job because all of them requires 5 years of higher education.

So far I've listed 4 people in here from France (2 of them having OSCP) that can't even get a Junior pentester job because they only have a BSc.

Brooooo... that's hardcore. I understand some of the why, but holy hell. I'm beginning to wonder if the whole fuss about, "tech companies don't care about degrees anymore" was really just a way to beat off some of the competition with a big stick.

I think it's the case in the US.
But definitely not in the middle east and a few countries in Europe.

Qatar is a bit less strict about degrees when it comes to the ME.

The "Why" is because people in cybersecurity are expected to be engineers (Actual engineering degree) which lasts 4 to 5 years.
If you're not an engineer, you are required to have the same level of education as one. Which means a BSc and a MSc. (Equivalent to 5 years of education)

And if you want to go for a Cybersecurity consultant role? That's even more strict.

It's 5 years of education + at least 1 or 2 years of experience for a junior consultant role.

Which is definitely OK and normal in France since people work while studying. That's how colleges work here. 6 months end of studies internships are required to validate your degree.

So, in your opinion, would you say all of that is truly necessary, or would you even go so far as to say that it creates a stronger workforce? I've been hearing a lot about people with degrees ultimately still asking the same dumb questions as those without.

Here, we don't get that. You get a degree, even a PhD, and you still might just never find a job.

Degrees are total BS. I'd hire an OSCP certified person over someone with a MSc.

See, that's exactly the kind of attitude I'd HOPE to see in the field.

Hi guys, I have an interview in the near future for an SOC L1 entry position any tips?
(my first interview by the way + its remote)

Note the first interview may or may not be technical; otherwise expect questions that cover "miles wide, inch deep" type knowledge, you need some understanding of some fundamental pillars of IT, Networking 101, Windows/Linux internals - having knowledge of ticketing systems, popular SaaS offerings and typical cross-team workflows will also help guide "what would you do in XYZ scenario" questions (e.g. "I would reach out to the Threat Intel team to see if they had any information to help", "I would check the internal KB for any open tickets involving XYZ", etc..)

Tryhackme actually has interview tips iirc somewhere on the website!

Hey chat - so what's the demographic breakdown here? any folks working in the CyberSec industry?

Well, you'd need to read the start of the convo to know. Taking it out of context like that would definitely shock you like it did to many.

Nope, you got me, i was totally just skimming.

You got people in the US that have given their advice above as well.

The industry here in the US is wide open. Experience seems to trump certs and certs trump college

Follow this thread @lucid current
Seems like it's not the case in the entirety of the US.

Seems in line with what I said imo. Most employeers of cyber folks want practical experience and ability over college education. You're more likely to find a job beating CTF's and going to CONs than you are on zip recruiter and posting a degree

No, certifications do not trump college

The job, the organization, the hiring team, etc all have different expectations. College is absolutely an equal if not greater in terms of recognition, certs just have a lower ceiling to getting skills validation, hence their popularity, but if you're doing cyber security degree, so many schools are getting a lot of tangible, hands on experience

@ancient prairie @wise harbor THX guys

Gave +1 Rep to @ancient prairie (current: #45 - 223)

question for exomplyers!.. as someone like myself was to get intervied for an entry level cybersec lets say as a red teamer what are the questions do you ask us?

There really isn't any entry level work as a red teamer, you should generally be a subject matter expert on internals for various OS's and architecture. malware development, evasion, C2 usage in addition to having deep knowledge across general IT/Cyber pillars

ahhhh so what would be my best bet getting into a career as a cybersec?

SOC or GRC

Both of those will require either a technical or administrative background in some capacity

and im assuming i need to get my certs for those first?

cause i been doing walkthroughs CTF videos on youtube training for the SOC

cert

Do you have any IT work experience, or certs?

no not at all i did that bullshit google course to get an understanding of cybersec because i wanna make this my new profession thats why i just been tunnel visioned into learning and grabbing knowledge from everywhere.

I strongly recommend you gain work experience in another IT domain before making the jump to security. Entry level to info or cybersec usually makes the assumption that one has some technical background in other domains, like network engineers, sys admin, dev, etc

ahh, what type of those domains to you recommend i should look into work experience wise and of course certs?

IT helpdesk is good, maybe juun has some others

would data analyst be a start as well?

no not really, that job is usually more on the business side of things - no one says you can't apply to traditional entry level cyber roles like GRC or SOC as you may get lucky but don't be too suprised otherwise

desktop tech and any sysadmin work is great

ill keep doing what im doing then and take juuns advice as well and look into the basic IT domains

im a 100% new with this tech stuff so sorry for all the questions and misunderstanding on my part

i come from an automotive background hahaha

no worries, definitely just take a look around at job requirements so you can get a more concrete understanding of what knowledge you'll need - and if you come across a job you honestly feel like you are capable of fulfilling then go for it

for sure thank you! for SOC positions. would i still need a cert? or some hire with just experience.

it depends, having real-world work experience in any field helps it shows you are a reliable adult who is capable of working well with others. As for certs starting with the CompTIA trifecta is almost always recommended - some companies value certs more than others so your milage may vary

I didn't google, but I've worked in Cybersecurity for the past 8 years

Degrees or professional experience have the ability to move the needle independently of each other and independently of certifications. Certifications are used to quantify professional experience/meet contract requirements, and don't have that level of independence.

Certs are also a business requirement, and to be honest, are not a fair judgement of knowledge or ability.

Respectfully, I would put degrees and certs in the same category, very separate from experience. That said, many Certs require a certain level of experience to go with them, college does not. Moreover, I would choose an analyst that's passed several SANS courses where the focus is entirely Cyber centric, over a college student whose had to do alot of work, much of which has nothing to do with the field he'll be working in. Certs are not just used to meet contract reqs, they also show technical understanding - that said, not all certs are equal.

furthermore, there are MANY college courses out there whose entire purpose is to build a curriculum entirely around obtaining industry certs.... so again I'd say... Certs over College.

But better than both (IMO) is experience gained, on the job or through things like CTF's, volunteering/instructing, technical writing, etc.

Just my 2.5 cents.

Inflation so bad it's now half a cent up

What about sans courses without the cert

That's more on par with watching youtube videos by someone working in the industry. Can be VERY informative, but doesn't really indicate ability at all.

https://tenor.com/view/paul-rudd-its-funny-its-actually-kind-of-sad-funny-but-sad-gif-17011210

Is there a ranking of how valued specific certs are over others? Like what certs would you expect an L3 SOC lead/Incident Commander to have

GIAC certs are not really indicative of ability either unfortunately, it just tells me you have a few thousand bucks to spare - I have met an overwhelming amount of GIAC cert holders who are pretty clueless when it comes to actual day-to-day work

Sounds like certs are just for HR screening then? Lol

yep, I don't even look at resumes when I interview (granted my boss does pre-screen applications)

yep, pretty much each vendor has their own hierarchy map.
https://cyber-center.org/wp-content/uploads/2022/02/04687-it-certification-roadmap-nov2020-24x36-onepage-1.pdf

yep, alot of them are just there to pass automated resume checkers. The interview with a technitian is what really gets you in.

What do you do in the field? if you don't mind me asking

And how many YoE lol

Why is threat hunting a dedicated role now, shouldn't that just be something TI and SOC do together?

Is there anyone who is currently doing job in cyber security?

👋

Quite a few here id imagine

I want some guidance

I imagine that very much just depends on the place you work at. Where I've worked TH is part of the SOC/TI, but there are also agencies like Fireeye/Crowdrstrike that have folks that specialize in TH - especially as consultants to other firms/SOCs.

I'm happy to answer questions. But my info would be specific to the region/state i live in.

Why so specific, GRC?

Well if it's about getting into the field - culture, hiring, policies, etc are going to be a little different depending on where you're at.

pay, etc

where are you guys from?

US/Midwest

ahh US/east coast

Nowhere near the capital region?

If we are looking for a remote position does location matter as much?

Are there any remote positions left

im in New york city

Reddit makes it sound like there are no jobs in cyber at all especially remote lol

I've never worked with folks remotely. but I imagine alot of that lowers pay... especially since much of what you're talking about could likely be outsourced to foreign countries for SIGNIFICANTLY less pay.

China, India, etc have a massive surplus of folks in IT that work for really cheap

Some things can only be handled by US personnel tho, and there's a difference of quality I've noticed between regions

I split my time between threat hunting and detection engineering

And most of those things, especially if you're refering to gov work, will be limited to in person... especially with the administrations recent gutting of remote workers

is threat hunting hard to get into? if you dont mind me asking

contracting, vendor, or gov?

Do you hunt on one specific edr or how do you do your hunting usually, just whatever the customers got?

I'd argue yes, requires deep technical knowledge - alot of folks go to it after working in IT for a bit.

How do you know what to threat hunt for

Check fw logs for evil bit?

MITRE ATT&CK Framework is a good place to start.

https://attack.mitre.org/

Bit broad since that covers pretty much every attack vector lol

exactly

that's what threat hunters do

They require broad and deep understanding of potential attack vectors based on a specific companies threat profile

Have to prioritize it some way, either by recent trends or something

---> Threat Profile.

The diamond model is a good way to explain it

neither, full time for a F500 company

Nice

I hunt across all our data sources depending on the hypothesis

Diamond model - Adversary and their capes, vs a victim and their infrastructure. What type of adversary wants what your company has, what vulnerabilities exist within that infrastructure, trends.... all of this plays into building a threat profile for the org you're defending

in a nutshell I typically start with assumed breach scenarios and work backwards, e.g. Scattered Spider has been in the news lately, they typically get initial access through the help desk and have a set of tactics and techniques they like to run after that, these represent signals and data sources that can be included to help hunt your hypothesis

Do you usually get those TTPs from a specific source or just wherever you can find them

We use recorded future for a lot of our TI stuff

What siem/edr are yall using to do your hunts?

---> MITRE, Crowdstrike, Mandiant, certain federal agencies > they are persistently hunting for new threats, standing up honey pots, to observe and collect new TTP's and disseminate them to vulnerable orgs

We have a dedicated TI team which helps out a lot, otherwise I know our threat profile and where the gaps are to hunt against

I usually export the data I need from our SIEM and use Jupyter Notebooks to process it

What SIEM do you use?

nvm

splunkinator

we have Splunk and Elastic

I prefer Elastic, my start was actually in securityonion

I ran Security Onion for years in my homelab but recently overhauled because its just too resource-hungry for my needs at this point

I hated elastic and much prefer splunk

What's the reason to use both?

whats splunk for isnt it like SQL

They're both databases that collect, index, and analyze data.

Can't splunk do everything elastic can

yep

I've been in a place where we ran both - it was actually just down to preference of the team.

both have their own special learning curve

it's cheaper to have some data on-prem in Elastic in our case

@ancient prairie how long did it take to become a threat hunter, what was your pipeline?

I would definitely recommend Elastic + their EDR offering for small businesses on a budget, the stack works really well if you can keep it alive

It wasn't a role I directly applied for, it pretty much came through internal hirings and me bugging people about the need to formalize a threat hunting and detection engineering function separate from the SOC - it came after working around 2-3 years in SOC/CSIRT roles

ahhh question. what would i have to focus on and get a decent understanding on to get my foot in the door as SOC as someone who just started back in april haha

Started as what

Like a L1 soc analyst?

yes

Is it remote?

What are they having you do, just churn a ticket queue?

im not working at all in this industry im a mechanic haha im trying to change professions so im learning all this on my own

Oooh join the military that's a sure way to get a soc role within 6 years lmao

https://tenor.com/view/what-wtf-eyes-look-phone-gif-3927559383930151204

Traditionally I think cyber security roles have been roles that other technical positions transitioned into after getting experience like network engineering and IT, but I know people who got a cyber security bachelors and then interned and got into a soc that way

6 years... PFC's are doing equivalent work as soon as they pass their pipeline.

PFC? whats that mean

Private First Class - A very junior enlisted rank in the Army

Yeah but they are PFCs for 6 years and get paid as such lol

Gotta get out to get normal soc pay

That's True... but they're also going to spend those six years learning very high level tradecraft and going to technical training every day they go to work. There's something to be said about the trade off between money and experience/training.

Cybercommand is an absolute Certification Farm... That said promotion rates in Cyber, are significantly faster than most other job roles in the military. SSG in six years is very much viable

so whats the lowest position to be in as cybersecurity i just need my foot in the door and have work experience

Not necessarily. Pipeline is like 6 months and then most of them just go to work and stay stupid, will maybe get sent to some sans courses. Depends on if they make it into a super technical role. I know plenty of army cyber guys that suck at the job. In the military enlisted don't usually get fired for incompetence so you can be a shitter and still get paid lol

Intern

Then L1

What's your experience with military cyber? Because that wasn't at all my experience. The only people that stayed stupid where the seniors that VTIPed from other jobs. The ones that got after it... learned every day they were there, that's absolutely a choice. The opportunity for growth and training is always there... lazy folks just never used it.

do i need experience as an intern or a background especially for someone like me whos being self taught

The shops I was in did not grant many opportunities for meaningful training. You either self taught or a chief liked you enough to put you through a sans course

need is all relative to what you can get in on... but I would recommend going into general IT first, then switch to cybersecurity. The pivot will be easier because it will give you a solid IT foundation/experience, and there's a larger general IT base of jobs than secjobs.... that said, lots of people go straight to cybersec jobs... if you can get your foot in the door... and as discussed the military is a GREAT way to get your foot in... if you're willing to make that level of commitment. The access to training there really is top notch... if you're willing to do the work.

That sucks man. I can't at all attest to what it's like in Navy Cyber. but I've worked other branches, and in my experience the Airforce and Army both do a great job developing folks in cyber ops.

So most people watched YT or did collaterals while like 3 of us actually developed the dmss kit or were sent tdy

The joint shops I was in was 95% YouTube watchers lol

well you made ION, so you clearly put in the work. and I really do believe that's what always made for the best operators/analysts... the dudes who did the job, then went home and crushed it in CTF's and their own rickidy a$$ homelab/servers.

Yeah ion spaces were a lot different compared to the CPT spaces lol. People actually wanted to be there

Helps when mission feels more impactful

I think the CPT just had a negative feedback loop of no training > analysts cant find artifacts > demoralized and don't wanna do the job > not self training

Now that kind of work is popular tho so go figure

yep, very easy to get disgruntled in a job like that if you don't have purpose... and good leaders always provided purpose through great training and hunting for good ops for their guys.

sorry that wasn't your experience

anyway, it was good talking to you, feel free to add me, i gotta hop off... heading to an incubus concert.

Have fun lol

mmm random but as an IT intern what would they have you do?

maybe some helpdesk or computer fixing

Depends on the position you apply

You have helpdesk interns

But you can also intern in a SOC etc

Hello, I'm new here. I need some tutoring help please anyone.

Guys I need help

Sup?

If you have specific questions you can ask. If you're new to the field, go to #start-here and follow the instructions

is anyone freelancing in this cybersec field?

Hello. If anybody knows can I go university for ece (electrical and computer engineer I believe) and get a job at cyber? The curriculum has both math and stuff like networking, software and hardware if I specialise in the computers sector so if anybody knows it would be helpful

Read the testimonies by THM. As it already indicates that people such as teachers have reschooled them selves using THM, and got a job offer in cyber sec.

Well ty for the reply but I'm not asking if thm can make me go to cyber and change my major. I haven't been to uni so I don't have to chose ece to begin with. I'm just asking if anybody is familiar with the uni major. Thank you for the reply

Gave +1 Rep to @near yarrow (current: #3003 - 1)

Oh, I apologize, that was not clear to me. In that case I do not have an answer for you 🙂

No worries. Tysm for replying. Have a good one!

I sure have tried, but the market is not kind to entry levels

I have a Bachelor's degree and still don't get real work

What about bug bounty programs such as Bugcrowd? Have you tried that?

I have applied for a ethical hacking job and I got a technical test before getting the job so I need to do vulnerability assessment by I need to hack 2 sites by planting webshell into the site then send them the link as proof, can you please help me guys?

I have

The few times that I've turned in bounties they set my finding to a P5, didn't pay me and patched the next day

That and I'm just not very good at them 💀

Ya, bet lowering the finding to a P5 might be demotivating

Ya can get rich, but it takes a special kind of person

(and possibly lots of "luck")

Luck that I just don't have

I genuinely have no idea how you're supposed to get a job in IT at all these days

I got turned down for a help desk job because I didn't have 3-5 years experience

Depends a lot on the company tbh. The one I work at is very eager to hire people every single day..
An although they do not necessarily hire only IT pro's, they do expect you to have some kind of experience, affinity & knowledge about the field.

As in, you can be whatever you need to be from occupation, but if you have several certificates proving you can code, they'll gladly hire you as a coder and train you further to a full fletched employee.

I have the Google Cybersecurity, Sec+ and CCNA plus a Bachelor's in cybersecurity. I'm hardly underqualified for an entry level role

That eh, sounds pretty solid tbh

I genuinely have no clue what I'm not doing right

I apply for jobs all the time, not just in cybersecurity but almost any entry level IT

May I ask what country you live in?

USA

Hmm ya, idk... USA for some reason sounds really ffing critical in all aspects in regards to IT. Sometimes I wonder about moving there because of wage.. but everytime I end up thinking.. hell naww

Pleaase don't

The wage increase isn't worth it imo

Well.. I'm having kidney stones from time to time.. so the US healthcare wouldn't be suitable for my needs, hah

Oh in that case absolutely don't

Healthcare is a nightmare here

No guaranteed PTO or vacation

No parental leave

Ya, that's weird.. my product owner got a baby today, won't see him for the next 4 weeks because of parental leave 😂

Paternal leave????

I've never heard of a US company allowing paternal leave

only maternal

and even then it's like 2 weeks

Idk 🤐 Something with words

Usually only moms get leave for their kids in America

Ya, even dads get 4 weeks in the netherlands

Hello, my apprenticeship is almost over in governance, i'm a bit lost, hard to find a job, due to my experience 2 years only, is there a good certification to start my career for begineer ? 🙂 thank you all

It all depends on your aspirations I'd say?

https://tryhackme.com/room/careersincyber

i was wondering about comptia A+ then Security+

i'll check ^^ huge thanks

I mean, by no means will it answer your question.. but you're also (imho) not giving enough information to get proper advise, since there are so many paths to choose from, all with their own certification within both THM, and other official ones.

that's why i'm lost, i haven't see much instead of creating policies ... and improvements of splunk's KPI ..

Then page above MIGHT help you a little bit in that case, as it does give an explanation for each job, maybe you can cross a few through so you won't have to waste your time at them.

And it couldn't hurt browsing THM a bit, seeing if you can take a few introductionary courses for each.

yep got it thank you 🙂

And based on that, I'm certain people can give you proper advise of steps / certifications to take.

I'm sure this has been asked a million times but is college necessary for Cyber Security or do you learn enough through TryHackMe? I assume it's very hard to find a job without a diploma and just through online courses.

should I go to uni and get a degree or am I setting myself up just as much by getting a comptia security+ cert

Any openings for internship ( remote)

US perspective. If you have the opportunity to obtain a degree, ie it won't put you in insurmountable debt or other extenuating circumstances, do it. The Security+ certification is not comparable to a degree program.

#jobs-board

This channel's for advice not really recruitment.

The original query:

Oh oh yeah

Sorry my bad

Yeah so guys
I'm struggling getting an internship
Can someone suggest me a ethical way like

Tips or suggestions

How can I get it

US perspective. Yes and no with the latter part of your statement. No to your question regarding "is THM enough." WRT the yes and no, can you get a job in cybersecurity without a degree? Yes. You'll have to start somewhere else in the industry though and then then work your way into cyber. A common "ground zero" starting point is IT Helpdesk. If you're able, is it recommended to get a degree? Yes. A lot of roles require degrees due to contractual obligations on the work being done. ie the contract your company signed to do x work for another company mandates that y number of seats must be filled with degree holding individuals. Degree holders also make more than their non-degree counterparts. It also, if you desire, sets you up for management as well. Typically they'll have degree requirements and when that time comes you can negotiate to have them pay for your masters.

understood, thank you, if I can obtain the security+ cert before uni that would help with obtaining student internships during my enrolment right? I'm looking at taking a 2 year diploma course for informations systems security, then likely another 1-3 years to convert that into a cybersecurity degree

Gave +1 Rep to @stoic cave (current: #20 - 521)

Not sure what the offerings are around you, but cybersecurity degrees are hit or miss. By degree, I mean an accredited 4 year bachelors program. A safer option is Computer Science as the programs are fairly standardized across the education space, no matter where you go. As far as getting Security+ before you go, I wouldn't. You'd be wasting its eligibility sitting in class. I would wait until you're close to graduating to maximize how long it's valid for post graduation.

Depending on the college you could even get one with concentrations. For example, though I'm majoring in compsci, my concentration is in cybersecurity, so I get a few classes that benefit me in that concentration while getting a standardized compsci education.

maybe u dont have enough experience

dont worry im self teaching myself this cybersec thing and im still applying and learning as i go just keep applying dont feel demotivated

hi eveyone! im new here but i do have a question. im new to learning IT but i want to make sure I take the right path to get a job. is it true that you can only land a job by networking with people and knowing your stuff and that the comptia exam is unnecessary? i hear alot of different things on the internet and not sure what to believe

Are you a higher education student? You're obviously late for Summer 2025 internships, but Summer 2026 will be opening in a few months.

No, it's not. See my message above to Isolate for some information on the topic. As far as networking, yes it can absolutely make a difference. Is it the only way into cyber? No. If you have local BSides or cyber meetups, you should go and talk to people. As far as certifications, Security+ is the baseline cybersecurity certification and really the only one that I recommend people pay for themselves. It's often a contract requirement in certain sectors of the industry, meaning they cannot hire you without it. Outside of that, you should get your employer to pay for your certifications.

im currently self learning. i wanted to avoid it help desk jobs but i might have to since the exam cost alot of money for me currently. and i will definitely look into cyber meetups. thank you! i didnt even know they had stuff like that

Gave +1 Rep to @stoic cave (current: #20 - 522)

Do you have a degree? If not, then I would go start applying to entry computer industry jobs, to start building your professional experience, one of the most common entry points being IT Helpdesk.

Self learning is great and all, but it's not the same as on the job experience