#cyber-and-careers

it will make much more sense once you have actually experienced the industry

https://www.youtube.com/watch?v=4HG2rwvhb-8&t=414s

CyberDefenders is good, not valued in the industry

so you want us to watch a video to see jobs looking for it?

PNPT is also not valued as other certs but i'd still pass it

i would honestly prefer to pass a certification that will actually get me job ready

PNPT is bleh at this point

then pass a certification that would teach me a tool or a platform

you won't get hired because you have tool certifications

you should be focusing on getting a position, your workplace will then pay for your certifications

I mean if you are going to go for certifications that are good, but not industry recognized (yet), I'd say look at HTB, HTB as a name is pretty well known even if certs aren't quite there in job descriptions yet

I can guarantee you, you will highly likely not see CCD anywhere in the industry

it's not a standard in all countries

in the middle east it's very demanded and known

and soon it will be recognized

mean like HTB right now has a year of training and 1 cert voucher for $360? that seems like a good deal, I think one of those certs is blue team focused

vs paying for an $800 cert

HTB is no where near the level of CCD in content

but also was talking about potential industry recognition, as a company, most cyber folks know HTB, maybe they don't know the blue team aspect of it

they know it as an education platform

very little people know their certs

hiring managers are 5 years late than the actual market is

...

and yet you are telling people to get a $800 certification that no one knows

I'm just saying if you are going to go with something that isn't industry recognized, there are other options

which will actually teach them everything they need for a role

industry recognized != good

ok we are done

have fun

CEH is also industry recognized and it stands for CANT EVEN HACK

This is turning into platform advertising. Let's stop it @tacit juniper

This channel is to disuss cyber and careers.

is this website vibecoded also ive never heard of this cert

now you've heard of it , John hammond made a video about it a year ago so you're kinda late

did u code this with ai

code what ?

remember, this is #cyber-and-careers

if you wanna talk about this in another channel, sounds like that would be best

Hey guys is there anyone who know where can i get free content of darkrelay or cwl

Okay all this started cause I asked this but I think I get the gist of which one to get 😭

Also, what’s the best way to post a project? I’ve mostly posted them as a blog on the website medium, is there a better way?

GitHub pages is a great option

Seconding this, get a nice Jekyll template and just host on GitHub Pages, cheap option and unlike Medium you can customize it to your liking

did you say what country you are in?

United Kingdom

I will work on my github , thank you 🫡

Gave +1 Rep to @coral lantern (current: #3458 - 1)

ahh ok so it does greatly vary by country, it might be useful to look up job listings and see what skills / certs they are asking for. They may not be asking for any honestly

something like Microsoft's SC-200 is a good start, its inexpensive and will show you some skills related to entry level SOC positions

created my 1st ever github repo pls rate 1 -10, at first i was nervous and scared now i love it. I love this !! https://github.com/Rudra-PS-Arora

Hi everyone! I’m new to cybersecurity and currently learning. If anyone is willing to offer some free help or guidance while I study, I’d really appreciate it. Thank you!

Hello, everyone! What are some reputable job boards, websites, or companies that regularly hire entry-level or junior SOC analysts? Any recommendations based on real experience would be appreciated.

generally look for college recruiting sites of any large company, they will have information on their college hire programs. This is true for the US at least, not sure about other countries.

i need an honest answer . Are SOC analyst jobs really disappearing and are they really tight and difficult to get rn? ... Or am i being misled by my seniors 😭

I wouldn't say SOC analyst positions are disappearing; the SOC is just one of the more common entry points into cybersecurity, a great way to break into the field, which means there’s a lot of competition from other juniors, recent graduates, and even some seniors in temp/transitional roles. so in many regions and companies, landing a SOC role can be overcrowded and difficult at the moment

In various parts of the tech field, you are seeing more expectation to rely on GenAI in order to supplement work, a lot of this supplementation of work was also performed by junior employees. So there may be talk / expectation that some junior SOC roles will disappear and/or companies are holding off on hiring as many juniors trying to wait out and see how they can supplement their work force

Hey everyone ,anyone who has ejPT and sec + do u mind pinging me ? So I can ask for advice ?

good for you for deciding to get into Cybersecurity. What are you currently studying? Any specific interest in a career within Cybersecurity or just mainly going for the fundamentals first and see where it takes you?

yea I don't know that they're disappearing...it just been really competitive. I want to say that they'll eventually changed to some degree but not going away. Repetitive tasks for sure will and is being automated but you'll still need someone to investigate. Again, just really competitive.

Hi everyone. Need Your opinion. It is possible to became a Senior Level with THM content for someone after IT Bachelor but without expierence in IT general?

no

seniors are made through real work experience, working within teams, not simulated tasks

facts

Understood. Appreciate for this knowledge. How then became a mid or senior level when jobs offers for juniors almost not exists?

don't give up...keep studying, keep networking, keep applying, the opportunity will for sure show up for as long as you keep grinding. Yes, it's challenging at times. Yes, it's competitive and intimidating at times.....but if you're really passionate for it, you'll keep going. Read up the first Tribe of Hackers book, that was really encouraging for me when I was trying my best to land a full time security role.

Thanks for that motivational speech 😊

Gave +1 Rep to @humble cosmos (current: #349 - 24)

here for it! cheers

Thank you! 😊Right now I’m focusing on the fundamentals learning how things work. I haven’t decided on a specific career path yet, I want to explore different areas of cybersecurity first and then see what really interests me the most

Gave +1 Rep to @humble cosmos (current: #344 - 25)

Just to share, I had an interview yesterday for a Security Operations Center role at an FMCG company. The job requires shift work and handling incidents. Does anyone have experience working shifts in an L1 SOC role? How do you manage your time with the shifts? Please share your experience.

Nice! that's great. You'll eventually find something you like more for sure and starting up as a "generalist" is also not a bad thing either way. You get to learn a bit of everything.

Yeapp

When I was doing L1, then I opted to doing only night shifts, which gave me some-what a routine, time management wasn't hard either, you just sleep during the day and work during the night, and just be an owl. It is much harder if its nights and days mixed. What kind of shifts are ahead of you?

Finally finished up my Google Cybersecurity Cert and time to schedule my Comptia Sec+, but the job search hasn’t been successful yet

Well done on finishing the Google certificate. You will need to cover more than the Google cert's content to be successful with the Sec+. You should check out Professor Messer's free content and/or one of the study guides available for it

Thank you, and I looked up a couple of his videos and they should help me get to where I need to be to get a better understanding. Thank you for the advice!

Gave +1 Rep to @rugged delta (current: #19 - 559)

nice! I used Daril Gibson's study guide and his study content....helped me pass it back in the days. Don't stop applying for jobs either, keep getting that practice in. Good luck on your SEc+!

I’ll keep applying and practicing! Thank you!

but as a career
When you love to work alone
Which track suits me then the best according to you experts ?

Hi everyone. I have question what is the best Kali or parroto os

I know we talked about this a bit, this is a bit challenging and depends what you mean by 'alone'. Do you want minimum interface with other people? Do you mean not working collaboratively at all with others? not talking to other people?

Like an independent software developer (think app developer) is probably one job I think about when someone works absolutely alone.

You could also consider something like off shift SOC work, SOC tier 1, where you review and process tickets

oke

I mean I like working alone
But never worked at a team
but talking is not a problem

But I like to have my own tasks and not much distraction with my autism
And I know that social Im not always very good

but as I said when Im done with SOC and all the prepration courses Im 59 - 60
And I wonder if companies want such a "old" man

You said you work as a engineer
What is the difference between a engineer and a analyst ??

@pseudo creek so still I wonder what the best choice Is
analyst / pen tester / engineer ?
or maybe a combination ??

Yo guys

What's the best career jump I can make from support engineer supporting Symantec DLP to cyber security ?

well if you like being given a task / list of tasks and expected to work them, things like firewall admin may work well. A lot of cyber is very very collaborative, where it isn't just you working on a task

an engineer is usually figuring out how to best do something security-wise, they work usually on teams to do so

Oke i think i will try all three and see what makes mr happy

Keep the Netherlands a little bit safer 😛

I've been job hunting for awhile now, and I keep seeing Tier 1 or entry-level helpdesk positions listing a bachelor's/Master's degree as a requirement, despite the responsibilities being fairly basic.

Is this a firm requirement, or should I just apply anyways?

I'd apply anyway. Honestly reason you see that is because they can ask for it. Lots of people with BS degrees start out as tier 1 help desk.

Alright, thank you.

Gave +1 Rep to @pseudo creek (current: #18 - 573)

General rule of thumb I have, if you fit most criteria (60%) it's likely they will allow you to skip some that you don't

Always apply anyway, highlighting the skills you possess, in line with the skills listed in the job descriptiion. Companies want the best candidates for the job and they have a huge selection of entry-level applicants so you need to distinguish yourself as well as you can. A degree is not necessarily a requirement, but they likely have an AI system adjudicating submissions and having one would certainly be an advantage in a lot of cases, but not have one and having relevent certifications/CTFs/bug bounties/blog/writeups would stand up well

do any of yall know a good course on corsera or similar free/discounted online learning platforms that teach aws cloud security? i was looking at courses that i can use as training towards creating a few projects to learn more aws and cloud hands on training, and the closest i could find was: https://www.coursera.org/learn/aws-cloud-practitioner-essentials ;

I took that course and a few other ones (all through AWS) on Coursera to learn about AWS and to help me pass the Cloud Practitioner certification. Coursera is a great resource

thanks! and nice idk if i will try to get the cert but doesn't hurt either;

biggest thing for me is just building out my portfolio, but doesn't hurt to try to do both if i can find a way to cover the cost of the exam fees;

Alright, noted. Thanks @heavy kettle and @rugged delta for answering my question, I appreciate it!!!

Gave +1 Rep to @rugged delta (current: #19 - 560)

Gave +1 Rep to @heavy kettle (current: #487 - 15)

yea unfortunately a lot of job roles will have that in place and it's also something that links back to HR/Recruiters.....knowing what salary to provide, etc.

I would personally apply no matter what. Take a look at the responsibilities they're listing. If it's something you're familiar with or something of interest (even if you don't have experience), apply. If you get an opportunity to get interviewed, just be honest and tell them where you're at and where you'd love to be eventually. Nothing wrong with saying "I honestly don't have much experience and the reason why I applied for this job it's because the job role listed is something I've been meaning to get into and I'm really just knocking on doors to see who can give me the opportunity to prove myself".....that attitude/mindset can sometimes help you get places.....again, for as long you're honest not bsing.

Don't get intimidated by what the posts are asking, just apply. You never know when you'll be the one they pick.

I am looking for someone to do mutual mock interviews for AppSec Engineering roles including code-review, threat-modeling and behavioral. Anyone interested can message me.

I don’t know yet because I just had the interview, but it seems like it will be a mixed work shift. However, what concerns me is finding a place to live if the office is far away, and the difficulty of working the night shift when public transportation stops running

Very true
I too want to know this

Is there anyway y can get a discount on the stuff? Since I’m broke? Spend my money on my family

Which stuff

There is a huge volume free content on THM for you to indulge in. If you're new to cybersecurity, you can read #start-here and follow the steps to get going. If you want a path to figure out where to begin, check out this blog post:
https://tryhackme.com/resources/blog/free_path

Hey guys, I am a new member in this community.... Trying to built my career in offensive security.. Any advice or suggestions from you guys is highly appreciated... Feel free to give here...

Guys, I was wondering which all languages you would suggest in this domain, i.e, cybersecurity in general. ( except Python and bash) and pls also mention where that particular language will come in handy.

What kind of advice are you looking for? The entire THM platform is built on teaching you skills and knowledge that can benefit you on your learning journey

Practically all programming languages have some use in cybersecurity practices

I wanna know which one is at the top, like people often suggest C.

C is a very important language to learn when you're getting into more advanced topics. There are many roles that use C skills, as understanding programming languages gives an intricate knowledge of how computer systems operate

ty bro

Gave +1 Rep to @rugged delta (current: #19 - 563)

Python and C are the two id pick

C is very good if u want to get into binary exploitation and malware analysis

I want to become the strongest person in the field of ethical hacking. I want help understanding the Blackarch system, vulnerabilities, and Kali Linux.

The best way to learn is by engaging with the systems. Set up your home lab and metasploitable 2/3. That was my very first project in Kali. I have used both Kali and parrot but not Arch. I prefer Kali but Parrot is good as well.

https://tryhackme.com/manage-account/teams?joinTeam=269d9cbe16

Hii everyone i want to learn ethical hecking but i don't have laptop.. can use THM in my tablet ?

Try out. Go to the tryhackme web page on your tablet, start learning and see what comes up.

Hi I hope everyone is doing good, which cyber security role have more opportunity, and i am thinking of cyber security engineer, I have experience, but i didn't work with the companies so yeah

You can learn a bit, but you'll have to get laptop at some point

i would look into getting a bluetooth keyboard and a stand for your tablet, then look into ensuring that you open the vm in a seperate window from tryhackme itself;

a laptop is a good idea, but if you learn to use a laptop style setup on a table that's also doable if that's easier for you;

the good thing about tryhackme is most of the work is on vms hosted by tryhackme, so you only need a thinclient to effectively learn from it;

I'd also look at lets defend, which has an android and possible ios version, as well as fdroid which allows you to experiment with a lot of real world tools from github as long as you are on android;

if you are using an ipad though this won't be availible in which case try to focus on learning grc and tryhackme for learning to work with vms to understand vulnerabilities and the tools to identify them on cloud environments;

grc in particular is 1 area that is very ideal for newer learners because most of it can be learned for free through corsera or youtube or else some courses on freecodecamp's youtube;

tldr using a laptop is ideal, but there absolutely are ways to use a tablet and even a phone as long as the screen is big enough and you are willing to create multiple windows between the vm and try hack me flags pages;

that said, since you'd be working with vms, it will definetely be easier on a paid sub compared to if you are only doing free rooms, depending on if the rooms let you use the vms for free or not;

the biggest advantage of a powerful enough laptop or desktop that can host vms is you can run the vm locally and then vpn in, which opens the door to rooms that otherwise would require a paid sub to access;

Hey I’m just testing the waters. Looking for someone experienced in pen testing to be my mentor. I’m still a beginner but I’m down to learn anything my DMs are open

Thanks it means a lot

Gave +1 Rep to @fervent fox (current: #87 - 118)

Thanks

i am trying Mastery hack the tv (hijacking tv ) i mean any kind of device tv , i did the local scan and i find the ip of the tv and i did the scan on the ip tv with nmap , but the result it's not good for me and i don't know how can i continue or how many way exist , the goal of that , wanna replace the display shown on the screen with my video , anyone understand me , i am not kid wanna enjoy by this way but i was find myself in that , i don't want just learn , wanna mastery what i want to learn ,

i did the scan my local network and i was find my ip tv and i was scaned it and the results is

Starting Nmap 7.98 ( https://nmap.org ) at 2025-12-21 23:09 +0100
Nmap scan report for 192.168.1.94
Host is up (0.037s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE VERSION
8080/tcp open http-proxy?
|_http-title: Site doesn't have a title (application/atom+xml; charset=utf-8).
MAC Address: E8:F2:E2:B2:DB:8D (LG Innotek)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.5
Network Distance: 1 hop

TRACEROUTE
HOP RTT ADDRESS
1 36.55 ms 192.168.1.94

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 167.24 seconds ,
i don't kn,ow actually how to continue or how many ways exist for that

just for future reference this isn’t really appropriate for #cyber-and-careers, #room-help, or #bug-bounty and please don't spam the exact same message in multiple channels. starting with only a basic Nmap scan against an LG TV suggests a misunderstanding of how IoT exploitation works, as it isn’t a realistic starting point for remote exploitation. if this is for learning, focus on your fundamentals first, if it is for malicious purposes, stop; this is a place for ethical learning

anybody taken the sec + exam? I'm on video 46 of 121 by messer

wondering if his vids are enough

I retain a lot so I genuinely think I'll remember 85% of the info (rough est obviously)

Purely off the info he presents yes, although if you only use his playlist once I feel your confidence in retaining it may start to fall a little towards the end if you take a practice test. He covers everything only once, at a broad level and purely conceptually. A question on the exam could be a subsection of a random bullet point you forgot from one of his slides at 6:25 in video 49 for example.

I’d suggest going through the vids, and then supporting him by buying his practice tests, as they are what I found to be the best. If you are strapped for cash you can find them for free if you look hard enough, but I’d recommend helping him out as he makes great content. You can see where you stand with that after you finish his videos

That’s if you have no prior experience with this sort of content too, if you do you are probably good just reviewing with the vids one time through

I passed the Sec+ recently. His video's are good, and +1 to his practice tests. I primarily studied from the Chapple + Seidl Sybex book (~$40) and Messer videos. Practice questions/tests will help you identify how much you're actually retaining

New to the group and looking for a mentor...anyone in the San Antonio area? News on Meetups?

Hell yeah thank you guys

Hey guys, what do you think about bug bounties? I've seen a lot of different opinions on the subject, and I'm not sure if it's worth the time invested.

not deep enough

get a job first

wait why tf did i teleport me to july

i didint even realize

I was wondering what you were doing necroing posts

a lot of this depends greatly on what country you are in. For countries with low cost of living, earing $100/week? month? may be a good thing. It really depends. It can take months / years to earn anything (if at all). You can find things, companies can review and say "thank you but doesn't qualify" and you get nothing. It also isn't generally considered work experience. That isn't to say that if you didn't reach top tier level you couldn't leverage that into a job. Usually people that do bug bounty exclusively leverage other revenue streams like content creation / youtube videos / etc.

Okay , I won't do it again ,sorry brothers 🤍 Do U have a successful experience with this process bro?

No problem. Good luck with the studying!

I'm thinking about taking the the PT1 cert, but I'm not sure that i'm ready to pass it 🤔 .
I've done most of the recommended paths and rooms, but i sometimes still struggle when i try to solve some of the medium leveled challenges.
Does anyone here had or have the same experience here, and what did you do to pass is?
Furthermore, does anyone have some good notes regarding pentesting? I'm not sure my own notes are sufficient😟 .

Not the place for it.

Firstly, take your time. It's not a race. You're here to learn at your own pace, and it's perfectly okay to go over things multiple times to get them.
If you're struggling with a particular concept you can use the search feature to search for more rooms on it and you can always ask for hints or help in #room-hints or #room-help
Hacking isn't always going to be easy, but building good foundations by repeated practice can really help you. Read walkthroughs/writeups for rooms you're really stuck on after you've tried your hardest, and see how they're written
Be as descriptive in your notes about your experience as you need to explain the concept to you. Take note of the commands you use, the help files or cheat sheets you find, the various command switches and steps if necessary
You can use a note taking application like CherryTree or Obsidian to organise your notes in a way that suits you

Does anyone think it's logical to go into the military for cyber?

If you were intending to go into the military as a career option, they'll probably provide you with a high level of training and skills development, and you might have a lot of options within miltary/government divisions. You should check out Darknet Diaries Episode 83 https://darknetdiaries.com/episode/83/

Great! Thank you. 👍

Gave +1 Rep to @rugged delta (current: #19 - 566)

Yes but you’ll still have to go through ASVABs and basic training

No way out of that but ye tons of benefits from being in the military just in general, cyber especially because if for some reason cyber doesn’t work out you can do other things but if you are in the military your chances of getting a good cyber job after go up dramatically especially if you’ve already had experience with it in the military.

True, but I'm sure there is material I can use to study for the ASVABs and get the placement needed for a cyber role. I still have a decent amount of time until then though.

Thank you taking time to answer 🙂

Gave +1 Rep to @rugged delta (current: #19 - 567)

No worries, also, when you're going through a room, even if you get a flag, don't hesitate to peek at the writeups, because oftentimes there is more than one way to get the result; such as using a different tool or application, a different technique, or a completely different direction that you can learn

Keep in mind. You won't be doing anything cyber related until you've been in for awhile. I'm currently up for working in Cyber and they're offering sign on bonuses as well, but I feel ready to get out. At the end of the day, you're still a Soldier and there will be other tasks to do besides your job

Speaking of which, if anyone thinks I should stay and take the opportunity, I'm open to suggestions. It would mean staying in the military for 5 more years, getting the training and title of a Cybersecurity analyst and getting a $72,000 bonus. I know I should just take it but I'm thinking mental wise because I have been ready to leave the military for quite some time now and I'm unsure of where I would be stationed next. The future looks bright but also uncertain. Again, any thoughts or opinions are welcome.

Do you think the National Guard might be a better option then if I want to avoid some of the full time soldier stuff, but still get that cyber experience

I can help! Just shoot me a DM

Yes its a great learning opportunity, you'll be trained by the best. I'm in the Marine Corps doing cyber and its great!

Hell yeah. I was thinking about re-enlisting as well. I went to your guys cyber school up in Georgia. Army guys are pretty chill.

I would use skillbridge and see your different options before re-enlisting becuase you'll be making alot more going private.

If you're looking to be in the military and do cyber related things while avoiding "full time soldier stuff" as you said, I would join Airforce or Spaceforce. But you shouldn't want to avoid that, remember why you joined!

any small cyber security business owners here? would love some private advice, have some questions

Nah. You'd be doing way less than active duty. You could do either and still go to the tech school, and put on your resume that you got "hands on experience", but getting your certs will still validate those skills as well. Also, like I said before... joining the military (mainly Army) won't throw you in a SOC or give actual cybersecurity experience right on the spot or on your first contract. You can join as a IT Specialist, but even I can tell you right now... It's pretty packed with those jobs already. So you could still join it, but you really need to promote yourself ahead of your peers

That's what I keep hearing. I got accepted into Microsoft's skillbridge for System Administration. It's a good gig from what I hear for beginners and they get you lined up with some good jobs, so I'm hoping for the best

@gleaming latch Feel free to hit me up individually if you got any other questions

YOu can just ask your questions. Someone with experioence may be able to answer

Hello friends I need assistance in where or how to start pentesting

same for me, i also studied from inside cloud and security videos and pdf... but be carefull on exham questions bcs many of them are trap 😄 open your eyes and read carefully

Does anyone know what a proven path is for pulling in around 200k after 10 years? I’ve been looking into cloud security as an option, also pen testing but from my understanding red teaming is extremely competitive and scarce in comparison to blue team type jobs. I also have a brother who makes a lot of money in cybersecurity sales, but I don’t really have the personality for that kind of work.

I don't think pen testing is a proven path to $200k unless you have your own business (and are able to sell yourself and have clients that believe in you). I work in cloud security and I will say the money is there right now although AI security quickly surpassed us for those that were able to get in on that market. I see a ton of jobs asking for AI security, $300k+ but that is now, who knows what will happen in the next few years

I got many courses/resources to get an idea and hands on for web pentesting. Can anyone guide me where/how I can learn mobile app pentesting?

Nice, that is the path I'm kinda looking into, so glad to hear that I'm not off on that

Hi everyone, I’m new to the group and also new to TryHackMe. I’ve recently subscribed to the TryHackMe premium plan to build knowledge and skills aligned with my chosen learning pathway.

I’m based in the UK and currently studying a combined Level 4 and 5 qualification in Cybersecurity. I’m completely new to the IT industry and am aiming to get my foot in the door through an entry level role, with the long term goal of progressing through experience and certifications.

At the moment, I don’t hold any formal industry certifications. I’ve completed several LinkedIn Learning courses and am now working toward gaining more practical experience and certificates through TryHackMe. However, I’m finding it increasingly difficult to secure interviews or even receive responses to my job applications.

I’m starting to wonder whether I’m simply not qualified enough yet, even for entry level roles. If that’s the case, I’d really appreciate any advice on what steps I should be taking to improve my chances, whether that’s specific certifications, roles to target, or other ways to break into the cybersecurity or IT field in the UK.

Any guidance or shared experiences would be greatly appreciated. Thank you!

Congrats! That’s awesome

can anyone here tell us what is the best successful process u did , i mean did u hack any complecated security websites , stuff like that in ur career

Cloud security can get this well before 10 years

source: work in cloud security lol

I think any role can eventually get you there for as long as you show up and do your job, you show your potential and get promotions....of course it also depends on what path you'll eventually want to go up the ladder, where you work at, if the business is doing good, etc. That's my personal opinion.

any suggestions or opinions on certs that will get you there, or closer to it?

Bachelors Degree honestly

I only got any certs after I was already in this career

I might have to actually go finish what I started. Was already considering it.

Yeah I have a BS in Computer Science and started in cloud security right out of college

I have/had a bunch of AWS certs but literally only got Sec+ after I was already senior level lol

CS might be too much of a commitment, but I'm sure I can make headway with IT

I’m about to get my bachelors in Cybersecurity, working part time currently in Desktop and Mobility Support. I basically image laptops, deploy headsets, put monitors/dks’ in people’s cubes and whatnot. Super basic shit.

I’m not really that proficient with any programming language, do you think it’s realistic to get a junior cloud architect role or something? I will say I looked today on LinkedIn for “junior cloud” and found almost nothing.

Currently in the process of getting Sec + and should have it and net+ when I graduate.

Anyone here from different industry and trying to learn CyberSec part time? just need you input on few things.

Hi everyone,
I’m Daniel, I’m new here.
I started from zero and I’m currently building my path into cybersecurity, focusing on fundamentals, labs, and hands-on learning.

I’m here to learn, practice, make mistakes, and improve step by step.
Glad to be part of the community.

Yo anybody here has cleared CEHv13 recently? I require assistance

Im from Automotive Electronic, Feel free to ask

chat Has hacking the infrastructure of large companies become almost impossible at the moment?
Most of the hacks that large companies experience are of the phishing type, and they do not target the infrastructure. So, has hacking the infrastructure of large companies become almost impossible at this point?

UP

#sal1

ask ur question there

I know at least for AWS we had people start at L4 (entry) for Solution Architects and ProServe Consultants (their name for cloud architect). That's where I started out of college

I would say that you generally need to know at least Python for cloud roles here

and now I've had to leaarn more Typescript stuff

Okay thank you for the info mang 🙌

Gave +1 Rep to @austere laurel (current: #3492 - 1)

Hello everyone!!

I just wanted to share with you that Tryhackme, CTF and reading writeups helped me to shift career from 10 years as a senior officer procurement and contracting to Offensive Security Engineer!!!

All that at the age of 34 and only in 9 months

NEVER GIVE UP and keep working on yourself!!

nice

congratz!, could i dm you if you dont mind?

Thank you guys 😊

Yeah sure

heck yea good for you! Keep it up.

Way to go! Great job. Thanks for sharing.

Gave +1 Rep to @pulsar meadow (current: #3492 - 1)

Is this a good roadmap to learn offensive security

Python
SQL
PHP / Java
Metasploit
HTB CPTS
HTB CWEE
OSCP
C
OSEP
OSEE

?

"Hi everyone,
I'm Daniele and I'm new to the community.
I've started a journey from zero with the goal of entering the cybersecurity world, focusing on basics, practical study, and hands-on labs.
I'm here to learn, gain experience, make mistakes, and improve step by step.
Nice to be part of the community!"

That's extremely random, what do you want to do?

true

I want to become a penetration tester / red teamer starting at a junior level and building toward advanced offensive security

(Right now i know absolutely nothing)

yes with this roadmap things will be hard for you I am sorry

What if I expect progress to be invisible until its not and to fail more than i succeed 👺

Ok then, good luck on your hacking journey.

Thank you

https://tenor.com/view/walking-wilder-woods-bear-rinehart-light-shine-in-stroll-gif-17256757

Already failed

is there a red teamer whom I can talk to? i need help because I'm about to finish highschool and first off i am not sure if i should go to college or not, and i really dont know how this world works, preferably from europe since I'm from there.

and btw for now I would like to get started on bug bounties because I need some money for a new bike and I dont want to work as a delivery guy lol

I know a guy who identified 7 CVEs on iphone. He has a phd in comp sci. this is not easy. go to college.

alternate route - serve in your country's military cyber unit

that would be so lit but I would literally not know how to start

Go to college, work as delivery, and grind hard to get into bug bounty at the same time. Nothing comes easy but if you really want it, there's always a way....(I might have gotten this from finding nemo) but still. Gotta grind

btw, my hypothetical route would not only be doing bug bounties but start off with bug bounties while still in highschool to do some experience cv worth and then move to a private corp to find some job as a red teamer (even tho i dont know what exactly)

but college is AT LEAST 3 years and i would end up if I'm lucky finally free from school (that i hate) at 21 and i would hate it since i want to be free soon (work and live alone)

i was thinking of getting certs and stuff like that and then move asap to work

You can try but that’s like the 1% or 1% people in this industry, you’ll have to grind hard and be naturally smart

and the other 99%?

I also didn't like school at your age and though every successful story is different and unique, having that education is a backbone will benefit you in the long run. Being in Cybersecurity you'll always have to continue to educate yourself no matter what....adapting to new technology and ways of defending/attacking....sure it's not a 3-4 year degree every time but you'll always be hitting the "books".

At least give it a try, that'd be my personal recommendation.

I second this.

College, schooling or bootcamps most likely

Or got in the industry 20 years ago when it was simpler

so you think that only certs is not enought and i should get a college degree?

Not saying that, but it’s like a lottery ticket from what I’ve seen

i mean i hate school but I love learning, that is why i hate a 7 month streak on thm.. but the main problem with college would be not working and having to live a "worse" life without a steady income, i know this doesn't really sound fair but these are my best years and i dont want to lose them

Look at it this way......do your best you can to equip yourself as much as you can until you make it.

People don't just get a cert and then make it......there's a lot that happens behind the scenes.....once you make it then you can "slow" down and eventually be more purposeful with the certs and what you want to focus.....but from the beginning, you want to go extra hard if you want this to be "fast" which is never guaranteed but I'm a believer that for as long as you work hard and don't give up, those opportunities will show up....for as long as you're doing it for the right reasons.

There are countries they look at your certs and some countries less. In India they look a lot at certs as far as i know.

lol you're super young.....your best years are yet to come. Live life and don't pressure yourself so much. I wanted to have my perfect life by 23.........it didn't happen and now I just regret really exploring and adventuring during my 20s......not saying don't focus on what you want to do but give yourself a little grace. You'll be fine.

Very true I’m only speaking from a US perspective.

I’ve yet to meet someone at work or irl that just got here based on certs. I’ve only seen influencers on LinkedIn and YouTube do that lol

ok so reading all this i think having certs AND a college degree could get me to places right? and you think that also doing other works and/or bug bounties while studying is possible?

In europe certs are less worthy than a degree but(!) they also look at your skills.

Anything is possible brother.

Sure its possible. It depends on you.

why does this scare me?😂

how i start with bug bounties?

and another very important question for me.. can you find job as a red teamer or is it hard?

As just red teamer is hard. There are not much roles they offer. For bug bounty you have to learn the skills and go out and search for bug bounty programs.

I am the only red team associate dude in my company

Thank you!!!!

Gave +1 Rep to @arctic arrow (current: #3493 - 1)

and what do you do? how long did it take to get employed? i really like red teaming

I test web apps from my co-workers (programmer) for example. First i did it in my free time, unpaid. Now ive proved my skills and that i can really do it so its accepted to do it during my work time. Mainly i work as an analyst in SOC or test the xdr system in collab with our SOC team lead.
How long it takes to get there? 5 years to get hired and 2 years to reach that position.

Long story short

you have a degree right?

and you have certs? if yes witch one? for red team

Noup

Noup as well

I had nothing except my self study and effort to land a job there.

okok

33 applications

Hey hello, Thanks for responding. Actually I wanted to know how you manage your time and also health while actively learning about Cyber security without getting burned out?

I work in VFX industry as a FX TD, I work around 8-12 hrs shift per day and get paid in peanuts plus no job security but it pays bills as of now and also let me buy things to learn cybersecurity. I bought subscription for TryHackMe but to be honest I don't get enough time to learn.

Gave +1 Rep to @fringe geyser (current: #2262 - 2)

“I am a cyber security student. Can someone tell me what I should do as a beginner in this field?”

Student in college?

University...

It depends on your technical background. Any experience in this field?

Yes, I know basic things.
I am learning Linux basics , and I have only basic experience with Wi‑Fi hacking.

It might be a bit much at first, but if you're interested in offensive work you could setup metasploitable and kali in a homelab and play around with that

Would recommend to start with linux, architectures, protocols and osi, en- and decapsulation. Sounds less but if you take a deep dive you'll be entertaint a while 😁

In order to learn Linux, I set up a daily driver that runs only Linux. No fallbacks, no excuses.

Of course understand is difficult to learn after 12hrs work. Maybe try to do it at the weekends or only then when You feel that You have the energy for it. My situation is a little bit diffrent couse my job give me earnings higher as expert level on Security. So i dont really need this to change my life. Just like to learn and knew. Just let the things happen. Maybe try this too. This is important couse without preasure for some goals You can learn focused on the thing. Wish You best

I wanna ask here what is the best way to get into the cybersecurity jobs. I dont have a related IT job or studied cybersecurity all I have done is watch related youtube videos and TryHackMe labs. What is the best way for me from here? Get a helpdesk type of job or find a cyber security school and maybe a helpdesk job on that? There is a way just wanna pick the most effective.

a lot of this will depend on country and as well as what degree you may or may not have so its hard to answer. The only true answer I have is most cyber bootcamps are a scam

Do I really need to start with Help Desk for getting into cyber careers, or can I jump into the soc tier 1~? (or i need to be so lucky to be in one)

not many entry level cyber jobs in general

I live in Sweden. Hopefully, that's a good country for this career. 🙂

it does really depend on country and job opportunities, even right now help desk positions are in high demand and challenging to get into

yeah I don't know anything about the Swedish job market

Haha, hopefully there are lots of opportunities here.

In the end~ it feels like working with yourself is sometimes better — especially in areas like bug bounty and research~

bcz of the difficulty in finding a job

ehh depends

but I will say, keep learning, keep trying if its what you want to do

i will ty~ ❤️

Like zojja said. There are companies in countries they handle it like "Once a helpdesk, always a helpdesk."

it's little sad i have to say~

its very sad and depressing

Hello everyone I think I need some help , I want to be SOC1 analyst in the and I have network backgrand and how to use some OSINT tool like Viriustotal Mitre attack .. vb and also for Phising attack I know how to use analyz phising mails with PhishTool Dashboard however what can be other thing ?

Currently I am trying to learn Splunk for IDS IPS

have you done the SOC1 path here?

really understanding some of the logging / alert / threat hunting stuff will be useful

https://tryhackme.com/p/LookBehindYou

I stopped at snort alerts because I dont really wanna learn snort I am assuming suricata would be better

I mean not yet I stopped

Suricata is definitely better although the Snort rooms were fun, Splunk and ELK are definitely better options as well

do you think I have to learn splunk and ELK both of them ? I thought Splunk would be enough

its good to have a little exposure to both

the concepts are going to be the same

so IDS IPS and SIEM , threat hunting, and phising analyz will be enough for this role?

yeah

so, question for those of you working the field, did you jump around a while to find your path, or just pick one to work up from? Seems like starting as a SOC analyst is the common answer to this.

If your goal is blue team then soc analyst t1 should be your starting job

You can start as a help desk for a while then switch , meanwhile working as a help desk do more projects in Blueteam get familiar with tools and practice on LetsDefend

Pass certifications like SC-200 , BTL1 , BTL2 , CCD

@tacit juniper Please slow down. Further spam will result in a short timeout.

I jumped around a bit

Hi everyone 👋
I’m not sure if this is the right channel for job postings—please feel free to remove this if it’s not appropriate.

Position: Remote Penetration Tester

Schedule: 9 hours/day, 1 day off per week
Salary: Negotiable
Age: 21–35
Gender: Open

Requirements

• Experience in penetration testing or network security services
• Strong communication skills, teamwork mindset, and ability to learn new technologies
• Proficient in penetration testing methodologies, tools, and manual testing
• Familiar with at least one programming language (Python, Go, PHP, Java, etc.)
• Strong knowledge of web security (OWASP Top 10, XSS, CSRF, SQLi, file upload/inclusion, command injection)
• Experience with vulnerability analysis and remediation
• Background in reverse engineering, vulnerability research, or exploit development is a plus
• Publications, CVEs, offensive tool development, or participation in security competitions are preferred

Responsibilities

• Perform authorized security testing on websites, applications, and systems
• Identify, analyze, and validate web, system, and middleware vulnerabilities
• Write clear and professional vulnerability reports
• Research and apply new security techniques and tools

Support security-related tasks as assigned

👀 a 54 hour workweek?

right!

ouch

Oof. That’s rough.

Why would they consider age as a factor into their decision? That would be a lawsuit over here. 🤷‍♂️

a 6 day work week 9 hours a day? And there's an age factor as well? At 38 I'm likely way more qualified than any 21 year old out of college. And OP feels the need to mention gender like being open to any gender is a plus? What kind of rinky-dink country/company is this for?

the kind that asks in a public, predominantly entry level filled discord learning server 😭 wouldnt expect much going on there lol

lmao yup, and they can kiss half of those requirements good-bye with their candidate pool

probably cuz only people insane to work that many hours are on the younger side

hahaha that's so true to be young and naive.

or young and desperate

😂

but even at 21 or 25 you'll burn out like that, and fast. Even if it is a remote position you can do from home.

I thought the same thing initially but thought surely there are countries without age discrimination laws

I find working with logs to be mindnumbing.I did helpdesk many years ago, but there's really nothing IT related near me, need to find something remote

lol slavelabor

Switch your location, finding remote job is way more difficult

a newbie here , how do i learn soc

basically just keep doing what you're doing bro, asking questions.

try the Roadmap on the website

for SOC l1? that one?

yeah but also do the pre-security and cybersecurity 101

is it worth getting a premium membership now or later after i learn some stuff

either or but I'll say there is a lot of junk in the free rooms, not all but

what a LEGEND

thanks

no problem. Happy New Year.

Do you have the basics of networking, linux , windows , security principles , web ???

yeah just a little

Hi i am new in discord. I completed pre security, cyber security 101 and jr penetration tester pathways in tryhackme. Where should I head next like for a job?

TryHackMe alone won't get you a job, it really depends on a lot of things like where you live, what do jobs in your local area require? etc

Yeah I meant what should I study next

And also how to get a mentor?

generally mentors are someone you build a relationship with, ideally someone who would be in the industry in your same country / region

Anyone here work in cyber and fully self taught...?

The best programmers/developers/coders etc. I know are all self taught. But I've never met anyone working in cyber that's purely self taught.

im still doubting about the path to take.
What is a good path to become a ethical hacker ??

pentester

oke

that was on my list together with the soc level 1

You can be sure they availed of some of the best courses/books/documentation and were practicing furiously on a daily basis

Yeah, I imagine so.

But when I say 'self-taught' I mean no formal education.

I went to school for Network Security initially but my first job was a Desktop Support in IT for a very small company....I didn't really make the pivot until maybe 10 years later or so.....the first few years I was just mainly getting IT experience and I was actually focusing a lot on other personal things (non tech related) but it wasn't until I started thinking more about the future and an actual career path that I pushed myself to do Cybersecurity full time.

Just like @rugged delta mentioned, I basically went back to the books, hands on work, certs, etc. to equip myself. I would assume that most of the people have done a similar path as well and someone without education, I would assume they just did it for fun at home and got very good at it and eventually landed a job.

Thanks! That's how I typically imagine most people get into it. I have no formal education in computer science nor any related formal qualifications. But I love learning this stuff.

I'm realistic though, so I don't exactly see myself making a career switch anytime soon (I work in digital healthcare).

But who knows, I'm going to keep learning for fun and personal interest and see what happens, see where the opportunities take me.

Gave +1 Rep to @humble cosmos (current: #340 - 26)

that's great. I think you're in a good position especially if you're not rushing into it.....you can definitely keep learning on the same and still, don't be afraid to apply at roles if you eventually want to make the pivot....it's always great to learn and practice about interview process as well so you get a feeling to what people ask, looking for, etc.

Cool, I appreciate the advice.

I've recently been talking to some of the IT security guys at work, asking them questions about what I've been learning. Basically applying study to practice, trying to see how what I've learnt is actually used and who uses.

But it's tricky asking some questions 😂 they naturally don't want to be discussing security details with anyone outside of their small, need to know team (I call them the SOC now but I think they're just 3rd line IT colleagues who know enough to manage the security too).

that's great! I was going to say that next...if your company has a security team, tag along with them.....I actually do that with 2 of my co workers in different other departments. They're interested in security so I let them shadow me at times...it depends what I'm working on and I work for a manufacturer company so there is some flexibility to what I can let them see but that's a great way to learn and eventually pivot.

Continue to show up and show your interest. If they're willing to teach, they won't get bothered by your questions.

Definitely. Its in my nature to be curious, so even if they are resistant, I'll still keep asking questions and bringing up what I've been learning in conversation. If anything, it's a good way to connect and form relationships too. Because they'll want to talk about some stuff and it's common ground.

job needs place, place needs job catch22

is going into a networking role : network technician, junior network engineer, etc a smart choice if you want to have transferable skills in multiple tech fields? i keep hearing so many times that a networking background makes you more competitive when going for another role (like cybersecurity)

yes, networking is a great background for any other role in IT

Does anybody have knowledge on pursuing a career in cybersecurity / cyber warfare in the military?

Does SOC Analyst jobs are no more entry level? does freshers people can't get job as soc level 1?

Gave +1 Rep to @peak iron (current: #3505 - 1)

What is +1 rep used for?

Gave +1 Rep to @peak iron (current: #2268 - 2)

SOC Analysts jobs aren't really an entry level job. It requires you to know a lot about network and computer architecture, etc. It depends on what role you're applying for. Most SOC job descriptions are blanket term for many roles forced into 1, so expect to wear many hats, whether it's continuous monitoring, simple engineering, threat intelligence, and/or ticket or alert triage.

ok got it.

Hello guys i am a 14 year old boy who loves linux,programming is anyone intrested to guide me?

#start-here

Hello, people with actual work experience in CS careers, is it better to pursue a career in cybersecurity or data science, and what are the main qualities and features of each career, im currently interested in Cybersecurity, but i still don't know if its the career i want to go for in university.

Hello, I'm new to the community. Am I welcome or not?

I'm from the great Iraq

as long as you follow the #rules anyone is welcome

I’m a university student studying cybersecurity, and I’m looking for advice on certifications which certifications should I start with how many should I aim for and which ones are most relevant if I want to work as a web penetration tester?

targeting both remote and on site roles

Which region are you in?

middle east

I am not sure about the landscape there, but OSWA and OSWE should be relevant to that

thank you so much will look into it

Gave +1 Rep to @loud fern (current: #204 - 50)

an advice from me try not to go collect certifications like they're pokemon balls you need to be practical about the path you're taking , going for the certifications to just " gain knowledge " won't get you far in the cybersecruity filed

I don't think it matters that much if to be fair, sure it doesn't make sense to collect everything, and the consequence of that is trying to keep them still active, and I don't know if you can measure it, how far you get if you keep upskilling. But yeah, certificate alone won't get you far, but it's quite good metrics in a field where its hard to stand out.

Doesn't really hurt to have exposure to other "paths" in cybersecurity either

i agree with you , but dont you think everyone are doing the same thing ?

so the thing you're trying to show off to stand out , is actually what millions do

Well, you don't need to announce that you got those certificates, you can do them and keep it to yourself. And only showcase relevant ones - just to prove it to yourself that you can do it.

True , the market became about who can show case their talent , it's like we're selling our selves

In every career you have to sell yourself one way or another, in cybersecurity you just don't really have a very good way of doing it, especially the deeper you go, the more NDA restricted you are

Yes i haven't reached that far yet , but i stumbled upon it at my current stage , it's like 🙂 hush hush

Yeah, so yeah, I think go for any certificate you want, its certainly easier to study when you have a goal, just don't make the assumption that certificate immediately makes you more competent than someone else

ikr but i have seen most of the jobs require certifications for specific field

exactly even if u are skilled, for job they ask for certifications

You're from Egypt?

Dubai

Hi, I'm having issues in KQL (Kusto): Basic Queries, no matter what I do I cant get an output from the Azure, always no results, even after setting the date back to Jan 25.

anyone switched from construction to IT? im 39 and i cant swing another hammer but i can type, i used to f w html when i was like 14 for an online baseball league i was in and never messed with it too much until recently, lost my steam here...

It's not uncommon for tradespeople after a number of years to want to change roles, especially with the health effects such jobs can have over time. Lots of people have moved from many different roles into IT and cybersecurity successfully. Here's a number of THM success stories from our students who have been successful over the years. You might also enjoy the Tribe of Hackers books by Marcus J. Carey, a series of interviews with experts in the field discussing how they made the transition to cybersecurity and their paths to success

https://tryhackme.com/resources/success-story

If I start a small-time cybersecurity service for like, very small companys and even households. For like, maybe, $35 or around there. Could it probably work with getting/claiming experience?

Like, almost like a lawn mowing business where they start small time and hope it grows into something bigger down the road.

If I am a small business with 12x employees and someone in my area was offering a pentest service for like $40 for the full service.

Is that a rip off or pretty cheap?

I dont know your location, but that seems awfully cheap

For the CV, what you want is Enterprise Experience, not helping out auntie Jude to protect her web broewser or phone

It's not a good look to recruiters and hiring managers if one looks like a cert chaser

It's an argument, if you are looking for job, but if you are employed already and perfectly content with your position, or you are doing your own thing, then it doesn't matter. And again, you don't need to showcase all your certificates, only present your relevant ones.

And I would be probably more interested in finding out what the guy is made out of, that has more certs, than those that have nothing. Getting an interview doesn't necessarily mean getting a job

Yes. As a hiring manager, there are things I look for in the resume, and things a look for in the interview

Now, I do argue, that those certs should be getting more advanced progressing, if you do same level ones in same field, then yeah, wasted time

Certs are a business thing not a personal dev thing. You should only be getting certs required by the business.

Certs are a compliance baseline, what someone knows and can do is not really well communicated by certs.

Which actually gives a use-case for business to hire you, if they need to tick a box, and you own that certificate, you do have an edge

For B2B cases, I do know that there are businesses that do consider tender only if the certain certificate requirements are fulfilled

Coudl anybody help with something can u type on priv

would be nice to know about what exactly first if you want people to message you.

What kind of blue team jobs are companies hiring for right now? I'm assuming all of them, but is there one or two that are more desirable?

I am currently looking to get into the tech career space and honestly have for a little while now but I don't know what's the best thing for me to do and how to find positions. I took a course on AZ-500 and slightly understand it but I have yet to take the exam mainly due to me feeling like I need to find my own way to easily understand it. I am in school currently for my associates in Cyber Crime Technology and I'm ready to understand the space more but in the meantime I feel there has to be a position or internship for me somewhere. I really want to start work or start the path to get into the career space I want as soon as possible but I'm not sure if I'm doing anything right or exactly what career I'm looking for. I've always felt comfortable in the computer tech area and would love a tech career where I can grow and complete task from my computer. I was looking for any recommendations or thoughts at all on this and I'm willing to answer any questions. I truly believe working remotely in the tech career is for me.

hello all i'm new here an first time wanting to use tryhackme to get a career path

To people who are already working - is it usual for companies to hire specific type of pen tester, e.g WEB pen focused or AD ? Or it will be rare scenario

Yes that happens

yo guys im think of enrolling in a university with cybersecurity, but I dont know which should I choose. Military or Civil. Its a navy university.
If anyone knows some tips/info or is in a military uni please tell me what you think of it. (obv not everywhere will be the same exp but i still want no know what you think of it)

In my opinion, the Military University is giving you an extra advantage in this chaotic world where cybersecurity is high priority in the military capabilities of all the countries. I think, you can get easy access to a cybersecurity job coming from the military with a background from the Military education, but it is not that easy the opposite way. It is not impossible; it is just extra challenging to get into the military cybersecurity work coming from the civil sector. It is not a hard true, by no means. When you are good at what you do, both military and civil sectors are going to do as much as they can to have you on their side.

Is a software engineer bachelor degree and comptia security+ and network+ enough to secure a cybersecurity jon in blue team in 2030 ?

It's a really good start. It's very important to get a good grounding in the theory of IT and cybersecurity when you're starting out. You should also consider doing plenty of practical rooms such as the walkthroughs and challenges in THM so you'll be able to show your abilities. It might benefit you to post your room completions to LinkedIn or have a blog or Github profile where you discuss your experiences

Thank you very much for your advice its actually reliefs me to finally hear some good comments about what i chose everyone around me saying ai will take over but i chose to continue i will start with THM rooms when i am in 3rd years ( final year of my undergraduate program)

Gave +1 Rep to @rugged delta (current: #19 - 570)

Yeah it's a good habit to form, and it can be a lot of fun too

Is there dedicated rooms for blue team training because i am ambitious about having a jon in a blue team and is there a programming language i need to focus on other than python ?

hey everyone I just want some basic career advice. I want to get into a cyber security role but I have no experience what's so ever. I am currently going college and at the end of my 2 year course I will achieve the requirements to go Uni. But im not sure if I want to go Uni, like do cyber roles favour uni degrees? Any advice guys how I can get myself into a cyber security job with no experience, even if that is starting off with a small IT help desk job

There are lots of rooms and paths dedicated to Blue Teaming, including plenty of walkthroughs and challenges. There's also the SOC Simulator and a growing number of certifications offered

It can be beneficial to you to have a university degree, as well as certifications. You need a good understanding of computing/IT and uni can be very beneficial. You do need to learn practical skills to be able to engage confidently in cybersecurity, as well as most areas of computing, so most people will have a mixture of projects/labs/practical experience. There are advantages to a combination of Uni, certifications, having a home lab and following organised lessons and challenges such as in THM, and eventually practical situations like CTFS, etc

Obviously, you're not expected to do it all in one, it takes time, patience and engagement, but the best thing is to dip in and have fun, and build your skills and explore as you go

@rugged delta may god bless you like you help us 🙏

Feel free to ask questions as you progress

Thanks. But having comptia certs is that enough to land a junior/beginner level cyber job

Gave +1 Rep to @rugged delta (current: #19 - 571)

It can be in some organisations, though your job will require you to understand practical tool that you're going to come across, and not just the theory, though what you'll learn in Net+/Sec+ can be a great help. You should look at the skills and requirements particular jobs require on sites like LinkedIn or Indeed

Got it👍

Anyone studying for the ISC2 CC exam? I’m a 34 year old sommelier planning a career change. Going back to a university is not an option. So I’ll be stacking certs and doing as much hands on notable practice as I can, like THM. Entry level tech stuff is available in NYC but competitive so I want to do this right. Would love to trade exam/supplementary study tips with anyone else doing this course. My ultimate goal is GRC analyst.

not the CC one but I recently passed the CISSP, hit me up once you're ready to go for that one!

Hey guys, I graduate with my bachelors in cybersecurity in June, I have my CYSA + and I’ve been an IT system analyst for over 6 months now. How can I make my transition to Cyber security?

hey guys i just passed my class 12. I am thinging to do bsc (honours+research) in cybersecurity

is it a good option?

Look for any cybersecurity job offer (entry level are usually SOC analyst, you could try to find some junior positions related to security engineering), check their requirements, try to learn what’s needed + earn cert related to technology in demand (for example Microsoft - sc-200 for analyst or az-500 engineer) + tailor your cv to match that one specific job offer you are applying to. You should at least get a chance for an interview. Your CYSA should be a huge advantage for any SOC related job.

You'll do fine. It is quite a challenging entry level course, but it'll prepare you well for the theory you'll need for the field. Quite a start to your journey too. GRC roles generally do expect plenty of knowledge and experience, and most people start out in IT/helpdesk/SOC roles, but it's good to have goals and determinism.

As for the CC, take plenty of notes, rewrite complex concepts in your own words. Use an application like CherryTree or Obsidian, and feel free to ask in here if you're stuck comprehending anything complex

Will do, thank you!

Gave +1 Rep to @humble cosmos (current: #333 - 27)

Thanks for the encouragement! I haven’t heard of those apps yet, I’ll check them out! I’ve noticed it’s necessary to use alternative study guides so I’ve been working on Mike Chapple’s book and LinkedIn course, I did Prabh Nair’s resources on Google too. I feel like the more I do the more prepared I’ll be—different perspectives and whatnot.

Gave +1 Rep to @rugged delta (current: #19 - 572)

Yeah Mike Chapple's books tend to be really good. He's a talented educator. It's always good to consider other resources when you're learning, both to find interesting and useful resources, and even just for a change of pace. We often mention different books and book deals on #bookclub, there's been lots of discussion of them over there.

Oh shoot, yeah! I have to check that out too! My friend gifted me this on but I can see I’ll really benefit buying some more

So I'm sure this gets talked about quite a bit (The AI Crud). But I saw Sentinelone added an "AI SOC analyst" as part of their package. (Not sure what exactly it entails or means by this).

Realistically how will stuff like this affect new people getting into the field? Not much or will newcomers be pretty much screwed?

I know it can't fully replace a person. But what I'm not sure of is if most companies will know or care

Ah never mind after looking a little more into it, it really is just meant as some sort of supplement not created for replacement. I saw AI SOC Analyst and it made me think that's what they were aiming for. Still not sure what exactly it's supposed to do though

Anyone here actually got a job from tryhackme?

not from tryhackme

but from other endeavvers

wrong chat

Anyone knows what kind of GRC analyst do? I was advised not to get in that cause it requires experience.

Other cybersec fields either require me to get more dev experience🤔 which I don't have cause I work in a different field. And I am not liking that field 😭 and I have an MBA.

So mixing both tech and finance only leaves managerial roles whichhh also requires experience hahaha 😑

Any advice 🥲

Wowee. I don’t want to rant and drag people and blame others for my frustrations but on this journey towards a new career in cybersecurity I am finding it increasingly frustrating that study material routinely give you practice tests on things NOT covered in the corresponding material. I have taken many avenues to prep for this upcoming exam and ALL of my study materials have done this. I took a practice exam tonight that asked me what RAID Level was best for a certain goal and the answer was RAID 10. The answer key told me I could find the section on this in the book’s 8th chapter. I went back to double check… the book discusses ONLY Levels 1 and 5. Do they want us to feel incompetent?

Luckily, I’m a determined person. I can’t wait until I’ve broken into the industry, have hands-on experience, and I’m no longer at the sole behest of these curriculums to prove my prowess.

I think there’s a way, but it’s harder maybe. If you can get more certifications that’ll apply to people hiring in GRC and prove hands-on relevant practice with things like THM, I think it can be done. I’m aiming for GRC and I have no prior experience and worked in hospitality. I’ll be doing continuous research on what will mean that I’m taken seriously when the time comes.

There are a lot of changes coming about because of AI in the field, butit's true that most of the AI tools on the market today aren't capable of replacing the activities of cybersecurity workers; rather they're built as assistants in handling many of the high volume tasks, since we tend to juggle a lot of information and tasks simultaneously. You might find yourself working with one to approach various tasks you need to undertake on a regular basis as part of your role

Lots of people have benefited from learning on THM to develop their skills and abilities. Learning cybersecurity can entail using many different resources. You can read success stories by people who've found new roles due to their use of THM here:
https://tryhackme.com/resources/success-story

GRC can be an advanced role requiring multiple years of study and work experience. When switching to a new role, or a new field, sometimes you do need to spend time starting at the bottom building your skills and knowledge and experience. Cybersecurity does entail a lot of reading and practice and study and can get quite complex. CISA/CISM (Certified Information Systems Auditor/Manager) can help you understand a lot of the knowledge required for such roles. The ISC2 CISSP is an advanced certification that many people pursue. There are several certifications you might consider in the meantime, such as the ISC2 CC, CCSP, CGRC or SSCP, among others to gain knowledge about the field. Many people would start with the CompTIA Sec+ or similar and go from there in their explorations.

For the role of GRC Analyst, you might find these a good intro:
https://www.metricstream.com/learn/cybersecurity-grc.html
https://sprinto.com/blog/grc-cyber-security/

yea sometimes it can be like that. What exam is this? I guess it can depend on what the cert is all about, if it's a technical one or has to have different type of mindset like the CISSP. It would also be nice to know why that answer was better as well but eventually you'll get the hang of it and gain understanding.

It’s just the CC exam. But it’s frustrating nonetheless. In this instance the book/study guide I used mentioned degaussing as a form of purging. That’s all it said was that it was a form of purging done with magnets. At the end of the chapter it asks a question about how someone could destroy data on a hard drive so and re-use it. Obviously I avoided the answer about destroying the HD physically and chose degaussing. I checked the answer key and the book explained that was not the right answer bc degaussing destroys hard drives. I went back and checked the text of that very same book—they never taught me that. Then I did the online practice exam that is designed for this book—you can only access this practice exam only by registering the book. A question on that practice exam asks the same question but about tapes. I figured degaussing probably destroys tapes so I did not choose it. Nope, the test answer key says the best way to destroy data on a tape so that you can reuse the tape is degaussing. I’m confused at first. And then realize that maybe HDDs and tapes respond differently to degaussing? Googled other sources and those sources say LTO tapes (the only kind of tapes mentioned it the book) are destroyed by degaussing. Then I discovered on Reddit that there’s a lot of back and forth about this. Some say tapes will be fine, some the opposite. I can handle something being debatable. But the book 1. never mentions if HDDs/tapes are affected by degaussing in the text AT ALL. 2. Decided to test me on it two ways and expected me to know there is a potential difference, let alone know an answer they never told me. 3. Could have very simply said in the chapter on destroying data “degaussing destroys HDDs rendering them impossible to reuse, but may be safe for tapes.” And I would have been perfectly fine. These things make me feel like I will study hard but I still might fail. It’s not allowing me to feel confident in studying. And I’m a great study. So it’s frustrating.

Yes cc is way frustrating

Not the same subject but, with the increase of IA. What assure you a place in the civil sector as a Junior ? The military one will always recruts humans beings. But the earning is always less and the major is certainly SOC, with use of big compagny software. If you want redteaming only, you need to be very very skilled.(Sorry for my english)

Okay cool cool cool, not just me haha

Hi! I've sold my recent company few weeks back, and I started another one. This time in cybersecurity -> Short brief: Platform for monitoring (linux) servers, applications on them, cis requirements monitoring with AI. Well not AI as buzzword, but real world super cool shit, not only LLMs but also local supersmall models etc... I can give you more info later.

I am searching for enthusiastic security researchers to help me with this challenge (for stake in company, or regular salary, i don't care - but you have to have time for it, for me it's fulltime now). This requires proficiency in Rust, very deep ideally, as agent(bacon) is written in Rust to be easy to develop and easy on system as well.... User Interface and API is in Laravel and Vue.js.

I already have some clients on-boarded, and they are waiting for first version I am planning to release close to EoQ1.

Thaaaanks!

Please only people with proven security background and willingness to create world leading platform. 🙂

UPDATE: Completely forgot about Azure, production will be in Azure, so some experiences with Azure are going to be helpful as well 🙂

https://www.abu.rocks/docs/dev/h7ctf25-infrastructure/

Oooh I see 🤔

Oh thank you!

Gave +1 Rep to @rugged delta (current: #19 - 573)

Hey folks, for those who took the traditional college route (CS, cybersecurity degrees, etc.)—how did you land your first IT/tech internship? Career fairs? Professor connections? Cold apps on company sites? Any tips that worked especially well? As someone building skills via WGU + certs/TryHackMe, I'd love your stories or pitfalls to avoid. Thanks!

I did shit ton of opensource projects from my 13 to my 18. In my 22 I've became a CTO... 😄 Tryhard & Grind 😄

@white cloud I've written a bunch of random things for cyber labs for tryhackme oscp labs and for other random things. Should I fix up the variety of random things I've written and put it on my GitHub even if most of them are small scripts ? I don't have any major open source project experience. I've primarily written a bunch of small random scripts.

If those are not AI written then yes. It's only way how your potential employer can know you are worth something.

Mix of ai and self written

do not push ai written stuff... Even when there is huge probability, that you will work in your day-to-day job with AI, imporatnant is to know, what AI is doing. You have to understand it.

I will have to look through my notes to see what's ai and what isn't . Also I coauthored a published tryhackme writeup years ago. However when I go to various tryhackme rooms I don't see the writeups button. Did tryhackme do away with them or move it somewhere else on the gui ? I did recently see the new tryhackme echo ai bot.

are you in Uni? my advice is to hop on LinkedIn and sell yourself, look for internship roles and reach out to the recruiters and also try to find members of the role you are applying for then reaching out to them. Make sure your cv includes alot of the work you do to showcase your abilities because most study the degree but have nothing to show experience

I am in uni . Have about a semester left till completion of my bachelor's . I do have some prior experience in IT and data analytics . My CV / resume includes a few projects I've worked on as well as my GitHub with a few repos I've worked on

Thats really good, also try your best to see if you can get someone to refer you for a role, this helps you avoid ATS in most cases. My biggest advice would probably be, do NOT bulk apply, take your time to tailor your cv and apply because ATS filters CVs faster than a DDOS attack

Hi all!

New to cloud sec

Any advice on how a beginner can approach this filed?

Should I focus directly on certs or just pick one platform first & go deep into it?

Thanks in advance

Are you new to cyber?

I have some understanding of networking Linux & little bit of pentesting & soc

how likely can network engineering or a similar role be automated or be replaced by ai? 1/10? 1/20? 1/100?

So have you used THM before? Read #start-here if you havent as well

would ccna be enough or is there something i can learn to be more competitive? (by the time i look for a networking role ill have a+, net+, sec+, & ccna. would these be enough? i also have 1 year tech support internship from highschool)

Yes ive used thm & htb also but honestly solved very little labs

Do some labs on THM then, you can also get suggestions in #general

Ok thanks

Gave +1 Rep to @trim talon (current: #926 - 7)

It depends on your local job market. I’d say its more than enough for an entry level role. Do companies in your area hire highschool graduates?

Hi all I’m a 14 year old and trying to get into cyber security, I have finished Pre-Security and 60% of Cyber Security 101.
Any advice?

Also, while I say sometimes you may need to spend a long time refining your skills, sometimes you need to get stuck into the specialisation you want to pursue and become great at it, and go for the role you want, while considering the other opportunities as an option or something to keep you going

hi, I have finished Cybersecurity 101 and am completely lost now, IDK what to do, I went to HTB and open the analyst path and came back to PT path in THM and I do not feel like I am getting anything, I could not solve any ctf without a writeups or walkthrough videos. any guidance or advice would help a lot. thanks

Hi everyone,
I’ve recently started my bachelor’s program and I’m considering ethical hacking (penetration testing) as a potential career, but I’m trying to get a realistic sense of what it’s actually like long-term:

Some things I’m curious about:

1. How the career typically grows and are the opportunities really available?
2. Salary expectations at different experience levels
   I’m also wondering if this is not an entry level job :
3. What kind of job should be focused on first before diving fully into ethical hacking?

I really need this career advice and guidance thank you !!

Do both, I would say CompTIA has new and more relevant certs that you might be interested in. Pick the one you want and match your THM work on that so that it can help with your studies.

If you don’t have anything in mind then start with the fundamentals such as sec+ and go along with a THM path that can be equivalent to it.

Keep networking on the side, conferences, local meetups, etc. and potentially applying at roles to get good practice.

If you feel you’re not getting much out of it, slow down a bit. Focus maybe on one specific topic and practice that for a few times. When you join CTFs, set your goal to solve one problem. That’s it, one problem and you’re good then go on about your life and then come back and do it all over again, and slowly increase your goals.

When you try to consume all the information at once, it can be pretty overwhelming especially since we’re eager to want to know a lot if not all.

Keep it up, don’t let it get to you. When it does, it’s time to take a break and then eventually come back to it.

thank you

Gave +1 Rep to @humble cosmos (current: #326 - 28)

do you think i could atleast get a networking role? i wouldnt expect too much like becoming a junior network engi

You should definitely keep your eyes open for a networking/noc role

You can definitely get anything you want, you just have to make sure you put that work into it. It’ll pay off.

Yo does anyone have like a roadmap for ssti

Check this out
https://tryhackme.com/room/serversidetemplateinjection

Not the place for hiring.

Hey I have a question so basically i am a guy who never went to school i am a early college drop out i wanna know my dream always was to become cybersecurity analyst I wanna know is tryhackme where i can get started since my family and cousins live in a country where its expensive and stuff its dubai uae and while i live in sweden so guys what should you think i should do i am 20 yrs old with adhd btw

do sal1, it'll give you a simulated environment of what a soc does, do pre-security path if ur new (this is on tryhackme)

if your serious about it get sec+ then btl1 (comptia and by Security Blue Team)

Well firstly, as a fellow newby, having ADHD is no real worry other than needing to find what kind of studying works for you. There’s plenty of neuro-spicy in this field/community.

I didn’t finish college and I’m switching from a different career in my 30s. I’ve had many conversations about this about what I can say is that you can do this without a degree. I’m sure of it. Look into what certifications you can go for, bonus points if you have a particular interest like GRC for example. More and more certs will look better and better. Find ways of prove hands on experience before you even land a job. Certain certs from THM prove that you can be hands on. Put all of those things out there when you start looking for a job. And if you must, ask chat gpt about all of this. Tell it what you are worried will be challenging and what you’re interesting in and you can come up with a road map of what classes to take, what to study, and how to make good impressions on companies once you’re ready to search.

Hey everyone, I hope this is an okay place to ask this question. I'm currently a SWE at BigTechCo and I've been a developer for over 10 years now but I'm looking to transition into cyber security. I've been doing a lot of THM and HTB in my spare time but I'm not really sure what to do to transition into a new actual job. My main problem is that I'm hoping not to have a pay cut, if possible, but I understand that I basically probably have to "start over" and look for some kind of junior position first without any real world experience. Are there some things that I should focus on first, should I get some certifications and has anyone ever done something similar to this before? Thanks!

Hi yall! I'm looking for feedback before I post this to my linkedin, with the hopes of creating interest in some of the portfolio work i'm hoping to do this month:

Cloud logging & access control mini‑project
I’m starting up a minimal AWS/Azure environment with:
– A simple set of resources and IAM roles using least privilege.
– Basic network controls (e.g., security group/NSG) instead of open‑by‑default.
– Sign‑in and activity logging enabled in a way a SOC could realistically query during an incident.

I’ll simulate a few “normal” and “suspicious” sign‑in patterns (failed attempts, unusual regions/times) and document:
– Which log sources actually ended up being useful.
– What was noisy or missing.
– How I’d expect an analyst to pivot on those events in an investigation.

AuthWatch – small auth‑log triage helper
On top of those logs, I’m building a tiny Python tool (“AuthWatch”) plus one or two detection rules to make suspicious login behavior easier to spot. The plan is to:
– Parse a sample of auth/sign‑in logs from the lab.
– Flag simple patterns like clustered failures from a single IP or first‑time logins from a new region.
– Output a short, plain‑language summary that a junior analyst could use to prioritize what to look at next.
– Capture the same logic in an example Splunk‑style query or Sigma‑style rule.

I’m treating this as a public lab notebook: small, bounded projects that deepen my cloud + detection skills and are easy to walk through in an interview or with a team.

If you’ve done similar work (cloud logging strategy, auth detections, or training junior analysts) and see ways to make these exercises more realistic or useful, I appreciate and welcome your thoughts.```

dont want to burst ur bubble but the CC wont be much use

like its cool to get but i wouldnt break ur back for it

Hey, Zeak. There’s no bubble to burst. Most of the time when people learn a new thing, they start with the basics. I started with an entry level cert before I move on to others. I’m learning a whole new thing. I’m a trained sommelier. Completely different field, and a whole new ride to take.

I am curious though, what other than smug bitterness made you decide to come “burst [my] bubble”?

Hi everyone, sorry to hijack the message, but I'm in a similar situation, so I'm adding myself with a few questions, hoping to get more info for both of us 😄
In my case, I am a full-stack webapp developer with around 6 years of experience, based in Europe.
I am also trying to make the transition, specifically towards appsec or devsecops roles (this is where I feel most at home and I believe it is the best entry point in my case (?) correct me if I'm wrong, also taking in count the "starting from a junior position"/"taking a pay cut" topic).

So, if any of you have followed a similar path and entered cybersec as a developer...

• How much weight should be given to certifications compared to homelab projects/writeups/repos/whatever? Is it worth getting entry-level certs even just to get past the first HR screening? Is there a cert you guys would recommend over others (in general, also not entry-level, but specifically to transition)?
• People who transitioned from dev to cybersec: what was the first job title you got? was it a junior position? did you experience a pay-cut?
• In general, is there something that helped a lot landing the new job? anything you wish you had known before making the transition?

Sorry if it feels like an interview 😅 Anything would help really, even to just share your experience. Thanks!

Gave +1 Rep to @lucid fiber (current: #3534 - 1)

Well it the knowledge wont be that useful. Its kind of some basic grc stuff. Im sure you would fair much better actually learning IT fundementals in the A+ or Network+

Its not smug biterness. Its just I feel your wasting your time when you should be focusing on other things

The CC becomes very easy once you get a good graps of IT fundementals

Do you have any MVP of your projects, or they are just ideas?

The cloud project’s MVP is a very small AWS or Azure environment (one account, one–two resources) with least‑privilege IAM, basic network controls, and sign‑in/activity logging wired to a central place a SOC could realistically query during an incident. It includes a short 2–3 page or blog write‑up that shows the architecture, key log sources, a few “normal vs. suspicious” sign‑in scenarios, and concrete lessons about which logs are actually useful and how an analyst would pivot on them.
AuthWatch’s MVP is a tiny Python tool plus one detection rule built on top of those same logs. The script reads a sample of auth/sign‑in logs, flags a small number of patterns (for example, clustered failed logins from one IP/user or first‑time logins from a new region), and outputs a brief plain‑language summary suitable for junior analyst triage. Alongside it I will define one Splunk‑style query or Sigma‑style rule that encodes similar logic, and a concise README explaining what it does, how to run it, and its limitations;

Granted thats just a summary, part of the project is i try to create the mvp as the first draft of the readme and build based on that mvp, documenting complications;

https://github.com/VioletFigueroa
This is what some of my past projects look like so far;

The CC does teach a lot of the basic knowledge and concepts in a clear and concise manner, and it's prepared by professionals in the field with the intention that it draws you into the subject of cybersecurity and you get a broad overview, with a relatively cheap/free certification that might lead you to pursuing professional education, hopefully financed by an employer who knows you're working hard to understand the field from the basics. If you have the CC and you're working towards the SSCP or another certification, you'll have a lot more to talk about at an interview on the level that they're looking for. If you spend a few hours a night, 3-5 nights a week you'd fly through it in a month or two and have that good grounding under your belt. Sure you'll likely need to do more work but a lot of cyber security is ongoing learning 🙂

hey yall, im hoping to get some advice to make my path a clearer. i am a new grad with 0 cyber exerience and some SWE experience. what are some cyber or cyber adjacent roles i can realistically land within 6 months (if that's possible 🙃 )? i was thinking about an analyst position or Sys admin but i heard that most GRC roles want experience

Let me tell you a little something about communication. If you want to frame your perspective as “I simply think this other fundamental thing will be way more useful for your goals,” what you should NOT do is offer some (yes, smug) off-the-cuff response prefacing it with a cheeky “not to burst your bubble.” I know that you meant to be rude for a fact, because of how you opened that message and because you crapped on my goal PLUS offered zero insight. “What you’re doing is useless” is rude in general, but even following with a “I think this other fundamental course would be more informative” would take the edge off. But you came to strut your know-it-all schtick instead.

This cant be real

mam

this is discord

not email

Hello, I'm a student, and I'm thinking of going to college for cyber security, but I saw some videos on the internet saying that employers care more about people who have knowledge from like tryhackme rather than a degree, just curious if that's true from any employer out there?

Not an employer, but I would strongly suggest a compsci degree over a cybersecurity one, and no, I've not ever seen TryHackMe knowledge wanted over a degree

TryHackMe me good for hands on skills with tools and learning stuff, but every job posting I've seen has "Batchelors or Equivalent/Experience", not "TryHackMe experience"

yea same here, I have not seen an actual employer care more about THM knowledge vs degrees. When I've interviewed candidates, I do like to see that they're taking time to develop themselves through THM or any other hands-on training resource but definitely don't prioritize that over any other education.

I know that a lot of folks wanting to get into Cybersecurity whether student or pivoting from another career, they want to take the fast path. It's understandable but I'm a strong believer that education should not be bypassed. Go for a degree even if it's an AA. Then go for certs and a long the way of course apply at jobs to see how it goes. But continue to develop your education and training along the way. Never stop.

The education part never ends in this field so make it a part of your life.

and I would say.....back to the main question......not unless the employer is specifically looking THM training/education and they're stating it on the job description but I personally haven't seen that.

Cybersecurity is full of people who have transitioned from other fields (both technical and nontechnical). I’d say you already have a solid start with your dev experience and working through THM and HTB. If you have an idea of what types of cybersecurity roles you’d be interested in, you can look up job postings for those types of roles and compare the required qualifications to your qualifications. This can help you identify your transferable skills (you definitely have some!) as well as identify any gaps. Certs can be a handy way to tell HR that you have the skills (give them a chance to check off extra boxes). However, home labs and write-ups can help show your prospective team members/supervisor that you actually know what you’re talking about, will go the extra mile to learn, and can effectively communicate. Just make sure that whatever you do, it is added to your resume in a way that clearly communicates its relevance to whatever role you apply for. Best of luck!

Well, I didn't mean like specifically THM experience, more like "street cred" from hands-on training, or like you see hackers who haven't graduated or have a degree get employed because they know what they're doing better than what college can teach you. Idk If I'm explaining this correctly but I hope you understand what I'm trying to say

Honestly in my opinion what employers care for is actual work experience

Yeah work experience is far more valued than experience on something like THM.

"Street cred" isnt much of a thing anymore. When pentesting was still shiny and new people would get jobs after pulling off a big hack, but nowadays you just get prison time

👍 ok thanks

If you can't learn all this kinda stuff in college, you're missing the point of college. The classes/courses/projects/exams are important, but the things that really matter are the labs, the experimentation, chasing up new knowledge, the finding out what happens when I push this button... That's how you get to really understand things

...and learning the importance of backups

https://tenor.com/view/fadding-dog-traumatized-gif-10801559770686219962

CS degrees are more versitile. If you can tolerate the math and coding I would recon one over a Cyber degree

College and University teaches specific things, depending on program and course. Knowing things is good, being able to demonstrate what you know is way more important.

For security work, the value in the work is demonstrated through documentation. Showing how good the team is , is impossible without understanding how to show metrics. "We prevented $10 mil in loss because here's the avg time for us to detect and remediate vs not remediating" is only useful because the team has numbers on it

Higher Ed is good at teaching you how to learn and evaluate in a domain. You'll learn more in industry, but you will also very likely spend way more time in industry.

Hello, if I want to start malware and RE then which assembly and which assembler(as syntax is different for each) should I start with

And some starting tips would help too

Im looking into automating the top 10 NIS2 requirements for Hungarian SMEs. If you could have a tool that performs a full compliance health check in 15 minutes what is the one deal breaker feature it would need to have for you to trust it over a manual consultant?

hi guys im college student looking for cyber/it/ int*rnship 😭
I am 80% down with Cyber 101 on THM, started homelabbing, finished my Google cyber cert and on my way to getting my Sec+
Any advice 💔 😔

That’s pretty much impossible, you base every technical measure etc on risk analysis looking at the whole organisation

Are you familiar with the directive and its Hungarian transposition?

hello

I agree that a script cant replace the initial holistic risk analysis or the governance required by the Hungarian Act LXIX of 2024.
However my focus isnt on replacing the auditor its on automating the continuous evidence collection for the technical measures. For a Hungarian SME once they are classified as significant or high manually proving they meet the Decree 418/2024 requirements (like log integrity or patch management) every day is pain.
Dont you think theres a gap for a tool that handles the technical implementation checks so the human auditors can focus on the high-level risk analysis?

hello everyone

Could someone kindly tell me what skills are required for a SOC1 Analyst role?

Threath hunting , Phising analyz , IDS IPS , SIEM tools , so what is next

It’s an interesting approach but the state of this regulation is so unpredictable currently in most of the EU countries. It’s very hard to keep up with the demand from the regulators and automation is kind of against the whole point of this directive as it was a counter to ISO27001 (and NIS1) being only for documentation without any real security measures.

Hello. i started SOC analyst level 1 at beginning of career after audit and alert dev. that time just the general knowledges in cyber security. the best is you do something like THM level 1 lessons. at least you see you have the basics. and i would say know the SIEM the company you want to work in is a big plus. know IDS IPS what they do yes and how to write rules, phishing of course and the different technics . threat hunting is not level 1 clearly . you know.. i know lot of level 1 with few knowledge and they learn little by little. it needs to be curious and serious. tc

I understand my friends thank you for your time

Gave +1 Rep to @red tangle (current: #3542 - 1)

It was helpful!

Hey guys, what does the eJPT exams look like and how do I know I am ready for it?? This is my first cert tho

heyy guys

anyone there

I get you.NIS2 was definitely designed to end the check the box culture of ISO27001 where companies only cared about documentation.​However thats exactly why I believe technical automation is the next step. If the goal is real security measures and live evidence (as mandated by the SZTFH in Decree 418/2024) then a manual audit once every two years isnt enough.​A human consultant cant verify that Multi-Factor Authentication is active on every account or that system logs haven't been tampered with at 2 am on a Tuesday. My goal is to build the technical heartbeat that proves those real measures are working 24/7. Dont you think automation is the only way to meet the 24-hour incident reporting requirement accurately? Im really thinking about applying to EIT so I can build a startup for this idea.

Thats what SIEMs and SOCs are for but you can definitely try it is a good idea and even if you find only a few clients you can make some $$ 🙂

For a Hungarian SME with 50–100 employees the total cost of ownership for a SOC (even outsourced) can be millions of forints per year often more than their entire IT budget.My NIS2-Automator isn't trying to be a full 24/7 SOC. It's a Compliance-Focused Automation Tool.
While a SIEM focuses on security events my tool focuses on Technical Evidence for the Hungarian Decree 418/2024. It provides the specific proof an auditor needs for things like asset inventory user audit logs and patch verification. I think theres a huge middle ground between doing nothing and hiring a full SOC where automation is the only affordable answer.

The eJPT course is aimed at explaining a lot of the tools and techniques that hackers might use when conducting a penetraion test, but the exam isn't intended to be too challenging, rather as a means to direct you towards the eCPPT. You should look at the roles available in your vicinity and see what certifications they are looking for. Most pentesting roles will probably look for the OSCP+, SANS GPEN, etc. If you're new to cybersecurity and IT, you should learn more about Windows/Linux/Network administration as forming a good understanding will lead to more job opportunities and starting in a role like helpdesk/IT/SOC Analyst can give you better access to the roles you desire, as well as training budgets for the certifications they require...

If I were you I’d try doing that! Even if it doesn’t work out then you have a veryyyy good project to show off

Maybe look at DORA also, as it’s quite more documented and straightforward in terms of regulators and their requirements

It’s a lex specialis, therefore you’ll have a very good foundation for NIS2 as a whole

It's great having compliance-focused tools to make it easier to understand where audit gaps might show up, but passing an audit is the minimum level of tolerance for standards compliance and regulation compliance indicators. This can be seen as a long way from actual best effort defence and risk management, but having good standards compliance and audit success is a good indicator of service reliability and an attempt to meet a higher level of proactive engagement with protecting the organisation. Criminals and state actors don't care about your audit compliance or risk management. They care about finding that one weakness to get inside and stay in your infrastructure. So while meeting security needs can be an expensive endeavour, and passing audits can give the c-suite and board a level of assurance of security, the things that really matter are keeping the bad guys out, or limiting their impact, and showing that you've made best effort when the regulatory people come to check if you've done everything you could to minimise the effects of a breach

I am not new to cyber sec, i have learn cyber sec around 2 years now, I am still in high school so Imma take a bachelor degree in ICT

Good idea. Having a broad degree like that can really benefit you in any computing role you pursue. I'd pay attention to the content in THM or projects like pwn.college or PicoCTF which are aimed at students and can teach you a lot of the skills you'll need in a future cyber career

thank you

Gave +1 Rep to @rugged delta (current: #19 - 576)

thank you

thank you so much

It doesn't necessarily to have a degree in IT to get get a cyber sec job right?

But idc I still want to have a degree tho, but then if my bachelor program is general IT or ICT without having any specilization in Cybersec then is it a good idea to take master degree in cyber sec??

i want to abuse this bot to give you point tho lol

In general, it is wise to have a degree--pref a STEM degree---as a back-up. My degrees are somewhat related to cyber: MS Computer Engineering (Systems and Networks) and a MBA (Project Management) plus 5 year internship experience

With a degree, you will get paid more than your non-degree coworkers who have the same experience as you...

No, a degree isn't 100% necessary. There are many paths into cybersec, such as certifications, CTFs, maintaining a blog about challenges you've completed and technology you're well versed in, such as doing instructions/tutorials about a SIEM software you understand or writeups about rooms you've completed. The main thing is to explore many options in the field, to play and practice with the tools and technology in a safe way, interact with the community, going to meetups/CTFs/conferences, reading books, etc. The Tribe of Hackers books contain a series of interviews with experts about how to get into various roles. One of them is currently a part of a Humble Bundle collection from Wiley:
#bookclub message

I've heard it all the time from contractors with just certs: I can't believe he gets paid more than me and I can't believe corporate isn't taking my ideas serious.

Haha thanks, but a single thank you is sufficent 🙂 the bot is on a timer and the admins wouldn't be amused by such actions!

Gave +1 Rep to @granite pumice (current: #2297 - 2)

An analogy: who do you want to as your surgeon, a person with only certs and experience or a MD with PhD in Cardiothoracic surgery with the same amount of experience

But in the end, it is your choice...

But yes, a degree + a combination of the things I suggested looks a lot more impressive to a lot of recruiters. Though there are recruiters who want you to have experience with something specific

I recommend going for the degree portion if you want a career and to move into your field as a manager. If you are just looking for a job, get a cert.

There is nothing wrong with IT--sometimes you don't even need a cert, degree, or experience. It depends on the business and their needs

Cyber is a different beast...

In the end, sell yourself during the interview. You are competing with others and need to stand out from the masses with only certs...

Since you are in high school, look into internships and network after you get hired as an intern

It's not a great analogy. Surgery is a heavily regulated field and surgeons require a licence from the medical board to practice, after years of acquiring and practicing skills and passing the related exams. The standard level is a lot higher. If you're not going to a regulated hospital for your surgery, you've made bad choice 😛

Many organisations will require certain qualifications or certifications to consider people in various roles. Mainly pentesters might need to have OSCP, GPEN or other certifications, CTF placement, holding a degree, but many of the standards that are expected in cybersecurity can be trained, and many orgs will require you to achieve certain standards and demonstrate ongoing skill development, as well as your ability to interact with other people you work with. Many certifications do require you to recertify on a schedule, such as those requested by governments and certifications that meet government standards

It's your choice: get certs or get a degree. I recommend getting a degree, applying for internships, networking within the business, and, above all, having fun during your high school and undergraduate, or even graduate or post-doc, years. Once you are working as FTE, life gets serious...

also i am going applied of science is it also a good choice in this field??

are you in the States?

No I am not 😂

I am EU tho, to be more percise Finland

It can't hurt your ability to understand complex ideas

I mean like which one is better overall Applied of Sceince or regular research heavy theory uni?

Whichever one you prefer. Your first years will be about developing your learning abilities/critical thinking

I guess Applied of Science...

The main question is what makes you happy: during theoretical research or proactively applying it in real-time.

so there is no right or wrong??

I thought regular univeristy teach only theory without any practical knowledge -> which mean I don't know what the fuck to do when I graduate??

I'm sure you'll be fine whatever decision you make. Just remember to sell yourself during the interview process and don't take life so hard.

Apply for internships in your chosen field and see if you want to make it a career

Also should I take master degree in Cyber Sec if I didn't manage to get in the univerisity with Cyber Security specilization??

Just curious: have you ever built a pc, ever OC it, ever coded 100 or 500 liine programs,

Sure. Learn all you can during your educational career...

No...

Thanks for giving me technical advice. I appreciate that 😭

Gave +1 Rep to @blazing veldt (current: #2297 - 2)

Tbh, I self study cybersec but have nobody to ask about technical shit beside Chat GPT. Asking people in this community is great!

My goal with automation is to bridge that exact gap. If we only do a manual audit once every two years the best effort defense you mentioned only exists for a few days

Also thank you all for the responses. I really appreciate it

I will definitely look into it tysm

Hallo 👋Software developer looking for a team focused on web & API security, learning, and legal testing.
Long-term and active.

I got used to it twin, but it's great if we team up.

Can we

what is the ideal time to start looking for full time roles :nervy: (I am a junior now but im talking abt senior year)
should I still look for int*rnships or no? in my senior year

also im looking for int*rnships if anyone has any advice
like in IT/sys admin/cyber, ill take anything

looking for a ctf team to join and learn

what is it ?

yo!
which certs do you think are valuable once you finished all rooms of THM?

wdym what is it? a catch-the-flag team?

Sec+ is always pretty good. As for "good" certs just look at what's required by job applications in your area

Hi all,anybody here from UAE? Im having hard time navigating job market here.I have a CEH cert and SC900 and currently doing G**gle cyber security professional cert for better hands on along with Tryhackme practice.This market is so not welcome for newcomers .Anyone dealing with same situation?

I am finishing school and i really like cyber security, a lot of people told me to get a computer engineering degree and then get certs or still go on with college, but I am not really sure about it, my main goal would be pentester/red teaming, but i know it's hard to join that world as an external

in order to understand a degree is useful and ppl care about it cause it also shows discipline and so who studies is more accountable yk

the point is just that, for cybersecurity, the degree would not give me anymore information from those I can find in certs, i would get it just for the fact that people in general care alot of that

it actually depends, in my studies I learned about many skills that I still can use today in cysec, but these skills won´t be teached in cysec at all..
In the end do what you feel you are called for. As I started my degree there wasn´t cysec as a study programm, so I missed one chance that you could get.

you mean like coding and that? I was thinking that the degree would also be usefull in case I would do something else than cybersec, there isn't really a cybersec degree only

check police and military, they do at least in some countries.
Yeah, management stuff, many coding languages.. the 'whole' of the IT is interesting especially in cysec (you need to know about everything). my university even teach me how to learn, most valuable skill they could ever teach me

Heyy guys today i got the Advent of Cyber rewards and i have got 75$ voucher but i am not able to utilize it cause i already have the premium so if anyone wants it .
Dm me .

Is there any solution for call bombing ?

Hello everyone 👋
I’m a software developer interested in joining a study / security team.
My focus is web and API security, with a strong interest in analyzing vulnerabilities from a developer’s point of view.
I’m looking for consistent, long-term teamwork rather than one-off events.
If anyone is interested, please DM me.

I'm unsure if this is the right channel for this, but I've got a question in terms of career paths, I've got various experience working in a lot of different programming languages(high and low level), and I'd like to start doing pentesting professionally. After taking the TryHackMe pentesting path, and doing some CTF, where should I go? Would I be ready to try my hand at bug bounties at that point?(I'd assume not, but I'm just looking for some guidance)

If you feel comfortable doing the challenge rooms in THM or participating in CTFs, pursuing bug bounties would be a good way for you to learn and try some real world challenges. If your objective is to be a pentester, pursuing a certification like th OSCP or #pt1 would be a good option.

Most early bug bounties tend to include a lot of web app pentesting and lots of companies have bug bounties in place. The objective of a bug bounty is to follow the scope they outline about what systems and kinds of tests may be conducted. While some orgs run their own bug bounties, many prefer to go through one of several bug bounty platforms like HackerOne, Bugcrowd, Intigriti and others. HackerOne provides a learning platform called Hacker101 that gives you challenges and training, completion of the various levels can give you access to more exclusive bug bounty programs as you learn new skills. All three of these have a range of interesting clients and programs to pursue. See #bug-bounty for more talk on this topic

@rugged delta Thank you! I appreciate the help!

Gave +1 Rep to @rugged delta (current: #19 - 579)

Im also in hs

I appreciate you bro 🙏

Quick question. Realistically , how long would it take you to know enough for an entry level role in cybersecurity if you know the foundational beginner stuff . Would learning Cybersecurity to take the Security+ give you enough of a foundational understanding or would you need more before you apply to things?

When you say foundational beginner stuff wdym? Also do you have any other experience working IT?

Talk to your QA team, I bet they have a lot of related resources and software testing. Many of those ideas will be pentest adjacent.

Ok well let me ask this a different way because I've never been in an IT role but I know about risk management, I know about networking , CIA, things of that nature. But lets just assume I know very little about about Cybersecurity. How long would it take somebody with no experience and very little knowledge of it to gain enough knowledge for an entry level role in something like SOC.

When you're starting out in cybersecurity, you'll be learning a lot about Windows, Linux, Networks, moving on to Bash and scripting, maybe pick up some Python, Powershell as you progress. You'll need a good foundation in Windows, Linux and Networks, so THM has a lot of rooms about those topics. Understanding the landscape in cybersecurity can take a while, so THM has plenty of rooms on introductory topics, but you would benefit greatly reading the Network+ and Security+ study guides or doing the free Professor Messer courses in those topics to get a good grounding. Or you might pursue the #sal1 course. The Recomended Learning contains a whole load of resources on those topics, and the recommended learning time is 2-3 months if you're focused (Go to https://tryhackme.com/certification/security-analyst-level-1, click Get Started and view the Recommended Learning to see everything you should complete)

Ok in short I don’t know because I’m not in an entry level cybersecurity role.. BUT, from what I’ve seen in my current organization.. working in a sysadmin role for at least 6months-1year will prepare you a lot for a cybersecurity role. Some people can learn really fast and gain that knowledge in perhaps 3 months.. but organizations are typically looking for a person they can trust that fits well with their team AND has the knowledge/skills they’re looking for. Hope this helps “)

Yes, it can take years to learn and refine your skills in the field. Constant learning and upskilling is a necessity

Thank you all !!

Hello guys, I just wanted to ask if anyone have any recommendation on how do I take notes (in obsidian) for cyber along learning the THM basic paths, do I literally take note of every information that it throw at me or that is just unnecessary, I know that having a second brain on obsidian doesn't develop my first brain automatically, just wanted to ask how do I filter the information that I should take notes so I don't waste time taking notes (control + c, control + v all the text) instead of doing real work.

Guys I'm currently working as security analyst and i wanna switch my job for higher pay, but I'm not getting any interview calls even after applying for so long. Every job opening i see demands certs. what do yall say should i go for the certs or should i keep on trying as it is rn?
i have worked on AI Agent Security, worked on prompt injection and other type of stuff as well.
Just got rejected at google so i was confused about where i was going wrong.
If anyone could help it'd mean a lot!

I usually note important concepts and descriptions of how stuff works. For example if I have a software that takes some parameters, I'd describe what it does and how to use it. If it's Wireshark then how to filter traffic for something I want to see. Ultimately you need to find your own way but I'm pretty sure there's plenty of resources available online

Okay I have a better ideia now, thank you

Gave +1 Rep to @rich vault (current: #783 - 9)

Two more tips that came to my mind:

1. Try to write things by yourself instead of just blindly copy-pastying. This will help you to understand concepts, remember it and most importantly develop your own style that works for you.
2. Don't do notes in daily format, it works better if you organize it by the topic/content. For example folder 'Tools' -> folder 'Wireshark' -> note 'Filtering HTTP'

Hello, would anyone here be willing to do a resume review? Tried adjusting my resume recently and would love to get some real opinions from those in the field. Thank you!

I can take a look

how do you get past all the rejected job applications all my emails are we're sorry we have decided to move to next steps and you weren't chosen

Getting a job is more like dating now they ghost you or you go on the first date and then they don't respond after that

Do you just have to complete more projects on github or something

Sorry just seeing this, can I DM you?

Hey everyone 👋 I had a question about cybersecurity certs and would appreciate some advice.

I’m currently an undergrad in Computer Science (no specialisation yet). I’ve been coding for about 5 years, with experience in software engineering practices from both uni and personal projects. For the past 2 years, I’ve also been using TryHackMe, learning cybersecurity from both the offensive side initially and now focusing more on defensive / blue-team concepts.

I also have some experience working as an IT Support Engineer in the hospitality industry (mainly Windows troubleshooting, basic networking, router setups, etc.), but I’m looking to move away from general IT and more into actual cybersecurity roles.

My question is:
What certifications would make sense for someone in my position to start signalling to employers that I’m serious about cyber roles (SOC, blue team, security analyst, etc.), beyond just GitHub projects?

I’m not really interested in spending time or money on certs like CompTIA A+, Security+, or CCNA, as I already feel comfortable with that level of material. One cert I’ve been looking at is ISC2 SSCP, but I’d love to hear other recommendations or opinions.

Thanks in advance 🙏

Sure

Depends on region. Also its worth to look at what employers in your region want, if you are in EU, its worth looking at Microsoft certs, such as SC-200

Hello everyone! I have a question.

I'm currently working for like a year in cybersecurity but in IAM. It's not really my specialty but I'd like to venture more into SOC or pentesting.

I currently have SC300 and Sailpoint as certificates, but would like to take more worthy certifications that are budget friendly compared to comptia certifications.

i was thinking of ISC2 CC but idk if it's good enough.

Do you guys have any ideas or suggestions that will help the advancement of my career? If you could also include other like recommendations for projects, id appreciate it.

Thank you.

Hi everyone. I am currently following the SOC L1 path on THM and networking fundamentals and mostly lab work.
I am looking for a SOC Analyst internship. But I don't have any projects yet.
What kind of projects should I build to stand out in resume shortlisting?

Other than writeups on medium or GitHub??

Mini SOC/home lab projects stand out: SIEM + detections, IR simulations, and small enrichment tools. These show actual SOC workflows beyond writeups.

Good day fantastic people, I come with a short question

To get better with SQLi is it better to play around with DBs and then try to apply that or if I already know the basic would it be better to focus on SQLi specifically?

Thank you

Gave +1 Rep to @fallen oriole (current: #3554 - 1)

UK

You're not doing anything wrong, it's definitely competitive out there but it's doable. Definitely go for certs depending on what role you want to go next and align it with that. In this industry you have to keep educating yourself to stay relevant.

Are there any options from within your current role to move up or pivot to a different role?

Do you know what you want to do next or you just want more money? I would personally target on what you want to do and what you're passionate for, the pay will follow but if you're just looking for more pay.....I'm afraid you'll eventually be in the same situation where you won't be happy due to you wanting even more money and/or what you're doing isn't really what you're passionate for.

Think about what role you want next, look for any certs related to it and grind at it, everything else will follow.

will socl1 cert get me employed as a tech admin or better as an analyst? i’m also taking ceh cert from cisco, do you guys think i have a high chance on getting employed? i really cant afford comptia rn, im only 19

send me a dm if you’ve got guides for me on how to engage/interact on interviews, it’ll help me a lot, thank you guys!

Hi every one

Yea bruh i gotchu. For notes for THM rooms I would recommend writing everything you deem important in your own words. Usually things like how things work or new technologies you learned. You should write your notes like your trying to teach someone new information. Make them very braindead and easy to understand. My “audience” when I write notes is pretty much me if I woke up one day and forgot everything I could read my notes and remember everything. For higher level concepts you wont be able to dumb everything down ofc but try to make it as digestible as possible. You taking notes is pretty much digesting what you just learned

And as for organization just find a system that works for you. I dont rlly use the graph feature in obsidian i just make folders of general topics example blue team tools and then a sub folder for more specific for example detection tools or investigation tools

U lowk need security+ just bc ATS

But thats the only one id rly get if u feel confident on the other stuff

Ccna is good tho i would recommend if u have the time its a good ATS cert

I sadly don't know the UK market that well, but yeah, if your skillset allows, rather do more advanced things than entry certs. Issue is that some companies might require some certain certs because of some internal contracts or internal requirements for other employees, then it could be hard to justify "I don't have it because I can do better"

I think you would be ok with going straight to the SSCP. Security+ is always good for the fundamentals and if you don't want to spend the money, that's understandable.

One thing I like to usually tell folks is that certs "prove" that you have the knowledge...not so much that you have to take them but it's a way to showing you've done your homework but the SSCP I think is def a step up from the sec+ and if you're up for the challenge, I think you should be ok.

Yeah, in this case Sec+ will be better. No recruiter knows what SSCP is tbh

If your goal is getting a cool cert for yourself tho, then SSCP isn’t that bad

Hola guys I need vps/vpn. Any spare one

hola

Any remote it jobs going at your company's for me (im uk based ) even if ifs part time or even voluntary. In my 2nd year of uni degree IT & networking

Opportunities are always there for as long as you don't give up. Keep doing what you're doing by educating yourself and you keep applying, doesn't matter how challenging it can be but if you continue to stay involved and network with different people. You'll get there.

Competition is out there, so you have to make sure you know how to sell yourself well. You're young and have so much ahead of you so don't' get discouraged if you think you don't have a chance because you do. Keep grinding.

U say spare like its a limited resource

Lol

Anyone have any insight into how the job market is in the Dallas-Fort Worth, TX area? I've been working as an Offensive Networking Instructor/Writer Team Lead as a govt contractor for about 2 years since getting out of the military. Also have experience as a Cyber Operations Planner. Looking to transition into a role as a SOC Analyst or IR. Looking to make my way to Texas in about a year, and wanted to start preparing ahead.

Has anyone here completed the tryhackme pt1? The Web part is rather challen geing any advice foir me before i go for a second attempt?? Would really appreciate the help/advice

Hey guys, I am trying to transition to cybersecurity with AI. I do have some experience on both Cyber and AI. I am from India. Will it be possible to have remote opportunity for the same?

I would like to hear some suggestions on the job roles of companies I can look out for

Heyhey sorry if this is a mainstream and common question, but I would just like a bit of reassurance paired with advice on the next best steps as I’m a bit overwhelmed.

I’m currently 16, UK, taking a gap year before starting college and doing A-Levels in Maths, DT and Comp Sci. I was wondering how I can best utilise my gap year as my long term goal is a role in incident response/policies in cybersec. I know it’s not an entry level field hence I need to work on foundations like Linux, Networking, etc. I just want to know if what I’m doing right now is okay? Any recommendations or tips to prevent from burnout? Thanks! All the best to everyone.

You should look into the CompTIA Tech+ and the CompTIA A+ first - You don't necessarily need the certifications themselves but studying the content within will build your foundation. These are essentially the foundations for any position in IT - Desktop Support, Help Desk, SysAdmin, Security, Networking, etc. all branch off/specialize

Thank you so much for the info - I will defo look into them. By any chance, do you know if there is any funding available - UK based or within CompTIA - that I could potentially apply for?

Gave +1 Rep to @uncut yarrow (current: #1755 - 3)

Sorry, I wouldn't know. You can find vouchers for many of the CompTIA exams (I like professor messer) for a bit of a discount but you may have better luck reaching out to a school counselor/advisor.

I'm not sure if it's the same in the UK but when I was your age I worked at UPS, and they offered a generous amount of tuition reimbursement.

Tech+

Make sure you go to the PT1 page, click Get Started and view the Recommended Learning. You should make sure you're comfortable with all the resources listed there:
https://tryhackme.com/certification/junior-penetration-tester?utm_source=discord&utm_medium=social&utm_campaign=pt1

Ok got it, thank you bro

Gave +1 Rep to @chrome spire (current: #1411 - 4)

Thanks, literally most if it i am done with i am currently aslo finnishing up the Web Application Pentesting path becasue in the exam i struggled with the web part.

Gave +1 Rep to @rugged delta (current: #19 - 583)

Hello

Best of luck

Hy guys, I recently started an internship at AppSec with more focus in PenTesting, but I want to take the next step and I want to evolve and become the best professional possible. I have more experience and more focus in WebPentest and I like Networking as well. Any recommendations from more experience people?

Broadening your horizons is always a good thing. Pentesting is a highly competitive area, and you'll probably need a mix of web and application pentesting. There are lots of paths and rooms in THM to learn web pentesting. You can also check out HackerOne's Hacker101 free learning platform, the free Portswigger Academy (BurpSuite) and consider looking into #bug-bounty on platforms like HackerOne, Bugcrowd or Intigriti, as well as some organisations' own bug bounties to get a chance to test yourself against real platforms.

If you want to learn networking, most networks have a lot of Cisco kit in the core, and a lot of companies based their interface on the Cisco one, with a similar command set. But there's companies like Juniper and others, as well as the big cloud providers all having their own networking certs. It's important to know a good bit of networking knowledge in any area of cybersecurity

I have

Any of you guys have OSCP? 💀

No remote IT jobs until you get your purple belt 😂

hello. I just got out of the military, i have a Bsc(CS) degree and want to become a pen tester. Seeing that starting off with a pentesting job is impossible i have opted to go blue to red. Currently trying to complete sal1 if i get the free chance and maybe do ejpt. If anyone could guide me on how i should go about this i would really appreciate it. So far i have applied for all blue/red jobs but no hits :(.

Hi can anyone please help me, I am a computer engineering student and I need some free courses about cybersecurity, network administration, and other kinds of courses that has free course and free certificate

Passed it?

Yes

Yes

Damn, how was the web part for you?

Haven’t got there

I’m at intro to lan !

Guys, can someone help me get into cyber (Blue Team)? Quite enjoying the SOC analyst role.
Completed a bachelor's in Cyber Security and Digital Forensics; unfortunately, I couldn’t do the internship due to personal circumstances when I changed countries during university. Just finished the SLA1 today. Back to a minimum wage job tomorrow, tired of applying for jobs and just getting ghosted or “unfortunately.” Just want to work on what I love and honestly, kind of lost at last.
Any suggestions on what to do next?