#cyber-and-careers

What do you do if someone actually do need to use one?

we have an exception group in AD - you get added to that and have until midnight - then you are auto removed

but you have to fill out a form and get VP InfoSec approval - basically sign your soul away

😄

Damn

That sounds fun

our firewall team is pretty good

so the port betwen my computer and the server might be open, but if I'm not in the right AD group, the firewall will still block me 😄

layers on layers on layers

troubleshooting is a pain sometimes

I can imagine

Training the new recuits might be a nightmare?

honestly, most of the staff have been here forever

my group is

18 years, 12 years, 8 years and me at 2.5 years lol

how long they've been at the company, not how old we are 😄 😄 😄

lmao I would be pissed if a 2.5 yo has a job and I don't XD

we have a NAC too - so if you don't have all the right agents installed on your machine, the port you plugged in auto disables

wireless is certificate join only

I can't imagine spending 18 years in a company. I would be on my deathbed by then lmao

our director is celebrating 22 years and our vp is celebrating 30 years

Jesus

The longest I have spent in a company was 5.5 years. I left only because I started my university.

i have a more senior position than the seniority of 18 and 12 years - that's uncomfortable sometimes - probably honestly the hardest part of my job - they know way more than me about our systems

How old are you if you don't mind me asking?

I'm a millennial 😄

ayyy fellow millennial

I actually have the opposite in my life. Everyone around me is super young so I need to be very careful interacting with them

I started my education when I was 27-28 years old. Everyone around me were 18-19 lmao

I have to walk on eggshells all the time

both of the guys that are 18 and 12 year time at the company are both millennials too

im like, wtf are yall doing, go get money somewhere else lol

one of them has been working here since he was like 19

How did they find a full time job at 19 😭

People be so productive. I was barely functioning when I was 19

he worked his way up - he started way way low in the company

one of the regional IT VPs started as a facilities tech (painting walls, fixing toilets, replacing light bulbs)

another IT VP was an accountant

one of the secops guys started as a janitor basically lol

wtf lmao

his title was something a little different but if I say it - it gives away the industry 😄

but it was lowly like a janitor (no disrespect to that field)

I was about to say. I worked as a janitor at one point XD

the guy thats been here 12 years started as an IT intern then help desk

paper is paper 😄

Yessirrr

Gotta pay the bills

i used to be an auto mechanic

I'm working at Starbucks right now making coffee with all my work experience and education

Rent ain't gonna pay itself unfortunately

That's a big jump from that.

you and everyone else in this shite economy

i realized I liked fixing things... and fixing computers was easier on the back, less messy, cooler in the summers and paid way hella more

plus your IT bosses bought your tools for you... you didn't have to buy your own tools

lmao

in your experience in school, did the younger generation struggle with computers?

I've noticed that the youngest folks coming into the workforce don't understand file structures in computers - they'd rather it be touch screen like a phone or tablet lol

In my experience, except for a few kids, I did not know anyone who knew more than me

Not trying to brag here

It's not that they didn't teach us. They... just didn't want to learn

The ones that were good were good before they joined university

was it that they were young and just not experienced, or cause they grew up with smartphones and a "traditional" computer was foreign to them?

I think this is the case for everyone born after 2000's. Back in my days, we had to do everything by ourselves and we learned stuff from that. Internet wasn't big

Now everything is readily available so you don't get chance to learn

Take AI for example, it does everyrhing for you. And people who overly rely on it can do the job, but they don't know HOW to do the job.

It was the same thing with pretty much everyone in my batch. Even in Master's

I remember when I torrented a game on Limewire and absolutely trashed our family computer with viruses - my dad said, "here are the Windows 98 installers, idk how to fix it, but I hope you can figure it out" 😄 😄

hahaha man the good old days. I spent my childhood playing games in MS DOS

we would get a floppy disk with games on it and when it stopped working, I loved to open it and take the tissue out

I feel bad for Gen Alpha too.. my friends have kids.. and they are so "instant gratification"... not even in a rude, spoiled way... just INSTANTLY bored or unhappy when they can't stream EXACTLY what they want...

that was a big achievement for me

I'm like... we need some bunny ears and FM radio up in this house

lmao

Deep talk

yea, we got pretty far off topic lol

my bad

Yeah same. My bad.

I'll link it here in case anyone else can also provide feedback

is there such a thing as part-time red teaming work that isn't just a shot-in-the-dark bug bounty hunt? I'm in a different career but hoping to transition over to infosec with some overlap

Perhaps providing intrusion testing consulting on demand (freelance/part-time), assisting in the construction of the pentest, reviewing all security configurations and pipelines.

these sound doable (with some more practice). thanks

Gave +1 Rep to @fading sage (current: #860 - 7)

Hi everyone hoping for some career advice. I started out hearing the term cloud security engineer and thinking it was a really cool idea. I was told I need to learn Kubernetes, Terraform, CI/CD, ELK, etc... basically all DevOps. Very little security, which is what actually interests me. I'm worried I am just going to become overwhelmed trying to wear too many hats.

wanted to share my story about my getting into cyber

https://www.reddit.com/r/cybersecurity/comments/1nzcsoq/13_gpa_to_6_figures_in_cyber_2023_2025/

funny cuz im about start grinding thm now a year into already being in cyber

wasn't so aware of HTB/THM back then but perfect time

Quite inspiring, I can't lie.

The thing about cybersecurity is that it's about configuring and maintaining the systems an organisation needs to function. Like, you can't be a pentester without knowing how to admin Windows and Linux to a certain extent. Ditto with SOC/Blue teaming. Security engineering requires you to understand how to do the IT side of things and on top of that how to choose and implement the security features and configurations you need. A well functioning organisation will have policies and procedures and processes to select and apply the correct tools/techniques for their needs. You'll need to understand cloud engineering before you do cloud security

Very good post, happy it worked out for you.

who use exegol here

Hi everyone 👋,

I'm a beginner in cybersecurity and I'm especially interested in penetration testing. I've started exploring Linux, but I’d really appreciate a clear roadmap to help me move forward step by step in this field.

If any of you have experience, I’d be super grateful for your advice: 👉 Where should I start? 👉 Which tools should I learn first? 👉 What platforms or exercises do you recommend for practice? 👉 And how can I structure my learning so I don’t get lost?

Thanks in advance for your help 🙏

There are so many questions, I hope someone can help you. If I had a lot of experience, I would help, but try looking for roadmaps online.

ok tanks

Ty but lot to learn
I wanna move into DFIR or CTI

Gave +1 Rep to @obsidian rose (current: #26 - 407)

That makes sense, I believe I was trying to learn too many things outside my lane. By doing devops and working with cloud, I am laying the groundwork to move more into security engineering later I think. I was basically worried I didn't know what I actually wanted and that I was doing the wrong things, but I think I'm moving in the right direction after all

You can go to #start-here and join THM. There you will see the roadmap for progress from the beginning

Yeah for sure, keep going with what you're doing. It sounds like you're certainly making progress. Take a look on job sites and see the kinds of roles organisations are looking to fill and the skills and certs they might require

for penetration testing, exegol is, for me the best tool possible

hello guys i'm almost finished with Cybersec 101 track which track should i study next
i'm doing a 365 days challenge each day a room so it doesn't matter really i just want to learn in the best way possible

If you click on Learn at the top of the screen, you can see a map of optional paths you can take into various roles in the field

@cobalt escarp - ummm, can someone review this, it's getting spammed in different channels

nvm, i think you got it already

Anyone else going through a tough unemployed phase?

I work in IT right now

Anybody here studying for OSCP?

Greetings
I still don't know how discord works but I'm getting the hang of it,I'm new to CyberSecurity,3months in.
Any advise or idk anything. Would be appreciated

Welcome. You should go to, and read the #start-here page and follow the instructions there. Then consider following the paths. It's a long journey

🙏

What do we think of the future of pentesting with AI Tools such as https://horizon3.ai/ ?

I’m not sure what to think about offensive security anymore, especially whether I should pursue it. Big clients that I know of have significantly slowed down on real human pentests, relying instead on vulnerability scans and mass automated pentesting. This isn’t just a theory, it’s becoming a reality from what I'm witnessing myself in real time across big companies, banks, etc. It’s really demotivating. It almost made me stop training on TryHackMe / pause pursuing the last certification I wanted, and reconsider whether switching to an offensive security role is worth it.

A manager of the OffSec department in our company also warned me during a chat that over the next 5-10 years, the role of pentester isn’t going to disappear completely, but demand will highly shrink - more than it is now already. The job will likely be less secure than a blue team role for the future. (Talking about pentesters, excluding things like RTOs.)

I’d really appreciate input from people currently in offensive security roles, especially those who are on the market now, or have experience. What do you think?

Hello, I am sort of interested in a job in cyber security. How would you recommend getting started in this space? I have a pc and am able to get linux (either booting from a usb or VM right now) I am open to any help!

Hello everyone and anyone who will help me with my delimma so , i'm 25 , i graduated from managment infromation systems, i've been working as an IT sys admin assitant (but i mostly did all the work there and i am glad i did so i get the experince) for a year , and another year i moved to IT technical support engineer (i took more projects than just Tech support but it was here and there giving me more experince but the Tech support it self is not giving me any) i'm moving toward being a red teamer this is the end goal i know this takes years , so currently i'm looking to continue for pentesting , i've been studying alot latley more on THM and grinding the rooms learning new stuff , actually testing what i learn on real systems ( my company with my IT manager permessions ) and i found various security problems with them , but they haven't moved me for a year despite my capabilities that they know and i know and i been looking to move from the supprt sector for a while now

now due to some automation projects i've done while i was in the tech support a new oppurtinity was opend for me an (internal transformation)Automation specialist , its a new title in the company and they're looking for fresh grads with good experince , from my projects i've done to the IT department they took intrest in me and i applied and i got accepted , But i feel i might be drifting from security which i don't want , and i don't want stay in Tech support for any longer , i really need some sense of direction if anyone could help me out here would be greatful

Would really love some of your insights on this , as my head is really spinning

Hello everyone, I am currently exploring pen testing and completed various paths in thm and learned a lot but still struggle to complete CTFs in THM even the easy ones. I always have to open up a writeup for the ctf as i get stuck. I want to make a career as a pen tester but i don't understand where i am going wrong and how should i improve my skills?

For me it looks like you made a good decision , it's definitely fresh while it can help you a little as pentester in the future . I think you should keep a look at other roles in your area as well since it's little bit off track role (I assume it's closer to software development) . Regardless you are doing great work ! 👍

It's more like automation through workflows , Ai agents Like here is the job description
:
We’re looking for an Automation Specialist to design, build, and scale reliable automations across our business—connecting CRMs, support tools, marketing/data systems, and AI services. You’ll turn messy, manual processes into clean, observable workflows with first-class error handling and clear documentation.

What You’ll Do

Design & build workflows to automate business processes across sales, marketing, ops, and support.
Integrate APIs & data sources (webhooks, REST, OAuth2) and orchestrate multi-app flows (e.g., HubSpot/Salesforce, Google Workspace, Notion, Slack, Twilio, Typeform, Sheets/Databases).
Implement reliability at scale: input validation, branching, retries/backoff, idempotency, rate-limit handling, alerting, and run-cost awareness.
Use code where it helps: write lightweight JavaScript/TypeScript in Function/Code nodes; transform JSON; handle pagination; map fields with expressions.
AI & agents (nice-to-have): wire LLM/AI nodes and tools for classification, enrichment, summarization, and decision steps.
Maintain & improve existing automations; proactively refactor for speed, cost, and reliability.
Partner with stakeholders: translate requirements to workflow designs, estimate effort, and ship iteratively.
Minimum Qualifications

1+ years building automations with n8n or similar iPaaS (Zapier/Make), including HTTP Request, webhooks, and schedulers.
Strong grasp of APIs, webhooks, and JSON, plus hands-on JavaScript for data transformation in n8n nodes.
Comfortable with expressions/data mapping, error handling, and pagination patterns.
.

Experience integrating at least 3 of: CRM (HubSpot/Salesforce), Google Workspace/Sheets, Slack, Notion, Twilio, Stripe, Typeform, Postgres/MySQL.
Clear communicator with a documentation mindset; able to turn vague processes into precise flows.
Preferred Qualifications

Experience with LLM/AI nodes (prompt design, classification/enrichment steps).
Managing secrets, OAuth apps, and role-based access.
Basic DevOps: Git-based versioning of workflow JSON, environment promotion, backups.
Building custom nodes or using the n8n API for admin/ops tasks.
Tools We Use

n8n (cloud/self-hosted), Git, Postgres/Sheets, Slack/Notion, common SaaS APIs

What is the salary? in the UK for a job post like that they offer £26k
xDDD

nah i live in egypt

Hey is it possible just studying with free resources like THM online in cyber and getting a job without uni?

I have audhd and i cannot do time management so uni is horrible for me

hello, iam wondering for those who work as soc analyst, what kind of shift schedule do you have?

I’m an IT project manager and Cybersecurity professional on the policy side. AI is changing the landscape for everyone. The question you have to ask yourself is this. “What problems can I solve”.

AI can beat a room of humans on almost any task in terms of productivity. But Humans are much much better at problem solving.

AI can follow a set of procedural instructions, but humans can use ingenuity and creativity to solve problems far beyond the capabilities of AI.

Make yourself an indispensable problem solver. That’s how we humans can bring value to an organization.

is there any senior cybersecurity engineer available to answer some questions

what are your questions

can software engineering bachelor degree with honours lead to a cybersecurity engineer role ?

is comptia courses a good advantage ( network+ , security+ . CySA+ , Cloud+ , Pentest+ )

not really

Bro tell me one thing how tf these guys be finding whole life style just by phonenumber 😭

Literally

How long do you think it will take to study and pass the Comptia A+ exam?

Hello 👋🏻
Recently I've been thinking about the TripleTen bootcamp, do any of you guys have heard or have experience with this bootcamp that could give me their opinion?

I finished all fundamentals room in tryhackme ,im considering trying eJPT training, should go for it

THM is a great place to start on your journey, especially if you're new to the field. There are hundreds of rooms made just for you to dive into. Below is a guide to get you started, made up of several free rooms to teach you the basics and get you going on your path.
You can also check out the many success stories from the blog to see the paths others have taken.

You might eventually decide to pursue certifications or take part in CTFs, Bug Bounties and other activities to build your profile. There are many paths to cybersecurity but these are a good start. You might also like to check out the Tribe of Hackers book collection. They usually retail for a reasonable price and contain a series of interviews with many professionals and how they built their careers

https://tryhackme.com/resources/blog/free_path
https://tryhackme.com/resources/success-story

The A+ is fairly straightforward , professor messer course is a perfect start maybe pickup the book and do his practice test as well. But his youtube course is great,

The certmaster learn they have is good but expensive.

I say 4 hours a day you can do both exams in 2 months

No. You will need to pay for training at some point. Weather that be HTB prem or THM prem or certs or courses. It is nearly impossible to learn everything you need to know for free and most free training is pretty trash anyways. Just keeping it real

I use professor messer

I'm nearly finished making all my notes, then I will just do loads of practice tests

Yeah just doing practice test and explaining concepts will help you. First exam is a lot of acronyms at least on my test. The PBQS vary a lot. I mainly had printer PBQs, RAID server, and a multiple choice question for the rest

I quit the A+ lol

Do you guys think it's worth it to post badges you earn on thm to linkedin? Do recruiters even look at that?
(also how do you add LinkedIn to your profile? I can't seem to do it, throws an error, link doesn't work)

Absolutely

Recruiters do not care about that, probably won't even know what THM is, but its useful since the algorithm can pick it up and between likes and all you get some traffic into your LinkedIn and maybe someone checks you out

Hi guys
I am looking for a couple fo people for working together in hackthebox and tryhackme if anyone is interested in it please reach out to me over PM
thanks for attention

will this help my CV ?

I have a technical interview for a SOC analyst Internship position tomorrow, you guys got any questions you think might be asked?
I will add it to my list of questions.

i interviewed for a soc position and they asked me:

1. you have a suspicious email, what do you do?
2. you find the email officially came from a vendor, what do you do?
   i didn't get the job and btw they did not like textbook answers

thanks

Gave +1 Rep to @elfin girder (current: #1278 - 4)

I agree with majority of what you and @obsidian rose are saying. the challenge i see with that view is that you guys are a bit focused on the deliverables rather than outcomes and values especially from a business point of view. problem solving is a great example, e.g. identifying the root cause of a problem and fixing it. AI is still programmed it will have its bias and for the near future it will still be transactional.

the market for security especially pentesting has gone a bit downhill over the last 2-3 years and I don't think it's down to skill shortage, its most likely business decisions to improve efficiency through automation and better tooling to cut on needs of having new people. Same goes on the blue side, if you need a person to look over every single alert then you're doing something wrong

Which cert. are good to have when applying for Cybersecurity Role

What role, cyber is quite broad

Well I am not really sure, but some role in SOC

Well that doesn't sound sketchy at all... 🙄

if you send me £50 i'll double it

i also have some magic beans if you are interested

I'll bet you do

Help

Hii

I know little bit about networking

I want to go dip down so I become skilled etichal hacker

What should I do

Me to

hai

Hello

I also do

You should go to #start-here

Not a recruitment server.

I don’t see why not, 8 months is some dedication!

Hello, hackers. On wiber is dissapearing messages and once you read it dissapears. There is some way to restore? No backups created, no scrn shot made it. Help!!

what's wiber?

I think they mean viber, and no, you can't retrieve disappearing messages afaik, like with most apps that do that

yes, Viber. thanks for answer

what if i just want an IT helpdesk job
i dont mind working in lesser positions

Depended on the job market and your connections you might be able to get one

Ive worked in a support desk where people worked with no IT background

Then no def not

Just to share my recent experience with this, I haven't posted badges to my linkedin but posting most of the rooms I accomplish with my own little summary of what I learned has started to generate more traffic to my account. Albeit I get even more cyber sales people trying to sell me things lol but I know the occasional recruiter comes along to check my profile out. As poolsclosed mentioned, recruiters aren't likely to know the rooms or THM very well but any hiring managers who check out your page will understand what you metasploit rooms mean. @warped raptor

How do I retrieve messages???

From??

requesting a private mentor to teach me basic hacking and networking. Have tried through several websites and yt vids but dosen't seem to work

i don't have money

did you try the free tier of TryHackMe yet?

It doesn't seem to work because you're asking for a lot more than you realise, and offering precisely nothing in return.
What you're asking for is commitment. No one knows how much time or effort they're going to need to expend on you -- but they know it's not zero. Anyone in a position to actually teach you will have their own responsibilities to deal with. Why would they choose to commit an unknown (but potentially signigicant) amount of energy to a total stranger?

You're much better off teaching yourself. There are lots of resources available these days. Start with networking and other foundational stuff (e.g., coding, application structure, etc). Move from there into hacking -- HTB, THM, etc. When you need help, ask for it clearly and concisely. You'll find there are usually people around who can help when they've got a clear indication of how much effort they will need to spend.

e.g.,
There's a huge difference between "can someone please make themselves available to actively teach me and answer any questions I might have for the foreseeable future" and "Hey, I have a question about X. I have researched A, B, and C already, but can't quite tie everything together. Can someone please help me understand Y,Z?"

The first one is asking for a huge commitment. The second has clearly defined bounds 🙂

Hellohello! I would like to know what certifications I should do? What i need fr? After the cybersec 101 training, I will continue the Red team line. What is the most important thing to do?

Certifications or Certificate?

I meant certifications because I see tons of stuff like eJPT, PNPT, OSCP, CEH, and CompTIA Security+. Im just trying to figure out which ones are best for finding work or subcontracting opportunities later

I think you posted your phishing hook in the wrong channel

But they're thinking of us Muiri! It must be true!

Have u been contacted

Is anyone is who can recover my instGram account because it's suspended I can pay for that very much anyone can so dm mee

I've had recruiters reach out to me offering to interview me for some pen tester roles this year but it was actually my language holding me back since I couldn't quite speak their home country language well enough (South America, they need full Spanish). Also to be fully transparent it'd have been a stretch for me to have been ready to do full blown pentests at that time of them asking. Even now I'm still learning a lot of general pentesting but it shows my profile is very active and that I'm continuously learning. I did however get my first job in cyber because the hiring manager himself had spent a lot of time on TryHackMe so he knew exactly what he was looking at on my resume/LinkedIn. I also made a simple cheap little website where I basically documented all my THM badges, learning paths, and percentage I was and he liked that effort. It wasn't even an interview I was hired immediately when I walked in after he saw my website with THM on it.

I appreciate the humbleness but recruiters probably hate recruting as much as you hate applying lol. I think if you got an interview you have a pretty good chance, don't beat yourself up

instagram support can...

Would it be smart to enter military and do Cybersecurity there or just go into college for it

Hlo

anyone know hacking

?

yeah

Has anyone got a cyber job actually tryhackme

Like from using the platform. It seems like a good resource but unclear how recruiters view it

The military has some really good cyber training. If it's an option, you might benefit a lot from it. Check out Episode 83 of the Darknet Diaries podcast. Marcus Carey gained a lot of experience through it and produced the Tribe of Hackers series of books as a result

https://darknetdiaries.com/episode/83/

Don’t join the military

Thank you i will listen to it

Gave +1 Rep to @rugged delta (current: #18 - 545)

Is there a certain reason why?

Hello everybody, Anybody know how to create their own SIEM control for potential clients in a free or low-priced avenue? I've heard of using GrafanaLabs and comboed with other plug-ins, it can work as a SIEM. Nessus and Splunk are way over the price range for somebody starting out a business. Any insights

ELK stack is open source. Wazuh is a open source XDR/SIEM as well.

GUI interfaces? Windows? I hope Grafanlabs cloud works with those. Any tutorials on how to set up possibly? Im sry LOTS of questions but im riding this blind tbh

Wazu is great option . Easy to use with GUI interface. Powerful tool still even though it’s free and open source

https://tryhackme.com/resources/success-story

here are stories regarding people using thm

ELK can be deployed in a Docker environment and it just uses a web interface. I think the same exists for Wazuh.

So you guys recommend both ELK and wazuh? Or possibly just Wazuh?

wazuh has its own wazuh-indexer and wazuh-dashboard as replacement for elasticsearch and kibana

wazuh utilizes opensearch as it's storage/search data lake. similar concept, very different implementation

Hey guys, I have an interview tomorrow! I initially applied for the IT Admin position because I’m still in the middle of my SOC L1 learning path, but they offered me a Junior Threat Analyst interview instead. I don’t feel qualified yet and I’m scared I will make a fool of myself 😭

Do you guys think the HR and hiring team actually misunderstood and thought that i already qualified because the tryhackme cybersecurity 101 that i put, but i actually dont?!?!😭

If you start learning now, it will be enough.

ur best man

After 9 months of struggle I finally landed a job offer in web and network VAPT.
But I'm starting my career as a fresher in cybersecurity (Though I have 5 years of General IT experience)

I am now starting as a junior with a junior level pay. is this normal or is the situation that worse in job market?

Just do it jeez they literally offered the interview

If you skip it or smthn they might blacklist you to other coorps as flaky

nail it, If you get the job, you'll at least get your foot in the door and can then really throw yourself into it and gain experience.

is an degree necessary for an job in cybersecurity cuz im starting next year my training as an IT specialist in system integration next year in Germany and i want to work in future in Cybersecurity i know i need to have certifications but is an degree necessary?

If you're starting in cybersecurity as a junior, you won't be on the same level as a senior IT engineer, but you should be getting paid better than a junior IT engineer. It might take you another year or two to work up to a more senior role if cybersecurity hasn't been your primary role, as there are a lot of moving pieces you might not be familiar with from an IT perspective. With persistent work, you should be able to move up a little quicker towards a more senior role. If after the 1st year you don't have more responisbilities and a higher salary, you can start to switch employers and bring your new skills to a new environment

the fact that you got the interview is awesome in its own right. Good luck in your interview

sooooo wazuh with GrafanaLabs cloud for SIEM? Anything else you guys recommend and/or how to set up so when I do have these clients, I can go about making it happen?

Sorry, didn't see your initial question
I recommend you to look into Security Onion
It's based on ELK and relatively easy creation of distributed architecture

sounds complicated lol. I'm already trying to download wazuh and impletmented it into grafanalabs and with Prometheus and Loki in hopes I can monitor my network as a test before I start to deploy it to clients

How can I make 10x in a week of that

Hi everyone! I'm a 33-year-old working in aviation with zero IT background, and I'm determined to transition into cybersecurity. My ultimate goal is ethical hacking, but I know I need to start at the beginning. I've been advised to start with the CompTIA A+ cert. Any tips for a complete beginner on study resources or a mindset for success? Thanks in advance

Hey yall, I changed major from business to IS but I have one more year left. I still haven’t gotten any internships or anything. What would guys recommend me to do. I’m trying to be a security analyst and move up to security engineer (blue team) and no experience in both cybersecurity / coding at all.

I just started learning tryhackme fundamentals

thats a good start lol

you can start with a network course cuz you have to atleast understand how the internet or network works with ips and protocol and so on and then u can start with understanding how websites works, learning linux, little bit of bash scripting that will help you a lot in linux like kali cuz you will prob start with using kali linux in ethical hacking and you can baisclly just start in tryhackme it will help you a lot as a beginner

how'd it go?

I dont think I did a good job in the interview😅 but we will see

Can anyone tell me, if I want to land my first job what certificates are necessary to get through the initial screening?

Sec+

Im a 3rd year student from kenya and i have a pnpt cert
Im doing computer science
Is it possible to get a good paying job as i am

I'm just starting out on my IT career journey and have my first interview for a lv1 helpdesk job, any advice for someone who's main career has been customer service for over 10 years and no real IT experience in the workplace? I have been studying cyber security and have always been good with all things IT and pick up learning new things very quickly. Any advice whatsoever will be helpful but especially is there anything I should maybe try learning before the interview to show I'm already taking the steps needed?

Made it further than me @worldly shadow , despite even telling recruiters I will work for pennies just to get the experience, I can't even get a call back. Congrats on getting the interview!

Thanks, it's been hard to find this role near to where I live as there hasn't been much around. I actually have 2 interviews one for helpdesk and one for onsite support technician at a school but that one is only part time whereas the helpdesk job is full time and will give me the greatest exposure and seems to be a real good company

Gave +1 Rep to @somber kernel (current: #3234 - 1)

i am 3rd year btech student from india , figuring out on what path to choose , and how to start buliding a career , intresnted in bug bounty .. can you suggest any courses that i can start from scratch

Thats awesome @worldly shadow , I've been applying to EVERYTHING. SOC analysts, NOC, heck I'd even do geek squad just to get something even remotely related. I am working on my Sec+ now, scheduled it for the end of November. I have experience (limited military), Ive been behind a computer since I was 10. I run almost exclusively on Linux. I have my Google Cyber Security Cert. I have my resume professionally written. I have had exactly zero calls back despite the nearly 200 jobs I have applied for. I envy you lol

Congrats on landing the interview! I think something that people going into tech don’t like to hear is how important interpersonal skills are. You can easily teach someone how to use a specific tech tool or follow a process. But it’s harder to teach someone how to work well with others or how to communicate effectively, as this can be very fluid and change based on the situation and people involved. Your customer service experience gives you an advantage here. Level 1 help desk will involve a lot of customer service and triage. For particular tech skills, the job description can be a good resource - go through it and note down/highlight all the skills and tools mentioned (or have AI do it). The most important ones will probably be listed first. Then you can come up with examples of how you have already used those tools/skills or can come up with a plan to learn them (which you can also mention in the interview, “I am currently working on learning/building experience with XYZ by …”). I will admit that I’ve only had one interview for an IT/cyber job, so I can’t claim extensive knowledge about what will be covered in your interview. But, from my experience with that interview and doing the job, the best person for level 1 help desk doesn’t necessarily have a ton of years of experience in IT. It’s probably the person who can interact well with users and team members, who can triage/prioritize effectively, who is teachable, who isn’t afraid to do the research to understand a problem and how to solve it, and who doesn’t hesitate to ask for help when needed (you will need help at some point - pretending otherwise is arrogant and a red flag for interviewers). Hopefully this helps. Good luck with your interview!!

much appreciated, thank you. This gives me a lot of confidence, I have till Friday to prepare myself so plenty of time to prep my interview skills and learn what I can.

Gave +1 Rep to @floral minnow (current: #3234 - 1)

Hey guys, I'm new here on the channel and in the cybersecurity field. Although I have seven years of experience in tech, I only recently discovered my passion for cybersecurity. Since the market is so crazy here in the United States and finding an entry-level position is very difficult, I would like some advice on how to work on freelance entry-level projects or even volunteer in the field, which do not require previous experience. At the moment, I am not concerned about compensation.

Well there are freelance positions available in some organisations, but they tend to be looking for people with specific skillsets a team needs more coverage with. Entry-level in cybersecurity still expects you to understand a lot of security concepts. From an IT background you probably know a lot about securing and patching operating systems or configuring firewalls or cloud environments but there's a lot more thoroughness to cybersecurity, including regulatory/standards compliance, process implementation and right down to configuaration and testing, etc. You will still need to build your skills in attack and defence, understance a lot of the objectives of cybersecurity, etc

Building security engineering/SOC/pentesting skills can greatly help your career. Even reading the Sec+ or CISSP study guide would benefit you greatly, and those are two certs employers don't mind seeing on your cv/resume. Also, pursuing certifications in cybersecurity can help you, along with participating in CTFs, bug bounties, maintaining a blog or github, doing writeups, creating a homelab and installing various tools, etc all help. Also, when you complete rooms/paths/networks, post them to your LinkedIn, and do it regularly. While many recruiters don't check this stuff indepth, if you've made an application and a recruiter does check your profile, they'll be more impressed seeing a string of completed objectives and blog posts and writeups than a blank page

yo GOATs of the century. I wanna become bug bounty from 0 how and is tryhackme good choice or meh

am freshman uni student

There's a lot of resources to learn about web pentesting on THM. You should cover the Pre Security, Cyber Security 101, Web Fundamentls, and Web Application Pentesting paths. There are a lot of relevant Modules, Walkthroughs and Challenges in the space and many of the rooms available are free, if you're not subscribed.

On top of this you could consider the free Portswigger Academy and HackerOne's Hacker101 content, both free. You can check out the #bug-bounty channel to discuss the topic further

Long story short. I'm an 18-year-old student studying a vocational cybersecurity degree in high school. Graduation is creeping up, and so is my six-month-long mandatory internship (part of my degree). Not long ago, I started sending out emails regarding an unpaid internship. To my surprise, a cybersecurity-specialized firm responded to my email, and we went back and forth a bit about the internship details (duration and whatnot). They emphasized their lack of experience with interns since it’s a small firm (<50 employees).

Later, I found a job post on their website for a Junior White Hat position, which required minimal experience and only basic knowledge about web pentesting and an interest in the field.

In the end, the HR person suggested we have a digital meeting to further discuss the internship opportunity and talk about my past experience, cybersecurity knowledge, and domains of interest so they can map out what I could do at the firm. I’ve done extensive research on the company (website, articles, podcasts) and have a clear idea of the kinds of projects they do for clients.

The meeting is tomorrow, and honestly, I have no clue what to say about myself or my experience. I’ve posted a few cybersecurity blogs, participated in a well-known bug bounty event in my country (and earned <€500), and studied on pretty much every cybersecurity platform out there (HTB, THM, PortSwigger, etc.). The firm is full of penetration testers with decades of experience, and I can’t help but think the HR person might have mistaken me for something I’m not.

I already sent my CV in the initial email, and it includes my previous experience as an IT technician and HelpDesk worker (both under six months). Yet they still want to discuss it in the meeting. What is there to talk about? What should I even say to boost my chances of landing the internship? @rugged delta @vital laurel

The only way they get people with 10 years of experience is training people like you. It seems like you have done so much. Show that you're passionate and you're knowledge and you'll be fine

No hacker, no one with with 20 years or 30 or 60 years of exprience know everything

That's the great thing about Cyber, you can't

Just be honest, keep your feet flat on the floor and enjoy.

Good luck!

Yeah I can second what @vital laurel says. You're at the start of a very promising career and you're already showing significant interest, abilities and skills, as well as you seem to have a passion for the field. I'd suggest you keep going on the path you're pursuing. There isn't only one way to get into a good position, and the potential for a junior role is exciting. Before I left a previous position a friend of mine was working QA and was encouraged to join the pentesting team. She had no prior cybersec experience, but with her degree and performance, I encouraged her to try it out and see if it's something that she liked. I hadn't seen her for a few years but bumped into her at the local BSides conference, so she's clearly settled in alright.

Sometimes a new addition to a team of experienced people can be a big benefit for both the new recruit and the team, and you'll quickly find your place and improve your position. I'm sure you'll do quite well in the internship position and make a great impression. You'll be making progress rapidly if you keep improving as you've been doing

They want to discuss with you "live" to see what kind of person you are and how you would fit the team (and verify that you're not a serial killer/north korean agent). They'll most likely ask about your cybersec hobby (THM, HTB, what is your goal etc.) and the bug bounty (what was it, how did you find it etc.). Just be yourself, don't pretend to know everything. If you don't know something, it's OK to say that you don't know, and maybe explain how you would start researching the subject. Your current technical experience should be more than enough for an internship, especially an unpaid one. Six months is a short time so you'll probably mostly just shadow their pentesters. Good luck 🙂

Hey all, I am preparing for EC Council CSA certification and needed help with the some resources that can help me prepare and would love to hear some feedback

Hey @rugged delta , thank you for your reply.
At this moment, I have obtained the Google Cybersecurity Professional Certificate and have been studying for Security+ (it will still take me a while to take the exam due to the cost). Apart from that, I have been doing the intermediate level challenges on TryHackMe, focusing on Blue Team challenges, which is my area of interest. As for home-made labs, I am doing a few at the moment and have only completed one of them, but I don't know if they cover content that could impress a recruiter, so I'm interested in finding volunteer opportunities or open-source projects, anything that could help me develop the skills I'm learning (or trying to learn...).

Gave +1 Rep to @rugged delta (current: #18 - 547)

Great going on your challenges and home lab. I know it's difficult to properly replicate many things in a home lab, but simply doing things like installing and configuring a tool or following a standard process to get something working can go a long way to show that you're able to do technical things to a high standard. And yes, professionals love having a standard to follow so they can perform a configuration correctly, show that it has been followed, modify the process to their own needs and point at the process and be able to explain to someone else that you did the thing and it's working/not because of a particular spot, and other such instances, etc... Keep going, youi're on the right track

I was wondering if anyone here could give me some input, I've been working on my entry level certs like net+ and sec+ in hopes that one-day I can work as a pen tester or a red teamer or really any offensive role because its fascinating to me. I can't help but notice so many people in the cyber world saying it's nearly impossible to get jobs recently, especially entry level in IT and security, I'm having second thoughts as to if I should keep pursuing this career as I am young and have a family to support and don't want to be stuck without a job for a few years. Im not trying to imply that I'm not willing to work harder than most to secure a position because hard work will practicality get you anywhere, but I can't help but think even with good certs and hard work I won't be able to secure a position. What do y'all think?

If you're thinking of going for offensive security, maybe think twice. Lots of people with OSCP/OSCP+ (The most requested cert by HR) can't even land an interview these days. The market is saturated with people wanting to become hackers, and the demand by employers is dropping a lot due to automation.

Defensive security would be a bit better since it has a broader amount and type of jobs. But offensive security is a risky move if you have a family to feed. You'll probably be months without a job.

It also depends on your region, but I've seen people all over the world complain, even OSCP holders in the US, EU and Middle East.

I've spoken to countless of these people on LinkedIn and the market is just horrible for offsec. I'm also one of these people. Look at my certs, got 7 with 1 of them being very known and 3 others in offsec. Couldn't even land an interview because offers for juniors simply do not exist in my area. The rest are super rare and for seniors with 5-7 years of exp.

Yeah sounds about right, I was thinking defensive and you can always move into offsec. Might even help you become a better pentester if you know defensive inside and out

It makes sense but it's not that easy. I have had a blue team job for almost 2 years now. Lots of offsec certs and still I cannot move into Offsec. You'd need to go for a company that will let you move internally from defsec to offsec. Mine does and yet no opportunities.

I appreciate the insight as a lot of people, especially on reddit just hate and don't give any helpful advice

Anyone know the best path to get into cybersecurity but for robotics?

what is the best path to get into cybersecurity as a fresher but have 60 % knowledeg in full stack development

can someone help> right now i was studying for gov exams and now i want to shift it to IT (cyber sec mainly) i graduated in 2021 from BCA and had 2 years of work in hardware (computer) after that i started preparing for GOV exams, because of caste its hunting me, now i want to return to IT will the Gap be a problem ?

yes gap will be a problem . market is already tough. the best you can do is try hard, gain certs, showcase your skills, because you will be competing with experience folks with certs out there. you have to make yourself stand out.

@rugged delta, thank you for take your time to help me with this doubts. Just one more thing , besides areas direct in cyber security that as i can see is even the entry ones are in a high level than others, witch entry level position in the market have a good chance to transfer to a cyber security role, in your opinion?

Gave +1 Rep to @rugged delta (current: #18 - 548)

To those who have passed SAL1, how did you prepare for the exam?

I'm a beginner, have gotten my Security+ cert, now close to finishing the SOC 1 path to eventually take SAL1. Would love any preparation advice for the exam. Thanks

In how thing are now, is a concern have a gap in your resume, i'm all year looking for entry level roles even with a work permit and tons of experience yet nothing and each month without a job in the area is getting harder.
I'm not saying this to discourage you, just letting you know so you can prepare yourself mentally. Will be hard because of how the market is now. Just keep it in mind that everything you learn isn't a wast of time, and don't get a job fast doesn't mean you are insufficient.

Thankyou sir for giving me the insights, i know its hard to get that entery level job but i will try my best what ever happens, this was like a motivation too me, so i will keep this in mind

Good evening, please, I need help to fine-tune my Dissertation on Cybersecurity Awareness

I have written the whole report, but the AI content is still high

Take that up with your advisor, unfortunately faulty-AI checkers are a known plague

There is a lot to take into account. Having junior certifications does show a lot of interest and there are organisations who will consider them, once you're on a path for development. The best thing to do is to find a role that you are able to work in, whether it's helpdesk/tech support, IT or junior SOC. It's up to you to decide if you have the skills an organisation is looking for in a role you apply to, and it's up to the organisation to consider your suitability for the role, and decide whether they'll interview you. You should look for roles in everything from helpdesk/tech support or IT, for instance, but keep developing your skills and your cv/resume to show your fit for the roles you want

Got it, i`ll keep this in mind, thank you so much for the help.

Gave +1 Rep to @rugged delta (current: #18 - 549)

What's your question? It's easier just to ask, instead of asking a question to ask a question.

Also, you don't have to be a perfect fit for a role. Having some, or most of the skills and some of the qualifications and experience can be enough. A Job role is what some hr person threw together based on a request from the manager who needs someone for a team. Unless it's a very specialised role, once you have some or most of the criteria covered, you should apply. And make sure you refit your cv/resume using the skills/qualifications and wording from the role. You can use an online ATS checker, but remove your personal information from your submissions there, for privacy reasons obviously

@undone shore Hello, would you mind if I DMed regarding a few questions about RTOs? I could always ask them here but it's more of a conversation.

Yeah, i'm leave only email, linkedin and number on the resume, and i try to tailor my resume to the positions where i think i have the best chance of getting an interview, was working in the begginer but now... Is been 4 months without a single interview.

I mean, if it needs to be DM then sure. Standard practice is just make it public in case it helps someone else 🤷‍♂️

yo i got a problem is there anyone?

https://dontasktoask.com

Hello, may i ask for advice? I am confused about choosing a career in cybersecurity or continuing as a web/app developer, because I feel that web/app developers are starting to be replaced by AI, and I feel that cybersecurity is a position that is unlikely to be replaced by AI

Nobody knows the future for sure. I would work on what you enjoy doing most.

i see, but i still scared of what will happen

Don't let yourself be worried about what will or won't happen that is completely out of your control.

Work on controlling what you can

you just have to make plans and backup plans. When things change in life, you have to adjust and find out what to do to correct and get back on your track.

same bro. i used to programming in HTML, CSS, JS, PHP but im scared of AI and 1 week ago i started my carrier on tryhackme

And now i dont know what i want to do as an adult. I've been thinking all my life that i will me a front end developer but now i watched to many tiktoks and instagram reels about that AI will replace me. So now i dont know who i want to be in a future. front end developer or red teamer or something

right? this is very confusing, i have been freelance developer for 1 years while still be highschooler

and 2026 i will be graduate, and i still confuse about my path

Yes, well what 20-30 year old isn't

Until you actually start your career and work, you have no idea what it will be like or how much you will like it.

Nothing will work like you think it will.

Life is full of surprises, but once you start your career, you will find out what you like and don't like more

So just start focusing on what you love doing

and go that direction, but try to have a broad selection of things too when starting out

having no experience is a hard thing to overcome but that also means you can start anywhere

I GET IT

Thank you so much @rigid isle

Gave +1 Rep to @rigid isle (current: #81 - 122)

I will be graduate in 2027 so uff i have a little bit more time . But in programing i have easier because my uncle is in IT and he want me to work with him in his office to work in his company ( its not him company but he works there) and he said that he can talk with a boss and he will give me a job as half time job 4h at the day in 2026 so i will still going to high school but i will work from home.

But in the future i dont want to work with an AI

cuz now a lot of programmers you 70% of his code and brain but 30% is AI. but when in the future it would me 70% of AI and 30% of code. And this would be so boring because i love coding and i dont like to use a lot of AI

we are same

i don't like to use a lot of AI

well, maybe it's still good if it's only snippets or extencion like github co pilot or etc

I have an idea that. When i graduate i will go to collage and i will go to weekend school so i could be working from monday to friday as a programmer. In my country studies have to parts. One is a 3 year of generally informations. but the second part i a 2 years and you can choose what do you want to do. So i want go to IT science and 3 years it will be learning about everything in the it. but the last 2 years i can choose

between some programing applications, or data based or something like that, and a third one is a cybersecurity it. its like a specialization and i want to do it

Hello fox, sorry for bother you, Let me give you some background: I studied mining engineering, but I never worked in that field. Now I work in something else. The thing is, last year I took Google's cybersecurity course and loved it. But in university I had studied Python, so I really wanted to explore how websites work. I'm really interested in ethical hacking, so I took a back-end developer course at Codeacademy to learn more about APIs, databases, etc. Now I'm working on the Try Hack Me roadmap, where I'm finishing Cybersecurity 101. What do you recommend, getting CompTIA Security+ or going for PT1? { this year i had few interview but for sofware devoloper in google as apprenteship i got the last stage but i dindt got the job, i had other interview for cybersecutiry apprenteship but they said my perfil is more like SWD

I'm looking for internships and my main focus in on internship related to VAPT, today this company came for DevOps/Cloud engineer internship..pay is good enough as well and I know all the skills that are asked (docker, kubernetes, azure, lil bit of jenkins)

I'm having doubts if I should apply for it or not because not many companies have been coming on campus.. any opinion?

I know in future I can get into DevSecOps, Cloud security if I take this opportunity but yeah, that's it

Hey all, long time lurker first time caller (at least in this channel).

Long story short, I am currently working as an L2 systems engineer at a small MSP shop (~8 - 10 seats) with a Microsoft stack. Currently, I am studying towards the AWS Solutions Architect Associate (SAA-C03), and I am keen to jump ship to AWS as a security engineer, I have also done the Attacking and Defending Learning Path as well. Other than these, what projects would give me the best possible chances for success?

Considering the market today, even if you have your sights set on a particular kind of role, you are more likely to be considered for a VAPT role if you're already in a role of any kind, and it's usually unlikely for pentesters to be recruited out of college without significant other experience, like practcal certifications, CTFs, bug bounties, blogs/writeups, home lab, etc. Having practical experience of IT/DevOps in a professional capacity can only boost your chances, so do consider taking it up.

Also, usually a cyber internship tends to be either blue team based, or a combination of periods experiencing various roles in a cyber division. It is an internship, so while you might observe and potentially participate in a lot of interesting things, you won't be expected to take responsibility for live issues while going through the training path a reasonably effective organisation might suggest for you

Another thing, if you're considering an internship, if you feel able to take on a particular role, there's no reason why you shouldn't tailor your cv/resume to that role and send in an application. Many colleges/universities have an internship program, but getting a job instead is always an acceptable substitute

Whts the best path for me A+ network and security+ you reckon ?Or something else? ,I wanna do targeted stuff so that i don’t waste my time and money

hey! thanks for the valuable advice but I've one or two more things to say...

so the placement season is till December end and there's a rule here, if you get an offer you cannot sit for upcoming companies so I was a bit worried about this, what if some company giving the desired role comes?

In the past, certain companies came for IAM role, security engineer role, cloud security, SOC but not VAPT so there's that too

Also, as for the experience you said..I do participate in CTFs (4-5 so far, ik not much but yeah), as well as publishing their writeups on my site. For the HR clearing round, I have done ceh (Ik it's reputation is bad but I'm from India so you would know)

so taking these points into consideration, what's your final say? I do get your last point just a little more confused

thanks for your time!

Gave +1 Rep to @rugged delta (current: #18 - 551)

Hi

i need advice

I'm currently preparing for an interview in the field of IT security. While I enjoy playing CTFs, I feel like my understanding of real-world pentesting and defensive strategies is still quite limited.

I’m aiming for a role more aligned with cybersecurity analysis, but I understand that interviewers might still ask deeper questions related to both offensive and defensive concepts.

Could you give me some advice on what specific areas or skills I should focus on learning, beyond just playing CTFs, to be better prepared for the interview?

For example, should I dive deeper into SIEM tools, threat intelligence, network traffic analysis, or something else? Any recommended learning path or priorities would be really helpful.

Got my first interview for lvl 1 helpdesk today, wish me luck haha

jGood Luck

Focus on how you learn things or how you get information you don't have. Be honest when you don't know something but let them know you know how to find the answer.

Hi everyone

Is there anyone here that have experience with European job market? I need some advice and help regarding choosing a CV template and how to tailor it to European job market.

Hi, a lot of people here are from EU

I got a job offer was offered the job 20mins after the interview. I spent those 20mins thinking it went terribly haha. I know it's only lvl 1 helpdesk but its my starting point as a career.

Hi

Thanks for your reply

I wanted to know what is the preferable CV tempalte accepted in EU.

1. Especially how much should be the length of the CV? Is 2 pages accepted? Or they mostly prefer 1 page?
2. Is single column the standard or two columns is accepted?
3. Do the recruiters prefer black & white CVs more or using colored CV like blue and white is okay too?
4. Do the recruiters prefer a professional photo on the CV or without a photo it would be acceptable too?

I appreciate your opinions and advice on this.

Gave +1 Rep to @fringe spade (current: #287 - 32)

Congratulations!!!!!!

thanks

Gave +1 Rep to @rigid isle (current: #78 - 130)

Congratulations!

Congrats!! level 1 helpdesk is a good starting point

and sometimes really fun

1. A two pager is cool
2. Single column works the best
3. Black and white will be better
4. It depends on the company, but I don’t have a photo in my CV and never had any issues

What do you think of these templates? Which one do you think is more suited and preferable?

Well it is unlikely companies will come to colleges for pentester roles and if it's a matter for your college to only offer a certain stream of roles, take whichever one you feel is best, and start looking for the full roles you want as graduation approaches. Wherever you end up, they're going to require pentests for the work they're doing so those roles might open up once you're established in there. You'll also learn a lot of beneficial things in any of those roles that will be applicable elsewhere.

Keep it up with the CTFs, they're a lot of fun. Also, yeah CEH is still widely regarded in India. If you're considering emigrating, you might have to consider OSCP or other pentesting roles, as well as possibly CISSP or others. With regard to the acceptance requirements, I'd suggest just going with an offer. If a company with something interesting comes in, you can talk to them separately and look at getting a job independently of the placement

Be careful of including pictures. Many employers will junk the resume immediately because the picture may bias the recruiting against or for the candidate before any interviews may occur.

Do you mean it will affect the screening?

Do you suggest to remove the picture?

Use your best judgement. I am just informing that there have been lawsuits against companies on the basis of prejudicial hiring practices related to rejecting candidates based on the contents of the picture.

I personally do not include a picture because I want the recruiters and interviewers to focus on the content of my career and my fitness for the role. My appearance does not factor into that.

Got it, thank you for your suggestion

Gave +1 Rep to @flat sedge (current: #13 - 849)

It's also a waste of valuable space 🤷‍♂️

Do you have any suggestions for a template?

I tried a few templates from FlowCV and Fisio platforms; however, after feeding it to AI, it says the ATS will not be able to render the data correctly due to the layout issue and formatting

I just write my own 🤷‍♂️
KISS principle works in your favour with these. All you really need is a simple way to get the most important info across quickly (first third of the first page). Thereafter it doesn't really matter.

Would you mind if I send you my CV to just take a look and let me know if it is an acceptable CV for HRs and recruiters?

You'd be as well just posting it redacted in here 🙂

I am

0xde0B295669a9FD93d5F28D9Ec85E40f4cb697BAe

i have this wallet
can you help me out> its a col d wallet ready to share )))

Hi everyone,
I live in a country where IT and cybersecurity are still very underdeveloped — there are barely any job opportunities or local communities in this field.
Given this situation, do you think it’s still practical to build a career in cybersecurity?

yes, possibly a niche for you, at the moment is not developed in your country, but more in the future they will wake up and you will be ready when they'll wake up, Cyber security is must for all countries, may be is opportunity for you to start some communities who meet up to learn, share knowledge and so on, i see only opportunities in you situation, you can learn Red team activity and show to all in your country why is important cyber sec

not only the picture.. i don't even put my address on it, only the town i live, u'll never know what they can/will do if u send ur resume(with address) to 30 people

hi, i wanted to know if it was possible for me to become a cyber security analyst at a junior level role with no IT experience aside from a few certificates from forage, TryHackMe and maybe some coursera certificates. I also wanted to know if it was possible to transition into a GRC analyst within 5-10 years of being a SOC analyst.

Hello.

Just purchased the PT1 certificate but i'm not sure if i'm ready to take it yet? I've been through most of the rooms and all paths recommended, before taking the exam.

My question is, how much harder is the PT1 certificate than "regular" rooms and does it differ a lot from these?

I'm currently a 0xA [Wizard] and feel somewhat confident going through rooms even though i can have problems and get stuck, I always manage to figure it out in the end.

I'm really not sure what to expect.

Hope you guys can enlighten me a bit on this 🙂 .

Hello I’m just having trouble finding a place to start in cyber security, I’ve done a lot of different jobs in my life and I’m good at almost anything I touch but I get imposter syndrome and think I’m not good enough for this but I want to be. I would love to do ethical hacking or digital forensics but I’m having trouble trying to start since I’m new to it. Are all the certs worth it or would hands on stuff be worth it more? Any advice would be greatly appreciated

guys im planning to to cyber dgree ok i have 3 options do
BACHELOR OF INFORMATION TECHNOLOGY (MAJOR IN CYBER SECURITY)
VICTORIA UNIVERSITY - AUSTRALIA BSC (HONS) COMPUTER SECURITY
PLYMOUTH UNIVERSITY – UNITED KINGDOM /Bsc (hons) Data Science(UK) + cyber masters idk guys im currently enrolled with BIT cyber i can change it still first sem and did i choice the right degree its not a honors what i do ?

You guys think getting into exploit development is worth it? I am wondering if I should take that path and take a computer engineering degree, and do my own self-study on the exploit end and cybersecurity side of the job.

If I were you, i would get into a lil bit of everything and not commit until you find one you like more than the rest and are ready to commit to it.

And not all certs are worth it, the cert not only has to line up with the job you want to get, it should be well respected, and it should be recognizable by hr, and last thing is the cost of the cert should be worth the roi, like how much you get back from it, like the giac certs cost way to much for what your getting and there are other certs that can accomplish the same thing for less money.

Good evening engineers. I have just started my SOC Security Level 1 apprenticeship. And now, I'm stuck on a task on task 4(DNS). Mainly question number 1 and 4.
Sorry, I'm new to the plat form.

Very very niche

Thank you so much, I know the GIAC certainly can be pricey, which certainly do you think that I would need that cost a little bit less? And would like the google cyber security cert and labs through try hack me be enough?

Gave +1 Rep to @potent jasper (current: #3243 - 1)

Okay, the thing about Google cybersecurity (I also have it, btw) or any Google cert, they are very good when it comes to learning the basics of whatever you are trying to do, but don't expect it to land you a job because the whole point for a cert is to prove you can do smth ( thats why most have exams) but in the case of the google you get the cert onces you complete the course not when you take a final test where you are getting monitored. So if you want to do it just for learning the basics before you actually try going after certs with exams, but if you want to go get the most basic cert that is well known and has an exam, go for the Security+ next, it's a vendor-neutral cert( meaning that it's not specific to only one company) and it could land you entry level jobs like help desk or other it related entry level jobs (dont except to make a lot of money with only that cert) and then you can move on from there to get harder and better certs to try to upgrade.

And guys, if I am wrong, pleases tell me because I am not some crazy expert and i am open to changing this view

And to be honest, this is just the tip of the iceberg because this is just basic-level certs, not only do you have to get better certs, that's just a piece of the puzzle because you are gonna need projects, experience and other things to make it in whatever field like 100k plus

don’t let that discourage you tho

That’s what I was thinking too, I didn’t think just completing the google course would land me a job immediately but I’m essentially starting from scratch, I just got laid off work and I know it’ll be a lot of hard work but I’m determined. I just wish there was some kind of roadmap that told me where to start and what to do in order to get the job I want or show me what I would be good at

Okay there are a lot of famous YouTubers that do these road maps even if they are not reliable to the bone it will give you a gist of what you need to do but before you look for a road map you have to know what part of cybersecurity you want to focus in and you are in that stage because you are wondering whether to do forensic or ethical hacking,pick one first and then look for road maps

And road maps can differ especially depending on whether you want to work for companies or in gov tech

Yeah thats true, I’ll have to do some more research to see which one resonates with me more and if I would like doing it and actually go for it. Thank you for your advice

You got it we're just on the same path

It is, and it has a high barrier to entry that will lower my competition but the competition that's left are gonna be top-tier dedicated people so its gonna be tough

Yes it will be very tough, if I were you I’d try to find a more „stable” source of income/niche and try to learn exp dev as a side hustle, you might find a pretty well paying position in the future

Really is exploit development not stable if you get the job

What do you think is more stable i could go the ethical hacking route and specialize in exploit development, you think that sounds more stable

It is very competitive, and usually people with a few years of experience work on such positions. There’s not many of them on the market so if you lose one job it might take you some to find another one

Sure, pentesting is less competitive than exp dev but you still won’t be guaranteed a job as an entry level employee. It depends a lot on your skills, experience and region

Damn it starting to sound risky

Do IT. Cs would be better though.

heyy guys! i wanna start with pentesting , can u suggest me a roadmap , i'm really enthusiastic to learn, alsooo i have zero friends in my college, i just dont like them, feel like online people r better n helpful !

im a full stack web3 dev btw

Hey, check out the THM Learning Roadmap https://tryhackme.com/hacktivities 🥳

thanks matee @distant pier !

Gave +1 Rep to @distant pier (current: #17 - 574)

Hey guys, I finished my master's degree in Cybersecurity three months ago and am currently doing the THM Junior Penetration Tester path. I'm looking for my first job in the field of Cybersecurity. Any tips on how to get my first job? How can I apply what I learned in the path to real-life targets?

helpdesk

?

you wont get entry level cyber work

so, your advice is...

helpdesk

Wow, great advice mate, ty

Do hoy have any IT experience?

No, Bachellors degree in Eletrical and Computers Engineering and Masters in Cybersecurity

Looking for first job

Ohh, it might be quite tough then to find one in cyber. The other guy’s suggestion - helpdesk, sounds like the best option in your case. You could also try applying to SOC L1 positions or some basic sys admin stuff, but there’s no guarantee you’ll get an offer, or even an interview

Hey All 👋

When I apply jobs on linkedin and check newest, before clicking apply I see "100+ clicked apply" within within 20-30min...☹️

For each and every roles 100+ within few hours..

Location Bengaluru, Karnataka, India

Sup SUp

Congrats on your accomplishments

i am in a bad situatn someone stole everything frim me i need help me out ls i cant continue living.
i need help

No.

What is this trash advice

@vagrant garden anyone who tells you to work helpdesk is wrong

You legit have a bs and a masters degree

Have you gotten any internship or tech job?

Do you have any certs?

BS and MS in what subject?

Help desk is decent if you are starting out as either an Undergrad or Graduate intern...

does anyone here have experience in working as a pentester for the military? Was thinking of applying there after university

He said cyber

Bs in electrical and ms in cyber

Good ass degree combo so idk why u dont got any jobs? Have u not been applying or looking at internships

Many variables: poor interviewing skills, lack of internship experience, unable to speak to both tech teams and to Angel investors, etc...

More qualified candidates---there will always be someone better and less qualified

I have some certifications related with Blockchain, and some small courses about Ethical Hacking. Internships: I haven't found anything yet. I'm from Portugal, and there are almost no internships here.

In recent months, I've been torn between pursuing a career in Blockchain and Crypto or Pentesting.

I must have sent my resume to about 200 companies, and I only got 4 or 5 responses and 3 interviews. In the 3 interviews, they told me they wanted more professional experience.

This weekend I created a portfolio: https://tg-pentestportfolio.pages.dev/

Today, I send my CV for several job positions related with Cyber, I hope to stay somewhere, I just want to start

Do you have real world experience---such as, either a paid or unpaid internships, or academic projects

maybe some THM CTF's under your belt?

Currently work on this!

I would say separate yourself from the masses in your objective. For example, I added a team quote: something along the lines of "Bringing the best out in others, or encouragement is one of the best forms of teamwork."

May I ask if you added references who can attest to your technical skills, your personality, work ethic, etc...

I have these references in my CV

Tech skills, social skills

cool...

Can I send you my CV in private message?

sure...

check your dms pls

you file passed a first round check: https://www.virustotal.com/gui/file

Readinng it

would you like my opinion in public or private?

Go private pls

I'm looking for a part-time gig as either a cybersecurity technical writer or a cybersecurity analyst (level II). I need supplemental income, and applying on sites like LinkedIn hasn't brought me much luck. I currently work full-time as a cybersecurity analyst II for a global energy company, but we're a single-income household, so it doesn't cover all the bills. Any leads are much appreciated!

find some meetups that are technical related, like events when vendors come in and have a networking event

networking is very important and since you are already working, then it's a lot easier to do

find out what companies are looking for in terms of certs from the job ads, do you have those yet?

will your company pay for any certifications to help you make a lateral move?

They'll reimburse for certs, which is why I've been stuck between a rock and a hard place. It's mainly the scripting/automation skills holding me back because I can dig like no other when it comes to investigations.

Hi I am Ryan.

I'm looking for a full-time job as a cybersecurity analyst or malware analyst.

Is there anyone who can give me some advice?

I also have a specialty in reverse engineering, but I haven't found a suitable job yet.

Hi am maxwell i have a pnpt certificate just completed am looking for a job any advice or recomendations

"Don't give up!"--is usually a good start. Or maybe, "Think outside the box..."

What proven skills (academic or professional projects) do you have under your belt?

or personal projects (created your own Linux server, created and modified a PUF for redundancy, or coded a data base for a hospital or an emergency service)

Just some automation programs for testing

What projects do you recomend i do and next steps to take

I don'tt know what project you have competed

I have an enumeration project more of like metasploit pro that helps me in doing scans and generationg reports and reverse shella

Shells *

I would put that down...

Is that enough to start applying or i do more projects 🤔

The more, the better

Remote DFIR Automation Analyst

https://jobs.bechtel.com/job/Glendale-Digital-Forensics-Response-Automation-Analyst-(DFIR-Automation-Analyst)-AZ-85301/1340226200/

Thank you...

Are there any HR's here or someone which I can ask a personal question for my career development? I'd really appreciate it (If it's possible to DM)

Shoot

Ask away

Quick question for anyone with pentesting experience: I'm reading through the Pentesting Fundamentals room and it's talking about frameworks like OSSTMM, OWASP, etc. Obviously, I know a pentester needs to know these frameworks, but just how deep do we need to go with them to get into a junior pentester role?

I'm exploring the possibility of pivoting into pentesting since SOC really wasn't for me and there aren't really any security engineer entry-level positions, but I'm just trying to get a feel for what I might be up against if I do decide to switch directions

Sorry for the delay, was out for a moment. I appreciate the tips, do you know if any of the pentesting learning paths on THM give some clarity on what different roles there are?

I'm just kinda lost at the moment. SOC wasn't really my sort of thing. Security engineering was a bit more in line with the stuff I enjoy and am good at but like I said, no real entry-level roles. Pentesting sounds interesting, but I have no idea if I'm truly capable of it. So yeah, struggling to figure stuff out right now lol

Also, to add to that, if I did know what specific sort of pentesting job I was aiming for, just how deep would I need to go with the frameworks? Would I just need a good overview knowledge, memorizing the key points, or would I be expected to essentially know the full frameworks/documentation by heart?

Gud day guys

hi

Pls am new here and relatively new in cyber security

Hey

Can I get some advice or directions

on what?

how to drive to mcdonalds? i can give you the directions

i can give you advice on how to create a good password

Where to begin my cyber security path from

oh then i would read #start-here it has good information, and just go to tryhackme.com and start with the pre-security or cyber101 path

Where and what should I focus on especially now am quite new
Only still on one or two programming languages

Ok,sound good

well do you have a background or knowlegde of IT

like linux, windows, AD, netwokring

Not really ser

i would start there then, learn how windows works, linux works, AD, learn networking

Only a beginner,am just learning some coding at this point

then move into cybersecurity

Python to be precise

Ok I see

But has the landscape changed slightly? especially with the advance of AI

Can anyone help me, I have completed the authentication bypass (Jr. Pentester) room in try hack but I completed that in the lab but how to test it in the real website using fuff tool, please anyone help me

Google it

Hello everyone
I need your advice. I had taken physics, chemistry and maths in class 11th but due to some negligence of the school, maths was changed to biology in my stream. When I came to know about this, it was already too late and there was no possibility of improvement, so I had to clear 11th and 12th Bio. I am not able to understand that I should enter the field of cyber security.

Please help me sir, I want to see you as a successful ethical hacker.

Please show me the path and help me become a successful ethical hacker.

Yes provided you have an X years of experience. Remember, you will be competing against others with more or less experience, University degrees, paid or unpaid internship experience, etc...

Then what should I do

Don't give up! Or maybe, get an academic degree: Computer Science, Computer Engineering, Cybersecurity, etc, network with classmates and professors, join coding or cyber challege at the U, look for internships or you go the certification route and earn CompTIA's Trifecta or just one cert. But, you need to separate distinguish yourself from others.

Okay...

Sure a certification can land you a job...

Job hunting sucks yo

I am currently in my first semester of college, aiming for Associates in Comp Sci then finishing with a Bachelors in Comp Sci

I am trying to get through the Cyber Security 101 path by Christmas (just started last week), try to get Net+ and Sec+ next summer, and get an IT internship through my college to my local hospital or news station in the fall

If I were to have the certs (Net+ and Sec+, maybe a few more after that, not sure which), at least 1 year IT Intern experience, and the Bachelors in Comp Sci when I get out in a few years, is that good enough for me to get my foot in the door by the time I graduate?

yes...

Learn all you can during your internship---your co. may offer your FT employment when your graduation ends, or pay for either your MS or PhD. But you'll need to pay them back in service. For example, one year of higher education equals 1.5 years of working with their company.

oh! And ask your professors, peers, and others for recommendations

Hey everyone, been working in an internal SOC for a year now but definitely feel burnt out. I was hoping to transition into GRC but not sure about next steps or recommendations

depending on the type

Yes, I knew about the problem solving aspect, my concern is that memorizing in a "book learning" sense has never been my strong suit. My method of memorization usually relies upon practice, "muscle memory" as it were

You do need some sort of memory: ports, applications commands-- Autopsy, nmap, Winhex, etc..---

Ubuntu, your choice in editors: Vi, VIM++, nano, etc..

Yes, things like ports and commands I definitely figured I'd need to know. I have a few common ports memorized as part of my A+ learning a couple years ago (never actually got the cert), and I daily drive Linux nowadays so command memorization isn't too out-of-scope for me. But with those, like I said, it was easier since I can develop "muscle memory" over them. Memorizing entire swaths of regulations wouldn't be so easy for me

and I'm looking to get into a SOC

hey guys i will finish my bachelors in comp sci this year and i got the sec+ ejpt and doing the cpts course right now , am i on the right track for breaking into the pen testing ?

hello! i'm literally new to this cyber server in discord, i am really curious about CISO...how to "be" that, how am i gonna do now?, how am i looking for materials knowledge? how to get certifications on CC, what the most recommended certifications on cc as the beginner to achieve...I HAVE MANY QUESTIONS ON THIS CYBER SECURITY PATH! i'm interested, can someone help me?

or...does someone like me? an 11th student who wanted to try exploring this job in the future?

we could be a mate

Anybody interested in having a new friend 😏

If someone wants to learn forensics, I want to learn too — let’s learn together

I am 😅

Me too ,am relatively new and finding my way in the field in college
Would appreciate friends and collaborations 🙌

Are certifications really the main point, I'll appreciate experience people in the field admitting the truth

I sent u a friend request
Am actually just in college but still very new to this

Whats your major?

Pls can anyone mentor me 🙏
I want to go into ethical hacking, and am thinking of getting my first IT job first so I could get a general understanding of cs before choosing a specific path, right now am preparing for isc2 cc, people said it's not worth it but I just wanna start with something before going into CompTIA certifications, the roadmap I have RN is CompTIA security+, then net+ or CCNA, ISC2 cc and az900, then pentest+ and finally red hat , any suggestions, opinion or advice?

That's sound like solid certifcation avenue. Just remember, you will need to stand out from other applicants--i.e. create a database for a rural hospital, create and alter PUFs, or even customize an AI search engine. Depending where you apply (FAANGM), will determine your competition

Cyber security
Though not sure what aspect specifically to be in

hi! usually a "CISO" is an end game role that someone with experience, especially with business/managerial background might take. Many CISO's are not technical and never used a terminal in their life, but if you have some tech experience it will only benefit you. CISO's usually have like 10+ years of experience in cybersecurity, most likely in management positions. For certifications, CISSP, CISM, CRISC are usually listed as requirements for such roles, but it really depends on the organisation. There is also a role called CIO, chief information officer, which has some similarities, but is usually a bit less technical (and not experienced in cyber) and more about the whole organisation's IT development

Let's go 🤠 DM me

okie, let's learn together

do we need another person?

thank you so much for your information. now i know that CISO's are not technical jobs in organisation...hmmm, i'm interested in the technical way of cyber security...but surprisingly, CISO's are not even technical jobs. yet, i'm still interested in cyber security 😄

Gave +1 Rep to @fringe spade (current: #281 - 33)

can i DM you too? we could learn together if you don't mind

i've sent you a friend request

Sure brother 😁

Any STEM field is probably good...

Hello I've been studying for about a two weeks and so far I'm enjoying it but I have a some doubts and was hoping for clarification. Do I have to have a degree in comp sci and if it is possible with no prior IT experience to get into the field?

I think any STEM field plus a filed of academic projects or IT experience will help

so getting a degree and getting a job in IT?

You can get an IT job with an associate's degree and a passion for identifying and troubleshooting systems

For cyber, the bar is raised a little higher---experience, education, combination of the two, etc...

okay sounds good thanks

Guys im new here and my passion is toward cyber im still in college and didnt choose the path yet but i want to know how things work and when should i begin what certificates are worth it and what will i need in the beginning and stuff like that

Hey, how's it going? I am also new here, and I am also in college. I've decided on the SOC analyst path, and the cert I am aiming for is the sal1 tryhackme provides. I would say if you're still on the fence about things. take the pre security pathway and decide what path is best for you afterwards

I agree. Find your passion: AI creation or modifications, Hardware Machine Level coding or Software Oriented Security systems , Penetration Tester, etc... and go all in!

I've started the cyber 101 path on THM and finished atleast the free courses to check how things would go i enjoyed how stuff works and so on but im worried more about certificates which are necessary and which are a waste of time or money because I hear diabolical prices on some certificates and rcourses if you get what i mean

You get entry level certs, then get a job and then a job that will pay for the certs for you

thats why they are expensive, they think companies will just pay and some will

But are entry level certs good enough to start you in a good job i mean there are ton of competitors who are gonna have some certificates that makes them special on the resume

That's why you focus on the job ads and what certs they require now , then go get those

keep track of the job ads now so you can get the skills that they require, look at multiple job ads and skills and study the most common ones

get the most common certs that you can afford

network with people at events in your city for cybersecurity

I appreciate the advice thank you

No problem, best of luck to you, keep on these lessons they are great

very detailed

Amazing 💯

Sent u a friend request mate
Ready when u are

Always ready !

Well anyone interested can join
@cobalt plaza

Sure

Nice ⚡

Ok,but I think am more drawn to pen testing though lot of learning needed first

Cool! Sometimes the hardest part is deciding what you want to do in life

gooning to this rn twin, ty

Gave +1 Rep to @simple hill (current: #3250 - 1)

Do not advertise and spam on our server please. Especially with such an edgy business idea.

wassup guys

lives someone in Germany ?

i just wanted to ask whats will be better study at UNI or work for experience

University Study if you want to broaden your horizons: network across many domains, decide if you want to get a PhD, opportunity for internships, etc, find what profession you want to commit 20-30 years of your life. If you want limited scope, work for experience. Remember jobs come and go, BUT your degrees will always stay with you...

Hi, what entry-level jobs could I start to be a jr pentester in the future?

Any IT job basically

Thank you, im planning on looking for a job that can help me reach my way up to become a penetration tester..

Gave +1 Rep to @vale falcon (current: #2132 - 2)

I’ve done helpdesk, sysadmin and now working as a SecOps.
Just keep learning and you’ll get opportunities

if you want to become a cloud secuity engineer what first it job is preferable?

IT help would probably be the easiest---all you need is either an Associate's degree, some technical knowedlge and/or a passion for investing and trouble-shooting pc problems. Understand about event viewer, task manager, resmon, etc. Basic windows diax tools

yeah i heard this and I heard netowrking could be good too but im not too sure which one is better

Networking is awesome: basic TCP, UDP, OSI, 12-15 ports, use of Wireshark, Nmap, etc... The questions is what do you want to do for 10, 20, 30+ years of your life

You should probably look at the certification tracks for AWS/Azure/Google Cloud and start as a junior cloud engineer if you can. You get to learn a little of everything from virtualisation to networking to systems engineering and build on your skills in a structured way through their pipelines. You will need to be a good cloud engineer to be a good cloud security engineer

I have a short question regarding the fundementals of getting into cyber, I really want to build a strong foundation before touching any niche, is there recommended resources for IT/networking/OS and etc?

guys I have small problem, I love seeing code on my screen, I would love to learn how to hack and pentest, now I am soc l1. I want to have 2-3 contracts on b2b as a pentester but I think it will be hard because there is no demand for pentesters, If I like code I think about devsecops as a final boss with 2-3 contracts but Idk what path to choose, what certs get and what to learn. Could you help me guys?

uncertain

Hey, just curious
What are pentester technical tests usually like? Are they hands-on exploitation tasks or more theory-based questions? And do I really need to know Python for them?

Technical tests as in during job interviews?

Yes

It depends on the employer, usually you should be informed what type of assessment you’re going to get during the first phone screening with the recruiter. When I applied for pentesting positions, most of the time it would just be a few calls where recruiters asked more or less advanced technical questions, some examples of vulnerabilities you found etc.

Sometimes you’ll get a task to do at home or during a call with sharing your screen where you have to find some vulnerabilities and write a report, but I only had that two or three times.

I didn’t apply for pentesting roles for some time now, but it’s mostly similar to different positions too

And in terms of programming, if it’s specified in the job description then you should expect coding questions. When I took part in a recruitment process for a FAANG company, I was given a problem to solve during the interview using Python/pseudocode.

what would you recommend with a bachelor's in IT, and proficient in Linux? I haven't used windows in so long I forgot all the terminal stuff

Hi all, I have 9 years of Civil Service experience, pretty much customer service focused for a welfare benefit system here in UK. I have a first class honours degree in Computer Science and am currently undertaking my Masters in Computer Science, though might change my discipline to Cyber Security due to the my grown interest in this field. I been unemployed now for almost a year since leaving my previous job. I was just wondering if anyone could give me guidance on how to get into IT/Cyber. I am now 36 and I feel like my time is running out and I want to get my career started. I apply for cyber, Data Analyst and Helpdesk roles with a few software engineering roles thrown in with zero to any replies from recruiters. Help 😄 Based in Essex, England.

Recommendations from the US -

1. Networking - Unfortunately, networking is the key to getting a job. Go to meetup groups for programming, security, anything technical. Find some local security or hacker conferences, . You'll probably have to travel to London.

2. Help desk jobs in unconventional places - My first job was the SysAdmin for the local computer shop and ISP (back in the 90s). But, I wanted to move from a small coastal town to a bigger city that provided more tech opportunities. Through some connections, I found out that a CarpetOne Floor and Home store was looking for someone to run their computers for 3 locations, including 2 in the city where I wanted to move. So I got a job as the sole SysAdmin/Help Desk/Developer and it gave me an opportunity to learn a bunch while also moving to the city.

3. Study for CompTia A+, Network+, Security+. You don't necessarily need to spend the money on the certifications, but having the knowledge will be a huge win. There are ways to show off those skills on a resume, by describing a home lab/projects that you work on.

Hello!

I'm curious about pursuing a career in cybersecurity, mostly cause I think it's a good career in terms of job security, but also because I've always enjoyed building PCs and spend most days in front of one.

However, I'm not very mathematically inclined. Insofar as my mind doesn't get very stimulated by numbers as much as it does by reading or media. Which is why I haven't pursued a regular IT job as a backend dev or something similar.

Those of you who work as Ethical Hackers or a similar role, are you all "rain men" who can just cipher through code like a rat through a maze? Or are any of you like me?

A question for more experienced people (or maybe not). Do you think bug triaging for a Linux OS can help getting a job as an IT specialist or help desk? I'm thinking about doing bug triaging in ubuntu ou fedora. Some opinions?

If you don’t have a lot of experience on your resume, projects like bug triaging can show that you are familiar with ticketing systems, how well you can troubleshoot, and documentation skills.

Plus if you really enjoy it, you might consider a job as a QA engineer.

Unless you are getting into a heavy math related field like Cryptography or Data Science, a solid Algebra and logic foundation is mostly what you’ll need.

When it comes to penetration testing, there are a lot of skills you need to master. Unless you're dealing with cryptography, or IP subnetting, there isn't much maths involved, and most teams will have specialists for that. It's not really that hard, it just takes some study and practice, like all the things you'll need to learn. Start with the basics of Linux/Windows admin, networking, pick up some Python/Bash/Powershell on the way and broaden your skillset as you progress.

Programming can involve some mathematics but when you get into coding you learn ways to do it correctly, and there's usually a great suppport community. If you're doing that kind of stuff professionally, the senior programmers would take charge of anything too complex. There are lots of tools to help you do most of the things you'll be doing, and specialist work will usually attract specialist people

Thank you, that's good to know!

It's always good to know that things you don't fully understand yet can be learned with sufficient effort

hello guys i am thinking of making a firewall as my 3rd year BCA project so is it good or not ?

or you guys have any other idea? so please let me know

Thank you for your long thoughtful and insightful post. I will try to actively apply for more helpdesk roles for the time being while I grind through these rooms on tryhackme. I am currently trying to build my LinkedIn following and to network more, I think this is the issue, my network is relatively small. Thank you again.

Gave +1 Rep to @torn plume (current: #534 - 13)

Hi, all, now I'm recruiting people.
This role is fully remote.
If interested, dm me.

Thanks for the reply. I really don't have a lot of experience in my resume, and never worked in the IT field. I'm looking to enter the field through help desk and then cyber security. Thanks again.

Gave +1 Rep to @torn plume (current: #494 - 14)

Maybe see what service desk roles around where you are ask for as required / optional too:

• Places round me often mention ITIL which is good to know to grasp IT Service Management more broadly so benefits any role in an ITIL-aligned company really
• If companies are often hybrid/cloud, maybe some entry level fundamentals cert like AZ-900 for MS to start getting a grasp how a company actually implements and manages Azure, which isn't easy to clock from the outside. Plus quals like AZ-900 can be a starting point to something more sec-related depending on your interests e.g. sc-200, or external stuff

Hi everyone, I am open to job offers (Help desk or internship) Currently have ISC2 CC and comptia security+, in depth knowledge in CCNA, first attempt didn’t pass CCNA.
I am open to work without paid to gain experience in the field of cybersecurity beside technical knowledge and Home lab. You can DM if you are willing to refer me.

never work for free and the CC was a scam

just to start, all these companies want experience, for entry level positions, even for help desk, most of them wants experience. All the jobs I have done so far and the ones I am currently doing is non-technical or IT. I can't include that in the resume. I have gone in-person to meet one or two of them, you will hear apply online. We will let you know when we have job opening, waited for weeks with no response. I agree with what someone said that in cybersecurity that there's no entry level job. Now I am taking a proactive measure.

there's just no jobs

:hammer: pimosvk#0 has been banned.

CySA or Sec+ if you cannot reach a CCNA

Hey all! I've worked for a while in a cyber security field in my country and now would love to go international. Any advice on how to land a job in Europe with relocation?

It's really hard to get out of bed in the morning and go to your boring-ass engineering job when the sun isn't even up yet and there's a sleeping cat curled up on your legs. It might be time to start trying to make the transition to cyber security...

hi

what are the chances of landing a remote job as SOC analyst after getting THM SAL1 certificate?

Depends if you have any skills, previous experience, role region etc, but that’s definitely possible, might not be easy tho if you have no experience

i’m still a student and i’ve never worked in any non IT or IT fields, quite passionate to pave my way into cybersecurity, now that you’ve mentioned that it’s definitely possible i’ll try my best to gain experience through various homelabs, etc.
but not just that, i’ll also be learning other in general foundational courses that will later help me transition into more preferred roles like cloud security

That's a pretty cool plan! Most cyber roles (even junior ones or internships) require some experience in IT so you might start with that in the first place. Something like helpdesk etc

yea what Vertey said, try to network with different people, join community groups, local meetups, etc. and continue to knock on doors, the opportunity will show up for sure for as long as you don't stop doing your part of continuing to learn with the resources you have.

Don't get discouraged by "this requires experience"....a lot of that it's mainly for HR to have...especially if it's a paid role but you apply no matter what.

We’re not joining your sex website

lol

really? Should I not get the CC

If your willing to work for free your probally not very good

useless cert

yes try to snag a IT job if you can.

Update: I did actually get out of bed, I did get to work on time, and I did get some hints from my supervisor that I might be getting laid off at the end of the month 😑

which one do you think should we go for then?

I haven’t had the courage yet for it yet. It’s a challenge for two weeks between me and any employer. Instead of illegally hacking them to prove I am valuable. If I am good and valuable to them, they promise to hire me full time with pay, if not I leave after two weeks. Just too busy with work and studying for the next certifications to actually do it.

I have been doing bug bounty lately personally. That’s enough anyway.

You working for free? naah man.

Or do they put up a BB and give you credentials to enter the internal network, sure fine.

bro manifested his career change

Thanks! I was only seeing remote jobs, but I really should check what employers in my region are asking. I'll certainly do it. Thanks again. 🙂

Gave +1 Rep to @patent hull (current: #3257 - 1)

I suppose its down to whats available e.g. if you live near a city or hub / industrial estate with IT companies. im in the UK so "near me" may be more consistent 😄 if places are vague and dont list actual certs, there are fundamentals MS certs to start with - https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2PjDI or if you want to yolo, contact a recruiter and get them to ask the hiring manager if any specific certs are favoured (or if you apply for any and dont get them, ask for feedback and if they can recommend certs)

If you want to get a job you need to get "HR Filter" certs. These certs are all the big ones like CCNA, Security+ , CISSP , OSCP, ect. A lot of these certs are not practical and you wont learn as much as the SAL1 but they will help you more in getting a job

thanks!

Gave +1 Rep to @chrome spire (current: #1608 - 3)

Hey I have 8 years of cyber experience. 2 years onsite data backup management/hardware installation/general support, then 6 years doing red teaming, software, and malware on my own for personal fulfillment while I had other means. I'm pretty good at it now...I'm up to making obfuscated, staged implants with encrypted payloads and privescs that work on both Mac and Windows 11, but I haven't had a job in the industry in 6 years and now I need one. I want to go for analyst roles.

I've heard on YouTube that just having a degree or certification (or both) isn't even enough to get a job anymore. I'm feeling a little deflated about it. Would my level of experience help me in my job search if I get my Security+? Does it matter I did it on my own and it was all self-directed?

Or does it only count if you were doing it as an actual job

https://github.com/VioletFigueroa/Premium-House-Lights

Built a repo to showcase one of my portfolio projects i made while at Lighthouse Labs bootcamp. any constructive feedback?;

Ohhhh

Cool!!!

I love this. It's such a great simulation. Solid, thorough, and roundly professional. It's great to see some quality forensics in these spaces.

Going through the log file, I'm seeing the threat actor logged in as root, enumerated the entire database structure, stole the customer table, and created a backup/dump of the whole ph1 database

The repo looks great too.

Great

Are you in US or Europe or whatnut?

I'm in the US @crude burrow

The Napalm generation

You said it

Hey guys,

I’m seeking a cybersecurity job. I have over five years of experience managing and securing IT infrastructure, including configuring firewalls and managing Intune and IAM. I’m interested in transitioning to a cybersecurity role, such as a SOC Analyst or Security Engineer. Additionally, I have experience managing EDRs like CrowdStrike and S1. Any references would be greatly appreciated.

I am located in the US

Don't let any of what you read deflate you. If you really want it, you just have to keep knocking on doors while doing your due diligence and getting your own experience with different resources. Get plugged in with local communities if avaialble, go to free conferences or paid if can and network as much as you can. Getting the Security+ is a great start, it shows you're after your career and you'll just continue to improve from there but it's a matter of not giving up and continue to persevere.

Aw thank you. I'm pretty sure the person who made the video didn't have any or had very few practical skills starting out. Obviously I'm not senior level, but I've been skillbuilding a long time with a good resume and portfolio with a lot of projects to show.

Can anyone let me know how AI is impacting hiring right now? I know it's not as bad as for roles like web dev and such, but I've also heard it's eating up SOC 1 jobs...

Hi. I would suggest checking out Upwork for freelance opportunities. I have seen a growth of cyber-related jobs on their jobs board. Hopefully you can find something that fits.

Any reason to try that before you get any certs?

Hi, Thanks, it’s interesting, I never thought you can find a full time job there, will take a look

Gave +1 Rep to @boreal latch (current: #2137 - 2)

For AI, I would say it’s more likely annoying because it filters out most of the resumes, making it difficult to get into the interview.

The certifications doesn’t have that much value as before, I have Sec+ , Net + and Linux+. The job market sucks rn, it’s hard to get a job with randomly applying unless you have someone that would refer you.

That's what I've heard. I watch Cyber Maddy on YouTube, and she makes pretty great videos. She said she wanted to get into infosec, she got a bachelor's degree but no one wanted to hire her. So she got 2 certificates and STILL no one wanted to hire her

But I think she didn't have many/any practical skills starting out

I've heard that's what really matters now, more than degrees and certs. Can anyone confirm/deny

actually the most important skill is networking and building a personal brand

try to get yourself exposed in social media sepcially linkedin

talk to people , help people go to events

build skills , document what you're doing

That's what I've heard. Thank you. I heard one of the best strategies is to start posting your work on social media, writing medium articles, and that kind of thing

Gave +1 Rep to @tacit juniper (current: #1608 - 3)

Starting to wonder if there's even any point in putting in traditional applications

You'll eventually get an interview if you keep putting in traditional interviews , your chances increase if you contact the HR team on LinkedIn letting them know , they'll eventually check your profile

😅 you're already half way through if you live in north America or Europe

Apply for help desk roles and administrator roles

Save up money for hardware, build home labs , create YouTube videos , pass certifications that actually help your career

Don't pass oscp or osce , ceh or any of that bs

Go for certifications that help you build real skills like the CCD from cyber defenders or BLT2

Also if you want to work in security you're bette off building a profile in Blue team and GRC

Red team is not in demand and the market is pretty tough

Great advice, thank you

I never planned to do red team as a job. Too much work, and it would ruin the fun to have to do it professionally. I've always intended to go for blue team roles. Top priority are analyst roles--incident response, insider threat, malware analysis, and digital forensics. If there's a security thing, I will analyze it 😂

Obviously I'm not expecting to just trip over my shoelaces and land in a senior analyst role making high 6 figures 😂 but those are the roles I'm hoping to get someday. Right now I'm looking for simple tech support roles and I'm about 90% ready for the SEC+.

2 questions: Is the Security+ still worth getting, and should I keep applying without it?

I just got mine recently and I think it’s worth it. If anything you learn to study and you have fundamentally knowledge.

hi would going to college for cyberseucirty be better orrrr doing space force

walmart will pay full tution for cyber security or computer science, I'd work there while obtaining certficiations and gaining more hands on experience on off time.

Done!

well

def not worth it if you're seeking a blue team role

the knowledge is worth it

i would study the Sec+ and pass the BTL1 and then CCD from cyberdefenders

hi are the cicso cybersecurity courses are worth the time to work on?

no

you're better off watching CompTIA Security+

or ISC2 CC

thanks

why not?

Hi. Seeking advice. I have got the compTIA trifecta (A, Net, Sec). Should I get CCNA next?
Dont have work experience so trying to see if I should keep on going with the certs. Maybe I should try to make a networking/ cybersecurity project /portfolio. Any recommendations?
Also would anyone recommend the AWS cloud practitioner cert as well? Was curious about getting that.

Hii everyone there any beginners here or îm the only one if it ok could u please give me ur roadmap îm really lost

you aren't the only one!! im 70% through cybersecurity 101 right now

haven't started any of the higher paths

Îm lost between python and sql i can’t get how to link between them

i'm not proficient in either im afraid, i thought you were asking if there were other beginners

i've done a little of python and SQL but not enough to see/use them in anything important

you should probably get the RHCSA

and AZ-900 , AZ-104

Waste of time , there are better resources

If you're just starting out in computing/IT/cybersec, gaining certifications can help, but you need to demonstrate practical ability, especially entering the cybersecurity field. Building a home lab to practice with tools and technologies, using the free cloud accounts of the major providers, having a blog about your pursuits, doing writeups about challenges like boxes/projects, attending CTFs/conferences, doing bug bounties through platforms like HackerOne, Bugcrowd, Intigriti, etc., can really help your progress/portfolio. The AWS Cloud Practitioner is a very basic cert. It will teach you about the basics of the tools but to get experience you should go for one of the Associate certs like the Solutions Architect and work your way up. Don't focus solely on certs, but when you pick a certification, prioritise that

I am learning about networking right now but I am struggling to find a way to apply my knowledge or get into a pen testing path. Anyone know what else I should do

I would say just get the basics of network and Linux then move to HTML CSS Javascript nodejs -only basics- to be a starter into Web pentesting.

Then Portswigger Academy will be your best friend to learn each Vulnerability

what specficically about linux tho?

Just basics

How the file system is organizes
How to manipulate files and directories
How to download packages
How permissions and ownership works

You can use the outline of Comptia Linux+ as a roadmap for Linux

Also the same with network with network+

Then you will get in depth when studying the network pentesting

im cu rious whats your job?

Pentester

like just a generic pentester?

or is it speicif

im not sure how the path of cybersecurity works lol

and curious about your pay

not literaly but just genral

i've always thought pentesting was cool but nowadays not sure if its the corect path to take 🤷🏼‍♂️

I am in the MEA region so salaries there are very low as the cost of living is low so it's a bit irrelevant

Just check with people on the region you want to work at

But in general pentesting is paying relatively good in all regions

how long u pen test for??

3 Corporate and 5 freelance

sry idk what that means...

8 years in total

oh dang

thats good

you ever do bug bounty hunting for fun?

Thanks

Yes but just for swags and Hall of fame

Not for bounties itself

why not?

Although I regret not doing it for bounties 😂

It was just a fun game and wasn't focus on financial aspects

I was wrong at that time

But it was fun 😃

would you say it is hard or easy?

and like waht were you doing?

At that time it was easy

Just hunting for programs that send good swags as Sony and ESET

wait so based off the bounties you have found would you say it could've made you like 100 US dollars?

Yeah I made money but focused more on good shirts and stickers

The Dutch government usually sends "I hacked the Dutch government shirt" which was and still awesome 😁

But priorities changes as life goes on

ah i see

thanks for the insight!

You are welcome
Nice talking to you

@tame ice hi again i was going through the portswigger topics like you recommended. I was doing on of the first labs in the authentication topic which the lab involved usinga brute force attack but was kind of confusing me becuase there was a bunch of passwords and usernames to use which i wasn't sure if i was suposed to apply all of those usernames and passworrds because that is kind of tideous. The solution in the lab said that you are supposed to use burp suite which was never introduced to me before. Is there something i missed before doing this?

Hi, I am new to cybersecurity field. My goal is to become the security awareness specialist. What learning pathway or training should I focus on first? There are tons of resources so I am quite overwhelmed. Any recommendations/advice is appreciated 😊

I am doing a portswiger authentication lab and i am doing a sniper attack on burpsuite but the attack seems to be going very very slow. I have community edition too. I heard that is slower than the professional one or whatever it is called but it is really slow... Pay load has 500 words its going through and after 5-10 mintues only through 60

Oh my bad.

So basically as me and you speak we use messages. Websites and users speak with each other using requests and responses.

Me (client): I want to access /homepage
Facebook (server): Here is the server or You are not authorised

Web security is about seeing all these requests and responses then try to manipulate it.

We use proxies as burpsuite to be in the middle between me as a client and Facebook as a server to catch requests and responses to manipulate them.

Burpsuite is one of the most single important tools in the websecurity.

So I recommend you watch burpsuite course first then continue with the labs

So Portswigger the developers of burpsuite has a throttle limit on the community edition making it very slow in the brute forcing, but you can use tools as hydra or ffuf depending on the bruteforcing subject

I worked 2 years as a security awareness specialist from a very heavy technical background.

I didn't follow a specific roadmap but what I've noticed is that a good awareness specialist is a good saleswoman/salesman and also have a good presentation and copywriting skills then technical aspect comes second

Thank you! I come from mixed of technical and consultancy background so I think what I need to gain more cybersecurity knowledge.
I already have presentations and copywriting skills from my consulting days 😅

Gave +1 Rep to @tame ice (current: #3261 - 1)

You are welcome 🙏

That's great.
You have already an edge over other specialists by the presentations and copywriting skills.

I recommend dividing your roadmap into topics based on the offering of famous awareness vendors as knowbe4.

Topic as Phishing for example there is a book called Phishing Dark Waters explaining Phishing types and techniques

Thank You!

Gave +1 Rep to @tame ice (current: #2139 - 2)

You are welcome 🙏

if you are free can you help me with why my length field isn't display after clicking the column for it already

It's because there was no response from the server

See there is even no status code

wait then why is there no status code

Thanks , I am also reading currently security awareness by Perry carpenter and doing modules on TryHackMe website for the technical knowledge

Gave +1 Rep to @tame ice (current: #1609 - 3)

I think there is an error since the request didn't even reach the server

so its not even the way i set it up?

i previously set it up so it would just be a sniper attack and using a simple list as the payload

and the position is the username field

This is amazing
Wishing you all luck

Can you please show me the request setup

Yes

this is it i think unless i am missing something 😭

Can you send it to repeater then click send ?

I just want to know what the response is

k

i sent it and clicked send

so i guess nothing happened

Heres an event log

There is a failure for communication

Is the the lab already up or did it shut down?

Also can you please show me proxy setup

sorry for the late response. The lab is still up i believe. Here is the proxy settings

Is there any way to opt out of leagues? I wonder

it actually shut down

That's why there was no response

yes now theeres a responess 👍🏼 thanks!

Gave +1 Rep to @tame ice (current: #1292 - 4)

You are welcome 🙏

Well well well

By leagues you mean League of Legends ?

the best game ever

I watched arcane and I am making mind if I should give it a go 😂

Don’t, save yourself

hi

Are there any accounts of people getting hired with just the SAL1? Specifically in the USA

Current plan is to get COMPTIA Security+ then get the SAL1 cert as a competitive edge, but if there's people who have been hired with just the SAL1 and I can get hired sooner rather than later that would be preferable

NGL with the market we got you will not be hired just from SAL1 , those days are long gone BUT SAL1 will enhance your CV
so you will need to stack certs and projects
Security+ is the base line that many of this companies requires (Spoiler i have not done it but i have other certs to make up for it) ,
I would suggest get a cert based on Networking (I would suggest Network+ over CCNA as ive studied CCNA and by no means its entry level) Sec+ , Net+ , SAL1 combined with couple of projects you got a very good stack for entry level positions
And this my opinion i am sure there are others who thinks differently , Good Luck

What kind of projects would you reccomend for getting into a SA1 position?

SA1 is not a position (Assuming you are referring to SAL1 Cert) SAL1 targets SOC(Security Operation Centre ) the position is usually called Cybersecurity Analyst
and there are many projects you can do : My favourites are this 2 :

1. SOC Homelabs: Deploy a SOC (Siem , IDS/IPS, Firewall ) and attack it from outside. Investigate , mitigate and write reports about your findings
2. Dynamic Malware Analysis

if you actually learn to do them properly and you are able to explain them properly you will be just fine in the industry

Security anaylist level 1, or Junior security analyst

Thank you for the advice

Gave +1 Rep to @young dove (current: #3265 - 1)

no problem GGs

For penetration testing job what all required in company

What all skill required as per the company looking for

Just check the job offers in your region, you will be able to identify those skills

Stick with my Masters in Computer Science or switch to Masters in Cybersecurity? pros and cons peeps. Would a masters in comp sci with cerfications in cybersecurity outweigh a cybersecurity degree?

Is it allowed to share linkedin account to build up friendship and stay tuned on other's path?

Can anyone recommend a sc-200 course? Tried self paced but it feels like im reading the manual for a dishwasher; its so dry

Where should I start work where get payed atleast 5$/hr but also learning cybersecurity continuous.

@tame ice i have another question if you don't mind answering, when doing the portswigger stuff i chose one of the first few to start off my learning and i chose the authentication topic, which the labs feel like they expect me to know some background information and how to use burb suite. Is there supposed to be a tutorial i take before doing this? I do figure out the solution with a little bit of research but i feel i am missing something. Take the 2nd step for example, I have no idea what that means or how to do it. Thanks!

Gave +1 Rep to @tame ice (current: #1111 - 5)

Suggestions for a cybersecurity beginner to build resume
What kind of projects can I do? Which certifications are absolutely necessary (all of them are damn expensive 💀)? And what kind of "labs" do I build 🤔