#cyber-and-careers

As I've said all the way through

What about european defence departments?

That will massively vary by country

But CEH is still a waste of money

Ok thank you

I was really into that cert, you helped me a lot !

The only good way to work out what certs you should get is to look at what jobs are asking for

If CEH was a place on the Monopoly board, it would be in the location where you go straight to jail, and not through start, and you don't collect the money.

Figuratively speaking, it means in an interview you would fail miserably.

What do you think about comptia + sec

?

Sec+ is quite well regarded as an entry level cert IIRC?

yep

it's bare minimum if you want to get into Security

Although you can do certs higher up the chain

SSCP from ISC2 might be a better option

well, not to argue with the experts here, and again, I am not one. BUT, from what I am reading, CEH is one of the top requested certs on job boards. https://www.springboard.com/blog/cybersecurity-certifications/ https://www.forbes.com/sites/louiscolumbus/2019/08/28/top-10-most-popular-cybersecurity-certifications-in-2019/#2ce2f262360e

Maybe it is not a well respected cert in the industry, but the HR and management teams seem to say they want to see it......

It's not a good cert.

Sure, that's true, but it's only because a lot of places want to be DOD compliant because Gov Contracts are big cash money

If you have the money for it - you should take OSCP

if you have OSCP - take CEH then

Outside of the US, extra bad

Because then you don't have to care about the US DoD

For a Security Analyst job, CEH as foundational level is okay. For Offensive oriented jobs, it is not sufficient.

OSCP will get you further knowledge wise than the CEH ever will.

I checked

Since there are way more Blue Team jobs than Red Team jobs, it statistically makes sense that CEH will be in the Top 10 of most requested.

In Europe are a lot of companies that requires certs from dod

wat

they should require CREST

DoD don't issue cybersec certs @warm hinge

From dod scheme I mean

look

if you want to handicap yourself, that's fine

Dod 8570

as someone who works in the industry, I highly suggest you don't go for the CEH.

I won’t

I understood , just saying

@languid hearth Free cert is a free cert, right?

yep

free cert is a free cert

It won't hinder me hopefully if I get offered it

kekw

Just get CompTIA A+ and be done with it 😄

tech support how may I help you

I worked support for 1 2 years (according to my linkedin)

Tech support is god aweful, the fight against the ticket queue is instant PTSD level fear.

I'm not going back

At my first job in the 80s we only had IBM AS-400 mainframe and Unix, so at least I did not have to deal with Windows OS yet. 😄

But count yourself lucky to not have to learn RunJCL and COBOL.

Hey, big demand for COBOL devs

Probably because they died out with the dinosaurs

They did, I was never a developer, or I'd be dead too long ago.

TIL:
https://www.mcafeeinstitute.com/collections/board-certifications

That is a lot of certifications.

Hugely discounted as well 😄

Or as the English would say, Massively!

Oh, they're just taking the Udemy approach

Certified Workplace Violence and Threat Specialist (WVTS)

Chuck Norris to the rescue

The Udemy approach is so stupid because some people actually pay 100$ for a 5$ course

Udemy is the Packt Publishing of courses, a lot of monthly content, but the majority of it is mediocre.

kekw

At the other end there is SANS, which ask 6000 for a single course, and that does not include the exam. Albeit, the content is top quality.

but sans is the most well known even to people who know nothing about the field it is somewhat about the name but they also are high quality unlike your random dude on Udemy who wanted to make a quick buck

Yes, SANS is top of the line in quality content and quality instructors.

I better go do another room to keep my braincells moving. Adios!

o/

don’t know if that was a high five or a smack upside the head to get back to work

Consider it as both

Hopefully things come to fruition from today

Got contacted by multiple recruiters and had an hour long phone call with a Senior Executive

Aww nice!

Good luck

Thanks

The SE is waiting on my resume but ive been trying to tweak it lol

If a senior exec spent an hour with you, that is a really good sign. Good Luck

Alumni connection but I dont expect a job out of it because legally he isnt allowed to tamper

CEH is a entry level cert, but to go forward if you like EC council as a vendor the CEH practical exam. Comp tia also has PenTest +. But GIAC and iSc2 certs are super pricey

CEH is just badly regarded outside of DoD though, unless they overhaul it that's not going to change

It’s bad because of no practicality?

Talk to Spooks

How would talking to people who definitely dont exist and are made up help? 😛

Spopy

Bananaisu

I could sit LPT today and be dissatisfied with it.

6 hours for 3 challenges (each) on 3 machines

I could sit Sec+ today.... and probably fail

lol

I actually dont know how I would do. So far its just been a review of my degree

• Previously approved * - Not directly related to Cyber but great opportunity to travel and practice networking, we are looking for a Lead Installer based in EU: https://www.guesttek.com/lead-installer/

eLearnSec compares becoming a complete pentester to acquiring the infinity gauntlet

You have my attention

hahaha

I got a free invite to the eLearn course I will check it out

hey guys , im currently a computer science student close to getting his degree. For a while now i have been really interested in pentesting and cyber security. I was wondering, at what point do you know you are ready to start the oscp course?

@pale burrow you can take it when ever, but it’s recommended to have some networking, Linux, scripting understanding

i see, the thing is have those. I just really cant choose between start it now, and try rush it during summer vacation, or wait till after my degree in computer science( next schoolyear is my last year before im done)

Never rush any form of study, too much information to take in and especially penetration testing

thats good advice. perhaps I could spend my summer getting an easier certifcate, to start out with? something in the same direction only less hard, as a introduction?

Are on either platform tryhackme or htb?

on tryhackme yeah

Keep on at it it’s the best prepare

that was definitly the plan 😉

It’s your best bet and cheaper than any class out there

but ive wasted some years during college, so ill be older than the regular people when they get their degree. so i would love to have atleast one extra certificate, something else to show for

Remember, you have to buy PWK to get OSCP

PWK is meant to be really good

so pwk is the course, and oscp the certificate right?

Correct

You get the course for however long you pay for

Some lab time, big documents with the course materials

yeah so if im correct, its not a good idea to take the pwk course, if im not sure i will have enough time to immedietly follow it up with taking the oscp exam?

You have to take the PWK course

You can't just take the exam

Yes i know, sorry english is not my native language

i meant as, its not smart to split them up

You really have to be focus and set time aside

It's impossible to split them up

You pay for PWK and then you can take the exam

ok that answers it then. I dont think i can complete everything during this summer, so it will have to wait till i have my cs degree

I am working on my masters degree and I don’t have time for certifications really have to dedicate time

thx for the good answers

tbh certs will do you more good than a masters

yeah the thing is, in belgium, the school im at , the degree is valuable here. the courses are very practical and relativly up to date. with the time i have invested im not gonna end it now, when i have the degree in 1 year 😄 Ive only recently shifted my focus from becoming a programmer to wanting to become pentester so yeah. If i had know everything I wanted to do now, when i was 18. my path would look very different ^^

but i guess thats life haha

tbh certs will do you more good than a masters
@languid hearth I know, but all depends where you work etc

yeah the thing is, in belgium, the school im at , the degree is valuable here. the courses are very practical and relativly up to date. with the time i have invested im not gonna end it now, when i have the degree in 1 year 😄 Ive only recently shifted my focus from becoming a programmer to wanting to become pentester so yeah. If i had know everything I wanted to do now, when i was 18. my path would look very different ^^
@pale burrow programming will help you as a pen tester

Thats nice to hear 😁 i got a really good score on my python exam so, i know that will come in handy

Absolutely

Is anyone here currently doing their PTS course?

@warm hinge i just finished it a week ago.

They just updated the PTX course

Anyone know what a Payload Rack Officer is?

never heard of it befote

Yeah a recruiter just called and asked if i was interested

Its at NASA and it supports the ISS thats all i know

Ill call him back a little later

oh awesome I just found an hour long interview with a PRO

Yeah after watching that interview still dont know what a PRO does

So... they're a Professional PRO?

I think the official title is Marshall PRO

Update: Recruiter and I decided it probably wasnt the best position for me given my career goals

Did you work out what it is yet?

Kind of

You control the experiments on the ISS. So anything that falls under payload you schedule and carry out the operations on the schedule

@nocturne dune How did you you with the c++ socket programming section?

When looking for a person in the inside of a company that is owned by another company do you look for someone at the parent company? When you click apply it brings you to the parent companies job portal

you look for the company they work for

so if I work for a subsidiary of google

you look for the subsidiary that I work for

not Google

a lot of it's played out by it's internal AD structure

but for the most part, you're looking for the subsidiary

Even if you are brought to the parent companies job Portal?

The company is SAVA and the parent is Akima. Can't find any recruiters from SAVA as well

you likely wont find recruiters. they're typically contractors.

by a quick glance, they're government contractors. that definitely doesn't help :u

Yeah I know

I'm just trying to put a face to my resume

Attach a picture of a moose to it

OSINT in the age of job hunting

You look and find an internal advocate

your best bet is to try to google dork yourself an email address by "flast@"

or something

You ask for a brief phone call to learn more about the job and the company

Tell them you are Jack Bauer, and ask in an abrasive way: "Who do you work for!?"

Hi!

Pen testing an application. I am able to put some javascript xss code in a json page

Any chance in exploiting this like in a real xss

Browser wont parse the javascript code since content type header says text/json

that's down to you to decide tbh

depends on the browser tbh

hi

Henlo 👋

does anyone here have experience with the pentesting/cybersecurity field in japan? I'm curious about it and heard that it's rare and very difficult but looking to see more opinions or anecdotes on it

@kind trench The only thing I have heard from Japan is like the local defcon japan groups I would look into that or bsides japan to get an understanding of the job market in japan

hey guys i really could use some pointers at some cheaper certs i can get that will count on your resume anyone got a good one for me goal is OSCP and more.(hope this is the good chat or ninja will attack me D:)

@hardy robin https://www.elearnsecurity.com/certification/ejpt/ the eJPT is one of the most affordable ones, but check the rest as well

You can also get the barebone version for eJPT and go for the exam voucher for 200$ exluding tax

thank you i will look into it much lovee

greeting y'all! I'm a High School Junior who is inspiring to in the Cyber Security field. I have basic coding skill, but I don't know where to get a proper start! I am grateful for any helps and advices I could get as a complete beginner!

Well you’re in the right place to get started was there anything in particular that you wanted to know about or get advice with @cloud forge

hey thank you for replying! I know that doing would be the best way to learn something, so is there any particular advices you would want to give for an absolute beginner in the field?

If you want to do something and get hands on then I would suggest just doing the walkthroughs and challenges on the site they’re a great place to start. Also don’t really come into this field just looking for a job do it because your passionate and excited about it and the job will eventually just come to you if you don’t have a passion for it I think you’ll have a hard time finding a job

thank you! I already knew that I am passionate in a "Computer Science" field, but i didn't know the path that I was going to take. It was after "Ghost in the Wires" by Kevin Mitnick that I realize I want to follow this CyberSec path.

should I major in Computer Science or Informatics going into college?

I can’t really help you there I’m only a senior in high school and I’m planning on getting my degree in electrical engineering to one day be a red team operator

should I major in Computer Science or Informatics going into college?
@cloud forge you can major in either so long as you study cybersecurity part time. Many universities don't teach cyber security at all (and if they do, it's often not that good). The best thing you can do to increase your chances of getting a great job is to study in your own time. Tryhackme / hackthebox / get certs etc 🙂

@cloud forge I am currently in college right now and my major is CyberSecurity. To best describe what my school offers is to say it is IT-Support Technician (a general path that most tech majors have at my school) glued onto Computer Science and a dash of "Here's why ethical hacking is good." Unfortunately, the school I'm at doesn't take you down the path of getting A+, but for whatever reason, it has Network+, and Linux+. To study for A+ I have to basically take that class, but it doesn't count towards my major's progress. So on terms of getting certs, my college is kinda really useless in that regard. Unfortunately, it makes more sense for me to go for CyberSecurity than it does for me to go for Network Admin. But if I wanted, it could be another path. Network Admin would be easier for me to transfer out to another school later down the line, too.

In my opinion, majors are less important than what you might think. I'm not saying that you should totally major in Underwater Basket Weaving for Cat-People, but you should definitely spend time researching into what CyberSecurity professionals say, review what your school offers, and consider your options. Professionals that hire people will tell you what they want and what they are looking for. I remember DeviantOllam of Black Hills Security saying he is more likely to hire someone that's a Network Admin because they know how to build something. Should that be your only option? No. Regardless of what you choose, you need to spend time studying outside of college. It's a misconception that you can show up to class, figure it out, and be learned in 3-4 months. Noooope. Practice is really important and is why I spend so much time dinking with Python outside of my class.

My advice is that regardless of what your school offers, you should absolutely be studying in your free time anyway. Either with THM or your class concepts.

One last thing to mention, if your school is a cool cat like mine, you might be able to sign up for internships. We have a vacuum of tech jobs where I live, so my college sponsors students to work for these companies and get practical experience for school and get paid. If you have a professor who does CyberSecurity, I recommend sitting down and talking to them. Ask them what are the challenges of the field, what they think is most valuable to have learned first, and why they chose the path they did. Get to know them. Stick to getting on their good side. Everyone loves a good reference, especially if it's relevant to your field. Having a professional on your list of references is valuable.

+1 to that last point @dark prairie! I graduated in Digital Forensics but did a year long internship at a place where I ended up doing way more cyber things. I guess that year was like one long interview because they offered me a job to come back to when I graduated. They since thrown a TON of training at me including the OSCP and others. I will always recommend internships/work placements to anyone. It was super important in my career path!

Hello everyone, knight here, could you please share some osint learning resources??

@rugged sable and @dark prairie, I really appreciate your help, I really do! It is great to join such a community where I can get help from people with experiences. Sorry if I might sound rude sometimes since English isn't my first language and this is my first time joining a community. But I will try my best to learn and contribute to this great community. Once again, thank you for that precious information!

@violet hazel Thank you! Is it any possible way to get an internship/job shadow/etc. as a Junior in High School? I don't have much experience in this field, and that is what I worry about!

@violet hazel Thank you! Is it any possible way to get an internship/job shadow/etc. as a Junior in High School? I don't have much experience in this field, and that is what I worry about!
@cloud forge The only thing you could do is ask! Send out emails to some places near you and see if they will let you volunteer or even just talk to some people about the work there. Or see if your school has any guest speakers/ask companies if they would like to speak. We have this thing in the UK called STEM Ambassadors where schools can ask STEM people to come in and give talks/experience days. It's a cool programme. If not, I'll echo advice that gets given out here a lot but: start a blog! Don't worry if you don't think you have anything to say -- write-ups and guides for the rooms in THM are a good start, or little cheatsheets or notes pages. If you have a public place to share your knowledge/experience it looks really good when you're able to apply for jobs because it demonstrates you're passionate and like to give back to the community.

@violet hazel aye it's gonn be kinda challenging since im an introvert until recently haha 😄 But hey, communication is the key right, I can't keep being all shy and stay in my comfort zone. Thank you for the advice, I will try to seek for opportunities around me! Is it okay for me to add you?

@violet hazel aye it's gonn be kinda challenging since im an introvert until recently haha 😄 But hey, communication is the key right, I can't keep being all shy and stay in my comfort zone. Thank you for the advice, I will try to seek for opportunities around me! Is it okay for me to add you?
@cloud forge It's easier over email 😉 Sure thing!

@violet hazel Thank you! Is it any possible way to get an internship/job shadow/etc. as a Junior in High School? I don't have much experience in this field, and that is what I worry about!
@cloud forge You know! A great way to gain experience is to start a blog or youtube channel. All those people in cool fields that are considered experts are those that have written about the field they are in 😄

and you can start a blog at any age with any experience

Oh one last thing

Ashu's company (Context) will give you an interview if you have a cybersecurity blog and have written room writeups

So really, it is worth it to create content regardless of experience / age 🙂

@rugged sable haha considering English is not my first language and I kinda speak crappy English (kinda harsh but true), starting a blog would be some kinda huge project for me 😄 Likeeeee should I write about my journey in TryHackMe or what:D But thank you tho!

@rugged sable haha considering English is not my first language and I kinda speak crappy English (kinda harsh but true), starting a blog would be some kinda huge project for me 😄 Likeeeee should I write about my journey in TryHackMe or what:D But thank you tho!
@cloud forge Bro look at how you're typing your English is fine !

Look at Deskel's blog. Ex #1 on THM, easily has the most writeups on the entire site. When Deskel was active, he used to talk about how bad his English was as its not his first language

aye bro, I will try to take your advice and start a blog whenever I'm ready!

People who aren't native English speakers be like: I'm sorry for any mistakes I make I'm trying my best.
Native English speakers be like: ye das ok u gud brah ur tryin ur best u good fam

You're better than most natives I know so you're good lol

What is your first language? Why not create your content with that language?

Hello everyone! I have a quick question regarding certifications. I currently hold my Sec+ and CySA+, but I am hoping to get more Red team/testing focused certs. I was looking at Pentest+ vs CEH vs OSCP. Does anyone have any recommendations? It seems like my company prefers the Offensive Security certifications, but OSCP is not 8570 compliant. However, I have my CySA+ which meets the Auditor/Analyst/Incident response reqs according to the DOD Cyber Exchange. Which of the three certs is easiest, which will be most marketable, and if I could only afford one, what would you recommend? I can brain dump for multiple choice exams, but I enjoy hands on challenges and CTF games. Thanks!

how much experience do you have?

remember, CEH requires some experience unless you're a student/do training through a partner

I have three years or so of IT/general tech experience. I've done a bunch of highschool/college competitions but have almost 0 real world hacking exp. I am a student, but I could probably do partner training if my company pays for it

I just started a systems engineering job with some system administration three months ago

Alright, bc EC-Council will want your employment history in order.

Pentest+ isn't quite respected yet, so I'd pass. The theory on the exam is good.

OSCP will 100% teach you practical attack methodology

CEH will teach you how to bash head against keyboard

Perfect lol
Thank you!!! I think I'll go with the OSCP and might pick up CEH sometime in the future. Thanks!

once you pass OSCP, you should be able to sit CEH without studying btw

it's a really easy exam

I for once thought I saw OSCP is a really easy exam 👀

A lot of OSCP isn't that hard, it's more the quantity of it and the writing

With any exam you put the time and dedication success will happen

Hi, any french who work in Cyber here ?

Probably quite a lot of people 🙂

Do you want to ask your question? It'll help get it answered much more quickly ^.^

Is it worth doing CompTIA A+ if you already have Network+ and Security+? Would companies really care?

no

I currently look for work-study in pentest so if a company is interested i'm open for any proposal 🙂

Drakelet, I think that really depends on what sort of job you're applying to.

If you're trying to get work as a Best Buy Geek Squad break-fix tech, then it probably won't apply.

@earnest carbon does the A+ Matter, yes. But only because it is a rejection filter. It is not used to show knowledge, but HR and Hiring managers often require it, even for advanced positions, just because. HR people because they don't know any better, it is in their specs book the IT people must have an A+, hiring managers because, well, this is what is required, it is the way it has always been done, and they don't care to change the rules. Many places won't, but many places will. I know of senior Windows Engineer who was passed over for a job because of this exact reason. I got it because it was a requirement for a sysadmin job a while back. Here is why I suggest you get it, if you know the stuff, it is easy, if you don't know the material, it is useful to learn. And it will never hurt to have, and can only help you. So there is a potential benefit with no downside. So, I suggest you get it. Also, I have seen this in action, worth watching if you don't know: https://www.youtube.com/watch?v=6G3kQyqMFpQ

@earnest carbon Depends on the job being pursued. For Security Analyst and Blue Team type jobs, it is not important to add A+, when having Network+ and Security+ as foundational certifications.

The answer I got yesterday is that A+ is important, foundationally. Even if a lot of it is easy and "duh" stuff, having the base knowledge will help you further down the line for other certifications that assume you already have that knowledge.

Possibly dumb question but are " We want you to apply" calls good?

For further context it came from a recruiter that works there

often recruiters call bc they get bonuses (in the thousands) and they want the best odds. So don't think you're the only one lol

Yeah I never did

It's pretty niche which is why I was curious

Just got accepted into a program that will pay for my college! Thanks Covid for making me unemployed!

Ahhh nice. I guess there's a silver lining to every cloud ^ congrats

Congrats!

Thanks bros. My first semester covers a+ Net+ and ccent. The second covers sec+ , ccna and linux+ in two semesters i could have the ability to gain 5 certs. Which is my goal. I want the net+ and sec+ the most. The others are just bonuses. I also am hoping to take the ejpt somewhere in there

very nice

Yeah I was dumb and didnt do certs while I was in Uni

i went the Tech school route bc at 30 I don't have time to go back to school for 5 years. I considered a bachelors but after reading this "https://danielmiessler.com/blog/build-successful-infosec-career/" I decided my best option was the standard certs and some tech school. I have prior experience as a Network engineer and a sysadmin otherwise I would have tried a bachelors.

Yeah I went and got my degree because "You need it for jerb X" Went and got it and now doing the Travolta look left then right

🤷‍♂️

But good for you man its good to see others joining the Cyber Sec field

Yeah I got into college later in life myself. I spent my early 20s in the military doing a job that was not at all related to IT. Certs are a good way to go.

Got my foot in the door with the A+. Currently studying for the OSCP, and I was just told yesterday I will soon be be in charge of our blue team.

That’s a fancy way of saying I will soon be the blue team lol.

haha nice

Yeah enlistment is definitely still on the table for me

what whould be the best programming languages to learn for hacking, im assuming python at least?

Python, C#, C, Bash (if that counts, automation is good)

Spooky is a big advocate for C# for windows payloads

.net framework, yo

I think eJPT covers Cpp

it covers it lightly but doesn't teach it

^^

i was also surprised that eJPT has a bit of BoF

wait what

mine didn't

for real?

it was in 'system attacks' section

lemme have another look

Exam or course material?

ohhh yeah

it talked about it

i thought you meant a lab or something on how to exploit it

it was just theory

exam didn't have a bof though

@unborn heath I know the feels. (In charge of. lol) I was once tasked with starting and managing DevOps department... when I said we need 2-3 DevOps staff the CEO said "I thought you were just going to do this on the side, I didn't know you couldn't handle it" I said "I already work 45-50 hours a week how can I be expected to do two jobs in at the same time? Also a DevOps department requires DevOps employees" Then he gave up on the idea of a DevOps department and fired me two weeks later because I couldn't complete the "simple task" of automating the testing and deployment and monitoring of ~50 web apps single handedly in addition to my regular IT/ sysadmin work.

Wow. Yeah I was told to make the process of imaging systems faster, so I only spend 30 minutes a day on it. Idk if I can make the 30 minute time frame per day but I do think I can get it down to an hour. I’ve went ahead and made about 30-40 copies. Enough to take care of a batch of laptops and desktops. That kind of buffer should be enough. If not we could always buy a duplicator with a larger capacity.

That’s shitty though @dim goblet

@unborn heath There are lots of open source tools to deploy images en mass. Most include some form of remote management as well

I’ll google it. Thanks.

@dim goblet I'm sorry you lost your job but you dodged a bullet

For someone who's worked/knows red team and blue team, what would you say are the biggest lifestyle differences between the two? For example, it seems blue team is more 24/7 and more team-based, whereas red team can be more sprint-based and is better for contracting/solo-work.

That's honestly a good question

blueteam is typically done in rotation and shifts and whatever

so it's not always 24/7. I do both Blue and Red and I'm on standard 9-5 for Blue

for Red, I'm having to pull a long night because nmap is being horrible and it's giving false positives and all other stuff.

For Blue Team, be prepared to work on major holidays (i.e. Christmas)

we had a major incident on Christmas, as expected tbh :L

for Red, you have a schedule, you follow it. You do what you need to do to meet your deadlines

Oh nmap

sigh

@languid hearth , that's the perfect response, thanks!

Hey guys i had a question is oscp is good thn lpt? because i was thinking of becoming and entrapreuner and oscp just teaches to pentest but lpt also teaches legality stuff so which one do you prefer?

LPT as in EC-Councils LPT?

Is there a guide for which rooms are most helpful for the penstest+? Does anyone have any advice?

I don’t think there is any hands on for the pen test+

Man the autocorrect is terrible.

Based on the description it looks like part multiple choice and part labs.

https://www.youtube.com/watch?v=NdA6aQR-s4U

Anyone one here who has done the OSCP know if there is a time limit on completing the course?

@warm hinge You buy a certain length of lab access -- between 30 and 90 days

From the end of your lab access, you have 120 (iirc) days to schedule the exam in

Ah makes sense, thank you.

You can buy extensions. Although it’s costly.

I’m probably going to go with hack the box, this platform and maybe vulnhub once my lab time is done. I’ll probably only buy another 30 days if I fail the exam.

True, trying to decide if 2 months is enough for me to do everything and the exam. Maybe I'll take it next year I'm kinda short on time

It’s pretty rough in my opinion

Is CCNA more highly-regarded than CompTIA Network+? I'm gonna do one, and I'm leaning towards CCNA.

Well @earnest carbon, you should take into consideration that Network+ (and all other CompTIA exams) are vendor-neutral meaining they tho they reference some technologies from various vendors, the vendors themselves do not have any say in the content of the materials presented to the student(s). Netowkr+ is more of a general understanding of all networking technologies in use today, with relative history included.

CCNA, on the other hand, is actually more useful in the industry. Cisco switches are located in almost every enterprise network. Where I work, we have over 500 Cisco switches controlling various locations. Having a CCNA certificate is highly sought due to instances I just referenced.

he speaks the truth

can anyone tell me what are the things to be considered while hacking over Internet

does completing CEH is enough or i should go for more?

:L

@languid hearth any help?

i'm beginner

As Neko will say. CEH is basically a meme outside US DoD stuff.

I have no idea what you mean by "hacking over internet"

@quick forum can you provide me some suggestions?

leave that buddy

It depends™

The only good way to see what certs you should get is by looking at the jobs you want to go for

See what jobs are asking for

for e.g?

those are for you to go out and find

find the job you want, and go look at what the requirements are.

thanks buddy

im not your buddy :L

Lol

@quasi stream elearn sec are doing a malware cert

https://www.elearnsecurity.com/certification/ecmap/

Holy moly nice catch

Price 😮

wheeze

@quasi stream $400 for the voucher tho

owo

that do be sounding kinda good 👀

Yea if you can jump through their hoops

I was quite the acrobat for the hoops at my uni

almost infamously so

I will enquire some more ty jamesss

Thank elearn's mailing list

thats some OSCP monies there

Isn’t it though

Looks interesting too

Anyone got recommendations on good infosec blogs? Feel free to plug ur own

depends on what youre looking for but I love harmj0ys blog

https://blog.harmj0y.net/

good source

https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478

complete the course, get the voucher ezpz

does anyone actually takes SANS from their pocket? or thats provided their pockets are like deep af. should i just wait for company which is big mnc that is able to send me for training to employ me before even thinking about taking them?

I look at it as ROI (Return on Investment), will you get a job or a promotion from getting the Cert? How long before the salary increase pays off the cost? Is this the best bang for the buck, or will another cert get you the same job or promotion for less money? I tend to believe 1 year payoff is a good investment. Otherwise, let someone else pay for it....

tru

OSCP is considered a good investment, because the salary increase you should get from it should be in the ten of thousands

Which other certs, than OSCP, is worth taking? I'm not really looking for a paycheck increase, since I own the company..
So I'm primarily looking for what I can learn from the cert, and what will improve my resume when one day selling the company and then looking for a new position.

What is more in-demand? Red or Blue?

IMO, these years, it's blues.. New regulations world wide demands for better security and especially plans herefore..
But it shifts a lot, and over a range of 10 years, it's 50/50

Splunk Fundamentals if you're not familiar with splunk

even Red Team Ops bt Zero Point Security will teach you the type of things to look for -- so don't discount red team courses

@languid hearth , do you recommend the red team ops course? I was planning on doing it after OSCP

its fun, I've only gotten to the phishing portion, but from what ive seen -- it looks good

It’s the HTB rastalabs right?

But with a video course too?

Atleast that’s what I think I remember about it

It was full last time I looked 😦

no

neither

Rastamouse made the labs, but they're not the same

Ahhh okay that’s cool. What is the course then? PDF or something?

nope lol

how long did it take you to earl all of your certifications and how long you've been in the field? @languid hearth

its been 2 years since I got my A+.

I've been in Industry for 8 months now

how may certs you have total?

10?

Spooks treats certs like Pokemon

Gotta catch em all

yeet

That's not a normal approach, it gets expensive

the road ahead is a tough one 🙈

I've got Splunk Certified User up nezt

then Splunk Certified Power User

then one of Zero Point Security's

after that SANS GNFA

i hope one day i have as many certs as you guys

Find an employer that will sponsor them

where i live pretty much all of them require the certs before hiring you

I mean, the entry level jobs might need OSCP and a degree or something

ah i see, ill get my OSCP or CCNA first and then find an employer to fund the rest

CCNA is a networking cert, remember

Look at jobs

See what the jobs are asking for

Get the right certs

i feel like its important to understant networking too because its part of it and there may be lots of vulnerabilities in the network architectures

CCNA is Cisco specific as well

OSCP is a pentesting cert

CCNA is a cisco networking cert

OSCP isn't going to get you a Cisco networking job and vice versa

is there a networking cert that involves more than one network achitecture

Net+?

What do you mean by architecture?

Vendor?

like cisco

Vendor.

Network+ from CompTIA, there's a bunch more

But seriously

Look at the jobs you want to apply for

Look what they're asking for

do different vendors use same/similar network architectures

Networking is standardised.

ok thank you i will focus more on that

Net+ isn't as respected as CCNA.

you'll find a cisco device in essentially every network

But also, don't buy certs that won't help you

Let your employer pay for those 😉

i wish I did CCNA Sec bc the amount of ASAs i see on a daily basis is disgusting.

send your hacking/cybersecurity podcasts

What would the OSCP teach me that I couldn't learn here? I'm still going to get it, I'm just curious

a plaque to hang on your wall

oscp isnt going to teach you anything but the pwk which I believe you must purchase to take the oscp will teach you practical ethical hacking its everything that you can find by doing your own research but its easy and in one place and employers like it

👍

hey quick question is it possible to start off in lets say IT support and go over to cyber security

yes its a common practice for some to start in a help desk or IT support position

I've trained you well

Anyone recommend any online training courses for getting my security+. After years in IT I've finally decided to take the next step. I'm signed up for thm already and that has been a big help too.

From what I’ve heard sec+ is an easy exam and can be taken with little experience thm will give you a lot but there’s plenty of online courses to choose from they’re all about the same in course curriculum so just pick one and stick with it maybe do a practice exam or two if you feel you need it to gauge where you’re at @radiant sequoia

Thanks @polar rock

@radiant sequoia I'm a complete beginner and it took me only 2 weeks of studying to pass the security+ if that gives you a good metric for it

But also I'll warn you that it hasn't really done anything for my job search unless your employer is asking you to get it

I got it almost a year ago and still nothing

@magic vessel that's a good point and I've always felt that way about certs but in this case it's required for the jobs I'm looking at. Luckily I'm working in security now so this would hopefully help solidify my resume.

I feel you though I think it's a waste. Like either you do it or you don't...

I've heard it's good for government jobs

THey usually require it

I've noticed but at the same time I don't want to work a gov job. I'd rather get in with a private company maybe consulting.. honestly not 100 percent sure. I'm just getting my feet wet as far as security is concerned

Pretty much any certification can be a waste of time / money if an individual doesn't put in the time to learn the material. I have heard of paper "OSCP" recipients, individuals who can't do much hacking but passed the exam through various means.

@pastel portal exactly thats why I was wondering if there was a recommended course to get me on track to not only passing the test but learning the material. Also why I signed up for THM

@radiant sequoia how did you get into security to begin with? I'm having a very touigh time finding my first job

Some private companies like to see the Security+ for compliance sake and it shows you at least know the basic terminologies used in security. It's not going to make you a red or blue teamer but it is a good start.

tough*

@pastel portal thanks for the advice!

@magic vessel I got very lucky

I know someone

Basically I know this person who knows my skills. They had a job so they hired me

But i want to get serious and continue my career strictly focused on security. I have an extensive blockchain background too

Blockchain is a good area to be in right now. I've seen a good amount of security jobs for it these last few months.

Good to hear

Where are you located @radiant sequoia ?

U.K, U.S. or other?

U.S.

I'm also U.S.

Right now I see a lot of defensive roles, not so much offensive in my area. I've been balancing my knowledge with more blue team knowledge for a couple of months. I find threat hunting to be an interesting area. Haven't figured out how to balance it with penetration testing career goal yet.

@magic vessel, with job searching, especially for your first job, make sure that your resume is perfect and that you aren't too narrowly focused. It's important to get your foot in the door because once you have one or two years under your belt, you can make more specific career moves.

@pastel portal Thanks, that's what I'm trying to do. I'm looking at SE, IT, networking, and infosec jobs

My degree is in CS so I'm trying everything

Great. Thanks again for all the advice

Pwk is a tough course man. Look at the pre reqs and try to meet all of them before you jump in. My python, powershell and bash scripting are all weak as shit, and I’m gonna pay for it come exam time. That said if you know your weaknesses, you’re one step closer to turning them into strengths. Good luck.

tbh the course requirements are pretty relax.
You only need to know networking, have context on what network protocols are, and have familiarity with linux tools.

Yeah I’m not saying the rest can’t be learned during the course. That’s basically where I was at when I started and I’m learning. But it would be easier if I was already familiar with the above.

Had a question for you guys in Australia

Currently in Uni, what certs should I work towards for a junior SOC analyst kinda role?

Currently in Uni, what certs should I work towards for a junior SOC analyst kinda role?
@cosmic topaz Ooh I want to know this too! I've spoken to a few companies and they want Sec+ and CCNA.

@earnest carbon in Australia??

Yeah mate

Oh wow okay. What kinda jobs were these?

What about OSCP though? I was planning to get Sec+ soon and OSCP by the time I graduate

Oh wow okay. What kinda jobs were these?
@cosmic topaz Security/SOC Analyst Level 1

What about OSCP though? I was planning to get Sec+ soon and OSCP by the time I graduate
@cosmic topaz CEH/OSCP are nice too haha but not essential it seems.

So a CCNA is a must?

Seems to be more important to have sysadmin/networking knowledge than specific hacking skills. Solid foundations

Know how everything works, not just know how to use specific tools for a specific purpose.

Makes sense. I have a voucher for Net+ so just wondered if I can get that instead of CCNA

I'm actually deciding which to do right now. Net+ is still liked so go for it.

Also know SIEMs and ATT&CK for SOCs

Alrighty

Still got like 2 years to graduate so I've got some time to research more Ig

I'm thinking of doing BTL1 too, that looks awesome

O

Splunk Fundementals 1 is a free course that they'll love to see

and theres a $150 certification that goes along with it

ccna isn't helping me with soc positions in the uk so i wouldn't rely on that 👀

@static tide Would you say do ccna anyway? my networking knowledge is non-existent really so would be doing it for more knowledge than anything else

@static tide Would you say do ccna anyway? my networking knowledge is non-existent really so would be doing it for more knowledge than anything else
@stone cedar if you aren't going to be going into a networking role i'd say no (to taking the exam - unless you're balling), but studying for it definitely

How much is the exam? if it's a couple hundred I'd just do it

i studied for the old one which is now retired but the way he put the information across in the books was so nice

i think it was £300 ?

Oh thats not awful, I'd probably do the exam

idk my company had a spare voucher for it

fair

I plan on learning via video course rather than a book tho

I can't learn from books too well

ah right, i'm not sure on the best video courses out there

i did kinda use the one from cbt nuggets to supplement some of the routing though, because that's much easier to learn from with a video

i'm in the process (stopped while studying pwk but will continue after) of making a challenge that involves a lot of networking knowledge with some cisco virtualisation though :)

You're stopping Dev during PWK?

that's true i still spend 80% of time playing chess

howz is the content of Tryhackme for new to in this field ?

@warm hinge awesome this is the perfect platform for learning for a beginner!

@somber bramble Thanks and its video based or totally like what we have in rooms ?

Like If I will enroll in this path then it will give video lesson or not ?

Some rooms have official video walkthroughs for subscribers, yes @warm hinge

There are more being released all the time as well 🙂

@warm hinge yea what oracle said. There are videos for walkthroughs sometimes but the actual learning (in my opinion) happens cuz they have a learn by doing approach, so the rooms will guide you through how to do stuff at first, and then once you start understanding you'll see theyre less hand-holding

you can enroll in the path (if youre subscribed) and check it out and then unenroll later if you want, id recommend enrolling in complete beginner and then follow the course, its super helpful 🙂

@somber bramble @undone shore Thanks and really appreciate. your feedback....

any time!

theres also a great community over at #room-help and #room-hints if youre stuck on some stuff after trying on your own for a bit on a room! @warm hinge

theres also a great community over at #room-help and #room-hints if youre stuck on some stuff after trying on your own for a bit on a room! @warm hinge
@somber bramble Sure

ccna isn't helping me with soc positions in the uk so i wouldn't rely on that 👀
@static tide Yeah it seems most emplyers in my city want a Sec+ mostly and some ask for a CySa+ when it comes to SOC Level 1

Couldn't find anyone asking for CCNA or any networking cert in particular

Is there any other free certs worth obtaining?

@static tide Yeah it seems most emplyers in my city want a Sec+ mostly and some ask for a CySa+ when it comes to SOC Level 1
@cosmic topaz yeah it sucks :( my networking knowledge is fading due to me not being in that role anymore or continuing studying for network certs

but then again in offsec do i really need to know how to troubleshoot bgp? nahh

maybe

depends on the size of an org

and if you can hijack a router

and if you know how to preform a bgp hijack,.

if it was required of me i could learn it quickly but doesn’t provide any use when searching for an entry level pentest position

I will tell you certain information (BGP related info) is typically required to be gathered during external security assessments and can tell you a lot about a given target, their infra, their assets, etc.

Pentest jobs became very crowded in US.

not really I still see many job openings there is no shortage of penetration testing jobs

I see a lot too. But most of the jobs are contractor companies so the pay isn’t great

What's considered great vs non-great for pentesters?

and good cyber jobs in ireland?

It depends on where you live on whether or not jobs are crowded in the US or not

There is a job void where I live across the board for tech jobs

@dark prairie, where are you based in the U.S.?

I feel like in the U.S., the security jobs are pretty much concentrated in Washington D.C, New York, California, and Texas.

I've seen a couple of listings in Boston and Chicago, but I don't know if it's half as much as those other places.

Midwest.

I'm also in the Midwest. I'm thinking of relocating to a major region for security roles.

It's too quiet in my neck of the woods.

bruh anyplace where a big company is based, there will be security positions

Unfortunately, there aren't many where I am. I can basically count the companies.

Relocation or working remotely makes sense. I don't mind doing what's necessary for my career.

As long as you aren't out in the boonies I would expect your area to have security positions.

A handful of security jobs may be had but pay is horrendous, particularly if individuals have years of IT experience. I'm the first to admit I'm not in the best area. I've considered moving to Dallas, D.C., possibly Raleigh. Would have to do research on other major hubs around the U.S.

The pandemic is another issue - my recruiting company has absolutely nothing available. It's been like that since this has started, with no end in sight. I'm a contractor (network security) right now with about 1 - 2 months left so I want to make sure I have something solid soon. I'm spending my free time improving my defensive skills since I feel pretty comfortable with my offensive skills at this point.

You need to locate towards big cities. That’s where the companies are. They aren’t going to base up in a town of 10,000 people.

I don't completely agree with that. Living in a tiny town hasn't seemed to impact my ability to get callbacks/interviews/offer letters from massive tech firms.

But then again I only consider remote. On-site is not my thing.

anyone know how many CEUs a year the common pentesting job requires?

0?

??? wouldnt an industry like security require a shitload of cpes? especially in a field thats constantly changing? if nurses require something close to 30 every two years, shouldnt pentesters or anyone in infosec require double that?

I mean they're not really standardised

And a common pentesting job at entry level requires a cert and experience or a cert and degree

anyone from UK here or any who has studied in UK here?
I want to know some info beforw I plan to go for masters there

Like I am from India, so being an International Student, I have heard that finding job in UK is difficult after a degree, because none of the companies will be ready to sponsor an international individual

any idea regarding this?

I'm from the UK and study in the UK

You'll probably have to see what happens after brexit, as hiring from the EU will go down most likely

@quick forum it's supposed to happen on 31st December 2020 right?

Yep

And we still don't know exactly what will happen then

I am planning for September 2021 intake, So i guess I have to wait till Feb or march atleast

@warm hinge The visa rules have changed for students coming to the UK that begin their studies in autumn 2020 or later. So, you will have 2 additional years after finishing your degree to find a job which is sufficient tbh. Also, I came to study in the UK from India in 2018 and landed a job in 2019. So I can promise you if you have the motivation and the skills for the job, companies will sponsor your visa no problem 🙂

woah, thanks for positive news mate @latent ingot

👍

Hi. I'm a developer(Salesforce- It's a cloud platform) with work experience on 4 years. I know Java,C/C++, Python, Javascript, HTML/CSS. I got my CEH a few month back. My ultimate goal now is to become a security researcher. From all the podcast/videos on career shift the first thing I hear is just get into the security domain first but I'd like to know what you all think. I've been looking for a job as a SOC Analyst but so far no luck. Is it better if I look for a job as a developer in a security product company or something else? Please advice.

@naive torrent Splunk Fundamentals 1 is free to take, you can take a certification exam for an addition $150 if you please.
That'll definitely set you apart as you'll have experience with enterprise tools that just about everyone uses.

@languid hearth thank you. Are you talking about this one?
https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html

I hope is the right channel to ask this kind of thing. I really have a big question mark upon my life right now, and that is :
What should i do next ? What is my next move ?
And as u all know, we always want to do the best move.
So i just got out of school, electrotechnical and electronic study.
But i always loved IT. I have a huge base knowledge, i also have a WebDesigner certificate.
But i have little knowledge in network things, web things etc... Basically i miss al those things u study in school when u follow IT studies. (most of them).
Should i go to IT university and start my way from the bottom, or should i build a individual path to make my way to the OSCP?

yep @naive torrent

@marsh tide if you have a degree in electrical engineering or similar you’ll be fine and don’t have to go back to school I would go on the individual path and start going for your certs

@marsh tide if you have a degree in electrical engineering or similar you’ll be fine and don’t have to go back to school I would go on the individual path and start going for your certs
@polar rock Should i start like from base knowledge of how internet works and like the basic thing they teach u in university and from there like studying linux etc..? Or just throw myself into pentesting and then learning things when im stuck?
Cause i read some articles saying that is kinda hard to get to the OSCP and that made me make a step back.

yes

That’s really up to you on where you feel comfortable starting you can start with something like the A+ and then move onto net+, ccna, sec+ etc to get base knowledge then do oscp or ejpt or a similar penetration testing focused cert

oscp is relatively easy. a lot of people paint it in a very difficult light because it is kind of difficult, but its not as difficult as its lead you to believe

That’s really up to you on where you feel comfortable starting you can start with something like the A+ and then move onto net+, ccna, sec+ etc to get base knowledge then do oscp or ejpt or a similar penetration testing focused cert
@polar rock what are those that u mentioned? Sorry for my ignorance but is like i am stepping in a new world.
Untill now i had a really messed up idea of it cause influeced by "general opinion" and media.
But is more cooler then i tought. So i really want to start with "good habits"

A+ is your general computer knowledge, Net+ is your general networking knowledge, ccna is a Cisco certified network associate which gives you networking knowledge like net+ just with Cisco, sec+ gives general security knowledge both physical and cyber, and the oscp and ejpt are your beginner penetration testing certs it all depends on where you feel comfortable and what you want to do

you don’t even have to take those certs you can just take some courses on those topics

you don’t even have to take those certs you can just take some courses on those topics
@polar rock wdym?
Like just looking to a Syllabus, studying individually then move to the next one without taking the cert until i feel ready for the oscp?

each of those certs have third party prep courses that you can take that don’t include the exam for the cert itself but a cert can also help you get a job which is why it’s really up to you in how much you want to spend and where you feel you need study

Ok got it. So it's basically more "valuable" to also get them but is not necessary.
I really dont know where i want to arrive, i just know i want to start it the right way. I hate when i miss base knowledge, cause i like to understand things and not just follow write ups or walkthrough.
Thank a lot for the help, life-saving

Which labs/resources do you suggest for learn SIEM and security analysis ? I saw Splunk on THM but idk other labs.

https://cybersecurity.att.com/products/ossim

https://zeek.org/

https://cybersecurity.att.com/products/ossim
@languid hearth Thanks !

@warm hinge The visa rules have changed for students coming to the UK that begin their studies in autumn 2020 or later. So, you will have 2 additional years after finishing your degree to find a job which is sufficient tbh. Also, I came to study in the UK from India in 2018 and landed a job in 2019. So I can promise you if you have the motivation and the skills for the job, companies will sponsor your visa no problem 🙂
@latent ingot would be much better than the US, given the latest news by DT..

you don’t even have to take those certs you can just take some courses on those topics
@polar rock here i am bothering again.
So i took a look at the certifications, but actually for being able to study from them, you need to purchase the "packs" that they offer.
Is there any way to learn without buying them or i should just trust them and throw at them my money?

alot of certs require you to take their course before buying the exam to take a cert I would recommend just buying them if you want to get the certs and make a career out of it but if not and you dont care about certs then you can just get a third party course like on udemy or pluralsight for a fraction of the price

No thanks.
I will just trust them and ill buy it.
I really want to have a superb career. And im going to build it no matter the cost.
This Discord just gave me the right motivation and path to start what i always wanted to do.
Thx again

no problem

Hello Everybody. I was wondering if anybody would shed some light on CEH Practical exam. I have read a lot of negative comments about it and was wondering if there's anything good about it. I have recieved a scholarship from EC Council and they've provided me the exam voucher for 99$. (Original cost is somewhere around 500$ i believe) .
Just wondering if its even worth my 99$

For $99 u can't really go wrong

If I were setting up my LinkedIn account before starting my career in cyber security- how should I describe my position? I have CompTIA trifecta. Junior Cyber Security Analyst?

has anyone has success with finding a remote security position with no previous experience? Im from a small farming community and I dont have any chance of finding a related job where I live. Ive got 4 years of IT experience but nothing directly in security. If anyone has some guidance to share on finding remote work id really appreciate it

Hmmm

that’s a hard one the best bet that I’ve seen would be to try to get relationships within the community and try to get an internship with a smaller cybersec company like tcmsec, trustedsec etc

thanks!

Anyone with 1 - 3 years of security experience have any luck finding a remote security position outside of their country?

cybersecurity student here, i am just curious if anyone in the pentesting industry would suggest any certificates that are worth getting that arent purely related to computers, such as lockpicking or other physical entry tools

if any certs like that exist, im still really new to the realm of lockpicking

https://twitter.com/offsectraining/status/1281393703521783808?s=20

@full sandal what you’re looking at is referred to as red team ops for the most part there aren’t any certifications for red team ops and it’s hard to find training for it. I would recommend getting your sec+ if you don’t already have it that will give you general physical security knowledge as well as red team security has a couple of courses and maybe certs on everything from general red team to social engineering https://redteamsecuritytraining.com/

v BHIS Discord

Just saw that.. that would be awesome

Hello everyone if someone here recommend me a certification to start with what certification do i have to take?

I recommend looking at jobs that you would want to apply for

See what they're asking for.

okay and then for the certification

i find few jobs and most of them i see these certification: pentest+, CEH, OSCP and GPEN

and that is my point which one of them is good for beginners like me

You can work towards OSCP

What about the others mentioned, to much theory and less practice or not worth it?

CEH is a meme, kinda useless outside the US DoD

pentest+ i heard that is the same as THM, teaching some basics that they are the same as THM so i will look at OSCP,GPEN very expensive

It's an investment in your future

eJPT is getting more widely recognised, and is like 1/4 of the price of OSCP

yes is a investment, but investing wisely is better thanks again for the help

https://blog.spookysec.net/certifications/
For those looking for certification advice.

This is really really good thank you

Tempted to take OSCP now :p

Tempted to take OSCP now :p
@rugged sable I will say one thing. I am not impressed with their infrastructure. Currently sitting waiting (again) for a client machine that is supposedly "Ready", to come online. Mixed with the Mayor's review of the labs, I would say that the highlight is the course material, and definitely not the interactive parts.

@undone shore I highly advise you don't take OSWP. I had to wait 1-2 hours after my exam was suppose to start for it to start cuz they borked ssh.

Good shout, remind me not to take OSWP

anyone know how much the ccna crosses over into net+ territory? I am taking two ccna courses over the next two semesters (im assuming the course material covers ccent then ccna) and am wondering how much additional studying would be required to get my net+ also.

@dim goblet you can get the exam objectives here https://www.comptia.org/training/resources/exam-objectives or check out Prof Messer's first couple videos https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd. I haven't done either but I've been studying them both; CCNA is more practical, Net+ is more general, but knowing one will def make the other easier

Hmm the embedded YouTube link includes the full stop, hence why it's saying it doesn't exist. Just click the link in the message, that doesn't have the full stop.

@languid hearth awesome writeup.. FYI, menu is a bit bugged om mobile, when reading the longer blog post

@dim goblet if you get ccna, you shouldn’t need to study for net+ (don’t even bother taking net+)

ccna >>>>> net+

@dim goblet if you get ccna, you shouldn’t need to study for net+ (don’t even bother taking net+)
@static tide i heard actually the opposite, while ccna is based on CISCO networking , net+ is more usefull cause it will teach you actually how to understand networks while ccna is more focused on telling you how cisco networking works.

@marsh tide ccna teaches you 80% of what net+ does, as well as going into cisco networks

but ccna is more "experienced" level?
like for a beginner is understandable?

oh yeah ccna is much much harder than net+

but sloshy mentioned that he was planning on taking the ccna, in which case net+ would be useless

yeah then here we go. CCna maybe is better for those who alredy knows things. while net+ is for entry level

but sloshy mentioned that he was planning on taking the ccna, in which case net+ would be useless
@static tide well yeah, in that specific case i agree.

myself i could start with ccna from the school i was in, but i am really not sure i have the basics for it, so i go on a more secure path with the net+

like I said in the post, if you walk into sny org you will find a Cisco product.

could be an ASA, a switch, or something

Ok, make the point

point being you need to know Cisco because they teach you the fundamentals of networking. if you dont know the fundamentals of routing, switching, etc. you're going to have an incredibly weak base.

I'll tell you knowing how to implement NAT isn't the same as knowing what NAT is. You probably wont even learn that NAT isnt the correct term unless you take a proper networking course or someone tells you.

It provides such a deeper level of understanding that goes on in the network layer thats necessary for you to take network security to the next level.

pretty much each networking course is going to give you the same basic knowledge but the deeper knowledge is going to be with their products like the juniper networking cert vs cisco

point being you need to know Cisco because they teach you the fundamentals of networking. if you dont know the fundamentals of routing, switching, etc. you're going to have an incredibly weak base.

I'll tell you knowing how to implement NAT isn't the same as knowing what NAT is. You probably wont even learn that NAT isnt the correct term unless you take a proper networking course or someone tells you.

It provides such a deeper level of understanding that goes on in the network layer thats necessary for you to take network security to the next level.
@languid hearth but would you recommend ccna for a beginner?

hands down.

i went into ccna as a beginner ^^

like 0 certs.

i was thinking to do ITF+ A+ and then the network cert

there's new topics like APIs and Network automation added which are definately going to help strengthen programming, API, and Automation skills

Can somebody who have OSCP dm me? What can i do if i cant find exploit error or update in exam and what can i do if i have to use too long wordlist for dont waste time

i assume if you’re using a wordlist and it’s taking ages, you’re doing it wrong

Also why does that question suspiciously seem like you want someone to answer a question about an OSCP box...

@static tide, when did you take the CCNA?

(You say you took it as a beginner.)

@pastel portal feb

not as beginner, i was a network engineer but i started studying for as a beginner

I see.

The updated CCNA assumes networking knowledge. Taking the Network+ is optional but knowledge wise it is helpful for the CCNA.

idk i didn't read the syllabus for the new one

There's a lot of knowledge you could transfer over to the CCNA I'd imagine from Net+ (haven't done net+ so) the fundamentals are still the same, just more, vendor focused shall we say

@static tide do you want a ccna role my friend?

I managed to fit in just as the new 200-301 came into play

@static tide do you want a ccna role my friend?
@quasi stream yes please

I gotcha pal

R&S?

yeah i got my ccna on the 21st of feb lmao which was one of the last days

yeah r&s

hehe poggers I wasn't too far behind

gotcha

there you go

wanted to do sec and data centre too but now they're only ccnp i think

+10 thm points

-10 sanity points for having a ccna tho

eh

studying was okay

the exam however

no thanks

wouldn't wanna do that again

Heheehe yeah

I spent two years at minimum 6 hours a week, closer towards 12/14 hours a week with coursework for my ccna

(and then 22+ hours when the deadlines were due)

wait coursework ?

what coursework is that?

With my Uni

It wasn't for the exam per se, it was for the degree but it was directly for the exam in that regard

We'd make up WANS with a-z of requirements

Which was really good for the exam in the end but christ did I start to hate it come 3rd year LMAO

ohhh i see

must have been nice to be able to apply it though

i was lucky to have a job in net eng

if i didn't i probably wouldn't have passed

i wanted to go all the way to ccie level but i wasn't enjoying it too much, maybe just the company i was with wasn't for me

Getting all the way to CCIE would be a pretty awesome achievement.

I'm torn about how I feel about Cisco. I work with their products every day, but I'm not sure yet whether I can make my career all Cisco.

my original plan was to do
ccna r&s -> ccna sec -> ccnp r&s -> ccna data centre -> ccnp sec -> ccie sec -> ccie r&s

What's the current plan?

that’s too much Cisco

I'm torn about how I feel about Cisco. I work with their products everyday, but I'm not sure yet whether I can make my career all Cisco.
@pastel portal yeah i did too but idk i just love to learn more haha

i'm currently doing my oscp, not sure what i'm gonna do after that

probably elearnsecurity's web course, or their network defence course

Good plan. OSCP is too rich for my blood right now. I am doing a lot of offensive security training at the moment, but I will be balancing it with defensive. I'm probably going for the CySA+ later this year - need to renew my Security+ too.

yeah i think a mix of offensive/defensive is important

does completing cysa+ not auto-renew your sec+?

higher level certs will renew lower level

Yeah I'm using the CySA+ to renew the Security+. I need to do defensive but I also need to renew my Security+. Two birds.

That's the plan anyway. If I don't have time, I'll do my continuing education credits and then do the CySA+ later.

when i first started in networking 8 or so years ago there were only 10k or so people who had ccies. now it seems like so many people have them it has been devalued. A ccie was a golden ticket for a 200k+ salary where you may only work 10-30 days a year. Times have changed. Top tech is moving away from cisco anyways. When I worked for facebook 3 years ago the only cisco they used was for waps everything else was Arista.

How do y'all rate Cybrary? I've been doing their free-for-July courses, and it seems very... Video-knowledge-dumpy. Lots of concepts and theories but not practical. Are some courses more useful (like, for example, THM)?

Best to do practical stuff like thm or hackthebox and then look up things you come across and want/need to know more about

Then cybrary is probably pretty useful

Cheers @wintry phoenix

when i first started in networking 8 or so years ago there were only 10k or so people who had ccies. now it seems like so many people have them it has been devalued.

yeah there are lots more ccie's now but they are still very valued from what i've seen

@earnest carbon Yes, a lot of content at Cybrary is dry textbook format converted to video content. Too much Death by a 1000 PowerPoint Slides in my opinion.

Hi I'm an amateur. Wee baby in IT world. I've been studying for taking my Security+ but don't trust the practice tests I've taken

Are there any good practice tests someone would recommend? Preferably cheap or free 😁

practice tests aren't really ever representative of the real thing. They ask questions in a very much different way.

practice tests are good to test knowledge on the material you've learned

but often times if you get 100% on a practice test, you're looking at an 85~ on the real thing

Or vice versa, depending on how good the practice test is

that's what scares me

Anyone here working for a government at Cybersec position and can share more about it ?
In sense what was required of you to get such job or was it worth it and other tid bits. Sorry if asked before and someone answered, i will gladly
search it if a username or info is mentioned.

so, government is pretty strict on their qualifications, they can afford to be very picky.

when I was applying for positions @ the NSA, I'm pretty much top pick for anything in security and because I lack a bachelors degree, I pretty much get instantly denied.

@languid hearth I'm asking the same, because my father works a government job for 30 years now, and as of recent we have very big
problems with security and finding any even underqualified people for the job. Pretty much they want you to have a bachelor or masters in cybersecurity(its what the degree is called at least here) to get you a job. But knowing how "bad" is usually the hiring here e.g they dont ask you much or ask you the wrong stuff and dont look for actually good people, i was wondering what are common questions or " tasks " they want from you in a good government where they actually REQUIRE you stuff.
(im from eastern europe)

bachelor or masters in cybersecurity(its what the degree is called at least here) Batchelors/masters is the same in the US too

US Gov likes weird certs

ah ok , since we dont have colleges with majors etc here and i was not sure if they are the same.

So would you say certs or other qualifications needed are strictly government specific ?

Certs apply everywhere

The US Gov just has a strict list

Bad phrasing i mean, requirements for certs from the government.

I don't understand

Thats fine ^^

Certs help you, everywhere

The US Gov just has a lot less that they recognise

Ah ok yeah that is what i mean , the recognize part

Not sure if that phenomena is limited to US Gov or not

See im asking because ive known some colleagues of my father who have .. security positions
for the government here with none of the certs here and it was a bit of confusing. They just have bachelors/masters

Most of the non gov entry level jobs I see here in the uk want an entry level cert AND a degree

Alright, thanks for answering and struggling with me haha ^^

The only way you can really answer the question is by checking what they ask for

Check if jobs with your gov want a degree, or certs, or both

Alright , yeah that makes sense haha.

so, government is pretty strict on their qualifications, they can afford to be very picky.
@languid hearth Trump put out an executive order about this pretty recently, so if it has been a while, you might want to have another look https://www.govexec.com/pay-benefits/2020/06/trump-sign-executive-order-overhaul-federal-hiring-process/166471/

pog?

Similar thing happened here, when we end up with 0 specialist in the field, both with degrees or anything else.[sorry if its a bit off topic input]

tbh, this is the kinda things people should be doing instead of getting on stage and saying things like "There's 100,000 unfilled cyber security jobs in the united states. we need more individuals"

also declines a highly qualifieid individual without a degree
4head.

this is actually a really good step in the right direction for the industry

i got maybe 5 interviews in the past 3 years? 2 of them lead to jobs :L

Yep i agree. But for example my country payed very very minimal payments for such work, i think a police officer got more money
with no university education , just high-school, so they made the payment x4 of what it was(very recently as well), to get more people no matter what education.

There is also declining qualified individuals with degrees and certifications for cheaper pay. Anything to save a buck.

Some companies just want a warm body in the role.

So what is actually the point in "seeking the degree" if u have enough certs that actually attest that you reached that level or even surpassed it?

Like the job section and the educational one are not even trying to get on the same level. And this is fucked up imho. Make no sense.

you don't want too many certs because that's viewed as cert stacking

Uh.... Spooks?

most of my certs aren't redundant :L

I'd have said none of them were to be fair

they all cover different domains in Security kekw

What constitutes cert stacking though?

basically brain dumping duplicate exams like Sec+, SSCP, CISSP, CCISO, and similar certs in similar domains in a short period of time

basically, low effort sit an exam, pass it, add it onto your resume to make you look better

there's no real reason for me to have Net+ because I have the CCENT & CCNA R&S.

that was more of a "lol imma waste $150"

as soon as you add ^^ into the mix, it becomes cert stacking

this mental gymnastics you have to do with these job seeking things sometimes, how can it possibly be a bad thing if you have too many certificates lol

The moment you get too many certs you don't even know which path to take anymore lmao

Just get good ones for the "sector" you want to work in

The ones that will result in the biggest pay increase

CISSP is seen as a holy grail all around

I'd defo get that

Then add a few more, perhaps more practical certs

Depending on what you wanna do

szymex is right indeed

I should start getting certs but without a job it's hard to save money for them

hey guys

much like others here I'm trying to become a white-hat hacker...but im having trouble figuring out what i want to kinda specialize in i guess. not sure if its networks, systems, etc. What are some possible other sectors of this industry i could look at?

@nova lagoon The CISSP has eligibility requirements to even be allowed to take the exam, I think it is 5 years of experience in the security industry, usually verified with an employer.

So it is unlikely CISSP will be a quick cert to add to your resume.

You can become an associate if you lack the experience, right?

Then you get a window of time to gain the experience and become a full CISSP

Possible, if you have an employer who is willing to sponsor that.

@solar bramble I guess a good start is to get a "general-purpose" IT job, like SysAdmin, Helpdesk or Software Developer 🙂 That way you can also figure out what you like and don't

It's what I'm doing at least

Wait but how do you know exactly what certs governments or companies want ? I have often seen jobs that do not state requirements or certs or degrees
they want in their candidates, its even worse in government, they say you only have to have some degree, but state 0 stuff around that 😄 untill they fail you during
interviews.

CISSP is more of a mid-level overview certification, closely relates to implementing the various aspects of a security program in an enterprise environment. Or as they say, it is 5 miles wide and 2 inches deep.

CISSP could be considered a Manager cert, and CISM a Director level/CISO certification.

@warm hinge I would inquire about it, and for government requirements, there is the Department of Defense website: https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

@distant pier Does that website apply to Eastern European governments ?

You would have to find out whether there is a similar site for your country.

Thats the thing i have been searching for quite a while now and i could not find anything similar to this, but
i guess i will try harder

Find the job vacancies

Look what they're asking for

Degree in other field counts? Field is not related to computer science or security

as long as you can justify that its related to IT somehow

business/engineering isnt too hard to pull off

but Sci/PolSci is a bit more difficult

Indeed

In the UK we have business computing and unfortunately, it's not too far of a stretch for recruiters

From what I've shared modules on their courses, it's a lot more of secure devops and programming then cybersec. Though, you could argue they go hand-in-hand, which is where HR loves it

If you have a Bsc here

you're very set

(not to diss on ba's. You're very recruitable where you are but in this context...)

um do i need to learn python for cyber security?...im learning pyhton to on codecademy already and plan on taking a tryhackme path after

i just want to know how prominent python is in cyber security

um do i need to learn python for cyber security?...im learning pyhton to on codecademy already and plan on taking a tryhackme path after
@minor elm its useful to know some programming, but knowing advanced programming isn't needed. Python is used for exploits or writing custom code, but its not the only useful language 🙂

ahhh ok ty i plan on learning linux and other things after so thank you

anyone done the CEHv10? Does completing tryhackme challenges help with passing the cert?

Unless you are looking for a job in the US Department Of Defence, I'd recommend skipping CEH

too late, ive already payed the fee and signed up

my question is not about wheter to do it. its about whether tryhackme will help me pass

THM probably won't directly tell you how to pass the CEH, but you should be working to understand the concepts behind penetration testing and security vulnerabilities

CISSP could be considered a Manager cert, and CISM a Director level/CISO certification.
@distant pier would CISM outrank CISSP, or do they touch two different areas?

Cert wise.. Not job wise

I'd buy the 25 dollar all in one CEH guide on Amazon. Written by Matt Walker.

This seems like a decent offer https://thehackernews.com/2020/07/comptia-certifications-online-courses.html

@grim swift Different details. CISM is more emphasis on Security Governance, Risk Management, and Program Management. CISSP still have operational detail focus on a variety of topics, and more Implementation oriented on how to implement a Security Program.

Is comptia a+ worth it

?

no

What certs are worth it

Network+ and Security+ are the biggest 2 I see, CISSP is a good one if you're looking at government work, Linux+ is also good for penetration testing and/or Linux Administration.

For penetration testing these's the big boy that's almost a right of passage that is the OSCP

Server+ and Cloud+ plus are also good.

If you want the certs reccomended my a guy I know who runs a successful penetration testing buisness it's (and this is my reccomended order):

Network+, Security+, Linux+, Server+, Cloud+

from there you can see what you want to do, OSCP may be next for you or you may get a career or some other certs first, up to you at that point. but those 5 certs will pretty much guarantee you an entry job, assuming you're actually knowledgeable and good at whatever you want to do.

As mentioned, if you want to do government contract work, the CISSP is what I've seen the most as it's level 1 or 2 of some government cert chart or whatever.

CISSP is also really good of you want to go into network administration. @umbral verge

the other Offensive Security certs are worth looking at but aren't really asked for

Entry level jobs in my area want at least 2+ experience

Look for some internships or take your non-professional experience (certs and CTFs can qualify) and divide it by two, that's usually an acceptable way to count experience that's not paid

In IT I've found paid experience is sometimes required, so a paid internship is best, but even job shadowing is a great way to get those minimum required hours

remember that certs, degrees, requirements are only to get you into the interview, your knowledge and skills will take it the rest of the way.

So if you can get an interview that's the hardest part.

Also, look at related jobs, like Network Administration, Linux Administration, anything in tech and use that as your in for experience

if you're having trouble qualifying for jobs, that is

That's what I was doing, i applied to a help desk job no experience required and got rejected granted I do have a college diploma in programming and I am going for my comp sci degree

all jobs want 2+ years experience

security isn't an entry level field

depends on the area - but generally ya, most security does, but not all IT jobs do

But I'm hoping with these certs it will boost my resume

you have to show them that you're worth bypassing the 2yr exp requirement.

For sure, like I said you just need to get the interview. Most IT employers have said they don't look at degrees, at least not first, compared to certs because certs prove knowledgeable and ability to learn on your own, college doesn't really teach that well

but that also depends on the position. Help desk is more likely to, InfoSec less likely to as one requires being able to follow instructions and work with people while the other requires a certain type of person/ability to think

I could get a interview next year though to like the NSA of my country

But I have no clue what they want

research, yo

Yeah

How do I get good in ctf

And showcase that in my resume

Practice.

Ok

Would it be feasible to land an entry level job with a Comptia Network+ cert, but no prior IT experience or a college degree?

Try it

@warm hinge you would more then likely be able to find some form of network support role with just a net+ just make sure to do some actual labs and set up a few networks before appyling

i see

@distant pier thx mate

So, quick question, what was your first IT job? I keep hearing there are no entry level Security jobs, well, there are no entry level SysAdmin jobs, or Net Engineers, or pretty much anything else. Every IT person I know started on the HelpDesk or DT Support and, after 6 months to 2 years, moved into their career paths. Is this not the case anymore?

So, quick question, what was your first IT job? I keep hearing there are no entry level Security jobs, well, there are no entry level SysAdmin jobs, or Net Engineers, or pretty much anything else. Every IT person I know started on the HelpDesk or DT Support and, after 6 months to 2 years, moved into their career paths. Is this not the case anymore?
@dense bay Note: I just got a degree. But my graduate job is in AI 🙂

@rugged sable bruh where I live people struggle to get jobs with cs degrees

It varies, look what employers in your area are asking for

Certs wise, degree wise, experience wise

Look at entry level if you don't have experience

My first IT job was help desk for AT&T. But that is no experience and no degree or certifications. It isn’t a job that needs anything. But other jobs like jr programmer want you to (obviously) know how to code. You don’t necessarily have to have professional experience to show you have experience as well. GitHub can be a way to show your experience and projects like a portfolio. I’ve known people who got programmer jobs based on their online portfolio.

One of the people I talked to managed a website that got like 100k hits a month and he brought it into his interview like “sup this is my GitHub. This is my magnum opus.”

So, quick question, what was your first IT job? I keep hearing there are no entry level Security jobs, well, there are no entry level SysAdmin jobs, or Net Engineers, or pretty much anything else. Every IT person I know started on the HelpDesk or DT Support and, after 6 months to 2 years, moved into their career paths. Is this not the case anymore?
@dense bay My first IT job was running cabling and installing wireless access points in Menards(regional big box hardware and homestore ) and Aldi. I quickly realized that was a dead end as everyone was a divorced alcoholic, i noticed my own relationship was struggling as well. I used that to get a network engineering internship and then was a mac engineer for a while eventually moving into server administration for a small web host and a datacenter tech. Im starting up school in the fall to fill in some knowledge gaps and have an easier pathway to get my net+ sec+ etc

#general

#general
@quick forum not really, someone earlier said the A+ is not worth it. IMO, most IT people get their start on the helpdesk or DT, an A+ is a requirement for almost all of those jobs. As such, the A+ is a gateway cert to most jobs in IT. I was wondering if my experience doesn't hold true in today's job market. Is it possible to go straight into a Security job without taking a more entry level position first? I see some have gone the Application Development route. Is this off topic for this area?

Wat

No

Someone posted a help question

People delete their messages because they're embarrassed to have made a mistake.

Yes, A+ is worthless. I have it. You often dont need any certs to get a job as helpdesk or a place like bestbuy. Just an interest and a knack for stuff.

Yes, its possible to get into Security without experience, same with Networking. I'm an example of it. It's more difficult and you need to be something special and impress the right people.

My first real job was a Penetration Tester, now I do that and Threat Intel for a Fortune 500.

I look at A+ certifications as a way for somebody who's actually technologically illiterate- but really wants to learn about hardware on a majority of common devices and machines

and how to use operating systems as a power user rather than barely scraping by

Can someone add me to this chat

❔

https://tenor.com/view/no-wack-not-funny-hannibul-gif-5760013

Can someone add me to this chat
@latent comet Fun fact. You're already added. You're welcome.

lmao

Oh lol I thought I needed some sort of verification

Lmao

I'm high

Not gonna lie

My name is Humzah. I am seeking an entry level role in cybersecurity - junior security analyst or SOC analyst level 1. I have a Sec+ cert. Anyone have any contacts who can help me land a job?

Bruh

Find jobs online

See the requirements

@latent comet I’m going to be honest this really isn’t the place for that however there’s also no rules against so 🤷‍♂️ but you’re probability of finding a job that way is very low. do you have any experience at all in IT? Where do you live? What degree if any do you have? I would recommend you finding your own contacts and creating a network in Cybersecurity yourself as it’s a small community and easy to network with others

Take a peak at Splunk Fundamentals 1, it's a free course and there's a certification that goes along with it. It'll help make you more marketable because all the big orgs use Splunk

Damn i never even mnew that

Okay

Depends on your experience. Going an infra route you usually start in support and work up. Entry level security is a thing but you have to be pretty good. What's your experience?

What is the entry level market like in the UK? I have tons of people approaching me for SDET roles but I want to go into pen testing..
@languid palm Entry level pentesting seems to be degree + pentest cert (OSCP, GPEN)

^

degree or exp

certs mandatory, degree can be subbed for experience

Not the other way round

degree will need to be relevent eg compsci style subject

To get into security without degree I did 2 years in infrastructure, while doing a degree, volunteering for a cyber security charity, doing certs and write-ups and stuff

Not pentesting but that's what I had to do to get a security job

Why CEH?

Geez ugh ok

yikes

Why im i a dumb dumb

Gonna probably get this job as tech support

UwU

Ok?

Did you have a question about it?

Is it worth it?

It's like a call center tech support

Depends on your career goals, experience, degree, certs etc

For phone companies

I want to work in cyber security

I have no experience

Broad area but yes it’s not a horrible place to start

as long as you’re focusing on your education outside of it

ideally, youll do that and work towards cert goals

I'm pretty much doing this as a side thing while I finish my degree

And work on certs

Need the money for the certs they are quite expensive

if you have a .edu email

CompTIA gives education discounts

My school doesn't have a .edu email

you might be able to contact them also

Also before getting certs figure out what area of Cybersecurity you want to be in you wouldn’t want to prioritize a splunk cert if you want to be a penetration tester for example

Yeah I want to do pen test stuff

I’m not saying that splunk isn’t a good cert to get even for a red teamer just don’t prio it

I'm gonna minor in cybersecurity

As well

Or I might just do the certs instead of the minor

https://deals.thehackernews.com/sales/the-complete-2020-comptia-certification-training-bundle

Hey so

If you know which cert you want to go for, even buying this bundle for one is useful if you want to review information in other tracks later

I have been let go of my duties. So anyone looking for a senior technician, from the kb to the primary switch. Or junior network security/admin in the Houston TX area .15 years experience.

Hello people, This is Divyang. I am a student of Cyber Security I am looking for the project. Can anyone help or guide me on some projects related to Cyber Security?

that's more geared towards #general

this is a wild card, but does anyone know of any infosec related internships for highschool students?

this is a wild card, but does anyone know of any infosec related internships for highschool students?
@timid lynx What country?

united states

Ah, I can't help you - hope someone else can! ✨

thanks, i hope so too

i could’ve gotten an NSA internship but my stepmom is an immigrant so that screwed things up😔

Maybe going against the grain here. And it's always good to set yourself up for the future. But is it a normal thing to get internships in highschool in the US? Honestly I would just focus on getting good grades, can stress about the rest of that stuff in college in the future. Should enjoy your spare time in high school because as you get older you're only going to have less time. Just something to think about, I'm not super familiar with how things are in the US

it depends on the career choice. ive been in cyber related classes since i was 15, and took it seriously my junior year. thats when i knew what i wanted to do for a living. i dont take any AP classes, because i don’t want to stress myself out trying to balance school and learning about pen testing etc. i get 80s-90s in my classes, and still have time to learn python and all that good stuff outside of school. i still go out with friends and live like a normal teen.

Sounds like you're on good path already tbh. I left school with no marks and did alright, it was tough work but worked out (not the path I would reccomend) though. That being said there's things I wish I had done differently. But sounds like if you keep going the way you're going you'll have no problems with your career path

... you had an internship opportunity with the nsa what I didn’t even think they gave internships

thanks man. i have a lot of opportunities going for me right now, so i didnt wanna skip out on them. my mentor for my cyber patriots team works for a company contracted by the DoD, and ive got some connections with people in the air force cyber unit. hopefully ill get a job out of those connections

yea, my networking teacher told me to sign up for it. its a highschool work study program

https://www.intelligencecareers.gov/icstudents.html

Interesting I kind of got excited and was going to look into applying however it looks like it’s designed for minorities and they take you for every summer of college d rather not lock myself into something even if it’s an amazing opportunity like the NSA because I met all the requirements

that’s my opinion on the program there’s a lot of other great internships for high schoolers if that’s what you’re looking for

anything thats good for the resume

@timid lynx you're going to be hardpressed to get an internship at your age. You're more likely to get an internship at an MSP, not at a Cyber firm. Lots of places can afford to be picky, so I suggest taking whatever IT internship you can get.

This is personal experience coming from a person who was in a similar situation.

I had my OSCP at 17 and was fortunate to get an Internship at 18 with my school, then a job at a pentesting firm 6 months later

holy hell

7 months later, I'm employed by a Fortune 500.

man thats crazy

that internship isn’t for a resume it’s for a career at the nsa they want you for life from what I’m reading of that

Progression is rapid if you're a diamond, but you need to show and prove your skill.

^^

I'd discourage internships at the NSA. They're picky and can afford to be. I got declined for a co-op internship and im literally prime pick :L

i was interested in that NSA internship, bc 1. its a good experience and 2. one of the interns was hired by a company after his internship ended

yea i heard theyre pretty picky

the sheer volume of apps they get are huge, they often take months to respond and most of the time its "Thank You for your interest, at this time we are no longer searching for a candidate. We will keep your resume on file for the next six months."

it was a long process for me to get denied lol

yeah

another cv question so i'll stick it here,
if anyone here is a recruiter or of the kind, what's a nice order of topics to have in your cv to grab the attention of the recruiter?
i currently have things listed in this order:

• summary
• skills
• employment history (1 IT related job)
• certifications
• education (no degree so i put it near the bottom)
• projects

biggest accomplishments first, traditionally thats school

I don't include a summary (im stateside so this might be different across the pond), thats more or less for your cover letter

That seems like a very UK like CV, I'd say reshuffle it a little bit to catch the recruiters/employers attention. My usual format is;

- Summary
- Skills 
- Certifications (Include ones you have signed up for and are pending examination)
- Projects
- Employment History & Education

It usually comes down to preference but it's usually a good idea to put the eye catchy stuff first

ye i’m in the uk

okay i’ll look at changing it around thanks :)

Hello people, This is Divyang. I am a student of Cyber Security I am looking for the project. Can anyone help or guide me on some projects related to Cyber Security?

another cv question so i'll stick it here,
if anyone here is a recruiter or of the kind, what's a nice order of topics to have in your cv to grab the attention of the recruiter?
i currently have things listed in this order:

• summary
• skills
• employment history (1 IT related job)
• certifications
• education (no degree so i put it near the bottom)
• projects
  @static tide
  Ill jump on here and say that I’m employment history under each job I prefer to write things that I’ve achieved instead of general duties

Hey all, have you heard about Microsoft's cyber security certificates? Exams are free for me with the help of my uni so i thought it was a good start and enrolled. What's your opinion?

free is good

is defensive cyber security easier than offensive cyber security?

i dont rlly know much about cyber security so if anyone could fill me in

is defensive cyber security easier than offensive cyber security?
@minor elm I would say harder

For offensive (at least grey hat) you find one way in and you're golden. For defensive, you have to find multiple ways in 🙂

ahhhh

The terminology for "offensive" and "defense" teams at companies are red teams and blue teams respectively, if you're interested in researching more about them.

They usually swap between the roles depending on what project they're working on

@warm hinge ughm not really there’s not a lot of people who swap between red and blue project to project maybe from job to job but a SOC Analyst isn’t going to swap to a web app pentester and a web app pentester isn’t going to swap over to a SOC Analyst position for example

fair enough

any thoughts on the hacker u cyber security cert program? theres 1 through NJIT

any thoughts on the hacker u cyber security cert program? theres 1 through NJIT
@mellow onyx can you share the link for the program in NJIT?

You can easily google it

Was wondering if I should take OSCP as a hobby

haven’t taken it personally but from what I’ve heard oscp will for the most part not help you all and is really only a cert to get a job

Alrighty

@polar rock again, I disagree with that. The OSCP has some outdated information, but a lot of it is really useful. Coming from a position of already having something like eCPPT (like The Mayor, for example) I can see it being redundant, but coming from a position of not having any certs, and being relatively new to the industry (like myself -- or indeed, you) there is a lot of valuable information in it.

I mean, my notes have jumped from 150 odd Cherrytree nodes, to over 600 🤷‍♂️

I've expressed concern at the datedness of some of the material before, and I've been annoyed at some of the infrastructure, but never let it be said that the OSCP will not teach you.

As a side note as well, whilst I'm remembering. I've done a bunch of the labs now, and run into another student once. No prior exploits lying around (other than in the sandbox network at the end of the PWK), and no one resetting the machines from under me. I suspect that the group that The Mayor was with were particularly bad, although I do acknowledge the superiority of something like Hera labs.

What is Hela labs? I tried punching it into Google and got results from some kind of genetic research company and tried “cyber security” with the results and got a bunch of random firms.

They're the labs used by elearnsecurity -- can't remember if they're internal, or a separate company used by other training providers as well.

It's more like TryHackMe though, in that you get your own copy of the machines to boot and work with.

Certainly from what The Mayor was saying, the eCPPT makes very good use of them.

It's actually called Hera labs not hela labs 👀

Yes it is

Oh goddamnit

That’s probably why I couldn’t find anything

Sorry, on phone. Thanks ma1ware, that's been autocorrecting from under me.

My phone has been “””correcting””” things when I finish a sentence it makes proof reading really annoying.

It's a pain. I try turning it off, then that annoys me too though 🤷‍♂️