#cyber-and-careers

I would do what ben said yesterday

Honestly good advice

If anyone want to learn Azure Cloud Security, is this Resource will be help?

https://learn.microsoft.com/azure/aks/?wt.mc_id=studentamb_510263

Accept FR

Can any one please guide me on how and where to start learning in cyber and ai of interest. While I am eager to build strong skills and work on practical projects, I find it difficult to identify the right starting point and a clear path to follow.

Is there any path you u guys recommend I follow to prepare for the Security+ certification?

i though that was advanced concepts and hands on.. do u think is better go directly ?

Hello, I am a cyber student. I want to buy a new lap so came here to ask recommendations. I do ctfs, bug bounties and my daily studies, I have CEH so, I am not new either. Can yall recommend me a good lap?

Yes its not that's level of advanced if u clear your fundamental u can go for it but first self study before buy 90days access

I use Lenovo's Ideapad 5X, it's a 2-in-1 and it runs a Qualcomm Snapdragon CPU. It's possibly the best laptop I've ever owned. Snappy, great shell design (having 2-in-1 is excellent for when I'm building/troubleshooting hardware), fantastic OLED display, reasonably light, the battery life is also unreal. I get 12-17 hours on a full charge even with medium tasks. Not great for gaming and the ARM CPU does limit you on the software and virtualization level, but I find it incredibly useful for my use case

The Security+ is the baseline cert that teaches you the fundamentals of cybersecurity as a whole, rather than the daily workflow of any specific career path in security. THM's Cybersecurity 101 learning path would be great for the hands-on aspect, but if you need a free course specifically for the Security+ cert, Professor Messer is fantastic https://www.youtube.com/playlist?list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv

im doing path 101 to after that go for pt1.. but i want to manage my time to study for security+ too in paralelo

hi! so like im building my portfolio, are write ups enough about the labs i've done or should I do more like home labs?

Hi guys I'm a developer who wants to get into security / tooling development and apply for a junior position already if possible. What do you guys recommend? I know how to write in virtually any language, use the winapi, even ntdll, know some internals and also dove into reverse engineering lately.

Hi . Is paid certification something you must do to get a job or not for entry level?

I have already CompTIA SY0-701 Security+ 🙂

U could do the JrPT1 Path on TryHackme

me too 🤝

How long did you study for it? Was it difficult?

1 month and no

Ok, thanks for the answer

I did that

for me 4 months

🫡

Ok thank you. Did you find the exam difficult?

Gave +1 Rep to @clear trail (current: #3748 - 1)

depends here , from my side , as a background in network administrator , it was not so difficult , i learn from Dion Training (Jason Dion)

from a scale 1-10 I think I will say 7

Yes I got their course as well, but after reading through the sections, I feel like I just wana take the exam because I already have taken all of this in college. So I was just asking if the exam is difficult for this reason

Alright thanks for the info

Gave +1 Rep to @clear trail (current: #2435 - 2)

you welcome 😇

Sorry I forgot to ask, after you studied the course made by Dion, did you take the exam right away? I heard someone say that this course is not enough to pass.

it is enough but I took from them also simulation test and you can look also simulation test from Professor Messer (James Messer) and will be ok , but first 5 question are Performance-Based Questions (PBQ) , Dion are not so good on that only James Messer what I found

Oh ok I see. I’ll do that then, thanks once again

Gave +1 Rep to @clear trail (current: #1837 - 3)

no problem , if you have more question you can send PM , Good Luck man 🙂

Thanks I appreciate it

Who here currently works in cybersecurity and would like to chat with me via DM?

Would it be better to get CCNA before or after eJPT ?

Hey guys! 🇵🇱 Is here anyone from Poland? I have a quick question regarding a specific school and a certificate. So if you’re polish - dm, pls

Yes

is there a security+ path?

Both options work. Ok.

I think there was pentest+ but no security+

there was but it got removed

Iirc pentest+ is still available

yeah but they had a learning path, i think that one got removed

Hi, I'm a young guy and I'd like to learn hacking. Could you be my teacher, please?@dusk wedge

#start-here

read that

Nope, it still exists
https://tryhackme.com/path/outline/pentestplus

:O

im blind then

oh yeah i see

but u dont get the discount voucher anymore right?

doesnt look like it,

I don't think so, you'd have to ask staff for that

i was looking at the roadmap, not the paths

Happens

ah so i should just follow the soc level 1 path for now?

Hey I'm new here

same bro, what are you learning first ?
im a beginner learning Cybersecurity

someone told me to start with networking basics

If you're done with Cybersec101 and pre security then why not

Yeah I'm learning network basic too

Same

same

Anyone hiring?

Good day guys, I'm David, pls I'm new to cyber security and I am looking for a place or community where i can be taught and mentored ...i really need someone to work me through this line...pls I'm counting on you guys...God bless you all.

looking for people to add to a growing team bug bounty/red team and security focused group people who are actually trying to learn not just lurk
you do not need to be an expert but you need to be active curious and willing to put in work focused on real world skills like recon vulnerability research web testing api analysis and general offensive security mindset
this is for people who want to level up together share findings and build real experience not just theory if you are consistent ask questions and actually show up you will fit in
drop in if you want to grow in tech and be around others doing the same🫡. Private Dm Me!

If anyone want to explore cloud security; read this Microsoft official documentation ;;

https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction?wt.mc_id=studentamb_510263

Welcome to the learners club. Happy to help. I have 17 years of exp in cybersecurity specialising in SOC, IR and ThreatHunting. Let me know your specific pain points to provide you tailored advise.

All i have is a hacking lab, pls how do i continue from here?

I need to connect to one pentester who has projects going on. I want to join his team. Do I have someone here? I can send my resume and all..

What do u do in thm ,like which course??

Like i plan on specializing on SOC after gaining the general knowledge of Cyber security itself

Please interact with the community before requesting DMs. @tranquil fable

Hi Everyone 👋

Hi

Hello

Hey everyone,

Where do I begin to learn ethical hacking? How do I begin? How do I start? What do I start with?

where do I start from? im a complete noob (bio major)

#start-here

Is tryhachme free tool or paid?

A majority of rooms are free! But the paid ones are definitely worth it

can you get by with the burpe suite community version to start getting into website pentesting when participating hackerone or bugcrowd?

If you're very dedicated you can rely just on curl - tools don't make you a good hacker, skills do

thanks for replying back so quickly

Gave +1 Rep to @fervent fox (current: #45 - 261)

interesting you say that. I'm diving into the section and I was curious.

i have not dab into curl-tools. first time hearing about it

Tools just help you get stuff done quicker - You can spend 5h on mapping every single subdomain and endpoint, but you can just run a tool that will do it for you

So, learn how stuff works and why attacks work - and then find tools that will help you achieve your goal quickest

curl is just a command line utility to send HTTP requests to page

I agreed with your logic.

last question for you @fervent fox

Sure, what's up?

sorry, I am trying to think how I want to ask you the question

should I continue my lessons until I reach for the 4 paths.: blue, red, purple, AI. since you mentioned that I need to learn how stuffs and why attacks work.

Yeah. Get through cybersecurity 101 (so you have good fundamentals) and then choose a path to follow

I appreciate the feedback

im starting red teaming career , im ccna certified , do i do the pentest path on thm or go for ejptv2 cert+prep bundle on INE ?

ejpt

training +prep for 3 months is enough ? im fresh grad i have all day free

yes

Hi guys, just asking a general question ive recently picked up an interest in getting into cyber security i want to know some of your personal experiences and journeys and just how long did it take you guys to pick up on things and where you started because thats my problem right now, I want to start I just dont know where my first thought is google cybersecurity course but if you guys have any better suggestions that would be great!

I think #start-here will help you with where to start

But prepare for a long learning journey. You never know everything in this field and being a constant student is something that you need to keep in mind

You pick up some things, first totally unrelated - but then slowly everything start to connect and build into one logical field, where if you understand some boring basics, you then can explore more interestning and advanced topics

found that job offer for switzerland Pentester https://www.linkedin.com/jobs/view/4408533246/

Hello guys, I need help
https://tryhackme.com/room/careersincyber5zy1sk0al?taskNo=4&sharerId=69dbab96cee39cb944c7b0da

Hello i want to be more informated about an career into the cybersecurity but mixed with hardware i passionated by this two domain i want to know if it exist career like that

yeah bro obv its every option has career just you to lock on it btw your interested domain is cool

the TryHackMe paths are a great place to start. I wish I would've had this resource back in the days where I was in a similar position as you. So definitely THM content which gives you great exposure to some degree.

Continue on educating yourself via other means. Full time school, certifications, internships, etc. and keep showing up. Getting involved in the security community can go long ways.

Hi everyone, I’m 17 and have completed the Pre Security path, the Cybersecurity 101 path, and the Junior Penetration Tester path. I’ve also worked on several challenges and achieved good results.
This summer, I’d like to start earning some money, does anyone have suggestions on where I could begin?

wut

wow, i just complete 101.. i want to harden my basic, but cyber is learning all the way, at least with good basic will better to be hacker

Yeah, of course, learning is fundamental in cyber security; there’s always something new to learn every day. But while I’m studying, I’d like to earn some money, at least enough to pay for my THM subscription or a few software licenses.

Thanks for the advice I will look into the THM paths unfortunately full time school is out of the question I have a full time job 😂 trying to balance learning with my days off when I can

Gave +1 Rep to @humble cosmos (current: #334 - 30)

Hey I am seeking internship in Soc L1 or Pentesting
Please help me anyone

Remote is better

I was trying to find for a long time, a part time remote pentesting internship, but it is hard to find something with all of those requirements. I am not looking more into IT. What would you suggest for learning about IT, and learning the skills I need? I am most of the way through the Cisco free networking course.

Become active on THM! Many good rooms are free, though I do recommend a subscription if you want to get serious.

I highly recommend the subscription as well!

@signal bridge Please slow down. Further spam will result in a short timeout.

Okay. I have a subscription, and have been trying to expand my knowledge to the blue team as well, so I am doing those paths. Are there any suggested rooms that you have? Again, I do have a subscription, so they can be paid rooms.

Not necessarily any recommendations, but try and solve rooms with as little help from AI as possible. Keep those brains activated!

Alright. Thanks!

Gave +1 Rep to @raven lance (current: #1491 - 4)

For people who are experienced with job applications, how do you approach applying for a job? I understand checking the company’s website and applying there or using apps like LinkedIn or indeed. It just seems to never work for me and I don’t get positive results as much as I tried altering my CV. I have a folder with all the companies I applied to with the CV tailored for that specific job position and it’s “info”. However, it just doesn’t seem to work for me so is there any advice I can receive to help me land more interviews and make me more noticeable?

I am open to sending my CV as well if you are interested to see. An example I can provide is the PwC CV I created. Just let me know and I’ll alter it a bit to hide my personal information.

ok so basically applying for jobs online is kinda like everyone throwing their resume into the same big pile so yours just gets lost even if you keep changing it so the real trick is not just applying but actually getting noticed like messaging someone at the company or the hiring manager after you apply saying you’re interested so they actually see your name also your CV needs to not just look normal it has to show real stuff you did with numbers like what you improved or helped fix and you gotta copy the same words from the job post so it matches better and you should apply fast when jobs just get posted because old ones are already flooded and don’t just rely on easy apply buttons because those are super competitive instead go on the company website apply there then reach out to someone inside and also follow up after a few days because most people never do that so it already makes you stand out more basically it’s not only about applying more it’s about making sure someone actually sees you and remembers you

Alright I understand. I do have one question though, how to know the correct person to message? And I assume this is using LinkedIn?

yeah no problem and Yeah it’s mainly done through LinkedIn You find the correct person by searching the company name then going to the People section and looking for roles like recruiter talent acquisition HR or someone who leads the department you’re applying to You don’t need to message high level executives just the people who actually handle hiring or manage the team Once you find them you send a short message saying you applied for the role and you’re interested nothing long or complicated The main goal is just to get your name seen by the right person not to start a full conversation or explain everything.

Okay thanks a lot for your advice. I’ll try it out and hopefully land some

Gave +1 Rep to @craggy atlas (current: #3761 - 1)

Also having projects on your resume is ideal a portfolio of your results and setups definitely helps too. writeups will be super helpful.

I don’t have any job experience so I just put projects that I did related to the field I am applying for. I also added a link to my GitHub to show my personal projects

That's what I am referring to personal projects not on the job projects that wouldn't make sense :).

Alright I’ll make sure to do that

I’m trying to find a new personal project to do related to cloud security

I wish I had the time to do projects honestly so I can add them to my resume. I would just wanna get my foot in the door.

I have the time but I just feel like I don’t know what I want to do yet and then get overwhelmed by the amount of choices I have. Cloud seems interesting so maybe I’ll try it out

Linkedin can be hit or miss for jobs if it sounds too good to be true it probably is gotta be more aware now with ai job postings on there and what not. just throwing that out so you can be vigilant not saying all jobs are ai postings but I would always check the actual company site to see if they have the job posting as well.

Yeah my friend told me to use LinkedIn to check for jobs then apply at their website

Good luck it's tough out there in IT land.

Thanks. I hope you will find time to do the projects you wanted!

Gave +1 Rep to @tacit kelp (current: #1266 - 5)

I would honestly just like to get a job in cybersecurity but I would settle for helpdesk to eventually move up into cyber

Also thank you

Gave +1 Rep to @short ibex (current: #779 - 10)

I’m happy to take a look at your CV. I do resume reviews and mock interviews at hacker/security conferences. I’ve done a few for people here on thm as well.
In regards to cold applying (sending your CV out without knowing anyone at the company), unfortunately, that is difficult at the moment. I would recommend attending local security/hacker meetups and conferences. Get to know some people and see what opportunities they have.

Alright I’ll try doing that. Regarding the CV, I will edit out my personal information and send it to you. Thank you for taking your time to check it out🙏

Gave +1 Rep to @torn plume (current: #379 - 24)

Hello🤚

hello

im new here to explore

hi

Hi 👋

Hey everyone 👋
I’ve decide to post here because I’m having a bit of a hard time. So I’m currently looking for an internship to validate my Bachelor’s degree in IT, mainly in:
• Cybersecurity
• IT Support
• Cloud

I’m based in Spain, but I’m fully open to remote opportunities as well. I’m also looking around Arlington (US) since my partner will be there for the next 6 months and I’d love to join him if possible.
I’ve been struggling a bit to find opportunities, so I thought I’d reach out here in case anyone knows a company, a contact, or any opportunity that could fit 🙏
Feel free to DM me if you know anything that could help, thank you so much!

is anyone in the uk and if they have did u take a cybersecurity course because im going in to college in 6-7 weeks and im wondering what to expect for college
like the levels and what im going to learn

Hi everybody! Nice to meet yall!

How do I get started if I am just starting out to get into cyber security, I havnt gone to school, but I just got a job as a security installer, any help would be amazing thankyou!

Do you know the foundations like networking, linux basics, etc.?

Whenever I embark on a bunch of interviews or resume reviews at work, I try to drop some advice here. So today's advice: "Know Your Audience in Cybersecurity Interviews"

If you're talking to a technical person, you need to get into the weeds on technical issues. Use technical jargon and speak technically. If you're talking to HR or non-technical hiring managers, keep it higher level.

I've been interviewing candidates for a cloud security role and while many resumes show a wide range of technical abilities, I can't get candidates to open up and explain what they actually know. At that point, I can only infer that they may not really understand the technologies listed on their resume.

For example, if I ask, “Explain how you secured a cloud environment,” I’m looking for answers like:

“Deployed runtime sensors on VMs and k8s clusters”

“Configured alerts to ensure all storage is set to private unless explicitly tagged as public”

Instead, I often get vague responses like, “I checked the CNAPP for alerts.”

Specific, technical answers build confidence. Generic buzzwords do not.

if you want to work in the US, it's a lot more complicated than just showing up. You need a H1-B work visa, and those are extremely difficult to get. You will likely need corporate sponsorship for that.

Look for internships in DB admin, sys admin, dev, support first - info and cyber sec roles usually aren't "true" entry level but an internship might be available. Talk to your university as well, your department might have contacts with employers, and check with the university IT department as well. They might have work-study, internships or even regular part time or full time roles open.

hello! Im graduating in about a month, i currently am doing an internship as an infosec intern - although im having a hard time finding full time roles in cybersecurity, i would appreciate advices!

So I will say don't be dissuaded if you don't get full time cyber roles you are more likely to get helpdesk first anyway and then work your way up to cyber.

i sort of feel like theres a huge gap in academic security and the industry standard - often times in interviews i find myself not being able to answer some things in detail. I'd like to know the must know topics in depth inorder to ace interviews

Did you go to college for cybersecurity?

yes, B.Tech Computer Science Engineering with Cybersecurity

Ok so colleges are likely more often than teaching you outdated things because of how fast it transitions and what not so I would get some experience doing some rooms on try hack me to be honest, do some write-ups and projects so you can bone up on your knowledge. Looking at YouTube videos of John Hammond is pretty good knowledge gathering.

Yeah and nothing is really in detail, I've started doing rooms pathwise currently on thm for hands on but yeah interviews have become hard to crack, mainly because of lack of depth in basics, recently got rejected from palo alto in the final round :/. So if you could you advice on the must know topics for an entry level security professional thatd be great :)

Honestly networking foundations, linux fundamentals would be good places to start

Maybe some basic AD

ive covered networking, linux basics and a little of AD, they asked us things on memorydump, exfiltration (scenario based) and so on, are there any resources to practice mitre tactics on multiple scenarios?

That I am unsure of there might be some mitre based rooms on thm but not 100% sure

I see, thanks

Gave +1 Rep to @tacit kelp (current: #905 - 8)

Hi @tacit kelp
Plz guide me to learn cyber security from green field.

hey guyss

soooo, tomorrow im going to do my first cyber cert (eJPT) , does anyone know a good cert road for red team? i was thinking
eJPT -> comptia security + -> PNPT -> OSCP

I mean, I did the stuff on here @frosty token . I'm in the same place you are and I don't even know if certs even get you in the door anymore. All the meet-ups I've been going to have had people just telling me to get some sick homelabs and projects going that you can talk about during the interview and/or get some BBH done

I'm sure other people on here have a WAY better idea on how to do this though

I would say go with CPTS then OSCP

you gonna do the exam or start studying for ejpt ?

personally im going for Ejpt then Cpts / cppt

im currently studying ejpt

Done!

@obsidian rose Thanks buddy

Gave +1 Rep to @obsidian rose (current: #20 - 540)

Imma do the exam

Anyone who wants to work in creating CTF type challenges?

What

oh okay goodluck im still studying the pentest course on ine 😅

tx

I have no money 💰 for join any course, how can I learn CS

Honestly no, are those options a good place to start?

Guys this is how I will continue my Cyber Journey
Currently learning all os fundamentals
Then Networking
Then Programming Languages like bash c python
Then SQL 1 and other certs from try hack me
Making Projects
Comptia Network and security plus.
Maintaining GHub prof
Creating a Linux distro for blue teamers
Then CCDL1

Is this good or do I need to change?

Yes

Any opinions pls

👆

Jester's plan is great. I'm looking for a partner who is proficient in Python and Linux to work on joint projects. If you're interested, please send me a private message (DM).

as a beginner cyber professional myself, I do think the plan is great

go for it man!

not sure how much can I jugde it tho, I only have a couple of years of experience

if you want to dive in an interesting niche, you should explore a little bit of OT/ICS security as well

it is a growing field, but a heck of an interesting one

Hi! What is better in pentesting? My objetive is OSCP, i dont know what to do, eJPT or PT1

I alredy have done in this 30 days the path before PT1 certificate

And too, do you recomend any certificate between eJPT/ PT1 and OSCP?

Ty for your time!

hey man! no worries. I've got to admit that I lack some knowlege on the pentesting side, but I many people I know speak well about the PT1

if you are subscribed to THM, than you already have acess to the training needed

and some other machines as well

Thank you a lot! Is there anything I can give in return like a rating on here or something of that sort?

Gave +1 Rep to @tacit kelp (current: #710 - 11)

Thank you buddy

Gave +1 Rep to @silk yoke (current: #3761 - 1)

Sure dude I would love to co-operate but currently I m learning Os fundamentals and Networking after that I will start python and other langs.
Sorry

I'm also teaching the basics of networking.

Oh that's so cool buddy.
Being a teacher damn.

Another thing I wanted to add was log viewing to my roadmap

That will come with time

yes

God willing, you will achieve it.

@jaunty sail Please slow down. Further spam will result in a short timeout.

Thanks buddy

Gave +1 Rep to @fickle cradle (current: #3761 - 1)

W bot deleted my roadmap

You're welcome. If you want to exchange information, I'm the same as you.

Hi everyone. I recently passed the CISSP exam. My current role is more management-oriented, but I’m much more interested in the technical side of cybersecurity. Lately, I’ve been considering pursuing the OSCP certification.

Has anyone here earned the OSCP without financial support from their company?

can someone gimme advice for what certs i should get for becoming a ethical hacker. everyone telling me different things. If any Ethical Hackers in here can anwser some questions of mine . Greatly appreciate

Where do you live?

Hi yes

Hey everyone, I'm graduating with a Bsc in Comp Sci with a focus on Cybersecurity in about a month and a lot of sources and people have pointed to CompTIA Security+ as the best first cert to get. Is this true or myth? I'd appreciate any help :D

sorry just seen this im in Massachusetts

my classmates been in cybersecurity for 20 years and she says to get sec+.. but my other classmate that used to work for meta as a engineer keeps saying start with A+ and stack up

so get both then lol

thats what im seeing here

Is there a designated place to find Sec+ material or?

it depends on what your end goial is

SOC Analyst is what I'm aiming for

Entry-level

you just need sec+

and projects

for that

OK great

i wanna be a ethical hacker so idk if i should start with my A+ cause youll need a deep understanding of everything to perform that role

I took CEH once, my university gave us a free voucher for the exam

I got it but I've seen so many people say it's overpriced & outdated

how was the experience?

i wanna fully dive into my certs and projects but idk which one to start with. I wanna find a mentor for guidance

You can use thm for most of the A+ experience

that helps and saves a lot

Hey, I'm new here and wanna get some advice to get started into cyber sec so is this the right channel for asking?

You will need the same for soc

Yup, also - #start-here

Guys I’m not new here but I would appreciate if I get a small community group that we can learn basic topics as we grow

Hey do you know what platform I could use to learn these, or is it better to go to a university?

Thm has some decent rooms for the foundations

hi everyone, hoping to get some clarity here. im a beginner currently studying networking fundamentals. i need to choose a path between red team (offensive) and blue team (defensive).

my family financial condition isn't great right now, so getting a job fast is my top priority. i know i am capable enough to learn and do well in any path i pick, but i need to be smart about this.

for a complete fresher, which field is easier to break into? where is the real money at the entry level? i just want to focus 100% on one path, get my foot in the door, and start earning. i can always switch fields later on. any suggestions?

SOC analyst or GRC, but it won’t be a lot of money in the beginning

money is pretty good depended on where you are from

but soc is generally easier entry

Don't be discouraged if all you can get is Helpdesk start there at least you will have money to continue to study and learn more.

helpdesk is an even easier entry point then SOC or cybersec as a whole

hello

hello guys i am new here.

i have an issue with my SOC Metrics and Objectives module, it is a question on MTTD, MTTA, MTTR, i keep in puting the right answer but it keeps saying the answer is wrong which it is not, has anyone had any issue about this in the past and how did you get through it.

hi tryhackme team i want help is there anyone ?

Hello guys

wsg

Anyone here in US who got a job in recent years

I'm in the US and a hiring manager. I'm happy to help with any questions.

Hello, Am new here
I want to start my cyber journey where to start learning please?

#start-here

I sent you a dm if that's okay

My friend may have been scammed by a fake job/company online. They asked for ₹4000 after one month of work and now they are not responding. The LinkedIn profile also seems fake. Does anyone know what steps we should take next or where to report this?

Police?

We already filed a cybercrime complaint through the helpline, but right now my friend cannot speak directly with them because of family reasons. We’re mainly trying to understand if there’s any other way to improve the chances of recovering the money or what additional steps we should take.

report a fraud transaction with the bank. I don't know how that works in your area but worth a shot.

Report the fraud as seraphm mentioned to the bank and the bank will probably issue a new card if a card number was used to receive the money.

Yeah, we’ll try contacting the bank in the morning since it’s night right now. For now we’re collecting all the evidence/screenshots. If anyone knows any other immediate steps that could help improve the chances of recovering the money, please let us know.

Not really much else you can do other than wait for the bank to be open and report the fraud with all the information you have.

The payment was made from a family account, so right now the victim can’t directly speak much about it due to personal/family reasons. We may try contacting the bank from another number while keeping all the transaction details ready for verification. Since it’s night here, we’ll probably contact the bank helpline first and then follow up again in the morning.

For now we’re saving all screenshots, payment receipts, IDs, chats, and evidence. If there are any other important steps we should take immediately, please let us know.

hi can someone maybe give me advice about starting a career in cybersec i want to go into pentesting not the soc analyst bcs of the boring stuff

same

Well how well do you know the fundamentals

I was thinking maybe sec1 than start the Penetration Tester path and do some rooms? and do the eJPT?

Do you have linux experience, networking, hardware?

not really, basic knowledge, maybe a bit more than that

Start with the pre security path then

Then cyber 101

its worth to do the sec0 and sec1?

Eventually but if you don't have the foundation its going to be a lot harder to understand the more complex topics

Maybe, maybe not — but we’d rather still report it properly and try every official option instead of giving up immediately. If the account can still be traced or flagged, it’s worth trying.

im saying after doing the paths

Ignore them 🙂

if its worth it

For that particular question I would ask in general for their take

thank you Thor

No problem

I have some knowledge about networking and linux im doing pre-security now and portswigger labs

and im doing writeups on github of thm rooms

Hello, I will be pursuing my diploma (specialised in software engineering and a 12 week internship after) and later on continue in bachelors degree of computer science (specialized in cybersecurity). As of now, I do not know much about cybersecurity other than doing TryHackMe courses. Are there any tips for me to build a strong foundation in order for me to explore this field in the coming years?

You need strong foundation in Linux, Networking and Python (or any programming language, python is preferred as it's versatile but not necessary)

Linux basics would mean knowing commands and how to use them, at least the basic ones, knowing the file structure (e.g have understanding of the root directories like var, bin, boot etc)

Networking basics would mean you have a solid understanding of how networks work, what an IP address is, how routers and switches work, what's a packet, how to inspect packets, network protocols and stuff like that.

thanks brother

Gave +1 Rep to @alpine magnet (current: #472 - 18)

Hello everyone on new t to the discord I've put several hours into the paths and modules I eventually would like to go red team but I do have some trouble with a few things but that's too be expected

hey everyone I kinda needed some advice in terms of SOC analyst work

I recently got an offer but it has night shift rotations and as a woman that’s a safety concern for me so are there any chances of normal day time shifts in SOC roles??

Have you expressed that concern with the company? Or at least asked more specificity on what night shift rotations mean?

Yes I did ask, the answer was just how the shifts work it’s rotational shifts to be specific

The timing is basically the whole night for nights and that’s a concern. My question is are there opportunities where SOC roles are for day shifts only? I do understand SOC roles tend to be 24/7 but still is there hope lol?

Unfortunately, newer people / less experience get stuck with the crappy shifts - nights and weekends. The other option is to get a job in helpdesk, which usually works business hours with occasional after hours for patching, upgrades, etc. Use that to build your résumé and skills and then apply for a SOC position.

Anyone here work in cloud security?

Yes. I run a Cloud Security and Exposure Management team. What’s up?

Wow! I am currently an L1 SOC and I want to transition into cloud security in 12 to 18 months and was wondering if you have any tips. I plan on taking the AZ-500 once the new one launches in Q4 but I’m not sure what else I need. We use tools like MDR, Splunk SOAR and many more but I’m not sure what exactly I need to focus on

Any chance your company uses a CNAPP like Wiz or Orca or some of the Vuln Mgt tooling moving into that space, like Tenable or Qualys?

It would probably be in a different department because mine is strictly MSP so we use clients tools

No internal tools unfortunately just the hassle of using Cloud PC to access all their tools

I know I would be allowed to shadow or even contribute to our cloud security team but I am trying to find things I can do on my own to ensure I have the foundation

We use MDE for cloud though, not sure if that counts

Check out AWS Cloud SLAW (security lab a week). it’s a weekly lab series by Rich Mogall (famous cloud sec guy). he teaches you how to do cloud security on the cheap.

However, make sure you follow the course in order. The first few lessons are how to set up billing and alerts so that you only pay a few cents a month for the lab. I think the only time I had a couple of dollars that I owed AWS was because of logs that I forgot to turn off.

I’ll check him out thank you! I know obviously cloud vendors are very similar but would I be able to comfortably use Azure for cloud security even after learning AWS Cloud SLAW? I have a thing for Azure🫣

Gave +1 Rep to @torn plume (current: #374 - 25)

When I saw cloud slaw I misread it as coleslaw for a brief moment.

The concepts in SLAW transfer over pretty well to Azure.
I come from an Azure background so working in AWS was a little different but not bad.
The biggest difference is the way Azure handles identity management and how Azure handles networking. Both are migrations from their on-prem designs (Active Directory and physical networking, routing, and switching) whereas AWS was born in the cloud.

Feel free to dm me with any questions. I’m in the US so my recommendations and shared experience about jobs might differ depending on your location.

The architecture of Azure to put it easy is very “interesting”😂 I haven’t looked into AWS but if it’s easier than Azure then might be worth giving it a try to start with but I also feel like a lot of companies use Azure compared to AWS

I am based in the UK and thank you! Will reach out if I have any questions. Lastly, are there any certificates that you would recommend?

Gave +1 Rep to @torn plume (current: #367 - 26)

Security+ and Cloud+ look good if you don’t have experience. I highly recommend Network+ , not so much for job, but for knowledge.

Most people struggle to really understand cloud computing because they lack a deep understanding of networking. A lot of securing and troubleshooting various cloud technologies really boil down to networking (routing, dns, packet inspection, vlans/tagging, firewall access control lists (ACLs), BGP, etc).

I like to believe I have the foundational skills. I have Security+ with a cyber security degree and currently in a SOC role as a mentioned, I’m guessing you don’t recommend the Azure Security Engineer certificate

Most of cloud security is “visibility”, “identity controls”, and “network controls”.
Cloud security is about - what’s the attack surface and how do I know what’s happening there.

Yes, cloud specific certs are definitely a good thing to have.

When applying for a job, you are really applying to fill a role based on a tech stack. So when I’m hiring, if I find someone that knows “cloud security “ , great. If i find someone that knows Azure cloud security, Wiz, and Tenable One, python, github, and terraform - now I have found the person that will fit right in based on my tech stack.

I realised that while studying for the Azure Security Engineer certificate which I had to pause cause I need to do the Azure Security Operations Analyst Associate certificate next month

tool names are key indicators for if you will immediately be an asset and a contributor to a team

Interesting, I know about VM tools but unfortunately never got the chance to use them only in labs. I know how to use Python for log analysis but I’d say im not exactly the best. I’m early career so I still have a lot to learn but I really want to stand out early on

I want my days off to be filled with learning, I just have this dream of being the “go to” guy😂

If you want your days filled with learning and want to be the go to guy then you will do fine in cybersecurity. When I give talks about getting into cybersecurity, something I always emphasize- “if you are in it for the money, you will burn out… guaranteed.” I’ve been doing this for almost 30 years and I always feel like i’m behind / trying to catch up to the latest technology (right now it’s AI). But, I’m good at what I do because “I love this shit”. I also want to be the go-to guy.

There are 2 types of people in tech - the “I get to” person and “I have to” person.
Sweet, I get to learn a new tool.
I know python but now I get to learn nodejs? Awesome!

vs

Really? I have to learn a new language?
Crap, I have to figure out how AI works? I just learned how cloud works 🤬

You can guess who makes it to the top in tech.

Haha, I’m sure you are the go-to guy! You’re just being humble right now. Tbh it has always been a passion thing for me, the money is a nice perk to it but I genuinely enjoy security so whenever there’s an opportunity to learn something new, I try to get involved. We get free vouchers and opportunities to work with other security teams so I always take the chance

I’m just looking forward to the Cloud & AI Security Engineer certificate that’s coming out later this year which will definitely be difficult but would set me apart

it’s getting late here so I’m going to unplug for the night. Good luck.

Seriously, hit me up if you have cloud, vuln mgt, or AppSec questions. If i don’t respond after a day or so, ping me again. a lot of times I see messages while i’m on meetings or with clients and if I don’t make a note when I see it, i’ll forget to circle back and respond (ADD brain).

No worries will do! Thank you for your time, have a wonderful night

Gave +1 Rep to @torn plume (current: #357 - 27)

Hello guyss

I'm currently pursuing law and want to get into GRC cybersecurity so which cert should I have Comptia security+ or iso 27001 implementer?

Even if I don't give security+ I'm learning basics from there

I'd suggest ISO 27001 Lead Implementer. Most GRC roles are looking for people who can bridge the gap between legal requirements and IT rules. Your law background makes you a natural fit for ISO auditing and governance, whereas Security+ is more for the guys actually configuring the servers.

That sounds great, I was hoping to get into that but got this offer and I was kind of concerned about SOC working hours lol but thanks :>

Gave +1 Rep to @torn plume (current: #349 - 28)

Ohkayy, thank you!
I had this confusion regarding security+ as i thought it's a basic requirement in Cybersecurity for non-IT person

Gave +1 Rep to @hearty finch (current: #999 - 7)

Honestly the hours aren’t so bad, it really depends on the team you are gonna work with and the work load.

The thing is hours are kind of a non negotiable in my case due to health reasons just the night shift otherwise it’s doable i was pretty psyched until well that happened lol

me soc analysing at 4 am while everyone else is asleep 🫩

You can try mentioning that to them but as someone that works in a SOC, unfortunately it’s unlikely they will agree due to the workload that requires a certain number of analysts

I’m at work rn, it’s 6am😹

Started 7:30pm

Respect to you guys for working hard fr but I gotta look into other roles looking at my situation ;^;

Yeah, did it 🙂

https://www.linkedin.com/posts/christian-huhn-76a407114_cybersecurity-soc-tryhackme-activity-7460577204696121344-5mDs?utm_medium=ios_app&rcm=ACoAAByJY4IBd48p4H4y5wLzwGAx3tNv4I_oydU&utm_source=social_share_send&utm_campaign=copy_link

If anyone here has good resources for learning Microsoft security - specifically Identity and 365, please lmk. I don't have capacity for wading through the verbiage that Microsoft publishes in anything, and have a lot of people for whom I need to translate up-to-date details into clear explanations for end users.

Hey everyone ! I’m 17, studying in Madrid and want to get into Red Team / Pentesting. Is FP (vocational training) + certs like eJPT and OSCP enough to get a job, or do I need a university degree? Any advice helps

Anyone needs help with cybersecurity contact me

What are you advertising a service?

Yeah

Do you need help learning?

Nope

lol

Pretty sure there are rooms for those.

hey just started my cybersecurity journey should i first learn networking fundamentals or operating systems like linux

I would start with whatever you think would be easiest to enjoy and grasp quicker.

Q: How long did it take you from the moment you started applying for jobs until you landed the role you really wanted?

Hey, can anybody provide me with resume template for offensive roles, want to get an idea how I should I make mine, actual resumes are most appreciated

Need help with labs

Hello Guys!
I am new in this field!
Transit from other non technial role!
any suggestion would be appreciated !

Please don't self advertise

#rules

Trying to bridge from Physical Security Operations and Intelligence to cyber. Any advice ?

Hello to all respected Mam/Sir I m new here nd my CPEH certifications is just completed. In THM my rank is top 20% . I am looking for a job in Hyderabad City Remote job .

Has anyone taken the Google cybersecurity certificate course? I’m currently enrolled and learning THM on the side; the SOC 1 path. I feel like THM is much more hands on and impactful for my learning. However I already committed financially to the Google one so might as well finish

I have

it was free for me coz I am uni student but I thought it was good

Yeah it's pretty decent it does help to have it just in general.

whats the depth of the course? is it for freshers?

I would say its beginner friendly though it does help to have a bit of background knowledge but nothing too deep you will be able to grasp it. I wouldn't necessarily go out of your way to spend money to take it if you can get it paid for with something else then by all means take it.

ask this as i have ceh, oscp already working towards osep, thanks for the answer that helps!

Gave +1 Rep to @tacit kelp (current: #381 - 24)

Hi sir, I have a question, how do cybersecurity experts take wonderful notes without worrying too much about note taking?

Find a method that works for you for note taking.

Thank you sir, you seem handsome in your profile picture by the way

Gave +1 Rep to @tacit kelp (current: #375 - 25)

lol if only that were me for real 😄

you are who you think - buddha

sir I 99% agree with this quote but 1% is because of reality

goodbye sir, have a great day handsome sir

Hey guys 3 years from now i will start learning things but i need to focus on life since im still 11

:hammer: eurtubers39#0 has been banned.

hi sir I am 3 years old and I am already learning, it is never too early to learn

Hi

@fluid mortar hi

Im about halfway through it

Hi everyone, I need some advice.
I've been in IT for 2 years, my background is mostly in infrastructure, servers (Windows & Linux), services, and now I'm working more as support in a SaaS company, but it's not a very technical role.
I realized I don't like very repetitive things like handling tickets, so I put my profile and the cybersecurity areas that best fit me into Claude's system, and they were all geared towards red team.
I feel like I don't have a strong foundation yet (OS, NETWORK, and WEB), but I have experience.
I want advice on migrating and studying for the red team area, especially with this AI "hype".

I would start with presecurity then move on to cyber 101 and then work from there.

hii

is it worth learning pentesting in 2026 , can i land a job in pentesting ?

of course, but in a different way

can u pls elaborate

I think our role will be changed

from finding bugs to maintaining ethical reasoning across organizations, algorithm biases, maintaining integrity or something like that

direct pentest will somehow automated, although AI is still hesitate to find the business flows

ok got it

And i dont see an ai do physical pentests

Hey everyone. I'm CSE student. I do purple team stuff — AD attacks and web app pentesting in my lab. Currently trying to get better at detection engineering and cloud security. im kinda confuse what should i do next cause im a self learner. Any seggestions will be great help for me

We asked in #general for location but i think it could be good posting that here as well, if you are comfortable sharing ofcourse. It just helps forming an answer

I am okay with sharing. India based. I missed the message in general group....

Build a small home lab. Get a windows 11 VM to attack. Build a small local AI machine. Practice pentesting on your own and learn how to do it with AI

They don't have the foundations yet so ideally that would be after they have more foundation.

Why not build the foundation with hands on. That's what I'm doing.

I mean you can learn with thm and get a bit of practical experience with it and then you go to htb for even more practical.

Hello! I'd like to get started in cybersecurity, specifically in penetration testing and ethical hacking. Like any beginner, I'm still figuring out the best path forward.
I've completed the Pre-Security path and I'm currently working through Cyber Security 101. I take detailed notes on everything I learn using Obsidian, and I try to stay consistent with my practice.
I have a few questions for the community:
What should I be doing alongside THM to build real skills? (CTFs, other platforms, coding) ? Is self-learning a viable path in this field, or is some kind of formal training necessary?
Any advice on what to avoid as a beginner ?
Any feedback from people further along in their journey would be really appreciated. Thanks!

keep on and finish your path first. go to junior pentest like i do now, shaping your knowledge from 101.

Okay, thanks for your reply

Gave +1 Rep to @grizzled merlin (current: #3769 - 1)

Although I obviously have no idea what your general IT knowledge level is, I would recommend first mastering all the basic fundamentals. Don’t focus immediately on pentesting and ethical hacking; make sure you understand all the basic networking concepts, system knowledge, and operating systems. If you don’t master those or get them under control, you’ll often run into unfamiliar concepts. The Cyber Security 101 path is a very good starting point, but for some parts it may be necessary to do some additional research yourself, since not everything is covered in equal depth throughout the course. Just my personal opinion :)

Hello, do anyone know where to get a security+ discount voucher? I would use Professor Messer site but I'm checking any better options before I buy it. Thank you

Thanks for your reply. I'll keep that in mind. When it comes to cybersecurity, I'm starting from scratch.

Gave +1 Rep to @brave plinth (current: #3770 - 1)

iirc Google cybersec certificate gave one after completion

Hi, there is an organization/website called 'GetCertified4Less'. They're an official CompTIA Platinum Partner and they offer legitimate exam vouchers, discounted of course. Personally, I have never bought from them, but I've heard many good stories about them.

Hi everyone,
I am at the beginning of my cybersecurity journey and currently studying Cyber Security 101.
At the moment, I am looking for an apprenticeship in GRC, but the search has been quite challenging so far. I am therefore looking for advice on how to improve my CV, strengthen my career path, and stay open to new opportunities.
Any advice or recommendations would be greatly appreciated!

Has anyone heard of the DOW cyber program that has applications in juneV

?*

are you currently in college?

Nope, i work for a defense company in a stockroom no cybersec experience

can you get a SECRET/TSCI clearance?

no criminal background etc

Already have

you already have a secret clearance/tsci?

I wont specify which of the 2 i have but i do have clearance

Also W pfp man i love one piece

thank you

i mean shit go for it

I just dont know a lot about cybersec ive tapped in a bit on linux & tryhackme but idk i just want money man i want financial freedom my current job pays good especially where i come from it pays good but cybersec is like well off money that i want

the only thing with the DOW is nothing is ever "free"

you want something? you'll get it but with a lot of fine print like service obligation etc

Yup & if you dont graduate you owe them all that money, also with whats going on in the world it feels like something big is coming cyber wise, but anyways are you experience in cybersec what tips would you give someone who has no experience in it?

i currently hold a position that is close to either a Tier 2 or Tier 3 SOC analyst

unfornately our team is not formatted like a traditional SOC

blue team basically

best advice early on is to become a master of the basics

don't immidately jump into red teaming, etc

those early learning modules are critical on building a foundation

Like on tryhackme? Or on hackthebox? Do i just find a cybersec101??

i've used both and i'm liking tryhackme more

So master the basics & start with cybersec101

Also are the stories about wages true? After 2-3 years you could be looking at over 100k?

@slow sandal

HELL NAW

I mean I don’t make anything close to that

more like 50-70

if ur cracked

Damn 😭

This is significantly closer

thats when u get big money

not entry or beginner

They done lied to me bro

its ok

dont do it for the money

For the love of the game

Nah im saying after a couple of years of experience & yeah i shouldnt focus on the money but bro i grew up seeing a single mom struggle i want to be financially free

yeah i understand man

Gotta do it for the legacy not the bread then 💯💯💯

My time in the military showed me I wanted a desk job

life is hard bro and getting a good salary deff isnt easy but good luck

😭

i bet

Spend time as a helpdesk employee or as a technician it’ll help you master the basics

yea fr

i did when iw as 19

And always be practicing

Find out what aspect of IT interests you

I’m on a blue team but research and red teaming interests me

Not gonna lie bro im bringing home 3.4k a month after taxes so i need something like 70k & remote a good amount of my money is spent on gas & tolls

My commute is also about an hour to work

Remote sounds nice but I like to separate work from home life

Best advice: keep your day job, train up, be patient

I’ll cheer you on

If you need/want someone to share accomplishments with feel free to dm me @dusky flame

Thank you 💯💯💯

I had a security clearance with I was in the military, how difficult is it to get it back as a civilian?

I had a security clearance when I was in the military, how difficult is it to get it back as a civilian?

im trying to get an internship in cybersec , i have linux fundamentals down : i complete the linux command line book along with practicals on my virtual box and then overthewire bandit , i wanna move on to networking and professor messer seems good but what about practicals and hands on labs ? how and where do i do it from

We have some rooms on thm for networking but you should really go through the presecurity and cyber 101 paths.

Seems like everyone in this group has personal challenges they are dealing with.

okay thanks

Gave +1 Rep to @tacit kelp (current: #350 - 28)

what u man?

Th@viral jacinth the cybersecurity roadmap and finding employment

Oh yes, definitely, besides being challenging, I think the job market in cybersecurity is quite difficult to enter.

Literally

You need job to get xp but you need xp to get job 😔

unless you are moving into a position where a cleareance is required, they often won't just issue it out for no reason. it is quite difficult to get on the civilian side

Where in the world are you guys located. Perhaps we could collaborate

Hello everybody, I'm almost finished completing the Security Analyst path in THM, whats a good resource for intermediate-advanced blue teaming. Will still be subscribed to THM tho!

well done!

have you gotten into SANS at all?

Nope, I've heard of it but I find it very out of my budget

are you in school or anything like that?

yes I'm currently in school

are you studying IT?

nope. I'm not in college yet

oh gotcha, are you planning on going to college?

Oh ye but it's gonna be about 2-3 years until I graduate

i would probably do modules that are in line with blue teaming:
Crytpography
Scripting
Malware Analysis
etc etc

@stable raptor trying to get employment I have CompTIA Cybersecurity analyst

gl, im studying for my CCNA

yeah @keen tundra knows a ton about that

We don't do that here #rules

@stable raptor awesome. Check Cisco they have free certification

Not for CCNA. They have the Cisco Networking academy for training and you get certificates, but it's not the same as Certifications. 🙂

@tacit kelp oh I see. I'm still upskilling and learning through labs . Could use a remote job

Hiii everyone, is there a clear pathway for Grc analyst, still lookng to upskill to Ai governance and security too. Don't air me please

Hi everyone, I'm looking to get my CompTIA Security+ certification and try to pursue a career in cybersecurity. I'm curious at what point in the THM learning paths should I consider myself ready to take the exam?

professor messor :3

what's that?

GOATED dude

he has sec+ notes and practice exams, do those and u pass da exam !!

oh cool

i'm curious about tryhackme though, of like which paths i should get through before considering myself ready to register for the exam and start properly studying for it

You’re completely new to this field?

Hi all,

My company is hiring a senior pen tester in London.

If you are a suitable candidate or know anyone , please dm me! :)

What certs do you recommend if i did all paths before webapp pentesting

definitely go through the fundamental ones to get that knowledge and language going. Also, what helped me personally, I was already engaging with the Pentest path before taking my security+ so by the time I really started studying for it, a lot of the keywords clicked and helped me understand more....like which tools are being used, what are they use for....types of malware, viruses, OSs, etc.

Even though the sec+ (from what I recall) doesn't go too deep into the technical details of everything we're doing, it still helped to some degree.

I don't think you would go wrong with any of the fundamental rooms. If you decide to go a bit more advanced in THM, the cool thing is that it shows you the pre-requisites....so if there is a topic you have no knowledge of, then you know to go back and do that specific room first.

Hope that helps, best of luck!

Yep, im looking at an industry change after getting my degree in spanish. I am self-taught in python from a young age but apart from that i dont really have any experience in technical computer stuff.

Thanks!

Gave +1 Rep to @humble cosmos (current: #332 - 31)

You bet.

Ah ok that’s cool. I wouldn’t recommend going for sec+ then to be honest. I think network+ and A+ would be better for you as a start. These fundamentals shape most of it

Would i be able to get a job with those?

I wouldn't rely so much on certs getting you a job. The certs will def give you knowledge and will help your resume stand out more but doesn't guarantee a job.

When I see certs on a resume, to me it shows the candidate has taken their time to study and willing to improve their career but on top of that real life experience is the bigger topic.

That's not to say certs are useless....I still go for them

but to your question....CompTIA certs in my opinion are still valid. It really depends who's reviewing your resume, what company and role you're applying for, etc.

NO DO PROJECTS

do all of these

https://github.com/CarterPerez-dev/Cybersecurity-Projects/blob/main/README.md

ur welcome son

Gotcha! yeah I plan to do projects and portfolio as well, but I guess I assumed I needed a certification for people to take me seriously

Be genuine about joining this field. If you're passionate about it, you'll work hard, study, keep showing up, willing to go the extra mile etc. You'll be seen, people will see you're the real deal. Yes, go after certs but don't go with the mindset of "ok here you go I passed a cert". Anyone can do that....but it's the "evidence" you support your mission with that will stand out. If you're only going after Cybersecurity because of money and because you think it's "cool"....that will also show and I personally think that won't get you far.

All those things will definitely follow along but understand we're trying to come together as a community and help each other from cybercrime (this part is kind of cheesy) but hopefully you get my point lol.

Look up the first edition of "Tribe of Hackers'. That book helped me stay connected and engaged when I was also trying to make into Cybersecurity full time.

also know that you'll get plenty of opinions from multiple sources....so even my "feedback" is an opinion that worked for me....doesn't mean is the only way.

Definitely keep networking/connecting with people....the more people you get involved with, the more opportunities you may be able to see in the future.

Thank you very much, i appreciate the advice!!

Gave +1 Rep to @humble cosmos (current: #329 - 32)

anytime!

Could I have someone potentially review my resume aiming towards a SOC Analyst role?

post it and ppl will review

obv redact all personal info

Anyone have any information/advice about cryptography and whether cryptographers are at risk of being taken over by ai

Hello, can anyone point me somewhere for career advise? Spent sometime making a draft of a post just to get it auto removed on reddit due to low karma lol.

Last time I tried here like a year ago or so, it didn't really get me any answers 😅

Mr Seraphim It seems as you could be a good advisor for my question that is
Cybersec Roadmap:
Operating Systems and their Fundamentals
Networking Fundamentals
Programming Languages
(Pyt,Bash,C#++,JS)
Cloud Security
Log Analysis(KQL,Azure,
Sentinal)
SAL 1 (Thm)
CompTia Network+
Comptia Security+
CCDL1
CCDL2
Projects
Linux Distribution For Blue Teamers
Job Application
My question is
Have I added something unrealistic for my blue teamer(Soc Analyst) goal

🚀

Sorry I couldn't Understand your reply

Iwish good to you

Start with pre-security then work your way to cyber 101 then figure out from there which path you wanna take.

You can post it here

Thanks for ur Advise brother 👍

Gave +1 Rep to @tacit kelp (current: #333 - 31)

Oh tysm bro

Too long for Discord I think so I'll improv. For the record, I'm not from the US.

I don't have much external references for how typical my experience is to other MSSPs or roles but I've been working at an MSSP SOC for 2 years and 7 months now, role in name is Network Security Analyst. Got no certification or prior experience in IT. I got a bachelor's in Computer Engineering and Telecommunications.

Job is mostly handling client emails or calls for firewall configurations or troubleshooting. I got good firewall experience I think, its 90% Fortigates. It was trial by fire but I learned to make IPSec VPNs, Policies, Routing, Captures, among other things.

When I'm not doing that, I'm reviewing firewall, ids and siem logs... As for SIEM, its actually internal scripts that parse through the logs, very different from what I see of others online... We did recently start Elasticsearch though its still being worked on.

For EDRs, in my time here, we've recently have gotten more exposure to them but tbh we don't do much with them, half of them we are allowed to act on by the client, the other half is just forwarding the alert to them.

Starting the year I got the ISC2 CC, I know its a very entry level cert but figured I'd start somewhere and its free. Right now I'm studying for the CCNA though.

Anyways, I want to advance in my career with a focus on cybersecurity but I know my knowledge and experience are somewhat broad but lack depth. I feel like I won't get actual growth at my current environment but I don't know if my current knowledge and experience will transfer well to another company or role.

Anyone have any information/advice about cryptography and whether cryptographers are at risk of being taken over by ai

If you’re trying to get into a fully Cybersecurity role, I don’t think you should go for the CCNA to be honest. There are much better certificates to go for. Your experience sounds very relevant because you understand networking a lot and know a lot about logs and parsing. There are different fields in CS, you could always get into the engineering side of things which is like SOC engineer or Security engineer but I believe you have the foundational. Your current role also has the title that would get you considered for interviews so in my opinion just focus on getting the more relative certificate. Are you based in the UK by any chance?

Only quantum computing can take over cryptography tbh

But wouldn’t that drive cryptography more

No to CCNA? I thought having a solid network foundation would help towards Cybersecurity to be honest. SOC Engineer or Security Engineer huh, I'll look into those then.

I'm more worried of not living to expectations on the interviews, I feel like my current job is not very developed and that transferred to me.

I'm from Puerto Rico actually and thanks for the feedback!

Gave +1 Rep to @hearty finch (current: #914 - 8)

You already have a solid foundation. In my opinion try focusing on a certificate more inline with security rather than networking. SC-200, AZ-500 or other ones that aren’t coming to my head right now. Interviews tend to be more questions related to networking and abit of questions like MITRE ATT&CK, threat intelligence and situational questions. You’ll be fine with interviews tbh

CompTIA security+ is good but in my opinion not worth the price

Unless you are getting it paid for

Well thanks for the vote of confidence haha. I'm sure I could handle networking questions, threat intelligence and situational questions. Over here we don't do MITRE much so it will be something I have to work on.

I wish I could get it paid by someone but alas

I never considered SC-200 or AZ-500. My thoughts were always gravitating around Comptia, Cisco and ISC2 certs so I'll be checking those out too.

Can't say I got a clear picture of what I want now but it definitely helped

Gave +1 Rep to @hearty finch (current: #835 - 9)

The biggest thing is figuring out what you really wanna focus on.

Yes figure out what you want to get into specific, gain skills in that specific field but you should also be able to use your cv to apply for other related roles and you might get lucky, easiest to get into is definitely SOC.

The only thing in my mind is starting my own business

I will invest

Me doing CCNA rn:

What you investing on

Ur business

Do you have an opportunity to work on any cloud infrastructure at your current role? With your networking skills, cloud security would be a good transition. If you are interested check out Cloud Security Lab a Week. Rich teaches cloud security on the cheap. But make sure to follow the labs from the beginnning - he starts with setting up billing alerts so that your labs only cost a few cents vs running up an AWS bill.

The only downside to cloud is that cloud security roles rely on either a cloud specific tool like a CNAPP (Wiz, Orca, Defender for Cloud) or an Exposure Management solutions (previous vuln management solutions moving into cloud space) like Tenable One, Rapid 7, or Crowdstrike. So until you get into the role, you won't be able to get the experience you need .... to get the role. That being said, check out runZero. They have a free offering for your home network, which will expose you to enterprise level solutions without the cost.

I got you, your trust in me will pay off

Understandable I feel getting a few years with an established business so you can avoid the pitfalls is ideal.

Yeah you’re right

:hammer: kidistech_35907#0 has been banned.

woah that's an even better list than what I had back when I got into it all lol.

I would second what RootHex mentioned, start with the pre-security then eventually figure out where to go from there.

But I think you would be ok to at least get into the first 2 on your list. Assuming this is in "order", I'd say, try and start studying for your first cert right away. For example, when you get into Network Fundamentals, pickup a Network+ study guide and slowly read it like a book....not so much thinking that you will try and attempt to take the cert right away (unless you feel good to go for it) but mainly to reinforce that knowledge as you go through your hands on work.

Also, don't get too caught up on the list...that's great that you have an idea of what you think your path will look like but it can always change at any time so focus on one thing at a time. Your desire to go for a specific role might change along the way.

And lastly, don't be afraid to apply for jobs (or even internships) at any time. Yes, reality is that if you lack experience, it will be challenging and competitive with the other candidates but, the beauty for you is that you're starting off so you have nothing to lose. If anything, take those few interview opportunities to gain experience and understanding to what hiring managers are looking for so you can also focus on that if it matches with the path you'd like to choose.

and like I've said in the past, network as much as you can, keep showing up and connect with people. In this industry, you will never come to a place where you think you've learned enough and a lot of the times you will get to learn from others.

Thank you very much Mr Seraphim.
I am currently on Linux OS and thankfully the motivation is still with me.
I have 3 more questions Of you could answer.

1. Are books Helpful in this career line?
   2)How to make connections with people as a friend, advisor as you or something else?
   3)I don't have a laptop or PC,
   Looking forward to buy one but will I remember everything I am learning right now without a laptop?
   To battle this I am writing notes but it doesn't feel the same,
   What is your opinion on this problem.
   4)The total cost of all my certs is quite high as you must have noticed so is there any cert in my roadmap which I can skip for later?

Gave +1 Rep to @humble cosmos (current: #318 - 33)

Books totally help. I'm not much of a big reader but the few books that I've read def have helped me and Tribe of Hackers is one of the ones that did help and there are plenty of articles out there that can help you stay engage as well as podcast.

Look up any local meetups, study clubs at school, web conferences, LinkedIn, Discord.

Keep using your phone to look for most of these resources...lots of youtube tutorials on how to do things...you may or not remember how to do things by the time you get a laptop but you will have the understanding so don't let that limit you.

Don't get too hung up on certs...you don't need to take them all at once. Not sure how financial support works where you're at but if you're in school, maybe there is a program you can join/apply that can help you with financial needs.

and taking notes as you go is also a great way to have that muscle memory grow. Keep it up!

I gonna major In Cybersecurity later rn I want to learn the fundamentals my end goal is penetration tester

Hi everyone,
I would like some guidance on how to progress in my career. Currently I'm working as technical support associate, it's not majorly very technical it's L1 level.
I'm not sure how to progress into cybersecurity especially as a Soc analyst or network security engineer.
I'm currently doing tryhackme soc level 1 pathway. I'm planning on doing ccna next. Later sc-200. I also want to add labs for my portfolio (could someone suggest some good videos or github repositories for that also?)
I'm in India, could someone tell me if what I'm going to invest my time on is right? I would like your suggestions also. Thank you so much for helping.

I would also like to add my tryhackme learning to my LinkedIn or medium, could someone suggest on how to approach that? Is LinkedIn be too much should i stick to medium? (Like how I'm getting the flags and a summary of what i learned)

I'm also learning French, currently at A2 level. I want to reach B2 level. I'm thinking of doing the french later.

Hi guys
I'd like to hear some advices for young cyber-security enthusiasts. Im 17 yo and I realy want to get into cyber in future. My goal is to work as pentester, and maybe in future as a red-teamer. I'm currently following path "Cyber Security 101" and i have consequence in it. My question is, what should i do next? I've heard some statements, that getting into cyber-sec is easier for blue team than the red team. Would you advise mi to get into SOC Level 1, get certified and then requalify to pentesting? Or do you have other, better paths? I have time and i'm willing to work, so I'd like to spend my time as good as possible

I would go blue team first because yes its easier to get a job in as a defender than an attacker

Also it will teach you to be a better attacker because you will have knowledge of the defense sides playbook.

do you work/did you work in it? I'd like to know, what are most valuable skills during recrutation, and if i kan learn them only with THM and its labs

@tranquil pawn and in the same way, going after pentest work can always teach you to be a better defender. I always wanted to be on the attacker side and the more I got to deal with Blue Team, I ended up finding passion in mainly knowing how the attacker's mind work and then applying it to the defense side of things....where are the gaps that we should be fixing, etc.

I don't but I would want to if possible.

Definitely add this to your LinkedIn profile. Posting about it or adding the certificate once you've completed a learning path shows others that you are actively pursuing your cybersecurity goals. Did you earn a cool badge or did you finish a challenging room or lab? Post it and share your thoughts. Showing that you are genuinely dedicated offers many benefits and is a great way to expand your network. :)

Okay sure. I'm going to post them🤠 👍🏻

Ikr

Nope, there's only one client we're allowed cloud infrastructure with, they rarely call for us and when they do its usually handled by a senior. Tbh never been keen on cloud myself but I'll check out Cloud Security Lab a Week, maybe it'll call out to me. Oh and definitely interested on runZero, sounds like something fun to run on the home network.

Yeah I kinda noticed the "To get the role you need to get the experience, which comes mostly from having the role". Think it goes for many roles out there.

I learned about a lot of resources in a night thanks to you all

Gave +1 Rep to @torn plume (current: #345 - 29)

Hey guys! I live in what is considered a 'third world country.' I want to become a cybersecurity engineer, but I am scared the market is oversaturated. I am still very young, so I am asking: Should I go into cybersecurity, or should I look for other jobs?"

Well how young are we talking?

10 years of experience including everything from cyber security analyst, incident response, engineering, threat intel, to penetration testing and red teaming and I left the industry for 2 years and now I can't land a job to save my life .... it's very strange

why did you leave it to begin with if you don't mind me asking?

I went to try to start my own business

And the company I was at didn't hold on to my security clearance like they said they would when they hired me and dragged me along for over a year and a half and eventually I quit cause losing that clearance is costing me a lot of opportunities

damn 10 years...

but you should get job very easily 🤔

ya no kidding ! I used to have recruiters hitting me up daily no exaggeration and now it's like a ghost town

AI taking over my logic

Thank you again brother and I just read a msg about a person my age completing cybersec 101 what is that? Is it necessary? Is my roadmap enough or do I need this?

Gave +1 Rep to @humble cosmos (current: #314 - 34)

since we're on THM discord, I would assume they're talking about the learning path which is great and you should totally check it out.

I would say though, just start with a room and get on with your learning....I may have the feeling that you may be wanting to have the "perfect" path and there really isn't a perfect path. These plans change along the way.

Anything fundamental right now is good for you. As you get to gain experience and continue to learn, you'll have a better sense of what's needed for you or not..it will eventually depend on the interests and passions in the midst of all this.

But I don't want you hesitating...just go for it. Have fun with it. If you get into something and then you learn that it is boring to you or not needed....don't' take it as "wasted" time, you did something and still learned something. From there just move on to the next thing. Don't overcomplicate it. You got this

if i start learning now i will have a major advantage young

Hi everyone,

I am a developer with over 5 years of experience, and I am currently working towards moving into an Application Security Engineer role.

My current plan is to go through the key web vulnerabilities in a practical way. So far, I have covered seven topics and completed several PortSwigger labs to reinforce what I have learned. I am now slowly finishing the SSRF topic.

I have also started writing articles on Medium and daily.dev to help me organise my knowledge and explain what I am learning in a clear way.

I am also documenting my notes, lab summaries, cheat sheets, and learning progress on GitHub here:

https://github.com/cieslikprzemyslaw/cybersecurity/tree/master/eng/key-web-vulnerabilities

My next steps are:

Repeat labs
Practise each vulnerability multiple times until the testing flow feels natural.
Write notes and lab summaries
Document what happened, what I missed, and what I learned.
Connect vulnerabilities with secure coding
Understand how these issues appear in real code and how developers can prevent them.
Build small proof-of-work examples
Create simple examples that show vulnerable code, how the issue can be tested, and how it should be fixed securely.
Build an AppSec workflow
Move towards secure code review, remediation notes, SAST/DAST, dependency scanning, and threat modelling.

Would you add anything else to this plan?

Also, what do you think are the realistic chances of moving from a developer role into Application Security? I would be interested to hear from people who have made a similar transition.

Anyone have any advice for my resume, looking into getting into SOC sometime in the next year?

Where are your soft skills

Tbh for my current job they didn't care about soft skills whatsoever during the interview so I felt like maybe they aren't super necessary

And one more line would make it 2 pages

Reorder this. Experience, Education, then projects.

Skills can go at the top as an elevator pitch summary, but tools aren't skills. Your work history should demonstrate the skills you list by linking the skills you have to the things you've done.

Does anyone have any advice?

My education is just a high school diploma which is meaningless, I just have it there to show I finished HS. Do you still recommend it being in the middle?

High school diploma should be the last thing.

If you didn't have a high school diploma, that's an automatic non-starter for most white collar jobs.

Yeah that’s how I have it currently, you had mentioned putting education in the middle but I didn’t make it clear it was just HS

I get that you're just starting out, but it's extremely important that you understand the difference between emphasizing and embellishment.

One of those is much more likely to break trust; if you want to get into infosec or cybersec, trust is difficult to earn and easy to spend.

It's a really bad look to start out with a lie on your resume. Once I've caught candidates in a lie in the interview, I have actually just ended the interview at that moment.

I don’t think I’ve done much embellishment besides making “top 4%” seem more important than it is

In general. I see people ride that slippery slope into their own un-employment.

A recent candidate, I found 3 different versions of their resume. 1 was from 5 years ago, the other two were recent. One version the candidate had never seen, and was provided by a recruiter.

Ah, I see. Yeah I try to keep things true since I would have to explain it in an interview anyways

We don't do business with that recruiter.

I do feel like I wasted a bit of time going for CCNA, but it seemed like understanding networks was pretty important and I’m almost done

Most security people come from network or have at least CCNA level of knowledge

And honestly I’ve found that I really enjoy the networking aspects

It's fundamental to understanding the components that go into enterprise IT infrastructure.

Yeah I agree, a lot of people online say it’s unimportant but I think they are still just chasing the shot in the dark SOC role with security+ and THM

Yeah, those people are wrong.

Security is all about context. Two identical assets in different environments will require different controls to be 'secure enough'.

That's another trap a lot of security people fall in to. It's impossible for security to get to 100%. It's a scale of balancing usability and risk.

I know infosec is a bit of a shot in the dark for me too even though I’ve luckily been able to gain very valuable experience at my MSP, so I’ll probably make a more network oriented resume too after my CCNA and also shop for those positions

the only 100% secure system is the one that doesn't exist. There is always risk, and there is always the (however unlikely) probability of compromise.

Yeah it seems like even if everything is done right, vendor reliance can always be a compromise. Before I joined this MSP, two of our clients were compromised due to a SonicWall vulnerability

Hi guys, is the SEC0 exam worth it? or better to learn and purchase SEC1, skipping SEC0

IMO no

do sec+ and CCNA

thanks man, appreciate your swift response

I've been working in Security, mostly on the physical side. I went from a Physical SOC operator to a lead SOC operator getting a security+ and a computer information systems degree, to protective Threat intelligence. I want to get back on the technical side to bridge into some of these cyber security roles. So any advice on a roadmap or bridging from physical security world to cyber security would be appreciated. Thanks for all the help so far.

reading this im regretting to have bought the SEC1 voucher now 💀

LMOA

wait some people buy SEC0 & SEC1 vouchers?

Nah now I'm dying from the inside 🤡

You should have saved some cash and bought PT1/SOC1 Voucher

Can you contact support for a refund?

It says on their help centre that they don't offer refunds to exam vouchers..... 😭

True

damn

My only hope left now is to win in the raffle

Me too

XD sir, since you have regretted this, looking back, whats a great path you wish u had taken instead of the SECs

Honestly this, along with SC-200

Hello Everyone.
As Red Teaming Jobs require more hands-on experience, creativity and understanding of technical stuff.
Wouldn't getting one be hard?
Another thing is people on reddit and quora mostly quote that companies generally prefer individuals with 2 to 3 years of experience.
Is this kind of experience being referred to blue team expertise or other?
As a blue teamer can one change his domain to offensive security?
-The Jester

ah thank you sir

Gave +1 Rep to @fickle shell (current: #3779 - 1)

I wouldn't rely on quora for answers.

May I know why ?

Because quora is so unreliable for answers it used to be great when it was just experts answering but then they allowed anyone to answer and it became worse quality wise for answers because of it. @jaunty sail

Hello after completing the blue team path in tryhackme, what's a good next blue team based resource (for intermediate) still subscribed to thm tho

Yeah

how many days left for this raffle event???

Think it ends in June iirc

First

second

On topic, yay

Will hack for shibes

@warm hinge rule 9

get nooted

top 10

Buncha nerds

Oh! Finally an NC-17 room. So what, we can cyber to climb the career ladder?

Uh, yeah, sorry, still SFW, please...

@undone shore although there is a more adult focus here

It just has to be extra safe for work

Well, yeah 😁

I can get behind that

😏

Warning: This channel contains adult themes like: Getting a job.

https://tenor.com/view/tracey-morgan-no-nope-gif-11034200

Warning: This channel contains adult themes like: Getting a job.
@quick forum if my boss doesn't understand how to deal with topics like psw management, resiliency, etc.. etc.. i think i'll need one very soon 😅

any germans here?
I am getting the feeling that all the time I put into learning new stuff is pretty worthless here since most job postings just flat out require a university degree. And I found almost no experience report of self-taught ppl who made it in the industry here.

I'm not sure how Germany works @candid dragon, but i can confirm that in the UK. I landed a job purely on my infosec knowledge without prior experience

In the industry as a whole, you most likely can make it in on skill alone. Most job postings have a degree "requirement" but that's just the barrier between teams, hiring managers, and HR

And this can be said for most infosec jobs as our role is extremely technical and skills based. More senior positions that requirement is a bit more of a hard requirement as in it's sort of needed...then there's management

More often than not, certifications or displays of skills/knowledge (projects, blogs, etc) can usually be provided in this industry to show that you know what you're talking about.

Generally, if you know you can do the tasks that they are asking (or at least some of them) apply/send your resume. The worst that can happen is they say no but turn that into a learning opportunity and ask why politely.

The people who make the job postings are usually HR teams, and not technical people and they don't really understand what we do. Their job though, is to search through and filter the signal from the noise. Generally they will pass this onto the teams and if you stand out, the teams will tell HR to contact you.

Edit: sorry for the wall of text.

Not sure how much that helped @candid dragon

don't know yet. but thanks for your input

If you have the skills, go for it and treat it as a learning opportunity either way. You can only go up in this field (unless you break the law)

If you still aren't too sure, or are having trouble, try getting a cert or two under your belt in place of a degree

Best of luck though :)

I am currently going through LPIC Linux essential cert rn.
Any other more infosec related certs you can recommend?

Depending on what role you want to go into, there are many

If you want to go into DFIR look into some GIAC certs

If you want to go into pentesting the OSCP is a good base to start with and then the SANS certs (if you have the money or if you get hired by a company and they'll pay for it)

Some GIAC certs are good for pentesting as well (GPEN/GXPEN)

Wait derp...those are sans

facepalms I'm a dummy

Basically, you'll have to do research depending on what role you want to move into

@willow harbor already somehow said it, but i would like to emphasize that you don't need to get OSCP to get an entry-level job (at least in Europe)

serious companies will make their mind based on the on-site interview and the eventual challenges they will send you

and what would be a basic skillset required for an entry-level job?

You don't need one of course

Was just a suggestion :p

depends on the role you are looking for, it security is a very wide field

Apologies if it seemed like I was stating that it's a requirement

no, don't worry! I was just throwing my 2 cents on this subject, fffsec is making a lot of money from students believing it's an absolute requirement to get a job and I don't like it :|

Yeah I did say certs or a display of skills

well germans like requirement and things that look good on paper :/
anyway I think maybe webservice pentesting might be a good way to start for me? I have some basic experience programming them.

a blog can go a long way. Same with a github :3

^

this

But ITSec as a whole you don't need something like a degree or cert

I've got my foot in the door for a company here purely because of that sort of stuff

As long as you can show that you have a baseline skillset and a willingness to learn, they will definitely consider you.

@candid dragon: my first (it security) job was in Berlin and I only had a "generic" computer science degree

Eyyyyy :3

(I’ll send you a list of skills after eating)

thanks. appreciate it.

It's not exhaustive, I tried to summarize what I like to see when recruiting people for entry-level pentesting jobs:

• Soft skills

  • not bullshiting when asked questions they cannot answer
  • capable of working in a team
  • communication efficiency (you will have to make oral presentations to clients)
  • writing reports for a technical and non-technical audience (it's 20% of the job!), taking notes
  • being autonomous (≠ not asking questions when stuck), since you will always be asked to do things you don't excel in

• Linux

  • Your work laptop is most likely to be on Linux, make sure you know how to use / setup / maintain a clean and safe one
  • Networking (connecting to a network, adding routes, setting up a VPN), it will become very handy during on-site assessments
  • How to trace / debug a process
  • Basic bash / python scripting
  • Common privilege escalation methods (extensively covered on THM)

• Windows / Active Directory (not mandatory but it's good to know the basics)

  • Common knowledge of Active Directory and the related terminology (eg. knowing what is Kerberos and its role, PTH, what is a GPO...)
  • Common privilege escalation methods (extensively covered on THM)

• Offensive stuff

  • the most important: being able to detect, explain and tell how to avoid most common vulnerability classes (XSS, CSRF, SQLi, XXE, command / parameter injection...) in black box and white box.
  • SOCKS, reverse SOCKS, ...: ~ how to pivot after an initial intrusion
  • Very basic knowledge of (x86|ARM), common memory safety bugs.
  • Basic knowledge of cryptography (recognizing hashes, attacks on malleable ciphers...)

@willow harbor: maybe you will see things i forgot?

@languid hearth You still got that checklist?

I disagree with the Linux on laptop one. It highly depends on the company. Both my laptops have been on Windows. Its been a "We are a Windows shop. Our security team shouldn't be an exception. If you're using Linux, its virtualized."

but yeah 1 sec

Networking:
- Describe the 3 way handshake
- Without nmap and other standard utilities how could you determine a port is open
- Say you have a root shell, you see information that you believe will be useful for
  another engagement, however the shell is not stable and the file is too large to copy 
  and paste, without access to Netcat, how could you transfer the file?
- You see a service running on a non standard port, nmap does not recognize the service
  how could you figure out what service was running?
Linux:
- What distros do you use/deal with on a daily basis?
- You got a low privilege shell on a box, what are some of the first things you may do 
  to attempt to elevate privilege
- What are some other things you might check for?
- You notice a HTTP server running on a port that is only locally accessible, how might you
  access it? 
- Explain how a SUID binary works and how you could exploit it
- You have a custom SUID binary on a key production server that you have never seen before
  how might you be able to to use this to your advantage?
Windows:
- You have recieved a low privilege shell on a Windows box, what is your next step to
  elevate privileges?
- Describe how an active directory style network works and the structure of it?
- How familar are you with powershell? Can you provide some examples
Web:
- Talk about some web exploits you've preformed
- Talk about an exploit/vulnerability that you found insteresting
- Explain how SQL Injection works
- You're tasked to Pen Test a web server, give a rough high summary of how it looks
Other:
- How familar are you with automation, give specific examples of something you've automated
- What is your familiarity with docker (non exploitation).

These were some interview questions ive been asked in the past

ideally, you should be able to answer them all with ease

Sweet, that was exactly the one

from what I understood, adeny wanted to find a web / pentesting job so i was thinking more of a consultancy position, hence the laptop point

+1 for your interview questions

Thanks guy.

@ebon hearth sorry Just woke up and saw that message

So @languid hearth that list is actually very close to what I ask as well when interviewing :D

Either way, having a proficiency in windows/linux/mac will definitely help in any regard be it web app testing or network pentesting

Not bullshitting and admitting your weaknesses is a BIG thing though

Same with communication skills

Pentesting involves a lot of soft skills like report writing, talking to clients, and being an effective team member as most of the time, you will be functioning as a unit with your coworkers

I would like to add something though if you do look into going towards network pentesting or companies that may do it. You will most likely get asked questions about Active Directory in those instances and I highly recommend learning it (even if you do go into just webappsec) because it is used extensively in corporate environments.

AD is 100% a necessary skill

and i feel like it needs to be taught better

but if you dont mind me asking - whats the best path to get into an interviewer position?

Well, Most interviewers are management but some companies like to integrate their seniors or members of the team who are experienced.

Like when I worked at a big 4 firm before this virus, they would usually include seniors or those on the path to becoming a senior

Since we're usually more technical and have the experience in the field we could gauge their responses a bit better than say someone with pure management exp

This is in regards to the technical/in person interview aspect and wholly depends in the companies polices and procedures

I feel like I made a typo but meh

Best way to get into it would be to ask your management team about it and see if there is any specific process you need to go through

that'll be a few years down the road unfortunately. I started about 4 weeks ago?

You can always go backwards: i mean... in timeline

@languid hearth

4 weeks ago isn't bad @languid hearth Give it bit and then ask your leardership what you can do to progress towards the next level 🙂

like maybe a few months down the line

If looking to get a career in the field does it make sense to spend money (student so tight budget..) on certs to make it easier to get an interview and a job as an junior pen tester or would it be better to just keep researching and learning, hope to get an interview, get a job and then have the company pay for certs? I know with SANS certs it seems that it's almost exclusively companies that pay for them and I asked a few pentesters that have oscp, osce, gwapt and stuff like that and was told varying things such as their company paid for all of them and they had no certs before to things like they had sec+ and ejpt but the company paid for gpen and oscp.. Just wanted to know what others thought

There are some cheaper certs out there that look good

Some of the CREST ones

I wonder how well known that is over here (Canada) I was also mainly asking because while I could save up for pwk it's a lot. Meanwhile I got a discount for the pts but heard that one is very basic and still not very recognized by employers

@elder falcon The PTS/eJPT is considerred an entry level cert but it does give you practical experience in the basics of penetration testing. It is a good entry level cert but won't likely be enough to get you a job as a pentester. Going up to PTP/eCPPT would bring you up to the equivalent knowledge of the new OSCP released a few months ago.

John Hammond has done reviews of each of these on his YouTube channel, as have other well-known pentesters, like The Cyber Mentor.

It's true that the eLearnSecurity certs are not yet as widely recognised as OffSec's certs, but their reputation is growing. Certs might be financially expensive but some certs can be considered an investment, especially for certain career tracks, as well as being a requirement for some jobs and promotional tracks.

I checked out the John Hammond eJPT/PTS review and seemed promising, definitely can't afford eCPPT/PTP as it's on nearly the same cost of OSCP although the monthly installments do appeal to me I would really only be able to go for one if any out of pocket of those 2.

Completely understand the investment side of things which is one of the main factors i'm considering it, although I realize that the learning material and opportunities such as THM/HTB/vulnhub exist for cheap or free making the overall cost of the course+cert a bit harder to swallow.

I currently am enrolled in the barebones PTSv4 and was going to check it out and possibly upgrade to the Full version. I realize the hardest step is arguably getting your foot in the door for a position and as it is with most things i'll have to research more. Thanks for the recommendations and things you've brought up. Certainly food for thought. I've read hacker playbook and web hackers handbook. Thinking about purchasing industrial operator's handbook as it seems like a beefed up RTFM and was considering looking into georgia weidman course videos.

I'm just wondering what the best way to set myself up to succeed is so i've been spending a few hours every day going through THM/HTB boxes as well as reading and just looking up things I may not fully understand. I do think I lack quite a bit of networking knowledge and only know the surface details. So that may be something i'll have to check out aswell.

@rugged delta

@elder falcon I think you're definitely on the right track. There are a lot of people in the cybersecurity industry who wandered into it from many other fields and you don't have to necessarily have a certificate in any particular area, but it does help validate your skills to potential employers if you don't already have a reputation or professional relationship with someone potentially hiring you.

It is a good idea, as you've already probably discovered, to find groups in the industry who you can relate to and find people who can direct you down the path to your goals.

THM/HTB/VulnHub and the books you mentioned are excellent resources for starting out. Penetration testing is a deep area and can take a lot of time to get to grips with. Having the right resources will get you started and there are plenty of options to get you up to speed on what's going on inside this field. Some things change, some things stay the same.

You might enjoy reading the interviews in the Tribe of Hackers book series. They give a broad review of where you should direct your attention, even discussing whether and what skills and qualifications might be worthwhile with and without certificates...

This little free booklet from Hakin9 magazine is along the same lines

https://hakin9.org/download/hakin9-open-become-hacker/

@rugged delta really appreciate your advice and will certainly heed it! I did see that series of books on amazon as I was checking for the next thing to pick up and seemed interesting, so I may have to check it out!

Once again, thank you!

@elder falcon A lot of widely sought after books come out occasionally on Humble Bundle. IT books are pricy on their own but occasionally there's good deals from reputable publishers here. I've bought over 350 IT books there over the last four years on Cybersecurity, Linux, DevOps, AI, Python, Game Design, Big Data, Blockchain, Software Development and other non-IT stuff too, though I also buy plenty of books on Kindle or in my local bookshop. Acquiring and reading them are two separate hobbies 😉

thanks you for the book

Any advice on CEH Practical and possibly some boxes that are relevant to prepare without buying the iLabs through ec council?

There are some cheaper certs out there that look good
@quick forum suggest some .... (though asking without googling 😬..... )

Splunk, Elastic, Udemy, eJPT

those are a few examples @warm hinge

the first 2 are free

there are fortigate ones to

probably worth contacting the oracle (google) with your query might be able to provide you with a better understanding

So, in reference to binex, what languages should I be learning? Assembly is a given. Python would be a good starting language.

Some C so you can understand where the vulns come from is probably a good idea

Not always in C, some in python

Python is good to learn because of the pwn stuff you can do with it

But you'll be looking at assembly or C

I agree

If you're doing like a CTF you should use python

Also good for spawning shells with pty

Python is an excellent scripting and automation language yeah

It's damn slow though

Use go for more automation oriented programs