#cyber-and-careers

What's wrong with what I've written

or do I simply need to include some subway surfer footage next time

Hey everyone

Hi

Hi ;3

low-key thinking of becoming an IT Project Manager. I got 4+ years experience in supporting the govt authorization to operate process but I dislike reading security requirements.

will keep security on the side as a hobby and participate in CTFs but what certifications should I aim for as a project manager? PMP, Scrum, ITIL?

It was too much political 🙂

Hey, I know the DACH market to well to put him through the meatgrinder and tell him to buff it out, before he realizes that he gets softlocked into GRC, which happens way too often over here. He obviously doesnt like it

sup

I would focus on ITIL & PMP first then for a third cert aim for an area you want to go down

But all the unemployed cybersecurity influencers say cert is a waste of time? 🥺

All certs are handy just depends at what level and what job

Honest jw what ARE the actual interview ratios for ppl with zero certs, zero IT experience, and a bachelors degree?

I gotta feel like it’s really really low

My belief is

Bachelors Degree = Baseline standard you can be held to and proven work ethic (Also handy for promotions)
Certs = Practical standard and knowledge you can be held to
Experience = Proven practical and theoretical experience whilst in an operational environment

Obviously over simplified

That’s a decent perspective, but it doesn’t answer my question - how many straight college students actually have opportunities awaiting them (cybersecurity) without having to spend a bunch of money on basic certifications and without luck landing a help desk role?

That number’s gotta be really low

Even for normal IT roles

College student with a degree? probably not that high however possible in low level jobs

i.e. service desk or IT technician roles at schools etc

It would also be more competitive which is what certifications negate in that aspect

True, also HR is a black hole

I’ve read stories about HMs applying for their own roles and not getting passed on for review

Yeah HR is a bit of a blackhole however there are ways around it and unfortunatley normally requires decent experience before hand

In my 191 class we were legitimately told to write keywords and then color them white so they’re invisible and don’t get filtered by ATS 💀

Well yes you can however that can be found out, a degree luckily negates a lot of HR filters so long as you arent required to have specific certifications

@elfin girder you question emoji'd elaborate

Huh? That’s the thinking emoji

Oh lol

YOOOO what do yall think about the AZ-500 or cloud security in general 👀

it's big and lit

you should do it !!

Hi guys, I just came accross the train o track site that selleing comptia security+ exam voucher for 16k inr is this legit? (In India only)

You should only purchase exam vouchers from legitimate sources. CompTIA has an authorised partner reseller program, so you need to check any claims by sites about such things

i was wondering, is BS a must in the cyber industry?

For future promotion and administrative role

It can certainly help you but isn't essential. A lot of people have other accreditations; certifications, CTFs, bug bounties, conference attendence/talks, teaching, maintaining a blog, doing writeups

My degree is in chemistry and physics… but I was also doing security in high school (MCSA+security for windows 2000 and 2003)

As a hiring manager I’d rather see your tooling and thought process.

I’ve worked with people with phds and those with no degree. Just show you can actually do the work and you’re hired.

You’re a hiring manager? Do you take any amount of training into account?

it counts, just like other things on your resume. is it a deciding factor? it depends. sometimes. sometimes not. 🙂

Thank you 🙂

Gave +1 Rep to @half cargo (current: #1453 - 4)

thank you

Gave +1 Rep to @rugged delta (current: #17 - 610)

Do you guys reccomend me to get a bachelor in cybersecurity? I got an offer from a school, but is there something else i should get instead?

Wouldn't not advice it, however if you don't think cyber is going to be your be-all-end-all may be worth doing a Bachelor of Information Technology then major in Cyber Security

why not study cs right away?

Comp Sci most jobs, Cyber same jobs as Info Sys

Well you may not necessarily like it and might want to be a DB admin or network admin etc

I dont have the grades for comp sci😅

Okey. What about the salary? Is it good, in cs compared to others?

Cyber degree local to where I am here is kinda treated like information systems. Computer science opens all doors, cyber opens most.

Okey, good to know. What about the job market on a global scale? And do you think the demand wil increase over the years?

Well it depends go do some research

all of them have senior roles all of them pay heaps depending on how niche you go

Okey, will do some research too. Thanks for the help

Gave +1 Rep to @echo grove (current: #598 - 13)

Or could you also answear on this?

No problem figure out what YOU want to do then look at the options from there, cyber security, computer science and information technology all open up options depending on what YOU want

Yes, with growing technology involves growing jobs, especially with the move towards cloud in all areas of industry

Okeoke. Think i will accept the school offer i got

Just remember to look at your majors and possibly your minors and dont take on too much of a load

Yes, C's get degrees however B's & A's get you recognition

Fax. I will do my best.

That only matters for internships 😇 grad school just wanted 3.2 GPA 🤣

And jobs don’t care about gpa lol

To be fair it also looks better if they check your academic transcript is moreso the point if your trying for competitive positions

i.e. if someone with a GPA of 6 and someone with a GPA of 5 applied for the same spot the 6 would likely win unless they are a proper idiot

Jobs still probably wouldn’t do that, but I’ve heard internships can/do

internships definitely or graduate programs in government or competitive organisations i.e. google etc

• doing less and getting higher marks its better overall for self development purposes

first job will care about GPA as part of interviews. Once someone is in industry and has proven they can do the job, it doesn't matter anymore.

My first job didn’t. Most ppl I’ve talked to - no.

My experience, other countries might be diff

We are only ever advised to take GPA off resume unless it’s for internship

Hey guys, I'm a final year integrated masters student about to graduate in July. I'm interested in going into pen testing but I realise that I probably won't be able to get a job in that field right after I graduate so I was wondering what other jobs should I look in in the spare time to build up my skills. Ik everyone recommends IT for common sense reasons but is it a good idea for me to focus on Software dev or even DevOps jobs to build up my skills so that in the future I can pivot to what I actually want to do

DevOps is its own career path. Software dev is good for hands on coding and experience with pipeline tools like Git and Jira

Aaaah okay, Because I was thinking about focusing my skills on java and getting really good at it to get a software Dev job, and then pivoting later down the line.

Is this a good plan?

Or should I focus on another language

Up to you. Java still used, heck PHP still used. JS might be the easiest and fastest paying job tho

Everybody hires JS devs

Yeah true, The reason I chose Java is because I've got the most experience in it through university projects and what not, It's definitely my strongest language

If you enjoy it, get really good with it and explore opportunities.

App Sec is also a big industry fyi

Oooo okay, I'll note that down

Thanks I'll focus on java for the spare time then

insane btw

Jr. Analyst - 5+ Years Req.
I've seen more than a few job postings like this lately that makes me wonder if this is normal. They go like this:

Bachelor's Degree Required, Master's preferred

5+ years Security Analyst, SOC 2 experience

5+ years IT experience

Industry Certification (CompTIA +, CEH, CISSP, CISA, etc.)

3 years with SIEM, triage, digital forensics

3 years pentesting, red team, or blue team

saw on a reddit post

Apply anyway

If it says Jr. that means apply

Don’t worry about the details

This would be a mid to senior level role. it sounds like the hiring manager gave a req to the recruiting team and between the recruiter and HR, they fucked it up

If it's truly a junior role, having 20% of that list is fine. I would not expect a junior analyst to have any real pentest job experience.

It’s because there’s a major gap between people with degrees and certifications and the people who have actually done the job. There are people with a “Bachelors Degree” in cybersecurity who don’t know the OSI model or what a subnet is. It’s something you’ll come across if you stay in these circles long enough. I talked to one guy on Twitter who told me he was CEH certified but he didn’t know what a shell was. It’s something you’ll see in the wild too, especially on smaller sites. Sysadmins who may have brilliant SIEM skills, or who are great at setting up a WAF… but at the same time they won’t sanitize user inputs, will have gaping SQL injection holes, they’ll leave on a public facing VNC server with no password. Employers have absolutely no idea where the knowledge gaps are for their applicants, which is why they come up with psychotic laundry lists for junior/entry level positions.

I feel like with any degree if you don't know the basic fundamentals you mentioned the university needs to be looked into or your work ethic as an individual needs to

Counterpoint: Where do you draw the line between "spoonfeeding" and "meeting the minimal baseline requirements"?
If a student enters a compscience or cybersecurity class and doesn't know the fundamentals at all, while the course focuses on more isolated and advanced topics, is it really the fault of the uni to spearhead someone through their courses, whoever organ who designes the curriculum, or the student who tunnel visions on the course material without understanding the core concepts?

It's my personal belief that anything IT related is like a car. Just that plenty of people studying automotive engineering instead of working as a mechanic.
I can tell you who of those is able to refurbish a rear axle.

Unfortunately, workshops don't usually require a degree to pass a HR filter. Whole system is busted.

Yes it is the universities fault, quite literally the first topic I did was internet fundamentals about how the internet works. A degree should teach you from the ground up. It is not a masters degree and is vastly different to what TAFE certificates are for. If OSI or TCP/IP models are not covered at any point that is pretty shit

Let alone not covering subnetting

Maybe I'm a bit jaded, since I did my degree part time, which means the baseline for expectations was a bit higher - but I find it rather hard to teach all aspects of IT within 4 years, if it has go to beyond a fundamental level. Going in with the mindset that you're a top dog in more than 2-3 domains after 4 years by following a bachelor program is insanity, especially if you put in any/barely any work for projects on your own.
But I don't disagree, going through the degree path and not doing anything tangible about the 7 8 OSI layers is pretty ridiculous . But I'm sure even these shitty unis just follow a playbook by whatever organisation tailors the curriculum.

I am doing a part time currently, a bachelors isnt meant to teach all aspects, it is meant to teach the fundamentals and then after that is where you have your masters and/or certifications to go deeper into specific areas

I like to view a bachelors as an HR gateway and a taster of all areas of IT

(Specifically if your doing a Bachelor of IT than cyber or comp sci)

Does anyone know how long it takes someone to study and pass CREST Practitioner Security Analyst (CPSA)?

It’s called a “Bachelor’s Degree” because the education is supposed to be so intense that a man puts off marriage (becoming a bachelor) to pursue it. Learning the fundamentals is what an Associate’s Degree is for.

An Associates Degree atleast in Australia has a higher educational rating than a bachelors IIRC. Also, we are talking about the 21st century here

I’m not sure what being in the 21st century has to do with anything. College degree holders had better educations the further back in time you go. At the beginning of the 20th century it was still a basic expectation that a collegiate would be able to read and write Latin/Ancient Greek, be trained in both Platonic and Enlightenment philosophy, speak multiple languages. Have you read Thucydides or Pindar? To someone from the 1850s someone with a modern Bachelors degree would be completely uneducated

1. Women can do degrees
2. My partner and I are both doing a degree and it has not had a major impact on our life
3. Reading those are not relevant for what I am getting a degree in

Hence my 21st century comment (Also we are talking about information technology degrees.) (Also I was thinking of graduate certificates not associates I was incorrect on that)

Sorry, but a "Bachelor" isn't here to teach you the basics. It's the first part of advanced studies, and advanced here is the precursor that determines that you don't start from a clean slate, but are expected to have fundamental knowledge already that is then built upon.

Als I fail to see how women being able to get degrees is in some whay influencing the scope and quality of them.

I didn’t say the basics I said broad aspects across the field. Also I doing a bachelor of IT have 3 subjects that cover the OSI and TCP/IP model one of them in depth being ITC212 which is a core subject and explicitly teaches subnetting and the models

The women comment was towards Bushido rebuttal to my 21st century comment. Irrelevant to what me and you were discussing @rigid marsh

I digged out the computer science curriculum of a local, full time uni.
and if I just dig up the details on the networking course:

The following aspects of telecommunications are covered in this lesson:
- Reference models (layered models)
- Coding theory and error detection
- Media access control
- Routing, distance measures, and shortest paths
- Flow and congestion control
- Connection-oriented communication
- Internet protocols
- Socket programming
- Network security```
I'm just note sure that 56 hours are enough to cover the topics that you're going to be able to work with this info in a very useful way.

So yes, certainly the guys you interviewed must have heard something of subnetting etc. But does it actually stick? Highly doubt so and as you could tell yourself, apparently did not.

Don't know about you but a 8 credit point subject being ITC212 in Australia is expected ~8-10 hours per week

With an expected output of ~120-160 hours over a full session

Aswell as studying the full textbook ontop of practical/theoretical assessments with lectures

I would say to cover subnetting and OSI-TCP/IP for a single subject that is more than enough

https://handbook.csu.edu.au/subject/2026/ITC212

That subject is a core subject in bachelors comp sci and IT

the course has 5 ETCS, which roughly translates into 125-150 hours. a third of that is contact hours.
If you want to grind out the list above in 150 hours, that won't be possible if you have to explain students what a network card is, or if you dedicate an entire day to explain a firewall ACL.

Pic above is from a renowed swiss uni, so I doubt it's one of these shitter degrees we talked about earlier

I just don't see it done in that timefrime without putting in the extra learning hours or some background knowledge. Sorry chief.

Except that NIC's are actually taught in that subject hence the text book you read and as for ACL's those have an entirely separate subject under the network engineering major

Of course they are. the question is in what detail

to get practical, there's a big difference between explaining what a subnet is, explaining how a subnet works, and being able to implement proper subnetting

The point being a Bachelors is to make students have a baseline understanding and competency before you specialise and add depth via masters degrees or certifications

Correct, you are right. Hence why you wouldn't expect a fresh grad student with no certifications or experience to go into a mid-tier network engineer role straight off the cuff

Correct. But it's also not realistic to say that people with a CompSci background got the bare minimum exposure and are now just one step above "useless" in the corporate world. If that's the case in Australia, I certainly woulnd't go an study IT over there lol.
There is a reason why science bachelors build upon previous knowledge. You very, very rarely start from scratch, but use that foundational knowledge for advanced concepts. If you go into a CompSci bachelor with 0 experience, 0 skills, 0 drive, and expect to be given a free handout of basic knowledge, you're in for a wild awakening.

Example from my past: Programming class. It was explicitly asked beforehand to install an IDE.
People didn't know what an IDE was, didn't do any research, and we spent time troubleshooting until everyone could launch code.
That's a failure in my book.

And an insult to people who at least put in the effort and pay money to spend time there

With 0 drive your cooked anyway for a start. However your logic is coming from you must have a background, no. If the course is worth an ounce of the money you are paying I would expect baseline topics to be discussed and taught to you professionally not by self-education.

You are now also mixing student effort failures with curriculum design failures.

Further, most subjects will tell you if a prerequisite knowledge is required or not (Generally the prereq's is to of completed a different subject before moving on)

A bachelors in particular guarantees a baseline it does not guarantee mastery in a field. It is based on the learning outcomes achieved throughout the course.

We just have to agree to disagree. What I see from newgrads and own experience doesnt match the fundamental knowledge boost you are talking about.
That said, you are completely right in theory. But with the hours scheduled per module, you will cut corners someewhere. And when that happens, what ends up being fundamental and what not can be open for interpretation.

But the examples mentioned in the earlier posts clearly are things not to be cut.

Eh may be different and yeah I do see where your coming from and I have noted it a bit myself, noting I’m doing an IT degree not CompSci, however 56 hours or whatever per unit is nowhere near the Australian standard of ~160 hours so there may be a difference there

Also to be fair depends on the uni you go to some are more theoretical some are more applied

Anyway good chat imma go to sleep now haha

Cheers lad

how to start at the soc

https://tryhackme.com/path/outline/soclevel1

Hi, I have a degree in conputer networks and Im recently SEC1 certified. I'm looking for my first role in cyber or anything IT at this point. 100% remote working is needed due to my current circumstances. Would anyone point me in the right direction or assist me in a referral please?

The best thing to do is to look for roles in your region on LinkedIn and other job sites. There may be a lot of competition for some roles so you might need to do more, such as having a home lab, a blog, discussing your projects, writeups, going to conferences/CTFs, having a Github/Gitlab profile, etc.

I already have a selfhosted homelab as well as a portfolio to show it off. Git hub profile active and contributing to issues on my favourite repos. Attended my first Bsides.

Its hard to keep motivated with everything you have to do for a job.
I'm trying to be persistent but it just gets tiring applying through websites, registering to 100+ said sites and just get an automated message back with no human emotion to say that I have been unsuccessful. Please try our talent pool etc...

Sorry for the rant

Dude I feel the same but what can you do 😔

Try Helpdesk / apprenticeships / technician jobs

And fix your resume if you can’t get interviews and tailor your resume to the job title (not job desc)

There is this guy called head less hunter and he’s helpful

Ive tried adjusting my CV a couple times, I was told by a recruiter I'm too over qualified for the job I applied for.

wth 😭

I'll have a looksies thanks

Gave +1 Rep to @stable raptor (current: #1237 - 5)

Dude what role did you apply for

Are you international or US based

The dilemma: can’t be overqualified but can’t be under qualified 😭

I really can't remember. It was a few years back. Just got it stuck in my head that the guy said that to me

Europe

ohhhhh

Welp sir gl 🫡

Thanks. You too ig 😅

When you're applying for a job, you need to tailor your cv/resume for the role. Use keywords and qualifications from the job description if you have them but don't load your cv with all the ones you have. You can discuss other qualifications at interview

I have tried to tailor my CV to cyber and a separate one for administration. Maybe ATS systems aren't picking up keywords correctly idk. If i can get my hands on an ATS system to take home, maybe I could diagnose why.

ATS doesnt pick up ur keywords, its a first come first serve model

there is no AI or anything

you need to tailor your resume to the job TITLE not desc

you will waste time b/c every job desc is a bit different

i highly recommend watching headless hunter

I have been gone for a while but I've been working on building my cyber range lab 🙂 I can't wait to get it racked this weekend and start installing all the software. It's been a long, grueling, painful month of securing deals.

How would you reference a cyber range lab on your resumes?

Would it be a project or since it's part of my business would I put it under experience?

Oh, I thought it scans and filters every single CV that comes in. My silly assumption

lots of people think this

again, watch headless hunter, he has videos on what ATS rlly is

what role are you targeting ?

think of it like a digital filing cabinet

Junior SOC analyst and system/network admin

i think those two MIGHT have different resumes

i would join his discord

Do you have a link please?

ye

I have separate resumes

ok good

I was planing to work as a soc1 analyst but I learned they are working with nightshift system so I am planning to push myself for Security enginner role and tryhackme path do u guys think that path is enough and decent for this role?

What certs you got?

I'd still take that SOC analyst role anyday, any experience you get will be a benefit to further on move laterally to the security engineering position.

Yeah experience always looks better than anything

Nightshift isnt that bad. A lot of SOCs have them

I have no experiance guys I just had 3 months internship as a soc1 role but I dont wanna get any nightshift thats why I changed my roadmap

but I just want to know our tryhackme security enginner path is that enough

Security engineering isnt an entry level role, especially if you dont have experience

I'd go for the SOC L1 role. Night shift is rough but it'll look good on your CV to have experience

I mean yeah u are right but I dont wanna really work at nightshifts

I wasnt really know the disadvantage of nightshifts

If you have no certs and no prior experience then it's extremely unlikely youll get a security engineer role

Is it an internal soc or internal?

but which certs should I push u think

for a security enginner role

and sir I really dont wanna for as a soc analyst

Why not

It's a common starting role in cybersec

Depends on what the roles in your area look for. If you do an internship then you can pivot and potentially move up the corporate ladder and get a full time role

secutiy enginner

That doesn't help

Security engineer roles in India have different requirements than a company in the USA

I am living in Turkey

Yeah so see what certs are required

CompTIA Security+

Go on LinkedIn and check what the certs all the job listings have

Security+ is like... Bare minimum for SOC in my experience

what would you go for?

then

The opportunity to have an L1 role internship without certs is crazy good

Like I said - Look at the certs that are mentioned for roles in your local area. What certs I have and recommend might not be useful for you in your area

I worked for a turksh bank but I had 3 months nightshift so end of the internship I decided to change my role

ight

What's your reasoning to saying no to nightshifts?

I mean basically I dont wanna lose my face card

Bro what

It can be weird but thats why

I need sunlights and friends

You can have good experience on your CV and money, or no money or work experience, but at least youll look pretty I guess

ahh I mean I am just not sure

If that's higher on your priorities then all the power to ya. Personally I would take the job experience and money so I can use that to get other jobs later. Without any experience or certs you're not likely to get a security engineering role

try to look from my persfective pls

I don't know you. I can only tell you what I would do.

but still in the future I dont wanna work as a soc analyst

I mean role is superfunny

If you want to be a security engineer youll need prior experience.

SOC Analyst might be something you dont want, but it's the start of a career in InfoSec

so what is the other alternatives

if still I dont wanna for as a soc1

Have a family member in the company

my red team knowlage is awful

Or enough certs to get a job

I'm bad at pentesting, but HR look at CVs before anyone else. If they're told "get people with X Y and Z certs" and you dont have those certs then youll be rejected

what about if I work 6 months as a soc1

do u think can i swich the role

to

cloud security analyst

Depends entirely on the company

I'd take that job anyday

this is sounds great

Yeah nepotism is a hell of a good way to get a job

ahh I am so stuck

If i were you just take the job, not everyone is lucky to get that. Then in future you will have experience and can apply for what you want.

You can still see friends when you do a nightshift. If its like 1900-0700 then you still wake up at like 1pm, go see your friends and hang out before work

bro I swear I am about the lose my facecard

I will try to go for security enginner role

Without any experience

I mean I got 4 months

I can still learn and get certf

I know almost everything abt network'ng

and splunk

I just checked a job posting, they need 4 years experience

You can slim that down a bit if your experience with homelab stuff is good. But no one will hire someone with 4 months experience imo

I got a question, are people here who got careers for Cybersec, they just learned from tryhackme? Or did actually go to some school?

I got a degree in compsci and got certs. Used THM to learn tools and add it to my CV

Would I need degree as well? Or is enough to learn every single thing from THM and get the certs?

When I get interviews I talk about THM, but I don't put it on my CV because HR dont know what it is

You dont need a degree. Certs can cover that depending on the company

Thank you

ight

I will work for a mcdanls

Or get the SOC job

Hey, whats the go-to for remote jobs outside of the US? Or ones that at least dont require sponsorship?

As in, websites and such. Linkedin feels like its talking to a brick wall sometimes

That's incredible broad lol

Do you have certs? What kind of experience do you have? What role are you looking for?

My bad, yeah I have eJPT and AZ-900, looking for pentesting/red team opportunities. I have 3+ years in cybersec consulting so im looking for similar roles

problem is im from LATAM, most US job opportunities requiere sponsorship and stuff which makes it hard to even get considered without them

Look somewhere else then. Remote jobs can vary from jurisdiction who they can hire. From personal experience if a company doesn't have a legal presence in your country then they're less likely to hire you

Yeah thats why im also wondering what other platforms people use apart from linkedin to find remote jobs. At least what i´ve seen pop up, I can´t apply to most that pop up on my search

Indeed and Linkedin are by far the most commonly used

I´ll try Indeed, thanks 🙂

Talking from my own experience here btw. I haven't worked in North/South America so take it all with a grain of salt

I´m also open to work for europe, honestly anything that isn´t south america is a huge plus

Europe has more language barriers though from what i´m aware

Mm. I'm fortunate enough where I've never had to deal with a language barrier, but I understand it can be tough

Could see if there's anyone in your network who has experience in working for a company in Europe

Heya everyone!
Does anyone here have attempted or passed the “Certified Blue Team Practitioner” by The SecOps Group (pentestingexams)?

Would appreciate the resources yall used during your preparation.

The main concern when hiring pentesters is that it is some of the most sensitive work a company needs done. Companies may have regulatory requirements about how they fulfill certain roles and complete certain tasks. You might need to migrate, going through the visa process of a country, and for penetetration testing likely further scrutiny. You'll also be highly unlikely to be hired into a pentesting role with AZ-900 and eJPT, these are two fundamental certifications. You might be expected to have OSCP+ or similar at the minimum, or be able to show other pentesting experience, such as through CTFs, Bug Bounties, etc. I'd recommend reading the Tribe of Hackers Red Team book as well for hints and tips

Hello, how can I get my first job in anything related to IT/Cybersecurity? I believe any IT position I land will build knowledge that helps me in the future — regardless of the role. My goal is to get that first job for both the salary and the experience. Any suggestions? how about help desk/it support?

I have previously learned web development a few years back HTML, Python, CSS, JavaScript, and Django on a self-taught basis. I also studied cybersecurity but wasn't too focused on it. I understand the concepts theoretically but haven't practised much hands-on.

What’s wrong with SOC?

wdym?
bcs it is the lowest role in cybersecurity I guess, and I love it based on what i learned

do u think cybersecurity is worth self learning it will it get me a job? and how can i really get a job without experience really

Without experience?

Certifications, formal education, blogs, projects

There is an issues with rooms I just put answer of one question and tryhackme automatically solved my room why

Hi, I want to learn cybersecurity to become a pentester. I already know the basics and have used Metasploit, Nmap, and Wireshark. Where should I start? I would love someone to guide me?

https://tryhackme.com/path/outline/cybersecurity101

start from attack-chain terminology. the best thing you should sharpen is your recon skills.

is it unrealistic to from helpdesk --> soc analyst ?
i am just lost
i've heard if u do helpdesk u need some speciality to go to and so like cloud, networking, security, etc.

Hey guys, does tryhackme offer like labs for universities to use? Like, hackthebox has communities that unis can make to have collaborative labs

Yes, you can absolutely transission from helpdesk to soc analyst. You can follow the regular paths on THM that'll teach you everything you should know from the basics to advanced knowledge you'll need to be able to do the job

You should check out the classrooms feature to see what's available for students:

https://tryhackme.com/classrooms

yo guys whats the best things to learn first in studying red team at home? i already surpassed Comptia A+ core 1

i also know how to code basic python including threading and libraries.

i have built a simple voice recorded browser search app when u press a specific key

and some other apps, i mean you can check my github

You need to learn Linux, Windows, networking, security principles, and then start learning hacking. There's lots of great stuff in the THM paths to take you from beginner onwards. Python will certainly be a benefit. You'll pick up some basic bash and powershell as well as you progress

Oh actually I'm not a beginner forgot to mention. I have a Linux homelab

And I built a Android root level underclocker before using python

nice

Excellent. You should look at cybersecurity roles that you're interested in and see what kinds of qualifications and projects you should be partaking in. Having a blog/github profile can be a great way to discuss your projects, achievements, writeups, certifications, etc. Taking part in CTFs and going to conferences and meetups can be a great way to meet others who might be able to connect you with potential roles. Also consider various job fairs. You might consider reading one or more of the Tribe of Hackers books, a series of interviews with experts in various cyber roles across the industry

This is some good insight, I'll check tribe of hackers as well, thank you!

Gave +1 Rep to @rugged delta (current: #17 - 611)

hi ! Can you give your tryhackme username .

Hey👋👋 I recently started working as a junior network engineer and I’m still learning a lot of new things. Recently I came across products like honeypots or deception servers. From what I understand, they act like intentionally vulnerable servers that attract attackers. When a hacker tries to interact with them or exploit something, the system can detect the activity and gather information about the attack or where it’s coming from.

My question is how effective these systems actually are in real life. Can they really fool experienced hackers, or are they mostly effective only against less skilled attackers?

Also, how do attackers usually detect or avoid honeypots/deception systems? Are there known signs or weaknesses that make it obvious that a server is actually a honeypot and not a real vulnerable system?

Would be really interesting to hear from people who have experience with this in practice.

Hi, honeypots (and honeytokens) are actually pretty effective, our red team has tripped our deceptions various times in the past, meaning that you can fool experienced hackers with them. Because honeypots are so noisy, it's hard to effectively avoid them. The simple act of pinging or scanning a port on the honeypot would create an alert, which happens often during recon. If they manage to get into the honeypot, they'll probably figure out it's a honeypot based on how it's setup compared to other devices in the network. It really all depends on the honeypot you're using and how it's configured.

Hi guys, has anyone here navigated the process of landing a cybersecurity position in Spain as a Non-EU foreigner? I'm a mid-senior level cybersecurity engineer in the US and am looking to relocate to Madrid.

Now I'm currently at my final of grad bsc cyber security but i dont have much technical knowledge deeper and spent so much time in cyber awareness session in different schhol,communities ,organisation. but now i have to learn and earn but not have enough knowledge to start i think but still i have to earn . I dont have money left with me much but i m eager to learn now i have to support some fam expenses but expect me to manage it from just from carrer of cybersec only ...
Is there anything from u all who share some insights or learning or internsip oppotunity can tell me

You need to get really comfortable with Linux and Windows admin, how networks function, learn how programming works, spend a little time learning about the cloud and AI. If you don't you'll miss out on learning opportunities and be in deep water when you go to pursue cybersec skills. I know academia throws a lot of theory at you, and a lot of written assignments, with quite a bit of practical experience, but nowhere near enough to perform at a high level in cybersec. You might be suited to a helpdesk/tech support/IT/QA/SOC role with ongoing training. Luckily you can learn a lot here in THM. If you're not a subscriber, check out the free beginner's path suggested below. Also pick up one or more of the Tribe of Hackers books, and get in the habit of reading and studying as you progress.
https://tryhackme.com/resources/blog/free_path

I would like to network with Risk Officers or Risk Managers, if any. Risk is a weakness of mine and I'd like to get good at risk management and assessments. I believe it is a field that is underrated and I could transition into as I currently work as a Systems Security Engineer managing ATO processes.

Do you have any specific questions?

I'm just wondering without a finance degree. Only security background. Is it possible to be a risk manager?

I would say it depends on where you want to go. Risk isn't just finance, you working as a security engineer dealing with ATO processes are exposed to risk and management of it.

There are all different areas of risk Cyber Sec, operational, financial, legal etc it depends on what you want to go down

Yes. Could one get in without any certifications?

In theory if you promoted into a managerial role and gained the exposure however generally you would be looking at getting a bachelors or masters else certifications

For example an ITSO with a masters in cyber security would perform risk management and acceptance on cyber security matters, however generally youd need some sort of qualification

To be fair risk is at all levels its just who you defer and elevate risk to is when you hit the dedicated people

Some recruiter reached out to me yesterday about a PM role 🙁 this has to be a joke. (I've been looking for IT/Cyber/Networking)

PM roles can do that dependent on where and what it is, I personally if I was doing PM would still want to be on the tools

He said that it was mainly being the front-face for the customer. So probably not tech and probably wouldn't help with a career in cyber lol

it's a SWE company btw

My team is front face for the customer. We support them. It is still cyber.

Fair

So and ISSO could be handling risk decisions as well?

100%, an ISSO focuses on security, compliance and monitoring. If A system technician came to them with something theyve implemented however there is some risk involved i.e. opening a port for a service that is where risk acceptance comes into play

oversimplified example obviously

what do you think? i would have to relocate and it's quite far away

i also had a Sr. Recruiter reach out for a position I'm currently doing elsewhere, probably for more pay, but I'm not willing to leave for that personally.

I would ask questions then way up your options of what you currently have

Any advice after passing sec+?

Get job

Get GCIH

I just finished the fundamentals of cybersecurity and started the Google IT support on corsera. Can anyone help give advice on where and what I should look into or work on next to get started with an intern/ entry level?

Probably depends on which aspect of security you're most interested in. Have you done the Cybersecurity 101 learning path on THM yet? It gives you some practical demonstrations of what the different paths of the industry look like, that might help your decision if you haven't already decided

i love socks

i bloody love recruiters

If you're doing one of the Google courses on Coursera, try and finish it in the first, free week, then cancel your subscription. They're fairly basic courses and employers wouldn't consider them valuable, because they don't really train you or test you to a satisfactory level to actually do a job

Hello guys

I'm new here

Welcome

I don't know where to start from

Try persecurity learning path first and see if this suited you.

Where can I learn that

In tryhackme

https://tryhackme.com/path/outline/presecurity

LEARN

Either soc or pen test lol

Opposite ends of the spectrum but if you don't have a preference, maybe dabble in both and see which you enjoy more? SOC has more entry-level positions open, which is unfortunate for me because I just don't enjoy blue team stuff for the most part But yeah, I'd say just try both in depth and see which clicks better

I’d like to have some feedback on my resume to fine tune it for job applications.
Will anyone have a look at it?

If you post a PII redacted image of it here, someone will look at it

It looks quite good, clear and easy to read. Good descriptions of your skills and experience. These days when applying for jobs, most of the time you'll encounter Applicant Tracking Systems (ATSs); Ais built to filter fitting cv/resumes. You'll need to tune your cv using keywords from the job role you're applying to. Your cv looks easy enough to modify to add/remove words that match the job description that an ATS will be looking for

noted
thank you very much!

I heard this is wrong

ATS doesnt use AI, its just a first come first thing

i believe it was just a word finder before the AI boom but now i think AI does have some play in this sreening thingies cuz it does a bit of a better job than just plain word search

Mang I gotta find a way to get an internship like that. I work on MES but I don’t get to play around with OT/ICS

it was an on-campus opportunity sooo
but hey, I'd say i wanna do something in MES too

Some companies have integrated AI tech. Not all AI is LLMs. At one stage, calculators were considered AI tech. Also, it's AI until it works. Then it's just a normal computer program

Interesting

I’ve heard to tailor to the job title not the desc

Void recommended headless hunter dude that’s what I’m going based off

They want you to have some of the words from the description. Also, a huge volume of job positions on LinkedIn and such are fake, cos they're trying to encourage their staff and investors that things are going well so money comes in and staff don't leave. There are also regulatory requirements in some places where the job has to be posted publicly even if someone is just getting a promotion

👍

I mean your resume looks a thousand times better with it. So I’d say it was a pretty good opportunity

Surprisingly, my uni didn’t have many opportunities like that.

And I never landed an internship

thanks man
appreciate it

Gave +1 Rep to @elfin girder (current: #148 - 74)

anyone wanna review my resume 🥺

its great i wish i had one to

???

your resume its great i mean

wish i had one to 🙂

oh ok ty

hehehe its ok 🙂

do you offer any advice

any way i can make it better

bro i be honest with u ok i dont even have 1 month of experience in AI/ML that thing takes metal balls to learn and do it's way out of my league hhehe and any way if u want to enhance you resume more u can add some more experience or projects ig

with resumes like yours, it's no wonder i'm not getting any interviews 😛

...

WAHT

something was delted

🤔

Dang its fire
But don’t you think the first and the last point in your first professional experience are a bit repetitive?

I feel like it’s putting forward the same point

I see

Wanna ask you
should someone have an College degree or University
To land a job ?

guess its important in some countries 🙂

It's not essential, but it can give you better visibility. Depending on your country, the cost of doing a degree might outweigh the value it'll give you. Many people going to cybersecurity prefer things like certifications, having a blog with discussion of projects, home lab, events, writeups, etc.Having a Github/Gitlab account is a great way to facilitate that. I'd suggest reading one of the Tribe of Hackers books on the topic

Heyyy is anyone interested in learning cybersec w me using homelabs?

I literally just saw like 5 minutes ago a State Farm Talent Acquisition person asking for recent Computer Science graduates from my college in particular. So probably 🤷‍♂️

On LinkedIn but still

Hi,
I have around 2 years of experience in SAP Finance domain BUT I want to switch to cyber. I tried asking internally if I could move to a GRC related cyber role but 😑 they said network with people and increase visibility and provided a free isc2 certificate link to learn more on cyber. And I talked to 3 leads 🫠 not much hope.

So at this point if I get an ISO 27001 certification will that get me a job in the grc field in this job market....(From India)

Or should I just persue masters in cyber from Europe?

Cause I have heard a lot that masters in cyber is not required....but 😭 how do people switch careers I am so confused.

I have a btech in computer science and MBA in finance. So I already know about cyber and I am doing a Google cybersecurity professional certificate to brush up my fundamentals.

Any advice 😭?

I'm not in the field but recently someone told me a master's degree is good and shows an ability to understand systems deeply as many places have their own proprietary systems.

Personally I want to get a master's degree in Europe.

can someone give me advice on my resume? mainly will use it to apply for internships

Anyone have any experience interviewing for network related roles? I’m interviewing for a network analyst internship and was looking for tips.

had two for this last recruiting cycle (one was technically infra title but it was mostly networking), at least in my experience if you know the OSI and TCP/IP models well (ie the layers, devices, protocols, order, who serves who, maybe even some layer specific header info and stuff), you can answer pretty much everything with ease. the deeper you know the models and basics, the easier every generalist question is, which is all theyll ask for internship level. in one of mine the only real technical question w hm was to explain the osi model in as much detail as I could, and nothing else, purely behavioral.

other than that maybe just simple stuff like use cases for vlans. im no networking expert but i found mine relatively easy

Do HR-s take certifications into consideration? I have PCEP and i will do PCAP soon.Will i be able to get a job with those or they favor university studies?

I would say getting a degree would be more advisable than those two certs alone

Im only 17 so im looking for internship at DMAC (junior data analyst/market analyst) Do you think i have any chance? Be honest.

I am not really in the analyst space, your best bet is to research the job you want and target midish tier certs that align to that

or get a degree in that field as thats pretty much a catch all

we're in the same situation, I too need to find an internship

they offer really good salary for a freelancer junior data analyst tbh

at least in my country its a good salary

but every company has "ongoing university studies" in requirements

I'm fine with not having a salary

I might as well apply to THM, but they don't have any internship positions, I'll work for free as well

i think blackrock has some good offers for you

i think they offer internship like that

iirc

guys where can i learn Vulnerability Management

there is only 2 path exist soc1 and pentester

Thank you!

Gave +1 Rep to @winged scaffold (current: #3677 - 1)

You can learn tools like Nessus, OpenVAS, or Qualys

guys help i am starting my career in offensive security but i don't have any degree so still i can get job?? i also have adhd

You don't need a degree necessarily to get a job in cybersecurity. There are lots of ways to gain the skills you need. As well as THM, you can learn more about Linux, Windows, networking, coding, cybersecurity and more through certification and training, practice, building a home lab and creating projects, doing writeups, going to conferences, attending CTFs and blogging about them online. Github or Gitlab can be a great help in these. You can read books on every topic in the field, including AI. You should check out the Tribe of Hackers books, which discuss such topics for various roles in the field

thanks

Gave +1 Rep to @rugged delta (current: #17 - 612)

hey ive got a question for you. what are the reqs for an ISSO? i got instantly rejected by boeing when i applied, i thought i fit most criteria having the dod 8140.03 compliance (sec+ and cysa+) and a bs cybersecurity along with IT exp.

i get i don't have the full 100% requirements, but i wasn't interviewed either

Are you part of the continuous vetting program? 3+ years implementing the Risk Management Framework? Their process is fairly intense, because they're a government supplier. This is the job description I found:
https://jobs.boeing.com/en/job/pleasanton/cybersecurity-information-system-security-officer-isso/185/92478430928

We just had a chat about this over in #general haha not quite the clearance aspect haha

i was looking at the position in missouri, which i think said 1+ year instead of 3+ but no i am not part of the continuous vetting program. not even sure what that is tbh

A lot of the people going for jobs in Boeing or Lockheed grew up in the towns where they build, or have a continuous government presence close by, etc....

Well I think it's a government program you can apply for. It's not the same as a government clearance program, but they do likely do things like interviewing friends/family, looking at your web history, what clubs you're in, what programs/projects you were a part of and your success, and other things

interesting. what's this though: government clearance program

If you want to work in the FBI or CIA or NSA, etc., they have their own programs to decide if you get a security clearance and what level... Kinda like this... https://www.youtube.com/watch?v=Wq0jct4QLcY

Well then best of luck pursuing it

thanks 🙂

Gave +1 Rep to @rugged delta (current: #17 - 613)

Continuous Vetting (CV) is a process that involves regularly reviewing a cleared individual’s background to ensure they continue to meet security clearance requirements and should continue to hold positions of trust.
https://www.dcsa.mil/Personnel-Vetting/Continuous-Vetting/
I looked it up, appears Continuous Vetting is just the process of continuously making sure cleared individuals aren't doing anything sketchy 😕 so doesn't look like a program to help get a job.

It is a requirement that Boeing has on their job description. Specifically, you need to have been subject to it for 5+ years

hmm

but i'm not sure what I'm allowed to say here to ask because clearances are very sensitive

Of course, I'm not part of the team interviewing you, so I don't know why they made their decision

For a start I am not even American lol

Nor am I! It's just quite normal to hear about a lot of American processes and organisations in this field, since so much of it comes from them

Yeah haha, I love commenting on stuff that seem reasonable here but then unreasonable elsewhere then your like right different country

I've worked for American companies and they need to comply with US laws and policies, and a lot of the same ideas are adapted for other places around the world

Tracking haha more meant in the Discord setting like this haha

don't get it wrong, even American companies tend to C/W ISO 27001/002 and others. we all share policies and frameworks 🙂

i dont rm which one, but a fully American company just recently shared on LinkedIn about their official compliance with that framework

Yeah it's quite normal for companies to adopt that standard, especially when dealing with international clients

hello

Yo guys any tips or anything I should prepare for appling internships

find a fun company

thats honestly the most important thing

or at least somewhere where you feel comfortable

I can find company but will they accept me 😭

Im sure you will, its an internship your there to learn

not too become ceo

hey everyone just started on my journey in doing a full career switch to cybersecurity, ive been working as a product owner/scrum master for almost a year in may and planning to quit once i find a job in the field. any tips or expectations i should have in breaking into cybersec? i find it a bit intimidating and have this weirdfeeling im rushing my studies

Find something you want to learn really well, have fun learning it, get certs for it, then apply and expand. Being to generalized is not the way anymore unfortunately.

hello friends cyber security I'm new I need your helpers

is it true that go/rust are good for seceng or devops?

im good at c++ but i want to tear my hair out using these langs im using for a personal proj rn and honesly i just wanna hear it'll all be worth it 😭

What helps me currently is not only doing theoretical stuff as it demotivates me heavily reading all the time

I'm on day 3, i try to break my learning up into 50% theory and 50% practical stuff

so right now im moving through bandit overthewire while using THM for theory

Planning on in around 2 months to pick up abook for CompTIA Security+

Where can a person find jobs that are NOT requiring a clearance?

I live in the Washington D.C. area so every other job requires a clearance and it's on my nerves as I cannot relocate until my property is sold.

i'd still apply unless it specifically states "must have an active ts/sci" because the company can just pay for you to get one

I've ran into scenarios before where i apply to clearance required and i say i have one, then they do the bg check and see i dont have one and ghost me.

don't lie

a clearance isn't like a certification 🤣

that's a huge liability and you may have just gotten yourself on some blacklists

i had a secret clearance given to me in 2021 but it only lasts 2 years so they i have to start all over again and companies wanna save their money these days

last i knew secret lasted 5 years

top secret was 2?

you should mention expired clearance still because usually that's easier to get than somebody who's never had one

ez exam

marry a us citizen atp

^^

I'm a us citizen and I've held a secret clearance in the past lol.

Hello
I have started my preparation for soc level-1 but as I heard that most of the soc entry level positions are almost automated with ai for the alerts and monitoring.
Can anyone suggest me what should I do ?

Baby steps my guy

Build a AD lab, SOC lab, etc

Homelab I mean and do one thing at a time and investigate work

You can learn basic scripting but can’t replace of human part of why something happens and the investigation part

Okayy thankyou

is SOC level 1 usually part time or should I be looking at other companies?

I found one soc level 1 job that requires CISSP certification here and that just seems crazy to me

and the other two i looked at were part time jobs for students to gain experience

thats def not a SOC1 position lol. apply anyways. but no SOC positions can be part time but most times they are fulltime. I work in an MSSP and all the SOC positions here are full-time

CISSP is usually not required until atleaast SOC 3 from what I've seen

The position title is SOC L1 Analyst

"relevant certifications (e.g. CISSP, CISM, GSEC) or courses related to endpoint security, IDS/IPS, SIEM and log analysis"

Sounds like the typical wishlist of certifications HR likes to post

insane they are asking for CISSP

that is like 5+ YOE

I'm just gonna keep making write-ups on linkedin while learning in my own homelab

and hopefully a recruiter will take notice at some point

samsies :3

SOC 1 jobs in U.S. have been wanting CISSPs

This is what happens when market is flooded with people who were previously laid off

I’ve been applying for every SOC and Jr SecEng position I’ve been able to find since June and I’ve never been interviewed. BS, Sec+, eJPT, CySA+, GitHub projects, CTFs, 4y IT mentorship exp, and 6mo IT work exp. I do more and get less and less

Have you been posting your achievements in a blog, and on your LinkedIn?

LinkedIn was kinda an after the fact thing, but yes I have linked in I use to post that stuff and a website portfolio

Both are linked on my resume too

Markets tough my man

Yeah it is a really rough environment out there at the moment. Have you gone to your local BSides or other conferences/meetups? You say you've been doing CTFs

I did a couple non team ones for THM. I haven’t had time for any more. Hopefully get to go to BSides in October 🙏🙏🙏

Keep up the pursuit, and don't limit yourself to just SOC/Jr Sec Eng jobs. Apply to all kinds of IT roles too

Where are you located?

IL, US

what 😭

you should of have at least ONE interview, this makes me feel lowk worried 😭

best of luck. this industry has never appreciated me

ty 🥺

myan i dont understand arent u doing everything u can tho

sec projects, certs, IT experience, what else ??

dont worry about me, my luck has always been dogsh

oh

somebody i know recently got hired as a security consultant at an aviation firm

we graduated in the same class

truth be told, the biggest diff is he had an internship

ah

You just need to find that someone who'll take a chance on you, don't give up.

I'm looking to find a job myself, but sticking to my current one at the moment as it is sponsoring my visa and haven't met the local experience requirements to apply for a visa under my own name. 😅

visa is tuff

Yep, adds complexity to the already complex job market. 🤪

Good luck!!!

Marietta in Georgia isnt close to that right? otherwise i might be able to inquire at my old emplyer

No unfortunately not. I am looking to relocate however

I checked on their website, i dont think they have anything currently

Yeah I figured 😔 like I said cyber hiring has been really bad recently

I may just give up on it altogether and try and stick with IT if I get CCNA and still no interviews

I literally can’t afford to not get interviews

Normally they have stuff but now the IT stuff they have is either in NL or india

I mean I have a job but I need a better one where the COL isn’t so high lol

yeah market does not seem good rn

you can always try to stick with IT and then later move into cysec

Yeah ☹️

Hello everyone

I am new here

Hi , nice to meet you

someone offers a job? 😅

Hi everyone I am new here

Hi

Hi

hi

Hey everyone I m newbie can anyone help me or guide me to get bug bounty?

You’re subscribed to #TryHackMe yeah? Perfect place to learn!

Will SOC still be relevant after a decade

??

hopefully 🥺

yeah

ai cant automate everything

and you'll still need human intervention

^

Hello everyone

Wsg

i think ai is just 10% reyality 90 % Bubble

Hello everyone! 😊 I hope you’re all doing well. I find myself at a bit of a crossroads, as I’m currently considering two exciting learning paths: penetration tester and security engineer. At the moment, I’m working as an assistant system administrator, and I’m trying to determine which direction to take.
While penetration testing truly resonates with my passion, I feel that the security engineer path aligns more closely with my current role. This path encompasses DevSecOps and AWS, which is particularly relevant since our company is actively expanding its network to AWS.
On the flip side, I would absolutely love to explore the penetration tester route. However, our company currently lacks a dedicated cybersecurity department, and if one were to be established, it would likely focus on blue team efforts to safeguard our organization. This leads me to ponder that if I choose the penetration tester path, I might eventually need to leave the company to pursue that dream, which is a tough decision since I genuinely enjoy working here.
I would greatly appreciate any suggestions or insights you might have! Thank you so much!

Do what resonates with you!! you’re gonna be 50 years old one day no matter what, might as well be 50 and motivated than 50 and burnt out. I went to the military got discharged then school for HVAC, hated it but it was convenient, but my passion was video editing and computers and so I took the risk of not only changing roles but entire careers for my passion and I never regretted it 🙂 if I had never done so, I’d imagine I’d live with so much “what if”

Preach! I spent 15 years nursing,felt like I was a fraud, too much stress coming up to 6 months since I first started my cyber journey and never felt more at peace and connected to a community!

The leap into the unknown from a stable income is terrifying but so glad I did it!

especially if you have a good support base around you being friends, family, even just mutual dorks in a discord server lol whoever it is can be a positive impact on you during the transition which will help so much in reassuring any venture is possible, as cliche as this may come off haha

as a random mutual dork in a discord server i hope for a future update lol!!

Try both paths, one module at a time for each. After each module completed, continue both or jump on one exclusively.

.

To add in what has been said, try both paths and see which one you'll enjoy or fit your goals. Better experiment early on than regret not even taking a look at the other path

Hell yea

mad respect idk how people switch careers like this

???

mods???

Is it true that certs like Sec+, eJPT, and CCNA (which I’m currently working on) only look like filler on a cyber resume compared to certs like CySA+?

Also if I start my masters in Fall at what timeframe do yall think I should start trying to apply to internships? (Assuming all goes well, I’ve been accepted) should I start when school starts, should I start early, or should I wait a year?

Good morning peeps I'm in an ambiguous situation rn i am a cyber security enthusiast and i have done google cyber security certificate and currently doing SAL1 certificate - security analyst level 1 from try hack me

And i just feel like entry level jobs in cyber security are quite crowded and i was thinking of improving my skills in cloud security hence i have taken up AWS certified cloud practitioner exam

So my question is , am i doing anything wrong? Should I stick to improving my skills in soc analyst entry level jobs or should I learn more about cloud

I'm really looking for guidance

Dude, I just got told the only cert I have that matters is CySA+ for entry level cyber…

Wattttt

I don’t think you’re doing anything wrong

dawg what 💀

what are u aiming for

(Out of the ones I have)

Which are Sec+, eJPT, and CySA+ (also including CCNA which I am studying for)

homelab 😊

I'm from India and entry level jobs are soooo crowded mannnn

so many certs 🤤

too much population, we need thanos

I have done 3 home lab projects

WHAT

bro how havent u gotten anything yet

what abt like certs? or like do u w*rk rn

I graduated in the bachelor's of Computer Application with cybersecurity as my specialization and I have finished Google cybersecurity certification and I'm currently doing SAL1 certificate from try hack me

Yet

:o

I am doing cs

i heard doing a bs in cyber is not good

idk i could be speaking outta my ass

Idk

IMHO no it’s not

so its good or no

in ur opnion

Very very few job positions ask for cyber degrees

ah

Almost all cyber positions accept comp Sci

You do the math lol

true 🤔

I am graduated from biology, is there any career in this field

Dude I am so burnt out hearing the other certs aren’t worth anything… Even the cert I’m studying for.

yea people have went from nursing to IT 💀

idk how

but they did

Network ig

gotta keep collecting em like a pokemon

Istg yeahhhhh

Intrest vs job pressure 😆 lol

CISSP FOR ENTRY LEVEL POSITION

Dude I’m going to quit this industry. I am so sick and tired of this. 🥀

u work in it support right

how is it

Yeah

It’s good

:o

but why cant u go from IT support --> soc

Are you wo*king professional?

or wtv u want

No SOCs want me

WHAT

Dude, why do you think I’m so burnt on Cyber

D:

man

that sucks

but i thought ppl say do homelabs, sec projects, certs, and post everywhere and obv networking D:

sorry ur feeling dis way, I am also 😔

Hi

I have a problem; someone stole my Free Fire account from within my account using the cache on my phone, and I have the IP address, I need to recover my account, how can I do this?

Message Free Fire's support - not us

No, my brother, I have ip address I can check using nmap He went inside and took the cookies he had and everything else I saw in front of me.

Then keep your cookies secured next time - you can always go to the police

He entered through port Open within my network and withdraw them

The police probably won't be able to solve the problem.

I think

Doubt, but secure your ports better next time then - no one will hack anyone for you here

But I must return what he took from me, even if it was something insured. I will take what is most precious to him and exchange it with him.

Can you help me ?

It seems you know a lot of things

No, I don’t hack people

No, you are defending the truth, and I can show you that he accessed my account and took something very valuable.

Sorry for being an asshole, but respectfully, don't bs me - I've heard those stories countless of times
Message support, secure your network, go to the police. That's all you can do

I can show you the login messages or give you the account details so you can check for yourself.

No

Let's agree so we can find a solution. What do you need to prove my point?

Nothing, I don't hack people nor I recover random ppl's accounts

Hey, we don't offer such services here sorry.

@tiny solar u can report this on cyber security

yo guys after a full year of learning and tryharding, working on countless projects Ive finally landed my first junior job in IT cybersecurity. Dont give up! I felt stuck and doubted myself. But consistency really does pay off

good luck for everyone

Hey there!

Hello guys! new here! I want to pursue a career in cybersecurity but I don't know where to start and what certifications I need to take. Thank you in advance for your answers!

did you complete the cyber security 101

Thank you for responding. Not yet I've been trying to find some info on where to start. So this is the first one I need to take to know which path in cybersecurity I would like to focus on?

Gave +1 Rep to @opal raptor (current: #2392 - 2)

you can start with the pre security path and the cyber 101 path in thm and you can choose the area of your interest

Thank you! I'll be doing what you have suggested. Thank you so much!

do ask if you need any help

Will do thank you!

Gave +1 Rep to @opal raptor (current: #1813 - 3)

Sitting on a bunch of financial aid and I have tons of free time so I switched my major from criminal justice to pursing an Associate in Science Degree in Computer Information Technology. Hopefully am not cooked 💔

People have switched from nursing to cyber they can do it so can you

Ty twin 🙇‍♂️

Gave +1 Rep to @stable raptor (current: #978 - 7)

Awesome! Congratulations 🥳 can I ask what path you took? I’m just starting out and am trying not to feel intimidated by all of it. Did you learn online and by “doing” or did you go to school, or both?
Again, congratulations!

Question asked I am sure a lot but how can someone with a software engineering degree break into cyber. I plan on doing my masters in cyber and getting basic cert but in regards to work experience and approaching it

The best thing to do is to just start with the simple things. Learn a bit of Linux, Networking, Windows, Python and ease your way in a little bit every day

You need to have a good understanding of Windows/Linux/Networks, etc., and build on your skills as you go. Most people will aim for the Net+/Sec+ certifications as a good baseline. The most important things you can do are to post about your progress and achievements on your LinkedIn and having a blog/github/gitlab to post about projects, do writeups, projects and experiences learning new things. Also consider going to conferences, CTFs, meetups in your area

hello my name is ben ive been using tryhackme for about a month now and also am taking some online courses on cs just wanted to introduce myself

Thanks a lot but just a quick question what entry level position should I look at or build my way up to.

Gave +1 Rep to @rugged delta (current: #17 - 614)

Most people will have their first cyber role in a SOC, but really you should keep your eye on the kind of role you want, and train for that as your priority. There's lots of different roles in the field. Just look at job sites and see what's available. You should check out the Tribe of Hackers books. They're a series of interviews with professionals in different roles in the field. A lot of people will start out in tech support or QA or another IT/programming role.

Thank you bro. Sure ! Private Message me Ill respond to everything tomorrow

Gave +1 Rep to @fresh surge (current: #3688 - 1)

i got an rpa internship, was wondering how far off that is from cyber and like if it was a good decision to take
obv i will have to work on the side to learn which im already doing but at least its IT experience idk and i got rejected from everywhere else and i alr accepted the offer so there is that :3
anybody have any opinions

An internship is a good start, you can build in the direction you want to as you progress. You should have a home lab, could be as simple as using VMs or spare computers or the cloud and to do projects, make a blog/github/gitlab profile, do writeups, post about your achievements to LinkedIn, so you're active in various ways

Hi I had started my cybersecurity fundamentals lesson and am stranded on where to proceed next

https://roadmap.sh/cyber-security
You can use this roadmap.

Thank you

Gave +1 Rep to @late sail (current: #3690 - 1)

alr thank you 😊

Gave +1 Rep to @rugged delta (current: #17 - 615)

Hi, I need some help to start my career in cybersecurity. I am passionate about cybersecurity. I am a student doing a BS in Computer Science with cybersecurity in my second year of university. Can anyone help me with a proper roadmap, step by step? What's the next step? with resources like from where I can learn and develop skills, hands-on experience etc

Hi guys, i'm new in pentesting world and i'm looking for an internship in France for my engineer school
But i've got a question abt my CV : in my school, i don't do any cyber project so, for u, the best idea for the project part on my cv it's to explain some non-cyber project i did in class or to explain some cyber project but quite low level like *configure and secure a network composed by some switches and routers *or solving some box ...

What do u think ?
thx <3_ _

Do you want to get a job in cyber?

yep i do..

Then I advise to do a cyber project so that you can add it to your cv!

okay thx u !!

lol

If you are in the US I would advise putting off your master's until you land that first job, it can hurt your chances for several reasons mostly because of perceived implications, especially for entry-level work (will they think this entry-level job is beneath them? will they ask for too much money? etc..) - for your first job I would look into putting that degree to work, DevOps is fantastic field that provides a great base to pivot into Cyber later on

Unfortunately putting off masters is out of the question now as I already applied and got acceptance. Devops is what I am looking at but I heard it’s not usually an entry level job. Is that true?

Hi, may I be banned from the PT1 exam if I use my own OpenVPN to access restricted websites in my country during the exam? In other words, won't I be banned for changing my IP address during the exam?

I wouldn't worry too much about having a Masters and going for a first role in cybersec. If you haven't worked in the field, you're going to be in a starter role with a starter salary for the first year, and then if you show your value you'll likely get a better offer. I know a lot of people who moved into cybersec after doing a masters/postgrad who had degrees in everything from IT to Nursing to Art History to Civil Engineering

THM doesn’t care if you use open vpn to access rooms.

However, no one here is going to advise you to access state restricted sites. You should understand the risks and consequences of that decision and make your own decision.

Guys may I ask you if there is any kind of internship programs going or in future going to be where they would teach me routine work and introduce me to the work culture pay me internship as well , this is not often but some of my friends got an internship of such kind and I am left behind SO just aking or rather looking of any kind internship programs that i could join

.

..

Hi everyone, I’ve recently completed my MSc in Cybersecurity and have hands-on experience with SOC operations and penetration testing tools. If you’re aware of any openings or can share relevant leads, I’d appreciate it.

I'm confused between soc analysts or pentester?

soc analyst --> for monitoring, detecting, and responding to security threats in real-time use SIEMs, etc.

pentester --> simulates cyberattacks on computer systems, networks, and applications to identify security vulnerabilities

SOC is blue team and pentest is more RED team

Might be helpful if you point out which locations you are looking at.

I am based in London right now.

But I am ready to relocate in any part of EU.

Dublin, Manchester, Norway/Sweden, Belgium, Netherlands, Lithuania, Estonia, France, Germany. Should be lots of opportunities

You’re absolutely right, they have. But being a fresher in SOC or Penetration testing it’s hard to get one.

In the UK, the main barrier is security vetting. Most roles require SC or DV clearance, which typically means at least five years of UK residency. It’s generally more straightforward for EU citizens, but that doesn’t apply in my case.

Yes if you're going for government roles. Most commercial roles won't require vetting unless you're working on government contracts. But yes, if you want to work in a government/military role in cyber in most countries you'll require formal vetting/clearance

guys do you think I can start working as VM

for blue teaming

whats a vm?

Vulnerability Management

This role for blue teaming

I was planning to work as a SOC1 analyst in the future but nowadays I changed my idea and look for other roles beginner friendly should be

for blue team

I dont wanna explain why I am not looking4 a SOC role anymore

living in turkey/cyprus btw

SOC is probably the most beginner-friendly role in cybersecurity, but vulnerability management could mean you're working with operating systems, SOC tools, threat intelligence tools, coordinating with Windows/Linux/Networks/Cloud teams. You'd need a broad understanding of technology in any cybersec role really. But if you put your mind to it you can aim for any role you would like that becomes available

VM role is not even hard

just learn 3 tool and scan analys

Vulnerability management requires understanding multiple technologies, attack paths, and real-world exploitability to perform meaningful risk analysis.

For example, a database server with several CVSS 9 vulnerabilities, but no active exploits, is isolated in a VNet with tightly controlled ingress/egress, limited to a private link to a restricted k8s cluster, which is used only for document processing from a storage account, is probably considered a lower priority. However, a web server with a single CVSS 7 vulnerability that is actively being exploited and provides a potential foothold into the internal network, should take precedence.

dont you think beginner friendly

I though Its around beginner and mid friendly

There are junior Vuln Mgt positions available. However, it's more than learning a tool and scan analysis.

which certifation should I look for?

Security+?

Network+, Security+ to start

ehh network plus idk

there are vuln mgt tool certifications as well. Not sure if they have options for the general public. Check Qualys and Tenable.
I have certs but i work for a cybersecurity company, so I get training through our partnership with various vendors.

I'm not sure what that means

as a pentester?

Do you mean - do I work as a pentester or are there certs for a pentest?

u work as a pentester 😄

sry that was my question mb

I'm a security engineer that works primarily on exposure management (cloud security, vuln mgt, and attack surface mgt) and AppSec. I do some "passive" verifications of exploits but not active pentesting.

Its a good role I mean better then SOC role surely

how do u say its better

no night shift

sounds better

hah

thank you sir

Gave +1 Rep to @torn plume (current: #425 - 20)

not quite true. there are "on-call" security engineers

esp. if they handle infrastructure

This is correct. I don't have night shifts or on-call because I've been doing it for almost 30 years. However, my first 5+ years included lots of after hours calls. You have to earn your spot.

how old are u

(sir)

Started in the late 90s, so I'm a grey beard by this point.

hard mogger

I started as a sys admin on Linux and HPUX servers and writing Perl scripts.

one more question why u dont swtich up to cloud security roles

as I know the salary will be so much better

I do cloud security

AWS AZURE

exposure management includes cloud security. It covers tools like CNAPP, Vuln Mgt, and ASM.

Primarily Azure, but also AWS & GCP.

When you guys are running automation, do you find it better to feed the agent the root domain (xxxxx.com) for broad infrastructure discovery, or do you get better hits by pointing it at specific program paths (like ://xxxxx.com) for deeper, targeted analysis?
Curious to hear how you balance broad recon vs. deep scanning in your workflows!

Depends on the tool. Most enterprise tools (ASM, CTEM, continuous red teaming) crawl DNS records based on a combination of IP addresses and root domains, so you don't need to configured a specific path.

If you have a specific tool / scenario in mind, I can try to provide more details.

Hello I have doubt, right now I am in the graduation year but before should I get job in security analyst???

What is the workload for your graduation year? Could you work time and still graduate on time?

One more year ,
Yes

If you can graduate with good grades and on time, I don't see any issue looking for a job.
Are you in India?

Yes From India,but Will I get a job before completing my graduation?

Not sure if it is possible in universities in India, but in the US, a lot of universities have help desk jobs that students can apply for. That gives them job experience while being a student.

And after graduation

Any experience you can get will help with a job after graduation.

Hey everyone. Im looking for a part time GRC position. Im happy to accept an internship of some sort as well. Just something to start getting hands on learning with. A little about me professionally. I have about 8 - 9 years in cyber. Started in a SOC for a couple years. Transitioned to vulnerability management at the same company. I then went to work for the DoD. I worked at the Army's Cyber Protection Brigade in various capacities. Including being a host analyst on a cyber protection team and working with the IC as well. I have a TS/SCI w Poly through that. Recently I accepted a position with a penetration testing company as a Senior Technical Account Manager for public sector. I have a BS in Cyber Security from WGU and handful of industry certs from that. Please dont hesitate to reach out if anything comes to mind for me.

Why only part time?

Thanks for your advice

Gave +1 Rep to @torn plume (current: #410 - 21)

I have a full time job that I wont be leaving yet.

I'm not aware of any job that is as specialized as GRC that would hire part time. Those types of positions are usually full time.

Thats interesting.

Unless you get an internship (as you mentioned), most places are going to be full time only. There are a lot of people competing for security jobs, especially entry level jobs, and it costs a lot of money to hire and train people. So a company isn't going to invest in that type of job for it to only be part time

Possibly could be the case.

yoyoyo

hello

h

@torn plume hey, I see that you’re experienced in cloud security. Right now I have one more year left to graduate from Uni (osu) but want to learn about cloud security whether it’s azure, aws or google. What do you recommend for me to start both lecture wise/project to do as beginner? Who do you recommend for me to watch to help guide me?

dude sry but ofc azure or AWS but I would go w Azure because it has more potential

Any beginner projects you recommend or someone you recommend me watching. I’m new to the whole major and just started THM last September

For beginner projects, I’d probably go with the Azure AZ-900 certification. If you want another one, you can choose something similar. These certifications are effective and quite cheap.

AWS also cool

and azure 500 for security

Are these certs good with hands on labs and do you recommend me doing it after Sec+?

I’m like a noob noob rn barely know anything

honestly idk

No worries. Thanks for the help. Really appreciate it

Unfortunately, unlike other security technologies, cloud can cost a lot of money. So it makes it a little harder to learn without already working for a company that is eating the cost of the cloud environment. That being said

Azure: Microsoft provides free credits and free software to most university students. I say most because occasionally I've seen students run into issues trying to activate their free Azure credits. Not sure why - it's something between the Uni and Microsoft. But it's worth checking.
https://azure.microsoft.com/en-us/free/students
I believe those credits also allow you to play around with Defender for Cloud (Micrsoft's CNAPP).

AWS: AWS also provides some free credits, but I believe it's just the general public. I highly recommend checking out SLAW by Rich Mogull. It's a weekly AWS security lab walkthrough. When you sign up for the mailing list, it will start you at the beginning. I did a lot of the labs for maybe spent a few cents. But follow closely. He will walk you through setting up the environment so you don't spend any money. And make sure you setup the spending limits that he talks about in the early videos. I think some of the logs is what set off my alert to let me know that I was starting to get charged.

https://slaw.securosis.com/

GCP: I don't know much about Google. They might also offer a free student or cheap credit to work in their environment.

Tools: Like I mentioned earlier, Microsoft Defender for Cloud is a way to start testing CNAPPs. Most other cloud tools are enterprise.

Skills: Networking networking network. I can't emphasize this enough. Any troubleshooting you do in the cloud will only be simplified if you understand computer networks - tcp/ip, packets, routing, firewalls, dns, etc.

Network+

Just to confirm, should I start with net+ or sec+?

In the past (like 25 years ago) it was recommended you go A+, Network+, Sec+ because they built on one-another. I'm not sure if that is still the case - I got certified in 2002-ish.

No you don’t have to

I did sec + then net +

A+ was useless asf

but ig u can read over it

is anyone here making good money from cyber security because i was doing finance but i dont have a uni degree and might switch

and yes im very interested in cyver security

Depends on what you define as "Good Money"

100k and over honestly

This also depends on location, but ive been working as soc for close to 2 years now

and i dont make anywhere close to that

well i am in australia

and the job listings on seek and indeed all say over 100k but again just words at the end of the day

Thats just words yes, 100k is probably based on your experience, background bla bla bla

i understand that good money is not isntant and would take me years to reach 6 figures but thank you for helping

no worries

do you have a background in IT?

like a degree, work experience, certs

currently am still in grade 12 and just finished a cert II in IT and working towards fisishing the google coursa cybersecurity professional certificate

and then going to keep doing tryhackme and SEC+

cert

yeah okay good, cybersecurity is definetly not entry level

definitely

i want to start cybersecurity but my tutor is charging 58k which i cannot afford can anyone hele me to learn it with free resourses

i have barley any knowledge in cyber security but 58K is insane personally i use the tryhackme website and then do certs and do your own studying

bro don't take that deal 😂

most of knowledge comes from open source try to make friends in here and they will help you out

if you pay something take the THM premium or other plattforms nothing else

If you get into cybersecurity to make good money, you will burn out and not make good money. People that make good money in cybersecurity do so because they love this stuff. They live and breath it. In their free time they volunteer at hacker conferences, they listen to hacker podcasts, they read cybersecurity books.

You need to understand, in a lot of careers, you learn a bunch of things at Uni and then do your daily work based on what you've learned. In cybersecurity, you have to spend everyday learning. If you are not constantly learning, you will be left behind. So for people who love it, cybersecurity is awesome - we are constantly learning. But those who don't love it, get burned out.

Hello, Whats your opinion, I was just wondering, learning from THM will help me to get a job in cybersecurity?

yep, at least for me it did

Yes, for me as well.

Can you give me a roadmap? Like what courses in thm and what certs you got to get into soc ?

i didnt get any paid certs

or at least none that were proctored

only completion certs

THM is a great for getting hands on experience that you can speak to in interviews.
However, for your resume, I also recommend contributing to some opensource security projects in Github, building a lab at home using old hardware, virtual machines, docker, etc and writing about it. Your blog posts can be on any number of platforms - github, medium, substack. You can also write room walkthroughs on your blog. Then provide a link to your code & blog in your resume.

Another way to get out there is start writing talks and submit them to local conferences & meetup groups.

I have meet a lot of smart people in my career, but the ones that can write well and speak well really stood out and were usually the people that continued to grow their careers. You are a security product and you need to market yourself as such.

You can check out any of the certs, click the link on their channel, the Get Started button and look at the Recommended Learning for each one and it'll tell you all the things you need to complete for success in each cert.

Or else you can look at the paths, networks and other resources throughout the platform

Thank you guys

anyone got any advice on landing a soc role, i’m in 3rd year uni about to graduate studying ethical hacking and cyber security

btl1

Its not even hard to fınd job as soc1 but ofc depends on where do u live ofc

you think ?

i live in a town of from Liverpool in the UK

would u say that it’s worth it, concidering my degree

SOC1 role might be the most friendly role for beginners. I don’t really think you need a very rare certification or anything else

good country for cybersecurity

nice

what do u do if u don’t mind me asking