#cyber-and-careers

I have a decent chunk from the last term's rent that the company waived

I'm just due a little more back

I started paying my student finance back last month 😦

How much do you guys pay for Uni?

£9k/year tuition

Oh damn

Depends when you joined, but it's about 9500 a year now

Up to about 9k loans for living

about 2k usd per semester

£9250/yr in the UK

Is it a fancy uni?

They all charge the same

wow

ex poly gang represent 🙂

@nova lagoon All of the UK unis have the max rate set at 9250/yr, and they all charge that because they can

Ah nice

How do you guys keep notes? I have a hard time keeping track of commands. I know no one knows commands by memory but I'm sure everyone has some form of note taking method.

That's not very cool of them unis

Go to italy tuition is 1.5k a year

dab

That's the only reason I might consider getting a degree back in italy, it's freaking cheap

It's even more expensive here if you're an international student. They all make bank off students from China

You a brit?

How do you guys keep notes? I have a hard time keeping track of commands. I know no one knows commands by memory but I'm sure everyone has some form of note taking method.
@spice fiber Good question, I'm also interested

I am yeah

For non EU international students it's 14,000 a year at my old uni

Madness

No degree is worth that much

Guys degrees are cool but my manager has just high school and 20 years of experience and he is still a director level :)
I have met many people from Russia working in Europe with no degree (they had no money) and yet they got hired in top companies like google, microsoft.

Degrees get you in the door with less experience.

What I have learned from Pentesters from USA:
Certifiactions gets you the job interview, experience get you the job and University gets you a higher pay grade (at least on the beginning)

Certifications can be just as expensive

So yea considering how much is a University I would suggest paying for OSCP (but it's not beginner friendly :))

Sometimes you need a degree though.

At least here in Poland we don't have to pay for Uni (public), the privates are not that expensive either I would say like $250 / month max.

As well as alot of the pentesting jobs in the US you need a clearance for and that is really expensive which is why alot of people get a company to pay for it and for that you may need a degree as well

What I have noticed here is that many people start as software developers, Quality Assurance testers, Admins and then they move to IT Security. Maybe that's easier considering ISTQB for QA is a piece of cake.

It makes sense

You start as a generalist

Get strong foundations

And then specialize in Security

Starting straight in security is way harder

@spice fiber Joplin

In Greece, studying is free, so just reading all of this is painful

You only pay if you want to go to a private institution

Also if you're low income, you can apply for student housing (I'm forgetting the word rn) and you most unis also provide food for their students

So a lot of people can basically study almost for free

Noiceee

We're years behind in other aspects, and when I see something like bsc in cyber security, I'm jealous because we don't have bsc's that specialised over here, but our unis are damn good, and most people that have a specific focus and also work hard, typically get there

Sadly I had neither lol

But working on it

Good Luck

Thanks bud

@cosmic ingot thanks, I'll take a looK!

just got an email back from one position, wonder how often this is going to happen. "We wish to thank you for your interest in the position of Computer Sys Security Anlyst 1- 404. Unfortunately, due to a change in business needs, this opening has been cancelled and is no longer available."

thanks covid 😛

that sucks

I was supposed to have a paid internship with boeing and that got canceled almost immediately when all of this started happening

Hey everybody! Can anyone share their views about eJPT certification or any other certification from eLearning Security?

@remote mauve

hey @honest swan, so eJPT is fun and the course material is good. that's what i can say. if you are just starting into security eJPT is the best you can get some good understanding of basic concepts such as exploiting common vulnerabilities/bruteforcing and a few other pieces. However i would definitely recommend doing Blue and a few other rooms for experience's sake before doing the exam

in regards to eCCPT i would pass that to @elder grove

eJPT is good because it's affordable and the labs provide some value as opposed to trying to figure out how to build those things out for yourself.

PTP is information overload, and that's good and bad. It's a massive course, and you really have an opportunity to pick and choose what works for you. It covers and tests you heavily on pivoting, which is one of the many, many failures that OffSec has with OSCP.

I think if you're new and want to learn to pentest, do PTP. Unfortunately there is too many people in IT in general that are territorial with their certifications, and this is no different. OSCP holds value because people in the field today had to take it to get where they are, and that's about the extent of it's value. PTP will hopefully get to the point of acceptance, and I think it is over time as people see it's a truly valuable course and exam, versus "try harder."

Hey @remote mauve ! Thank you so much for sharing your views!

Instructor support sucks from eLS, but I would say you get more than you ever will from OffSec.

@ Hi @elder grove ! Thank you for your reply! I have received the course for eJPT's PTS for free and the content looks very rich!

PTS is a good course. It was my first pentest certification.

So many concepts covered in just the level 1 certification

It's really more for personal value than anything. It's doubtful that any employer is going to accept the certification. But the info it provides is a good start, and again the real value in that course is the labs.

Would you suggest to go for the practical exam without opting for FULL or ELITE packages? It'll help me save around 200$

I would do the Full package.

The materials alone from the barebones package won't provide much context if you can't practice them.

Oh okay, so FULL package it is! Thank you so much! Your reply means alot to me! 🙂

You're welcome. Best of luck!

A follow up questin, the eJPT exam, maybe i have misread but need clarification if possible. The exam test, it is fully based on owning machines and not doing a theoretical exam. Is it CTF like where you submit flag?

@austere shell to some extent it can be classified as ctf-y but not entirely. it's a multiple choice questionnaire for eJPT. eCCPT requires you to write a report in 1 week after you submit the exam

Just got my clearance to perform pentests within my org's domain \o/

Time to learn how to do them 🤣

It's a combination of multiple choice and practical examination Skiddy.

You have to exploit the machines to get the answers.

PTP exam has no flags, and two win conditions - root the DMZ and find and exploit all vulnerabilities.

is eJPT/PTS worth getting

Do jobs in your area look for that cert?

well, not by the looks of it

its mostly like OSCP

but I was looking at it in the educational aspect really

seems like my answer is above, nvm.

Entry level cert, no experience still in school, whats the best to go for? CEH/eJPT? Anything else? I'm looking for high educational value

CEH is a meme cert most of the time

@balmy saddle cheers for the career talk

No problem, I dont mind to give a more thorough discussion about it at some point. 🙂

I feel the pts/ejpt is a great stepping stone to learning and retaining core concepts and ideas, that you will need regardless later on if you take oscp etc.
Everything you learn is going to benefit you one way or another. The pts really packs in so much that you can even refer back to later on in your pentesting jouney.

Where do you guys search for job openings?

linkedin or referrals

Swiss has many platforms

like jobup.ch

But ye linkedin is also my goto overall

Glassdoor or local sites

Anyone have their TS/SCI clearance? I've noticed several jobs in my area ask for them. The only thing i've worried about is the credit check lol

Do you have a Secret clearance already that can be upgraded? To be completely honest, most employers aren't going to fund the clearance, nor wait to determine if you are going to have it granted to you or not.

Is it hard to get a DoD clearance as a foreigner?

I think you need citizenship from what Av8rPilot was saying last night

big oof

It probably varies by clearance level

It'd make sense

It's my understanding that you need to be a citizen.

Full fledged? Or does the green card count towards that?

Citizen

F

Possession or use of a foreign passport can be a disqualifying factor RIP

yeah your chances are pretty null if you're not a native born citizen

There's a lot of work that isn't for the DoD remember

Part of the problem with the clearance system is that contractors have no requirement, nor motivation, to fund it. They have a never ending supply of people coming out of the military with Secret and TS level clearances that they can choose from.

The entire system needs a rework, and you're essentially precluded from an entire sector if you let your clearance lapse (like I did years ago), or you don't have one at all.

Rarely are you going to find an employer willing to hire you, fund a clearance, and sit on their hands for a year or more while the investigation plays out.

I've seen a few positions that say they'll get you TS and secret

iirc some of the guys I work with are just getting clearance to have a better relationship with the 3 letter agencys

but just wondering how the credit check part works, I've got student loans and a bit of debit 😄

They might say they'll sponsor you, but you would have to be incredibly qualified to that company and worth that wait.

go download credit karma and peep your credit score

It's just credit risk. If you have a low credit score, the idea is that you could be swayed to make bad judgement decisions.

@spice fiber pretty sure it's mostly to see if you're likely to be manipulated by people offering you money

The Mayor put it better

You should truly not expect to get a clearance job if you don't have the requisite clearance required for the position.

I'm not making this up or kidding. Unless you are too good to pass over, which in a country of 350 million people is hard to believe, you just aren't going to be sponsored.

(This advice is US specific, UK is different)

Correct. It's not allowed to pass on a person in the UK if they don't have a clearance.

they're in the south US iirc ^^

@elder grove Uh, nope.

I have a headhunter buddy in the UK who says otherwise.

¯_(ツ)_/¯

There are plenty of jobs that you need to pass the background clearance for

Pass it.

And get the clearance

yes. Can't be looked over if you don't currently have a clearance.

So you need to get the clearance

That wasn't very clear

Can be looked over if you can't get one.

So your best bet would have been to join a branch of the army then

Military is the best bet.

I've literally lobbied Congress about this.

The DoD contracting sector just has too much power.

yeah =/ I mean I don't even have so much as a parking ticket lol

I can second, Military is best way to get clearance

honestly, the military isn't a bad career choice, especially since you can get locked into what you want to do

I mean I agree but I feel like it would have been a better choice if I was a few years younger 😄 I'm 29

What kind of path is the most appropriate with an eJPT as a 16 y/o

by path you mean the paths in THM, right?

Yes

if you already have eJPT i would suggest OSCP path. (btw you can get eJPT role from #general i think)

@inner iron is it ok if i were to dm you whenever you are free? Regarding eJPT and some stuff about infosec in Pakistan?
can i?

he hasn't been active recently @willow gate

i just hope hes fine

@cursive shale might have some input

But I'm not sure

well he's not in pakistan for years now, and dont have eJPT either although alot of knowledge tho

I am just curious, why do you want to know about eJPT in Pakistan?

isn't it the same everywhere?

just pass it online

http://puu.sh/FNVxF/96a7ce25ac.png

well its more like to know the scope of it in Pakistan, i dont have much knowledge about the industries and stuff, also planning to get a job after eJPT as many of the jobs that i saw so far are looking for lesser experience so it may help or may not

Just a reminder that eJPT doesn't hold much recognition in the job market

it does not, but it can give you some advance for a Junior position

eJPT is entry level

(better than CEH) sooo

i have read that people that are comfortable with THM and some easy HTB boxes can pass eJPT without much additional studying

it's easy

@willow gate There's 3 levels of CEH

ik ^

CEH, CEH practical and CEH master

CEH Practical seems alright

CEH base is a meme except for US DoD

the guy from CEH also called a few days ago

CEH practical is eh

why eh

CEH Master might be worth more

But don't get certs for the sake of getting certs

Get certs because jobs in your area look for those certs

&^^^

that's the best solution

umm coz i was looking for the course and gave my contact info while signing up so he called me he was from india and asked when i am planning to get CEH and stuff

(Or if they're offered to you for free, free certs best certs)

I have one eJPT-alike free course passed

it has a nice cert

I can send a link If anyone needs some practice like that

I can send a link If anyone needs some practice like that
@fathom lake please do

sure, give me a minute

https://www.itmasters.edu.au/free-short-course-pen-testing/

you can easily skip reading and just do the exam

it gives a nice cert with a score

Thanks..
i just specifically wanted to ask him about the jobs as he's also doing a job i think while having eJPT(although way more experienced than i am) so i wanted to know how would that work out..

He did projects on the side

having eJPT can show your ability to learn further and your ability to undertake exams, challenges

And it's miles worth than ceh

^^

but OSCP is still overpowered as a cert...

mmhmm

which is kinda depressing to me

OSCP is a meme.

¯_(ツ)_/¯

it's like... both meme and not

Cybersec is just a meme

eLearn certs are the best, imo

OSCP is just a spicy CTF with a report

and happily I am required to only get them

SANS certs are cool

for any job

cisco 😳

It absolutely is a CTF with a report.

@fathom lake Cisco require all their employees to get CCNA, even the business side

If eLearn had any sense they'd give away PTP for a hundred bucks over the next two weeks and flood the market with an actual pentesting certificate.

I like that idea (I meant cisco, but both ideas are awesome)

^^

okay, here's the question

if OSCP is a CTF, why do people still fail it so much

and get the cert only from the second try

Because they learn the first try that they need to work on certain areas

Because CTF's don't have rules that purposely hamstring you for no real good reason.

¯_(ツ)_/¯

huh

No metasploit

No anything

Well, heavily restricted metasploit and tool use

1 use for metasploit

to be more specific

https://support.offensive-security.com/oscp-exam-guide/

@remote mauve No

You get to use it once.

In fairness, I can see their point in terms of teaching how things work without tools

Exploit handler as much as you want

But it would make a lot more sense to not use it in PWK

Exploit handler with a command shell

And allow it for the exam

one single target machine of your choice

Any way to stop status 303 (see other) redirection!

Hello eveyone!

@willow gate if you want to get job in PAK then go for CEH, OSCP, eWPT, eCPPT, OSCE, OSEE and related stuff.

People care more about what you can do rather than having certs. Having certs give you an edge!

Never compare yourself to others (that's rule #1 for me).

I got my first job when I was in school, not even high school. Things are different for everyone and not always the same.

Learn more, get practical experience that's what is required to nail the interview :))

Hope this help you!

Secondly I'm not doing a job anywhere ATM, I am just way more lazy and companies throw me out of their office whenever they see me on their front door. LOL ;)

You can't get a job by saying that you are #1 on THM platform @willow gate ;)

Thanks 🙂

curious what I would actually need for a pentest job? I have worked as a sysadmin(1yr), network engineer(6months) and a devops engineer(2months) I am working towards certs soon but everything i have seen gets shot down in one way or another. CEH sucks, eJPT is not recognized, security+ is only for DoD, oscp isn't needed for entry level.... like what does a guy actually do to get his resume through the front door? I want to have a plan in place that is applicable to gainful employment otherwise this is all just for fun.

@dim goblet you can still be someone who can hack the planet without having any certs.

What I've been doing till today is focusing onto learning more and more.

There were time when I applied for a Penetration Tester and got selected for the position of Malware Analyst.

You don't really know what's going to happen the next day. Build yourself up, do courses, take all the free courses from online add them to your CV.

In interview you can prove your technical knowledge and in an entry level engagement after your interview you can prove your practical knowledge.

Giac GPEN?

@warm hinge I'm a first year Cybersec+Forensics student on a BSc (Honours) course

Is obtaining an eJPT worth it?

Look at jobs in your area that you want to get

If they ask for eJPT, then eJPT is a good bed

I don't really know why people always talk about Certs and whether they are worth it or not.

In my opinion, when you are a fresher and new to the field always go for the entry level certs likes eJPT like I did it when I was in school 3 years ago. I never really did it to get a job!

Once your profile starts to build, you'll get jobs eventually. I actually didn't remembered when and where I would have applied for a job. I never had a CV to be really honest.

Companies called me up over my email/phone, asked me to come give an interview. Pretty simple.

Once you get more familiar with the stuff and have enough money then go for the CERTS which market demands like CEH, Pentest+, OSCP etc etc.

Obviously you simply can't go for SANS certification when you just started with Information Security. Most people know here what I'm talking about!

There is always a difference in!

• Entry Level Certs
• Intermediate Certs
• Advanced Certs

All these certs vary from field to field, choose wisely so you don't lose your precious time and money!

Yup. Certifications should be seen more as leverage at key points in your career (skilling-up in a profession, finding a job, building trust with a client, etc.). It depends on the context for when acquiring something like eJPT would be useful or not. You'd get the best answer to that from asking a recruiter or hiring manager.

FWIW I got eJPT mostly for myself. Acquiring certs is like a game to me and I had already confirmed with a technical recruiter friend at the time that the cert itself is not going to mean much, unlike something like OSCP. But I could use that cert as leverage to show that I was taking my career switch into infosec seriously since it puts some "skin in the game".

Is it unrealistic to go eJPT -> OSCP (pardon my ignorance)

it is realistic, why not?

if you study enough that can be good

I went eJPT -> OSCP… but I put in a lot of work. That path will be different for everyone.

😮

How long did you study for

How useful is C++ in the Cyber Security Industry.

?

Im looking into get a refresher in my C++ Skills.

@tender cove pivot over to C#

Why?

Windows

C# is huge on Windows

Java Applications are in the industry bigger then C#

If your end goal is red team

C# is a must

Thats not a reasonable answer

look

handicap yourself if you want

but go look at some red team apps

C# is a must
@languid hearth welp, better go learn c#

How about embedded Software?

Nobody is pentesting those?

lol

a large majority of them want knowledge of C#. A lot of AV evasion stuff is built on C#, .NET, C#, etc.

if you're one shotting on Phishing campaigns, you want zero risk of AV detection, so you should craft your own payloads and encoders

Anyone else?

If you want to relearn cpp, then relearn CPP

Take advice if you're given it though

(Bearing in mind you've had an answer from one of the guys who actually works in industry, you'd probably do well to listen to it)

For those of you that are ethical hackers n do it for a living did u have to do a lot of of social networking to be able to make a living or where u able to join apply for a company like any other normal it job. I’ve tried googling this but it doesn’t give me a definite answer

@warm hinge From the time I finished eJPT to passing the OSCP exam… about 5 months? But I wasn't studying full time

I also didn't put in a lot of time in the actual PWK labs… was practicing mostly through THM, HTB and through work

@cold plover I didn't do much networking (I assume you mean that in general and not social networking specifically, ie: reaching out to people just on Twitter or LI). I did get a lot of help from two technical recruiters though for reviewing my resume and certification path. Otherwise it was like applying for any other job (which is actually not normal to me since in the past I got most jobs through people I already knew)

This is specific to my bubble in Canada though. Everyone will luck out differently

@meager hazel thank you fir responding and taking time to educate me I appreciate it

I'm UK based and also didn't really network for my job. Just applied online and got an interview. I think this is not the norm though, and it always helps to know people, even for them to let you know about roles that are opening up so you don't have to search

I see thank you for your response

What languages are needed for cyber careers ?

@twilit bridge Like, Spanish etc or programming languages?

@quick forum yeah, programming languages

Python/bash are good to know

Enough JS that you can get by for XSS

really, if you can read code that's the best skill you can get

The structures are similar between like 90% of languages

ah right ok, thanks

we really need a bash scripting room

I think optional was planning on creating one

Yeah I've previously expressed an interest in doing that room, don't really have time on the schedule for maybe a month or so but if you guys wanna rush forward someone can pick it up

If I do it it will just be a bunch of sections on how to cut and paste parts of other scripts to make one epic frankenstein script.

how to correctly google bash scripts

hi everyone! 🙂

anyone can help me with smbmap error

Not in this chat.

#room-help

I need some opinions. I can get the Certified Network Security Specialist (CNSS) certification for cheap, but this will be my only certification (if you don't count bsc in IT service management and Ms in network forensics) and network security is not necessarily the direction I want to go in, although I do find some things interesting. Good idea or not?

Can't hurt to get it

well it's not that cheap and I want to come across more as a forensic and/or pentest guy than a security guy, that would be the hurt I guess

Isn't it free right now?

the course is free but the exam isn't

that's 75 pounds, however much that is in dollars

that's also the thing, it seems very much a UK thing

Oh right, well thats not too bad

I think it is very much UK, i never heard of it before

Well, no matter the cert, it shows that you learn on your own, and have initiative

true

And just because the cert isn't pentest or forensics, it shouldn't hurt your chances for a position

yeah you're right, thanks

Np

@wintry phoenix I just signed up for the eLearnSecurity PTS/eJPT. If you sign up for their Ethical Hacker Network site you get access to the barebones edition of their course for free and can decide then if you want to fork out for the labs and exam fee, which they'll give you a reduction for. @vapid quest gave a great review of the course/cert process here: https://www.youtube.com/watch?v=CmBeSsCn0zM

Ooh I didn't know about the barebones edition, that looks cool, thanks!

Yeah the barebones gives you access to the training material online on their site. They show you what you get when you sign up for the full experience if that's what you decide to do

Depending on your existing experience level you can get pretty far with Barebones itself

I can't really recommend the barebones version. It completely lacks context if you can't apply it in the lab environments. A newcomer to the field would struggle greatly with seeing the information but not having a controlled environment to put it in to gear.

^ while I agree completely, a lot of people looking to get entry level certs are students and sometimes on a tight budget, so that option helps a lot

For eJPT barebones is enough

^^ started that a couple days ago

I have a joplin note for it. But it's very light lol. A lot of the stuff i knew about

@remote mauve can you share that?

btw if someone looking to get the barebone version:

Yeah. Give me a few hours. I got some work that must be done. I'll get back to you

is C++ required for the eJPT exam?

or do they just put it in the course so you have a basic understanding of programming

https://www.reddit.com/r/eLearnSecurity/comments/ean928/programming_for_ejpt/

no it is not

okay, good

i was thinking i have more info but i just have these @willow gate

haven't taken extra notes as some of the information i found redundant for myself

information is information.. will be really helpful @remote mauve

please share whenver you can 🙂

here you go

it's very brief but it's what i needed

Thanks

I would never have passed that exam without the labs. I had no experience in any of this, and it was my first anything in pentesting.

@remote mauve saved that too <3

going through the labs right now, I know most things already

apart from C++ but you don't need that apparently

It didn't have anything in the exam about it

The programming section is mostly for exposure. Don't expect to run into it much on the actual exam

You mean I wasn't supposed to run my keylogger in hopes that I would get some sweet credentials?

Drats!

Best US city for pentesting?

North/South Carolina is pretty hot in terms of jobs

but, you go where you can get a job imo

I have worked in various networking and IT engineering positions and am considering taking online courses to fill in the gaps in my knowledge. I came across a diploma program at a community college a few hours away that is entirely online. I know its not all that descriptive but do you think it would be a good starting place to work into a pentesting position over the next two years? https://degrees.lsc.edu/wp-content/uploads/2020-Network-Administration-and-Cybersecurity-Diploma.pdf

I've heard so many people saying that before getting jobs in cyber sec, they started out with help desk jobs, later became sys admins or network admins and finally got a job in cyber sec. Is a path like this necessary? To elaborate, if you try to skip some of these steps, do you hurt your chances of getting a job in cyber sec? Also, those of you who work in this field, did you follow a similar path or something else?

Well i think the reason would be to afford or make some money while studying as well. if you can afford all that no need to work in help desk and other jobs. (Experience may be a good thing though) but other than that if you have the knowledge you will succeed and make your own path.

@cosmic ingot I don't think it's a necessary thing at all. Since you mentioned cyber sec, I'm just going to assume you mean pentester/red team type role given this platform. I've seen both perspectives take place with equal success. Personally, I started out as a database administrator and then moved into a system admin role. I leverage a lot of that experience to help me out with pentests/purple teaming. Someone who jumps straight into a one of those roles may have a bit of a disadvantage in the very beginning since they just need to learn more about enterprise-based technologies since a lot of pentest resources out there are flat networks. I think many people started out that way because there wasn't as many resources and job roles available back then. Many of these help desk/system admin roles in the past eventually evolved into the 'cyber' roles.

A lot of people start out that way because it gets their foot in the door. If you look at some job requirements, you'll see so many different requirements (certifications, degrees, experience, etc.). Working a help desk to get your foot in the door, and then taking on some tier 2/3 tasks helps build some of that experience. That's just my opinion as to why people may start out that route.

On the contrary, I think if someone was to get their OSCP/OSCE/GPEN, etc., complete their degree, and begin as an apprentice or junior pentester would be at an advantage; especially in a cleared (clearance) environment. The training and availability of resources is amazing now compared to what it was years ago. The only reason I mention the degree is just because in many environments it's a requirement that may be difficult to waive in some scenario's unfortunately.

@warm hinge I actually meant to ask about all roles, but I imagine that for some blue team roles especially, having some previous experience would be more important. Very valuable feedback, thanks

@cosmic ingot Yes you can skip those steps. Me personally have never worked on a boring ass helpdesk. Went straight to Junior cloud engineer

congrats fam!

And no i have not any degree

iam a dropout xD

@cosmic ingot for sure! System admin experience is really valuable in blue team/SOC roles. Especially when it comes to analytic-driven approaches and knowing how to analyze logs 😄

But you need to work your ass of to prove that you can do way more then picking up calls to help braindamaged people xD

@warm hinge That is true, you learn most of the time the basic fundamentals for security and the basics are a must to become something security related

I've worked in tech support so I know how it can be, but it's still an important and necessary job

this ^

It's really sucky at times, but it exposes you to a lot of valuable skills

Yeah it is a important job for the softskills but for me personally the softskill were already "great"

I've heard so many people saying that before getting jobs in cyber sec, they started out with help desk jobs, later became sys admins or network admins and finally got a job in cyber sec. Is a path like this necessary? To elaborate, if you try to skip some of these steps, do you hurt your chances of getting a job in cyber sec? Also, those of you who work in this field, did you follow a similar path or something else?
@cosmic ingot yup i've done something similar. if ou want to avoid service desk go for an apprenticeship

i picked up so many things i wasn't aware that i am capable off while being in service desk and that helped me a lot

^

depends on the type of IT support though, i've done internal

That's the exact route I took and it's valuable

so SQL, C#, powershell, python

I say took, I'm yet to get a cyber sec job (hopefully Tuesday pays off)

we are looking for people if you are interested

but it's more for a soc kind of position

oh for real?

yeah

i don't like it

Mhhhh

i wanna go for the pentesting route

Any chance you can send me a JD? 😮

let me see if there is anything on the website

Really neat

thanks man

dm?

but it's london based btw

Sure if you could

London is most ideal (:

I'm glad one of you changed colors because I was always getting your names mixed up (in compact view) lol

@remote mauve @quasi stream I'm really curious about something: when you leveled up from one role to the next, did you do it in the same company or did get hired by someone else?

3 times in the same company over 3.5 years

application support analyst ( apprenticeship)/ application support and cybersecurity analyst / information security analyst

i also got declined by deloitte for a junior role because i ain't qualified

now they are missing out.

Same company for me as well. Though my timescale is really compressed as it was a "sink or swim" kinda gig and I swam. 2 years apprenticeship where the first 4 months were helpdesk, rest were Jr. Sysadmin

I put in a real hard graft and landed on my feet to sling up to a Jr Sysad role there, though there were a fair bit of level 3 helpdesk work

Yeah. I was in a team of 4 supporting 200 ish people in 3 different timezones

And my team went down to 3

So i had to pick up infrastructure too, which gave me a good launching point

good on you both

I probably need to aim to bigger (in number of workers) companies for a better chance to find an apprenticeship

not really

what studies do you have

bigger doesn't mean better. you will have less exposure

soon getting a degree in information & electronics engineering, and I've also recently applied to a cybersecurity (3-month) program from another uni

^ good to know

hmm, then go for a level 5 apprenticeship

Yes I agree

QA offer degree apprenticeships

It's a double-edged sword

fireeye training too

qa?

yes

https://qa.com

I mean what does it stand for

oh thanks

no problemo

just don't go for level 4

they are bad. very bad.

like bad bad

Bigger companies = more opportunities but damn you don't scale well at alll

I'll take your word for it 😆

like below sea level bad

@quasi stream you mean you might be stuck in the same role for a longer time?

Yeah imho it's level 3 -> level 5

i've done 3>4

but not mandatory to do level 3 and 4

also, a lot of organizations offer entry level opportunities where they will upskill you

not necessarily the exact same role, but more the area / department @cosmic ingot from what I've heard from my peers +

like KPMG, deloitte

my gf is an auditor and she got a job as an auditor after finishing a psychology degree

honestly in my country, the only job openings I've seen for entry-level roles were from deloitte, nearly everyone else were looking for more qualified people

where about are you based?

greece

oh, alright

yeah, deloitte do these kind of things

although once I finish my studies, I'd happily move

most of big 4 do it

so have a look online for something that suits you

uk has a lot of possibilities

especially for IT in general and it's quite good with foreigners, the only downside is that rent is darn expensive

yeah I've heard

I'll keep looking until I get my degree

netherlands is quite good as well on infosec

👀

you can always go online and do stuff on upwork and other places

i don't speak dutch, sorry

that's good to hear, I'm dutch and looking for a job right now

do you know any companies in particular?

yeah, you guys have a lot of stuff available on the market

@wintry phoenix Deloitte, they're pretty big in the Netherlands

just google, glassdoor, linkedin

yeah doing that, dw :P

the netherlands sound great honestly

is it true you're also great people? 😛

I have a friend who just finished a work placement there

uhh, you judge lol

really good opportunities from what I've heard

@wintry phoenix lol, looking forward to it 😆

I'll def look into something like that @quasi stream

(once I figure out my damn thesis lol)

@remote mauve when you said fireeye training you mean this? https://www.fireeye.com/services/training/schedule.html

yesss ^

fireeeye are very very good

@cursive shale I'm seeing a really good forensics position there actually 👌

bruh I wish I could lol

just looked at some price tags

Yeah they're fairly corporate focused shall we say aha

the good thing is even here in greece there are a few companies that flat out say they'll pay for this stuff for you, in job postings

they are

they offer apprenticeships

is it true you're also great people? 😛
@cosmic ingot Ill hope so iam from the netherlands 🙂

The netherlands have alot of interns available they would love to pay for your trainings xD

I'll Def look there too, along with the UK

It would be awesome

The netherlands is pretty expensive in comparance with Greece tho

Byt yeah you will get a great salary for that

xD

So problem solved

Only getting a house here is a pain

@edgy tiger I probably won't move there unless I'm set in terms of work and housing

I don't think that renting something and then start searching is practical in any case

Some employers (in general) help you find a home AFAIK, but I might need to be lucky for that

@cosmic ingot I know but it is handy to know tho✌️

You could ask the company to help you to find a place

Most of them would do that

@edgy tiger you have any more information on salaries for pentesters in NL? I'm getting dramatically confusing information

Glassdoor is your best bet @hasty geyser

I'm looking into it too

Yeh I'm trying to do this without having to make an account anywhere. I'm very far from actually looking for a job in this market so am just trying to figure out if it's even a career switch I'd want to make (from being a senior dev rn)

But seeing avg salary quotes from like 3k EUR to 6k EUR going, so it's hard to see what's actually legit

An account on Glassdoor is good to have

Gives you some good insight into companies and opinions of their employees

Ah yeh, might be worth at least registering for

Their salary indications seem very low tho

@hasty geyser 3K to 6K seems like a good baseline

don't forget that government and commercial business pay outs are rather spaced apart here...

Ah yeah that's fair

and don't forget.. it's easier to get in at the government with this than at a business.. but tbf its pretty hard to find people into infosec around here I guess

Yeh, not sure I'd ever be interested in working for the government tho

But it's good to know

I think it's a good stepping stone esp. when you're new in it.. and there are a few interesting jobs

Right, yeah fair enough. I'm struggling a little with the initial paycut, going from a senior engineer to most likely a junior pentester :p

look https://werkenbijdefensie.nl/vacatures/militaire-vacatures/cyber-reservist-red-team-pentesting-e5899 <-- I'd say that would be really interesting (.. to do next to your own job)

maybe don't do the whole 180 degrees... but move slowly towards it.. maybe something like devops -> devsecops (it's a thing apparently) -> soc -> pentesting

Yeh, I'm freelancing rn so I can probably move about as slowly as I want

oh and btw.. we both know that 'senior' doesn't says a lot here.. some companies they'll make you a 'senior' in 2 years 😛

And just spend a year studying before ever having to do make money from it

Haha, true

I've worked with some terrible seniors

Can I pm ye? @hasty geyser

Yeh ofc

Does anybody work as a penetration tester? And do you think you have a good quality of life? That being enough money flow and relatively easy finding work?

hours are inconsistent if you're hourly, work comes in demand

^

Do you hop from company to company or do you work for one company for a long period of time?

For me, I find jobs in my area easily due to company policies that they get their security checked monthly by multiple external sources, i.e me

stay for a year or two then leave

I typically hop.

I’m just wondering if it would be a good job to peruse because I’d love a career in cyber security

im about 7 months in and am close to leaving

Honestly I love it.

There's more to cybersec than pentest tho

^^^

you want a salary based job for your quality of life to be good tbh

Pentesting is just something I do.

Gnomed what would your general work be aimed at? Like what would you do from day to day

I work the night shift at a NOC

Or N3ko either of you as you seem to have different Povs

I do blue team salary and pentesting hourly

My general work is aimed at the places where attackers typically go to, where money can be made. Data centers and etc.

Security, really.

some days I might do 9-10 hours, others I might do 1-2

it highly depends for moi

I monitor network security of about 10 clients constantly, and on my night shifts I monitor connections and shells.

I get about 4-5 unwanted connections every night, but there are those days that people try.

So what exactly are you working in Gnomed?

I’m struggling to follow what exactly you do 😂

Honestly at this point, everything I can.

Alright, so I pentest when I can, I do security research from time to time, but I work at a NOC for a data center in my state.

I've even confused myself at this point.

Haha I’m following

Thank god because my mind just ran a huge circle.

Would you message companies asking if they need work or do you just look around and see who’s offering (or both aha)

Both.

I typically message them, but there are few clients that come to me through my email.

Either referred by another person or company, or I get calls from them.

If you don’t mind me asking, what degree do you have?

My highest?

Just in general

So like

Uhhh

Sorry my brain has stopped working

I have my OSCP, LPT

And if you were going to explain that to someone who has no clue on what you mean 😂

Alright haha fair.

Did you go into college dry? Or did you do stuff in Highschool or what ever

I did stuff in high school.

Ah

I started in middle school actually, messing with my school from time to time.

I messed with my school and got suspended for a week

Ha

That’s sick

Yeah it's fun

Just to mess around sometimes.

*illegal

Rule 9 here lads

My bad.

Just be careful

Sorry

The coolest thing I did was change the date using python

LOL

Haha

I could’ve done more but I didn’t want to go to far hah

I've done quite a bit with python scripts that I can't go into depth here because of that rule 9

But that's just when I was messing around

I ended up actually helping my school upgrade their security.

That’s insane

I always reported whatever issue I found because I’m such a good child 🤨

Just because some "anonymous" attacker changed the grades.

I mean I took them out of a pit of vulns

Vulns= vulnerability?

Yes

I found a bluetooth exploit that got me access to the IT head's station and I took his rsa keys to the server as a PoC hack

That was when I was in 8th I believe

Don’t know what that is but sounds insane and helpful

I had permission to do so because the IT team was cocky

Proof of concept

My brother got his account suspended at school and he was shouted at by the IT technicians because he found a way to access command prompt

Then I did it and they rewarded me with a “go back to class”

Haha

Do you guys want to do a simple KoTH? Maybe food, since it's kinda easy.

Food was meant to be easyish, so good

^ yes

Sorry but what is KoTH

King of the hill

Can I get that offer for some other time aha, I’m kinda just vibing

https://tryhackme.com/games/koth

^

Oh I don’t got a member ship lol

You don't need a membership

Don't need to be a subscriber

e.e

Member ship is only for hosting private rooms right?

Nope

Still can host without being a subscriber

Nope, it also grants you access to more rooms, games, etc

Ah

Basically unlocks the whole page for your learning needs

Ah

So you can't access specific boxes, only random.

That's still fun.

I still need to try lion out.

And carnage

I’ll subscribe when I feel like I’m finally comfortable with handling Linux and getting into standard boxes

carnage is a fun one @warm hinge ;)

Wanna give me a little background?

🙊

:0

I'll enjoy it when I get to it then.

Anyways thanks Gnomed and N3ko for answering my questions :) definitely feel more comfortable with my career

2>> /dev/null

No problem

Ninja you’re omniscient how are you everywhere and nowhere

I have unreads on on this server

Haha

voice-chat

Ninja is a Human Bot

no bulli

@warm hinge no? because computer science is on computer science and not strictly pentesting?

it would actually look better for you to get certs because it shows you have an interest outside of uni

^

Agreed.

yes purely for the fact it shows you have an interest out of uni

although there are lots of ways you can do that without certs

All the jobs by me want OSCP or equivalent AND a degree

^^^^^^

I would go on the road to OSCP with a degree

I have, finally, but yeah.

OSCP, GPEN, etc

LTP

none of the jobs i applied to wanted certs but i had other things to show off, imo certs are the easiest way to show you care about things outside of uni

LPT***

Pentest+ also looks pretty good.

that would be 🙂

I started with an internship at a data plant monitoring security and reviewing reports.

I wish my school had electives that had to do with computers lol

Hey guys is it worth saving money for OSCP?

It seems really expensive...

my OSCP got me my 70k a year job

so yeah, its worth the investment

Mind explaining what an OSCP, i looked it up and it said it was like something about a protocol

thats OCSP

https://www.offensive-security.com/pwk-oscp/

Oh okay

my OSCP got me my 70k a year job
@languid hearth That certification alone landed you a 70K? I remember you said something about networking with people and getting recommendation later on.

connections helped for first job, not second @glacial hinge

Connections are always useful when looking for work

connections helped for first job, not second @glacial hinge
@languid hearth That's so cool though, can you share the experience if you don't mind?

the experience for me was I blasted my resume to a bunch of companies

i forgot I applied to this one

and was like

o cool

70k a year? Damn @languid hearth

What company are you in?

And what position?

blue team, can't disclose any further

That's really cool.

I'm more on the red team side of things, but blue team seems fun.

What I mean by more on the read team is that I physically try exploit facilities in order to achive my goal if I can't do so remotely.

Hi, just kinda need some general advise on getting into pentesting. I'm super new just been doing some research on my own but I really enjoy it and would like to get into it eventually as a job. I'm wondering what are some things I should look into specifically and what certifications I should look at getting. Also feel free to message me!

I can say that im on the more fun side of the blue team. Not necessarily SoC work

Is the website (tryhackme) a good place to learn and to achieve a job like yours? (Sorry for my bad english)

Sure it seems like it from what I've seen @tropic roost

I asked that question because there's so many ressources online that may be more usefull for a specific field

Well you can do both

Like learn from those resources you found and apply them in THM

Since THM is more of a lab where you can hone your skills practically

Alongside OSCP in the UK and a degree in cybersec, any other certs people would recommend for entry level?

Security+ and CISSP

CISSP is management

It also requires experience

Yes.

Experience != entry level.

i wish some of these recruiters would realize that...entry-level cyber security jobs that require 3-5 years of experience and 5 certs...aren't entry level

Most of the entry level positions seem to be OSCP/Equiv + Degree

depends on your budget lol

https://www.crest-approved.org/professional-qualifications/crest-exams/index.html

this is also something looked at by a lot of organisations

Specifically what from crest?

RPT

i mean, do you want me to send what i had from deloitte?

£395 plus vat isn't a lot

Compared to OSCP at least

OSCP or Crest certifications such as CCT or CRT

CTM, CREST or QSTM

depends on the place

RPT seems to be 2 years experience?

Some like the CCNA qualification

F I didn't want to go back to school for 4 years but it looks like I might have to.

Hey, i know this server isn't for.that kind of stuff but lemme try.

1. Can anyone tell me if they know any good books on security or physical security and cyber security.
2. is Asis International certification legit? I mean they are legit but are they accepted when applying for job ? Tnx in advance and sorry again if someone is bother from message.
   If anyone can suggest me something pls dm me cause i'm probably not gonna see it here. Tnx again

@visual badge as for 2, search on LinkedIn. I've never heard of it before, so likely not. For 1, lemme go find a book

and peep this book.
https://www.amazon.com/dp/0470747617/ref=cm_sw_r_other_apa_i_SJv1EbR689P3T
Pinging again cuz I don't want to DM @visual badge

OSCP book is pretty good to start with from a first glance

@visual badge

It teaches you the basics of Kali Linux basically

@visual badge as for 2, search on LinkedIn. I've never heard of it before, so likely not. For 1, lemme go find a book
@languid hearth
Ye i get that for 2. but they are like old security menagment company ( from 1955 year ) Soo i though it would be like good cert

Well also some advanced stuff but didn't check it out... I'm only a noob

and @languid hearth tnx for book i will check it out if there is.maybe pdf version.. but anyways thanks

I can give you the OSCP PDF if you want noman

and @tepid olive tnx you to

if it is.easy to find.you don't have to tnx

No distributing copyrighted material please @tepid olive.

Oh ok Roger that sorry xD

Thanks (:

any ways, if someone has some other books pls ping me or dm me tnx

@visual badge come to the #bookclub channel and look around a bit, also if you're looking for something a little more specific you can ask

hah tnx i didn't saw there was bookclub. tnx for.that

A lot of these job openings are kind of insane. They remind me of development job openings 10 years ago. Needing a CISA cert to get an entry level position is ridiculous

@hasty geyser noone stops you from applying even if you don't meet the qualifications, in fact some people suggest it

I agree

I'm just doing research tho

And it's silly

Most Cybersec jobs - We want you to know at least 5+ programming languages, have MD in Computer Science, at least 2 advanced Certs - 3-6 years of experience - starting salary $75,000

Memedat

Austin Tx it’s pretty good herep

We have IBM, Dell, Apple is building a new mega campus, they already have one close to my house

“ “Building the Mac Pro, Apple's most powerful device ever, in Austin is both a point of pride and a testament to the enduring power of American ingenuity,” said Tim Cook, Apple's CEO.”

Gibsmedat

It’s just the HR isn’t qualified

They’ll write completely unrealistic experience expectations and qualifications then post a salary $50,000 dollars underpaid for the level of skill and experience they ask for, and that is just a slight dramatization

yes but in the east coast we have all of the specialized cybersec teams that just do penetration testing for other companies so they have more experience and so its not just hr guys from big companies making it up

That’s legit, usually the big companies like IBM and Dell don’t do that BS but I see a lot of independent and start ups that don’t know what to look for or how much those skills are worth

I’m too noob for cybersec but i’m taking my A+ exam this weekend

I’ve seen some jobs for A+ saying starting at $12.50 💩

I’ll need at least $20

Mfkaz

I already at $15

A+ is a good entry cert for help desk positions. You can always go that route and work your way up.

Yeah i’m just doing it for experience, I tried hacking a while back and didnt know about ports, protocols, really anything, now that i’m wrapping up A+ I can fix my system unit and troubleshoot, also set up my router/modem the other day without tech support, had to remove network adapters, update NIC after uninstalling it, Netsh to reset IPs in cmd prompt then it was good

Nice 🙂

Yep it was no fun lol

I watched a video a while back from Wraith I think, he said if you don’t know ports, subnetting and protocols etc go get A+ and Net+ then come back to try hacking

Now I know the protocols and ports for the most part if I see them and their names

Still a network noob though 😭

i've just finished and passed CEH cert. Still have a lot of things to learn. I'm trying to change my life to cybersec pentest path (currently SOC Analyst in VietNam). Just let you know that i'm very happy today. cheers

Cool

thank you 🙂

Are you going for oscp soon

I guess

i'm aiming for ECSA

Idk what that is

O

I want to get the CySA from CompTIA just because where I currently work they have positions for it

another cert from ECCouncil

CySA, CASP, CISSP

right

that's more about compliance things

The CISSP right

yeah

I know I don’t want to do management

I'm kind of person want to work in Outsource company

pentest for others

Just planning on CySA then pivoting into getting enough experience for OSCP, CySA just for the money since it’s open for me

so cert with more practice is more suitable for me

good luck on you mahn

Thanks

Congrats on your cert

thanks 😄

yo @pearl vapor mind if i ask you what kind of questions did you get as you've done the cert very recently

how much of the exam was around nmap /wireshark/ legislation etc

if you don't mind me asking

O now that you showed up with eJPT how was it, I got the $100 dollar off discount for it

@remote mauve

there are a few of us that have it

really fun exam @warm hinge

if you've done blue a few times you should be good to go

I have been pondering it for months but i’m taking my A+ exams this weekend

No I am a total noob

no, like the room blue

i just said f* it and just done it in a week lool

Idk if I have enough experience

eJPT is quite easy compared to eCCPT

by quite i mean very easy

The most experience I have is honestly from my 6 days doing tryhackme rooms

there's no BOF

well, focus on the hydra, SQLMap and Blue rooms and you should be quite confident afterwards

K, realistically I should finish the beginner path first right

I’ll make a note of that

😉

good luck though

K thanks

feel free to ping me in one of the channels if you need advice in regards to it

I’ll take on Blue after my beginner path I guess

Thank you

no problemo

@remote mauve is it really that easy? I thought about maybe skipping it, but the next certs in the path/ladder are (I think) a lot more difficult, and quite more expensive too

yeah, they are, it's quite easy @cosmic ingot

worth a shot though

@remote mauve well, since the exam is practical, I was at least hoping it will help me get some interviews, but we'll see I guess

I was thinking of buying the full package (not elite) and making the most of the material until I'm ready for the exam some time later this year (because I have exams right now)

i'm not sure it has the same weighting as Offensive Security for now

nah, you don't need the full material for eJPT

but definitely for eCCPT

it definitely doesn't afaik, but those things are both very difficult and expensive

eJPT is not

you get the course material for free

check #resources

yeah I know, the reason I wanted to get full is for the labs

and for the exam it's like £230

not worth for that exam

you have most of the stuff covered over here

I've heard other people say that too so I'll take your word for it

it's not like I'm heading in dry, I'm doing a lot of wax on/ wax off

yeah, so anything that has to do with hydra, sqlmap, blue should be more than enough

so if you are comfortable with those 3 you should be good

when you say blue, you mean the room? metasploit etc?

and know how to set up routing

yes

that specific exploit.

can you elaborate on the routing part?

thanks for the info

know how to add a route to your kali from x to y

sudo add route x x x

route add?

that one ye

there are a few ways of doing it

add isn't a program, chevvy

you can either edit a file on you kali, metasploit autoroute, and route add

dude

my brain is melting from this horrific task

go ahead and remove that role @quick forum

7hours of what?

that's how much time i spent in damn packet tracer

oof

and it's barely 50% done

what are you working on?

so, excuse my stupidity but i got a valid reason why

it's my end point assessment from my apprenticeship

so, like an exam

which supposedly i need to spend 37.5 hours on. but screw that lol

Wait

Isn't that just the simulated time of packet tracer

no

it's my actual time

Like you can skip to different times for different elements

yeah, but that's not skipped

i'm still configuring stuff out

or test routing time

ahh

big yikes

oh, tell me more

i just figured out in the morning i need to provide reasoning for what i am doing

oh man

pro tip:

which lead me to 4 hours going through answers and providing that

en for enable, conf t for configure, int for interface

i do that

saves you so much time

ah

or just tab it

yuisss

i've been using it for a while

There's people in my year who STILL type out the full hand for commands like

i know how much of a good piece of software Packet Tracer is

really helpful on the job

yesss

I love packet tracer

as much as you can anyway 😛

do you know how to make the holy hoop?

I do, if anyone's interested lol

that's what people supporting packet tracer should wear lol

@remote mauve , how do I get the eJPT material for free? I searched #resources but not finding anything

https://discordapp.com/channels/521382216299839518/554713196804440101/695686660762894387

search for PTS @cosmic ingot

ahh ty fam

no problemo

What is eCCPT

Nvm found on elearn website it’s eCPPT, thought the cert would be ePTP

@warm hinge Nah, course is called PTP, and the respective certification is eCPPT

https://www.elearnsecurity.com/course/penetration_testing/enroll/

I'm looking to do some smaller courses whilst i save back up for OSCP, what would u guys recommend? I've had a very very quick look at CompTIA and eJPT what have u guys found the best?

@forest knoll the ejpt course you can get for free, also if you're not talking strictly courses that lead to certificates, I would also suggest TCM's pentesting course, it's great

OOooo free doesn't sound bad at all! I'd like ones that ideally lead to Certs as I will using them with work. Think I may have TCMs course tbf

@cosmic ingot eJPT barebone?

Yes

i am working on that one... started a few days ago but didnt get to do much

How are the tests generally set up?

@forest knoll keep searching in this channel, some members have suggested a few more but I haven't kept a note of everything

you got a 3 day exam to get the cert

How do I get that invite?

How do I get that invite?
@quick forum for eJPT?

search PTS in the #resources

elearnsecurity.com/secured/ehnptsfree

^ This is the link just signup

I got it just yesterday, and then got an email with a 100$ off offer on both of the upgrades

On top of the current discount

Yeah but you need the account for it

And I can't create the account

Ah I had the same problem

What error are you getting?

Ok, seem to have done it now

I'm going for the ejpt sometime during summer, it will be really cheap with the barebones tier

barebones should be enough

i think just the exam voucher is for 200$?

something like that

if you are in the US

if you are in any country you get taxed

@remote mauve So barebones is the training material and then you pay for the exam?

yes

Bruh I seriously hope you're wrong

Let me check the prices again

you can pull up a sneaky and ask neko for his address and then you won't pay the tax @quick forum

i am not @cosmic ingot

it's after you go through your basket

@remote mauve how much is the extra charge on top of the 200 I'm seeing now? Also, do you know what this means?

if you have a business you would get that

i think it's like 40

not sure

alright, so no

@remote mauve if I put in my number even if I don't have a business, will I still get a better price?

yeah, atm it's adding 48$ on top of the original 200$

that's vat number

it's different @cosmic ingot

i think it sounds about right with how much i paid

@cosmic ingot how do you get the ejpt for free?

You don't get the cert

Just the "barebones" material

Yep, there is a post in resources that says how (we probably need to pin it)

You create an account in elearnsecurity and login with that in another site

ah. ill dig around for a bit and see if i can find it. that would be a good pin though. its the most common cert i hear of in here other then the oscp

https://www.ethicalhacker.net/register/

Here

i need to get some certs bc the state funding i was applying for is denying my funding for a cyber secdegree, claiming it is not an in demand or growing field... ejpt may be a good starting point considering the price

$250 or $200 or so plus tax IIRC

wow I paid $399 last week

I mean I'm going by memory

I think some people were getting a $100 off voucher

I've been going through the free eJPT lessons today, they seem well structed and alright tbf. (U have to pay for the test)

the labs are honestly the most important part

all the other info u can find online

imo

indeed.com for all of the united states only lists one job with ejpt lol

@quick forum do you remember anyone getting a discount on the exam voucher alone? because yesterday I got the barebones edition for free, and later I got an email with a 100$ off discount but only for a plan upgrade I think, i.e. moving from barebones to full or elite

@warm hinge a lot of people are saying that for the ejpt specifically, the barebones edition is enough

I mean I thought that's what we were talking about

nah I didn't see anything like that, but I'll give it another look today

I was talking about your upgrade

oh, sorry

I didn't know what the discount was on

no way am I upgrading though

Chev told me just about everything I need for that exam and I can get enough practice on thm alone tbh

@dim goblet that's true, it's nowhere near as popular as the oscp, but it's quickly gaining popularity I think

if going for an entry level job, as i am, wouldn't it make more sense to start with a security+?

ceh was listed pretty high as well

CEH is regarded as a meme cert outside of US DoD

@cosmic ingot for me if I can’t apply what I’m learning it flies out my head pretty fast, so to me the labs are important

@dim goblet it would make more sense to look for job openings (as you've been doing) and look at what certs they ask for

@warm hinge oh definitely, you're 100% right on that and it's the same for everyone

the thing is, it's basic stuff, and you can practice a lot on THM for example

but you do whatever works for you of course, I wish you the best of luck anyway 🙂

screw it i quit /s

don't, lol

infosec can get overwhelming but if you think that it's the right field for you, you can make it

/s means sarcasm

I know, just offering my honest opinion anyway

Can i ask a question ?

Do udemy gives real certificate of security+ ?

No

Udemy is courses

Or we have to give exam from other site ?

Sec+ is delivered through comptia

Oh

But when are the exams ?

You book them

@blissful notch https://www.comptia.org/certifications/security

@quick forum what do you recommend for certs?

@rigid remnant

1. Why ask poor James specifically?..
2. He'll be asleep

is it allowed to post a job offer? my company is searching for a network engineer ( not directly linked to sec though )

@gray reef will probably be able to answer that

Channel topic says postings, so I'll say yes @minor cypress 🙂

I wanted to be sure 🙂 thank !

@rigid remnant Still want an answer?

If Dark disagrees, I'll take responsibility for it 🙂

go for it!

I consider this fair game, I'll eventually make a weekly job posting thread on our subreddit ❤️

We exist to train people and help them get jobs anyhow haha

itll gain more reach on discord tho