#cyber-and-careers

I mean besides the lists you mentioned

for a junior?

Yes.

mmh

idk how i ended up in the thm-htb then, realistically speaking, DKob, what do these equip me with?

between 2k/2k5

maybe

NET or Brut?

net

2.5K net for most juniors is 100% correct.

@obsidian rose

Sorry you have to juggle two different people

ill come back later

So what do you think about my plan ? could i have a real feedback ? If I go outside the France

Post-OSCP training material to train with.

You'll have to make sure a degree isn't required in these countries as well, as it is a bit common in Europe.

Also make sure you're going to a country where age discrimination does not exist. Because I know for a fact that it's really bad in a few countries, specially for late career shifts.

Your certification list is pretty nice if you want to build up for OSCP, but remember that OSCP is the only HR-recognised cert. It's very expensive. (Smallest plan starting at 1745$ for an exam attempt and the course) Keep in mind that a lot of people (A majority to say the least) do not pass on their first attempt and requires 2 or more. (Even more expensive now)

Not to mention that offensive security is a very saturated market with a very big competition.

Let's say I could go to university but given my age it would bore me and I wouldn't be able to save as much money because I would have to focus on completing my studies

I’m looking to start a career in Cybersecurity, I’m actively learning through THM -I’m a complete beginner- what job roles could I work part time to help me with my career?

Any tips on getting into cybersecurity? I’m currently thinking of either taking the google cybersecurity or IBM cybersecurity analyst courses on Coursera and after finishing one of them I want to try to get my CompTIA sec+ certification. Any tips on what course would help more?

Do you have a degree or prior professional experience?

Are you currently in school? Why part time I guess is what I am asking.

No, I don’t have any work experience, I do know my way around a computer that’s all I can say lol

So no degree as well? You're going to want to start building your professional experience. A common starting point for a lot of professionals is IT Helpdesk.

I know the both the google certificates and ibm certificate won’t really help me get a job on cybersecurity but I at least will get something out of it since I’m new in this and hopefully get some info out of those courses to help with the sec+ exam

Would I be able to get an IT helpdesk even without any experience?

Yes, you don't need anything. It's entry level for the computer industry.

I wouldn't pay for any certifications or certificates at this point.

The only reason I’m thinking of taking one of those is because I get them for free from my job

Pick the one that is the bridge between the role you have now, and the role you want

Super curious on everyone's thoughts on A.A.S Degrees with a focus on Cyber-Security, maybe coupled with a recommended cert? or should I just transfer over to a four year degree?
I am 34 years old so if I can make my way into the industry off a two year degree and a cert that would be preferable, as I have a family with mouths and stuff.

I would not recommend any coursera "training", nor the google cybersecurity thing. CompTIA is industry recognized, and will be a much better resume checkbox if you are limited specifically to sec+

certs aren't really a thing you should pay for

the AAS is a good step, but you're going to struggle getting into cyber or infosec without some kind of IT background, whether that is a BS or other IT work experience

I do not have a BS, and I would not say I have any IT experience either.
I do have a GitHub with unrelated programming projects. XD

Lets say a entry-level position, like help-desk, how quickly can someone progress from there with a A.A.S? like a likely scenario, obviously you don't know the dynamics of every business/institution.

It depends on yourself, but mostly on the org you work in. Some will allow fast tracking, others will not

+1 on this, biggest waste of time I ever spent

Anyone looking for a sysadmin if so lmk I use debian more than anything open to work

Check out #jobs-board 🙂

I had about 9 months of sysadmin work under my belt when I started shopping my resume around in cyber - callbacks were pretty decent but ultimately landed my job thru networking at an in-person conference

YMMV but my thinking is 6 months of general IT work is the absolute BARE minimum that a lot of companies will tolerate as long as you are competent/above-average in other areas

I would recommend at least 1 year, with 18 months or more being preferred. Jumping too early/too often (even if it's deserved) can look bad

what did your portfolio or pitch look like for networking?

Hey everyone 👋

I'm looking for some advice and tips on building a strong cybersecurity presence on GitHub. I've noticed a few of the defensive security roles I'm applying for, especially those leaning towards forensics, really value seeing active GitHub profiles.

Does anyone have recommendations for projects, resources, or general strategies to get started or improve my GitHub activity in this space? I'm eager to learn and connect!

Also, if anyone is open to collaborating on a project or just sharing their own experiences and insights, I'd absolutely love to hear from you. Let's learn and grow together!

Hi I just wanna ask right now I'm currently working on getting my CEH cert, but my background both in terms of studies and work experience isn't related to cybersecurity. I'm really motivated to break into the field, but I'm not sure which career path would be the best fit or where to start. What roles or paths should I consider, and how can I make myself a strong candidate for entry-level positions?

Im more into offensive side and can you suggest what i need to do to upskill myself so recuiter will more interest in my resume rather than my backgroundstudy or experience

Where are you based geographically?

If you are outside India, I wouldn't recommend sitting for CEH

Im based in malaysia
CEH cert that i currently pursuing is the government programme that i participate and it fully funded by government

If paid by the government, it should be fine then. However, do check certifications required in job boards

Mostly in my country company always look background study which is bachelor degree or diploma instead cert so i need advice what should i do to get more attention of the recruiter to look my resume

Hi guys, I don't know if I'm in the right place, I'm learning cybersecurity and doing all kinds of exercises. I'm currently doing some OSINT and i'm trying to find information from a phone number only, do you know of any osint tools for phone numbers a bit better than phoninfoga and sherlock on github or elsewhere? I tried these tools on kali linux but i don't find them great. Thanks!

hey my friend i am stuck in chhosing path on try hack me i have compleeted the basics and now i want to continue path should i start soc analyst peneteration testter or security engineer which one is demanding for future

You can try them all a little bit n see which one you enjoy

I’m finishing up red and want to try blue next

Hi

Hi

I am totally new to this..No it background..no related degree..
I started from ISC2 CC and will do Sec+ ..Also doing Jeremy IT Lab CCNA..
Two part question - How much of Sec+ topics are covered in ISC2 Cc..and should i do the whole Jeremy IT CCNA playlist for network foundation??

anyone actually get a job with sal1? lol

Hey everyone, I’d appreciate your thoughts on this:
I’m currently working as an Information Security Officer in a large company, mainly focusing on:
• ISO 27001 ISMS maintenance,
• Policy and process management,
• Third-party security reviews,
• Physical access control checks,
• Offboarding audits,
• Phishing simulations & awareness campaigns,
• Monthly security reporting,
• recently joined a committee evaluating cloud/AI services.
Now I’ve been offered an alternative position after applying for a different role:
• Directly supporting the CSO of the national social security association (kind of like a federal-level IT governance role),
• Coordinating the national CISO community (CISOs of various member organizations),
• Leading and participating in working groups (identity management, secure software dev, etc.),
• Preparing a nationwide crisis exercise,
• Reporting to senior decision makers,
• Contributing to the overall security strategy across the organizations.
I’d likely earn around €9,000 more per year in that role.
Do you see this as:
• Step up
• Step down

Only you can really answer that question, does it align with where you see yourself in 5 or 10 years. I imagine the new role would be a lot more heavy on regulations / policies. Financial compensation is only a small part of the puzzle. The new position would probably have different hours, more social impact.

Definitely a step up! Also completely agree with Noctem's response

But personally, like blue/Ei said, I would consider it a step up. You'll be able to have more impact and probably be able to network with many more organizations.

Thank you both for your feedback! Hours-wise it is actually better. The new role would be strictly 38,5 hours a week. Right now I am doing 40,5 hours

if youd earn more with less hours then id says step up

I second this. I did the Google cybersecurity course for the laugh over 16 hours during Xmas week, between parties and hangovers. They provide a voucher for sec+. but their course is not sufficient training for that certification

guys is pentration testing a good carrerr in cybersecurity

Hey , I’ve got a quixk question. Do you think that if I’m still in technical high school and i have 16-18 years old but I manage to complete the CompTIA Security+ certification (and build a GitHub portfolio, etc.), I could realistically start looking for my first junior role in cybersecurity?

guys what should be started as being at beginner level

for cyber security

You can follow this roadmap 🙂
https://tryhackme.com/resources/blog/free_path

Where should I find jobs for Entry Level Cyber Security?

Try to take a look at #jobs-board . LinkedIn could also be a useful resource 🙂

Hey,

What would be a good cert / step to take after eJPT? The materials covered in eJPT do not feel enough for actual practice

I want to do that one path which one is in most demand and good scope

Realistically you can start looking when you reach the age of adulthood in your country. Most companies will likely expect you to have several years experience in IT or another role. read the Tribe of Hackers books to see what to expect

eJPT is a junior certificate, and most would see it as an entry level achievement. It shows you know the basics of ethical hacking and have performed some simple attacks. building your skills on THM, partaking in CTFs and Bug Bounites (with HackerOne, Bugcrowd, Intigriti, etc.), maintaining a blog, doing writeups, having a home lab (some spare computers, some VMs, cloud platforms), doing personal projects like building a network, hardening targets and pentesting them, etc... all of these things build your skills and make you more worthy of consideration.

There are a lot of certifications on the market. You should look to see the ones most in demand by organisations in your region, and see if they provide training or education or financial support for such

could anyone give me any advice. Ive been applying for countless jobs everyday, mainly IT helpdesk jobs, technician and cybersecurity no requirement internships and programmes.. i completed 2 years of university but didn't finish the degree. i have 1 year of junior IT support technician work but haven't worked in IT in like 2 years. Im doing practical labs on THM every day and have been told to work towards the comptia security+. but no jobs have got back to me and ive been trying to apply for about 2 months.

If you didnt hear anything back, there might be an issue with your CV. You could post a redacted version of the document here and someone will definitely have a look and spot potential improvements.

Hello guys i just need to hear from someone that's more experienced then me, recently I just got into cybersecurity and I've felt very interested in it especially incident responder/blue team. Im currently 20 years old starting college trying to get a degree and certificates, in your opinion what certificate should I go for? ive heard on Comptia+ but im just tryna see is there any other options i can go for so I can have some certificates early and try to get a similar job quick

I currently hold four certifications through CompTIA and am actively pursuing two additional certificates. Although I’m not paying for these new courses, they still offer valuable knowledge—particularly the Google certification, which includes automation as part of its curriculum. It’s important to recognize that certifications alone don’t necessarily teach automation or hands-on skills. That’s why I believe in seeking knowledge wherever it’s available. I regularly attend webinars on a variety of topics, even when they don’t offer formal credentials. Continuous learning is essential—not only to acquire new skills but also to reinforce and refresh existing ones. For example, working in a customer support role can significantly improve your troubleshooting abilities, especially if you're still building familiarity with hardware. Similarly, assembling a PC is a great way to deepen your understanding of hardware components and compatibility issues. Many people are visual or hands-on learners, and they retain information better through direct experience. This applies across disciplines—whether you're repairing hydraulic systems on a helicopter or learning how to pick a lock. It’s also worth noting that cybersecurity isn’t limited to digital threats; it often includes elements of physical security, such as access control, which involves restricting unauthorized access to servers and workstations.

Seems like most of the companies are looking for the CEH but that's the worst certification I've heard from. Expensive and only theoretical

Sounds like a waste of time and money so I think I should build skill by practice

as someone with the eJPT it's probably not going to help lol

some people recommend going for oscp after ejpt

Yeah that's what I've heard too unfortunately after purchasing the course and certificate.

https://tenor.com/view/catdance-gangnam-style-cute-cat-gif-11020797830010762324

Can you share with us some of the webinars you're intending on going to in the coming months? I'm trying to put some on my calendar as well

I don't have any right now, but the last one I attended was from Nvidia and was AI for All. If i find and more I will post them for you all. Linkedin sometimes has announcements for some as well, so look on there.

https://www.recordedfuture.com/resources/webinars is one you can look at as well, granted not all might be free, not sure at the moment.

Heres some that are on demand also https://www.hycu.com/webinars?cde0200e_page=2

https://www.cybereason.com/resources/tag/webinars has some also

Sounds good, thanks for sharing these! Do you watch the replays or do you try to watch them live?
You might like this one: https://www.securitysummits.com/event/codeseccon/ I had to sign up for it with my work email but it seems like it will be a good one

Gave +1 Rep to @fervent sorrel (current: #3022 - 1)

I try to watch them live, like the one for Nvidia I watched live, but even if it's not live you can still learn things from it, but being able to ask your own questions is out if it's on-demand.

Yeah, probably lots of good information to check out regardless. Thanks for sharing these with us, if I find any good ones I'll post them in here too

Ehi guys, random question
I have been struggling to land my first it job for a lack of experience
Can anyone suggest any rooms that are more helpdesk focused , so I can gain “experience”

I have been getting loads of interviews but struggling to actually land a first job

If you are looking for a job in a helpdesk, what skills are you bringing to the table? Do you understand Windows, Linux, Networks, and can you install, configure, troubleshoot and fix problems in those areas? Do you have a home lab? Could be a few spare computers, some network routers and switches, virtual machines, a cloud platform. Do you have a blog writing about any of your experiences or showing steps you took in exploring interesting things or fixing problems or installing and configuring useful systems or applications? There's lots of rooms on topics in these areas that you can start on if you use the search function

I have a A+, I play around with Linux as often as I can, especially for OSINT stuff, as I participated in a couple of CTF before. I have a home lab that I update as often as I can, I configured and set it up by myself, deploying AD, playing around with group policy at the moment (I have a full time job so limited time) and I post write ups on GitHub/linkedin

I have a Mac and most of my friends do too, so when I troubleshoot their issues most of the time is with Mac. I’m looking for a job as I would live to develop those skills on a daily basis rather than using my free time to do so. I put a lot of effort and I do get interviews

Just to put it out there, I’m heavily tattooed and I feel a few companies didn’t end up hiring me saying I didn’t pass the “culture” stage of the interview

So right now I’m trying to develop my skills as hard as I can so an employee will employ me for my skills and not for my look

Also, I have a lot of customer service experience (10 + years) which seem to be a must for this position

Hey everyone
I’ve been working on tug boats for 6+ years(deck and engine room), I really want a remote job. I’ve been looking into Cyber Security but have very little tech experience. I’m 32 and would like to make a change but hesitate to jump in to something with little experience. Is cyber a good option if I get certs and run tryhackme, I am motivated just a bit overwhelmed. Has anyone else been in this position that has something to say about this?

Quick question for all your cyber security people. I took the IBM cyber security analyst course on coursera ( yes I know how a lot of people feel about coursera) I'm also 80% of the way through security 101 on TryHackMe. I have subscribed to Jason Dion's CompTIA Secuirty + course and practice tests on Udemy because i've read they are a good source of practice for the cert. In your honest opinion how much would all of this prepare me for the CompTIA Security + exam? I pass all the practice test on Udemy with 90% or above but I fear these questions are not reflective of the actually exam... also if anyone has a source for practice on the PBQ's that would be awesome because Dion's are all multiple choice.

CompTIA’s https://demosim.comptia.io/

I did find this one but it seemed a little easy and I kind of thought it was a bait LOL. If you have the Security+ cert how would you compare that PBQ to the one's on the exam?

Hah, join messers discord - they have people taking it everyday there

is tryhackme a good resource to get into ethical hacking?

Yeah , it's one of the best if not the best

so do i just keep doing rooms in the order they are?

like currently i am in cyber sec 101 cryptogrpahy

so i just keep moving forward as the webiste tell me?

with your knowldege of THM 101 and Dion's course you are well equipped you can actually prepare for the security+ in just 5 days, from my experiience security+ is the easiest cert ever I would recommend this cram course by Inside Cloud and Security to prepare for the security+

Yeah but its also ok to diversify. The learning path gives you multiple branches to choose from

you are legend rank, what skills you would say you learnt which are like usefull in your work or everyday tasks

Most of the things I’ve learned in TryHackMe is relevant to my day to day work actually

My main work is pentesting

Yeah

security+ was really a big memory game for me

remembering terminologies and etc if you do messers practice test and can easily get 80% you are probably fine, i remember messer's practice test being harder than the test it self imo

Hello, I'm new here and I'm interested in cyber security, I intend to learn from you but I really need the assistance on where I will start from, any help will be of much help and I'll appreciate it, I'm from Kenya

Welcome to community , greetings to Kenya 🙂 👋 🇰🇪 . You can start with the free path below , good luck on your journey 🚀 .
https://tryhackme.com/resources/blog/free_path

Thank you so much. Appreciate it

Gave +1 Rep to @keen tundra (current: #1 - 5626)

Why does not the nmap -sV work as needed?

Maybe #room-help is a better channel to ask your question

I’ve found that Dion exam questions were harder than the actual exam 🫡 also use examcompass for acronyms and try to find some website for PBQ’s.

No problem l solved this

I was sent this massage in #room-help

True. I was always getting around 70-75% but passed the actual exam way easier

Still better than mock exams being easier than actual exam

Better to be overprepared than underprepared

Hie guys ,
i have been studying cyber security past 2 years , but now i am stuck at a point from where i am not able to pass through ,
i have done about 150+ Tryhackme rooms , and i am in top 1% , i have studied CEH course just for theory purpose , i have learnt various ctf techniques including stegenography , reverse engineering ,forensics , web exploitation , i have also done development for around 3-4 month so i have knowledge of react , html , js , css, basic web tech stack , i have done python c++ , i know scripting , i have great hands on practice of tools like burpsuite , wireshark , zui , and many more command line tools which i used for solving these challenges,

but as now i have hardly left a year for my college to be complete and i have to search for a job or any intern which can gurantee placement, so anyone here who can guide me accordingly for the stuff will be very grateful.

https://x.com/dissant_prod/status/1946987009513304346

Already responded to this in #infosec-general. Please don't post in multiple channels

👍

Damn. With those talents (and by just getting one or 2 certs) you would be an instant hire in most of Europe. Can't speak for America though

Do you really mean that , or saying in sarcasm 🥲

Nah man, I'm 100% serious. Crazy skills that a lot of companies would fight for over here

can you help me providing some leads ?

Where do you live?

India

Oh man. That's gonne be a bit tough my guy

In the beginning, these companies value you being in the same country as them

So unless you're in europe, that's not something I have the power to change my good man

yeah i totally understand that 🤧

Don't give up though. With enough Certs like CISSP or OSCP depending on which way you're going, you should have no problem finding work remote

any remote opportunities ? if available ? you know

No idea man. You might find some, but only with some credentials like those certs I mentioned

yeah i am learning for certification .. curently , will complete them before my degree is completed

try to "advertise" yourself in forums or email companies!

it cost u nothing to do that

This is great advice

Just by doing projects and blogs on github or linkedin and showing your experience online can be HUGE in getting companies to hire you

actually i have not much idea about forums can you help me join any ?

well i dont have any me too to be honest,but you could still find some cybersec themed!

indeed,if u can have a portfolio,it can "increase" ur chance of getting hired or contacted

yeah i have it all ,
prepared everything from portfolio to projects
and also for showing my projects off and my rooms progress i have created a channel where i post how i solve the rooms(walkthroughs) , also i post some education content related to ctf and cybersecurity

Is it hard to find a remote cybersec job in the uk with a college degree partnered with a uk uni?

A lot of companies still offer remote or partly remote roles, but you would need to check with organisations individually.

What I mean is, is it easy? Are there plenty of companies there? Do you have options and flexibility?

Hey everyone, what Linux system would you guys recommend? I’m a beginner

Ubuntu for general use , Kali may be a good choice if you're interested in pentesting 🙂

What’s pentesting?

You can learn more about it here
https://tryhackme.com/room/pentestingfundamentals

Any tech networking events coming up in houston?

It's part of offensive security where you try to exploit vulnerabilities in software.

I meant to reply to this.

Got it!

And as @keen tundra mentioned, this article does a great job going a little deeper into that field.

https://tryhackme.com/room/pentestingfundamentals

Do you guys recommend the google cybersecurity certificate? I don’t have any experience on cybersecurity but I’m able to take the course for free

I have the same question.

I worked on it for a little bit, it’s really good

Huh, maybe I should look into it sometime. I'm really interested in pentesting, anyway.

I've seen mixed reviews of it, I think starting with Security+ no matter what is the way to go. After doing A+ and Network+ it's actually kind of surprising but that's what the industry demands right now from my perspective. Also look at job postings in your area to see what they're asking for

I would personally suggest maybe start with A+(if no IT experience ) and Net+ if no prior cybersecurity experience. Sec+ takes heavily from Net+ from what I've heard.

depends on the person honestly

Agreed, if no prior IT or Cysec experience then A+ -> Net+ -> Sec+

Once I finished Net+ I wanted to take a break, but I didn't once I realized I had about 70-75% of the knowledge for Sec+ already from the other 2 certs, and some IT experience, so I'm taking Sec+ on Aug 2nd.

That's what I found so surprising is how much Sec+ draws from the others!

Can I find a job only with CEH certification, because thats the only cert I got after failing the CCNA?

Hi, I would like to at least get a job as a soc analyst level 1. But I don't know which tools to learn or certs to focus on. Really would appreciate anyone to enlighten me on this. Much love 😘

Hello @molten lichen , What kind of training materials are you using to prep for the Sec+? And how much time are you practicing each day?

Hey @vernal owl! I'm currently taking notes while watching Jason Dion's training course on Udemy, using his practice exam sets, I listen to Professor Messer's training series in my car on the way to and from work, and I do THM activities to keep my interests fresh.

Monday - Thursday (we work 4 10s) with everything combined I probably average about an hour to 2 with 1 hour specifically sitting down at my desk and watching the training series.

Friday, Saturday, and Sunday I aim for 4 - 8 hours of studying.

Professor Messer also has great practice exams. There's also example PBQs on YouTube and CompTIAs official website

Host a website or start a blog on medium and start posting little updates or tutorials on what hacking or security stuff youve been doing and make sure you are including a little blurb with information on any bug bounties you get done. Thats a good way to get your name out there so people can see that you have expertise in specific areas and think about you if theyre looking to hire someone with a certain skillset. It seems like you're fluent in english which will make you much more desirable to someone hiring in america or europe, having a little cybersecurity / hacking blog will also make it clear to people that you're fluent in english when they search up your name or find your blog and are interested in your skills

This is great advice and something I need to start doing as well

Yah I am in the process of taking my own advice here, but it is pretty crucial in terms of marketing yourself to potential employers or even just establishing a presence online as an "industry professional". for example if someone is looking into a bug or exploit and your write up on a similar bug or exploit shows up that makes you appealing for that person to reach out to if they don't have someone who has the expertise to handle that stuff in their company

Hey @molten lichen,
I’m with you on Professor Messer—his content is clear as day, I've spent lots of winter nights watching his videos. Jason Dion’s practice tests are also super effective, but I found his video lectures a bit surface-level. In contrast, CBT Nuggets (like Keith Barker’s) tends to dive deeper and explain concepts more thoroughly.
I passed Net+ last year, and now with Sec+ in sight, I'm hesitating to pull the trigger—I guess I just need that final motivational kick. Any tips on how you stayed motivated to finally schedule and take the exam?

If someone wants to study finance at university, would learning cybersecurity be an advantage for them and their career paths?

Agreed and I think youre making great points, it's a big undertaking but well worth it. I've definitely noticed when I'm applying for jobs that people probably have something besides their LinkedIn for the "website" section. I checked GoDaddy and it looks like we can get a website for about $50 across 3 years. So not too bad and I will try to work on that this year.

Keith Barker does a great job diving deep, but in my opinion, when it comes to talking specifically about exam objectives, Professor Messer and Jason Dion do exactly that. We all have different preferences but with limited time, I have to do the deep dive down the road in exchange for understanding exam objectives sooner.

My motivations are all internal so it really depends on finding what motivates you. I've experienced a lot of different things in life that have made me determined to do this, so you have to figure out what your internal motivating factors are. Alongside taking breaks, exercising, things like that, if you're motivated internally you can keep going.

I think it would depend on the route you want to go within finance, but learning and understanding cyber threats related to the financial sector would certainly be helpful and something you could bring up in an interview

Thank you tigertrail.
I will pass on this message as I was asking for a student

What might help them is knowing about PCI DSS, SOX, GLBA, and other things like that, and probably working on recognizing social engineering, e.g. when they're being targeted by phishing.

Others might have more insight on that, but I wish them luck!

Noted. Thank you so much for the advice. 🎀

Of course!🙂

Totally get what you mean. I’ve been trying to stay motivated too still figuring out what really drives me. I’ve heard that exercise helps with focus, but I haven’t really made it a habit yet. Might be something I should try.

What drives you to choose Cybersecurity?

I’ve had a curious habit since childhood — I used to take apart my toys just to see how they worked. That was always more exciting to me than actually playing with them. As I grew older, my curiosity shifted toward computing devices, and understanding how they work still excites me just as much. I can’t help but keep coming back to it — like an addiction I never want to shake.

Thanks for the advice man , actually as i mentioned i haven't started any blog for that content but i have a youtube channel where i post tryhackme rooms walkthrough and some ctf walkthrough and some tutorials too and all in english. is that fine ?

Gave +1 Rep to @tacit holly (current: #1982 - 2)

Is CRTO a basic certification?

No

I have a short time period to learn red teaming i can give 12+ hours to my studies, can anyone guide me which certifications do I need for it ?

My roadmap,
eJPT (with certification)
CEH (no certification)
CRTO or CRTP (anyone of it with certification)

Its equals to what ? I mean OSCP ?

CRTO is for Red teaming, OSCP is for pentesting. They serve different purposes. CRTO has also been recently totally revamped - both course and exam - and doesn't include flags anymore, you're totally graded on your OPSEC and evasion capabilities. It is not a beginner certification.

So which type of company will hire me if I will do CRTO ?

why not PT1?

I thought ejpt pnpt and oscp also includes in red teaming as my brother is doing oscp right now after completing those all 3

So I just want a guide like I thought in pentesting the red teaming also include in it

None. CRTO is red teaming. Red teaming is the last level of offensive security. You'd need to have years of pentesting experience prior to that. + The only companies that hire red teamers are very big ones such as governments, insurance and banking companies.

Here in my country I can easily lend to a government job for it

So I got you that it may need me some years to do this, so which certifications should I do that i can get a job ?

You'd still need a lot of experience. No one will hire a red teamer without at least a few years of pentesting.

Well do you first have the basics?

Certifications won't guarantee you a job.

Programming, Networking and OS knowledge?

I just want to do something in 1 year with full and a half potential

In 1 year the best you could get is a pentesting job if you can reach OSCP. But 1 year is a very short window.

Without OSCP, I doubt you'll be able to reach pentesting if you have nothing and have just started learning the basics today.

I am just making my roadmap once get all the info which I want I will start by purchasing 1 year thm subscription and ceh and pnpt course which I already have

So you know nothing as of now?

No programming knowledge xd

Networking/OS?

Basic/50 percent

Well you have a long way to go. How much hours/day can you dedicate for the next year?

Have to start from this week and I can give 10-14 hours a day

I can agree with you but in my country i can get a job in government

I would suggest you take DKob's advice. No job is guaranteed, certificate or not.

Just leave the job path can you tell or give the advice on certification, also exclude the 1 year time, what certification do I need to become a red teamer ? CEH, eJPT, PNPT, PT1 and last CRTO is it enough to become red teamer and these can help me easily get a job in a big domain ? Right now I can even get a job with a CEH certification if I do in my country to get a job but I want to give more times for a good position, also I get you that certification have no guarantee to get a job which is true, my question is some sort of different

Like dkob has said, you'd only be able to get a pentester job within this time frame if you get to work now.

Red teamer is later down your career path.

I would worry about what you can get than what you can get later down the line. Redteamer is not entry level and you need actual job experience.

I'd suggest maybe looking at PT1.

Whats the fees of it ? I saw this on htb

Pt1 is cheaper with the year subscription on thm. $287 or something, I don't remember. You can find out on thm website

I thought it was on htb as I searched and it opened that web, and bro is this courses are along with the certification and where I have to give exams ?

You can probably find the information for PT1 here:

https://tryhackme.com/certification/junior-penetration-tester

So I'm asking as a Know Nothing individual (I started THM three days ago). In terms of the careers in cybersecurity, which ones are considered more "entry level" I suppose? Which should I am for first? Or is there perhaps a job that would give me more experience in basics I should go for before fully getting into cyber security?

Soc L1 is pretty entry level. What's your background?

If you don't go to college/graduate or are not already in the IT field/SWE field, you will probably need to enter IT first, then move horizontally into cyber.

In terms of tech nothing besides doing a basic (sort of ill informed small town southern style) IT class in high school

I know hardware because I'm a gamer but that's it

I thought that might be the case

I would suggest getting into IT while studying cybersec. Cybersecurity isn't entry level in the same sense as IT is.

Though it is probably possible. Just not easy. Juun would know more.

Should I start this after 3 months ? As for now I have these fresh courses in my pocket ejpt, pnpt and ceh ? I will not do certification of these 3 courses but learn and do practice of them and try to understand the scenario and making notes of it as a bump

I'm definitely willing to put in the work wherever I can start. I don't like not knowing every little aspect of my job so if IT gives me a better grasp I would like to start there. I really appreciate that advice. ❤️

In general, knowledge is good. I am not knowledgeable enough to tell you how to go about it.

nothing in cyber- or info-security is really 'entry level.' The lowest level jobs are Junior Analyst for Compliance or for the SOC. Both will very require some amount of technical or governance background (business, audit, etc).

I strongly recommend that if your plan is to get into security, either a degree or another job in IT is a much better entry point than trying to get a SOC analyst role without understanding at least 1-2 years of sysadmin or networking.

Help Desk is a very common entry level IT role that will help prepare you for other roles across IT.

Gotcha! I think that is definitely where I want to start. The TLDR of it all is I'm moving to the UK and I'm trying to have some sort of career path ahead of me when I do it

and I was given advice to get into Cybersecurity lol

I hope your move to the UK goes well.

I really appreciate that! I've got a long road ahead

Someone is trolling you. Very few orgs will trust someone who doesn't know anything to work in a security role.

It does happen, but so rarely I've only heard of 1 company doing it in 10 years of IT work.

Get help desk and maybe study for A+ and move up that way?

It was actually a UK employment office 😂 I gave them a phone call apparently that's what they're pushing everyone to do for some reason?

There's so much to learn. You can learn a lot of it on the job, but if your situation supports it, I strongly recommend getting a B.Sc in CompSci or closely related field. It opens so many doors.

I have considered, but with my full time employment I'm worried about bowing under pressure 😅

I think I will see if I can get some sort of entry level tech job and see if anyone local has any advice for me as well

I would suggest for the places looking for help desk, see if you can contact anyone in a cyber position for advice.

I definitely hear that. I think that's the move I'm going to try to make. I've got a few years until I'm actually leaving, but the more time you give yourself with these things the better.

If you can, while you can. Study for the A+ at the very least. Teaches you the fundamentals of IT, Messer has a good YouTube playlist.

I definitely want to check that out because I do want to put as much work in as I possibly can. I'm ready to get out of here asap. 😂

Understandable lol

Granted this wasn't the first career I had in mind with myself. Foolish younger me with no knowlege of the future was going to get into photography and editing and graphic design even. Unfortunately AI has chewed that career up and spit it out 😂

Hey guys, for OSCP, should we start with practicing heavily on THM and try to build off of that down the road into OSCP perhaps a year or so down the line?

I have IT experience, A+, Net+, security adjacent, but nothing offensive/defensive in particular

I’m working on getting the CompTIA A+ certificate. Do you guys think it will get me an internship or help desk job?

Yes, that’s what I did

But I believe the biggest part is building your methodology so you need to keep doing challenge rooms

Yeah that makes sense, okay I'll work at it like that. That's one cert I have a ton of respect for so I appreciate the guidance

is it important that a person starts their career in blue team first before they start primarily doing pentesting? would doing this route make you more attractive to employers?

BTL1 vs CCD vs CDSA. What to choose for my level?

Hey folks,
I graduated last year as an Engineer, and I am currently working as a Data Protection - Insider Threat Analyst. For 6 months, I have also worked as a Cyber Threat Detection Engineer in Splunk SIEM. I have completed the TryHackMe SOC L1 path and have good foundational knowledge of security principles, Linux, Windows, DFIR, networking, IDAM, GRC, etc. I want to get my first certification for blue teaming to validate my knowledge and build my brand. Which certification would be a good start for me, and what would a good progression look like?

It’s not a big requirement per se but there are definitely companies that do actually look for prior blue team experience. It depends on what type of pentesting you will mostly focus in. A developer background would complement web app, api, and mobile testing. A sysadmin or network admin would complement network and cloud pentesting

this was good info thx

Gave +1 Rep to @dense dagger (current: #22 - 463)

Hey guys, currently at a cross roads right now. I currently work at an MDR and have previously worked at a major MDR mainly doing consulting/deployment engineering/assisting sales engineering but recently had an opportunity pop up to become a security engineer at another start up. Current gig is relatively chill, pay is decent, and it’s a start up so I’m used to the constant/quick changes.

Pay is higher at the new gig, but it’d be a one man shop for security. Looks like I’ll be helping them reach their compliance goals even though I’ve never personally had experience with CMMC but I’m sure I could figure it out. Stress levels would be higher since it’s a one man shop and I would be managing/administering the current security stack while figuring out cmmc compliance. In terms of long term goals it fits with what I want to do in shifting towards an internal security role, but not sure if the extra stress would be worth it. Anyone have any thoughts on this?

hello guys, need some kind of roadmap (preferably someone from india) since the job market and reqs are different over here from global.. im currently in 3rd year doing btech in cse

i wanna make my career in cybersecurity, so was hoping someone could provide a guidance.. right now im just learning python, and doing google professional cybersec cert

in india harware pentesting is golden chance becuase there are only 50-100 people who know that and there is only drawback that there is no one to teach you like you need to learn it all by yourself or you can learn from who know how to do it

i kind of dont wanna go towards pentesting.. or offensive as a whole.. specially as a beginner since first of all thats not smth i prepped for so far.. but also cuz i saw in some vids that blue team is better to start in.. and uc an slowly transition into red teaming as u go

what do u think?
and also r u from india?

hardware pentesting is not the pentesting you are thinking of its like you have to work on hardware not on device and you need to learn red teaming first then you should learn blue teaming as if you know how to attack then only you can master how to secure the device and yh i m from india

ah, so wyd rn?

i m 18 yr old persuing btech in cyber security sem 1 and currenlty running cyber security business

damn, imma add u up

Hey pals, where do I begin learning hacking? I have no prior knowledge.

tryhackme.com

Okay thanks

im 4 weeks in and ive learned a great deal, just take your time

Hey all, I’m building PayloadForge, a free, open-source tool to generate payloads for API testing and auth vulnerabilities (e.g., weak API keys like api_key=user123, brute-force creds like admin:admin123). It’s got a simple Tkinter UI for beginners in cybersecurity and a permission prompt for ethical use. What features would you want in a student-friendly payload generator? Feedback welcome! (github.com/Theoracle07)"
PayloadForge isn’t started yet, and it’s for beginner pentesters and cybersecurity peeps. If you’ve got thoughts—like “add more payload types” or “make it super noob-proof”—drop them my way! The GitHub repo’s not live yet (coming Friday), but this is the planning phase.

Hi everyone

Just emailed about this one, it's from Microsoft. https://msevents.microsoft.com/event?id=94938443&wt.mc_id=AID3078098_QSG_EML_665068%3Focid%3Deml_pg489884_gdc_comm_az&mkt_tok=MTU3LUdRRS0zODIAAAGb0axuW8yV1YrIoIdzZbPiDmMm2mtww16dzpps5GTBIrs52PCL6F0fEi1z0TfNp3vjipy3LR_r-Gw3av2V9XZhWt3FZz2w_us3U8aGcLXupRJPrPixy2TFoW07

Don't forget about Tryhackme's upcoming one on the 24th, for Advanced Endpoint Investigation: Beyond the Basics

Hey does anyone have any hacking groups or server in discord plz send to me

❔ I see a lot of people online and in videos suggesting that people add their labs to their resumes as experience. For clarification, what exactly constitutes a "lab" in this context? I only see rooms and challenges And does anyone have an example of what that looks like on a Resume?

Homelab.
Infrastructure which they have configured themselves, often as a vulnerable lab for testing exploits.

It's an extracurricular, not experience.
As, for that matter, are THM/HTB/etc

Good stuff, going to register for both of these

Thanks for the help!

Gave +1 Rep to @undone shore (current: #10 - 900)

Hey guys how many people have got actual jobs in cyber here

If you have a answer can you tag me wen u message

I don't know much about CMMC but I know that any compliance-adjacent responsibilities on top of day-to-day security work is not a very tenable position - if you enjoy the challenge and want that experience then go for it but if your goal is an "internal security role" then I don't think this will be a step in the right direction, if your hiring contact at that gig was very specific in their language about getting up to CMMC-spec then that is probably what you will spend a lot of time doing instead of "fun" security work

Yeah that was the thought I was having as well, they'd also be having me help with doing some basic app-sec stuff it seems, but it just seems like too much for one person to be doing

Thank you for the thought!

FWIW I've only heard of BTL1 - generally I don't think too favorably of blue-team focused certs, I feel as though they are just expensive CTFs. If you really want the shiny badge but go for it, if I ever find courses interesting I'll check out the syllabus and research the topics on my own for free. If you are already employed I think a better use of your time would be to get some certifications for the tools you are already using.

Whenever I get distracted by shiny new certs I remember how much I suck at cloud and container security which is a much better investment of my time

I want to pivot from pentester path to security engineer path, do you guys recommend I should dabble in SOC first? or I can go straight to security engineer path

What is your opinion on the SAL1 on that matter? I was thinking of getting it for funsies and currently studying for it (though I'm currently studying the path in general). However, it wouldn't be bad if used that on Net+/CCNA instead

I know this varies extremely from person to person, but how do you guys study? I've been typing out notes but I feel like they're very redundant and just copying what the lessons say

But I'm also not sure if just going through the lessons without doing any notes is a very good idea

I read the section, then I take notes. I review after the lesson or sometime after.

if its for fun and/or just to challenge yourself then I'd say go for it - I just don't think any blue-team focused certs hold much water for hiring

Understandable. Any opinion on Net+ vs CCNA?

Guess I'll still get SAL1 for funsies.

So btl1 is just a waste of money then?

Hey guys, quick question. What are certs for cybersecurity analyst?

I'd go for Net+, CCNA seems to have lost some of it's prestige in the recent years, Cisco also doesn't have as much as a stranglehold on the market as it used to as well

I think the training syllabus is solid and I enjoyed some of the CTFs offered by that company, but if your goal is become more hirable then yes I would say you are wasting your time there

I went with the Sec+ . Now I’m working on my CySA+ as well.

This is probably an old version but you can literally learn all of this stuff on your own for free, it really is a great training plan they outline here

is sec+ worth to take?

I’d say yes. Both the Net+ and Sec+ are the ones I see being asked by recruiters on job postings.

The most

blt1 is good

Its a staple cert. HR loves it

And if you’re trying to get into Govtech, then those are required for sure.

gotcha, what resource's to study sec+ and net cert?

I don’t the resources for the Net+, but for the Sec+ it would be the Professor messers videos on YouTube. For the PBQ’s, you can lookup Udemy tutorials on them.

ok thank you, i guess i gotta prepare my study schedule. wish me luck

U got this 🔥

👍

Oh and make sure u prepare well for the PBQ’s, those are what cause people to fail the exam.

gotcha, what makes people fail pbq's? is it challenging?

Messer has net+

Ok so I should start net then sec+? I don’t know if it’s a good idea

sec+ is easier, far easier, if you do net+ beforehand

gotcha. I just looked it up sec + and it’s nearly like $400 💀

the certs aren't going to be cheap

Hlo everyone

Hello all. I was hoping to reach out here and meet anyone who works in digital forensics for law enforcement or DA’s office or private law practice to ask them about their experiences. Any takers?

Hi

I made plenty of stuff that simulate PBQs for these exams, FREE! DM me if you want any help, I have CC, SEC+, Pentest+, CYSA+, SecurityX. I will give you notes, exam tips, tricks, the works, I'm here to help the community!

I would love to bro

🙏🔥

Are newbies really breaking into cybersecurity without experience? I’m struggling here! Any certs I should grab while I’m at it?

Depends on your knowledge and experience. You should have a good understanding of Windows and Linux admin, Active Directory, networking, a basic grasp of coding with an interest to progress it, etc... As for certs, it depends on your own skills and what kind of role you want to pursue, but gaining skills, logging your progress in a blog, doing writeups, CTFs, Bug Bounties, going to events/conferences/meetups, having a home lab or doing projects can help demonstrate your skills. Knowledge of the field is very important, as are practical skills. You can learn quite a lot thourhg THM. You should look at jobs in your area and the certs they're looking for to see where you should be aiming. Certs can be an expensive pursuit. Network+/Security+, CISSP, OSCP, CISA, CISM and others are frequently mentioned, but you're best to look at jobs available where you want to work to see the skills and qualifications they require/desire, as the number of certs on the market and their applicability are quite broad. You also should figure out if you're going to be out of pocket or if a potential employer will compensate you for your efforts

Thanks a lot for the detailed explanation You're spot on. I'm working on building my skills. 👍 👍 💯 💯 💯 💯

Obviously you don't have to do all of those things, but showing a grasp of the important things and gradually building on it really helps. You're not going to have the time and resources to do all those things, but making an effort to do some of them really helps. Having a home lab (a few spare machines, or some VMs, a cloud platform account maybe) shows your efforts to learn and be productive. Doing challenge rooms/networks are good practice for the real world and certifications too. Pick and choose which you prefer, obviously

Hi, I would like to at least get a job as a soc analyst level 1. But I don't know which tools to learn or certs to focus on. Really would appreciate anyone to enlighten me on this.

thanks for the advice btw

Gave +1 Rep to @rugged delta (current: #20 - 524)

You should go to #sal1 and follow the path listed to learn everything you need to bring you up to speed as a SOC L1 analyst

I truly appreciate your input You're absolutely correct it's important for me to manage what I can and build upon that. I'm currently working with some VMs and starting challenge labs like TryHackMe, HTB. 😇 😇

I entered both Cybersecurity Engineering and Cyber Pshycal systems and I don't know what to choose, if it helps I can show the classes/courses that are offered.

Hey guys, I need help. I have the options of taking either the Google it support professional certificate or the Google cybersecurity professional certification for free. I’m a beginner on it and cybersecurity but my goal is to get into cybersecurity, I know these certificates won’t help get a job but I at least want to use it to learn

Then use it to learn

I did the Google Cybersecurity Certificate 100% one year during Xmas week, between parties and hangovers in about 16 hours. It's very basic and simple and while it might show you have an interest in the topic, it's certainly not enough to teach you what you need to work in the field, and it's not enough knowledge to pass the Security+, for which you get a voucher, but if you go for it, you will get a $50 voucher for the Sec+. Then you'll need to get a Study Guide or do a course like Professor Messer's free Sec+ course on YouTube.

Then you can pursue the #sal1 or #pt1 course on THM and learn real skills for your career

Anyone working in OT Cybersecurity willing to share how they got started in the field and what they wish they had known or read up about before?

There are two books by Pascal Ackerman, called Industrial Cybersecurity First Edition and Industrial Cybersecurity Second Edition. They should have been Volume 1 and Volume 2, as they are an overview of the field together. (Packt isn't known for its editorial quality but these are two of the good books they produced). There's plenty of other good books on the field. There are specialist certifications in the field, as well as several training providers. I know several people in fields like Electrical Engineering and other ICS roles where the employer provided much of the training but a good understanding of general cybersecurity principals along the lines of CISSP/CISA/CISM are a good guideline in the field.

There's a constant learning expectation, as cybersecurity has become an essential part of OT/ICS and there are standards and regulations to facilitate proper implementation and running of such systems and platforms

Thanks! Appreciate the info, yes the constant learning expectation and having to deal with industrial standards is what got me interested. From what I have learned so far, it can be a completely different field of security oftentimes patching a system is not possible so other ways of securing a system may be required.

Gave +1 Rep to @rugged delta (current: #20 - 525)

It is hard to find information on what companies want / need from a professional in the field. Dragos is one of the few that I know that really advertises OT specific security positions.

Yeah there's good general practices for most connected systems, ways to configure networks, managing trust, all kinds of things. It's important to have management oversight and a good set of procedures based on industry standards. Most orgs will certify with something similar to the ISO 27001 or the NIST standards, etc., and build on that

hi guys, I'm new to cybersecurity I started learning with the cyber-security-101-path path, but I want to increase my skill with a programming language. Right now I know the basics of c++ and python. which of them you recommend me to spread. And you also have some sources to recommend for studying

if you learn c++ python will be nothing

if you learn python c++ will be more difficult to learn

ok, so i've to learn c++ first and after that, i've to leanr python?

I think that would be the smarter idea

ok, thanks

i heard a lot of ppl talking about CCNA being a dying cert, but i still want to learn the topics it teaches and do the learning paths and I have a voucher giving me 50% off the cost of the exam too. Would it be a waste of my time?

Im pretty early in cyber so i want a solid foundation in networking

So I’m interested in working for the government, more specifically the NSA as a part of their hacking team and I was wondering what steps I should take in order to eventually get there.

Right now I’m currently working to get my associates in Information Technology & Communications and have taken an Introduction to Networking class as the only official college class for my major and cyber security so far. I have a very small amount of knowledge on C++ and Python but thats it. I was basically just wanting to know the steps I should take and what exactly I should learn to help prepare for my future. I also haven’t finished the try hack me premium path for penetration tester yet but I’m working on it. Any help would be very much appreciated

Honestly the easiest path into the NSA or any other intellegence agency is to join a service branch first, get a clearance and work in a cyber team there. It is possible to get into NSA without time in a branch but unless you really excel in college you'll likely need practical experience elsewhere first.

Would it make it any easier with a bachelors also? Cause I plan on transferring after I get my associates

Yeah for sure another thing to remember with government is that they have laws where requirements in a job application need to be met 100%. So if it says bachelors degree, then that is what you need no matter how good you are. They may have some programs you could join while in school. That would give you a big leg up too.

If you want an idea of what the intel community thinks will be a priority in the next couple of years, the recently publish ODNI Threat Assessment report is a good source.

this is sound advice. getting a clearance is usually the biggest hurdle. there’s also an indef hiring freeze.

also, look up the CNAB exam. it’s a proctored exam at pearson testing centers. would give you an idea what you need to study.

Hi

I made a pentesting toolkit for "labbing" if anyone is interested, here it is:
https://github.com/Sudocod3r/Swiss_HArmy_Knife

Good morning, afternoon, or evening! I’ve recently acquired Network + and Security +. I’ve done construction for the better part of the last decade and am wanting to break into IT/Cyber Security. Any advice on where to apply besides Indeed and LinkedIn? Seems like all the entry level/junior roles are few and far between. Any advice is appreciated, I’ll keep grinding away at CySA and THM for now. Greetings from Cali!

Newbie here please how do I start my career in cybersecurity I’m currently studying computer science I’m in year 3 already any advice

You need to word your searches correctly. Dragos is certainly prominent, but far from the only organization. ABB, Siemens, Shell, Exxon, etc etc will all have positions. OT Security Engineer, ICS Security Engineer, Security Engineer, and other variations are all used to identify industrial security positions.

I would say this depends, subtlety. Those standards, outside of the OT specific appendices (I think NIST has an OT appendix), are built for IT systems. For the US, you have sector specific guidance and standards, such as NERC CIP. From an international standards perspective, you have the ISA 62443 series of standards.

Did you run this by Jabba? In the past, this kind of thing definitely wasn't allowed to be posted

I'm a mod; I obviously knew that I had to ask for permission before sending that over.

Has anyone taken the free ethical hacker course from Cisco? If you had would you recommend it ?

I personally thought it was way too long and way too random. It felt unstructured.

Got it, I enrolled yesterday but haven’t done anything on it

Thank you for those suggestions, seems like this might be one of those fields where it is more important to know which companies have positions and check their career pages. LinkedIn will even try to correct OT Security to IT Security..

Gave +1 Rep to @stoic cave (current: #21 - 524)

Of course, I'm not fully familiar with OT/ICS cyber frameworks, but I'm aware of rigorous standards for adhering to proper, safe and accurate running of these machines. I've worked in a data centre alongside the engineers running them and things have moved on quite a lot thankfully from how we implemented and managed SCADA networks in the past, for instance...

As an example:

Any certificates I should work on in order to get into the cybersecurity field? I’m currently studying for the CompTIA sec+ and then planning to do net+

What is your background? Sec+ is good for sure, but you may also consider checking roles you are interested to apply for (as it should list any certifications those positions may require).

I want to apply for cybersecurity analyst. I only have basic it knowledge and taking the google cybersecurity certificate to get some knowledge lol

https://pauljerimy.com/security-certification-roadmap/

Seems to be down right now but can also recommend this one, gives a clear picture of what general career fields each cert falls in

weird

May I ask if there are any requirements we need to meet before enrolling, please?

Hi, I’ve started learning cybersecurity and I’m looking for people who can guide me or just be friends on this journey. I’d really appreciate any support. Thanks!

What kinda BS do you need on your resume to get past the troglodytes in HR for a soc position?

woah

You should be familiar with the cybersecurity world and be able to dedicate some brain and time.

cysa or SOC-200 would be a start cert wise

sec+ doesnt work anymore?

do you know the buzz lightyear meme

thats sec+

can you just take a cysa course and be good or how much prerequisite knowledge do you need for it

they probably want 3 years it exp and sec+ from what ive seen in "entry level" postings

yeah, your question asked how to get PAST hr screening

if you know your shit then an interview should be cake

what certs do they want to see for senior/principal roles?

its a follow up question

@fickle crag

focus on the middle

yeah that picture also shows sec+ on it but doesnt show which certs are buzz lightyear certs

sec+ is like a baseline entry security cert

the foundation to build up from

Can anyone suggest a FYP idea which I can do in the university...

Bumping this it got lost in the chat. I need 10 more applications to reach the goal and then I'll close applications. Currently at 30.

i almost reassigned !! xd

can you allude to what the project entails

and if you dont its fine , i am ready to do whataver it take for a task

That’s what I was wondering, I don’t want to apply for something when I don’t know what it is

why so hesitant guys

The exact nature of the project will remain confidential until its release or until you are accepted as a contributor following your application.

I’m currently assembling a small team to help rebuild a widely used resource within the cybersecurity community - not limited to TryHackMe users. This project has not been maintained, updated, or bug-fixed for quite some time, with no communication from its original developer. To clarify, this is not a tool, but rather something else of value to the community.

I’ve already started (and nearly completed) the core coding work myself. Contributors will support the project primarily through:

• Data collection and research (R&D)
• Editing simple, modular code I've gotten ready (beginner-friendly & I’ll provide clear guidance)
• Additional expectations are outlined in the form.

Release ETA is mid-August 2025. If everything goes according to plan, I’m confident that it will achieve the same level of success as the original project, if not surpass it. (Fingers crossed though)

Contributors will be publicly credited as active developers and collaborators. IMHO this could be a strong addition to your CV - it demonstrates your active participation in maintaining a widely used cybersecurity resource.

I’m currently at 30 applicants and aiming to reach a total of 40. From these, I will be selecting between 3 and 10 individuals to join the project team.

Hey gang, I just applied to a job and found out I have a mutual connection on LinkedIn to a senior recruiter at the org. Any suggestions what I should do?

fingers crossed

Can you be a DFIR from thm and htb?

M not in a position to answer , but all i can tell you 3 of my friends are now cyber security engineers just by thm and htb

Yee good to know but can you become a DFIR from THM and HTB?

thats awesome

What's HTB ?

Hack The Box

Oh thank you ! Are they similar with free courses ?

Forensics are not an entire job title as far as I know. Not sure if it's the case everywhere but where I'm from it's under SOC.

It's not a job by itself.

Oh so its kind of a 'sidejob' alongside with red or blue teaming?

Not even sure about that one as well.
But everything that's invetsigating is usually under the SOC umbrella and is not a dedicated job by itself.

For example where I work at, Threat Hunters are basically L3 SOC people and aren't just dedicated to threat hunting.

How does that work? Respectfully I dont understand

WDYM by that question?

How does what work?

Like... When you say that threat hunters are not dedicated to threat hunting..

Yeah threat hunters are L3 SOC people where I work at, so while they're called threat hunters it's not mainly what they do.

Not sure how it is outside of where I work at.

Maybe some companies have dedicated DFIR people and dedicated Threat Hunters.

there are digital forensics roles with LE

Then what do they do if they dont do their role..

You're entirely missing what I'm saying.

Read my message again.

I don't know about by following the online learning paths, typically DF experts have to understand a great deal about not just the techniques of data recovery but also the legal/business sides as well. Chain of custody, non-repudiation, etc are extremely important. It's really not a beginner area.

Im just not catching it sorry

DFIR is definitely a real role in large orgs, smaller orgs will contract with a vendor to perform that tasking as necessary

Not sure what you're not catching. Our TH people are mainly L3 SOC people who do TH when needed.

And there are limits in a task that a DFIR role will hit, because sometimes the things you find require the analyst to stop work, take hands off keyboard and contact legal for further instructions.

RCA is only one piece that a DFIR person has to do

Can you explain to me in a more simple way because I'm new to cybersecurity and dont understand what L3 SOC is and when you say TH means try hack?

th means threat hunting l3 soc is like senior level security analyst

TH is threat hunting. It's one of the primary tasks that a SOC analyst does.

Oh ok thank you guys

It's using the SIEM to go through events to look for indicators of compromise

bascially what he is saying is where he is digital forensics is for more experienced professionals and is not a dedicated role

Correct. Thanks.

Oh so you need to be advanced to go there..

DFIR is definitely a dedicated role. But it's not present in every org.

there are dedicated dfir roles in Law enforcement

but there is a process to that whole thing and what you are forced to work with is pretty disturbing from what ive heard

large companies with frequent events (malware, rootkits, etc) do have dedicated DFIR because it's a cost-savings for them to do it vs outsourcing

Expertise is costly, most small orgs will outsource the DFIR as required by regulation or other business needs

Wait because you mention law enforcement now from this... does that mean I can become a 'cop' hacker from this?

dope..

Usually you become the cop first.

If you are going the LEO route.

yeah thats what i heard too

I just want to become a DFIR no matter where... cop, civillian, org, idc..

also you are not going to like your job possibly because you are going to have to be analyzing the hidden files of criminals

idk if i can describe in words what it is in this server due to rules

Its okay if it's educational purposes

It's not always

Educational purposes only goes so far....

@obsidian rose giving the permission just this once?

I just want to understand

Lets just say that DFIR it not a job I would expect anyone under the age of 30 to have without a degree and several years experience.

So they dont acquire junior cybersecurity workers

Ive seen some companies do

It's definitely niche and requires expertise and real world experience. You can't just do the learning paths on any content provider and expect that you "know" enough to do it properly.

Not for true DFIR work.

It's too much risk.

I would say the same for Red Teaming.

And everything Red Teaming/BOF development.

Yeah red teaming is tough and needs some expert hands for this... basically solo if im correct unlike blue teaming

@warm hinge DFIR is a very advanced role you’d work your way up

But DKOP?

Red Teaming is definitely not solo.

You have multiple operators, and sometimes multiple leads.

Very advanced

Shit man...

My plans are falling apart

Well then you’ll have to build your self up with experience

Don’t look at it like that

I dont know man... Now Im getting lost

you already got a degree right iirc?

Doesn’t mean you CARNT do it bro we all just saying it’s not as easy as one may think

It’s the same with red team etc

Software engineering and in thm Im pre security

Why ? Explain

The software engineering is very good

Because I thought you could be a DFIR cybersecyrity junior level and go there but.. fuck

Yeah but not cybersecurity

I went to software because dumbass me thought I could go through cybersecurity from there

i mean u can

Definitely so ,it’s does add because you understand the back bone of everything and actually software it’ll help you understand and you can code really good correct ?

you are in a better position than me and probably a lot of people here

U can bro

Yh bro exactly 😂

im still doing my degree and its not in Computer Science anymroe its in Cysec

Ok for example do you know timo ? In this server

WAIT FR?

HOW?

Bc it’s different depending on company’s some can expose you to it earlier on etc ….depends what region you from ,im from uk and we have apprenticeships in all the specialisations

So you can get exposed to a lot earlier on

U have a degree in it correct ?

Almost

1 year left

What do I do after

Learn

Alongside it

@warm hinge

I'll keep them on the side thanks g

Serbia

I told you before I think

yeah I know for sure I need Security+

Thank you

Gave +1 Rep to @fathom gorge (current: #1995 - 2)

Yeah but by the time I get my Bachelors Trumps gonna be out of office anyways so we'll have a new SECDEF that will probably unfreeze it

Sounds good. Do you have any suggestions on certain cyber security related things to know in general? Like programming languages. From what I've seen, assembly, C++ and Python are good to know but I wasn't sure if there were any else

If you find some job titles you'd be interested in doing, I would recommend looking at their requirements. If you're still 3 or 4 years out it will change a little bit of course but that will give you a good idea. Also make sure to get comfortable with network protocols

Bash is also an important one

I have a decent understand of them from the Introduction to Networking class I took last semester but I'll look more into them

Alright

I'll keep that in mind

Nice yeah if you keep studying you'll be in a very good position in a few years. Do some labs, create write-ups and practical exercises that prove you not only know the theory but also know how to apply it.

There are also plenty of internship opportunities that will mostly likely result in getting hired right after unless you really drop the ball

Is this ChatGPT?

its definetely ai because they did not give any specific tryhackme paths

What is sec+?

Why is it useful?

It’s a cert

It’s gives you a well rounded knowledge of security etc network security incident response forensics etc

Look it up

Dope...

Will help you with what u wanna do

Has anybody been able to Start Machine for Greenbone Vulnerability Assessment? My system did not show up the machine

Definitely is a job title in some orgs and can be a job by itself.

Where do you find these internships

Not sure if I'm allowed to share direct links but I found a list on LinkedIn today with recently posted internships (most require you to be in the US)
Companies are: CrowdStrike, ArticWolf, GuidePoint Security, Sony, Chevron, & Hendrickson. If you go to their career pages I think they all have an intern soc analyst position right now. Some seem to be restricted to certain groups of people though, Skillbridge is a military program for example.

Seems that internships are commonly posted around this time of the year

Mostly us part is unfortunate, id be looking for companies that accept work from Argentina

Out of context reply. You should read the rest.

Can I join cybersecurity with a software engineering degree?

Eventually yes, might need to do some non cyber security specific roles first though

Because Im a software engineering student and now Im working on thm and htb... but idk how to make it JUST cybersecurity from software engineering

get into devops

Learn about Security Engineering & DevSecOps. May still have to work in a IT Support role or something first but that will get you going.

THM has pretty good pathways for both

I wanna go to blue teaming

Cyber Security used to be so easy to get into, once colleges made a degree for it everything went down hill

its the hype

all of these ads

Damn colleges and boot camps over hyping it

And then hr

the bootcamps are the worst they are charging like 7k some of them claiming they will get you a job

that 7k would have gone so far to a giac cert

How useful are giac certs for getting a job

i see giac certs reccomened on basically every posting

Sorry had to.

Are they not useful then?

I think GIAC certs are only still there due to some government requirements.

Just like CEH.

They are overpriced for sure

im located in MD so yeah its possible its a bit skewed for me

government central

Imagine calling yourself a certified hacker... then it's just CEH.

Cissp is also stupid

Can I do blue teaming from ts?

CISSP still exists?

HR loves to ask for cissp

Because they are stupid

HR tries to turn buzzwords into job requirements

You should ask them what CISSP means

Im a certified CUH

whats CUH xd

Certified Unethical Hacker 🤣😝

Noted. Thank you for the confirmation, DKob

Gave +1 Rep to @obsidian rose (current: #31 - 325)

Can I join DFIR from software engineering? Or is there a specific role for people like us?

YESSS BROOO

that freeze is scheduled to lift next FY

but like all things, subject to change

you also said you want to go into the red side of things. you'll need a strong foundation of OS (windows, unix), networking, and programming (python, c, bash) like @fathom gorge said

but yeah, none of that matters if you don't have your degree yet

No, with no cybersecurity experience on your resume you're not going to get into DFIR right away from software engineering. I've spoken about this with a career coach who works in the field as I'm also interested in it. You basically have two options, like @spiral gull mentioned either go DevOps/DevSecOps or find a no experience needed SOC Analyst positions or even start as IT support.

You can work your way to DFIR after that

You have to remember that a company needs to be able to trust that you know what you are looking for and at. If you work at a MSSP that is a service they sell and just cannot risk a junior on, if you work in a bigger company with their own team you're not really making the company any money. It is likely that the team will be small and they would prefer seniors. The hash reality is that to a CEO, cybersecurity is a compliance necessity but a cost otherwise.

You can try the Honeynet Collapse CTF tomorrow <t:1753545600> to get a feel for DFIR

So I can but it's gonna be time consuming

I can't I just finished the pre security

Honestly I believe anybody can work their way into any role as long as they're willing to put in the work. It may take a few years but you'll get there

well said

Yeah I'm asking as a software engineering student because I thought it only happened in cybersecurity students

Government positions sometimes have a hard requirement on a degree, but even that is generally broadly specified and can be compensated for with years of experience.

As a note i'm only familiar with the USA and Western-Europe so it may be different if you're in a different part of the world

Are there any senior or mid-level Cyber security specialists here?

Solid advice!

Facts, consistency and discipline is key.

Many people give up to early because the road is hard.

And also people want the result fast but don’t want to walk the journey.

Yes 100%

Cybersecurity learning

Underwater Basket Weaving

how do i get a job in cybersecurity i got comptia a+ and 2 years experience in help desk

By showing a recruiter that you understand what a SOC analyst does, when to escalate an alert and you're able to learn quickly. Then apply to positions and contact recruiters

how do i show that

Create write ups, and not the ones that only show which command you used but explain WHY you used that specific command / tool. Create mock incident reports, or setup a homelab and describe the process. You can look at job descriptions for entry level SOC analysts which knowledge they want you to have. Now prove that you have that knowledge in a way so you can put it on your resume.

How do I present these incident reports, or showcase my homelab to them?

Is that at the interview process, or can I somehow show that beforehand?

Maybe with a link to a website that I have? Potentially.

Create the report and put it online somewhere, I see many people using github / gitbook for this. You want to make it as easy as possible for a recruiter to find this. They are not going to sit with every candidate to go through their reports. But it will allow you to put on your resume "Created Incident Reports for cybersecurity labs" under personal projects and give a recruiter something to talk about with you if you get to that phase. Also a good way for these key words to appear naturally on your resume so that the Applicant Tracking Systems can pick up on it

If you use something like the Volt Typhoon challenge you can use a real world APT and research them on MITRE ATT&CK. Always good to show recruiters you are familiar with MITRE and the NIST frameworks

Thanks, I have a question but I don't want to ask it out here in the public channel. Do you mind if I DM you?

Gave +1 Rep to @fathom gorge (current: #1510 - 3)

Sure

Looking for some advice. I’ve been in a help desk position for about 2 years now. I do have my ccna my a+ and sec+. Am I in a good position to start looking into higher roles ?

youre in a good position to start looking into higher-level roles

mayber Systems Administrator (SysAdmin)

Look at the roles you're interested in on job sites and see what skills and qualifications they're looking for. If you have some or all of the skills, apply to the job. Most jobs have requirements that they actually require and requirements that are only things they'd like you to have or else want you to get once you start. If there's a job you want to do, get the skills it's asking for. Having the certifications you hold and some experience shows you know how to learn and apply yourself. Many SOC roles are happy to invite you in and train you up if you have a good understanding of the field and a desire to learn quickly, for instance.

You can also try to move into other roles in IT, like in a NOC or server support, etc. You should have good practical knowledge and abilities with various technologies like Windows/Linux admin, you already have some networking knowledge and you're on the right path. Learn some Active Directory, get comfortable with a little Bash/Python/Powershell, see the kinds of tools in use on the various paths, etc, and start learning them

Hi guys I am getting my first cybersecurity internship this coming semester and it seems so cool. I dont necessarily need the money as I have already saved up a lot for college, but im excited to see the real life applications of the things I have been learning

Hey folks, is there anyone here put TryHackMe expereince on resume? If you do, could you please provide me with some recommendation or anything is appreciated from my end, thanks!

Does anyone have suggestions on how to actually promote home lab projects when applying to a job? If I'm not getting any interviews, how am I supposed to inform a potential employer about any home lab projects? It's not like you can really fit that stuff on a resume and if there's no cover letter accepted, there's not much else that you can do except include it on your LinkedIn profile

I'm far from a pro on this but the biggest tip I learned was that you want to focus on impact. Even if you have years of experience, just saying "x amount of years in y field" isn't going to catch any eyes. Instead, use action verbs and show the hiring manager how your work and experiences impacted previous employers in a positive way

Hello my goals are I want to do ethical hacking mixed with defence would cloud engineering be a good entry to break into cybersecurity? And styll add to my goals

If I have the opportunity to do a cloud apprenticeship

I also have these opportunities but they seemed more lower down not not as fitted with my goals

Cyber Infrastructure Technician
Cloud Engineering
Information Communications Technician
DevOps Engineer
Digital Support Technician
IT Support

(Devops is to advanced )

I have a opportunity to do once of then through a provider

I would suggest trying al the different paths on tryhackme and see which one fits you the most.

I love red

But wanna be smart

With job security

@plain path

Quick question, in the future with the rise of AIs and its intelligence, do you think that cybersecurity is still relevant in the near future and being a red teamer/offensive security person do you think I pick the right career..

Alright, then I would recommend just following the pentester path and add digital forensics and SOC to your skillset.

What about the apprenticeships opportunities I was offered ? Which should I pick

See why I said cloud

To break in red that way

With cloud pen testing etc

If I was giving the apprenticeships offer like you I would take the cloud one.

most folks in the industry who have used some AI offerings are well aware it is not going to take jobs away anytime soon (if ever)

I’d say adapt at least try to understand and learn sim of it to combine

Ok bro thanks a lot ,and can I ask why you would from your pov

Gave +1 Rep to @plain path (current: #1511 - 3)

Because cloud pen testing is newer and more things are to be gained from this knowledge.

This definitely a big plus point on your CV if you know cloud pentesting.

Am I ok to dm you ?

But hasn't it wiped out lots of entry level roles, for example L1 SOC Analyst roles?

That hasn't been my experience. Do you know of any companies that have eliminated their SOC and replaced it with AI?

Why is it recommended to go through Jr. Pentester first? Is that still recommended if I want to break into the industry as fast as possible

Well as fast as reasonably possible in a SOC 1 role

Definitely not eliminating the SOC. Automating lower level tasks that are traditionally performed by entry level cysec analysts and SOC analysts

I've been reading about it, and I'm in a virtual conference right now with some engineers talking about AI replacing entry level roles which is part of the reason it's become more competitive. I don't know if that's like a solid fact, or the complete story, or anything like that, but from what I'm understanding it's a change in the landscape

So no evidence of it, just talk

I mean you're welcome to look it up yourself, I think they're correct that it's implemented at companies who can actually afford to automate entry level tasks, and likely will be in the future if it's steamlined. Whether it's happening right this second or 5 years from now it's still a valid concern

There's a world of difference between 'normal' automation and AI.

AI isn't useful for things that would be considered anomalous from a statistical perspective. If it's used as a heuristic comparison between a users normal actions and the actions that a user is doing today, it could be useful. But as a baseline to judge whether or not someone is doing things that are allowed?

I don't think it's reasonable for most companies to use AI for security purposes internally, because the amount of data needed to have good enough conclusions is extremely large. Outsourcing that piece could result in a large enough data set for the models to produce useful outputs, but that would also involve 'mixing' the data of the customers by the 3rd party vendor. If the business wants to take on the risk of a breach by allowing proprietary and confidential company data to be uploaded for training/processing, that's on them. I think it's a rabbit hole that will not produce consistently useful results until another (and unpredictable) breakthrough happens in the space.

I really like this reasoning and perspective. I'll keep that in mind when studying. If I find anything concrete can I send it to you in DMs?

Or multiple concrete sources rather, 1 won't be enough

You are better off posting those in a public channel, as it would be of public interest.

Gotcha, I see what you're saying though. I appreciate the guidance

we arent seeing l1 soc positions becuase they are being off shored im pretty sure

i see tons of l1 positions in other locations

going for my comptia security+ in august wish me luck hopefully i can get a job with just that for now as a SOC t1 analyst

im sure youll crush it

Go get that cert💪

Good luck on your exam 🙂 🚀

good luck ❤️

hello guys how long did it take for you guys to get good at cybersec

let's go to salle voice

I will make some coeffee and I will return

OK

HI i am coming

Can I join cybersecurity after software engineering classes in school, or should I go to a college for only cybersecurity? And if I can go from software engineering can I go to DFIR?

hello im new in the field of cyber security , i wish to know that in which age i will get a job as pen tester?

It mostly depends on you, how much you’re willing to learn, it could be 18yo, 25, 30 or more

What are people's thoughts on unionization for cybersecurity roles? I have been thinking for a while that i want to make an effort to prioritize my job applications for roles that have union protections. Does anyone have experience working union roles in cybersecurity or resources for how to find union work?;
[note, i moved this from quiet conversation to here since this is probably better suited for the question i have;]

feel like unions typically come with a lot of extra annoying rules as well

What are some real world examples?;

bro i wish sec+ was enough in my area

i work as IT for a school and often hear teachers complain ab stuff imposed by the union rep. different mandatory tasks and meetings bc joining the union isnt optional for them but the rep also looks out for em so i wld say theres good and bad

do you (or anyone else reading) have any experience with Unions in IT or ideally cybersecurity? most of the "horror stories" i could find online were people in unions for non cybersecurity jobs but i didn't find much online from this industry specifically on unions, positive or negative;

nvr heard of unions in tech tbh so im curious myself

hello everyone

You got got this!!!

What do y'all think of the ISC2 CC cert?

Hello ! I’m 31 and currently switching careers. I don’t have a degree 🥲 but I recently completed the Cyber Pre-Security, Security 101, and SOC Level 1 learning paths (about 2 weeks ago). Since then, I’ve been doing some challenges everyday. I was wondering, which certification should I aim for to have a chance getting a SOC Analyst Level 1 job in France ( security + or BTL1 or other ? ) ? Thank you !

always sec+ first;

like check your job market in your area, but sec+ is basically a requirement in every security job i've ever seen;

sal1 is nice as a bonus to sec+, but generally its safe to assume sec+ is the first and best cert to jump your career;

Also before sal1, consider building at least 3-5 solid cybersecurity projects;

based on what my mentors tell me, the 4 biggest things for getting a job in security is:

1. hands on job experience
2. Sec+
3. a portfolio, doesn't need to be a website since you can host it on github
4. a) uni degree (IF its relevant to the role you are doing)
   b and so on) other relevant certs like sal1
   [in that order];

for 3.... what do you mean a portfolio?

also what is github

A portfolio is a collection of work you have done to show off what your capable of. Github is a site for collaborating on projects with other people

It can also be used to display projects you've worked on

ah okay yeah i just looked it up but how would that benefite and go with cybersec?.... sorry im just trynna understand more so then i can dive in haha

cause i know once i get the comptia sec+ even getting an interview is gonna be a hassle so id rather like you guys mentioned build up everything

You can do cybersec specifc projects, and display them on github

so like if i do a splunk project i can show it on github?

or i can help others on github

i apologize im new to this whole tech stuff.. i come from an automotive mechanic background

I've yet to use splunk so I'm not sure how projects work on there. But I think there is something called github pages which you can use as a portfolio. On there you should be able to display anything I believe, I use it for a basic website portfolio/resume

ahhh ill definitely look more into it thank you for introducing me to it

French market is different than most of the western world, I would defer to Dkob for anything involving France. Most of the advice you'll read in here is not directly applicable.

Done!

hello...

Hello everyone, i am a last year computer engineering student in college, i was targeting MERN stack in web development and already finished React but the labor is kinda crowd so i couldn't achieve even a training or intern. That's why i am thinking to shift to cybersecurity exactly to pentesting or red team but idk if this career is suitable for me or should I read more? Also i don't have any clear roadmap 🥲 🥲

hi i'm targeting soc roles , any useful projects i can use ? (already did a home lab + did another project using splunk and sysmon)

Soc L1 and even Security Analyst

I'm looking at Jr SOC Analyst roles myself

https://roadmap.sh/cyber-security

that said if you have no clear career goal, i would speak with a career councilor first before investing a huge amount of time in a career simply because it seems less crowded;

personally i started out in mern, and after speaking with career councilors found that cybersecurity and some of the subset of positions connected to this broad fieldwas a good area for my personality type and goals;

some other connected roles to look at is big data, cloud, networking and/or it. you can even look into finance potentially or software engineering. or you might learn that your goals mean that you want to make webcomics, or run a deli, or find a job working as a manager of a mcdonalds is the calling for your goals, who knows. biggest thing is to start with a clear set of priorities, and use those to determine the choices you make. Ideally with a greater level of specificity than just income level or the amount a career is crowded;

I have a question to

Ask

https://dontasktoask.com/

What is domain used In the hacking fakebanks

IP address

could you clarify the question? why do you ask?;

is this is room question?;

What is the domain IP address used in hacking fakebanks

#room-help

Ok thanks

@quartz canyon thank you

Gave +1 Rep to @hollow sierra (current: #1514 - 3)

Anyone here prepping for Python basics / Security+ / THM modules / AZ-900 and wants to form a beginner study group?

wdym for that mister?

Hey im Cyborg, from India, enthusiastic with the CyberSec world! i’m planning to build my career in this field, and if anyone out there shares the same vibe, feel free to join me. We can help each other out and together get a clearer path in CyberSec! : )

Question:
right now, i've done Google Cybersecurity Professional Certificate, but I’m unsure about what to pursue next—like CCNA, CEH, pentesting, Sec+, etc. also, i keep hearing about different domains in cybersecurity and it’s getting a little overwhelming.

and very imp that should i focus on development part or not?

would really appreciate it if you could share some advice or maybe a quick roadmap. also, any suggestions for good cybersecurity projects or how to approach getting an internship would be super helpful..

your helps will means a lot!

yeaahh

Hey, that's great will you guide me from beginning level

Kkkk

https://roadmap.sh/

Sec+ will be a good next step forward, I would say CCNA as well would help with the strong networking background that you'll very much need

bro at what level, i'll able to apply internship or for a job??

There is really no exact time to start applying for jobs, just start early. You don't need to know everything before you start applying for roles

can this give me enough knowlage over a span of 6 years to find a job after uni?

and after the certifications ofc

Hey guys, I need some advice about my career path in cybersecurity. From what I’ve seen in different cybersec roadmaps, it feels like the field is mostly IT-focused (like 90%) and not that heavy on core CS stuff.
So now I’m wondering – should I stick with a CSE/CS degree or would an IT degree make more sense? I don’t really have much real-world experience, so most of my career choices so far have been based on guesses.
Would love to hear from people with experience in the field. Any tips or personal insights would really help. Thanks!

I am yet to join college tho (just a note )

I would also love to know what an actual CSE side job would be as compared to an IT job (based on degrees )

Yeah if you know the whole cybersecurity roadmap in dept then for sure your knowledge is very high.

I just want to make sure you take this into consideration too, 6 years is a long time. So much can / will change in both the field of cybersecurity and your personal life.

The most important thing is to match the degree with were your interests are. Both degrees have value, both fields have, and will continue to have, plenty of job opportunities. It just depends on what you are interested in. Make sure that you vet the classes you'll be taking for the degree, that is going to be more important than the name of the degree when it comes to gaining the right experience.

The most important skill i learned in university imo is learning how to learn. and i don't mean just learning how to learn things you are interested in, but understanding yourself enough to know how to remember the things you probably can't stand and improve the parts of you you are worst at;

That is also very true, well said

Personal story: I went into university back in 2013. i had big plans to make a web comic as my profession by the time i finished university. I didn't even graduate and i droped out at 60 credits. then i worked at a dinning hall to pay rent and studied full stack web development on my own time. then covid hit. then i couldn't return to work for health reasons. then the web dev industry changed so much that there wasn't as much demand for my talent to be able to find an entry level job in it let alone something that paid better than what i was making when i worked at a dinning hall. Now i am getting a sec+ cert after doing a security bootcamp and finding work in cybersecurity. its 2025, i'm now in my 30s, that happened over 12 years;

Tldr; go with the flow and absolutely follow your passion, but remember that hindsight is 20/20. not foresight. things will change in those 6 or even 12 years, and that's ok. just focus on doing what you need to make it 1 day at a time and everything else will sort itself out as long as you keep trying your best and keep an open mind;

I think this is the Advise of the DAy❤❤✅

the purpose of an undergraduate degree is to show that you can show up and do tasks

tbh

going to be honest i disagree completely everything ive learned regarding cybersec has been outside of uni

and being forced to do those non-relevant classes in uni just made me hate those subjects more Lol

agreed

totally ok too. some people are dreamers and they become like Oda and spend every day of their life making their masterpiece like One Piece;

Generalist and Specialist are both valid paths in life, and there's a wide range between those absolutes;

My interests do change sometimes a bit. But im am very sure that i am gonna make my future in this tech and computer industry tho. That's for sure. Cybersec in my opinion feels like growing a lot slowly, it's like a dark horse. Not everyone sees it or respects it but is slowly running and gaining it's value. And I find cybersec interesting. Earlier before Cybersec i was more into Discord Bot Dev. but lost all hopes when Discord Abandoned it's Bot Dev Badge (i was in 9th grade so not much ) And in 10th i was trying to play out and work in python. But now after studying for 2 years for JEE examination i feel like i have exhausted all my creativity. But for some reason, Cybersec sparks it back again in me. And i em enjoying Cybersec so for being 32 days in it for now. ( I have started from THM no other source)

I don't think you guys are nescessarily disagreeing here, Violet is doing the exact same thing. They're just saying they "learned how to learn" in school and developed themselves as a person. Which honestly, the first 25 / 30 years of your life is what life is all about.

ohh will definetly take note of this 🙂

I think I only know a handful of people that work in the field they studied

💯

how you learned isn't as relevant as what you know

is that so?

i mean i have seen people but never thought majority would be like this

i just dont feel like i learned how to learn via uni though i feel like i just would try to game as much as possible the irrelevant stuff and I learned how to learn mostly via independent struggle

is that real?

oof

Haha yeah okay you got me there, I did the same thing 😂

Oh and also worth consider that like most things, cybersecurity is actually like 30+ job roles (with lots of types of requirements that vary from each other). so even if you decide now "tech" like i did at age 18, or Cybersecurity, which is a subset of Tech, there's always more specific things that could speak to you inside that wide range. be you an introvert or extrovert, a paper work fan or a midnight coder, an in person worker or someone like me who prefers to work remote, cybersecurity has a large range of possible paths to take as you learn more about what parts interest you and what you might later decide to specialize;

haha

Just wanted that piece of paper

me rn fr

wdym exactly by 30+ job role? u mean the age ?

https://static-labs.tryhackme.cloud/sites/careers-quiz/

like 30+ job titles;

30 branches of cyber sec