#cyber-and-careers

I will keep that in mind

Thanks for the advice

Hi guys, I am new here. I am just a non-IT guy, graduated with business major, no IT background, no knowledge about cyber security whatsoever, but i want to change my career and started looking online for my very first step. I am planning to take a google cybersecurity certificate on coursera, try to get CompTIA exam, learn python on some guys on youtube. And then i may do a master's degree. Does it sound like an okay plan? Or am I missing something? I am a slow learner, not that I am dumb, just learn things slowly and kinda hard to concentrate for a long time. But i really really want to change. What do you guys think? Thanks for reading this long post. Lol

Rather than saying you're a slow learner try to frame it as, "I learn differently". There really is no one way to learn, even if many people in IT/Cyber may think otherwise. Having a degree in business is not a bad start. Whether people like it or not at the end of the day, for most companies, cybersecurity is a business decision. "What is the minimum we need to do to stay compliant" for example. Cybersecurity is rarely seen as a money maker.

Make sure you do practical exercises too, most career paths require practical experience. If you can manage to get to a position where you both speak the IT lingo and business lingo you could set yourself up real nice for a decent cyber career. Make sure you have a plan on what you want to achieve before you start studying all these things. Much easier to have a goal and figure out what you need to do to achieve it then to just start doing without a sense of direction. Have you considered GRC for example?

what are some begineer level free certifacte to get started with !

Hi guys, I am looking for a decent OT cyber sec cert , I am aware of 62443 and GICSP and they are expensive . Any Ideas what alternate cert we have ?

I'm sure you're familiar with Mike Holcomb, if not check him out. He doing a pretty good job explaining what is useful for OT Cyber

Also CompTIA is working on an OT cert, but I think that wont be out until Q1 2026

Not sure if there are any free certs that a potential employer would really care about. You can get plenty of "Certificate of Participation" through TryHackMe CTFs that will list your place on the leaderboard. Depending on your situation you may be able to find some financial support or scholarships.

ohh yeah I also heard that but didn't knew when they will be launching + comptia is well known and has regional pricing.

thanks mate

hii guys, does tryhackme help me understanding on offensive security? as i want learn it and at the same time i got free CEH exam this 16/10 that i need to take seriously if want persuade it.. can it be either freelances or full time job if i persuade it?

Yeah definitely THM is one of the best places to kick off your cyber security journey 🙂

its good to hear that.. maybe i'll go with premium

alrdy try free and seems promising for me who less knowledgee

Hi new to here. I recently started leaning this field using tryhackme as main source. honestly im loving what im doing but at the same time i sometimes feel overwhelmed by watching those really skilled pentester, ethcal hacke and stuff feeling how do i even get there. did you guys go through where i am now? is it really abt consistency?

You can check out free roadmap before moving to premium 🙂
https://tryhackme.com/resources/blog/free_path

It will take a long time , a lot of hard work , consistency and discipline to become good at this ( more or less just like with any other thing in life 🙂 ) Are you ready for that ? Of the answer is yes you're in the right place 🙂

Just keep doing to work and keep learning. There is no shortcut.

If it gets to overwhelming for you then work/learn in sections and only move on if you truly understand a subject.

hello guys, if i studying soc roadmap on tryhackme, what other resources and certificates i need to get so i can get a job as soc analyst? + does anyone here get a job after studying at tryhackme? what did you studied more?

i am a student in computer sci first year and i know nothing about cyber-security and i want to learn and work in cyber-security i started with switching to kali linux as my main os and i am doing good with that but still don't know how to learn ctf pentration testing and be a soc for an example does supscribing to try hack me premiume will help or there is a course i have to take?

Hello anyone here tell me how many years took you to get a good salary job

See the post KGB made earlier, the TryHackMe roadmap is an excellent way to get an idea of what all the different roles are. After that you'll have a much better understanding of what you need and where to go.

okay thanks

Gave +1 Rep to @fathom gorge (current: #590 - 11)

Don't compare yourself to those who've been doing pentesting for years already. If every runner compared themselves to those running in competitions we would have no amateur events anymore! Work your way through the THM paths one step at a time and you will see improvement every week. Then at some point you'll be able to understand what those pentesters are doing and learn from their methods.

I really wouldn't be using kali as a host OS, that's terribly insecure and likely unstable.

Yes the roadmap is a very good way to start, you can even attempt to pass the SAL1 Certificate after you complete it. It wouldn't hurt to get some other certificate like Net+ or Sec+ either but wait with that until you complete the roadmap on TryHackMe and get a better understanding of what cybersecurity is in general and what you enjoy in cybersecurity.

Thank you

Gave +1 Rep to @fathom gorge (current: #547 - 12)

Instead of using Kali as your main, you could run Debian since you can do all of the same things down the road and you get stability, but setting up a mock environment in a homelab and pentesting that with Kali would likely be a more effective solution once you have a deeper understanding of what you want to do

انت عربي؟

I think i will stick with kali for a while i am using kali as duel boot with windows so i can delete everything any time without worrying about my data for now i stoped using windows and iam very comfortable with kali so i think i will setup debian as a third os and try it

Yes
Sudanese

Been blown away by Tryhackme and the learning paths to get hands on training, i have done security+ network+ A+ google Security certificate all this year and studyed so hard but something was missing it really did feel like it was theoritical knowledge, did not make ready to put myself thru interviews and jobs. Tryhackme has been the key to unlock the knowledge and that with some of the amazing walkthrus by memebers (Shout out to THE HELPFUL HACKER) it really embeds the concepts to real life.

Added to this I now use GROK AI to help me also with scripting / shells for instance to help me breakdown what is happening and why, but also how i can conduct an investigation or alert to detect these remote sessions, I am just addicted to the learning my curosity on how, why, what and having that information at hand and Labs to actually do what you learn is just next level. I am working towards the tryhackme SOC Level1 now.

Anyway I thought I would share my experience, I am moving to Perth AU early next year if anyone knows of any companies there that have SOC Operations Teams.

Hi , I want to ask what should I do when I finish network basics and networking essentials.cause I'm a little bit confused,should I go directly to tryhackme(which room should I start with ),or go to security+,network+ gcsc.

Hi guys, so currently i'm in my final year of high school and want to pursue computer science in university after I graduated out of HS. Aftwards I want to work as a pen tester/red teamer.

Just finished Pre-Security and currently doing Cyber Security 101. Once I finished cyber 101 I shall do the PenTester path.
Is this a step in the right direction?

Try Hack Me is excellent to gain that hands-on experience and put everything you learn into practice. The Sec+ is to show you understand the terminology and security practices, Net+ is the same but for networking . The question you should ask yourself is what are you trying to achieve? Do you want to be a Network Analyst? Or a Pentester or one of the many other fields Cybersecurity has to offer. Once you figure this out you can start more targeted learning. A great way to figure this out is to start with the Pre-Security and Cybersecurity 101 learning pathways on TryHackMe

Yeah absolutely, since you still have a little time also checkout the other learning paths. You may find that your interests change while you're in university, so it is good to be aware of all the different roles in Cybersecurity. That will also allow you to target your learning at university and maybe join a club or do some part time work in that field.

But there is many options in every field

How can I choose

What is it that interests you? Do you like figuring out how somethings works, understanding how you could avoid authentication for example. Or are you more interesting in figuring out if and how an attacker got into a system.

You can always try a few SOC analyst rooms and a few Jr. Pentest rooms

Learning the basics of each and then really dive into the one that you prefer the most.

Yeah for sure I'm also gonna do the other paths once I'm done w the pen testing. Good to be an all-rounder.
But the thing is, what can I do to up my portfolio so that I can get into internships when I'm in uni at any of those roles once I'm done with learning all those paths?

I know that for software engineers/programmers it's to build programming projects (beyond to do list and basic calculator) to show your capabilities and solve leetcode problems in the interview. What about cyber security? What can you do to prove your worth?

Hi everyone, I studied Data Science and Econ in college and worked as a data analyst. I want to pursue a graduate degree and was considering cybersecurity cause I find it interesting but I have no background in it, academic or professional. Do you think that it is possible to pursue a Master's in Cybersecurity with no background? If you have any suggestions on what I should study before doing that, please let me know!

Homelab would be a very good project for you, setup a homelab, setup up some detection and then try and attack your own lab. Analyze the logs afterwards and either create a write up of all of this or a well documented video. Since you're going into CompSci, the Security Engineering path may also be very interesting to you. You could combine a lot of you CompSci knowledge with the Security Engineering role.

100%, you may have to work a little hard in certain areas but you'll also be able to transfer some of your data science knowledge. I assume you've worked with python / pandas? That could really benefit you in Cybersecurity. SOC analyst is really not too far off from a data analyst.

As for what to study before, if you can get familiar with everything that is covered in Security+ you would have no trouble getting that degree. You don't even have to take the actualy exam yet. Just see if you can pass a practice test.

So it doesn't matter what room I take cause they are similar .

I would recommend you start with the SOC Analyst rooms, get yourself familiar with some of the Cybersecurity knowledge. Then once you have done a few switch to Jr. Penetration Tester. You can see form the difficulty that the SOC Analyst pathway will be a little easier than the other one.

Okay so I shouldn't bother my self about which room to chose

Taking the easy one is enough for me rn

Do you have any recommendations on the learning paths I can take on TryHackMe that would help with covering Security+ content?

Ah okk, well then thank you very much. All I gotta do now is be consistent with learning the paths in Tryhackme. Do you think I would have covered many grounds within a year given I keep on learning stuffs at tryhackme for at least 10h/week?

Gave +1 Rep to @fathom gorge (current: #508 - 13)

You should be able to complete quite a few learning paths that way, I've done three in a little less than 6 months at maybe 6 hours a week. You seem like a focused person with a clear goal so I have no doubt you'll be able to complete all of the "1st level" learning paths.

Alright good to know, feeling quite lost when I had no one to talk to about this 😅

Have you completed the Pre-Security and Cybersecurity 101 already? Those would be good pathways to start on, Soc level 1 next and you could try the Security Engineer after that too. If you combine that with other sources you should get a pretty good basic understanding of the concepts.

Haha yeah I come from a Software Engineer background myself and Cybersecurity initially does seem overwhelming. I may be biased but it is a really good place to start from. You'll understand so much of how things work behind the scenes already. Once you learn one or two programming languages you'll start to see patterns and can easily read other languages too. Very useful when analyzing Malware / Payloads.

So you must've had created a learning system by this point. So what would you say If I want to recap what I've learned over the past 2 weeks?

I'm afraid I might "forget" what I learned earlier in Pre security, so what should I do?
I did take notes but didn't make flashcards. Should I just tell Kimi K2 to make quizzes for me from the materials and test me or what?

TryHackMe's learning paths are really well layed out, often times the next learning path that you follow builds on knowledge you learned in the last.

What works for me is to focus on a single topic for a few days. I took my Security+ exam before I really started digging into TryHackMe and that was a mistake. While I did pass with a decent score, I had no idea how most of the terms asked about in the exam were actually applied. Kerberos, yeah sure some kind of key and ticket system. But then I did the Directory room on TryHackMe and that is when it clicked.

If you hop between different types of room too much you'll likely forget new knowledge. Focus on SOC or Pentesting, take notes as you go and use those notes in the challenges at the end of a module. There is a concept called "learning by teaching". After a challenge, create a report in which you pretend to teach someone else how to complete that challenge. It will help you figure out where you struggle and force yourself to make sure you really understand what you did. This last part can be a big game changer but it does depend on how you learn.

This is also where, in my opinion, you'll find the difference between two people using TryHackMe. Writing out everything you learned in a way that you could teach a class about it will take time. You likely wont make it to the top of the leaderboard that week. But I promise you, you'll gain knowledge for life. If you take your time, and make sure you really understand what you learn in each room you'll never be number 1 on the leaderboard, but you'll also never need a write-up from someone else. CTFs will be so much easier, and once you get into an interview with a recruiter you wont just be copying the dictionary definition of a term. You'll be able to explain why it is important and how it is implemented.

Ach soo

Yeah lol I was kind of worried about not scoring that much in the leaderboard (fear of getting demoted lol) a bit more than I should have cared for.

And idk why but initially before talking to you here I feel like I "need" to finish a lot of these rooms as quickly as I could, often skimming through the boring but important parts

But anyhow, I'm glad this clears up a lot of confusion

That is perfectly normal, the down side of gamification is that it become a game of points. Gamification is a great way to keep people coming back but the focus may shift to the wrong priorities. I wont lie, the more practical parts can be a lot more fun ha. But if you're serious about making a career out if it, make sure to, at least every so often, take the time to read and understand what you're doing.

It is also important to understand that a part of both the professional SOC and Pentesting roles is writing reports. SOC level 1s need to be able to explain why they escalate a ticket. Pentesters need to report on the vulnerabilities they found and recommend ways to solve those.

Alright then, much appreciated bro

Cool look forward to hearing about your progress!

Will do

Hey everyone, I am new to cybersecurity, so can anyone help me out on how I can start a career in this field, and provide free resources to study

https://tryhackme.com/resources/blog/free_path

I guess come back here when u done that

dude free rooms are useless

Oh by all means help him over me

theyre 99% of the time just inroductions

dude its a start

he needs introductions

not practice

I mean this is like just taking the first lesson of every room

I get you but if he don’t pay then🤷🏽‍♂️

It’ll still pay off

And hack the box

not really

if you dont pay then there is way better free sites~

if u have free sites suggetions please enlighten us

idk if its against the rules here

but ill go ahead

college.pwn

is good

its fully free

Oh fr bro ?

😂😂ur putting me on let’s hear them

Bro it’s literally called cyber and careers of course it allowed 😂🤦🏽‍♂️🤦🏽‍♂️😂

i was wondering if its allowed to share other sites that is not try hack me

Never heard or used this one yk

use ur brain bruh

Ohhh no igu

ig u can try it ?..

Why would you not tho everyone does all the time

For example hack the box

For sure will safe bro 😎

dude are you indian

What ?

What has that got to do with anything ?

your english is bad

i dont really get what you're saying

Bro what

guys chilll out , u gave us a good site , thank u no need to heat things up

If you read the messages I’m not the one tripping

I was being nice to bro

This has nothing to do with being Indian ,low-key racist

"why would you not tho everyone does all the time for example hack the box"

what does that even mean..

🤦🏽‍♂️

well most indians english sucks

Bro u Carnt say that 🤦🏽‍♂️😂

dude are you a youtube shorts kid?

the heck are u saying

You said “i was wondering if its allowed to share other sites that is not try hack me” so I answered "why would you not tho everyone does all the time for example hack the box"

I’m wondering if you know English properly if you Carnt even comprehend what I’m saying lol

guys please this is funny , why are u guys fighting , stop it and man up , go learn skills and make money thats why we re all here for , Stay focused

😂😂😂I’m chill like the inside of a freezer

Always my goal

https://tenor.com/view/really-bruh-blink-blank-face-gif-9334898104617218757

Thank you, buddy. Once done, I will come back. Please do help me

Gave +1 Rep to @junior cliff (current: #648 - 10)

No problem defo ask in here for any help

The sites I use are this platform, HackTheBox, and Cyberdefender's. But I'm sure there's many more out there.

@keen tundra message spammed in multiple channels.

I'm on the fence of whether I should just study up and get the CISSP.. Any thoughts on that from pros? Maybe holders? How has that affected your experience in IT and management in general?

It's not a bad cert if you have the experience

if you are going to senior security or management, it's fairly helpful. It's also the most common cert that I have seen recently in the job market

It is expensive though, if you can get your current employer to pay for it, that is the way to go

there's also some requirements for how many years you've worked in infosec and you need a sponsor

ISC^2 can be your endorser

Also, you can take the exam without any experience, but you won’t get the certification unless you satisfy the 5 (or 4 in some cases) year experience requirement

Hi. I want to get into cybersecurity career ,which is best for fresher role because i have zero experience in cyberfield ?

There is no best role, first found out what field you like in the cyber security space and then search for a role suited to you.

While there is no "best" role, without any experience you may want to focus on helpdesk / SOC analyst roles initially. "entry level" in cybersecurity is a little misleading as it means "newish" to cybersecurity, often requiring some experience in IT related fields.

Do people think that it’s worth it to devote time/energy to studying data analytics in order to get better at cybersecurity?

Depends on which route you want to go, however if you're going to do it instead of being actual hands-on with cybersecurity then no.

A SIEM is basically a large collection of data that needs to be analyzed, so there is overlap there.

im learning system admin things with networking and then going to focus on SOC analyst but learning the fundamentals first

👍

does anyone know if you have to only use the tools available to you in the eJPTv2 exam. is it possible to transfer tools over to the in browser kali? if not how did anyone who passed it pivot, im used to using sshuttle and chisel.

you cant transfer anything you are basically going to be using attackbox

its their own attackbox with no internet connection

you might be able to copy and paste some simple open source tools though into their vm idk (never tried it when doing exam)

the pivot i used the method metioned in the exam prep which was msf autoroute -> nmap module

I'm redoing my resume focusing for analyst positions. Is it good to include links to my linkedin and github (i put writeups on there) in the resume, or will people not check it out due to security reason (not clicking links)?

What tools do you want to transfer? The INE machine has all the tools to succeed the exam.

Same tools as the kali Linux machine.

Maybe you could email them and ask the question.

off the top of my head meybe things like ligolo, linpeas, winpeas.

Hmm you can 100% copy the script of linpeas and run it.

The others I don’t know.

ah okay thats nice. and for pivoting would i have to use proxychains, metasploit? im unfamiliaar with that methods

also does anyone know an estimate difficulty for enumerating, exploit and priv escing for these ejpt machines/network compared to any specific tryhackme machines?

Metasploit 100%

I’m doing the EJPT prep labs now for the EJPT exam. And for exploitation it’s going to be Metasploit.

For sure going to be a bit harder than basic CTFs on tryhackme but I read some mediums about it and it’s really a beginner exam.

For I think you should not really struggle with it but the difference is that it’s not an CTF

oh nice, how are you finding them? i need to buy an exam voucher to do that course.. i heard they removed the black box 1,2,3 from the course tho which is sad- need to practice pivoting.

It’s based on a real scenario.

Good the prep lab is really good and refreshes the knowledge as well.

only thing ive done for pivot practice is wreath nwtwork on tryhackme.

that was very fun

Nice

https://notesbynisha.com/cybersecurity/ejpt-certification-journey/

I found this blog

Of a person passing the exam has some really good information.

Like what tools we are going to be needing and what rooms are good to practice before the exam.

She even said some rooms for tryhackme.

oh nice, ill look into it. when are you thinking about taking the exam yourself?

I have like 77 days left of my subscription and you need an active subscription to take the exam.

So yeah hopefully in like 2 months.

That’s why I would recommend buying the prep bundle it’s cheaper than buying exam and subscription.

Also look out for sales because I bought with 50% off so it was 125 dollars. Which is really good price.

thats the exam + 3months fundamentals bundle right? unfortunstely its still around 275 dollars or something for me i think

Yes correct.

Ah oké, yeah look out for the sales they come out for no where.

is there a reason you are delaying it?

because if it is to finish the prep course i would not recommend doing the entire thing

Yeah just want to practice abit more.

It’s long indeed 155 hours, you don’t recommend watching all of it?

What parts in your opinion are the best?

once you get passed halfway they repeat the same lessons over again, i mean literally verbatim the lesson with the same length some of them are literally just doing the same thing

you will notice it quickly 3 times how to exploit smb

3 times how to use metasploit etc

it got me quite a bit pissed off actually so i didnt finish it and used my first attempt to see how it was and passed

Nice good to hear that you passed congrats 😃

Ah oké, so up until that point it’s worth watching?

its about 70% of the way i dropped it iirc

when you feel like there are way too many repeats id say drop it

mostly what you have to do is just remember/note take the exact payloads they teach you for the enumeration for their specific tools since you are restricted in toolset in their box

In how many hours you finished the exam?

besides that its really just running them properly on the machines they give, make sure you pay attention to the section where they tell you how to do post modules with msf for grabbing hashes and etc becuase that it important for some of the questions

was less than 20 iirc i think 11 hours were left 88%

Nice

Good tip thanks.

Gave +1 Rep to @spiral gull (current: #549 - 12)

also i only remember their being 1 pivot

Alright will keep this in mind thanks again.

np

An easy or hard pivot?

was very easy just a host discovery iirc and you answer the questions nothign to exploit on it

question was something like which server is the pivot or close to it and how many hosts are present

Ah oké. So you really move from phase to phase in the exam?

its a lot of machines

my methodolgy was a bit chaotic ish so i was kinda just scannign everything and notetaking but you could just do it one by one

Oke, so in the prep videos. Metasploit, enumeration and payloads are the most important to keep an eye on?

Haha it still worked 😎

yep

exploitation too if you are not familiar with it but the exploitation is literally just searching via searchsploit and running msf modules

enumeration metasploit and post with metasploit most important

Yeah true, thanks again for your tips I really appreciate it.

Gave +1 Rep to @spiral gull (current: #509 - 13)

np man

What cert is next for you?

doing pmrp with tcm

im not really into pentesing because i hate webapp tbh lol

Hahahaha

Nice

What’s your dream job then in the cybersecurity space?

probably like first malware analyst/reverse engineer then incident responder, digital forensics,

i checked on ine btw its about 48% of the course i did for prep

Can you send me maybe a screenshot of which parts. Only if you want of course. If not no problem.

all of these were skipped

Oh nice, I find reverse engineering very cool.

i had a bit of exp with htb though

before the exam

the academy atleast

Nice, good move. I found that the tryhackme rooms help me also in this EJPT prep rooms. Speeds ups the process.

yeah definetely

I was like if you have to go blind into the EJPT rooms you have no clue what is going on 🤣

What are the remote work opportunities in this field like?

Highly depends on the role, the industry and part of the world you are in. They do exist, however there does seem to be a global push for return to office. It feels like it may be a little less for CyberSec, especially in the senior roles.

hey guys , a quick question ...
im new to this field and i've seen so many roadmaps to reach where i wanna be
my question is should i take all the certs that they mention or i can start with just practice labs and stuff like that without the need to take any certificate like a+ net+ and sec+
thanks

can anyone suggest me career related to cyber field with no prior experience?

Check out this path and go through it 🙂
https://tryhackme.com/resources/blog/free_path

Help desk

you mean it support

thanks

Gave +1 Rep to @keen tundra (current: #1 - 5763)

Hello. I am currently in France. I have probably a stupid question. Is it really to find a first job in the field of cybersecurity or in the nearest fields (for example, in networking), if I don't have an academic diploma? Almost in all propositions in LinkedIn it's written that a degree is necessary

Hey everyone I’m looking to pivot into Detection Engineering and would love some advice on where to start.

I’ve got 3+ years of cybersecurity experience (SOC, threat detection, SIEM tuning, vuln/patch management), and I was recently laid off — so I’m especially interested in free or low-cost resources to skill up for this path.

A couple quick questions:

Are junior Detection Engineer roles even a thing?

Based on my background (below), where would you recommend I start?

Quick background:

Former SOC Analyst (Bank OZK) – focused on phishing, malware, BEC, detection tuning in Azure Sentinel & Google Chronicle

Vulnerability/patching work with Tenable, Nessus, PDQ

Strong in process docs, compliance (NIST, CIS), and optimizing security tools

Currently taking TCM Security’s Practical Junior SOC Analyst course

Would really appreciate any advice, resources, or guidance from folks here Thanks in advance!

Detection Engineer is a fairly niche field, have you considered a Threat Hunter position to start with? You may have an easier time finding those positions. Since you've got a nice amount of experience another thing you can consider is find companies that have Detection Engineering positions, apply for a SOC / Threat Analyst / Security Engineer role first. Many companies will post roles internally first, this would allow you to pivot at a later point with much less competition.

have you taken a look at this https://github.com/infosecB/awesome-detection-engineering ?

Not the right channel for that and probably illegal

Please do not ask for help cracking wifi passwords here.

Hey everyone,
I’m a 23f BsC Software Engineering, cybersecurity/IT professional based in Birmingham, and I’ve been actively job-hunting for months now with no luck. I have a background in IT support and junior SOC-style work — including experience with tools like Wazuh SIEM, building dashboards, and creating hands-on labs for cybersecurity training. I’ve also completed a number of courses (CompTIA-style content, TryHackMe, Coursera, etc.).

Despite this, I’ve been getting ghosted or rejected at every stage — even for entry-level roles. I’m starting to feel discouraged and wondering if there’s something I’m missing or doing wrong.

My situation: • Based in Birmingham (but open to relocating anywhere in the UK) • Experience in IT support, threat monitoring, basic SOC workflows, and content creation • Consistent hands-on exposure to tools like Linux, Windows, SIEM dashboards, log analysis, detection rules, etc. • Looking for Service Desk, IT Support, SOC Analyst (Level 1), or Junior Cyber/IT roles • Eager to learn on the job and grow with a company

Has anyone been in a similar position? Are there any companies, agencies, or tips you’d recommend for actually breaking into that first role? I’m happy to send my CV or portfolio if anyone is willing to take a look or share feedback.

Thanks so much — honestly just trying not to give up on my dream IT career 💛

I’m on the same boat. It’s been discouraging. I was a contractor and working as a junior cybersecurity analyst for two years & have been unemployed for four months. It’s starting to scare me.

Not too familiar with the market in the UK but you can try this one, it is a good company and the position is meant exactly for people like you. It is more of an OT role though. If the UK market is anything like the US then right now is a very difficult time to get started in Cybersecurity. I've seen recruiters mention they're seeing an unusually high number of applicants per position and often very qualified people too. So keep trying, the fact that you have some practical experience already is a big plus.
https://job-boards.greenhouse.io/dragos/jobs/4800390008

And if you or GY are a little more advanced they also have a Senior role open.

Big tip is to also start following recruiters on LinkedIn, many are sharing open positions not only within their own company but also positions they find elsewhere. It seems that Cybersecurity recruiters are a lot more likely to find and share positions that are not within their own company.

i’m located in the US

but yes let me try reaching out to recruiters

it’s a scary time

Ah sorry about that, yeah we're in a very difficult market right now..

It can also be useful to search for IT / CyberSec jobs in fields that you won't necessarily consider IT fields. Think of Healthcare / Home good stores, and then make sure you apply through the career pages of the organisations themselves. That will make you standout more than being the 200th LinkedIn / Indeed application.

thank you 🥹🥹🥹

For you, GY specifically, HomeDepot, CVS, Spectrum, Humana, LexisNexis are big ones.

definitely going to look into it 🥹🥹

Hi everyone, I just joined the channel and still learning all the great information on here. I'm 26 years old in the USA and venturing of to learn cyber security. If anyone has input on the best process to start with/certifications to aim for I would greatly appreciate it. I am very very new to it all .

What are you hoping to do in cybersecurity in let's say 5 years from now. Do you have a specific role or field you'd like to be active in? You can get started with the initial learning paths on TryHackMe and figure out what you enjoy most. Wait with certs until you have that clear.

anyone in here hiring? I'm currently a cybersecurity student and the lead OSINT investigator at a non profit if that sweetens it any.

I appreciate the input greatly . I'm not to certain what field I wanna get into . But I wanted to have a start to see my options and go from there @fathom gorge I know the information is probably going to be over whelming but where do I find this"tryhackme " information?

@keen tundra shared this earlier. https://tryhackme.com/resources/blog/free_path This is an excellent way to learn more about the field as a whole.

Thanks a lot 🤞🏽🤞🏽

is there any other discord channel that i can follow with direct job posting or more in depth work careers opportunities?

#jobs-board

thank you!

1. Jr. DE roles are sort of a thing but probably not a title you see, I currently work in a DE role and it is something you grow into a bit so really anyone new on the team will be a junior - you need to learn the processes and procedures for the particular environment regardless of your experience and expertise.

2. Based on your background I would try to find another SOC role but specifically look for companies that have dedicated DE or Threat Hunting roles, it will be infinitely easier to pivot to another role from within a company you are already working at.

3. For upskilling, it seems like you could use some more experience in actual engineering, learn about the detection lifecycle and how CI/CD + automation works in relation to detection deployment and management. SIEM architecture and engineering are also crucial to get hands-on for because you will often need to advise on getting logs into a platform and properly parsed

Try applying to orgs with a global presence or have some "follow-the-sun" security operations model - at my company (US-based) we highly value UK-based folks because their normal working hours roughly correlate to the overnight shift hours here in the US which obviously has extremely high-turnover rates

Generally unless the position specifies "must be US-based" - I would always encourage EU/UK folks to apply more to US companies

Thanks I’ll check it out

Gave +1 Rep to @fathom gorge (current: #472 - 14)

Okay

I have 5.5 years experience in a small boutique MSP that had one high profile hospitality client, did something else for 3 years then came back and worked the last two~ years as an IT Technician while studying cybersecurity and recently earned my Security+. With how the market is right now, any suggestions on next steps to break in? Decent % of local entry level jobs require security clearances that I do not have.

Sometimes the same companies posting jobs asking for a security clearance will have other lower-level positions posted on their website where they are willing to provide you with a clearance if eligible. I personally just had a recruiter email me stating that they moved forward with another candidate for the SOC analyst position I applied for, but they offered me a helpdesk position where they would provide me with a Secret clearance if I am eligible. Maybe you could try something like that and try to pivot into one of the other positions once you get the clearance.

Thank you, I will look into that.🙏

Gave +1 Rep to @bold nimbus (current: #3072 - 1)

Hi all, wasn’t sure where to post this question. Let me know if somewhere else is the right place to post this. In a nutshell, I graduated from asu and then joined Amazon as an SDE. After working there for 6 months in aws, i feel exhausted and realized, being a firefighter/red team in security might not be the ideal job for me. Saying this as in aws, everything is urgent and everything needs to be delivered asap. Considering this will be the case in red team as well.

Need some career guidance.

1. I am thinking of going back to college and do some research/ go into teaching. That feels peaceful rather than this daily standup/hourly update culture. Is that even the case?

One more reason I want to be back at college is that I always wanted to do research and become a professor.

2. I am interested in security and trying to break into it for a while. Any blue team security roles I could aim for without too much pressure? 😞

Hey - how's ur day.

How does what I'm currently doing sound?

I'm going through that free path blog and learning for the Security+ certification. Once I finish these I think I'll have a foothold and expand my repertoire to many other resources. Trying to keep it as simple as possible because holy... it is so overwhelming with the amount of information

Hi everyone, I’m excited to be here and looking forward to learning from this amazing community and hopefully get to become a contributor too someday.

I’m 20 years old from Nigeria and recently got started with the basics of cybersecurity.

I’m really interested in diving deeper into ethical hacking and would greatly appreciate any advice on the best way to get started, including which certifications or learning paths to follow. I’m completely new and ready to network also.

Thank you 🙏

You're on a good path , just keep going , it's going to be a long journey 🙂 . You will need a lot of discipline and consistency , just don't stop and keep going forward 🙂 .

Hey guys I just started and i have opened tryhackme but at intro to lan section its not free is that for the whole other courses as well and if not what is free ?

here you can see all the free rooms https://tryhackme.com/hacktivities/search?contentSubType=free&page=1

and this is the free roadmap, its pretty great https://tryhackme.com/resources/blog/free_path @steep anvil

yeahh thats the problem it'll be hard for me to maintain discipline. Hope I can pull through

Thanks for this fam I’m buying premium for myself but I wanted to find something nice for my friends

Gave +1 Rep to @fathom gorge (current: #447 - 15)

Thank you so much, I have a stupid question I see the courses in here are about hacking,reverse engineering,etc if I want to learn to be a soc analyst at the moment is that mandatory in the courses here or is there something specific

Gave +1 Rep to @dusk wedge (current: #64 - 152)

im not sure on the exact rooms needed for soc, you can always check the soc learning path. https://tryhackme.com/hacktivities/search?contentSubType=free&page=1&kind=all&searchText=SOC this has all rooms related to soc.

hacking and reverse engineering wont be needed for l1 soc i think but its nice to have

it can complement eachother

Thank you so much ❤️

no worries

there might be others here who can give a clearer answer

hey are there any volunteers opportunities in TryHackMe?

Does anyone here have a government security clearance I could dm to talk about the process with?

Depends, what are you looking for?

I'm basically looking for volunteer roles within the cybersecurity community where i can contribute and learn new things to improve my knowledge about how attacks works, and thinking from red-teams perspective etc etc

i'm currently a student and trying to gain some hands-on experience as-well so i assume volunteering would be the best thing for me rn

Look for internships. Probably your best bet.

I can't do that because of my immigration status and i'm not allowed to work full-time

i don't want to sit around and wait so i'm starting to look for volunteer roles

You may be better off asking if you can shadow a professional for a day or so, volunteering in cybersecurity without a decent amount of experience is not going to do much good. If you are in the US you could try organizations like https://crisac.org/ or https://cti-league.com/ but make sure to be honest about your skill level.

Do CTFs and Bug Bounties and get a little experience

are there any similar organizations in Canada?

Have you done the crisac one? Sounds interesting

Amazon has a unique culture, you likely feel exhausted after 6 months there because the culture is not a good fit for you personally (or most folks from accounts I've heard) - in general you will most likely be much happier in the same role at a different company, if you want to teach then go for it but your career opportunities will be severely limited and you are likely to become very disconnected from actual day-to-day security work unless you work in some security research role

Not yet but I'm definitely going to sign up. Sounds like a great opportunity to network, gain some skills and also help out the community.

If you have a little more experience there is also this one
https://www.cisa.gov/audiences/high-risk-communities/cybervolunteerresourcecenter

Probably, if you google your area you may find local organizations. Also look for an isc2 near your or other similar organisations.

Yeah I signed up to get more information from them thanks for putting that out. I don’t have experience yet so hopefully can do this one later down the line if needed

Gave +1 Rep to @fathom gorge (current: #426 - 16)

If the DNI Threat Report is correct, we're going to need a whole lot of people to jump on the cyber defense here 😅

okay ty i'll try that

Gave +1 Rep to @fathom gorge (current: #410 - 17)

Who has finished the security engineer path? What’s next?

does anyone want to join a beginner group for cybersecurity??

Yeap

#pre-security-legacy-path 🙂

Depends on what you want to do 🙂 . Which field of cyber security are you tge most interested in 🙂 ?

yup okay

Hello

Hi

How are you

Yessir!

yeo let me join plz

Doing well, how about you?

New to THM but already working in the IT field I noticed in the intro channel?

hi there im thinking to purchase thm subscription any monthly discount coupon

If you get a year in the next 18 hours you'll get 25% off which is a really nice deal, after just 6 months you'd be cheaper out.

hi. ive watched countless videos on the usual "what i would do if i started over" thing. and many videos explaining what certs to go for for your first junior pentest role. however ive recently realised that many jobs of that calibre in my area are asking for CHECK and CREST certs. As ive never heard of these in any videos from people in the industry, can anyone explain if they are important and why nobody talks about them in the videos?

Both of those are very valuable in the UK afaik and maybe a couple other countries. I imagine many of the videos you have watched were US based and which certifications are desired varies a lot by country.

That is required in the UK to do pentest, IIRC. In the US, neither of those have traction from what I see.

Is there any cyber security experts I want some suggestions

https://cpb.ngo/

Does anyone have experience with this ngo? I was looking at organizations i could volunteer for as a part of building experience, and this seems like a good fit;

https://womencybersecuritysociety.org/volunteer#276c7874-6697-4f2b-a7c1-7d2ec9eb7b64

Theres also this one which i was looking into;

https://cyberriskalliance.swoogo.com/Vancouver2025/

For those in vancouver already employed in cyber this seems like a good event. I was going to apply to go but looks like since im not employed yet i dont qualify;

Hey folks! I’m working on a small research project to understand how people upskill in cybersecurity (especially hands-on stuff).
If you're learning for certs like OSCP, CEH, or just trying to get job-ready, I’d love to ask a few questions about how you study and what you wish existed.

No spam, no promo. Just trying to learn from real people. DM me or drop a 👋 if you're open to chat 🙏

Yes, I am now at my beginning. Will be happy to work with people. I notice that the field is like ocean I have path that I want to walk trough. I saw that I need guidance and a mentor.

Sounds very interesting but seems to require being a cybersecurity company not so much an individual? More like companies giving back to the community.

Volunteer must be employed by a private company: we do not accept volunteers from public organisations, academics, students, self-employed individuals, etc. The company the volunteer is currently working for will be vetted against the values and principles of the CyberPeace Institute.

Volunteer also need to have at least 1 year of professional experience in cybersecurity and to have passed the probation period in the current position.

to anyone who has a job in cybersecurity, what is it, how much do you make, do you like it?

I had to drop out of university because I ran out of funding. However, with my free time, I'm planning to complete all the TryHackMe pathways and earn both of their certifications within a year. Do you think this is enough to land an entry-level cybersecurity job? If not, what else would I need to do?

Wow. now that is a big goal my friend, however I truly wish ya the best and hope you secure you'r life though this pathway of your life.

fafsa not available or country equivalent?

I'm in the US, and I get funded from the Veteran Affairs, however, it was more of my health getting worse. So, they felt that funding wouldn't be in my best interest, since I have way more appointments to attend to on a daily basis.

if yall need help hacking i can help you guys

What do you mean?

If you're a veteran or military spouse contact the Hire Heroes & Hiring Our Heroes (Two separate) organizations, there are a ton of resources for you available and they can also connect you with industry mentors.

I mean if you need help with ethical hacking skills I can help you

Sure... how?

this is the way

Thanks, I definitely need a mentor.

Gave +1 Rep to @fathom gorge (current: #390 - 18)

There is a talk at Defcon on Sunday about volunteering in CyberSec if you're interested, 10am PST Track 5

Cyber Volunteering and Community Defense - DEF CON Franklin and the Cyber Resilience Corps 1 Year In

is def con being streamed or recorded somewhere to see the presentations?;

Hi guys, just joined. I am studying Computer Science and want to break into cybersecurity, I've started learning about a month ago and I feel like I'm doing great so far. Does anyone have any advice on how I can get my career started and what experience I need to get my first job/internship in the field? (And also what and where I should be looking)

Both Twitch and YT have live streams of the 6 main "tracks" and I believe usually by november they'll start posting all the talks on youtube and their own media page.

Hey everyone! I just finished 12th grade and I’m totally new to cybersecurity. I want to learn ethical hacking, but I don’t know where to start. Any help or beginner resources would be amazing 🙏

Start with the pre security and 101 cybersecurity of try hack me in the mean time do some research on the cybersecurity fields and in which field you want to make a career in.

You can start with this beginner friendly path 🙂
https://tryhackme.com/resources/blog/free_path

Done!

Yes

Of course:D

Hey! Welcome to the madhouse 🤪
Good start, keep grinding like a boss!

1)Smash TryHackMe, OverTheWire, Juice Shop — hands-on beats theory every damn time.
2)Own Linux, networking basics, and security stuff — no excuses.
3)Build your portfolio — GitHub, notes, memes, whatever shows you hustle.
4)Hang out on Discords, jump into CTFs, meet your future hacker squad.
5)Hunt down internships, entry jobs, or freelance gigs — no shame in starting small.

Remember: patience + hustle = the cheat code. You got this, champ 💪🏻!

Yes sir 💪

Thanks!!!

Gave +1 Rep to @lusty ivy (current: #3074 - 1)

@lusty ivy what should be on my portfolio?? aside from bugbounties

Hi all, I havent really posted here but I need some advice. I did Computer Science in university and then worked as a developer and consultant for a good 8 years. I have wanted to switch to cyber over the past year/two. I got my CompTIA Sec+ to start with but that gave me the bug and now I'm looking at doing a part time cybersec masters. I guess the questions that come to my mind are:

• Is that worth it and would it help me get a job in cybersec space?
• The two/three programs I am looking at have specifications - one is pentesting/red teaming and the other is more consultancy based (supposedly studying off real life projects) and the third one is somewhat more general. I wonder if there is worth specialising or doing something more general until I actually choose the pathway I want to go on?

I also dont want to fully lose my experience either so I would love to hear what people think.

Honestly? Put in everything – but do it smart. I’m no expert, started less than 2 months ago. No IT school, working 12–18h shifts, sleeping 3h a day… and I figured: better to have something in my portfolio than nothing.

From my point of view:

1. Reports & notes – write down everything you learn. You don’t have to share it all; do a “rough” version for yourself, then polish some parts for GitHub or socials.

2. Not just bug bounty – show how you think when solving problems. Methodology is a big plus.

3. Automation & scripts – with explanations. Shows you can make your work easier and understand the process.

4. Case studies – e.g., incident analysis. Even as Red Team, understanding Blue Team makes you better at getting in xD.

5. Sample reports – technical or in your own style. I personally hate corporate-speak but can use it if needed.

If you wanna talk specifics, DM me. I’m not a “battle-hardened pro”, but in 2 months I went from zero to doing full passive/active recon and putting up my own Fiverr gig – so maybe I can help.

TL;DR: Show everything you can – skills, thought process, scripts, and reports. Methodology > just results.

Oh I almost forgot - and 80% of my work is done on my phone, in Termux – so no excuses xD

Hmm it wouldn't hurt getting a master in cybersec on top of your compsci but the 8 years of experience is already pretty good and would make you qualify for most entry level positions or higher depending on what your consulting was in. That second question really depends on what you're interested in. Personally I believe you're much better off focusing on red of blue teaming, otherwise you're competing with a lot of other generalists with similar experience to yours.

Especially in this market you're looking for experience that helps you stand out

Thank you so much for this! Definitely helped my decision. I was leaning towards red teaming as a whole because I find it more interesting but since Im not directly in the cybersec sector I wasnt sure what and if it might be beneficial and might make me stand out more.

Gave +1 Rep to @fathom gorge (current: #356 - 20)

wow thx!

Gave +1 Rep to @lusty ivy (current: #2025 - 2)

No problem 😄

Is it normal for someone to become a pentesting team lead within 1 year of work? (They are good at web pentesting and average at mobile/AD)

Is this paid?

oh wait you said volunteers

Yep, definitely.

It depends on what a lead does though. Not everyone who is a lead is necessarily a better pentester. There are cases where they manage over other pentesters and are better talkers in front of clients.

i have already submitted the form so reach me soon

That's reasonable, the thing is I think the recruiter would expect a lot more from a team lead than just a pentester.

Also depends, you can clarify with the recruiter what they mean by “lead” because I did work one time where I got hired as a lead but its just part of their naming convention. I was a senior but the only one within the team.

Has anyone done MSc cybersecurity in university of
London

I would love to hear about your experience

The cyber volunteering talk is going on right now

Thanks when im dressed from showering ill go watch it;

Gave +1 Rep to @fathom gorge (current: #345 - 21)

https://ca.news.yahoo.com/hacker-volunteers-set-help-water-204600060.html

Its depressing that government wont pay people for literally defending clean water services though;

Then again there are volunteer firefighters too;

Yeah they're giving some examples on how a ransomware attack on a hospital can really take out critical care in a rural communities for days.

I like that comparison, that is pretty good

https://www.youtube.com/live/L8b6ptJMO4k?si=El-XKmDvIxai3FlZ

This one right?;

https://www.cybervolunteers.us/en

Yees Track 5

https://cpb.ngo/

Is the more global one

Looks like this one is focused on usa volunteering, i will probably look into if there are equivalent organizations i can join for canada;

I think CyberPeace Builder is headquartered in Switzerland

Yeah that one i looked into too and will see if there are roles that i can help with;

https://canadiancybersecuritynetwork.com/cyberguardians seems to be the main one that comes up for canada;

https://cscnfp.org/tbuilder-layout-part/become-a-volunteer/

This seems interesting too;

https://www.bsidesvancouver.com/

Will add this to my growing list of cons i want to go to as well;

Oh yes BSides are also great for networking

hello noctem may i have more infor around this one?

One of these days going to work on creating a year calendar for networking and volunteering events for specifically the vancouver region;

Might add it to my growing goals for my professional/personal website;

Seattle also has a lot of stuff for you but I would understand if you don't want to travel south right now

Yeah i am trying to focus my efforts locally for evironmental reasons more than anything, especially for in person volunteering;

It is a project by @obsidian rose, he can probably tell you more

oh okay thanks

Gave +1 Rep to @fathom gorge (current: #336 - 22)

Not to mention if it can also help my career thats awesome;

@obsidian rose may i have more information around this one? fi its okay? very interested

what's a good site to apply to cyber security or IT jobs in North America (besides from Linkedin and Indeed)?

Company career websites, find companies you would like to work for, learn a little bit about them and see if have positions available

Hello! I am young in my career (1.5 years in) and have been working in SOC l1 and 2 in that time frame for a Fortune 500 company. This is my out of college job and I actually really enjoy it (outside of normal SOC gripes), but I feel myself coming to a close on triage and getting a bit burnt out I also have no drive to move onto DFIR or anything like that. What is a good path for me to aim towards and is moving companies a good idea early on? Is SOC experience a pretty good thing to have on a resume and start looking for higher level roles?

Thanks and appreciate any help I can get here!

#pt1

Maybe stay in another half or year and a half and you can move on to senior positions (also the market is rough right now, you may not be able to find something else in the next few months), you could consider Threat Hunting if DFIR is not your thing but it all somewhat overlaps. If you want to switch things up start doing pentesting exercises, use your SOC knowledge to come up with attacks that may be harder to detect or use it to emulate an APT.

Hi everyone switching careers and I have no idea what I’m doing any places where I can hone my skills to land a Cybersecurity job

With all these threats of being replaced by Ai, CEOs replacing most jobs with Ai, and the insane job market going through multiple rounds of interviews, even with certiifications does it just blow your mind how the job market is nowadays ?

I'd be grateful for advice on this. I deal with cyber issues from the legal side, but would like to get more involved on the technical side. I don't have any technical degrees. What I've learned, I've learned on my own through CompTIA Network Plus, through some SANS classes, Try HackMe exercises, capture the flags and Coursera programs.

Would people recommend a Master's in cybersecurity to move me to the next level? if I'm really interested in focusing on the tech side of cybersecurity, pen testing for example, how do people recommend that I move into this?

I am not sure a Masters would matter much for that level

hi

hi Smith welcome

thank you for welcomeing me

so whats happening in these days

The only way to learn implementation, is to do implementation.

Set up a homelab and try to make it as close to your company's IT structure as you can. Talk to the various system owners and engineers, see if they'll let you shadow them and start building your own infra to start to understand the complexity

I have no knowledge on cyber sec, I wish to learn but where to start and how to begin setups or whatever is involved is a maze in itself

You can follow this guided path https://tryhackme.com/resources/blog/free_path to get you started. It will help you get familiar with the basics so that you can focus your studies later.

The thing is, Cybersecurity is not really a technical problem, it is a people problem. If you look at where the big need is for ~80% of the small / medium businesses in the world, it is in training their people on best security practices and understanding which assets they have. Cybersecurity is also a business (money) decision, how much is a business willing to do. Bare minimum to be compliant? A little more because insurance wants it? Or maybe attempt to limit the damage of an attack attack. You can throw all the AI at it if you want but if Bob from the helpdesk falls for a social engineering scam you'll still lose everything. Or if finance blindly trusts an email from a supplier with new payment details or using password123 for the admin accounts. You can check the talk Bryson Borts, Scythe CEO, gave on BSides Las Vegas.

If you look at the CIS Community Defense Model 2.0 for example, their data shows that simple " Essential Cyber Hygiene " can prevent 77%-86% of the most common attacks. Those are cheap simple things a business can do but may need technical help with. Think of changing passwords on default accounts, removing admin privileges from users that don't need it.

AI is great in assisting on alerts, maybe help write reports (although it may hallucinate half of it), but right now it is overhyped and overpromised. In my opinion it would be much wiser to let AI assist your employees in ways that actually help instead of acting like it can replace them.

Good evening team,
Please I am new here and I just received a certificate in introduction to Cybersecurity. I want to be a blue steamer and I want to subscribe to premium. I want someone from the team to guide me on what course to take and what order to take them to boost my knowledge in the field. I am currently undergoing a job shadowing program and I have been introduced to a lot of apps and siems. Please guide me.

On top of that most of the LLMs systems are also a security risk, ChatGPT5 is still very easily attacked and Gemini will happily leak your internal data too.

You can follow the https://tryhackme.com/careers/cyber-security-analyst pathway, that will get you familiar with all the basic SOC analyst material. You could do SOC level 1 first and Security Engineer after.

Thank you sir.

Gave +1 Rep to @fathom gorge (current: #322 - 24)

Is there any online classes that one can join? Where I can meet tutors real time and ask questions

Not really any online classes where you go through a lesson at THM but there are live streams of how to go through a specific room or that cover a specific topic every so often.

These streams are embedded in the rooms right?

Some rooms have videos yup, but they also do live streams every so often in which you would be able to ask questions. You can keep an eye on the announcements channel for that. Tyler Ramsbey also covers rooms quite often in his live streams where he answers live questions.

Thank you sir. I really appreciate

Hello guys I want serious advice.
I have read linux command line book by starch press Also read python crash course by starch press reading A top down approach of netwoking currently Doe some rooms also in htb and thm
I just wanna ask I m super confused
Im in 2nd year. And I wish to get an internship till 6th sem.. Even if I didn't get internship
could I even get a job after the end of 4th year. Or is it really difficult to land one in cyber sec.
Or impossible
Or do I have to do Mtech and stuff?? So that I could postpone my unemployment under masters??.
Masters is mad costly though

Not entirely sure I understand what you're asking. You're currently starting your 2nd year in a degree (which one?), want to do an internship in or after the 6th semester? If you're that early into a degree, no one can really tell you what the market will look like by the time you finish. Focus on your studies, figure out what you want to be doing in 5 years but realize that this may change as well. Internships will provide you with some valuable experience that no book or class can teach you, if you get that chance make sure to take it.

I feel so many people out there want to make people out there generally scared.

Does it feel that so many people out there make Ai replacing our jobs in cybersecurity more bloated than anything. And making people people in tech freak out more than anything i know most tech giants are firing and laying off people constantly and have Ai replace them. I dont think Ai can replace everything especially in cybersecurity.

any tips on how to get a junior job as soc analyst etc? i'm from poland, so even 40-45k a year is really a lot, especially for entry level.

wouldn't it be easier to get underpaid (for ppl living there) job from usa than normal paid at my country?

I don't know if making scared is the right word. I'm assuming you're watching a decent amount of videos about this topic. Remember that often times when it comes to online content, creators are abusing tactics to generate more views. "AI is taking all the jobs" generally just gets more views than "LLMs can assist employees in these tasks".

I'm also not sure if AI is really replacing people at a massive scale already, it seems to me that it is much more of a funding issue. Running AI is not cheap and there is still a hope / promise that it will repay the investments. This might mean that rather than investing in people a company is dumping that money in an AI system and not hiring any new people. Somewhat similar to how in 2021 companies started hiring just about anyone in IT because they wanted to have them on staff even though they did not really have that much work for those people.

That might be difficult from Poland, even underpaid jobs you're competing with a lot of people who are living either in a native English speaking country or who are actually in the country. If you go too low in your compensation companies, might not believe you have the correct skills too. There is no harm in trying of course, but I wouldn't get my hopes up. Many positions in cybersecurity are also starting to require citizenship in the USA because they do deal with sensitize data these days. You may be better off trying to get another IT/Software job first with a startup either in the USA or UK, I know some people who manage to make that happen. Western Europe has a big need for people in IT Networking if you have any experience with that.

at this moment im working as erp systems administrator, but it doesnt have much to do with cyber. i've sent applications to every entry-level job and now waiting for response. if that won't work im just gonna start trying for sysadmin/network admin positions

i have even considered moving out to warsaw, that wouldnt be a big deal tbh cause i dont have neither kids or a loan to pay off

Yeah i know its all about clicks, view, and so on so many people out there think they have all the answers on the future of cybersecurity.

That would be a pretty good move too

Estonia also has a big tech industry

thats why i applied for all the jobs in warsaw. all i need is one single offer and im packed out, heading to the capital the next day

.

"oh no ai is gonna take my job", yeah i can't wait to see ai vaping in a toilet 5 minutes after clocking in on hungover

im taking the ejpt tomorrow bro. i only used 2 days of the course but most of it was reused and alot of it i knew. managed to make a hefty cheat sheet if you ever want it lmk - might help you

hi! I was curious to know if anyone from germany/europe in here does helpdesk aside college. What is required to land a job like that? I‘ve seen some require a finished bachelor in IT/ CS etc but is that actually needed? Can I land one just with A+ and some general knowledge on IT and cyber?

Yo, I would be interested in getting that too! :)

I'm in a similar boat however I do not have an It related job and me trying to break into the IT field without some sort of degree seems impossible. It could just be the economy too though

Any recommendation I’m trying to pursue a path that I can be able to work remotely since it is hard to get a job offer and visa for a person from a 3rd world country?

The easiest path is to find an international company that is active in your nation's capital. You'll probably have to get started in-office there. That will open up more opportunities for you. Unless you have some highly specialized skills it will be hard to compete with the hundreds of people that apply to remote jobs.

Thanks mate

Gave +1 Rep to @fathom gorge (current: #316 - 25)

Thx

Gave +1 Rep to @flat sedge (current: #12 - 848)

A bit of a follow up on that since thats exactly what I did. There are a lot of tutorials out there that will show you how to setup Active Directory with virtual machines. I personally followed one of MyDFIR's tutorials where he sets up an environment with a Splunk server, AD, client machine, and attacker machine. Once you get that environment setup you can play around with making users, simulating attacks, im even using it to learn PowerShell lol

Dude I m In india and doing engineering. And it's 4 year course here. In 3rd sem few talented people can get internship but in 4th year we don't go to college. We just give exams and find job.. So I don't wanna be unemployed. I have and familiar with web a little. So does web sec got career. Or is it just dissapearing like web dev😥

Ah I see, I think there are more people from India around here that could give you a better idea. I don't think webdev is disappearing, there may be fewer jobs out there right now for it but it is still a very large industry. Even with Coding AI, someone needs to run the AI, check its work and approve it.

gonna post this in two places my school is offering ceh exam bundle with discount voucher for only 528, has course material book labs all included..... thoughts?

Depends on where in the world you are, what career fields you're interested in and if the job openings you're looking at actually asking for CEH. 528 can also mean different things depending on the currency.

USA 528 USD im around DC on the east coast

my focus ideally is blue team but even blue team job postings have been reccomending CEH (?) for some reason

titles (ideally) are like malware analyst incident responder threat hunter malware reverse engineer after graduating if things go reaaally well for some reason

If you plan on applying in the DC area, although it is pretty objectively a bad cert - CEH fulfills the DoD 8140 compliance certification and has for a while, hence why you see a lot of DC-based companies or federally contracted agencies requiring the certification. I believe PT+ satisfies 8140 as well and I would feel much better giving CompTIA my money - also haven't checked prices in a while but for roughly 500 USD you can probably do 2 different CompTIA certs with their student discount

that explains it a bit more and I agree i would rather go for pentest+ i think i can even get a student discount but at the same time I do already have Security+ which i think covers 8140 compliance? I havent researched this in detail much

Sec+ does check a box on the 8140 but different certs are required for different seniority grades and roles

Old scale, you would be covered up to IAT II and IAM I. You'll find that a lot of places are still kind of following DOD 8570. 8140, the superseding directive, is pretty confusing and I'm not even sure it's fully rolled out at this point.

thanks for the advice all

I think that if i end up getting considered for a role that sec+ isnt covering ill do CySA+ instead as it covers the higher end compliance req and since my focus is blue team and ill just ignore the voucher for ceh for rn

Do u know anyone that's from India. I am thinking of doing web sec for starting.. And then eventually shift to cloud sec
.. Is this tooo delisional?? 😥. Please be real man. I m scared thinking about unemployment 😅

Has anyone here taken the CC from ISC2? I can't afford the Security+ until I find a job, so someone recommended checking the CC since it's temporarily free. Just curious if y'all had any tips or comments on it, as I just enrolled

You might learn something from it, which is good! It has no HR value though

I mean, surely it's a little better than having absolutely no certs whatsoever?

Yeah

If it's free and you have some spare time then why not 😄

Because like I said, I can't afford the Sec+ unless I manage to find a job but I've been actively applying (for both roles at my skill level and above, as I was suggested to do) for close to five months now and I haven't gotten a single interview

Lol yeah, I wouldn't have the time if I had a job so I guess that's a silver lining to not having one hah

Do you have experience in IT/any other certs?

Definitely haha

Professional, no, but I've been doing a lot of IT stuff for most of my life, as I grew up with a massive love for computers. I only started studying it in a serious/professional capacity for almost 3 years now, as I started off studying it at a really slow pace until I realized I was going too slow.

As for other certs, nope. No degree, either. I'm looking into ways to do some home lab projects, that's basically the only option I have, but I'm honestly not sure how I'm supposed to express those projects if I can't even get an interview

A home lab is a good idea, what roles were you applying for? offensive/blue team?

If you're interested in web apps you might try reporting a few CVE's, that's not too hard

Well, truthfully, I'm not set in stone with which path I'd prefer but I'm studying and applying for blue team as I figure it's a little easier to start out that way than to expect to be hired as some no-name trying to legally break into systems lol. I do have interest in offensive security but I figure it'd be better to start as a blue teamer and gradually work toward that

As for reporting CVEs, I'm not sure where I'd start with something like that. I'm generally down to try anything to increase hireability, provided it's feasible for me at my skill level

On the subject of the CC again, does anyone know just how much time it takes to get through the learning material, provided you also have other commitments that take some time? I just saw you only have 180 days access to the training, which I'm starting to get a little concerned about, depending on just how much material you have to cover in that 6 month period

Someone can be working in IT for 10 years but if nothing happens and they are dealing with small network what experience are they getting. Where as someone who has just started in IT with maybe 1-2 years in an enterprise environment has seen a lot of technical and hands on has more experience

People have done it in 3 months it all depends on you and how bad you want it and what you are willing to sacrifice …

Sure, but that's just how the job market works. If there's a 10 years of experience requirement for a specific position, your chances of getting hired at that place are very low if you have less than those 10y of exp.

It is doable in 6 months, even if you don't have too much prior knowledge.

But it's very hard to estimate, everyone's learning capabilities are different

Or US as well? Im desperate for experience and Helpdesk seems the best option. I only have A+. Is it worth it?

Hard to tell for me, but I do know people in the Netherlands in an IT degree who get offered contracts before they finish school so I'd think there would be a big need for IT people

I imagine germany is the same

May just need to be near a big city

If anyone could answer, I have certs like Google IT Support and IBM Cyber Sec Analyst that are similar to tryhackme certs, should I just start from where I haven't learned or does tryhackme hold more weight from an HR's perspective?

google it support isnt worth much for security or even it roles (i have it aswell) and is technically a certificate not a cert

so essentially it could be seen as maybe little to no exp?

yeah id grade it like that i dont even include it on my resume with the other certs i got

🙁

thats unfortunate

it did give me a ton of transfer credits for college though

i think like 9 total

ah, I don't think between the 2 i have would even qualify for year I guess

Thanks. They make it seem hard to get when they give requirements like a degree and what not in job websites but I suspect they need people

Gave +1 Rep to @fathom gorge (current: #310 - 26)

Yeah I do think in Europe degrees count more than certifications

Well I guess now a days you almost NEED a degree for IT jobs, unless you start at the bottom which idk who could survive off that pay 🙁

yeah thats how i feel too atm

in the US its the same

I don't know man, I have lived and worked in both and in the US i'm seeing a lot more "can compensate 2 working years for 1 year of college". The US is a little more picky about specific degrees, Europe just tends to want a certain level.

oh they do but I meant you either have 6 yrs of exp or a associates or bach degree, certs just dont seem to cut it unless its from brands like CompTIA.

Ah yeah that is true

And even sec+ is generally not enough on its own. Usually at a minimum 1 year of working experience for entry

Has anyone landed an interview and had TryHackMe on their resume and if that was brought up in the interview by HR?

yeah I'm noticing a lot of times GitHub is the saving grace IF you don't have a degree

well what ive heard

I'm new to tryhackme, was just curious if it was another "Google Cert" kind of platform

I think TryHackMe is more on the level of GitHub, I don't think it will get you hired on its own but if you mention it in a cover letter that you actively keep busy learning and CTFing it can give you some bonus points.

I should include that in my cover letter. nice recommendation!

last question lol, thoughts on linking your THM account to LinkedIn?

What I have done is create write-ups for certain rooms and use some of the challenge rooms to create mock-up incident reports. I have had recruiters refer to my mock incident reports, it allows you to have something real on there without having to deal with the approval of an actual company. I posted them on a personal website but you could host it on github too and then link to it from your resume and LinkedIn.

Great idea! I've thought about linking the 2 but using the challenge rooms to create mock incidents is could potentially give me the edge for the "exp" needed for some jobs. if anything it may like you said catch their attention to ask more questions

thank you for the help!

Gave +1 Rep to @fathom gorge (current: #305 - 27)

If there anything that really stands out in the portfolio, as in a (Project) for someone getting a SOC job? I want to add something along side the resume

Hello folks, I have recently earned my A+ cert. I do not have higher education related to IT. I have been applying for "entry level" IT support roles with no luck so far. Is there anyone that could give me tips or some help on landing myh first IT position? Please and thank you!

A home lab, show recruiters (and AI filters) that you know how to setup a SIEM and analyzed some pcap files.

https://www.malware-traffic-analysis.net/
You can download some actual traffic from here, just be careful not to interact with any of the IP addresses, links or malware samples

depends on the country, but a go-to rule would be to learn, build your own projects, portfolio to stand out from the crowd. Many entry-level jobs as internships usually prefer university students, but with a good CV and portoflio you will get in

I am located in the US. What kind of projects would you suggest? I have no idea how to build a portfolio for a help desk position atm. starting college is out of the question for the time being

Well, for example you could set up 2–3 virtual machines (Windows + Linux) and practice stuff like creating users, resetting passwords, installing software, changing network settings, some network troubleshooting and write short how-tos or writeups on that? Idk if help desk deals with Active Directory on a daily basis but many companies use it so its worth learning also

Thank you for your suggestion. I will see what I can do about it. It might indeed be the time to start a blog.

Gave +1 Rep to @ivory wind (current: #3077 - 1)

Can anyone help me I've got 2 certifications of CEH so how can apply for a remote job I've no experience but I'm familiar with most of the red teaming.

Wdym 2 btw?

One is from Cisco and one from gov

Can anyone tell me how does Tryhack me PT1 cert compares to eJPT?? I’m trying to get certified next month and idk which one is going to actually hold weight

can anyone speak to the current iteration of sec560 compared to say OSCP

Ejpt is 2/10 and PT1 is ~4.5/10

It is much, much harder

Pt1 is newer and not many people know about it. Ejpt has already some reputation.

25 years in tech as a software engineer.. is there a real path for me to get into cyber security at this point and get a job soon? I dont mind working my way up. I have scars 😉

Yes 100%, the industry is pretty desperate for people with leadership experience and some tech experience. Often times the cybersecurity requirements are lower as long as you have leadership experience.

Where in the world are you?

I've been a tech lead, built things for high profile clients, big corp names... what's the best route? tryhackme/hackthebox

NY, but looking to work remote in the USA

open to everything but west coast time zones

my network is mostly unemployed devs at the moment so it's been a challenge this year.

Yeah try and get familiar with the concepts of the Sec+ exam, would be even better if you pass the cert. Should be easy with your experience. I know Home Depot / CVS are looking for people with your leadership experience to lead Cybersecurity team.

that's great to know. So if there's one cert go for Sec+?

You may even be able to get a higher level cert but that depends on you

I think with maybe a month of studying you might even be able to get the CISSP

I don't mind putting the work in.. been trying the niche job market of elixir, rust etc.. even that has been hard to get a foot in the door

sweet

Any experience in government contracting work? I've seen some positions asking for Rust too

oh yeah! last two gigs have been gov related.. we lost our budgets..

litterally overnight

Shoot sorry to hear that man, I'm in the Colorado Front Range area. So many people lost their budgets overnight

ive worked in everything but crypto at this point

aww that sucks

i'm honestly looking for a change of scenery too.. with ai making tech heads think they can easily replace us

ai.. great tools. but they're just that.

ive been coding since assembly language in school heh

I wouldn't be surprised if we'll see a massive hiring increase in a year or so when managers realize that that is what AI is, just a tool that can aide an employee not replace them.

it's way better autocomplete heh

i've had to work with cyber teams too.. used to read 2600 way back in the day too

It might just hallucinate an entire sentence you did not mean to say instead of a single word 😅

tell me about it..lol i have it turned off in vscode

i use the chat and the agent

https://careers.homedepot.com/job/22065721/cybersecurity-manager-iot-ot-remote-remote

Here roles like these really just require familiarity with cybersecurity but they're mostly looking for people who can lead a team.

And with 8 -10 years work experience required you should have far less competition

sweet thanks 🙂

ive had many late nights dealing with china trying to break into various clients of mine working with the security teams

you know you made it if you're getting hacked by china lol

I have a feeling that is going to be a lot more common in the next few years, even for your small rural water provider.

even better for us lol.. nice payband too!!

i had a lead dev interview for a company in texas and when we talked about money it was 30-50hr.. i was like.. for real?

i could coast at mcdonalds and make close to that low end LOL

Yeah I think cybersecurity is flooded with people who are entry level or maybe 1 to 2 years of experience. But people with 10+ years and a little bit of leadership experience are in high demand. Most people who have worked in software / IT have at least some level of security experience. It may just not have been called that in their role but you're not just launching a project without checking security

what's your specialty?

I made the move from software developer to security engineer, mostly checking applications now

only 10 years of experience, in software development, though not too much leadership and only started a security role this year

cool! I'll be bakc.. have to do the dishes LOL

Also with your experience remote positions are easier. For some reason I'm seeing many more senior positions that allow remote compared to jr or mid

Love that. I used to work in Manhattan and never saw my kids pre covid. So I have a hard stand on remote.

Yeah I totally understand, "commuting an hour with my computer to a desk just to work on that computer" is such a silly concept. I understand hybrid for meetings, but so much of our work today does not require us to be in an office for the majority of the work week.

I used to work for ibm for a while and we all had to be in the office. All of our meetings were online with video cameras

I do enjoy being wine and dined though, so I’ll be there for a party

Ha IBM is also the perfect example of why AI is not quite ready to take over yet

Fired 8000 and then had to hire 8000

Yup. Watson wasn’t great when I was there years ago too. A lot of hype . It did very well on certain things but not everything.

It was also very costly

Guess what AI is very costly

Oh yeah, isn't that why OpenAI removed all older models except for their v5 which I'm not too impressed by

Yup. That annoyed me because I had work flows for each model.

I don’t like version five so far

4o did a decent job with code but 5 just seems to be giving generic code examples

I used to use three on code and Serton four models for a creative

@fathom gorge wanna join up on a team on the site or are you on one? I'm looking to join

I can join 😅

sure!

https://tryhackme.com/manage-account/teams?joinTeam=e347f587f2 feel free to join ya'll..

i love the tv show th eoffice so we are... Schrute Farms Cyber "Division"

our logo is a cyber out'd beet 😛

I’m starting my associate degree I should finish it a year what jobs u guys think I’ll be able to get ?

hey guys, i know this might sound repetitive in a cybersecurity discord. But can someone please lend me a little help on finding my first job? 😭
I feel like my profile is ready but since I live in a place where only remote options are possible it's been really hard to just receive a negative response, and it's really frustrating, I've been applying for 3 months and I fr don't know what to change to get more possibilities.
Sorry if I stress you and thanks in case you'd help me 🙏

Also I completed the OSCP but unfortunately failed the final exam. I'd love to try again, or even get any other cert, but since I'm unemployed it's really hard for me economically

Maybe not quite the answer you're looking for but you may want to consider an IT helpdesk job first. If you're entry level trying to get a remote job you're competing with hundred if not thousands of people right now. Don't get discouraged by rejections either, you'll likely get many more.

Are there any IT jobs at your local city / town / county / province?

I've been trying to get a job in IT too, I completely get ghosted, it's really frustrating

unfortunately there are like 4 I can access and they rejected me because of a lack of experience I suppose (no entry level positions)

And since a driving license here costs 1300€, plus the car and the mantainance isn't cheap either, I really can't afford it

Anything else in your background that you could leverage?

I started applying to everything I felt like might be appropriate, cybersec, IT helpdesk, developer, devops, I'm lucky if I even get a rejection. Atp I really don't know how to improve my possibilities of landing a job.

i did some stages with school. The only relevant one is 2 years ago where I basically worked in network security, setting up switches (fortigate, cisco etc), setting up vpn and designing networks

but still can't seem to get advantage of it

I know it might sound strange, but it's a combination of a low economic possibility and an absence of jobs where I live, so I have to resort to only remote jobs, and the entry barrier there is MUCH higher

Italy?

and I'm really out of resources. Sorry for the rant but it's been really deteriorating

yeah but my city doesn't offer much job possibilities

plus cost of living is way too high for relocating and salaries are also way too low

median here is like 1400€ net per month but cost of living easily reaches 2000€ in big cities where you find work

Hmmm yeah I've lived in Italy for a few years, that is a though situation. Have you looked at jobs in the Netherlands and Germany? Your English is really good btw

thanks, I actually got a C1. Yes, I started applying for remote jobs in the EU, so no visa required, unfortunately no luck there too

Gave +1 Rep to @fathom gorge (current: #296 - 28)

Okay that is at least one thing you have going for yourself there

Mind if I ask you to review my cv/linkedin real quick? Maybe I could improve something and I would appreciate any type of help really much

Sure shoot me a private message and I can take a look

I don't really like to resort to having to waste other people time but it's really my last resort

thank you so much

Did you look at Estonia ?

I looked at every remote job available in the EU hahahahhaha

Hehe yeah makes sense

I applied to ALL jobs on linkedin I'm just sniping new ones

Hi guys can anyone help me

What do you need help with?

are you getting any callbacks/1st stage interviews? If not, it generally means you need to improve your resume and probably spend more time tailoring the resume on a per-job basis. Make sure you are applying to remote US jobs as well and be open to re-locating/getting visa situated

Does anyone know good certifications for cybersecurity?

i want an associates plus certificates but i do need advice on the process and how to get into internships and jobs

Certifications are an employer's problem, not your problem. Don't worry about certifications unless it's absolutely required for jobs in your area. The reason for that is certifications are a way for the business to prove competency to customers or to auditors that they are hiring the right people for the right jobs.

If you are spending your own money to get the cert, you are basically giving the business free money that they should be spending.

so then i just push for my degree?

Degree is a good step. Look for jobs where your degree can help you, and you may have a college internship or workstudy program as well

where can i look for jobs that can help with my degree, im about to start my associates but is there any companies or sites you recommend?

Hello is anyone from the uk (Birmingham based ) or know about uk job system etc ,and can help with advice with requirements for entry lvl jobs Soc etc and also were to look etc

any entry level jobs i should get into? ive already done some IT/helpdesk/fixing/replacing/adding-data-base-stuff work from an intern

SOC

Please don't self-advertise your services here

Try to take a look at #jobs-board , LinkedIn could also be a good resource 🙂

Hi guys, as someone who has basic knowledge in cybersecurity such as a few labs and one information security internship, I was wondering how do I decide which field and niche I might want to head into. Like I am trying THM pathways but I don't feel satisfied with what I might want to head into yet.

Thank you guys!

Guys, I am joining a college this upcoming 20th, I have completed Web Application Pentesting, Pre Security, Web Fundamentals, Jr Penetration Tester, Cyber Security 101 Paths, what else should I learn to get a internship in my first year? I am so very confused.

First choice is blue team or red team? In my opinion with limited experience you really only have two starting points, you either go SOC/Network Analyst or Jr Pentester. If you have more Cloud / DevOps / Software Developer experience this changes but it sounds like you're just starting out.

What is the part that you are confused about?

Imagine any internship would happen in the second semester? That would give you some time to get started with school and figure a couple things out

I am confused about my skills, like am i am skilled enough to get an intern or not

I would recommend going through the SOC Level 1 module too just to get familiar with it, do you know if your school will help you in finding an internship? Usually they have connections with much lower requirements since they know you're a student.

My college is not much help, I joined a small college to do self-learning

Estonia has quite a drought of IT entry level jobs, checking job market daily for at least 3 months, its either compliance or senior roles

hey man, does that mean if i want to build my resume i should focus more on competitions / ctfs instead of certifications ?

Both can help, but if your goal is to stand out early on, hands-on stuff like CTFs, home labs, and write-ups can show real skills way better than a cert on paper. Certifications are still worth it later if a specific job listing asks for them, but for now, build a portfolio of proof you can solve problems.

How can I start my cyber learning

Honestly? Start with the basics and play around. Learn how the internet works (IP, DNS, HTTP — YouTube has tons of free vids). Get comfortable with Linux & Windows commands. Start doing TryHackMe’s free beginner path or Hack The Box Academy. Also pick one thing that interests you (pentesting, OSINT, blue team) and go deeper. And just mess around, break stuff (in labs ofc), and keep notes. That’s how it sticks.

May I contribute something to your point?

With regards to the "breaking stuff" maybe see if your mom and pop store is willing to let you use their network and try to test their stuff there.

Which path should i take if i wanna get in intelligence?

It can help add real world experience there

Tyrex! That is an exceelent question

I'd say Threat Intelligence

That is probably the worse advice.

Ok fine lets scrap that

Got a better idea, go embark on CTF competitions

there

is that better?

It's more legal and ethical.

Ok so I checked the path list

it seems like you would want to learn SOC1 and SOC2

and maybe do some Threat Intel rooms

Okey it looks great

someone who is a staff member here might be better than me on this

All I can tell you is that Threat Intelligence isn't an ENTRY level sec role

it is a more mid level/senior role

okey.. so i should take something else before?

Well Tryrex

where are you in THM rn?

well I finished compelete begginer when it existed

presecurity, cybersegurity 101, web fundamentals and 10% JR Pentesting

OOOHG

Ok I will tell you that is pretty good

however

Threat Intelligence is BLUE Team

so actually you have to backtrack a little

and do SOC1 and SOC2

then do any related threat intel rooms

okey

Also I believe you are on a subscription right?

yes

If so, you should do the Splunk rooms

and SIEM labs

and if THM has some EDR rooms

and SOAR rooms

do those as well

okey okey many things jajajaj

No worries

thank u so much

if you need help try asking me

no problem

nice

I did an internship in this stuff and took an online course on Threat Hunting

so that's how I know this stuff

ooh so u know what u are talking about

Sort of at least on a basic practical level

also it helps to know a bit of Malware Analysis for this stuff too

which is why yup

i will take a look

I am tryna learn myself some assembly

yes, learning assembly is crucial for Threat Hunting

I am not joking

I didn't learn this stuff well at school so I am learning from scratch

assembly what is it? sorry cause english it's not my first language

Nah no worries

it isn't an "English isn't my first language thing"

I don't expect someone that is starting out to know this stuff

basically what I am saying is that not knowing the low level programming language for CPUs when doing Malware Analysis is basically not a wise choice

let me show you an example of an assembly program

i get it

*Waiut before I do, is it against server rules to show code snippets?

For the sake if illustration

because if so, then demonstrating this concept would be difficult

#rules

For someone who hasn't got their foot into the door yet, at events such as networking events and general cybersecurity events who should we be talking to and what about?

Over the next few years, how do you see AI impacting the cybersecurity job market, and which roles (Precisely)—if any—will remain resilient to these changes?

I have a small question.
These days, companies focus more on up-skilling their IT employees rather than hiring cybersecurity specialists in general. So, as a fresher or a person interested in making a good/strong career in Cybersec, what should i do? I know people say get certs, keep learning, and do other social stuff like making connections. But what should I do, which would make a company think to hire me as a Cybersec expert, rather than up-skilling an IT employee for cheap?

I am currently a Software Developer (mostly doing web apps) and is interested in what the Blue Team does (I am interested in the Red Team too, but I need to start somewhere). What roles can I possibly get in to? I do not have any real-world experience and only do THM rooms, so I am having doubts if I can even start my cyber security career.

Hi Vigler, how many years of experience do you have? And what is your tech stack?

A good stepping stone is get into the code review side of Pentesting/Security Consulting. I think with growth of AI, the need for solid Code Review pentesters is just going to grow.

A narrative I push is think about your personal brand, and consider yourself as a overall combined picture, your candidacy. You need to find ways to illustrate and bring value to a potential company looking to hire you. Is certs enough, sometimes. Education (Degrees), yeah its a great start. THM good on the resume, hell yeah.

THink about your candidacy in the format someone might see first. Your resume and/or your LinkedIN. Are you demonstrating enough to warrant a DM, or a first interview? THat is the biggest purpose of your resume, to get an interview.

Will it have an impact? Sure, do we need to adapt/evolve? Yes. Is it going to decimate Cyber like it has Ops and Dev, I doubt it.

Forgot to include my background, sorry about that. I'm on my 3rd year now. The company that I work for isn't that "techy" so they don't have a tech stack but I do my projects in Laravel and host them to AWS. On the side, I use React and Node.js just to do some simple projects. I also have experience in GCP way back college but have not yet applied it to my actual work.

Talk to everyone. Ask them what problems they are solving, what they are doing. If you like the sound of it, ask them their story of how they got into it. Find a local bSides and sign up to volunteer. Utilise the opportunity presented to you. Build your brand and include this stuff in your resume

How familiar would you say you are at on AWS? Enough to move laterally within the AWS Cloud service product suite?

I believe Assembly here is referring to low level code. Pretty complex stuff. A good bet is do CCNA part one, to grasp a big fundemental...Networking, which is often overlooked by candidates. Push hard on THM, build up skills and rooms. It will go a long way

Can you elaborate a bit on what you meant by bringing value to the company? I don't know much about market terms. Would mean a lot to get to learn from a experienced person. (For info, I am soon turning 18 and gonna join college, but the current growing conditions of the market make me fear a lot. And I am scared that the big money my parents would spend on my college education would become dust if I don't be able to get a good Return on what I'm investing in. )

There are plenty communities, Youtubers (Check out Tyler Ramsbey), among others. Find something you think you enjoy and focus on that.

It is much more digestable to say "I want to be a pentester, and if that fails, perhaps SOC or anything cyber"

VS

"I just want to work in Cyber" This phrase is too broad and generalised. Focus on something, be open to other stuff, but dont say I want to do anything/everything./

Oh I definitely know that Angus, the dude was asking about Threat Hunting and Malware Analysis and I think knowing how to read Aseembly is a lok undervalued tool. I didn't learn much about ASM in school so I am learning it right now.

Lets use a security consultancy for eg.

If they pay you X, they would want a 4X return on that. If your skillset brings them value that is billable (Can make them money/profit) they are more inclined to hire you.

No company wants to hire you if you not going to be a value contributor to their overall success, unless it is a charity.

Will college help? Sure it will, it puts you ahead of many, but is it the silver bullet, definetly not. If you study CompSci for eg, which is a great foundation, you need to do other things to align yourself to Cyber. THM is a good way, the right internships, CTF's, Communities all add value.

Its a surprisingly small talent pool that can understand assembly. For RE/VR roles, in certain niches it is needed. It is a skillset that will stick with you for life

Yes. Enough to get around on what I need. One of the services I use is the Elasticbeanstalk. Often times I do some IAM depending on what I want to do (eg. automating deployments with github actions to EBS). Overall, I google/chatgpt when there are things that are new to me.

What is VR if you don't mind me asking?

Oh? I am one of those people that refuses to use ChatGpt. But that aside, maybe try seeing if Cloud Forensics is your forte?

and maybe try going into DevSecOps?

Ohh, this is news to me since I haven't explored the Red Team right now. I do enjoy looking for things that are wrong. Thanks!

Gave +1 Rep to @vocal pecan (current: #1536 - 3)

Vulnerability Research/Capabilities Development

Pleasure

OOOh interesting

I did not know that was a thing

Pretty hardcoare stuff.

I have recruited in the space for about 5 years. Real tricky

Look up Exodus Intelligence, there are a bunch. Hire 100% remote from pretty much anywhere in the world.

I share your thoughts on using ChatGpt. I only use it to answer my basic inquiries on things I do not know about.

Thanks for the response! I'll look into Cloud Forensics 🙂.

Gave +1 Rep to @toxic matrix (current: #3079 - 1)

Look as a recruiter it is DAMN useful. I will say that.

Wow nice I took a good look at their site

looks pretty interesting.

Yeah

Good stepping stone is Bug Bounty

User Space is easier, kernel level stuff is whats in big demand.

I see! For me that is my VERY long term goal. My short term right now is perhaps get into Threat Intel related endeavours

Good move

then pivot to Red Team stuff later

Be sure to follow Will Thomas on LI

CTI legend

I see got ya! I know Flashpoint isn't a bad company for Threat Intel companies goes but I think they primarily only recrut in USA.

do you know others I can check out?

And no, I am not scared to go to Dark Web, it is just that my skills with Deep Web search engines is rusty atm

Might be some good talks on YT about this stuff, spoke at a con called...ConINT (Might be coming back)

For CTI?

yeah

Errr

Interupt Labs big in the UK
Zetier (Iv worked with them)
DF Labs (Dont think they have a site)
Binary Gecko (One of my clients)
Paragon
Cellebrite
Grayshift (Very iOS focussed)
Red Lattice
NullPTR

These are a few

OOh thanks!

I will check them out when I get time

And one more question. Like, let's say I try to see from the POV of a hiring person in the company. I don't find it useful to hire an expensive Cybersec professional until something is serious, and I would find it much cheaper and easier to instead just contact a company like THM or any other to upskill my IT department people to avoid extra hiring or paying. And this would also make my company eligible for Cyber Insurance as well to save the company assets in case of any loss/breach. In the worst case, I can contact a security management company for a one-time testing/checking. Then why, as a "Hiring Person," would someone take me then? Even tho I got fancy certs and industry-level degrees or certs, but would require me to pay him $110k every year, instead of paying up maybe $50k to upskill my whole staff and maybe hire some security consultancy? All this for much cheaper?

I get ur point, but is it easy to get hired into a security consultancy then ? i mean, but generally these are very small groups of people as much from what i know.

unless ur some ass company like Mc-Afee which somehow survives idk how by selling malwares

Because in the end it is cheaper and quicker to hire someone if your needs (As a company) are long term. Consulting is expensive, and adhoc at best.

Sure, you can upskill an IT dept, but then you need willing participants. Whats to say after this, they stay with the company

Can't i lure them with a small % raise to get them involved? After all the job markets these days are soo dense people would do anything to get a few extra dollars