#cyber-and-careers

The Security+ is good structured general cybersecurity knowledge and employers see it as you having an understanding of the processes in the field; but it is a multiple choice question cert, not indicating your practical knowledge. Having that and Net+ are good indicators you have an understanding of the basics. There are official and non-official study guides you can buy, many people use Professor Messer's free course. CompTIA have their own training options as well. Any one or a compbination of those would be more than sufficient to learn everything in 3-6 months

What is the gold standard certificate for a little advanced blue teamer job role (that will walk over the entry level roles), i am not trying to certificate hop and cant afford to get multiple certificates either. Please tag me with your response. I appreciate in advance for your feedback.

what do you mean by "a little advanced blue teamer job role"

oscp equivalent but for blue teaming

ehhhhh

blueteam isnt really the same with certs

Lets go, youve been in the game lot longer, cook something

i feel like theres not a ton of 1-1 equivelents

wheres that certmap

like honestly i wanna say something SANS but thats really innacessible

Yeah unfortunately thats gotta wait until i have a stable income

yeah. and a big one too

All i can do now is grind studying, which i am with full enthusiasm. However, i am saving money but for 1 certificate only, this is the budget i have and i gotta do the best i can with whatever i have

@shut violet

hmmm

why a cert? @fair radish

Every job that i came across requires a formal bachelors degree (in progress) and a standard industry certification

do they specify what certs?

do they specify what the standard industry certs are

Yes let me send some

tick tock pal

Can i dm you?

no

Okay wait

Cyber Security Analyst Job 1

Relevant tertiary qualifications (e.g., computer science or IT degree), industry certifications (e.g., CISM, CISSP, TOGAF, GIAC) and/or relevant industry experience

Job 2

5+ years in Security Operations or similar cyber security roles.
Bachelor's or Master's degree in IT, Cyber Security, or related field.
Industry certifications highly regarded (e.g., CISSP, SANS, CISM, CEH).
Strong analytical and investigative skills.
Proven experience in threat hunting, incident response, vulnerability assessment.
Proficient in SIEM/IDS tuning, scripting, and automation.
Sound understanding of risk and compliance frameworks (ISO27001, NIST, ISO31000, etc.).
Experience with Microsoft security controls and cloud environments (AWS, Azure, GCP).
Comfortable supporting audit and regulatory compliance initiatives.

Job 3

Relevant certifications such as CISSP, CISM, or CRISC

@shut violet here

There were more jobs so you can see the average of certs, but i cant post that long message here

yeah, youre not really gonna get those

So took 3 jobs

focus on the other requirements

like experience

What do you mean?

those are almost exclusively sans

All?

almost exclusively sans not all

dont worry too much about certs right now

you can get your company to pay for them when you get hired

especially when it comes to blueteam because agian, there isnt really an equivelant to like, oscp

Okay, i see your point, ill grind studying until then

@shut violet thank you for being a fabulous community mentor 😇

Gave +1 Rep to @shut violet (current: #74 - 133)

do you have homelab?

I dont know what that is

like a server or secondary home computer running something like proxmox where you can have VMs to mess around with, create a SIEM, do attacks, etc

No i do not, but i can arrange it, i have approximately 5-6 old but usable laptops

Can that work?

@shut violet

ehmmmm it COULD

IDEALLY you have one powerful machine/server and a couple laptops/workstations, a switch, wireless router if you need it

are any of them powerful enough for virtualization? how powerful are they?

some people disagree but i think homelabs are super worth it

Before we get into that, tell me one thing, since thm, and htb have pen testing paths that are equivalent to oscp level training and cpts is always referred to as a bit more difficult than oscp. Do we have such coursework or learning material that can prepare me for SANS level certification? @shut violet

For blue teaming

i dont believe so

but

im not really knowledgable enough to say so

you dont really have challenge boxes and shit like you do with redteam you know

i didnt really learn much blueteam outside of school and work

So we rely on sans coursework for their certifications?

yeah and experience

homelab would help depending on what you do

Well thats a bummer

I have to get into homelab then

idk maybe @vital laurel can spout some wisdom

I want to be able to explain the employers with a “i couldnt pay for the certificate, but with your blessings and my skills i can pass it”

he knows a lot more about certs etc

Thank you for pinging him

You are on the red teaming side?

Nothing prepares you for a SANS cert, like the SANS course

and I don't think you can just take the certs, I don't think that's a thing. i might be wrong, but i've never heard of it

its more to me "i cant pay for the certs you want, but i can show i can stand up and operate my own siem"

so there is NO htb thm oscp cpts equivalent in blue teaming?

YES

heres something i might do

Because if that is the case, then ill stick to my oscp path and finish thm pen testing coursework, at least i can get a decent paying job and then switch to blue teaming later? @shut violet @vital laurel

well, I think the problem is the expecatation that you can just go directly into a pentesting job....

get a decently powerful computer and put proxmox in it. run opnsense. set up a SIEM in a network, run caldera from an attack range host

look at logs and build detections

The vast majority of people are hired into some other role and then move internally

and idk if you looked, this is the worst job market like... ever bascially

none of those things guarantee a job either

Where i am located, skills is the number 1 factor in getting hired, because theres a big market gap, many jobs, less graduates. The second important factor is certifications, because theres gap is so huge, they are hiring people and training them. I wanna take advantage of this situation and stand out with a degree AND a certificate

yeah, i see. its just hard to do that from a blueteam side without funding. @vital laurel like is there any actually good blueteam certs that arent just "i know how to look at a log! i know what a siem is!"

Hands on basically yes

Trust me when i say this, market gap is so huge they have a training and development program, bring your bachelors and leave the rest, for me, i wanna get certs before bachelors end so i can get started with work and support my family

yeah, again i get it i just dont know if theres much options for certs that arent bloody expensive or useless

Sans was my number 1 priority, or WGU masters, but then again, ill be stuck doing odd jobs, raising money, feeding money in tuition and and endless cycle

are there much networking opportunities?

Blue Certs, are hard to get that get you in the door directly.

A little yes, most people are moving to cloud here

i mean social networking

SANS Are the only ones I know that directly open that door, but like I said right now...... SANS can only help so much too

and that puts you 8-10k in the hole

And what about the coursework? We only rely on SANS for that too?

At this stage, 10k is equivalent to my years rent, tuition fee etc, if i ever had 10k from my own pocket, i cant afford to spend it on sans, i have my priorities straight which is family

exactly

But im equally enthusiastic for cyber space

important thing is to be passionate, network well with the people around you, make yourself unique

I think right now

but job market borked

Focus on max learning, max effiecncy

Don't focus on gettting a job

ye

What is the best ROI on your Time and Learning for costs (CPTS is good here) to make you better and ready to conquer when the market shaeks out

@vital laurel whadya think about homelab for roi

IT technical security analyst role

Certification in auditing, security controls and risk management. (Certified Information Security Auditor (CISA), SANS GIAC, CompTIA Security+ or CISSP are highly desirable.)

Through?

i mean, could grab security+ i guess 🤷‍♀️ so entry level though

Homelabs are great, your suggestion is really good

These are just examples, you guys have on field experience so as an employer what are you expecting and hiring for

i think homelab is one of the biggest ROIs

But it helps to put it into a context of a SIEM and a basic logs

use the money you would have used on a cert for a homelab

you can learn windows stuff, linux stuff, domain stuff, attack stuff, defend stuff, firewall, siem, detection engineering

whatever you damn well want

and how to set up the infrastructure for all of it

And how do i learn it? The coursework

there is no coursework

you learn by researching

Okay, its starting to make sense, homelab will be equivalent of what ill do in my day to day job and sharpen my skills, which i can demonstrate to employers?

you gotta ask yourself questions like okay. how do i host stuff? now that i can host stuff, how do i connect stuff?

it wont be equivalent necessarily because in a job may be going to be using expensive tools and infra that someone else setup, but you can simulate

What is the role of “someone else setup”

and you mentioned networking jobs, how does one get into it?

i didnt mean networking jobs i meant networking with humans

companies here have told me networking is dying because theyve moved to cloud, it didnt make much sense to me

sayingh hi to people

Ohhhh

Yeah im really good and confident

I will start to attend conferences and seminars and i have signed up to be vice president for my uni’s student association

normally companies have teams or people dedicated to infrastructture setup

building VMs, networks, etc

What work is that?

idk what the titles would be

network engineer, cloud engineer, that kindastuff

Yo ualways need networking for blue and red

the internet works over networks..

networking still happens over the cloud though, they just mean physical switches and routers really

I appreciate your advice today, both of you, i thank you for it. I will continue the grind and save money from work and see what happens during that time.

@vital laurel thank you, and thank you @shut violet

Gave +1 Rep to @vital laurel (current: #42 - 251)

And im gonna build a homelab from my old computers and start simulating

keep me updated on it

ive neglected my homelab completely but still love homelab stuff

Why do people talk against it alot?

I saw people in general too saying against it

idek

lots of bad takes. it's a thing

sent you a friend request so you can dm me whenever.

as someone switching to it, and no prior it experience (leaning towards cyber sec). Is it better to get a comptia a+ and get a help desk then while working that job study for sec+ or get network+ then sec+? thinking network+ would be nice to have as its a foundation to getting good at security.

actually from smh like 15 applications i got one interview booked for tomorrow

method is working, but honestly i dont think ill get the job. it was just for recon purposes

if i were you i'd just go on indeed and other local job sites in your country and throw cv's at every position that doesnt look very difficult

i think at cyber its more preferable to have security certifications than network ones. but if you have sec certs, network+ or ccna would highly boost your chances

are we allowed to add the skills we learned from the platform to Linkedin and mention that we learned them from Tryhackme?

Hello @vital laurel, can we talk please since you have CEH and my term is starting soon

I do not think that is a problem

But I’d wait for a mod to answer

hey i need help with how to learn red teaming

im on level 0

choose a path and follow it, u can start with pre-cyber

i dont have money to pay the site

there are free rooms u can use

they are so limited

yes, but they are pretty good to get the basics

i finished pentesting up until Ohsint!

do u know any resources?

I only use THM for the moment, u can try free blogs in offsec

👍

hello

hi

Hi

Yeah of course, it is great advertisement for THM and it shows potential employers that you're putting some effort into learning on your own.

are you sure? becaue I contacted the support via email and they asked me to check with mods on discord

Even if you do not get that position, they chose to interview you for a reason so that is good. It will give you some practice and perhaps some new connections.

THM email support told you to check it discord mods? 🤔 People share their THM achievements all the time and the LinkedIn team will often celebrate with you on LinkedIn

they didn't say mods, they just said: ask in the channel of careers on Discord

Ah I see, you are allowed to share on LinkedIn. But the real question is perhaps "should you?" Depends on your situation. I wouldn't put it as your main achievement, especially not single rooms / paths but there is nothing wrong with creating a post mentioning that you completed a path or CTF.

yeah its just not super credible

I’m interested in cybersecurity, but I’ve heard it’s tough to get a penetration tester job since most roles are senior-level and require expensive certifications. Do you think I should go for CS or cybersecurity?

Id say if you are well versed in c++ and Aseembly you could be a cybersecurity engineer.

theres also less pen tester jobs then blue team in general

whatever you want tbh

How do you guys go on about taking notes from multiple sources in obsidian? Especially when it comes to learning the same tool or topic but with additional tips or even additional material that wasn't covered in other sources? I assume this can become quite a problem later if it's not solved in time

I’ve been thinking for a while about starting a personal project for my portfolio. The idea is to build a full enterprise network (6-8 different VMs) for pentesting completely from scratch, including things like Active Directory, web exploitation scenarios, opportunities for lateral movement, and privilege escalation paths. Do you think this would be a good project to showcase on my CV?

As long as you can explain why you did it and can focus your explanation on a particular position you're applying too. Cybersecurity is a very broad field but companies need people who are more specialized. There is no point in setting up an enormous project with no clear focus. Are you doing it for Pentesting? Network Admin? Threat Analyst?

Anyone got opening for me? I have OSINT, CTI, phishing/ takedown, and brand protection skillset. got over 1.5 years of experience. I can do python and scripting. Am fine with Windows and Linux. I do reporting and while am analyst, i also deal with clients on daily basis.

Looking for remote jobs

While my skillset are listed above, i am trying to get into RMA so any offers on that side is also great for me. I spend time studying it too

Im gonna be doing this for pentesting mainly

i think i got it

interview was like about an hour, went good

but holy fuuuuuuuuuuuuuuck

i fucked up python questions

like half of them

if it will work out i'll be moving to the capital, 350 km from my hometown

except of that, they asked me shit like "whats the difference between tcp and udp", or how would i hack into their systems lmao

or what types of attacks i know

is comptia security+ a good starting point in terms of certs or is there a better one? so far only got some entry-level microsoft certs

https://tenor.com/view/it-depends-emma-engvid-it-differs-it-relies-gif-23965001

Market? Country? Education level?

Been working as technical support engineer for about 2.5 years now, based in the netherlands. Education is in a different field(graphic design on associate degree level).

Sorry should've asked this here instead of #general but for grad school in cybersec (wanting to pursue a PhD, haven't decided a niche yet) are certifications important or cgpa and research matters more?

Long ways from home but in a fun city, hope you get the job!

i hope too! i dont care about moving from my home, it has no matter to me

hey guys i'm new to cybersecurity and I need a roadmap i will learn cybersecurity by myself who can help me?

@obsidian rose Sec+ is a good entry level cert that alot of company's look for, You defiantly need to know the material in Net+ to understand how networks work. I started with my Sec+ and now finishing my studying for the CYSA+ which is an intermediate cert

@obsidian rose sorry that was to node

@bold snow

How do I prepare for this? Please recommend some rooms or even other websites

what company

Palantir

Original job posting:
https://jobs.lever.co/palantir/ef725594-42dd-4f0d-ba8e-df8179dbc6cb

palantir evil

Man I just want an internship 🥀

not worth it

Job market is so bad I kind of don't care 😭 🙏 Also it's just an college internship I'm not committed to the company I just want the experience

Welcome , check this one 🙂
https://tryhackme.com/resources/blog/free_path

Always makes me annoyed seeing this blog, knowing they stole my content, published it under someone elses name and didnt even attribute me :/

thanks dude

Gave +1 Rep to @keen tundra (current: #1 - 5860)

Hello, I am looking to get some career advice. I have been doing thm for maybe like 1 and a half years now and i have done a tthreat modeling internnship as well as completed my diploma in IT and about to finnish my bachelors of Cybersec. I play around with many tools and network alot. I am having trouble landing a role. I would like to break into Threat Hunting or DFIR. I also would love to start a business in this field because i genuinly do enjot it and find myself enjoying it more when i progress in it. Does anyonne have anny advice? Much appreciated :)

Is anyone in devsecops here? I have a few questions

Hello, I am interested in a career in ethical hacking. Which certifications do you recommend getting started?

Hello i am learning cybersecurity which exam should i go first ceh of pentest?

if it will be your first certification, CEH would be the last one i'd choose.

learn networking and give a take for network+/ccna (depending on ur knowledge) and then imho security+ from comptia. you can skip the networking part of certifications, they're not necessary, but hr ladies really like seeing that one on ur resume along with security certs

It's great that you're enthusiastic about it. You should read the Tribe of Hackers books. Also, when starting to work in the field you should be open to IT roles at all levels. Helpdesk/techsupport, IT/Network admin, etc., and not just the specific role that appeals to you. There's a lot of options but for a role like Threat Hunting/DFIR, it's generally expected to have several years experience in SOC roles too

Thanks for the message. I am open to any roles but the issue is i cant even land them. I feel like they are soo saturated now because there are soo many ppl trying to get into cyber through them. I have consistently uploaded all 150 days of my streak on thm into my linkedin and done projects and uploaded them. They picked up a fair bit. I had seniors from rapid7 and sophos comment on them as well as recruiters but just no luck :(

Gave +1 Rep to @rugged delta (current: #20 - 530)

Yeah I know it's an awful situation out there. Last year I had a recruiter looking for someone with my skills in Identity and Access Management tell me he wouldn't put me forward for a role because, even though my skills covered all the same protocols and case requirements, because I didn't use their specific system, he didn't think I'd be a good fit... Recruiters and HR people are generally not technical people. They don't realise that just because an interface is different looking doesn't mean we won't just slide right in and be up to speed in short shrift 😆

Hello, Im looking to get CCNA certification, any suggested THM courses?

Cisco provide training for the CCNA, as it's based on their equipment and interfaces. There's lots of networking content you can learn in THM, much of it free, but you should look at the Cisco Learning Academy, and the various books you can get on Amazon, etc...

thanks

Recruiters are just trying to make money and bounce :/

Well you have to remember that a recruiter does not work for you, you're the product. They're working for the company (just like HR is not there for you but for the company)

I hear comptia a+, network+, and security+ are recommended in getting a cyber security entry job, is that true?

No point in getting A+ if you're going for the other two to be honest. A+ is more for entry level IT jobs.

For cybersecurity usually either Sec+ or Net+ is a preferred ask, no need for both. But unless you have experience in the field you'll likely need to start with an IT support job which may favor Net+.

Hi guys I am not sure if I am in the right placecompletely unrelated topic but, I have just done my first SOC home lab on Microsoft Azure, how on earth do I put it on Github, I have been struggling for some times now. Any help is appreciated! Thank you 🙂

Not sure what you mean, do you want to create an article-like repo where you document your home lab or do you plan to upload your artifacts there?

Hi, well, I finished creating everything yes, I presume it will be like article-like repo

You could probably make it in a Markdown file and embed your images there as well. You could also upload a PDF file of your documentation and then upload the necessary artifacts as well

I see

👋 Hi everyone, I’m AdexnanoSec, a certified cybersecurity professional (Cisco Networking Academy).
I specialize in penetration testing, vulnerability assessment, and website/network security.

I enjoy helping people understand security risks and how to fix them, and I’m always looking to connect with others who are interested in cybersecurity. 🚀

Looking forward to learning, sharing knowledge, and collaborating with this community

This is not the place for it. Do not do it anymore. Last warning.

Unrelated question,may I ask what country are you …for the threat modelling internship ?

Hi everyone I wanted to ask how worth it is the security + cert ? Is it really worth investing and putting time into for a first cert ? Or should I take try hack me and hack the box serious etc

I need to start pre security etc

Hey, with the CCNA, does anyone know what kinda jobs you can get with it, if I have no prior IT experience. I’ve been interested in becoming a network engineer but feels like there aren’t any entry level roles for that, any reply would be great.

#general message

I am from Australia 🇦🇺 but the clients for the company i was working with were American 🇺🇸

Hey Hi iam just completed my 12th and iam trying to enter in cyber security path
Any suggestions

You can start with this one 🙂
https://tryhackme.com/resources/blog/free_path

I am not sure if this is the right place to ask as I am new to Descord and cybersecurity. I am asking a person who has recently completed his initial (beginners) journey in cybersecurity. I need help from them. If there is any way to connect with me personally, please contact me.

Learn the ropes with a company, then go solo. Make sure you communicate your value add well in your resume, structure it nicely.

Think more about the fact that with CCNA, you have achieved the biggest fundemental that many skip. Networking is KING

Yes, if you have no IT background. If you do, skip A+. If you want the triad, no harm in it. Do these and think about other stuff you can do, in terms of info you can add to your resume and candidacy.

Which resource did you use to study for Sec+?

not sure if i should get network+ first though

Network+ is a good accompaniment to Sec+, and you will need the networking knowledge in all areas of cybersecurity

Does the tryhackme gives a discount for their premium account ?

@last gyro

Dear All,
I currently work as an SAP Basis Consultant with 6 years experience. Will it be a wise decision to move to Cybersecurity or what challenges to expect ?
Also, when switching domains should I expect a salary cut.
Directly switching to Cybersecurity is a better idea or should I transition first to SAP GRC/IAG, work for sometime and then switch to cybersecurity eventually?
Even a little guidance is highly appreciated !!!
Thanks

Today, Explained: AI took your job

Episode webpage: https://www.vox.com/todayexplained

Media file: https://www.podtrac.com/pts/redirect.mp3/pdst.fm/e/chrt.fm/track/524GE/pscrb.fm/rss/p/traffic.megaphone.fm/VMP4447715577.mp3?updated=1756144799

Tldr, you are not alone. This is a systemic issue if you cant find work atm;

https://news.gov.bc.ca/releases/2025SDPR0005-000483

Also if you happen to also be in bc canada, and also are dependent on disability benefits, this program may be a good one to investigate;

Hi, I'm done with my Jnr pen tester course on TryHackMe and I want to know if I can use the cert to apply for a job or I need to get a CompTia cert

The Jr. pentester path only provides a certificate of completion which is not a certification. But if you’re talking about the PT1 certification by TryHackMe ,then I guess it can be used but its relatively new so a lot of companies might not be fully aware of it.

So is there any alternative or I need to get the CompTia cert before I can apply for a job?

It depends on what job you’re applying for. Usually, entry level jobs shouldn’t require any certifications but cybersecurity is different. Its because its not usually an entry level field thats why certifications are favored for security professionals

But if youre only applying for entry level jobs like a jr. developer or jr. support engineer, I would assume they aren’t asking for any certifications.

So what do you need for entry level jobs then, if they aren't asking for any certs? And for the senoir level cybersecurity do you need advanced certifications like CISSP and CISM

Does someone know why when I use hydra to crack passwords on a site using rockyou.txt or something else it finishes telling me 4-8 passwords that do not work? It should all be correct including the error message

is this on a real site, or like a box you can hack

its the same site

same guy

as asked in #general

Im not doing that anymore

but I want to know why hydra does this:

What is wrong?

the command is this right?

#room-help plase 🙂

this is not related to a thm room

Are u guys share here CVs to discuss what is wrong/missing etc? ( obviously without PII )

Guys i am 16 year old, i done cyber security course (offline) from craw.in and i am on rank legend in THM, my course on craw.in is about to end (that course just establishes base in both offensive and deffensive security), i want to be vulnerability researcher, what should i do next? i am very confused... need some advices

Yeah you can do so 🙂

hello everyone, im working on VDP right now maybe someone can guide me to get my first bug on hackerone, im still cannot understand about the description, and still confuse how to aproach the target, thanks

Alrighty, roast me 🙂 ( hopefully I removed all PII if not please let me know)
First and second page below. Last sentence of the summary always need to be changed depends on the job title.

You have a background in compsci, the first thing I would say is use a LaTeX template for your resume/cv instead of a word doc. You have technical skill from your CompSci degree, leverage it in the elevator pitch. Be sure to include in your Projects whether a project is personal interest or required coursework. If you wrote code and it's open source, include project links to the git repo where the code is stored.

I wanted to keep it simple and not confuse ATS. good idea with the projects.

What can I do to increase my chances of getting a job after I graduate? I'm studying "IT and leadership"...

Hey guys! I'm quite new to cybersecurity. I just finished the first module of Intro to CYS in Pre Security course. I got a doubt that I couldn't find the answer for. What's the difference between a 'Red Teamer' role and 'Pen Testing' role 🤔

Hey guys im 17 just getting into cybersecurity and i was just wondering, Is paying for and getting the CompTIA A+ cert worth it? or do employers not really care about that

Hello! Are there any Canadians here that went to ABM for cybersec? Just wondering what your exp was like if you did!

hey, i'm also "young" and in my opinion, since you're just getting into cybersec, you should wait till you have like a solid base, labs and "experience" with the learning itself. Anyways, it depends on what do you think of the price and your financial conditions, when you're a little older i think you should consider it to get employed, it helps a LOT, and most of the jobs require certificates like comptiasec+ as something "different" and that kinda puts you "on top" of the list of options to hire.

hi guys im currently a junior at uni trying to break into cybersecurity. i'm not sure whether i should target becoming a soc analyst or get into pentesting. I'm interested in pentesting but I'm not sure what would be enough to stand out in the job market for my resume and if i'll have enough time to learn everything before i graduate(so that i can get an internship). likewise for blue team if i want to become a soc analyst. are the soc analyst and pen testing pathways enough to provide projects to stand out in the market to land an internship/job? i already got my comptia security+ certification, im just looking to have hands on experience now or to do some hands on projects to stand out and help my resume so that i can land an internship asap

im also considering cloud security, so im most likely going to work on getting the aws ccp

so is it worth spending time to get the sal1 cert?

I think SOC has more opportunity for an internship/job outside of uni so definitely I can recommend that. If you are interested in pentesting, you can almost always pivot to it after maybe 1-2 yrs with experience in SOC

yeah true. so should i work on getting the sal1 cert or are there any projects you recommend i work on to put for my resume

i already got the comptia sec+ but they don’t have hands on stuff so idk if the cert here is necessary

I wouldn’t pay for any certs out of pocket for an internship or entry level job. The barrier of entry should be low as you’re expected to not know anything besides the basics.

For projects under SOC, you can definitely do a homelab with an attacker machine, ELK stack, and a machine you will attack like Metasploitable for example then you attack it and simultaneously learn how to pick up common telemetry, etc.

Then you can extend it to a cloud-based honeypot for example.

alright thanks

so would you still recommend i use thm?

or just focus on homelab projects

Yeah, they have the SOC Simulator and table top exercises which are helpful for aspiring SOC professionals

You can always interchange them, there’s no reason to drop one thing just for another

i have to pay for those though right

are there any paths that can help me study for security+?

I don’t remember. I haven’t used the SOC simulator.

there is a free room that I tried, it was fun

I am going to buy the anti-virus program code
if anyone have it, pls contact with me, thxxx

So what do you need for entry level jobs then, if they aren't asking for any certs? And for the senoir level cybersecurity do you need advanced certifications like CISSP and CISM

Yeah, it is a bit confusing. But I believe that Red Teamer is more of a covert role, where you perform "real" attacks and try to avoid being caught, which also takes a longer period of time to prepare for it. While penetration tester is not as concerned about doing this quietly.

I know there's a SOC simulator, but is there an alternative for people who would like to have hands on experience?

like, bounties?

Hey guys, im really having an hard time choosing a certification in the blue team realm, more specific for havin better chances for landing a L1 SOC position in the next year. I currently have google cybersecurity professional certificate, Security+ 701 and thats it (80ish rooms in on Thm and going for SOC level 1 path in the next month on the platform). I'd need a certification aimed at the Canadian jobs market (im italian but i ll moving there in 5/6 month from now). Any suggestion? I do have some experience as an IT support for a medical company. Thanks

The SOC simulator and practical certifications are generally good ways to see how a SOC functions in a practical way. You should consider reading the Tribe of Hackers Blue Team book. That series is usually affordable. They're a series of interviews with cybersec professionals in various roles in the field put together by a former NSA hacker. Check out Episode 83 of Darknet Diaries if you want to learn more https://darknetdiaries.com/episode/83/

I am still very early in my career, not into cybersecurity quite yet but soon can transition into it. General IT at the moment.

I am scared if technology is the right industry to get into, I am seeing a lot of people saying to stir away from it due to how insanely competitive it is and other factors like outsourcing/AI.

dont be scared if u are passionate about it and u like it

almost everything nowadays is more competitive than it used to be 10 years ago

like gaming for example. lol

hi guys i got a question for the pentesters or anyone in cybersecurity. How constant do you have to keep up to date with new updates or newly found vuln, and what websites do you guys use. I'm new to cybersecurity and it sounds hard to keep up to date with everything

Keeping up with new vulns, exploits, and general infosec happenings is just as important as learning the basics and vulns of old. It is daunting for sure, but there are tons of ways to passively keep up. Podcasts like Hacker and the Fed, Darknet Diaries, and Smashing Security are entertaining options. Others are newsletters and communities like TLDR and the fine people here in THM. Just find a method of ingesting the info that works for you and soon, you won't even realize how up to date you are! You got this!

But realistically, and I don’t mean to offend anyone, but does it not stress you out about having to keep up with so many updates weekly? Like is it possible to get fired from your job as a pentester if you don’t keep up with new vulns or exploits? Cause I lowkey feel like if there’s new vulns or exploits every week, you’re just gonna be like on your phone/pc reading those new vulns/exploits 24/7 and it just sounds very exhausting

any indian here who is working / knows about the career options here? need guidance..

Hello everyone, I’m currently taking the goggle cybersecurity course on Coursera. I only have basic IT skills and my goal is to take the CompTIA sec. Do you guy know anything else that could help me pass the exam?

Has anyone got the sec + certs

And also worked or currently work in IT support

i did IT support

hey guys im currently working on my SEC+ and was wondering if anyone had any tools they found very useful for studying for it ie.(quizlet practice tests ect)

Good day everyone, please I'm trying to learn or work in cybersecurity, but currently I'm in my second year Computer science major. I only have a router, a dell latitude e5570 core i3 6th generation, 8gb ram, 256gb nvme ssd

Currently I don't know where to start from, thinking about it alone seems overwhelming, but I think I would love being a pentester or a cybersecurity engineer, but no path to follow, and also can't afford any of those certs at the moment because they are too costly, I need a guide please

Guys i am 16 year old, i done cyber security course (offline) from craw.in and i am on rank legend in THM, my course on craw.in is about to end (that course just establishes base in both offensive and deffensive security), i want to be vulnerability researcher, what should i do next? i am very confused... need some advices

If I'm trying to break into the field asap without a degree (even if I must go through IT first), should I gain skills/knowledge from starting SOC Level 1 path on THM or focusing on studying for Sec+? I just finished Jr Pen Tester as I was told it's important to finish due to the general knowledge it gives

It depends on what you want to do

I genuinely just want to start gaining experience in the field asap, so getting a job that can eventually lead to SOC, or starting SOC directly somehow

I ideally just really want to skip A+ unless that's absolutely necessary

But like I'm fine with doing IT Support/Help Desk/etc., I'm not sure if Sec+ can lead to those roles

To be honest, you have to be able to sell yourself well. I myself come from gardening, but my hobby has always been hacking. To be honest, I only wrote two applications for this and was lucky enough to get a job at a SOC. The references from THM helped rlly... and i doesn't have actually comptia sec+...

So you applied with no certs?

jupp

What did you finish on THM before doing so

I have proven my abilities.

the basics... metasploit, exploits... etc...

You can forget about IT support and the help desk. In my opinion, that won't help you.

Then you'd better do Comptia Sec+ or comptia Cysa+

comptia sec+ for 1st level SOC and cysa+ for 2nd level SOC

which one?

If they're coming "off the street" with little to no technical experience, this is false. I wouldn't consider your situation the norm, it's abnormal even.

I've used computers my whole life but only really got into detail the past 6 months finishing Pre-Sec, Cybersec101 and Jr Pen tester on THM

I do just want SOMETHING that gets me like towards security within the next like 6 months though

When I say technical experience I mean professionally

oh I see

So then what would you say is a better use of my time, studying specifically for Sec+ or SOC level 1

I feel like the cert would probably help but idk if no experience and Sec+ would get me a job somewhere

Do you have a degree? Based on the previous conversation, I'm assuming you're not working in a computer adjacent industry currently

Certifications are used to quantify professional experience. They don't really stand on their own

Nope, no degree. I want to try to break into IT at least without one which I know is really difficult but not impossible

and I have a good amount of time to study/home lab/etc

OK, so you need to start building your professional experience. That means getting a job in IT with something like Helpdesk

So does that mean spending time on A+ is pretty much necessary, or is that doable going into Sec/Net+

I wouldn't even worry about certifications right now

Start applying for entry Helpdesk roles, they don't require anything

Unless you haven't graduated High School or have a GED

I seeee, I do have a diploma, I'll definitely start applying, I though a cert was like required even for that

I just want something asap that'll start giving me experience in the tech field so

That's what I was looking for

No, it doesn't require anything. Helpdesk I is ground zero for the industry

Do you think mentioning things I've done on THM on my resume is a good idea or should I keep it more plain with general info

Put together a redacted resume and then post it as an image here for review

Does anyone mind looking at my resume if I dm it to them? Redacted ofc I just would rather dm it

hi guys i have another question, lets say you're keeping up to date with new cybersecurity vulns, exploits, etc. How long will that usually take, does it take like 30 -60 minutes, hours, how long?

I like reading through the articles on thehackernews or heise security, it usually takes about 30min

Can depend tho, if there is something aws related ill go further into detail and research since thats what i work with

Bro what how ?

What are some applications/techniques I should be aware of to help pass an interview for a SOC position?

What about the the compTia Network+

What IDS would I most probs be using?

I know grep well

I use Linux all the time

@junior cliff has anyone finished the course

We can do Splunk, little exp with that. I know OpenVAS fairly well

Sorry ?

I mean, its a public sector position, can't be that challenging

School district lol

Gotcha

Me?

It's for an entire school district

5th largest in the US

Gotcha!

I work here

Im a SBT

Already in the District, just now got an interview for their cybersec department

Some do, yes, many others not really. Trust me, if you met these same people you would know bad info

Hey guys am new
And am interested in cyber security 😀

I love OSINT

Have a book on it

I was gonna messege the CTO(?)

About it

I need to find their email, easy tho

I know their name

I can look them up in our directory

That's kinda how I got the cybersec interview

Hey peeps

Hello

hello fox how its going, what is opinion about apprenticeship ? i had few interview before with google but i fail in the last stage for them :c i didnt have more calls , what would be the best way to get one , send emails to the company asking if the are interesing to get apprentices ?

hey folks

where can I start AD pentest ? I always play web linux privesc

Start here 🙂
https://tryhackme.com/module/hacking-active-directory

Can someone help me decide what I should do next in TryHackMe? I started with Cybersecurity 101, but now it is asking for purchasing what should i do guide me guys

The Cybersecurity 101 path has premium rooms that's why it's asking you to purchase a subscription. You can opt in or not, whichever's fine for you.

There is a Free TryHackMe training path available as well: https://tryhackme.com/resources/blog/free_path. This is just a list of rooms that are still free but also teaches you the basics.

Other than that, I suggest doing your own research and looking for available free resources. There are tons.

@shyz2busy8387 @shyz2busy8387 thanks guys btw what way you guys study for cyber? Like paid version of tryhackme or freely by researching?

I do a mix of both. Right now, I'm more focused on doing my own research but when I was starting out a few years ago, I was doing TryHackMe all the time.

So what you recommend to do own research and study or go with tryhackme then own research?

One more thing certification they are way more costly for that what is the solution?

write code, write blogs, join CTFs, contribute to groups

Hey everyone! Its been a while since ive joined this server but I'm not really active here. The reason why i joined this server was to get some guidance, how to land an internship in this field(as I've heard and experienced aswell that the entry level roles are a tight competition). I have completed some learning paths like jr penetration tester, red teaming, web fundamentals, etc but I have no professional certifications as of now. I would love to learn or hear your experiences, thanks : )

can u be more specific about which role u like? (other than red team ofc)

As anyone done CISCO courses ?

im going to collage but i just dont know what study i should follow, i can choose like linux sysadmin, windows sysadmin, cyberops in the field, cybersecurity from a hackers perspective, practical threat intelligence or linux server security
i want to be a penetration tester tho so what should i do?

i got 19 classes i could follow but ill have to send the pics in dms cause i printed it out

Yes I've done one course

I'm currently working through their Networking Basics course, it's pretty cool, especially with the Packet Tracer activities.

Hi guys, I have a question

I somehow managed to land a SOC internship but it’s unpaid, should I go for it?

I'd say go for it, absolutely. Any job experience is valuable. If you perform well, who knows, maybe they will offer you a contract afterwards?

Cybersecurity specialist skilled in hacking, data recovery, and gaming security. Focused on protecting systems and optimizing performance.

They said it’s 24 weeks with potential for conversion to full time paid based on performance

Ah, that's pretty long for an unpaid job, but if you can swing it, it's probably worth it. That's how I got my first job (well, not in cybersec but in web dev), first internship for 3 months and then part time contract.

Well, if I put in effort, I can wrap everything in under 3 months, to convert to paid faster than 6 months

I do not agree with unpaid internships. If you’re doing work, you should be paid. This should apply to even interns.

There’s also no guarantee of getting a return offer.

That’s like “hey, do 24 weeks of work with us and maybe we’ll consider you.”

Well the thing is, I don’t have much any other options. All my online applications have failed despite having the best resume. I only managed to get this one because I met the CEO of this company in a networking event

It’s still up to you but it sounds like a recipe for labor exploitation if you ask me.

Think about 6 months down the line if you think it’s worth it to commit to that without being paid for your services.

You also have to consider your expenses like commute, lunch, etc.

Well I already have another job so I have no money issue and the work is fully remote so no commute

Well, I won’t fully go 6 months unpaid, I will try to ask them for paid role earlier than that like 2-3 months and see what they say

It’s possible to negotiate with the employer if a salaried position is possible. Research about what is the minimum wage where you live and try to compute your costs around that.

Worst case scenario I will quit, not paid but at least I got real life experience out of it

I will have an onboarding meeting with them next week so I will ask them these questions

I won’t let anyone exploit me

That’s also another thing to consider. You need to evaluate if you’re able to juggle two jobs.

It’s still up to you but you should consider all your options.

What one you do

Ooo okok I was thinking of that one ,I for sure want to do the ethical hacking one

Well this one is an upgrade, considering the other options were companies whose business is charging you money to give you work experience which I didn’t sign up at all

I recommend it, they explain networking from the ground up. They have quite a few of these courses, a lot of them for free

And also I signed up for a tafe SOC course and paid 1500$ but they delayed it 2 times so I cancelled and got a refund, but at least this intern will give me experience for free

Ah, I thought you might be a student/graduate. Yeah, you definitely should think if you're able to handle two jobs, that's exhausting

Actually I am a fresh graduate, and my other job is just a night part time job so I can handle this one during the day

What was your major?

Bachelor of cybersecurity

And I like blue teaming

And this one checks the box

Considering online applications mostly fail, I see this one as a rare opportunity because I only got it because I met the ceo of company

There are paid graduate jobs out there but they are rare and damn impossible to get unless you can hack nasa

Hosted an AMA on the TryHackMe subreddit concerning the certs that helped me in my carreer.
Feel free to AMA: https://www.reddit.com/r/tryhackme/comments/1n4tbzu/ama_my_10_months_certification_journey/

I get it, that's the sad reality in the current job market. As I said, imo any work experience is valuable much more than diplomas or certificates.

Yeah, it’s the employers market, unless you’re a senior engineer and have good skills to set terms but when you’re a junior with no experience, you should take whatever you can take

Hey everyone how do you guys go about structuring or documenting try hack me progress on cv etc ? I have git hub but don’t know about it fully alot

Plus linked in

But to show people and proof etc

This is what chatgpt said about this:

you don’t have to stay the full 6 months if you can prove your value early. Most companies use long unpaid internships as a risk-free trial. If you can show them in 2–3 months that you can automate, onboard clients, and reduce alert handling time, you’ll have leverage to ask for a conversion.

What are your thoughts on this? @atomic pollen @dense dagger

Just because you can do it on another time during the day doesn’t mean its not exhausting. Let’s say in a part time, you’ll work 4-5 hours then in your unpaid internship, you’ll work maybe 6-8 hours depending on the schedule. That is easily more than half of your 24 hours already.

That’s true but the problem is, they’re hooking you into the idea that there might be a job offer down the line which may not always be the case. There can be cases where they tell you to extend maybe 2 more months just to “fully” evaluate you. The workload can also be taxing depending on what they’ll give you. Also, 2-3 months is not an ideal timeframe to “prove” your worth. Its more of a transitionary period in understanding how the business and operations work.

It kind of sounds like I am being pessimistic but these should be real concerns that you need to take into account.

As I said, its up to you entirely if you want to push through with it, I’m just providing you with perspective on how you can look at this offer.

That is true, internships often lead to a contract, but as Mknukn said, it's not guaranteed. I'm just thinking about grabbing opportunities as they come, since that's what you have to work with now. You can always walk away if it doesn't work out, but at least you'll gain some real-world experience and get a sense of what the job is like day-to-day. You could keep job searching on the side, but my concern is that your time might be stretched thin with everything else going on.

Bumping this! Feel free to join my AMA. I hope to help as many people as possible and I'm giving long format answers.
I also linked to THM resources for each cert: https://www.reddit.com/r/tryhackme/comments/1n4tbzu/ama_my_10_months_certification_journey/

I mean as of now ive only done red teaming but i would love to break into soc analyst or cloud security

So you are already working in a role that is one of the most advanced, most technical, most highly sought after roles in cyber or info sec, and you want to be a SOC analyst? This raises many questions.

Is it that you've done some red teaming paths but you want to do some blue teaming paths? You can take a look at the SAL1 certification page and if you click the 'Get Started' button, you can then click the Recommended Learning section on that page and see which rooms and paths are suggested in your pursuit of the SAL1 certification. You can do those paths and rooms without pursuing the certification, but it may make you more confident discussing such topics when pursuing those kinds of roles

https://tryhackme.com/certification/security-analyst-level-1?ref=discord

I'm working on that now. Would you say that plus other tryhackme labs and maybe a home lab running snort or zeek would be enough to confidently apply for a soc job?

might get the cysa+ after as well while i'm grinding. I already have the network + and security + and 3 years of helpdesk but still feel like I have a lot of gaps in what I should know going in.

Depends on what job you're applying for, yes

Oh no im not working yet lol, im just learning

I dont have any professional certificates yet, do you think i should try sal1 or a professional certificate for red teaming would be better?

I haven't been required to write any scripts as an intern, but have definitely written some for automation purposes. It depends on the environment you're working with but I'd say understanding powershell/bash is a must and then being able to differentiate between malicious/benign code in whatever language the place uses is a nice to have

most cases of what?

That depends on the company’s policy. There may be policies that only approved AIs (e.g., your company uses Google Workspace, so Gemini is the AI of choice) can be utilized. Even then there are also policies to consider like don’t upload customer info to the AI, etc.

again depends on which company it is, I'd say generally frowned upon (as of now). Usually someone in a more senior position would handle scripting if it's needed for parsing logs or tussling with connectors. Most likely you're gonna be handed a SIEM and told to address offenses

I guess I'd sum it up as probably not needed but incredibly useful to know

My soul died when Microsoft changed their 365 landing page to copilot cause now I needed to make governance and exceptions for a whole bunch of things

We had been kicking the AI problem can down the road until that point

Yep, that is the soup can I know and hate that is Microsoft especially with how Copilot is so privacy invasive

What would be suggestions for a free learner rn ? In terms of certs ,learning material …? Everything and anything please

Do you guys think Chat GPT could be an effective answer for career planning?

Planning about my career with GPT, and GPT made kinda.. better plan than mine. It sounds great but should I beleive it?

Probably not. Ask your peers and try to reach out to people in the industry before blindly trusting a stochastic parrot

people here can also help

Thanks Everyone. I don't either know peers or people in the industry.. So I gonna ask here and get some help.

people here are always open to help

probably

Can I jump in and ask career advice for me as well?

As bad as LinkedIn's content is, it is actually useful to find people working on a field of interest. You can usually add someone and ask for some tips or advice, most people I've tried have been receptive to that

Hi everyone
I’m a high school student from Italy and I’m very interested in cybersecurity.
I’ve been studying on my own and doing some courses, but I’m still at the beginning.
I’d like to understand better what working in cybersecurity is really like, not only the study part or challenges, but the day to day job in companies. Do you have any advice or resources for someone like me who wants to explore the field and get a clearer idea of possible career paths?

Thanks a lot for your time

Hey,

Does anybody know good resources for AppSec? I would like to learn AppSec but can not find good resources.

hey guys is snort or zeek more mainstream for corporate security? or are both used?

Thanks a lot for your reply, it’s really helpful!
I forgot to mention that I’m especially interested in penetration testing, even though I’m still exploring the different areas of cybersecurity.

I completely agree with you that practical knowledge is more important than just certificates. Right now I’m trying to build skills step by step, and i’m starting to do some CTFs.

Gave +1 Rep to @misty jungle (current: #3119 - 1)

hello

could i get advice from somebody experienced in the cyber industry

in a sophomore rn in college i wanna do security engineering when im out of college

@obsidian rose I am starting with CEH as first cert, u think it's worth it? I still didn't pay yet

rn im doing picoctf

and i’m gonna start overthe wire

Country?

Morocco, some companies ask for it here

i know scripting and bash r important skills

idk how i can learn py script

Sure then, but it is not practical.

what do u suggest

Utilize opportunities that you have available to you, like your Student Center, and join tech related clubs.

What field do you want to work in? Do you want to work in Morocco as well?

I prefer to stay international, and I want pen testing

well i mean i wanna use my free time to work towards my career but idk what i should be focusing on

Well that becomes way harder, each region has different needs.

The US and France would be very different for example.

yeee, let's focus on Europe for now, US is way too far

Europe is still too broad.

Pentetsing, OSCP is widely recognised across europe. Some countries prefer a degree however.

also most companies here ask for offsec certs, CEH only a few, for example Deloitte asks for Offsec

The things I listed. The Student Center will likely have resources for creating a resume and getting it reviewed. The tech related clubs will more than likely expose you to more aspects of the industry as a whole and serve as an opportunity to build relationships with people.

@obsidian rose

Yup. But that's expensive.

got it

thank you

yee I know, but do u think I should skip CEH and join offsec instead?

which one will give me better skills

OffSec. CEH is MCQ mainly.

But OffSec is a big investment.

okk, thank you

thank you

Gave +1 Rep to @obsidian rose (current: #27 - 381)

“Ha ha, hahaha.”
cyber-and-careers what about it?

What yall think is a good project to have on a resume. It needs to stand out and should be pretty advanced. Not like very beginner friendly

my goal is soc analyst
I am almost finished with the SOC level 1 path
Once I am finished, I am thinking of doing SC-200 and/or SAL1
Which should I do, or if I should do both, which should I do first
And also, should I do the SOC 2 path or do the JR penetration tester path

Question guys, is it better to follow the whole learning roadmap on tryhackme? or is it better doing specific rooms such as Jr. penetration tester, SOC 1, secuirty egineer etc?

I would suggest you to follow the path

Hey guys, do you think the MacBook Air M3, is a good choice for me?
I’ll be doing more on penetration testing

more than enough, just buy a copy of parallels if you need to vm anything

Hello guys, I'm a non-IT student I likes to start my career in cybersecurity roles can anyone please help me, especially with resume I don't know what to keep and especially the projects section

If you don't have any formal training and experience in cybersecurity it will be difficult to land a job in that field. For projects you can list some of the THM sections you have completed.

Had a little theoretical knowledge on networks, os, tools

For your cybersecurity resume toss in any relevant classes, maybe a cert like CompTIA Security+ if you can get it. And some cool projects if you have done any, like a home lab even. Show off skills like problem-solving, and add a projects section with 2-3 things like setting up a secure network or poking at vulnerabilities.

Certificate mean I done only EC-Council EHE bro that's all I have

Ok so that's a good start, add that on there!

Is EC-COUNCIL EHE cert worth?
And I don't know what projects to clearly add
can u or anyone say few, if possible please

@tiny pecan Thank u bro

Gave +1 Rep to @tiny pecan (current: #3120 - 1)

Hey Y’all. I’m a 24 yr old from Pakistan. My name’s Ibrahim. I go by IB.

I’m a complete beginner. Less than a newb when it comes to tech.
I was wondering if anyone knew a pathway into cybersecurity. Like what I should learn and where from and how do I get onto it.

I would appreciate the help. I’m looking for a roadmap to lead me to cybersecurity

When you are starting out any Cert is worth mentioning.

For projects you can do some simple stuff and post a blog post about the results. Something as simple as scanning your local network using wireshark and nmap.

You can then say something on your resume under projects like:

Home Network Lab

• Conducted a home network security audit using Wireshark and Nmap
• Identifying and mitigating 3 vulnerabilities, including blah blah
• Used my skills to enhance network security by 50%

Sign up at Try Hack Me and begin your journey there. No experience needed!

Thanks for the information @tiny pecan

Gave +1 Rep to @tiny pecan (current: #2054 - 2)

Good luck!

Hey guys, I’d like to know if it’s possible to get a job with an OffSec Level 200–300 certificate without having a degree. My idea would be to start working after completing the course and then pursue a degree later on. Thanks!

Hey people!
So I’m trying to change careers from a self employed gardener into the cyber security industry. Getting closer to 40 and wanting to get a job that dose not require destroying my body.
My plan is to take the CompTIA Security+ & the SAL1 for starters. I have just completed the pre security course and now onto cyber security 101 (which i am throughly enjoying). I’m looking for remote work as I live in a rural area. Currently rebuilding my home network for a project using ubiquity hardware. What other recommendations do people have for becoming job ready as soon as possible?

If you have the skills then you don’t need a degree

Do you have professional experience somewhere in the computer industry? My assumption is you're looking to get into pentesting with the cert your listing.

The correct answer is it depends.

No i don't any professional experience because i'm still an high school student. I'm 17 and since last year i started learning about cybersecurity trough tryhackme, especially now i'm pursuing cyber security 101. My question was what is the best path to became a penetration tester?

@stoic cave

Career transition isn't something that I've dealt with personally, but I will say it's likely going to be hard to jump straight into cyber. Cybersecurity is not an entry level occupation within the computer industry. You're likely going to need to start on a Helpdesk somewhere as you're coming from a non-technical field. This means two things, the first of which being can you afford that change. The second thing is that you're likely not going to be able to find/obtain remote roles right away/for a while. I personally do not think Security+ or SAL1 will be helpful to you at this stage. A+ will likely be a better option, even if you know all the parts of a computer and what they do. At this stage, you're likely to receive a bunch of questions about why you're transitioning and "are you capable" sort of stuff.

You should finish high school then. That's the first step and what you should be focusing on. That and enjoying your final years as a kid. If you have the opportunity to obtain a Bachelors degree from an accredited 4 year program after high school, take it. It will help you in the long run.

Thanks for the advice; i'm based in Italy, do you think that is worth it going to a top university in Europe instead of studying in a public university here in Italy? For example Computer Engineering in Politecnico di Milano

Gave +1 Rep to @stoic cave (current: #21 - 527)

I am not in Europe, so I can't really provide input.

Thank you anyways for your time

aarch64 chips tend to have less software support than amd64/x86-64 chips. You will likely need to get comfortable with compiling software if what you want to run for pentest isn't compatible with the hardware.

.

If I am correct, CEH has performance-based questions at present.

Their level of performance is not very high, so don't expect much from them

Thanks for the reply. This is good to know. I guess CEH has good formation, but seem to be used because of the name while looking good on the resume.

Gave +1 Rep to @rugged delta (current: #18 - 533)

All replaced by ai

Its a really good laptop

Im using it rn lol

if you get the OSCP Im sure you could

But that is a HUGE skip of steps

The OSCP is way above your skill level

lol

LOL!

I know this depends on location, but this is just a general question that I have regarding entry-level Helpdesk roles.

Q1. Do you need background experience (job experience), certifications etc?

Q2. Is it normal to not know how to troubleshoot everything when working in a Helpdesk position (e.g, advanced network issues, applications issues, etc.)?

Thanks in advance.

Guys is there anyone whos SOC analyst

Hey, if I'm considering switching my goal from being an SOC analyst and moving toward becoming a security engineer instead, would I have much luck? I know the industry isn't very entry-level friendly right now (which sucks for people like me) but I'm just not enjoying learning SOC stuff in the least. It wasn't really my endgame goal to begin with, I just started learning that side of security because I assumed (based on what I was told) it'd be the easiest way to get an entry-level position... but frankly, my interests seem to lie more in the security engineer side of things, at least for now, so I'm just curious what y'all think. I'm not decided either way yet.

Curious why the Linux+ is listed before the Sec+ in this, considering how I've been told the Linux+ is significantly more challenging than the Sec+ and Net+ 😂

get the point, the first are of comptia right?

If it has a + after it, it's almost certainly a CompTIA cert, yeah

Ok, thanks. So if you don't have that certificate, you can't work in cyber?

Gave +1 Rep to @edgy orchid (current: #658 - 10)

Not necessarily, but certs are the primary method of proving your capabilities and getting your foot in the door, so you'll definitely have better luck if you get one. I don't have any of my own yet, but I'm currently studying for two (ISC2's free "Certified in Cybersecurity" and the CompTIA Security+), as I have had absolutely no luck finding an entry-level IT job, let alone one in cyber, and I know those will at least partly boost my chances

Basically they are nice to have but not required. There are a variety of certs out there. Really just depends. compTIA is highly regarded though.

They are generally required for higher-level jobs though. Most entry-level demands certs too, though I've talked to plenty of long-standing pros who all agree that employers are asking way too much of entry-level roles these days. You also do have to have certs for some specific jobs, such as ones with government agencies

So, would you recommend that I get these certificates during university, or maybe later while working, for example? I just need to get a general idea since I'm still in high school and I have two years left. My goal would be to finish the TryHackMe red team path before starting university. Thanks for your time.

Depends on what your major is, but from what I've been told, you'll still need certs even with a degree, and that there are some degrees that actually have you get one or two certs during the process. Don't go by me, though, I'm still entry-level myself and I never went to college of any sort

You’ve really helped me clear things up, thanks.

Gave +1 Rep to @edgy orchid (current: #604 - 11)

No problem, I hope that what I said was the right advice haha. If I was wrong on things, I welcome people with more experience to correct me!

Yeah. Tbh Im personally skipping A+ and Net+. Im going CCNA route. Still doing sec+ at least.

im pretty much in the exact same boat, have some internship experience in software dev before i decided i was more into cybersecurity, so I got my sec+ going for a soc analyst entry but my endgoal is security engineering. at this point, i personally decided to learn and make projects possibly looking a bit overqualified for SOC, just to give myself options. Im trying to follow a roadmap where I'll learn enough red/blue team skills then hone in on what I need once i land a role.

soc seems boring but it needs to be done

Yep, I decided to skip the A+ myself because it's expensive and if you're capable of stuff in Sec+ or Net+ (or CCNA, in your case), there's a good chance you already know your basics. I'll probably just go with the Net+ myself, as I know the CCNA is more challenging and I don't know if I want to invest that much time and effort into it when networking isn't my primary focus, and I'm definitely going to grab the Sec+

Well, it's not so much that it's boring to me, it's just that I find myself struggling to follow along with all this crazy amount of data analysis and I'm also not keen on the idea of basically just watching logs and IDS/SIEM stuff all freaking day 😅

But yeah, I'm sure I'll pick back up on the SOC path at some point or another, even if I switch, as I know it's important stuff. In many ways, this consideration is just sparked from being overwhelmingly frustrated with the Snort room, which I genuinely loathe for some reason 👀

On the subject of the Snort room, I may just return to it with a video walkthrough, or watch a more in-depth video course, because I was feeling lost and frustrated. I also feel like it'd be a thousand times more useful as a tool if it had a GUI because it's challenging to actually read so many walls of text in a CLI (even though I actually enjoy using a CLI for a lot of things)

Yeah it definitely saves some money not having to take A+. I think what draws me to the CCNA is that exact challenge. I already reviewed the net+ and sec+ material from Professer Messer and it felt almost natural to me.

yeah i get that, ive tried looking into other roles such as sys admin or cloud engineer as entry points but those usually become more of a detour and dont end up helping as much in the long run from what I've read. taking breaks isnt bad so you dont burn out so im sure you got it

I totally get that. I don't mind challenge, I just don't like risking hundreds of dollars on a challenge I'm not confident with 😅 But yeah, the CCNA is pretty prestigious so you're likely going to catch eyes quicker than you would with just the Net+

That's similar to my issue. I've been applying for IT jobs for half a year now, I intentionally went with entry-level helpdesk simply because I don't have IT experience and I figured that'd probably be the only thing I could actually be considered for... but even after 6 months of regularly applying, not one interview. Not one. I'm not expecting my chances to be better with any applications regarding cyber, but I guess I can only do whatever I can do 🤷‍♂️

And as for burnout, I've experienced that something like 4-5 times already and it always takes forever for me to get back into the swing of things But again, I can only really do whatever I can do and have faith for things I can't change

Totally understandable honestly. The price tag is daunting. And I've been considering investing in actual equipment so I can practice networking because I really don't think dealing with just packet tracer will get me very far. Me doing all that for a cert is insane but I think it'd be worth it.

Yep, especially if you can't even get your first job to pay for it in the first place 👀 And yeah, probably wouldn't hurt to get yourself some gear if you can, hands-on practice and home labs are good to pad out where you lack experience.

I'm hoping to build a lab for myself, just trying to figure out space requirements, probably going to have to move just to get that done... fortunately, I have a different family member I can move in with who actually has some free space, but still, gonna take forever to actually get that move done

That'll definitely be exciting when you do have the space to build a lab. Honestly its the best practice one can have.

Without a doubt! Thankfully, I have the hardware necessary to set up at least my early projects: an old ThinkServer, three laptops, my main PC and an older PC of mine if I switch it to an SSD and get a new case for it. I'm grateful I don't have to spend too much money since I was gifted some of that hardware, it just sucks not having the space to be able to set things up properly haha

Oh I believe it. But once you get it up and running though you'll be smooth sailing from there once you do have the space. Definitely something to look forward to.

I appreciate the encouragement! I can only hope I'll actually get an interview, can't think of any way to talk about those projects on a resume alone lol

Yeah, it is a bit hard to really mention projects on resumes. I had to create a separate section on my resume that is for projects. I don't have too much work history since I'm currently disabled. How I added it was basically each individual project, then a short description for them to ask about during an interview.

I'd need to rework my resume to fit any more sections on it, as I'd either need to remove all but TryHackMe from my Education section (I don't have any degree or certs yet) and pretty much remove all volunteer experience from it 🤔

Anyways, I hope you're able to get the job you prefer as well, one that works well with your disability 🙏

yeah its very rough right now, I've had a chance to work with helpdesk for a bit and it seems like they usually require A+ or hardware knowledge, I dont know if you've tried these jobs but if you have any interest in hardware, I would look into computer technician job maybe, if not a geeksquad agent at best buy since that requires little to no experience. I feel the same way with burnout though, it makes me not want to even look at a terminal sometimes. hang in there.

Yes, helpdesk is basically all I've been applying for. My main issue in terms of opportunities is that I live in a rural small town, next to no companies with proper IT departments (let alone hiring), and I don't have a car so I can't exactly travel to the nearest city. Really limits my opportunities since I basically can only work remotely. Sucks, but I've tried to figure something else out and I've got nothing 🤷‍♂️

Thanks for the encouragement though! Like I said, I just keep pushing forward, doing whatever I can in the meantime. No idea whether I'm wasting my time or not but hopefully not lol

Gave +1 Rep to @abstract agate (current: #3124 - 1)

Thank you! I hope so too. I do know of a local company that will be hiring on upon expansion so maybe that's my ticket. I'll be meeting the owner most likely soon just to get my name out there so fingers crossed 🤞

I also hope you are able to get the job you really want as a security engineer.

Gave +1 Rep to @edgy orchid (current: #563 - 12)

Sounds great, hoping for the best!

And hey, I'd be okay with any IT job at this point so if I land something like SOC analyst or security engineer, I'll be pretty happy 😂

Haha facts. Any job is better than none that's for sure.

@edgy orchid are there any internship options available in your country? Not suggesting it's financially solid plan, but at least an opportunity to get a foot between the door.

It's funny you mention that because I had considered doing so. Right now, I live with family and thus my expenses are somewhat low (though I do have other things I really need to be saving for), so an internship would work at least to start. Problem is, I have yet to find a single internship that doesn't require you to actively be enrolled in some sort of university degree. Definitely can't afford, nor do I desire, to ever go to college so that sadly won't work out

I see, that's unfortunate. I'm in a somewhat similar situation, where I'm trying to find my first cyber security job. Though I started my cyber "studies" 25 days ago on TryHackMe :D. I worked previously as a web developer so not entirely alien to many of the concepts. Anyway, still very green when it comes to hacking. In my country the local employment agency organizes several tech trainings, and after taking the web development training got extremely lucky to land an internship that turned into full-time job. Dunno if something similar is available where you live. Now starting an Cyber Security Expert training via same agency, and trying to find the place to do an internship in.

There are recruiting agencies here too, not sure where the nearest one(s) may be though. I don't know of any in my town but there may be one. Either way, I'll have to do some research, I tend to avoid recruiting agencies online simply because I don't trust them to handle my personal data in an appropriate way... I'll have to think about it, thanks 🤔

Gave +1 Rep to @grim radish (current: #3124 - 1)

There might be some entirely online. You could also consider taking a MOOC (massive open online course) e.g. Helsinki Uni in Finland offers Cyber security courses for free: https://www.mooc.fi/en/courses/
Ofc, I'm not a recruiter so might be that Certs are the way to go, but I doubt doing some free uni courses would hurt. Cheers for the rep 🙏

the linux+ is hard?

I would go for Sec+ or the isc2 CC as I said the OSCP is very challenging and you cant just jump into it. The OSCP course will be in a differient language to you if you dont understand it. But you dont have to go farm up all these certs like the A+ and stuff. Depends though.

Jacob if u want me to do resume review for ya lmk

Hey folks! 👋
Final year B.Tech CSE here. While most around me are chasing SDE jobs, I’ve recently gotten hooked on cybersecurity (crypto class + Kali Linux got me started).

I’m considering a Master’s in Cybersecurity (which means prepping for a competitive exam here in India), but I’m also wondering if I should first focus on hands-on skills / beginner-friendly certs before committing.

For someone just starting out, which path would you recommend?

https://www.perplexity.ai/search/d490dede-553b-4410-a121-27632b0f6f8d#6 i was looking at ways to improve my resume, and perplexity suggested i add tryhackme as something under my resume's education section. is that a good way to include work done through tryhackme when i haven't completed any of the major certs like sal1 yet?;

I would not recommend putting THM under Education. If you don't get an accredited degree or diploma out of it, a good rule of thumb is that it doesn't count as education.

IMO, put THM/HTB/other learning platforms under personal projects or personal interests.

ah ok so list specific projects done while on thm and add those, rather than just the fact i am doing thm?;

also is it ok to post my resume here for review/feedback?;

Anyone running multiple paths at the same time on THM

Hi guys I’ve just finished the jr pen tester path on tryhackme and I feel like I need more practise (especially on priv esc) but I’m not super confident towards a bunch of boxes (I end up having no clue what to do and feel like the only way to get through them is a writeup which I avoid) is there another path or some rooms people would recommend

If you check out the Learn page Roadmap, there are a number of paths suggested for you. Also, if you go to the PT1 certification page and click 'Get Started' and open the Recommended learning section, you will see a lot of resources you might like to pursue; even if you don't undertake the PT1 certification

Thank you! Feel stupid now I didn’t click on the cert before because I don’t intend on taking it yet aha

Gave +1 Rep to @rugged delta (current: #18 - 535)

I've heard the Linux+ is pretty hard, definitely harder than the Sec+, but I haven't taken either yet so I can't confirm. And as for resume review, I appreciate the offer! I actually had someone take a look at my resume, though, he has a senior security role at a reasonably large company and he helped me optimize things a bit. The trouble is, I don't have any higher education and very little true job experience, as I've tried many different careers and failed at each one before I even got hired. Approaching 30 with very little job experience isn't fun

Between a cybersecurity or a software engineer, which one has more creativity?

ty

Well you can take your time preparing and getting more comfortable with tools and techniques and building your skills and experience in your own way

u gotta stick with something and go al in

thats the only way im ngl

hi everyone, i was a user of THM around 2021, and bc of it i have now graduated with a bachelors degree in security. im trying to find a graduate job now in the UK but it has been tricky, so whilst applying for more i also want to do extra certificates but i'm not sure where to start. can anyone help me please?

i'm quite interested with Sec+ or CEH! but not limited to that

also, i have a career fair tomorrow that i'm joining. if anyone could check my cv to give some opinions i would really appreciate that!

Hit me up

I use arch btw😆

How to go about finding cyber jobs or IT support jobs ?

im bored asl if anyone want resume reviews dm me

Broad question need more information on what you do and what you have done

Dm

anyone? :(

I can check ur cv

Congrats. What certs and skills do you have

thank you!!!

Gave +1 Rep to @chrome spire (current: #2058 - 2)

can we dm?

Yea

anyone with Sec+ / CEH, i'd like to have a chat and know real experiences on how/where to start with to take the certifications!!!

THM isn't a project either, as it's not your project that you built. It's an extracurricular activity. Yes, you can post a redacted copy of your resume here as an image for review.

I have Sec+ feel free to DM me

Thanks, will redact and share in a bit, taking a healing day atm;

Gave +1 Rep to @stoic cave (current: #21 - 528)

Also to answer your name, no i use searx;

Here's the json for my proto-resume. my plan is to use this to help with creating specialized resumes based on the job posting and job title, since there are several job titles i could apply for and each would be customized to fit that role;

Thank you!!

Gave +1 Rep to @fading lance (current: #3130 - 1)

which path or room i flows for learning reverse engineering

Unfortunately a lot of folks think CEH is a joke

:o wdym?

we were encouraged about it and its also one of the top certificates (?) in the UK so im curious on to see what you mean!

Top certs in UK? CEH doesn’t really provide any practical skills. It’s all memorization and the test is multiple choice. A monkey might be able to pass by just guessing. Not saying you’re at the level of a monkey but the exam has gotten heat in the past. The people who provide it (EC Council) have also blown their marketing out of proportion about it. They’re trying to make it a gold standard and that everyone must have it. Also EC Council has faced some scandals in the past so the credibility of the cert has diminished because of that.

However if you’re going into defense contracting it’s usually a baseline cert to have.

EC Council wants to put it on the level of CISSP but that’s never going to happen lol

Although you might be able to convince non technical recruiters you’re a god at hacking 😂

thats what matters the most 🤣

jk, but i see! thank you for your input

Of course. I mean it’s better than having nothing but it’s one of the baseline certs

Not like a CISSP

i only know what ive been told, and yes we were encouraged to take it at one point during/after uni so its interesting to know its actually not worth it

EC Council probably tipped off the guy who sold it to ya lol

hahaha don't doubt it. uni is a business anyways

My company works with EC Council and they aren’t really what they seem 😅

Straight up facts. It’s all business.

They don’t care if you get your degree lol

Kind of a load of horse poo but you and maybe you’re family are the only ones that care

totally

the reason why i went is mostly, in general, having a degree is better than not

but halfway i understood the certificates definitely matter more🤣😭

which cert would you personally suggest? i was told yesterday i can only take CISSP after 4 years of working?

experience*

Honestly if you want to land a job with ease, start building your own projects. Those carry more weight than certificates nowadays since it’s hands on experience. Hands own training/experience is the new golden standard when it comes to hiring.

My uncle is a VP for a tech ed company and that’s how he hires people

I built my own homelab and run my own SOC simulator on it. I also set up metasploit and mess around with that. Stuff like that. Expose yourself to those things and maybe attend a few conferences. NETWORK with people in your field, you’ll land a job better that way than blindly applying for jobs.

I feel like my skills are way too behind to build something on my own, I don't have anything to start with, except for a research I've done for my dissertation

but this is a new aspect I haven't heard about so thank you so much for sharing this!

Gave +1 Rep to @nimble schooner (current: #1249 - 4)

i am going to a career fest today so hopefully i'm able to do something

We don't discuss things such as that attack here , please read the #rules 🙂

Done!

So, I'd like a little input from current professionals or hiring managers. I'm currently in law enforcement (10 years) and I'm taking courses on THM and plan on getting a few certs as well. I've also recently been approved to join a federal task force for cyber crimes and will be receiving training on digital forensics and will be eligible to further that area of expertise and also learn incident response as well. I guess the question is, If I choose to pivot away from my current career, with all that I've mentioned in this message, does this make me an attractive candidate for SOC or incident response roles? The certs I plan on getting are security+ and a splunk certification and maybe a blue team certification as well

Yes, its definitely a very attractive resume but they might only count the actual cyber experience. If you can get maybe 1-2 yrs. experience in a DFIR focused role, I think it’s worth it.

For the certifications, Security+ is a good foundational cyber cert. There is also BTL1 and CCD for blue team related certs. Also look into GCFA and GCIH certs. They are relatively “cheaper” without the SANS training.

I wouldn’t focus on getting platform specific certifications unless they’re required by the job.

Anyone know what I would look for if I’m looking to get into cybersecurity for robotics?

Perfect. Thank you so much for the input!

Gave +1 Rep to @dense dagger (current: #22 - 467)

are eJptv2 and CompTIA sec+ good / worthy certificates? im planning on getting a few fundamental certs in my early university years, and these two were the ones i thought of.

i heard some people complaining about how basic eJptv2 is, but i dunno. do i do the right thing by gathering a few fundamental certs earlier, especially the ones i mentioned?

eJPT exam is very basic, but the course is awesome. Frankly, the course is harder than the exam.

Yeah any tech field, doing projects carries more weight. A person may have their PhD in cyber but they might not have real world experience and know what they’re doing.

Get your certs paid for by you job

I'd have to justify things like security + with a direct payoff for the department. The federal task force is entirely free for them so it won't cost anything and gives us more capabilities as an agency. I should receive certs from the task force though.

can u plz tell me what sort of projects one can build who is studying to be a pen tester?

Look into building your own homelab and messing around with Metasploit.

Build your own SIEM

Or SOC sim

hmm

those seems like a bit advance stuff. but i suppose one need to start to get somewhere

Start your own blog

Metasploit is one of THMs basics

Cyber security 101

i have studied and used metasploit but i didnt know you can BUILD UR OWN

Learn how to write good pentesting reports too. That’s like 50% of the job

enumeration?

I built my own homelab that runs metasploit and I basically have a blue and red team set up with VMs

wow nice

No let technical/business reports

Essays lol

If I were gonna hire you as a pentester I’d want someone who can give me good reports. There’s a THM room about reports

basically the findings now?

Kind of

thanks i will check it out

Gave +1 Rep to @nimble schooner (current: #1078 - 5)

If you can write good reports then it’ll put you above pentesters who don’t know how to write good reports

Also if you want to do the PT1 exam you’ll have to know how to write one

Guys, has anyone taken jrpt cert
i wonder if it includes more training or it is just an exam

thanks for the info

🖐Hi everyone, I am junior Brian from Kenya

I am just starting out in IT / cybersecurity and i am also interested in entrepreneurship

I am here to learn share knowledge and connect whith like- minded people

Outside tech I enjoy movies
and reading,

Looking forward for growing and contributing here

Jrpt? Are you referring to PT1 (from THM) or eJPT (from INE)?

PT1 from THM

now that i think about it i have done something like that before LOL, i'll just have to try it again on my pc bc it was done in uni

I am new in this industry so you all please guide me in which field I should make a career. I found ai to be the best but I am a bit confused about subdomain, so you all please tell me what I should do.

genuine question, what are you meant to do if every place needs more experiences but no one is willing to give you any

Question for all the websecurity enthusiasts. Planning on deploying a website soon and need to get a TLS cert loaded and I am debating on what to use. My domain is through namecheap and I plan on using the site for ecommerce. Their OV/EV (which I learned is organizational validate and extended validation used to display higher trust to users) is $45 per year.

My question is: Is this "required/best practice" or can I use letsencrypt since it is free? First time launching a website so I am learning a ton and love getting advice from the community!

I posted this a bit before, but got side tracked and never really tried it out. I wanna do OSCP eventually, in like a year or so at most. Now I've heard ofc it's super super hard and stuff, but I think I can do it if I focus properly. So, question is, how would y'all recommend going about it? Currently doing some THM rooms, but would that be enough to get into it or do I need other resources?

Believe it or not, it's entry level. The difficulty comes from having a solid methodology, not from the techniques (which are generally pretty straightforward).
I would recommend making sure you've got the foundations down (networking, web / software dev, simple scripting, basic active directory administration, etc), and a bit of experience with some of the standard tools (Kali, Nmap, Burp, sqlmap, etc).
Then do PEN-200. Make sure you're happy with all the techniques they teach you (again, pretty basic stuff in that department). Take a bit of time between finishing the course and sitting the exam. Use that time to go through the TJ Null list of OSCP-like boxes on HTB and Vulnhub (plus Offsec PG if you've got access). Build up a methodology, use a few of them to sit a mock exam under time pressure.
That should be plenty.

Does any body know about the uk 🇬🇧 England job market and can help me ?

I will be honest I don't understand most of this, but this seems like a really good roadmap!! Thank you so much!!

Gave +1 Rep to @undone shore (current: #10 - 903)

UK or England?

Well now you know where to start looking 😄
No problem, and good luck!

dude ill give you a quid an hour to teach me about kali

.

England

Fr 😂

Can't help you there then 🤷‍♂️

i'm UK🙋🏻

Anyone that knows about the job market in Birmingham in England uk and how to find and navigate around it etc I’d love your help and advice if u can tag or dm me

job market for what?

From memory, the certification fee includes a three-month subscription to THM so it should have access to the learning path. However, depending on your background or experience, that three months may or may not be sufficient.

I am new in cybersecurity (zero knowledge) and would let to get started somewhere. I know that THM itself wont land me anywhere in terms of job, my main goal is to gain knowledge and skill. How far will THM take me in terms of knowledge? Like will I be Junior level or Intermediate Level? I want to have my main focus be in Offensive with some knowledge in Defensive. I was wondering what learning paths would be best suited towards my goal?

You can follow this roadmap
https://tryhackme.com/hacktivities

If you're a free resource check out this resource 🙂
https://tryhackme.com/resources/blog/free_path

ah i see but arent those roadmap missing some learning paths?

also is THM a good way to learn the basics?

Yep, its how I got started in cybersecurity

Even now, I’m actively taking their rooms

Awsome, then should I complete all the learning paths? If so should I do all offensive paths first then move onto defensive paths?

No

Not all , choose in which direction/field of cysec you want to pursue a career in and go in that way 🙂

Cyber security

well

yes, I use tryhackme daily and I can say that it is a good platform to learn more than just the basics, also the community is chill and helpful, welcome here mate

how old are you ?

Hello, Is it a good idea to do LL.M in IP and IT laws if i want to go into GRC?

I have also done a Bachelors in Computer Science Engineering

and doing a Masters in IT security

Hello everybody, this question is for people who did many certifications please 🙂
I'm 21 and still graduating (got at minimum 3years before joblife) , but I would like to do more certifications for later on in Pentest, already got 2 CCNA, but as I'm still on studies my budget is low, and everyone talks about OSCP and other certifications that are like 1500$ per try, do you think those certifications are an investment that I should do now ?
I don't really know which one to start with, I was thinking about the new PT1 certificate made by THM.
At the moment I'm only grinding on my knowledge with THM doing all kind of exercises.
Thanxs to any of you responding 🙂
(Sorry I'm not a native English hope everything is readable :D)

You should certainly enjoy exploring THM and learning as much as you can about the field and where you'd like working. Certifications can play a big part in showing your abilities to an employer, but yes they can be expensive. The #pt1 and #sal1 are certainly going to benefit you, and if you go to the links at the top of each of those channels and click the Get Started button, you can look at the Recommended Learning for each certification as a path to improving your learning plan. The certifications are excellent junior certs which may stand to you when eventually applying to jobs in the future, but certification can be expensive. While you might be expected to get some junior certifications by yourself, most good employers provide a training budget you can take advantage of, and employers should be a part of funding your training, especially for certs like the OSCP and others, but you may still need to have done some by yourself. You should pay attention to the skills and qualifications that potential employers expect you to have and ask during interviews what training they might provide to help, as it's a mutual benefit for them to have people trained to the standard they expect.

Thanxs a lot for your answer man

Hello everyone,
I have recently completed mt SAL1 certification and passed it my main goal for taking SAL1 is to land a job in Cybersecurity career. almost 2 weeks passed after completing it and i am actively appling every SOC related job posting on LinkedIn, Indeed, Naukri, Glassdoor etc.. I am not even getting shortlisted for an interview. So, here i want to know in the mean time should i do Projects, SOC 2 path or go for jr. pentesting path? bit confused about this.

Curious, do you have a degree, any past IT experience, or other certs?

I have total almost 4 years of experience in technical support engineer where i used to manage firewall, AD server, AV Server also some help desk to company user... Unfortunately, i don't have any degree specifically in IT. I also achieved google cybersecurity from coursera.

Some need prem tho

This leads me to believe that your resume could use some work. Feel free to post a redacted copy of your resume here as an image. Also, job applications are not about quantity, they're about quality. You should be making adjustments for each submission, to align it to what they're looking for. Without lying of course.

:hammer: ccmail787ccmail.uk#0 has been banned.

OK, so taking a quick look, skills should be moved to the top and I would remove soft skills. Your skills are also generic. Look at your body of professional work and make your skills section reflect that. You should be able to talk to each skill listed at length.

Put your highest level of education in an education section.

THM certificates, other certificates without a proctored exam, and room completions are not certifications. Remove them.

THM and things you did on Google Cybersecurity are not projects as you did not create them. A homelab is an example of something that you can put in that section.

In your experience section, remove the little blurb about the company. Use punctuation. I think the bullets are kind of similar across all the jobs, I would work on them a little.

I'd remove the paragraph at the top. I personally don't like them and you can write a cover letter if you want a paragraph.

I'd remove SOC Analyst and Cybersecurity Professional from the top. Just have your name and contact/LinkedIn/etc. None of your experience points towards having worked in a SOC, imo.

@stoic cave do you have an example of a good resume ?

Formatting wise? AwesomeCV is good

Content wise, myself and other community mentors have given a lot of advice over the past few years that is searchable in this channel

I have registered annual premium, does that cover all the rooms of pt1 ?

yes just not the certification itself

I nearly done jr penetration testing path but im not confident much about my skills.
I dont know that if i missed main points that i should have paid attention to and THM designs this just for the very basic knowledge.
Would you mind giving me some advice on what to do next, switch to solve challenges or delve into specific skills like rooms in offensive pentest path
Thank you very much in advance!!!

Gave +1 Rep to @tacit karma (current: #606 - 11)

if you go to challenges, in the search bar you can type in pen and it will bring up challenges to practice

here is one right here https://tryhackme.com/room/basicpentestingjt