#cyber-and-careers

Anything is possible you have to put yourself out there and show the employers you're the best candidate for them

I'm putting in 4-5 hrs daily while juggling my studies at the same time

Yea that's good, everything is different some may want a certain cert some may want a cert with a degree

I'd like to get the OSCP cert, but that feels like a long way for now

There's a lot to learn, you're never gonna learn it all

Become really good at taking notes

It can be hard in the beginning, I know I looked at them when I was starting out here 👀

Write down everything you're doing, why, then if you get stuck, look at the writeup to see how they done it. Try to understand how they got to that thought of trying that method etc

Of you can't do it check them out and try to learn from them and maybe take notes for the future

I've started my own processs of enumeration on steps and techniques. So I'll make sure I note stuff down

and how do you get into bug hunting? At what level do you know that venturing into bugs in live systems is an option?

no idea ¯\_(ツ)_/¯

@fast heart how did you start?

I started at the beginning of 2020 with a lot of programming exp and Linux administration experience and some windows, joined thm and went from there just doing rooms and checking out topics as I went through rooms

Ahh okay. Some prerequisites need to be addressed for me to reach that point as of now.

Administration and programming isn't required but it's useful when trying to understand some things

Makes things easier

Thanks @fast heart @quasi stream @unreal arrow for all your valuable inputs!

This helps

Hi guys, Im pretty newbie in this

me too, i am interested in this stuff

Start TryHackMe :D

https://tryhackme.com/room/completebeginner

Read carefully

And then go in https://tryhackme.com/hacktivities
And have fun :D

Thanks:)

Anyone know of any good companies for cybersecurity internships?

That might be something more local to you. The big corporations in my city are encouraged to accept interns from my college, and as a result, the students here have a situation that benefits them.

where are you located Sentinel?

Midwest

and NC area

@pseudo creek

ahh so depends where you want to be but I'd check for the big companies college recruiting sites, all of them will have them, Research Triangle and I'd check the big government contractors

if you need help blogging I have an 11k words personal note on everything I know :)
@rugged sable share sauce?

Is cyber security internship is benificial for jobs. I am thinking about intern but really doubt my experience

Yes

Extremely

the company I work for has cyber interns during summer and limited during year, they start applications in October/November for the next summer. And from what I understand, if you are invited back for another internship, you are guaranteed a job. We even have high school interns

plus its good experience and shows companies you have an idea what you are getting into

and what are the reqs for an intern @pseudo creek

@turbid whale for ours, It is generally to be enrolled in a STEM major within a US university/college (or high school)

most are CS majors but we have some few others that aren't like math and an ocassional cyber specific degree

we also take those that are in graduate programs (had 1 this year)

Ok thank you I will try to apply in some interns

@rugged sable share sauce?
@remote mauve gimme a couple mins

Let me know when those couple of minutes pass @rugged sable

kinda a mess

but its just my personal notes

Hello everyone I hope your doing good , I want some career advice , I'm currently pursuing my Bachelors in Computer Science and wanted to know what offsec certs do I need to take. Is eJPT ,eCPPT and OSPC a correct path for me ?

Two of those aren't offsec certs

If you do a lot of THM or HTB, the advice I've seen is to skip ejpt and start with ecppt

@quick forum Okay , Thanks man

kinda a mess
@rugged sable you got a markdown version of it? Hahaha

@pseudo creek can you tell which company are you work for??

Hello everyone, Im a junior Getting my bachelors degree in Cyber-security and in 2 days there is a cyber career fair with some big names coming and just wondering if anyone has any tips if i have no experience other than a part time sales associate. I was thinking my best bet is telling them about my personal projects such as using tryhackme etc.

And its an online fair btw

bring resumes, be kind, kindness gets you a long way, ask if they mind connecting with you on LinkedIn

yea true

provide some context as to what you're working towards career wise, personal goal wise, and other stuff

Also make sure you can carry all the freebies

i.e. if you're pursuing any certifications

Gotcha thanks

Getting swag is the most important part

Companies loooooooove to give out that swag

They will almost be disappointed if you don't take it

Bro how to cover networking part

does cisco ccna 200-301 helps me?

bruh Dark told me to start with Security + i ran into a problem
SEE

The CompTIA Security+ exam assumes you have the following experience
and knowledge:
• “A minimum of two years’ experience in IT administration with a
focus on security”
• “Day-to-day technical information security experience”
• “Broad knowledge of security concerns and implementation,
including the topics in the domain list”
However, I’m aware that two years of experience in a network could
mean many different things. Your two years of experience may expose you to
different technologies than someone else’s two years of experience.

I am a complete beginner
Someone help me pls
JohnLmaoToday at 7:06 PM

You can ignore the 2 years of experience thing. But what is your experience with technology in general? If you're lacking general IT or networking skills you might want to look at A+ or Network+

You don't actually need those requirements lol

anybody can take the test, but there are some minimum "knowledge" requirements

they are recommendations

You should ideally know how computers and networks work, and how the internet works in general

it helps to know the TCP/IP protocols and probably wireless standards

Security+ is alot of memoriziation. https://www.professormesser.com/ is a good study guide. search for him on youtube he has a lot of free videos also. You'll have to judge for your self after reading/watching the material if its beyond your skills.

@full oar good tip

if you're really a complete beginner, try looking at A+. The A+ isn't required, and if you already know all the stuff that is tests you on, then you can ignore it

@pliant wraith It's hard to judge if a cert is worth it. The security plus is $400 (I think). If you have never worked an IT job you're not likely to get hired into a job that requires a Security Plus. Generally, Security Analyst is not an entry-level job. In my opinion, it's better to focus on a core cert like Microsoft or Cisco. These certs will get you a job. The most common experience is to work as a sys admin or network admin for a couple of years then move up to security analyst. This is why the two-year recommendation is there. This is not everybody's experience and certainly is not cause to be discouraged from learning security.

Any site to get comptia s + test question for practice

@rocky girder try the Pocket Prep app.

Hi guys!
Is there anyone who works as a SOC analyst and have a minute to answer my question? :3

What are the average requirements for initial work in this job in your country(and of course, where do you live :P)?
I work as such in Israel, but I wonder how is it in other countries.

im in england and to get a junior role isn't too hard, i did have my ccna and did some ctf room dev which were on my cv

Nice, thank you 🙂

I have a bachelor and a master, but mainly what they liked is that I could answer every technical question at the interview and that I do this stuff in my spare time

netherlands btw

Thank you,
Is it common(or even a requirement) in the Netherlands to have a degree for initial work in a SOC? In addition, may I ask what at what profession do you have your degree?

A degree is in the requirements a lot but if you can prove that you are on the same level as someone with a degree it's probably fine, just harder to get invited

My bachelor was in IT service management and master in network forensics

A degree is not required to work in security, such as in other fields, like being a doctor or a lawyer. It always helps to have one though. I entered a SOC as an intern and after 3 months, got hired full-time, without having completed my degree.

your chances of getting an interview are significantly lower if you dont have a degree.

In the US, you risk not getting an interview or hired and if you do, they will pay you less

partially true -- I make 70k and I got hired without a degree

thats certainly not getting paid less, especially for entry level kek

Many people in my team have no formal education at all or had a previous degree that had nothing to do with IT (Nutritionist for example), and we get payed in function of our rank within the company. You can access better positions in infosec due to certifications than to formal education.

I’ve seen people not promoted due to lack of bachelors degree which is what I mean by being paid less but it depends

it really depends on your hiring manager

And my company would rather you have a degree in nutrition than none

Although they also equate military experience with degree so that’s an exception

yeah absolutely. A degree can do no harm

But masters is where I think it’s mostly a waste (and I have a masters)

Also generally part of the problem is schools can’t keep up with tech and will always be a few years behind but companies still value degrees

yeah, most of the guys I know/work with get their masters to ace the HR portion, and ace the interview portion, and essentially demand infinite income kekw

In the UK, how easy is it to get a degree-level apprenticeship in cyber sec after 6th form? Its a career path that I am quite interested in

They're super super competitive

Even if you have good or excellent grades, you have to interview well

Yeah i took a look at their requirements, they look pretty low

But i highly doubt its that easy

I tried getting a degree apprenticeship, and failed. Grades didn't seem to matter

Make sure you have a backup plan

So do you recommend also applying to a few universities alongside it?

Just in case I dont make it?

Yeah, you can do that just fine

Apprenticeships are independent from applying to unis via UCAS

I see

And also, what course do you recommend me taking for cyber sec?

Computer science or something more specific?

As a degree?

You cqn get cybersec degrees

Oh ok nice

I'm going to have an Associate's after I'm done with my college stuff, but I plan on having other stuff stacked on-top. Hopefully S+ will be a part of that pie, then later the OSCP.

My courses at college offer classes on S+ and being able to take a class on that, then pass S+ and have that as a certif is really good for your resume, I'd think.

If you want to add more to your resume, you can become a creator. Create boxes, do writeups, and show you have the essential knowledge to help contribute to InfoSec.

You can also make neat tools and share them on GitHub 😉 Create content and you'll be amazing 😄

What's the best platform to do write ups on? I'm thinking of starting a blog because writing it out helps me learn.

What's the best platform to do write ups on? I'm thinking of starting a blog because writing it out helps me learn.
@trail violet Ideally something you own, as it keeps your content in your own hands. Github Pages or Netlify are free hosting, if you have a little webdev.

Medium is probably the best alternative if you want to do it the easy way and use someone else's platform

~~if you’re an idiot like me then wix ~~

Jk plz don’t use wix I regret it lol

What is the reality of remote working in the cyber sector?
Developers can often work remotely no problem, I assume the same is true for pentesters, sysadmins, SOC analysts etc as long as hardware is not involved?

If you don't work in classified work, very possible. I work for a large company and our entire unclassified cyber security staff is mostly working from home right now... now thats Covid, normally they definitely like SOC type people to be in the SOC but even prior to Covid, we had a large work force working from home. I've been working from home on and off for 10? years.. dedicated working from home for the last 5 I think

and there are certain reasons that red teamers would need to be in the office at least for certain periods of time

I interned for just normal IT for a small period of time and local remote was used a lot. If that network was ever internet facing, I'd be scared. It would make sense to have to be on-site for something like that.

on the flip side, I will say that early in your career, it is helpful to work in an office, you learn a lot from others and if you work incidents, it helps to be all together collaborating.

Before the pandemic it seemed to me that infosec was pretty adamant against remote working for junior hires (in terms of experience, not people new to a company) because of the belief that it makes shadowing harder.

Think that's changed now that some companies realized it's probably not the remote working that's an issue, they just never developed a good process or had mature tools for it. As a junior there are benefits being around people physically though.

I agree on the organization. The biggest wall for me was showing up on my Saturday to not get paid.

A lot of the time, I was sitting in the back office talking hardware with the IT guy and occasionally doing tickets but that was the minority of the work

So I kinda felt most of my time was wasted

seems like a company issue 🤷

yeah if you are salaried and working overtime but not doing overtime work?

I wasn't salaried.

seems like they were massively taking advantage of you then

There's a reason why I didn't stick around. But sadly in the US, unpaid salaries internships are very common.

?

salaried people in the US do tend to work unpaid hours above and beyond 40 hours but unpaid salaries, should not be

They shouldn't be, but that's the reality, along with unpaid internships (sorry I meant to type internships earlier)

I just had the weirdest job interview I've ever had. My resume had gotten in the hands of a recruiter and she set up an interview this morning with a "company" that I still don't know the name of. The "recruiter" never sent me any information on them at all. The dude interviewing me never listened to a thing that I said, as soon as I picked up on the fact that he wasn't listening I started bombing it on purpose. They had changed parts of my resume, idk if it was the "recruiter" or the "company" but the whole thing felt off. By the end of it, I had this guy so mad he started yelling over the phone because I hinted at the fact that this was probably a scam. I already have a job, so this whole thing was out of nowhere lol but I wanted to see what was up with it. I should have followed it more to expose them if it is a scam lol

there are a lot of scammers out there, usually they will interview, indicate they need you to pay some fee (background check or other) before you are hired, if it isn't a reputable company, then just ignore it

If you get bad vibes, you should listen to it.

@dark prairie the worst i saw on an advert was an intership where you had to pay to work 😄

I once applied to a place that supposedly did PC repair. They called me for an interview and left a VM where they didn't even get my name remotely right. If my name is Sarah, they called me Emily (for an example). I called back within 5 or so minutes. The first time they hung up. The second time I talked to someone and the "manager" gave me this weird vibe with his voice. Like he sounded like a Russian drug lord or something. I'm pretty sure he called his company something different for what I applied for, but they said they did PC repair, so they must have been the same company, I think? I ended up thanking them for their time and declined because it spooked me enough. My name is weird, but outright calling me something I didn't even put on my resume was really freakin' weird.

damn hahaha

that is definitely weird

lmao! That's pretty wild

That's a crazy story, Emily in the Horse Door 😆

So, I'm currently searching the Internet for advice on this, and thought this Discord might be a good place to ask too... If I want to obtain and be successful in a penetration testing position for a company, what career path and job experience should I take?

From what I can tell, sysadmin experience is pretty much mandatory for having an adequate understanding of how things work. In addition, it sounds like I may want to work blue team for a bit as a cybersecurity analyst or similar before moving on to pen testing. What's your guys' take on this?

I'm currently help desk level 1, but plan on moving into help desk level 2 soon, then sysadmin. I guess what I really want to know is how long should I be sysadmin? And which job should I go for after that to become a pen tester?

@warm hinge I don’t have a lot of experience so I can’t speak a lot on the topic however the one thing that has given me major opportunities are: Connections, Connections, Connections. The infosec community is very small is easy to build a network and make a name for yourself and get opportunities you didn’t think would be possible

I’m still a senior in high school and I have some amazing opportunities because I built a name for myself

@warm hinge this might help https://www.cyberseek.org/pathway.html

Honestly man, he's not wrong. People I went to college with are now directors of their cyber ops and they still don't know difference in http and https other than "one is secure". People with no clue of what's going on are landing some pretty sweet gigs, simply because of who they know. Look at the previous breach from Equifax lol the CSO had no idea what she was doing. She got sorted out and caught, but how many don't? So if you know your shit, and you have connections, you'll fly through sys admin or cyber engineer if you go that route and into a pen tester.

Attend conferences too... I got about 17 different job offers while at DEFCON last year and a lot more this year even though it was virtual. Everyone there is wanting to help fellow hackers and infosec enthusiasts. Easiest way to network.

Thanks everyone. Helpful feedback. I'm definitely planning on staying with my current company for a while, because I think there is a lot of potential to learn there, and I like the people. However, was just thinking long-term like, what job titles/duties will lend themselves, both experience-wise and in terms of marketing, to landing a pen testing position. Like, I'm pretty sure, if I work my way up in my current company, I can do security and pen test for them, which would be a great start. However, once I've surpassed that point, I want my resume to reflect everything that HR would expect a pen-tester to have both in terms of experience and job titles.

Maybe the job titles matter less than the actual experience. E.g. my company combines help desk level 2 and sysadmin work. My title would probably be help desk level 2 for quite some time.... i would see that as a problem if I wasn't planning on growing with the company, but since it will still afford me a lot of experience to learn on the job, I'm not too concerned, as long as it acquires me new skills I guess. I might request after 1 year help desk level 2 that they at least change my title to sysadmin to reflect a progression.

you can be down to stay with your company but just open yourself up to other opportunities and don’t limit yourself. I would also start work on getting some certifications like sec+, OSCP, ccna to show that you want to become a penetration tester

What is the easiest and quickest certification to get for people with very little experience?

@crimson forge definitely get your eJPT from ELearnSecurity

Probably eJPT

Jinx

Lol

Does it require a lot of knowledge?

Almost zero knowledge required @crimson forge

What is the reality of remote working in the cyber sector?
Developers can often work remotely no problem, I assume the same is true for pentesters, sysadmins, SOC analysts etc as long as hardware is not involved?
@earnest slate

Normally, in cyber security everyone can work remotely 7 days per week

No?

100% not normal

covid has very much been an exception

Yeah and even with COVID some cyber security people still need to go in the office

But Covid will probably remain for 5 years

So people have to get used to teleworking

Normally, in cyber security everyone can work remotely 7 days per week What's your source for that claim?

What about SOC people?

All this time, even the height of the pandemic, many are in person

Everyone in cybersecurity, except those who need to maintain, or fix routers

What's your source?

What evidence do you have to back up your claim?

I have no source

That sounds extremely odd

I have no source
@crimson forge So you made it up, cool

This made me laugh I enjoyed this conversation

Good debunk James

I know too many people who still have to go in

James

even I still have to go in

Exactly

Just because im in Security doesnt mean im also not in IT Architecture

Too many people

Meeting should have been an email

who the hell is gonna rack the gear I'm using?

Me, I have 24U waiting here for u

One of my coworkers goes in most days, he is a hardware security type and the hardware can’t leave the office

From the NOC/SOC people I know, they just moved the workstations further apart and have less people in at once

They still have to go in

Yeah when I worked in a NOC, there was way too much network devices I had to configure on site

You could work from home very occasionally but it was rare

Hey All. I am newbie here. I have been working as a Systems Administrator and pursuing my Ph.D. in Cyber Security. I need your advice on getting certified, is it a good idea to start OSCP certification right away with no experience? When I contacted offensive security guys they told I need to pay $800+ish for getting trained and certified,seems like super expensive for me. Please advice. Thanks!

Hey All. I am newbie here. I have been working as a Systems Administrator and pursuing my Ph.D. in Cyber Security. I need your advice on getting certified, is it a good idea to start OSCP certification right away with no experience? When I contacted offensive security guys they told I need to pay $800+ish for getting trained and certified,seems like super expensive for me. Please advice. Thanks!
@lethal dove it’s honestly not that bad of a price and if you have no experience then the pwk could be a bit useful

I think you’re best getting it now and knocking it out if you’re comfortable with the information in it and can afford it

Great. Thank you so much for your feedback. Yes, I need to rethink my financial situation as well since I'm paying my University fee and student debt. Thanks 🙂

$800 is cheap, I guess I’d question why you are getting an OSCP if you are getting a PhD, that’s like opposite spectrums of security

Or should say is if your research is in system vulnerabilities and exploits, , I’d expect you’d be beyond a cert and if not, it’d be out of your scope for PhD or at the most, not helpful

A PhD is definitely way more expensive than an OSCP, too. I don't think I see a benefit to getting a PhD in that topic?

If you want to go into academia and teach at college level would be only reason

or if you just like learning

That would explain why one of my professors got a masters!

Or should say is if your research is in system vulnerabilities and exploits, , I’d expect you’d be beyond a cert and if not, it’d be out of your scope for PhD or at the most, not helpful
@pseudo creek Yes, that's true but getting a cert is of my own interest and I believe it strengthens my profile. just a thought 🙂

@pseudo creek Yes, that's true but getting a cert is of my own interest and I believe it strengthens my profile. just a thought 🙂
@lethal dove Published papers and confeerence presentations are really what would strengthen your portfolio as a PhD candidate.

Hello everyone

There is a program called mitacs, this is a Canadian government initiative in which international students can do research internship. Has anyone applied for the same in the field of cyber security?

@channel

hello guys , I want to get a red hat certification becomeing sysadmin and then go for a cyber security job. Do you think this is a good idea?

@stone relic yeah maybe don't try to ping an entite channel.

Hi guys, anyone knows any cyber security related virtual internship or volunteer opportunities available virtually ? ( worldwide) , I want to gain experience in cyber security , I currently work in IT support

SANS has some work study options , pls check on their website

@fossil tide I came across a site where they do offer virtual internships but I haven't taken it yet , I don't know if it's right.

https://www.insidesherpa.com/

for US students, SANS is having sometype of competition for an undergrad certificate with them? They will be giving 60 scholarships. Says you don't have to be a current student/can work fulltime but I'd double check the site if interested.
Competition is September 15-17 https://cyber-fasttrack.org

Should I get eJPT? I can't do the labs (unless I get invited to the barebones free one), but I do tryhackme & hackthebox semi-regularly? Not sure on how difficult it'd be without their labs/course 🤷

you can't do labs with just barebones. barebones is just the materials without anything else 👀

and you can get it through their eh-net thingy

I mean if I knew specifically what was on the course I could always just do the tryhackme equivalent rooms 😅

you can just get the barebone version by signing up here : https://www.elearnsecurity.com/secured/ehnptsfree
It only contains pdf though

@rugged sable Just read the syllabus, and review all the slides required. It isn't that hard

Although you will have to pay $200ish to take thr exam

There's a voucher so it's only £100 for me, which I can afford -- Just I don't know if I want to do it, like if it'll actually increase the chances of me getting a job or not. Trying to decide whether my projects are better investments of time or a fancy bit of paper :L

You don't even get a paper for it ;P (digital certificate only)

what u guys think about this cyber mentor's video
https://www.youtube.com/watch?v=sSXhF0C0QlI
u agree with him?

Eh

He went over all of the basic entry level “pentesting” certs

It’s common knowledge if you do your research enough

@polar rock exactly about e-learn and OSCP
he said e-learn is much more deeper than OSCP in topics

ehhhhh

whatever

at the end of the day they’re just certs

just had job interview for associate lvl infosec position but they said i wasn't detailed enough in my answers :/ going back to studying for my sec+ and hope i can get another chance

? What does detailed and sec+ have to do with anything?

@south nest u went for a job by sec+?

detail can come from a night or two of studying or research

Sorry maybe that was not two sentences that should have gone together

I recently had an interview for an infosec position for got to the final interview and got feedback stating I wasn't detailed enough in my answers

and the sec+ is just something I am going to be working on since I did not get the position

they werent correlated

@south nest what certs do u have?

Net+

and?

That's it just my network +

it's a long way to the top if u wanna rock n roll buddy

keep up the hard work

Setting my sights on Sec+ for now and just keep learning off of THM

🍺

THM is just amazing

@south nest Now you've got the net+ role

Oh neat thanks

This might help you prepare for some questions and feel more confident in your interviews.

https://danielmiessler.com/study/infosec_interview_questions/

@south nest 👆

This might help you prepare for some questions and feel more confident in yo
@vale yoke mek realise i need to brush up on basics

my last job interview was 'how do you secure a web server?' and I was like wow where do I start... it is such an open ended question but since then I've appreciated asking it just to see where the interviewee would focus

I can't recommend knowing the Daniel Miessler interview questions. when I was interviewing it almost became comical how many people were using those questions

errr can't recommend enough

I stumbled upon them after I got asked the question on a phone interview about what was more secure HTTPS or TLS... the problem is most people dont bother to take the time to understand what they are asking or read the methodology for the interviewing technique.

they just google "cybersecurity interview questions"

https://danielmiessler.com/study/infosec_interview_questions/

@coral niche nice shout!

for first interviews, we always have to do behavioral questions and will throw a few technical questions in so I'd definitely know your behavioral questions

What sort of behavioral questions?

https://www.themuse.com/advice/30-behavioral-interview-questions-you-should-be-ready-to-answer

those are very representative of types of questions we have to ask

@rugged sable what sort of job are you looking for?

@rugged sable what sort of job are you looking for?
@static tide nothing at the moment but if my grsd job falls through (it's delayed due to the virus) then AI / software engineering preferably at a cybersec company

ahhh right okay

was gonna say we have a few positions going

not software tho

closest related is an r&d engineer

@quasi stream also, were you looking for a job still ? 👀 there’s a junior soc analyst position available too if you were at all interested

BRO

Yes holy moly

@static tide

i’ll dm you 👀

quality

👀

Does anyone have any internships going on??

are you asking about people who have internships or looking for companies with internships?

@winged kettle

Companies with internships my good sir

There’s tons constantly going just look around, make connections

they’re happening all the time all around

my company doesn't publish possible internships, but they usually take people that apply. i'd assume other companies might handle it similarly

my company has a college recruiting page, I'd search for college recruiting pages if you are in college

Does anyone have any internships going on??
@winged kettle I have an aprenticeship

same

https://www.linkedin.com/pulse/hacking-your-pen-testing-red-teaming-career-part-1-lawrence-munro/

Hello all i am new here

How to get internship in cybersecurity.

Search up internships in cyber security near me and should find some

Not getting any near me . Want some remote internships

you'll be hard-pressed to find remote internships

Hi guys been doing a lot of udemy courses, learning about various types of certificated. Been a web developer now interested in side hustle and maybe transition to cybersecurity. Any good paths to follow, for example do this first then other etc. Get this certificates or that one. Already searched this subject with google but I am also interested in input of experienced people like you gents. Thanks for any input.

Dark's got a vid coming out on this

nice @quick forum thanks, I realise the question I posed is kinda general, and maybe asked a lot of times. Will be sure to check the video. Where will it be released?

on dark's youtube channel

https://www.youtube.com/channel/UC0R_-7yQPoGpkPR9ITzDFFQ

nice thanks for the link @fast heart

Anyone knows hows the cybersec sector doing in Croatia?

@warm hinge fyi dark's video premieres in ~2 hours

https://imgur.com/a/kCbQlS5 here is the chart the video will use, great stuff by @gray reef ❗

I have that linked in the video description :)

@gray reef yep building up the hype for the video 😉

Nice overview of branches, level of competency, for people like me not sure what branch they would find themselves immersed

I'll mark down to possibly do a video on that chart alone

I do have some issues with that chart but minor... that looks like an updated version of the last one I saw

The chart isn't perfect but it's pretty overall decent

I mention that in the video a bit as well

Which branch would deal with malware analysis and reverse engineering?

I would say Exploitation but I don't see GREM there unless I'm blind

oh I see it, top of IH/Forensics

yeah reverse engineering/malware analysis generally falls in incident handling/forensics

Anything DFIRs would be that, exactly

and for anyone interested in Malware analysis/reverse engineering, definitely recommend checking out Flare-on, CTF that starts tonight 🙂

@pseudo creek is there a way to watch it without signing up?

? its a CTF, you want to see what the challenges are without signing up?

Check out writeups afterwards, probably?

yeah you can also google for writeups of previous years

Nice premiere

Hello, everyone. I was wondering if participating in places like THM or HTB or Overthewire look good on your resume for PenTesting. I am using these resources for that purposes.

Any one?

Honestly, creating content is better for it 😛

If you created a room it will look good on your resume but if you say that you've done THM in general then there's no point

Companies tend to like it if you can show you're actively doing stuff

HTB is mentioned quite a bit when I look at job postings

Yea IIRC they ask for what rank you are

The ones I've been looking at just say "Participation in stuff is a plus"

My employer liked it that I was doing stuff like HTB, but it was more like icing on the cake

Hello, everyone. I was wondering if participating in places like THM or HTB or Overthewire look good on your resume for PenTesting. I am using these resources for that purposes.
@tidal swan In addition to what the others are saying, I'd also suggest that you use the resources to learn, rather than just to look good
We spend a lot of time making them so that they're informative 😆

It seems that there are few resources other than this site, HTB and THM, that allow you to practice what you've learned in class

@tidal swan In addition to what the others are saying, I'd also suggest that you use the resources to learn, rather than just to look good
We spend a lot of time making them so that they're informative 😆
@undone shore No, I am using them to learn. Sometimes, though, I get discouraged. You know, like that little voice in your head that says, "This is pointless."

Aaah, fair enough

I am neurotic that way. 😫

My company recently had a slidedeck sharing sites to use for their beginner red teamers, they mentioned HTB, I told them to add THM

Hello guys..I wanted some advice...I am a student in uni and have to do a 6 month internship as a part of my curriculum. So I have been offered a place in the cyber security team of a big 4(KPMG,PwC etc.) company and a MSSP SoC team. At this point I'm just exploring different domains so not sure whether I'm more interested in red teaming or blue teaming. What do you think will be a more valuable experience in terms of exposure as well as career progression?

well that depends on your career goals

if you want to be a red teamer or blue teamer

I would pick red team as it’s a harder field to get into and an internship with really help even more than a blue team internship but that’s up to you

@static field You might have a better idea where you want to go once you start working. Even if did the SOC role you might get a chance to see what their offensive security and governance, risk and compliance (hey it might sound riveting to some people!) people do if there's decent networking platforms within them (which should be the case)

And if you do go blue team or risk, having a big 4 on your resume might look good down the road

Microsoft are doing $15 certs for those unemployed during COVID https://docs.microsoft.com/en-us/learn/certifications/skillingoffer#discounted-microsoft-certification-exams-available-through-this-offer

[Looking for job in London]
I am a Master's student in Cybersecurity at the Sapienza University of Rome with a background in Computer Science. In the past, I had the chance to work as a software developer with C# .NET. I am looking for the possibility of a full-time position and/or internship opportunity. I am a cybersecurity enthusiast and CTF player to always learn and increase my knowledge. My main interests are penetration testing, network security and any red team related technical stuff. I am a fast learner, able to work in a group as well as to carry out individual jobs efficiently and in an unconventional way.

GitHub: https://github.com/Benwick921
Blog: https://benwick921.github.io/

It's very rare that recruiters are lurking -- it may be better to try LinkedIn

@rugged sable That's awesome ty! What kinda docs are you using to study for the tests ?

https://imgur.com/a/kCbQlS5 here is the chart the video will use, great stuff by @gray reef ❗
@warm hinge This is the interactive version that takes you to the purchase screen too: https://pauljerimy.com/security-certification-roadmap/

@remote mauve thanks great stuff, less googling the stuff

Sometimes I think the certification industry is huge. Shame I am not the entrepreneur type 😄

It is huge https://en.wikipedia.org/wiki/List_of_computer_security_certifications#List_of_certifications_-_Vendor_Neutral

https://www.comptia.org/content/lp/red-team-vs-blue-team-which-are-you This link is kinda fun. As am I contemplating which team, and which specialisation should I start and stick to it

Thanks @meager hazel , it is truly a huge list.

Yeah, thought only a few of those certs are really known and depends on region

Someone recommended I get a pentest cert from Mile2 and I joked to them they're the only person in my country that knows who Mile2 is

Yep, thats why generally talking to other more experienced people helps in understanding what is worth it or not. Thats why I am glad to be part of this community. Learning from other people accelerates your learning by a long shot.

Yup. If someone wants to take a course/cert out of intrinsic motivation and don't care about how the cert is perceived, that's their decision. But if the value of the acronym is important then taking a close look at how those are actually valued is important.

Like CompTIA is pretty well known, but it's still far more valuable in the US than other places because those certs are gatekeepers (along with others) for government jobs. That's not the case where I am

Yep, also did a search for infosec jobs in my country, there is no mention of any certificate, and the pentesting jobs are also not listed

WIll need to look for white hat ways to make new jobs maybe

Maybe talk to recruiters in your country to see what they look for, or what they believe the hiring managers they're feeding resumes to look for

I was hesitating getting OSCP until the recruiter at the company I worked for now convinced me to just go for it

As I am currently working as a web developer, studying infosec on the side, maybe thinking about making some money on the side, as the pay in web development is good. Kinda trying to put together the love for infosec and side hustle

Makes sense

And having that web dev experience can pay off. I transitioned from that to infosec myself

Nice, maybe the background of creating really does help in knowing how programmers think. While were are talking about the subject of side hustle. Which branch has the greatest potential to be a good side hustle and maybe later evolving into full time? Any thoughts?

It's the hardest to do but if you do fullstack development you have the flexibility to take on more variety of work (I did that for a few projects, but as I said it can be challenging, so I stopped doing that and just stuck to front-end)

And since most things are moving to the cloud you should get some experience building stuff on AWS, Azure or GCP

You don't have to use all their services, but even for a simple web app that gives you an excuse to use EC2, S3 and RDS on AWS for example

Thanks for the input, I now realise I made the question non specific, I was thinking about side hustle in infosec. I am sorry. I wasn't specific, and didn't want to interrupt you 😃

Ah

If you mean paid side hustle, with no experience there is mostly just bug bounty, and that has its own set of hurdles. Think most people here would steer people away from that if they wanted to rely on bug bounties for money

tryhackme is a really good side hustle

If you just need practice then there's TryHackMe, Hack The Box, PortSwigger Web Academy. You can also get resources for cert study but not actually take them. Some of that knowledge can still be useful as a foundation

Like even if you don't want to take the Security+ certification I've found a lot of the concepts necessary to pass are good to know for most people

If you mean paid side hustle, with no experience there is mostly just bug bounty, and that has its own set of hurdles. Think most people here would steer people away from that if they wanted to rely on bug bounties for money
@meager hazel these bug bunties are kinda a honey pot because e general salary even for web developer is 1 500$, and with that you can live really good here, and generally a 15 000$ yearly you live really great as the average salary per year is around 8000$. And this is Europe.

Like even if you don't want to take the Security+ certification I've found a lot of the concepts necessary to pass are good to know for most people
@meager hazel I have been doing Nathan House volumes from station x (udemy) and I was mindblown with the stuff that can kinda mess your life in cyber world 😃

$8k/year in europe?

Better said my country not Europe as a whole

goes from 7k to 15k

your cost of living must be pretty low

Consumer Prices ___ in are 18.01% lower than in United States
Consumer Prices Including Rent in ___ are 34.05% lower than in United States
Rent Prices in ___ are 64.71% lower than in United States
Restaurant Prices in ___ are 29.93% lower than in United States
Groceries Prices in ___ are 23.48% lower than in United States
Local Purchasing Power in ___ is 60.97% lower than in United States

as you see the local purchesing pover is 60% lower, and the consumer prices do not follow this

Average salaty after tax in US is 3,500 $ while in ____ it is 900$

thats monthly salary

ahh I get you

yep

For example jeans cost more in here than in US hehe

gas is double here than in US

here is a more organic summary

so chicken file is also more expensive here with a 60% reduction in salary hahahah is a world a wonderfull place

US is on the left in all pictures

I don't know where you would find jeans for $40 in the US but...

but yeah understood

I don't know where you would find jeans for $40 in the US but...
@pseudo creek Amazon? That exact model is currently $28

That transit pass has me crazy jealous, though...I'd kill for $72/month transit. Before lockdown, I was in the $80-90/week range 😭

yeah I forgot that Levis has tiered jeans, I have bought directly from their site and they aren't that cheap

Yeah, idk why they're overpriced on the factory site relative to the entire rest of the internet, same model is $60 on their own site and around $40 everywhere else except Amazon, which has them for $28

501s on the Levis site are $60+

The numbeo sites uses user input, and does a lot of statistics calculations to make sure there are no outliers

It is because Levis has tiered quality, along with a lot of other brands

So user go to the shop and write the jeans are this much

So this usually refers to the phisical stores

so Walmart/Target and probably Amazon get the base quality (thats my guess)

oh, within the same number they have different quality?

I thought the numbers were supposed to be standard, no matter where you get them?

There was nutella scandal in this part of europe because they found out they used less quality ingredients and hiked up the price for this part then for example germany

I thought the numbers were supposed to be standard, no matter where you get them?
@near ermine sorry if this question is directed to me, I didn't quite understand it

@near ermine sorry if this question is directed to me, I didn't quite understand it
@vestal verge No, sorry, it was at @pseudo creek

yeah I've read that they do that

So generally a lot of shittier versions of products even from US get sold here, and generally with a bigger price margin. So the quality of the stuff you buy varies from country to country

Yeah, I for sure knew other brands did that, but I thought the whole point of the Levis numbering system was that you pay extra to get their brand and then you know it's going to be the same no matter where you get it. I guess it's actually that you pay extra for their brand and then glhf hope you went to the right store 🤣

Yep Maggie, its a weird world 😃

I see @gray reef is making videos at an alarming rate 😉

Just working to catch up with a few rooms to start, doing a ton tonight <3

I'm experimenting with a few things just to see what happens

Nice, can we have a sneak peek at those experiment

s

A full walkthrough of Throwback is soon

A new red primer room as well

And a new challenge room similar to Ice but linux as well

dark on fire!

and likely Burp Suite next for the InfoSec primer series

thank god

I read the stuff on Portswigger and I'm like what does this all mean

yep, explaining the thing for us dummies is a true art form 😃

Howdy my peepz!!!

howdy @unborn peak

Hello everyone.

Is anyone here comptia security certified? What do you guys recommend I do to pass the exam?

https://www.comptia.jp/pdf/Security%2B SY0-501 Exam Objectives.pdf

these are the exam objectives

The standard method is a) a good book (Get Certified Get Ahead is popular) b) Professor Messer videos on YouTube c) Set of practice exam questions (Jason Dion's on Udemy are popular)

^

And yeah, read the objectives and continue to reference them to see where your weak areas are still

Thanks

All good recommendations

Note that Security+ is moving to the SY0-601 exam in November.

You can take 501 until July though. If you want to start studying now might be better to just stick with 501

The difference: https://www.comptia.org/blog/comptia-security-501-vs-601

In short: more emphasis on incident response, cloud architecture security, compliance, and attack types.

Is anyone here comptia security certified? What do you guys recommend I do to pass the exam?
@tidal swan
Haven't taken the exam, but Professor Messer's videos are amazing

Hey, anyone here work as Ethical Hacker on europe? I am wanting to move there but I don't know what certifications to get, I already work at the field, but in Brazil, altough for a french company

From europe here @deft path but not working currently in the industry

so I can't give you info

What was the point of this message then

To give a guy a feedback, maybe its his first time here, and to throw a rock in the pot 😉

Hey, anyone here work as Ethical Hacker on europe? I am wanting to move there but I don't know what certifications to get, I already work at the field, but in Brazil, altough for a french company
@deft path the easiest way to look for certifications worth investing in would be to look for jobs around the area you’re looking to move to and look for what certifications they want

Weird I thought Technical Cyber Solutions was on this server, he could help answer the euro cert thing

Thanks everyone, I'll do what CryllicBot said

but any other intel would be highly apretiated

I wanted inputs on this topic about moving into Infosec role. I see a difference in treatment to a candidate with pure Infosec/security experience/security related certs vs another candidate with experience in different roles. I see pure security experience folks preferred over the other one.

I don't understand?

you mean vs IT experience?

What I mean by different roles ( IT,Network,Firewall,SRE,Devops,Dev Experience)

nah... I will say it helps to know what you are securing before you try to learn how to secure it

vs pure experience( Security Analyst, Info sec engineer, SOC, VAPT, Infra security, cloud security engineer)

I came from Network/Firewall to security and most of the people I work with did as well

All security roles

our application security person came from being a developer

What candidate would you prefer?

one with a well rounded background, especially networking background, we do security engineering though so backgrounds we look for are network admin, sys admin, etc and if you are on the application security engineering side, we look for development experience

but I will say I work with a lot of red teamers/blue teamers and 90% of them do not have 'pure' security background, they all came from somewhere else

you will get the ocassional person who is a new college hire who majored in cyber security

Okay. Thank you for your inputs

but there are overall many paths, no single path is perfect

My college degree program was in I.T. Security, so most of these terms are familiar to me. However, I don't have any I.T. Administrative experience, only what I gained in my internship.

I just graduated, so I am afraid that the test would be harder for me because I don't have 2 years onsite experience.

what test?

What role does FYP play in job ? Is it really necessary to do FYP on cybersecurity if we want to break into the field ? Or we really need experience ?

fyp?

Final Year Project

@lofty apex idk where you are from, but most companies as far as I am concerned require some sort of uni degree, not the FYP, but if you can score a nice internship you might be hired fulltime b4 the graduation

at least it is what happened to me

@deft path Okay

yeah if you have some type of capstone project (what we call it in the US), it would show interest in the subject

I'm researching a CS-002 practice exam, and theres a question here thats bending my brain, i can't grasp it

"Dilbert was asked to assess the technical impact of a recon against his comic books company. He discovered that a third party has been performing recon by querying the companies WHOIS data" ... How the hell do you determine if someone is looking up your whois data? I've never seen the ability to audit my whois access, asides from making sure that it is relevant/correct.

The fact that they as what category of technical impact is it, is a non sequitor. I can't get my head around this nation state violation of ethics by having an archive of everyone who looked up my domains data!

you wouldn't lol

@languid hearth

i appriciate the jeopardy joke

YOu would love what i mentioned about the CAN bus vehicle security

😉

@languid hearth I mean, if its inside the car, theres no extension/patch cables running to it from outside. --it's typically pretty airgapped no? I mean other than the tires touching the ground .. theres not much to connect it to the real world.. security through obscurity, it'd be pretty damn obvious if there was a 100 mile patch cable dragging behind your car... (so the vehicle mfr touts)

That means theres no need for User Entity Behavior anal-ytics,

Or duct tape (end point protection)

or AV.
if theres no access , theres no easy way to get a virus onto it.

one would think

except your IOT radio

Yeah

and your IOT tablet that Elon wants to stick in there

oh oh and OTA updates

@languid hearth yeah.. I'm glad this was up on a github somewhere

this is just cringe tbh

If i had to cough up MSRP, i'd probably be livid

the best ones ive seen so far were UDEMY< but i'm runnign through all of them

@languid hearth as for Elon, i know exactly where he can stick that IoT tablet

@languid hearth so let's play devils advocate.. The author is correct, and someone DID get his whois data.

@languid hearth Root-srv.tld?

i wouldn't even know

there's bigger things to worry about if someones compromised a whois server

@languid hearth not necessarily true boss. esp with GDPR

That things got teeth

@languid hearth Maybe ICANN? or one of the primary registrars. I can't think of anyone else who would know that they been whois'd. PErhaps some sort of mass reseller who got accepted after passing through ICANN's vetting process?

¯_(ツ)_/¯

As for the criticality. setting aside the joke responses.. Is that a low importance issue, or super urgent like get me the president of the known world on the blinking red phone lvl issue.

I'm researching a CS-002 practice exam, and theres a question here thats bending my brain, i can't grasp it
@median rune It's one of those 'academic' questions of misdirection that can be found in cert exams. Hypotheticals as disguise. There are better ways to ask the question for sure, with the same validation result. 😄

CS carrers vs CSE carrers?

anyone?

CSE = Computer Engineering?

comp sci and engineering

Well I guess with engineering background you'll be more prepared to work on stuff like embedded software and chip/semiconductors

Hi everyone ! how are you guys doing? I am looking for some advice... I am a Software Engineer and I have experience programming, also I just started a MS in Cybersecurity, but yet I feel like I know nothing about CyberSec. I would really like to work in Penetration Testing or Ethical Hacking, any recommendations on what to do in order to get relevant experience? should I get certificates like CEH or OSCP ? what is relevant when you are searching for a job in this field ? Thanks in advance 😄

oscp for sure if you can, and study hard on TryHackMe.com ;)

ceh for department of defense

and welcome to the community!!! 🤠

@distant pier but "No impact/severity" was not an option.

@distant pier so would this be "Extremely high severity" or "Low Severity" ?

The better question would have been related to risk, instead of technical impact.

Indeed. So this person is defying the laws of the internet by getting this audit, violating some sort of ICANN nda .. and here they are asking how severe the impact is

Severity? What severity?! meh

Another trick question method is when it includes the term "best describes". It usually means there are two valid answers, but one is the best.

Multiple choice at it's best.

@undone night https://blog.tryhackme.com/going-from-zero-to-hero/

Thank you !! 😄

Anybody used EVE-NG over GNS3? Studying for CCNA but plan to move to CCNP Security with the ISE exam after.

I need to interview a web development professional for a project for school. Anyone down?

I need to interview a web development professional for a project for school. Anyone down?
@warm hinge it is a valid a former web development professional? I was one until last month

I need to interview a web development professional for a project for school. Anyone down?
@warm hinge I am down if you still need help 😄

Uh I used to be an web development professional, just don't talk to me about CSS

bad memories?

lol just remembered that targeting different versions of IE was almost like bypassing filters

p {
  color: #F00;          /* all browsers */
  *color: #0F0;         /* IE 7 and lower */
  _color/**/: #00F;     /* IE 5.0 only */
  _color:/**/ #FF0;     /* IE 5.5 only */
  _color/**/:/**/ #0FF; /* IE 6 only */
}

Finally I can understand OSI https://twitter.com/dacoursey/status/1306363165760946184

Please Do Not Throw Sausage Pizza Away (OSI model) 🙂

Mine was Please Do Not Tell Sales People Anything

@bitter arrow

I learned it 20+ years ago and it was please do not throw sausage pizza away

So I'm planning to move out to Italy next year (hopefully) with my friends. There i will be doing masters in cyber security. Also planning to postpone OSCP a year or two (||Muirl failing was so demotivating||) . I tried looking for job opportunities in Italy. If there's anyone to guide about that? (Stuff in italy).
Planning to move to italy because it kinda looks in budget and heard of many scholarship there.

OSCP is very RNG from the sounds of it

The conspiracy that I support is that it's RNG because of retake costs

@willow gate Do you speak Italian already?

@willow gate Do you speak Italian already?
@distant pier i have a year to learn that.

👀

Guys i was told that C ++ coding language creates sophisticated viruses and malware.

uhhh

it can be used for that ?

C# for Windows

I feel like my brain is going to lose all my OS/infra scripting knowledge if I go past python but I need to get better at C# because I want to develop more powerful and subversive "malware". Anyone else have this issue? I guess you can't be all knowing 🤷‍♂️

why can't you continue to do both ?

I just feel overwhelmed I guess, I do infra related SecOps as my job so that's easy to maintain, just overworked, not enough time to reenforce the skills I want to pick up

I would say try to do some basic scripting with python everyday even if its arbitrary to do it so that you keep it fresh and continue learning c# as your main focus

all depends on how you learn and maintain information though

I have a sizeable home lab, that's where I typical learn and maintain but really since covid and working from home, I just can peel myself away from the work to do the studies but I appreciate the advice, just an internal struggle right now

Am sleep night

Hi guys, I'm the only IT Infrastructure guy on my company(Startup)! Recently my boss told me to brings more talented people into my infrastructure team(Cyber Security Researcher/Engineer). Feel free to ask me anything if you are interested!

Odd question... when a job asks u to rate your skill at a certain thing what score would u put if u feel very comfortable with it...? I think 9 or 10 is too high

like if 9 or 10, I think you'd be able to explain it fully to someone else, I never put 10 for anything but you know there are people who will

Aye yeah 10 just seems like ur begging to be integrated over why u put 10

@frosty trout use #koth for that, please

Thanks :p

To me 10 = I invented the damn skill/language, 8-9 would be that I had several years or projects done with that skill

But yeah this is why skill ratings are kind of silly if the assessor and assessee hadn't agreed on what 0 and 10 are

[Looking for job in London]
I am a Master's student in Cybersecurity at the Sapienza University of Rome with a background in Computer Science. In the past, I had the chance to work as a software developer with C# .NET. I am looking for the possibility of a full-time position and/or internship opportunity, a junior position might suit me as well. I am a cybersecurity enthusiast and CTF player to always learn and increase my knowledge. My main interests are penetration testing, network security and any red team technical stuff related. I am a fast learner, able to work in a group as well as to carry out individual jobs efficiently and in an unconventional way.

GitHub: https://github.com/Benwick921
Blog: https://benwick921.github.io/

Odd question... when a job asks u to rate your skill at a certain thing what score would u put if u feel very comfortable with it...? I think 9 or 10 is too high
@forest knoll Self-assessment questions often are a bit strange at first. I'd say a 10 is a lead-SME (subject matter expert) and 9 is an SME.

I haven't gone higher than 9 tbf, I want them to know I know my stuff but that im not too big headed by giving a 10

anyone coming into pen-testing after years of technical compliance work? I've got a lot of catch-up

@glossy mason
A.) pg-13
B.) Not really the channel for that
C.) What do you want us to do about it?
D.) If you wanna slide me those pcap files im collecting them rn
E.) Ive seen your other messages please dont spam the channels

Is eJPT a realistic first certificate for a beginner/early intermediate? And is it worth the money and time if so?

I‘m doing it atm as a pretty big noob. Maybe i can report in a few weeks lol

Is eJPT a realistic first certificate for a beginner/early intermediate? And is it worth the money and time if so?
@tired whale People usually say it wouldn't get you a job it is considered as an entry level certificate to just give you an introduction to penetration testing. I'm also just deciding to purchase the labs and voucher as I already have a barebone edition of eJPT.

Would you say it's worth getting it just for the learning though?

Certification aside

you can get the course material for free lmao

Idk anything about getting an invite for barebone or whatever you need

https://www.ethicalhacker.net/register/

Oh wow ok that helps a lot lmao. Thank you

Would you say it's worth getting it just for the learning though?
@tired whale Yeah it can help , I didn't get time to go through the study material but will definitely start learning.

ok thank you. I'll look into the cert maybe after the free course.

There are a few companies that want ejpt

if i was hiring for a junior pentester, i would look out for ejpt having done it, it proves you have the proper mindset as well as fundamental knowledge

If you feel you’re still a long way from getting more recognized pentest certs, the price for eJPT is not bad to show proof of your initiative at least

If you feel you’re still a long way from getting more recognized pentest certs, the price for eJPT is not bad to show proof of your initiative at least
@meager hazel yea that's exactly where I'm at. Thank you

how long till they send email to get access to course? havent received anything

nm i got it.

whats the difference between elearnsecurity ejpt and PTS. ejpt appear under courses and pts isnt unders certifications ?

eJPT is the certification

PTS is the course to the certification

is there roughly an equivalent with ? i.e if you can do this level of machine on youll be fine for ejpt ?

i wouldn't worry so much about that

^ eJPT is foundational and you should learn enough in the course

https://medium.com/@anontuttuvenus/pts-ejpt-review-bb10dcbf1345

read that post

thanks for the info

hello,how can ı enter room ?

https://tryhackme.com/hacktivities

Click on any room and Join. Also, for future references, this belongs in #general or #room-help 🙂

I already answered their question in #room-help they know now

They also asked in multiple channels, nice

Yea only twice but at least they know now

Is anyone aware of any uk cyber internship/trainee remote opportunities hiring at the moment? - Trying to find a company willing to hire a rookie even on minimal pay is brutal

I think you've missed most if the apprenticeships now

💔 😦

Considering they're based on academic years

And it's nearly October.

any employment is what im after tbh

Getting the 'foot in the door' is real difficult in cyber, without degrees/certs out the wazoo

*seems

Entry level pentest jobs are typically degree+cert or experience+cert.

What kind of internships or jobs can we get assuming we have no experience just did eJPT and spend some time doing CTF's ?

Which courses are best for learning hacking?

from which one can gain most knowledge

@lofty apex eJPT is very entry level

Which courses are best for learning hacking?
@warm hinge OSCP , eCPPT maybe

@lofty apex eJPT is very entry level
@quick forum So then eCPPT ?

Or oscp

is there any good one on udemy website?

Then you can probably get an entry position

is there any good one on udemy website?
@warm hinge Heath Adams course on Practical Ethical Hacking

is there any good one on udemy website?
@warm hinge TheCyberMentor courses and Tiberius priv esc

which one is good thecybermentor or zsecurity

What kind of internships or jobs can we get assuming we have no experience just did eJPT and spend some time doing CTF's ?
@lofty apex I can say that I have applied to a few internships with very well known companies with more or less no experience, I was shot down by all of them. I think its somewhat because of my age as well as experience

which one is good thecybermentor or zsecurity
@warm hinge whatever helps you learn

@warm hinge We both said The Cyber Mentor

I can't speak for zsecurity

ok

Thanks for the help

😄

Zsecurity also good he has like 6 courses focused on hacking

I got pretty far in some of their application processes however but internships can be hard because they have alot of factors

is*

@polar rock Ok

I would pretty confidently say that youre not going to get a full time job with only ejpt and no connections or anything however that doesnt mean its not worth a try

i disagree 👀

there’s a few associate/junior roles about that should give you a shot

Jake I bet you had connections

i don’t have any connections lol

does the content of the online courses(related to hacking) keeps updating

I mean its possible just rare and hard

do you have an exact answer

yes it does keep updating

does the content of the online courses(related to hacking) keeps updating
@warm hinge depends on the course, I belive Heath (the cyber mentor) updates it sometimes

ok

@warm hinge Yeah Heath does update but Zsecurity courses are outdated some of the stuff doesn't seem to work

got it

Thanks for the info

what about nathan house on udemy(teaches hacking)

I haven't taken Nathan House's courses , they are more focused on the theory part rather than showing hands on hacking. It's a good series if you want an introduction to the world of cybersecurity or hacking.

can you suggest me any good course of heath adams

Yup , start from
https://www.udemy.com/course/practical-ethical-hacking/

it requires like 16gb of ram and i only have 6

No it is only for one part of the course which is Active Directory

Running VMs locally does take RAM

Especially windows VMs.

@warm hinge Ok then how about dual booting linux ?

Won't fix the ram concerns

no i have ram to run about 2 vms

Windows VMs still need RAM. Especially domain controllers.

i have that much

Yeah but the only option here is to skip Active Directory part maybe learn it later just grasp the knowledge that what is Active Directory , How it works , How to attack it.

You can later learn Active Directory through TryHackMe

... or use tryhackme?!?

else can be managed with 6gb ram, right?

Yup xD

@warm hinge Yeah just use linux on VM you should be good to go

thanks for the info

really thank you

No problem mate

😄

You can ask for help anytime

👍

Guys should i go for OSCP examination(Not payed yet)? I've rooted 10 boxes from HTB (TCM course capstone) + completed 40rooms in THM and completed @obsidian plaza both priviledge escalation courses from Udemy. I've not paid for OSCP yet but i'm thinking for enrolling for it... I can spend 10+ hours/day

@willow gate What else should i do?

More rooms, check out more content (like ippsec) do rooms suggested by TJNULL and Mayor for preparation for oscp.

That's plenty IMO @mortal prism

I started with way less experience and finished in 45 days at an average of about 5.5/hrs a day

I would pay for at least 30 days in OSCP and try to complete 30 boxes before doing the exam

probably 60 is your better bet imo

@obsidian plaza Thx man!
You're an inspiration for me. (I Love your courses 🤩)

np 🙂

@obsidian plaza sir what is your best course avaliable on udemy

uhhh

the one with the highest ratings?

I have no idea - that's subjective

ok what about the one that teaches most about hacking and cyber security

@obsidian plaza

@obsidian plaza I want to know is eJPT worth it ? I don't have any experience , no certifications except only CCNA R&S and have background about programming ,operating systems networking since I'm pursuing my degree in BS CS, All I do is CTF from TryHackMe . How can I make my career in pen testing ?

@obsidian plaza which course of yours teaches most of hacking and cyber security

lets maybe chill on pinging him, pls

poor TCM

remember, he's a busy dude. He has his own business, he'll get to your questions when he sees them

oh yes i forgot that

so sorry

👍

@languid hearth do you know any good course of @obsidian plaza on udemy

that means stop pinging TCM

XDDD

Hey addy, I'm going to ask you stop pinging people please.

Addy , I already told you about Practical Ethical Hacking you should start from there , As your exploring it you'll find more recommended courses.

https://www.udemy.com/course/practical-ethical-hacking/
this has been widely regarded as a good introduction course.
I'd also recommend any place thats not udemy

https://www.ethicalhacker.net/register/

ex, here you can get eLearns Pentesting Student course material for free.

If you google just about any topic you want to learn about, you will be able to find information on it. Granted you'll have to read instead of watching a video, I know, how inconvenient. There's not always videos on more advanced topics, so you should probably get use to it sooner rather than later

I saw a lot people recommended virtual hacking lab before oscp

I'd agree with that, VHL was a great additional lab for OSCP prep

this is all logs in less 6 days only one of the category's of one field is a month long

what does this look like

I think that's a bit out of scope for this channel?

Hello everyone. I am currently studying for my COMPTIA Security + test, and I am having problems with the last section of the test: Cryptography and PKI.

I was wondering if there were any free videos that might help supplement the reading material for section 6. My head is hurting from trying to understand the underlying workings of DES, 3DES, Blowfish, Twofish, etc

When I got stuck on the crypto topics, reading about them on Wikipedia sorted them out for me. I think the issue was the material I was reading about them was too high-level

I love Wikipedia's crypto articles

YES, Thank you ESWAT!!!

There‘s a video series from professor Paar on youtube. I‘m not sure how well it fits sec+, but it might be worth checking out

They're really excellent typically

Always good to check out the references and citations too, as that can lead you to more resources

I took mathematics in college, so that was helpful. Without some knowledge of number theory, you are completely lost.

Does Comptia require that you know how every symmetric/asymmetric algorithm works?

That's impossible because each algorithm is different.

You should be able to find a syllabus, right?

That's impossible because each algorithm is different.
@tidal swan I don't think it's impossible...

Given that I own a book on implementing them in C.

Well, I am just overwhelmed by them all.

Yeah it can be overwhelming

There are properties across all of them you should know what's different between them (block/stream cipher, asymmetric/symmetric, key size, etc.)

If crypto is the overwhelming part you should put in time everyday to understanding a bit more of what's going on there. It will eventually all sink in

I think it's the hardest part of the exam. 🙂 On some of the practice exams, I keep mistaking "key size" for "keyspace."

Yeah I get it. Remembering the key sizes for each was a tough one for me

By the way, I am scouring the internet for free videos on comptia security +. It seems, based on the types of questions asked, that it helps to look at several different videos.

hey guys , am new here , i am 2nd year college student and i have two paths ahead of me , one with IT degree with concentration on cyber and other is stright up cyber security degree , which do you think will be more benificial to get started in cyber , thank you

from looking at job postings it typically a major in computer science and a minor in cyber security can help

I haven’t really seen anything asking for a specific degree in cybersecurity

It's always good to check on LinkedIn and other job sites and see what degress they want or some might just want a cert with experience

Yup, from what I see comp sci is still favoured generally

Hey Kassy. Professor Messer is pretty spot on for exam prep.

I'm doing Comp Science Cyber security track, got some interview invitation from employer when applying for job. Def believe CS would provide you a better edge

What entry-level job can I apply in infosec for fresh graduates with no experience?

I'd go for a sys admin job. Then work in the field for a while get a reasonalbe amount of experience then pivot. Experience is very important in this field. It'd be hard for you to get a analyst job with no experience

Thats just my opinion though. Im not saying it's not possible just difficult.

just apply all of the entry job you could find tbh. If they see you are a good fit they will take you in

tru

I got one without any experience, just be mature and willing to learn. These people they worked overtime like it not even a job, just an obsessions. Sometimes I don't even know how to keep up with them.

okay sankyuu very much 😄

Hi All,
Is there anyone can tell me more a bit about cyber threat intelligence carrier?

Careers*

that sounds like a very broad question that google can answer unless you have a specific question

anyone know any certifications to improve on red teaming tradecraft

Good afternoon

hello everyone... I'm pondering on starting my way to getting the OSCP cert... how hard would the exam be for someone who already has experience with THM / HTB pentest on various easy -> medium(even some hard) machines? my biggest fear is that I still don't know enough to start the course and I don't want to waste that much money on a failed attempt...

@sweet onyx Yeah I'm also having theses issues , I have so many questions on which cert to start and how would I know that I'm ready

well I saw a video ranking certs by difficulty and OSCP was 2nd, and the dude was saying it's proctored via webcam... soooo, this makes me even more anxious

you never really know you’re ready. You just kind of have to jump in there’s no do this this this and you’re ready. When you think you’re ready or close just do it

there’s a course and labs for you to complete before the exam so you can gauge how the exam will go

Why does the proctoring make you nervous

dunno, the idea that some dude could stay 24h and watch me go through multiple stages of despair is not really my thing 😄 ... is Offensive Pentesting path a good indicator on how 'ready' one is ? I've almost finished that one... only thing that's out of my league and not really my mojo is buffer overflows

i also got a couple of machines 'under my belt' in htb.... i somehow reached the 'Pro Hacker' rank

https://media.discordapp.net/attachments/554713196804440101/745664454141804665/mayornull_list.jpg?width=557&height=658

I would suggest picking a couple of the boxes doing them blind

that may help you gauge

that's good, thanks... i have a bunch of them already done 😄 ... but I'll try to get more done, more practice is good 🙂

is it even worth trying to get the JUNOS cert?

They're free

but is it even worth it?

I'm just a mere CS major

kill me

but still

I mean, it's free. It's worth free.

.>

fine

but you're paying for this cert

I'll send the bill to you

Has anyone signed up for the INE beta test? and does anyone think it will be good?

@unreal arrow , I don't see why it wouldn't be if it's all or "most" of the eLearnSecurity courses for 1 price.

how to sign up for that?

I'll put a link

https://info.ine.com/cyber-beta-trial/

https://twitter.com/eLearnSecurity/status/1309141812406345731

INE is a really meh company

I'd be cautious about jumping into it. Just because they bought eLearn doesn't mean INE is going to put out decent content

in my experience they opt for quantity over quality

For those of who completed the eCPPT cert, is the cyber mentors example report a good reference to follow? Theres no material in the course about how to create a report. Is this material available when I officially begin the exam?

TCM has high quality content and is a good guide to follow

Here's that format, but cleaned up of his info.

It's a very good template. I used it on eCPPT and OSCP.

Neither course does an acceptable job whatsoever of covering report writing, despite the massive expectation.

I've seen reports from various companies (fire eye, crowd strike, etc) and honestly, once you've seen a report, they're all more or less the same.

Vulnerability/Penetration Test Reports look more or less like this:
Company Logo on first page, Table of Contents, Penetration Testing Methodology mumbo jumbo thats included in every report, a fancy (or not so fancy) chart/pi chart/graph that shows you an overview of all the vulnerabilities and their rankings, and them broken down in order of severity, and lastly, kill chain (if applicable to said test)

Executive Reports look like so:
Company Logo on the first page, Table of Contents, A brief section + description on the two things: The Good - a pretty standard list of items the client excelled at (this can often save the CISO lol), and The Bad - ex. Missing MFA, no Web Protection (Anti-brute force, WAFs, etc), major web vulnerabilities and so on. After, there's typically each item broken down specifically with average time to fix, average cost to fix, and complexity to fix for each bad item mentioned.

Additional deliverables are obviously dependent on each company, but it often comes in the form of a spreadsheet with their logo on a cover page or doc in the similar fashions.

The thing that exams are expecting is: Logo/ExamLogo/Whatever, Table of Contents, your Penetration Testing Methodology, Objectives achieved, and then dive into the Kill chain.

The thing that I find most people have trouble with is having the right "voice" so to speak, the type of language used in a report isn't normally something you would use in day-to-day life. A basic report writing class from a local community college will probably do you a lot of good. For me, it was my Astronomy class (I know, weird, right?). We did labs and as a requirement to get credit for the lab, we had to write a report to earn the points afterwards. That really taught me the report voice & style, and how to build a report from the ground up more or less.

Report writing is really something that takes a lot of time to get better at, the more you do it, the better you get, just like everything. I'd never sweat the reports in certification exams because they're not meat to be real reports. They're some weird hybrid of some things you see irl and a kill chain. The thing that matters the most to them is the kill chain. IRL it's pretty much the opposite. You have to have a solid, well developed template off how things look. Consistency is key, it should ideally be at the point where you ca slot whatever you need in. OffSec did a weird half-assed job at doing that with their sample OSCP template. But yeah, take exam reports with a grain of salt. Don't pet the sweaty things/don't sweat the petty things. Also, remember writeups are not reports. They're detailed kill chains, they're a good start into report writing, but remember, they're two different domains.

All good points. Learn business writing, executive writing style. As Spooky said, comes with practice.

btw -- nothing was targeted at anyone -- just my general thoughts and experience on the topic.

What I used to do is, present it to my manager/director and get their review input. In case you already have a job.

peer review is great too, you can get tunnel vision very easily

What I’m hearing is throw all your reports at spooky?

denied

Bribe him with alcohol, and make it a beer review.

ill take a case of mikes

So I assume you'd recommend reading reports from various companies to get a feel for it?

There's a repo somewhere for it

https://github.com/juliocesarfort/public-pentesting-reports

on the job, sometimes you'll see clients give you reports from other security vendors, sometimes its quite funny how shit of a job others can do

a lot of the time my thoughts are "They paid how much money for this?"

Actually when we are evaluating vendors, we’ll ask for a sanitized version of their independent 3rd party pen tests and they do vary greatly

Thank you all for the feedback

@unreal arrow @elder grove @languid hearth @distant pier @quick forum

https://twitter.com/sogonsec/status/1309204802597986306?s=20

This is relevant here

If I want to work in CyberSecurity and I want to start getting some licenses which is the best start? CCNA? The new Cisco Certified CyberOps Associate? Or directly Net+?

I know how to trouble shoot a pc normally so I was thinking I could just jump away from A+

I am also in Electrical Engineering so I am already learning the more electrical and embedded systems/informatics aspects

CCNA has a more concentrate on Networking where as CyberOps has a concentration on SOC analyst tasks

Yeah I was hesitant because of it

I don't really know much about IT so I was wondering if I should start large on network or focus more on SOC

I wanted the opinions since I want your experience and knowledge

I would recommend Net+ and Sec+ as starting point which will help you get familiar with concept and then move on to other

skip net+, no value

any CCNA will do you one better

Alright I guess I will work into CCNA with the David Bombal course on Udemy and buy a few books to prepare and learn and pass an exam thanks

Has anyone signed up for the INE beta test? and does anyone think it will be good?
@unreal arrow u signed up?

it got error 🤔

Yea so did I no idea why

Hi so basically, I been getting used to nmap and I have gotten the hang of it now(still some more commands i need to get used to). I was wondering wat I should learn next after I get used to nmap

directory brute force maybe ?

If I am looking for a Junior position, what are the certifications I can get quickly and for what kind of roles?

there are few online courses that offers the role of a server manager assistants depends on the development of cybersecurity of a company, especially a new startup business for security basic breach

Sec+ eJPT might allow you to work in a SOC, definitely not a junior position tho

based on irl experiences, most of it consist of either setting up proxies bought by that companies or partaking in mass pentesting

Sec+ eJPT might allow you to work in a SOC, definitely not a junior position tho
@languid hearth big sad, i was rejected

the tl:dr thing is cybersec isn't a junior field

true

if you want to skip sys admin, hekpdesk, etc, you're going to have a hell of a time

i feel the pain on my brain

legit have no clue cuz im just a basic self certified basic offsec

nah boi straight to ciso

i sent out maybe 400 apps for Pentesting and soc roles before i even got 1 response?

das quite alot

nah boi straight to ciso
@polar rock idk bout this one, i might as well just work as a server maintaner

my resume looking thin rn but will get thicc in the future

Nah boi straight to ciso

Hacking Thought Leader CISO.

big time

Anyone from Philippines or Singapore looking for Pentesting Job, kindly DM

Looking for a company to write my computer science bachelor's thesis and a job afterwards, any reference is appreciated

I'm going to take eJPT course.....instead of Ceh..is it good.

I have done number of thm boxes and vulnhub boxes ......
Am I ready for this ....I mean to difficulty level of exam....

It's a pretty fundamental cert which gives you the basic knowledge of pentesting

CEH is pretty outdated I heard and is only really required to get past HR or for a DoD role

Ohh great .....
I just wanna know the exam level....

Can I do?? Or should practise more on thm or on vulnhub

@unreal arrow

I'm not really sure i don't know much about certs apart from difficulty

Someone else may be ale to help you

I haven’t actually taken the exam because eh but I’m pretty sure it’s a dead easy exam

Ahhh....thanks gyzz

If anyone can help me or suggest ...please do
Coz I'm going to take decision for this taking or not

eJPT exam is ez if you've done a few THM and vulnhub boxes already (in addition to following the PTS course material)

Also, compared to CEH nobody knows what eJPT is, so taking that is not going to help you for certain jobs (DoD as mentioned above)

If you want to take it for intrinsic motivation and to show your initiative/motivation, that's a worthwhile reason

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

@meager hazel
Ahhhhhh!
So you mean Ceh have more worth then eJPT?

I replaced it by eJPT....coz I suck at theories...

Should I go for Ceh then...?

@meager hazel

CEH is only really worth it if you want a DoD position CEH gets memed on for numerous reasons

It’s only usually good for getting past HR

so it is good for something 😂

https://www.youtube.com/watch?v=e7y-Ua-O-i4

@exotic vessel I said for certain jobs. If you don't plan on applying for US government jobs or other heavily-regulated industries that favour CEH for the HR filter then it's not a bad idea to go for eJPT

And no need to highlight twice like that

Should also say not only US government jobs but companies that do contracts with the US government

@meager hazel it's kinda odd that US government use CEH for the HR filter 🤔
CEH is really basic

Well you can take others instead of CEH. But again it's a limited pool and most of the other equivalent certs are more difficult. So if you want to get an ez way in CEH makes sense https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

4-5 years ago i thought CEH is really great
today i don't wanna say i have it either 😄

i really interested in SANS courses
i read the 504 course contents, also PWK, i also think e-learn security courses are really great, at a very beneficial price in compares with SANS
but OSCP is my priority this days

8570 is also one reason that the company I work for puts CISSP in a lot of job reqs for mid levels and beyond

Sans course is like "$$$$$$$$$"

they are meant to be corporate courses, I mean some people do pay out of pocket but mostly the company you work for is going to pay for SANS courses

Ohh....but rn I'm student 😅
I'm planning to take eJPT then

like in my company, you are more likely to see GCIH, CHFI, CFR than OSCP, OSCP is pretty rare to see actually

yup and that makes a lot of sense

Yes...even they give 35% off for this month 😜🤑

On eJPT course

yup and that makes a lot of sense
@pseudo creek how?

what? for a student to do eJPT?

I mean the course is called PTS

what? for a student to do eJPT?
@pseudo creek no u said " you are more likely to see GCIH, CHFI, CFR than OSCP, OSCP is pretty rare to see actually" and that makes a lot of sense"

what did u mean?

@warm atlas second line was in response to infinity_ saying they were a student

i think OSCP is a very handy cert

you are combining 2 of my sentences together

yes
i got it

Just saw this in the HTB discord: https://leonardcyber.com/ Actually not sure how it looks, can any of you tell me more about this recruiting platform?

did you ask whoever posted that?

@wise grove Yeah you should the one who posted it

@pseudo creek @lofty apex Mind explaining why they should ask before posting?

I don't see anything wrong with that site straight away 🙂

@rugged sable No I meant, they got it from another discord, someone posted it, maybe that person knows about it?

Ahhhh okkk

I am looking to hire a solidity developer for a smart contract i want written, lot's of experience required

@wise grove
Is it an official website?

@elder grove Do you mind If a send you a message regarding eCPPT question

Ooooh my... What have you done

@pseudo creek That would've been a good idea, but it was posted by a bot. Reposted actually, since it's just a copy of what's posted in HTB's list of offered jobs.

@leaden yew Looks like it? I'm not sure myself that's why I'm asking around if anyone here knows it 🙂

Anyone from Warsaw, Frankfurt, London, Sao Paulo looking for Pentesting Job, Senior Role. kindly DM me

What's up Condo?

Started the exam last week. Hit a wall for the past few days can't seem to find the door to access to the DMZ. Any labs you would recommend that have a similiar method of pivoting and exploitation?

@warm hinge throwback cough throwback

Thanks , currently cracking multiple hashes on separate machines just to keep it resource friendly

is the CEH hard?

Not very, it's memorization heavy

What about CEH practical ? And is it ncessary to take CEH before doing it ?

no formal pre-reqs for ceh practical

Oh ok thanks

ceh is just a resume cert

I landed my first security job and while I am still new in the position (and the industry as a whole) I'm curious as to what exactly I will end up doing. The company is open for me to dive into the direction I prefer. My question to you guys - What's your main tasks at your security job?

I hope this question belongs here, I have nowhere else to ask 😄

security is a wild field, if they are willing to let you explore and try things, that would be amazing. My security career today isn't what thought it'd be 16ish years ago when I went into security, wasn't what I thought it'd even be 3 years ago. I'm an architect so a lot of my job is consulting and drawing diagrams and creating threat models. Early in my career I dabbled with IR and DF but decided that neither were for me, also had various levels of career consulting but I've always been network focused and still huge network bent in my current position although with a lot of cloud now

I landed my first security job and while I am still new in the position (and the industry as a whole) I'm curious as to what exactly I will end up doing. The company is open for me to dive into the direction I prefer. My question to you guys - What's your main tasks at your security job?
@winter quest are you with a sec ops role or more of analyst. I'm only on my first security job as junior security analyst but my task as mainly the operations side which involves tunning security controls such as endpoint defenses, onboarding servers to siem, threat intelligence (basically looking for new stuff that nessus doesn't catch) , making metrics report, sadly my role is doing a lot of stuff that i wouldn't consider too much into security [like vendor management, tracking onboarding of staff] , also i handle projects the company has like pentesting web apps.

Is there any internship opportunities for high school students involved with cyber security, or software engineer, please let me know. Thanks a lot

@upbeat haven depends how hard you want it. I mean alot of the cybersecurity internships want college students just because of the maturity factor and the ethical decisions that the field requires. Ive gone through the headache of trying to find internships. Theres cyberpatriot which is a blue team ish ctf for high schoolers presented by the air force. The best thing I can say to getting internships is to create connections and make a name for yourself in the field it can be very hard to get anywhere being so young without them.

@upbeat haven I'm in my senior year of highschool and got accepted into a part-time helpdesk/field tech job after I proved I could troubleshoot basic low-level windows problems and printers, projectors, etc etc. It's definitely not a cybersecurity internship or anything, but it's experience nonetheless. Maybe you could look into something like that?

Definitely helps develop people skills as well ^

security 100% wild field. My company mainly dealing with MalDoc nothing else

we received like 100+ maldoc a day to play with

👀

Many large companies in the US will have cyber interns including high school but they are summer only. The application period has already started for summer 2021. What I would do is start searching for information on any large US companies site for cyber internships. Also, if you know anyone who works in cyber, I'd ask them about high school internships where they work or if you know anyone who works for a large company, I'd ask them as well. I know for my company, we have to personally recommend interns who have never been an intern before. And I can only speak to the US, it may differ if you are in another country.

Is metasploit hard for any of u?

I tried it for the first time and I'm struggling alot with it

did you try the metasploit room?

Talking about internship 👀

Can someone suggest how to get one here in India

I hardly see any intern roles on LinkedIn

Researchc & approach companies specifically

You gotta hunt for that sorta stuff it won't come to you, plus it's good way of proving independence and enthusiasm in the application process

@warm hinge Do metasploit room on TryHackMe , it isn't that hard

@lofty apex The commands confused me

You'll get used to it I was confused when I used it for the first time. Just keep doing rooms and you'll eventually understand the commands and how to search exploits with metasploit

cybersecurity internships are some of the most annoying to get, you just kind of have to hunt and get lucky

@warm hinge If you need any help we are here to help you man

oh ok thanks

il try it on some rooms

cybersecurity internships are some of the most annoying to get, you just kind of have to hunt and get lucky
@polar rock +1

You gotta hunt for that sorta stuff it won't come to you, plus it's good way of proving independence and enthusiasm in the application process
Alright thanks CMNatic i can hardly find intern roles in my area on LinkedIn maybe due to COVID really don't know:(

Do i need to have some certificate too for intern role?Like currently all i do is learn and do THM or bit of HTB?

I mean do you need them no are they nice to have yes very much

I mean nothing too crazy sec+, A+??, eJPT

just some simple stuff to show that you have a drive

you can also go for some cheaper stuff like splunk and aws certs

yea I'm planning to give eJPT a shot this winter..

I wouldn’t suggest being dumb like me and throwing a lot of money at certs so young unless you 100% know this is what you want to do

i have no prior certs though but i think I ahve learned enough from these platforms to begin with eJPT

yes i agree being here and that i'm able to solve medium and some hard boxex I think i can skip basic certs like Sec+?

or Net+

I would highly suggest against that

those are very good certs that provide an amazing base layer, I was talking to @languid hearth the man with a million certs and I believe he said he even found value in things like sec+

daym so many certs

What can be good beginning cert in your opinion then?

I think ccna, sec+, eJPT

Something like

it will give you a good foundation imo