#cyber-and-careers

It makes it kinda easy

Yes and I heared that exam is all about memorization

Oh alright thanks didn't know about this new v7:)

Hey everyone! Loving the community here and have been having a great time working my way through rooms on THM! I just have a quick question! Since covid hit i've had to make a career change into tech, sat my A+ a couple weeks back and passed! Since then i've landed a help desk job. However, i really love the security side and over the next few years i want to focus on working my up to a security role. What path should i be taking to work towards that? I'm thinking of doing the net+ and security+ over the next year and a half and from there I hope to land a junior soc analyst role. Does this sound like the right way to go about it? Would love to know other peoples thoughts! Thanks so much in advance 🙂

yes that sounds like a great way to get into security. Also like the above discussion, a CCNA would be a huge boost instead of Net+, just keep growing your skills, watch out for job listings for junior soc analysts, see what they are asking for and work towards that

the labs weren't exactly hard on the CCNA R&S tho

Perfect thanks a million! Is super exciting am super pumped to be on this path!

Pardon the biased reply, but try the INE Starter Pass. It's free and gives you snippets of numerous courses from the catalog. However, it also includes a complete pentesting course (formerly eLearnSecurity's PTS Elite minus exam) with slides, videos, unlimited labs and 3 black box practice pentests. Great toe in the red waters!
https://checkout.ine.com/starter-pass?utm_source=78&utm_medium=referral&utm_campaign=starterpass&utm_content=vip

do you guys know any bitcoin miners that actually work? (solo computer)

Why are you asking? Mining bitcoin is not worth it @stoic lotus

how is it not worth it lmao, its legal

The power costs are too high compared to the return

what makes you so sure? have you done it yourself?

I know the maths

There's a reason it's only mined on ASICs in countries with exceedingly cheap power.

You can do the maths too based on your hash rate.

Why is this related to #cyber-and-careers ?

And why are you asking?

this is a free world ill ask whatever i please 😂 🕵️‍♂️

I mean the discord rules apply.

the only real rules are provided by nature

555

(Bear in mind you're talking to one of the guys with the power to yeet ya out of here. Whether it's legal or not, a little respect and not being an ass go a long way 😛)

Sure drop a couple 100 grand on ASICs, another 100 on power and a space to store them then stop and be in debt because you realize it’s not worth it now

The answer to the question though, is probably not.

For that reason

No one really spends the time gaining knowledge about them because the cost is not worth the return

^ ditto

so is it worth it to mine any other crypto currencies? or do you believe crypto mining is obselete

Not really, for either suggestion

yall mustve forgotten about quantum computing 🕵️‍♂️

It's not obsolete -- it's just not worth it for most people

A) Do you have a quantum computer?

yeah its pretty obsolete now ish. theres still exceptions

B) It's still very much up in the air what quantum computers will be good for

I mean it's not so much, we know they won't be good for many classical problems

bitcoin has moved on to much better things than just mining

It's likely that they would be pretty good for things like bitcoin mining, but that's not guaranteed

Tells him it's not worth it. Asks if it's worth it.

It's only worth it if you run about 85 extension cords from the the garages in your neighborhood, splitting the cost up evenly so as to not make a big stink. Make sure to get the green ones from around Christmas time so that they blend in with your surroundings.

Also, that's complete sarcasm. Don't steal your neighbors' power. Mining isn't profitable unless you get power dirt cheap.

lmao

I love the need to say that's sarcasm... ya know, just in case

Poe's Law ftw!

Hi, I just graduated from UC Riverside with a masters degree in Computer Science with a research focus on Operating Systems Security. My job offer got revoked due to the COVID situation. I'm looking for InfoSec positions so if anyone has any leads, please do let me know. Thanks.

I'm looking for entry level InfoSec positions in the US.

There’s a job post in the #jobs-board maybe check that out

sure thing. i'll check that out. thankyou 🙂

Hey there, I just recently took the Cisco Sec + ..twice. and failed with a 710, second one was less, I know there is a new one out, should I study the old material or the new material? If I need to study the new material where is the best place to get it? Thanks

Cisco sec+?

Do you mean CompTIA sec+?

if you already took the old test, just study the old one. the old test is still available until june 21 i think

I think he means Cisco Cyberops maybe

Any bug bounty hunters here?

#bug-bounty ? Also, it's better to directly ask question so people can see the question directly.

Good day folks I'm struggling for almost a week finding the best path to take for self though to dive into Ethical Hacking path. I have some knowledge on Network, Linux and Windows, Network Security and ZERO knowledge on coding. hope you can help me. Thank you

we are in the same boat i see

i just started with learning the basics on THM coding/programming will come later

@wraith thorn freecodecamp.org and try learning from Udemy course.

@icy moat wait until new course release or try comptia security+ .

@wraith thorn @trail granite I am also a newbie when it comes to ethical hacking. I just started doing tryhackme.

I completed my CEH 2 months back

Yeah im learning for it atm

Got some experience in programming python and networking/setting up servers

So it wont be that hard i suppose

Whats everyones opinion on Blue Team Certifications?

And is it relevant in US?

blue team certs are amazing and hell yeah they’re relevant in the US

Considering purchasing the Intro courses before I decide on the Level 1.

Its worth a little over $100 for all the intro courses :)

Wait are you talking about general blue team certs or the security.blue team certs?

I wouldn’t waste your money on security.blue team

Umm. Good question

Not sure. Link comparison?

I guess I was talking about securityblue.team

BTL1

haven't seen them requested for any jobs lately, but then again, I haven't been searching.

6 course for 80 euros

They’re a very new cert so they’re not recognized

Don’t get it a.) those small courses are basically just a quick grab for money and cover tools that you can get the same info for free b.) I’ve heard some not amazing things about the instructor and have been advised against it

Fair enough. I trust everyone's opinion in this community.

Recommendations on some other blue team pathways, junior level?

CySA+? However, the recommendation is 4 years of experience + NET+ and Sec+

Might do this cause it's cheap and for the lolz

@gleaming basin eLearn, THM is working on a path rn

4 years? that’s really not needed, but yes i would recommend it

Cant wait to see the path. Super excited. Thanks for letting me know @polar rock

Have any of u guys done the CompTia learning through their site? Is it any good? Seems pricey

Ive been using Professor Messer on youtube.

He covers exam objectives

I've been using an app with like 500 questions, just wanna make sure before I take the drop to buying a exam vouchers

I've been using an app with like 500 questions, just wanna make sure before I take the drop to buying a exam vouchers
@forest knoll for compTIA exams ?

Yeah, though in yet to actually do an exam

Yeah, though in yet to actually do an exam
@forest knoll whats the app called ? If u don’t mind sharing, also check out examcompass.com they have practice tests as well

Been using those

hello guys. I am new to kali. I was just going to follow one of the first tutorials and right off the bat the layout of kali that i have is totally different to the one on instructors screen. He also got different tools like golismero. Any tips for a starter?

there are different versions and DEs for Kali

I went and downloaded the one he has suggested from security offensive website and it is not the same. I tried getting from kali direct and again it is not the same version

I mean not looking the same and missing features

If you downloaded it from there direct kali link then yes it is going to be different as they went through a major change from 2019.3 to 2020.4 kali

that's probably what it is. The video I am watching is on 2019.3 version. The offensive security website is also only offering the new 2020.4 version of kali.

That makes sense

@wraith thorn I believe it was the comptia security I took, My Gial is to have after I graduate in March. Thanks!!

Well. I did not get that SOC job I interviewed for. At least I gained some interview experience.

Onto the next...

it happens, you'll get the next one!

network+ one helped me a lot.

however i highly recommend reading some exam prep beforehand

@ancient prairie thanks :)

don’t worry about it man congrats on getting an interview, @languid hearth can tell you about how many jobs he applied for before getting one. It’s just about persistence

Unfortunately, that was the only SOC job in my area. Currently there are none. But its ok, will continue to learn and grow :)

If you’re set on staying in your area that will make it harder

the easiest way to get a job is being willing and able to move

@gleaming basin same with my sys admin job :/. Onto the next aha

😩

could anyone pls share some threads/pipeline which will guide to what to study to get prepare for OSCP from noob level ?

@timber heart https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/

Pretty amazing stuff....Thanks ARZ

The road is long 😄

Yeah xD

have any eCPPT-holders also completed Throwback and would say it's good practice that lines up with course/exam objectives?

Only people I can think of are @elder grove and @pseudo nacelle

Some of the pivoting is relative. Enumeration always is as well.

https://rafeeqrehman.com/2020/06/12/ciso-mindmap-2020-what-do-infosec-professionals-really-do/

pretty accurate it seems although you can find some blending... like Security Architecture (my area) has some cross over with business enablement

Good one, but remember that mindmap is focussed on the operational units in how a CISO manages those responsibilities and capabilities. It can be different in another organization, and especially in another industry that might be more traditionally focussed.

to anyone whos gotten a SANS cert - what do the shipping times looking like?

yup, I don't think there's one single map that you can use as a definitive reference, but I thought some of you might find this helpful nevertheless 🙂

I don't remember exactly but took close to 2 months to get my physical cert in the summer

I actually got it around the same time I got my OSCP cert and that took like 6 months lol

damn

i wish there was an option for faster shipping

spooks are you doing the 100 days of code Python class from Udemy?

nope

i like bash. bash is my favorite, why would i use anything other than bash /s

ha

Interesting read ty.

I am finding such a good site which is really helpful. I wanted to know their dos and don'ts stuffs. I really appreciate it. Thanks.

I wanna HACK SOMETHING and get some swag

#778305825797177374

Iam planing to do Master in Cyber security . Any drawbacks?
Any suggestions

where are you located?

In the US, getting certs will do you better if you are trying to break into Cyber Security. a MS in Cyber Security is better suited if you are already in the field and looking to get into management/higher level position

primary drawback would be that a MS would not prepare you for most entry level Cyber jobs and you'd still need to get some certs to be considered entry level, better time spent not doing a MS until later

IamM from india by doing certifications can i get job abroad?

depends what country, if you were talking about doing a MS in your country of choice as a means of being local, that could help but I will say many countries have a bias in security towards citizens of that country, US has a strong bias especially

Thank you

Like I'm planning to do my masters from Europe (italy most likely) and get some certs during that. Will try to get a nice job before my masters end.
That's the plan for now

I love the job market in the US right now. All I see are Intern, Senior, Principal, Architect, Manager, Director positions in my area. I have seen some "Entry Level" positions, and I looked at them where they require 5 years of security experience... I'm like WTF? I'm looking to move to security, I have gone through the Sec+ material, and I have the basics for Splunk and pen testing. Any suggestions from the peanut gallery? I am an experienced system admin working mostly with Linux/Unix/VMware, but I can work with Windows too.
https://www.rvcj.com/twitter-is-sharing-impractical-job-requirements-set-by-recruiters-while-hiring-new-employees/

do you see any soc analyst type job listings? I'd also look for system security as a keyword

Is Pentest+ worth is now?

Now that it is on the DoD recognized list? Probably is.

gov jobs go brrrr

It’s typically a degree or IT experience. Security is typically not an entry level position which is why some requirements are high especially on the red side. If you have sysadmin / IT experience you can just tack that on. It’s also a matter of just applying everywhere and seeing what sticks. Also note that those requirements are more of wants all in all

Hello All!
wondering if you guys have seen the ITCareerSwitch thing about the Cyber Security Trainee. I've had a little look round about it, it looks and smells like BS and usually thats because it is!

Just wondered if anyone here has any more information on it, or has given it a go? you never know eh?

If the first result on google is “is ITCareerSwitch a scam?” I wouldn’t even look any further

There basic thing is just making you overpay for course material from other vendors then taking the A+ which is fairly arbitrary if you even have any clue about IT. And then something a bit more specific like CySa+ or CCNA.

their entire business model is just repacking exams

lmao they even lie “Official CompTIA A+ Exams (Worth £322)” the A+ is £164 without the student discounts as well

fair play. I figured as much, but I thought I would put it out there.

thanks for the time though!

What do people thing of the EC council CEH cert vs the offensive security pen test cert? Would one be more highly regarded than the other as a first cert to do??

CEH is widely regarded to be a meme

Go OSCP, if it's a choice between them

But bear in mind that it's not just a case of walking out to the shops to buy either of them

I completely understand there is a lot of work in both but I have the choice and would much rather put the time and effort into the one that is going to hold more weight

oscp teaches you more and holds more weight

can anyone send me a good cyber security analyst roadmap ?

sry wrong channel.

https://github.com/ED-209-MK7/5pillars/blob/master/5-Pillars.md

that is a good 'roadmap' of sorts

Can you really make a career out of bug bounty programs??

you can make a career out of anything, if you've got a knack for it.

Niiiic3

Hello does anybody know the standard length of a Curriculum Vitae (CV) for the United Kingdom. is 3 pages fine?

Generally don't exceed 2 sides

^^^

Keep it to two sides of A4

Remember 2 things

Your name

And email

(Yes, I've seen a CV that didn't contain either of those things)

1. They're likely to be machine parsed to start with, so keep it straightforward
2. The poor HR person is likely to have a big pack of them. Make life easy for them. They'll like that.

we had a class about this in the program I'm currently enrolled in. the instructor said one page. the nice thing was that everything he said, he backed with logic and experience

are things so different in the uk? I thought you shouldn't exceed one page without a good reason, but ideally still try to keep it to 1

so 2 sides meaning 1 page? or 4 actual pages on 2 pieces of paper?

thanks for the advice

I think James means 2 sides of 1 page

dam its going to be hard to keep it on 1 page

do resumes even exist on paper in 2020

no i have it as docx or pdf

uh, yes, but the same applies to a pdf

so that doesn't make a difference

fml now i have to figure out how to squeeze in all the vital info.

how many years of experience do you have?

i've got 2 jobs on mine, as well as all the other stuff and it fits nicely on one side

6 years of experience 4 different jobs

ah okay so you probs can't fit that on one side

narrow margins ftw, hardly no spacing also now I guess

I have a class right now but I'll go through my stuff later and send/link you anything relevant I can find if you want @odd field 🙂

also for acronyms do we include the full words or just the acronym?

much appreciated @cosmic ingot

i feel like recruiters and HR will not understand the I.T acronyms

depends on the acronyms i guess

for certs i'd say not, so things like OSCP and CEH would be fine

why cant people read just 1 extra page 😦

I would get it if its like 4 to 10 + pages long

i suppose if you put the most interesting stuff at the very top, the more likely they are to read more

ive done that for sure, key achievements and key skills followed by professional experiences

Think about it. 100 Candidates, 200 sides vs 300 sides. That's a lot of time

You want to make it easy for HR

Aaa man I get that, the positions im applying for do not have over 100 candidates

primary reason is people get hundreds of applications... beyond that, there is an idea in business in general that you should be able to sell yourself in 1 page and if you can't be concise on a resume, you can't be concise in your work. I learned throughout the years that people won't even read an email beyond the first paragraph

so dam recruiter/HR must read that extra page lol

No, they don't have to

They will just pass you over

aaa 😦

alright I shaw try my hardest to get this thing onto 1 paper page 2 sides then.

Look put it this way. You're applying to them, not the other way around. As far as they're concerned, you are one of many. There is nothing special about you -- not unless you can get them to read your CV. Then there might be something special, but before that you're a name on a page

If your CV isn't what they're looking for, they'll dump it without a second glance

true true

bye bye header and footer spaces

making progress 2.5 pages

anyone here doing ptp?

Maybe try removing the less important stuff, rather than messing with the spacing?...

Im trying 2 remove the fluff

it should really just be a summary, not a detailed work history

thats what it is, but when you have mucho experience and key points its hard to summarize it all.

but that you for all the advice people

much appreciated.

got it 2 pages 🙂

Hi!

Have a TS/SCI clearance, BS compsci, CySA+ and pentest+ but I have no experience. Most of my experience is as a language analyst and anything cyber related I learned through labs on my own/ htb/ thm.

Getting out the military in 2 years is there anything else I can bolster my resume?

any suggestions?

❤️

Other advice I'd give to people is keep your social media upstanding because if you think people can't find you, you'd probably be wrong

@rugged sable - I got out about 8 years ago and can tell you there are a LOT of programs out there for transitioning vets to assist with finding work. BEFORE you get out, use your Tuition assistance for any classes you want to take.

If you want to keep your TS/SCI clearance, join Clearance Jobs as there are a lot of companies that will hire you just because of your clearance and can provide training if needed.

After 2 years of leaving Active Duty your clearance expires regardless of when you went through reinvestigation

@rugged sable - Check this out https://www.sans.org/cybertalent/vetsuccess

I have an interview tomorrow what should I review?

whats the interview for?

Security Analyst im looking at their job page and gonna review that but anything else?

depending on interview, they may ask some behavioral questions, those are always to good to review as well as what do you bring to the team that others may not

how is the cyber security jobs in the UK

thinking moving their out of the states to do Cyber as I gain experience here in about 7-8 years in my 30s

only thing I've seen from recruiters/people that live there is they do not pay as well and it seems for certain jobs (pentesting) you have to have certain certs

are you saying do not pay as well and taking into account the lower cost of living combined with generally more benefits such as free healthcare, more paid holidays and more?

that's what I was thinking but I wanna learn more about the culture etc gain some different experience

I am going to stay in the states first get my experience and certs under my belt

well that is a complicated question... and I don't know if it evens out later career but based on conversations I've seen, it seems like entry level security people make $30-$40k/yr in UK, while in the US (it can vary) it is $60k-$80k. And US companies are tricky these days, some offering 'unlimited PTO' but its not truly unlimited. Like as a senior level security person, I get 6 weeks of vacation but I suspect the pay difference between me and a senior level security person in UK isn't double

oh ok gotchy

gotchu , but I health care and other things of that nature is a lot cheaper than here in the US

but entry level here I would say is about 75K to 85K

yeah 60k is a really low end

I go to a University were they require you to get 1 year of work experience as a Cyber security Analyst etc basically within your degree filled and your paid , plus I have net + and sec + so the lowest I am taking entry is 75

im asking 80k

im asking 85k

hopefully you get it, and it is definitely possible

meet in the middle at 80k but London in not cheap

but I am hearing from various poeple on Linked in too come over after I get 6-7 years of experience

and also be aware that the US, if you are a US citizen, will collect taxes on your income still

easy for me to get a job and the pay should accommodate my experience hopefully be a engineer or red team by than

unless you decide to give up your US citizenship

OK didn't know that

I was going to move back to the states eventually but Live in England for a few years . a good 5 - 6 years

But I will decide when I past that road I guess

another potential option is try to find a company based in the UK or with offices at least

could get a TDY for a period of time

temporary citizenship

I will look into that as well

its not completely common but sometimes a company will have a need for people in a foreign country and offer you a temporary position

so could spend a year or 2 in a foreign country, but it isn't guaranteed although could make job searching/networking a little easier if you have coworkers in the UK

right ok

I will keep that in mind in the futuer

future

Am I able to apply for jobs in the US if I am from Canada? Does it need to say that I need a visa?

@dusky oracle google would give you a better answer than a bunch of random hackers on a discord

👍

Stupid question, where do I write up the OSCP exercises? Shall I just document them and tac them to the bottom of the lab report?

I think so

Did u do them?

nope

Lad...

😄

I went through and screenshotted them, was bloomin 81 of them. Looked online and some dude says there's like 108

One of them is empire 🤢

the whoisflynn's lab report template has the excercise answers as an appendix at the end

Ohhh so it does, might use that instead of Notion then

@forest knoll I'm with Szy -- 100% don't recommend.

Seems like WAY too many exercises and most seem pointless

They are a huge timesink. The latter ones are very open ended, and AFAIK, if you don't answer even one of them fully, no points

I was wondering if I get 1 "wrong"

It was getting to the stage where I was writing full page answers for each question, and there were at least three per section

Not worth it for five points.

Yeah it looked like a lot

If you're that close to failing then you probably shouldn't be passing anyway (and I say that as someone who failed)

well, if you really have nothing else to do with your time then go for it

I'll probably do a few test reports on lab machines for practice (labs start next week)

True true

but otherwise just study for the exam itself 😄

Exam it is!

Thank you for saving me from the huge time sink

Guys new to channel as well as THM.

First of all thanks for the amazing content on website.

I wanted some help deciding what to be done in terms of security as a career. Currently I am working as a Technical specialist and helps with system integrations and other tasks related to consultancy for my clients in my current job. Want to move to a full time Cyber sec analyst or similar roles

What would be the best certs to learn about to achieve this.

The gateway/entry cert is you like is really OSCP. https://www.offensive-security.com/ Other certs are good including ones offered by eLearnSecurity. Also included is CompTIA like Security+ and PenTest+.

If I'm wrong feel free to correct me.

OSCP is a bit too niche for an analyst role. Might want to start off with one of the "mile wide, inch deep" certs like Security+

Also gives you a view into other positions that you may want to consider

I have 4 years of Exp in IT(Network & Security). Will Security+ enhance the skills or help me brush through them again?

Ah, that's fair. Sec+ could do either of those especially in the objectives you might not have gone deep in yet (cryptography, risk/compliance, etc.)

Based on what I am reading on their website its more targeted towards guys who are new to the field. Though I am thinking of getting that cert and start from there.

Will getting a video resources from Comptia be a good idea or is there any good alternative available for study purporses

combination book and videos from for example professor messer

Will definitely register this for my brother who is about to passout his major and thinking about getting into cybersec

will search for his lectures also peek a bit into the sureddit for security+ or comptia

https://professormesser.com

Standard formula for CompTIA+ studying is a good book, practice exams and Prof Messer (he doesn't have videos in the CySA+/PenTest+ tier or above though)

Doin Sec+ right now with Messer and Darril Gibson's book and it's goin alright.

Have a company-sponsored 8day workshop ahead of me in January as well though, so I hope I'll be able to pass after these 3 things.

is it ok if I DM you to get more insights? and clear certain doubts if they arrive?

Absolutely.

Sure.

Thanks Mate. 🙂

Hello there @everyone

Please don't try to ping everyone 🙂

A) It insinuates that you think we're dumb enough to let people ping the entire server

B) We have close to 40,000 people in here -- guarantee most of them don't want pinged

@undone shore okok sorry

Anyone here pass the oscp???

some have

Quite a few tbf

I can think of 6 off the top of my head

If anyone have pass the oscp please tell me!!!

👀

if you have a question just ask @covert warren

I want to know the roadway map to reach oscp certification... I just put a step in cyber security.. Anyone can help me..

If you check the pins in #resources there are a lot of tips and machines to prepare for OSCP

i wanna be a computer engineer

and go to

MIT

that's a very nice goal to have 🙂

@unreal arrow thanku so much🌹

any particular reason MIT?

Because MIT

How old are you?

Penetration testing isn't that bad Goal ig

15

can I dmmmmmmm

ye bc i wanna go on the stem path

ig

sure

Hey Can i still do today's Christmas ctf task tomarrow or will it disappear everyday ?

uh?

I meant advert of cyber room

Wrong room #778305825797177374 but yes u cant do it check #778305825797177374 pins

I got a video interview friday for Security Analyst position! cant believe it lol

did well on the phone one today

Legoo

@south nest Nice to hear that! What is your education background?

so I was wondering if binary exploitation is worth it nowadays in cybersecurity, or if there is a specialization related to it. I am asking because most of my experience is in low level programming, compilers and operating systems (right now I work as an intern on a Linux Kernel Dev position) and I seem to enjoy this category of CTF's the most and they come to me the easiest. I want to work in Cybersecurity, are there any profitable branches that focus on this side of security? Someone mentioned Malware Analyst, but that is more on the blue team side

If you want OSCP, you need binexp

Pretty sure WhatsApp had a buffer overflow last year.

The specialization is in malware analysis, exploit development/research. @full summit

Nice, will look into those. Thanks :D. So it's not entirely useless learning how to break this stuff. It just seems to be so rare compared to web stuff and what a bug bounty hunter does

everything seems to be about web nowadays

Application Security would be where it is prevalent.

Passed OSCP

Way!!! Congrats!!

How'd you find the exam?

You just need to keep yourself cool

And need to know your method

I'm looking at booking it around mid Jan maybe

First time?

Congrats! Gave you the role 🙂

87.5 Marks

Smashed it

Thank you @undone shore

Oooooo Muiri go Muiri!

Actually, what's the IP. Gimme a sec. 25.107

Did you get 107? (Not mentioning the name)

It was not in my exam

😦

Damnit -- still haven't found anyone who's managed it

Beginning to think that damn box is impossible

Thanks anyway -- and again, congrats!

You attempted the exam ... right?

Mhm. Couple of months back

Got hit with four horrific ones

Can u write scripts and take them in with u?

Yeah Muiri has had 0 luck

(u can tell I wrote them cause they're terribly written)

I see no reason why not

They're just more tools 🤷‍♂️

What should i try next?

you're allowed to take whatever into the exam including materials from past exam attempts
thats what I was told by the proctor. I had my BoF script saved and an exploit pinned on my favorites bar

What's the betting my BoF script from last time works immediately?...

not likely

they make small changes to some boxes

Oooohhh fancy, just wrote a simple ping sweep, file structure, nmapper. Thing I shall make more cheatsheets!

no cap id automate web recon

Damn 🤣

Worth a shot!

anyone work in the industry and may have some insight as to what a technical interview for cyber analyst might entail?

Networking knowledge, familiarity with Wireshark, TCPDump, TShark, Malware, Viruses, common attack types, Splunk, SIEM, SOAR, general Triage process, and stuff like that.

Thank you!

Review Sec+ knowledge and vocab, review scenario-style questions where you have to showcase the security mindset.

any new challenges will be open lately?

has anyone taken a sabbatical ‘year’ in the uk? i wanna go travelling for a bit (when covid dies down). was thinking of working whilst abroad but would deffo prefer having the time off

i know it’s best to just ask my employer but wanna know the likelihood of it

One of my friends did that. But while away started contracting.

Gets £750 a day and just works remotely somewhere in the world

that sounds like living nowt like being your own boss 😄

wowie yes please

What kind of work?

He does DevOps stuff mainly

He was one of the guys from canonical that built openstack/enhanced k8 and docker

Congrats!

@leaden yew Thanks 🙂

Guys is professor masser training vids paid or free? i see both there for sec+ but cant figure out the difference between them

free

think you need to pay to download them or something ?

and the ebook/book is paid too

but just search on youtube

was about to pay for the video lecs when i saw that free vids option and it got me all confused

i figured it out. the difference is you can download the videos. thats it with other things included

Thank you! I have my sec+ already so I’ll probably go back and do some of those practice scenario questions from the study guides

Hey all, I currently have Sec+, Linux+, CySA+, CASP+, CEH, and GCIH. I have to get PenTest+ for work, but after that my plan is to work on OSCP. Any advice on prep materials for the OSCP? Any general advice from anyone who took the exam? Something you wish you knew before you took the exam? All help and advice is appreciated. Thanks!!

You should be fine to jump right in

Thanks!

I'm also working on improving my scripting on the side. Feel like that should help

@languid hearth Looks like I got some of my certs added to my roles in the past. Don't remember how I did that... Do you know the process?

you just have to ask!

Between aiming for PenTest+ and having done some THM already, you should be good to start. If some things in PWK aren't clicking just supplement it with more labs like THM

does anyone here give mock technical interviews 🙂

for an entry level security pos

#cyber-and-careers message here's some sample PenTest interview questions

not necessarily intro but there are intro topics referenced

Cool beans i just feel like my interviewing skills need to be worked on ill ask some buddies to ask me questions or something

What would be the certifications that one should get from start and moving on to next level?

for what purpose?

In that case, can I get my certs added to my roles, please? CySA+, Linux+, CASP+, and GCIH. Thank you kindly!

you'll have to ask a current mod, I'm former 😅

We don't have roles for CASP+ and GCIH atm but I've applied the others @peak jolt (:

I have some certs ... are there any benefits to adding the roles or just aesthetic?

Some of them give you access to a secret chat

Depends on the job and that is what you should look at for the first cert. look for the jobs you want and see if there is a consistent cert. Sec+ is never a bad idea since I proved you know the basic concepts and can apply them to scenarios since all the questions on the exam are scenario based. However, look at what the jobs are asking for is always good advice

😮

That advice is honestly the best you can give tbh

It will vary area by area

I am not an expert, but I am in a cyber security role and Sec+ is required. All certs build off those topics so it will set you up to not get tripped up on industry acronyms and phrases most people would assume you know

Sec+ 👍

Thank you!

I've asked if we can get these added, but the person to ask is away for a day or so. If they get created, I'll add them to you and let you know 👍

That’s great! Nice Danny Phantom pic btw

Haha thanks 😄

I am struggling to find a Junior position in Cyber Security, would working in something else (pure programming, IT services) help to get accepted? I am worried that the companies not involved with cybersec might not want to fund my certs, conferences or CTFs.

I worked for a company in their IT department and they gave everyone the option every quarter to spend up to $xxx on certifications and you could get reimbursed. All depends on the company. Letting their employees get certs for free allowed the company to get people to learn skills and become better at their job. All depends. Having experience in IT would come in handy with a junior position if you also get a cert. Also, if there are any projects you can volunteer to work on related to security (like setting up a process for encrypting employee workstations) it would look good on your resume especially if it wasn’t required for your job but you went out of your way to show you can handle security related tasks.

If you can get right into a junior cyber security position then by all means do that, but a general IT job is better than nothing so you build experience in the industry.

Let's say I want to get a position in a SOC team or Digital Forensics, how can I increase my chances with a job which has nothing to do with security?

Do some desk support for a bit?

your resume may not have some of the job experience but if you craft other pieces around your desired job like qualifications etc. can help

Hey, so i have a job interview tomorrow at 3pm for a 2nd line technical analyst position, some of the interview questions are going to be discussing my networking knowledge, i did Cisco's routing and switching course to get onto my degree but that was 3 years ago, so my knowledge has slipped a little, does anyone have any links to some bite size digestible information for my to brush my knowledge up with, they're also going to ask me about cloud and infrastructure, which honestly i don't really have any cloud experience they're willing to pay for people to do certifications which i will do but i would atleast like to present some basic knowledge of cloud infrastructure to get an edge in the interview, does anyone have any recommended reading or videos that i could use for that? Thanks in advance.

I am working on a formal report for my technical reporting class and was wondering what type of report you would consider an after action pentest report so that i know which format i should follow while writing it

@terse canyon I would look at sample pentest reports to get an idea here are a few:
https://www.redsiege.com/wp-content/uploads/RedSiege-SampleReport.pdf
https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf

those are two very different styles so you can get a good understanding of how people adapt them

red siege are very well known for their reports but as you can see they are very different than the offsec idea of a report

Thank you very much!!! This type of writing is very different than what i am use to

You might be able to score extra points, by including a second document that represents the Confidentiality Agreement (CA) or Non-Disclosure Agreement (NDA). @terse canyon

Not a half bad idea and would also be good practice as well

especially if this is the career i really want then i better get good at reporting my findings lol

it can actually be easy once you have a template to work off of

just gotta build my template first lol the referances have been a huge help tho for real getting to see how it is pieced together has the wheels spinning

would be a lil easier if i had actual data to work off of instead of coming up with this stuff off the top of my head

is it considered plagarism to use one of these reports findings?

you could take thm rooms and make pentest reports

now that is a good idea

2 birds 1 stone

@terse canyon The value in a pentest report is walking the audience through recreating your work, and the remediation suggestions to prevent another attacker from following the same path you did. You could get root on an entire environment, but if your report doesn't show how it was done and suggest remediations, it has no value

thanks for your input i will keep that in mind as i write my report 🙂

how is security+ study guide from packt? i just found out that i had it from one of the bundles i purchased a while ago on humblebundle

what version of Sec+ is it? Might be out of date

and most packt+ books are questionable

I have no experience with packt+, but very important for CompTIA to always check the version. Sec+ has changed a lot over the last few versions especially

that one actually has decent reviews on amazon and yeah looks like it was for the previous Security+ exam

was it for version 401? Current versions are 501 and 601 with 501 being retired in July 2021

ahh said 501, I just googled and saw 601 was latest

501 is ok if you plan to take the exam before it's retired in July

so there you go efex, sounds like it probably isn't a bad book based on Amazon reviews, but just watch what version you register for

Hi everyone! Total n00b here. Looking to make transition into CyberSecurity and trying to develop personal road map. Passed my Network Plus and taking Security Plus in two weeks. Debating what I need to do next. Most likely signing up for https://tryhackme.com/signup but seeking general thoughts since I am no experience in IT. I come from a Sales and Marketing background. Liberal Arts major. Appreciate any suggestions, ideas, or thoughts. Thanks!

TryHackMe is great for learning skills to break into the job market. I would say start looking for entry level jobs. IT help desk, SOC analyst, entry level network engineer, etc

Hello I'm newbie here too! I'm on the same page as texassamurai but come from a different field of work. I just have a question re entry level jobs before taking the cybersecurity route and that is what qualifications/certificates should I go for before applying for jobs in IT field. Thank you ❤️

get a degree of competency in an IT domain before jumping into security - it'll make your life easier than trying to learn everything all at once

First step is to see if you see listings for entry level jobs and see what they ask for. CCNA, Net+ and Sec+ are popular entry level certs. Also depending if you want to do Linux or Windows admin work, there are entry level certs in both. I'm biased toward the network side (CCNA was my first cert) as that is where I started.

you'll eventually learn a bit about all the domains, but it's confusing to approach networking from the admin side, the network side and the programming side at the same time - common paths are A+ -> net+ -> sec+, or Cisco certs

So I've been looking into taking the business analyst route but need to find out what certificates I require to take up that role. I don't know if that is the best way to go tbh

honestly, i only care about the business side of things just enough to know whats in scope for my current project... if that's what you are into, a project manager path may fit better in your wheelhouse

I don't think I want to be a project manager

or look at the compliance part of security

I'm kinda done with people-ing now

if you are done with people-ing, don't do compliance

it's 95% people-ing

business analyst is peopling too

I know

But it's less than what I do now

I deal with the general public and there's only so much stupidity I can take lol

i like what i do, because it's mostly 'go into the cave and work, do NOT talk to people'

Not saying I'm a genius either

do not do compliance if you have a low tolerance for dumb

I know this already!! Compliance is not my forte at all

for compliance, you can do internal compliance so its not the general public, that is the role I'd associate most with business analyst

because you WILL be asked 'can i use whatsapp to communicate confidential documents?' on a semi-regular basis

nah, that isn't compliance

I get asked worst than that

i did internal compliance for PCI, SOC2, HITRUST for a bit - it was all people-ing and telling the sysadmins they can't use a ssh key to log in directly as root

compliance is ensuring that you are meeting a certain requirements and documenting

Yep

That's too boring

I looked into it

that is pretty much security form of business analyst

Ok

would it be useful if I say what kinda things I want to do in a job to give you an idea?!

it is compliance when it comes up during an external audit for program certification 🙂

They're very broad though

sure try

Erm

I suddenly feel awkward now lol

ok

honestly, why do you want to get into IT?

so I like analysing data and solving problems and fixing them but I don't want to go into first line tech support role, I don't think I have the patience to deal with people who don't use common sense even though i can be dumb at the best of times. I just know i'll be really curt towards people.

you could look into SOC analyst

blue/team SOC analyst, where they analyse traffic/logs, etc

I see it as the way to move forward to be able to be in a stable job and also avoid people-ing much

there is generally a lot of people-ing in security, sometimes with SOC analyst, not so much but security and IT are generally full of people-ing

It's either IT or sciences and with sciences you need a degree in sciences which I can't afford and don't really want to do another degree

programming maybe less so

Working security is almost always a large amount of people management. A SOC role still will require a lot of emailing and communication with other departments

That's fine

what I mean is I don't want to deal with general public anymore

and in the worst case, a LOT of argument about who is responsible to fix stuff

i work in a soc and it sounds like something you might like in entry level security, based on what you said above

and generally people will see you as the enemy in security, so its not only people-ing but people being hostile about it

try #778305825797177374

yeah sorry

Zojja is absolutely right about the hostility. Building bridges instead of burning them is 90% of the job

what kinda certificates or qualifications will I need?

net+ and sec+ are great beginner ones

I can do that. I deal with that sort of thing in my current role

Entry level soc is usually A+ , Net+ sec+ path

Ok

Do I need to do all of them or any of them is fine?

how competent are you

I'd also recommend start playing around in a home lab with CentOS and Splunk to get started figuring out logs

I got the necessary skills, analysing data, communication,

it skills?

My IT skills are ok

How familiar are you with SELinux?

I mean

Not at all

if i asked you what happens at a high level when you visit google.com, could you tell me?

Nope

okay, start with net+ imo

SELinux is a great way to get started figuring out logs, because it's hard as hell to understand until you get what its doing

it'll also build that log analysis skillset needed in a SOC role

Splunk has a free intro course online too

Ok thanks everyone ❤️

I'll have to do my research properly and look into all of this

good luck 🙂 and also using TryHackMe is great for honing skills

when you get a home lab set up, it's fun to see if you can detect yourself attacking your cyberrange

So do you suggest I install this home lab and have a go to see how much my level of understanding is?

will that help me?

if you don't have much of a budget, you don't need a lot of resources to get started

I have a budget

I can't afford to spend now

A home lab can be as simple as a second hand server that’s running multiple vms

We've been told we'll be made redundant soon 😦

honestly, I'd just use TryHackMe, look at Net+, look at splunk training for their fundamentals course

install a virtual machine on your main PC (i like vbox for windows and ovirt for linux) and build a few low ram and disk machines to get started

or an intel compute stick

ok guys

I know you're all helping

but this is too much info now

I'm sorry

or use gns3 it’s a great and not resource intensive way to virtualize a lot

you asked about my favorite topic what can I say 🤷‍♂️

that's fair quirky - stick with where you are comfortable then, and slowly build out

Can I go back to the very basics please?

So

Right now

I just have a laptop

with an additional screen

yes, look at Net+, look at TryHackMe, hone your Linux skills, hone your networking skills

to summarize: a+ net+ sec+ and splunk training course 🙂

Can I install something on my laptop to test myself?

play around or whatever

most people think A+ is too basic (I am not familiar)

A+ is for people without much IT background

use professor messer on youtube to study for net+, and see how you find it

if someone has a BS or BA in CIS or CS or related, i'd say skip it

going for entry level, there's an 'understand the basics of hardware' requirement though

I have no knowledge of IT let's stick to that because this has gone beyond my brain now

ok then look at A+ it seems

or maybe because it's the end of the day and my brain is fried from dealing with people lol

ok

i'll look into A+ and Net+

you are just going to build skills as you go

security as a domain is the superset of all IT domains - it's really easy to get out of depth very quickly

I can see that

https://www.youtube.com/playlist?list=PLG49S3nxzAnlGHY8ObL8DiyP3AIu9vd3K

the key thing to remember, is that you want to feel dumb every day, as often as possible

give this a watch, it’s the whole syllabus for a+

because that means you are pushign yourself to learn every day

Awww thank you!

if you never feel uncomfortable or dumb, you're doing IT wrong

lol

make myself feel dumb everyday

never thought I'd get that advice

break a thing you own, and then figure out how to fix it

I do have a very old laptop

for linux, it's stuff like accidentally installing over your bootloader and figuring out how to recover the partitions

would that work?

that would be a great device to install ubuntu or fedora or centos on

don’t worry about that yet imo, you need to know the basics of it before you start breaking things

@static tide this link has a million videos to go through!

it’s everything you need to know for the exam :)

learning linux as a daily driver OS, i wouldn't worry about deliberately breakign it. you'll do that anyway

omg you're already prepping me for an exam before I've even made a decision - talk about no pressure

@flat sedge is having knowledge about linux important?

for security? I think so

i’m not forcing you

for THM? you'll develop a lot of basic linux knowledge going through rooms

I know I was being sarcastic/cheeky sorry I'll use 😐 to show my sarcasm

Erm....

I suddenly feel reduced to a teeny tiny miniscule irrelevant dot in a room full of IT giants......

Don't forget A+ is comprised of 2 exams, this seems to only cover the first one

well he has a second playlist too

Right

I've signed up to tryhackme website and will work my way through all of the information on there, will watch the videos on the weekend and get my head round what I really need to do

Thanks everyone for all the information/advice ❤️

I'll stay on the server if it's ok for any future questions

idk anyone in here, but I wanted to share that I got promoted at work as Information Security Analyst - master. (my work has levels). I graduated college about 4 years ago and I can't believe I've made it this far!

Well done!

I'm sure this question has been asked a thousand times, but i keep reading conflicting info and am trying to put together a battle plan...
I'm currently employed on what you could say is a low-level digital forensics role, with some training in OSINT. However i´m looking into a carreer change and would love to get into an pentest role, I'm in the process of getting a bachelor in applied informatics ´on the side´... That being said, I've started with the tryhackme path a week ago. Now, my big dilemma: what certs/courses are worth taking? Both in terms of xontent as in terms of ´looking good on a resume´
I've read that eJPT is a good start and OSCP is highly regarded, but does anyone have any advice?

considering you already have some experience I would go eJPT then OSCP you could toss in some networking as well if you dont already have some under your belt like ccna or net+ before eJPT

As soon as this hellacious holiday season is over, I start a temporary position withing my organization as an Authorization and Accreditation specialist. First position away from a cash register... finally.

Ive had pretty decent networking in my degree, just didnt go the extra mile to get cisco certified (did the CCNA 1-4 courses tho, sadly before they renewed and implemented wireless)
I'll look into the eJPT one. From what I've read OSCP is a whole other level tho... do you guys feel like the certs can replace a bachelor degree? I've still got 3 more years to go since i´m combining it with a full-time job, was wondering if they hire people based on certs alone

Two degrees and now a CySA+ cert, this would have marked my fifth full year since graduating that I've been doing high school level work to survive.

Congrats on moving up!

Thanks. Now I just gotta impress them enough to make it stick.

eh they can and definitly have hired people with a degree but it is nicer to have one

Degrees get stale fast. A compsci degree less so, but trust me.. your degree gets irrelevant fast. Certs are useful because they're always relatively current.

That's what i figured. Guess that gives me 3 more years to gear up on knowledge and get out there fully equipped!

but too many companies still like to see that degree

Yeah the problem is I'm at a sweet job atm, but it doesn't pay that well (government) and i feel like i need more of a challenge
So i dont feel like going for the junior position you'd probably get without a degree

First world problems and all

If you have the job history to back you up, you should be fine. In my case, I had two computer related degrees and years of cash register. No one wanted to even look at me.

Go make a name for yourself then in the chance you have now! 👍

That's the plan.

Guess I'll just have to be patient and get my sh*t together before considering that carreer change 😁

a degree isnt for knowledge lol its for a job

Damn, just did some research on eJPT. Do you really have to take a $2k pass to get the course?

No

eJPT's training material is free (PTS)

The exam attempt is $200

If you check the pins, it's covered there

Oh, that's misleading on their site
That is a much more acceptable price

for $2k is probably a bootcamp

No

Ok, thanks!

2k is the full INE pass

Sorry for the newb questions btw, it's kinda overwhelming

Last time I checked their website it was pretty clear they had a free pass which isn’t really misleading?

Super sad that the INE pass now exists and you can't download the slides to view on an ereader

Yeah it was my bad
Didnt completely understand what was included in the free pass, was looking for ´penetration testing student´ and kinda assumed it'd a paid thing

No offense ment, thanks again for the info!

Luckily I got the eCPPT course before the switch happened so I got those slides

The elearningsecurity site said to enroll in the cyber security pass, as prep for the cert which is the paid one
Hence the confusion

does INE pass include a test voucher or just INE training, hard to tell from the site

Just the material

How about become a Crest Registered Certified Penetration Tester?

How difficult is the CEH exam (i know, i know, i know. my work is requiring it). I keep seeing pretty conflicting info on its difficulty. For reference I have been a security analyst for 2 years working with a blue team doing vuln mgmt and also helping out our red team with internal pentests. I am level 9 on THM and just started using HTB as well. Should it be overly difficult for me?

I wouldn't think so, I took it a long time ago, seriously, and it was basic

Is OCSP sufficient to land a job?(without uni)

That's good news! Obviously like to hear that from someone who has expereince and has actually taken the exam lol

without any IT experience? depending on location, you'll be looking at IT help desk, entry level IT, maybe soc analyst

Yeah I was just wondering how far winning it from advent of cyber could take you

it would be a big boost

yeah ofc

@graceful hazel Definitely still have to pass that exam after you (hypothetically) win the course though, unfortunately it's notoriously a reasonably difficult exam

I only have a 2yr and a handful of certs. Its possible to land a good job, it just requires a lot of work (personal and professional development, technical knowledge, other qualifications, and applications)

yup and you only get a month of lab time so I'd definitely practice before taking OSCP

100% THM, HTB, and OffSec Proving Grounds are all great prep

I'd use THM for knowledge growth, HTB for final sprint exam prep and OffSec official boxes on Proving Grounds for mock exam

some great advice here, I'm someone trying to switch to IT from a a non-IT field (supply chain) and planning to go the route of A+ -> N+ and then Sec+, I am hoping that is enough to land me an entry level job in the field

A+ and Net+ are usually enough for entry level sysadmin, provided you have a jr college course or two on linux or windows admin

If you can explain what a domain controller is why its used, that would also be a great interview prep question for SA

thanks for the advice, I'll look into taking a few courses on linux/windows admin

is this advice US specific only? I'm in Canada and wondering if the path is similar to begin an IT career

I don't have any experience with what would be different in canadian IT - I'd imagine entry level tasks are largely the same everywhere.

thanks

Only difference I can think of is CompTIA certs like those aren't part of a required list for a public sector job in Canada, not like with DoD in the US. They would still help show your initiative though

CompTIA isn't on required cert lists for DoD? Pretty sure Sec+ is on more than a few reqs for contractors

You misread (and I should have typed it better, corrected).They aren't in public sector job list in Canada. They are in DoD US

and CEH seems huge in India and it is on the DoD cert list for the US but outside of that...

should I stress before eJPT with the rank I have on tryhackme?

Have you gone through the PTS material?

I'm going through it, I set the exam in 3 weeks

is it enough?

If you go through all of it you should be fine

okay thanks

The exam is open book and you got some time to do it, so there's a good buffer of time to do just-in-time research

are there any machines that resemble the exam?

que

t h o n k

why is that shift allowance like 500% of the basic salary

sounds like a third shift compensation

that is a hefty allowance

https://tenor.com/view/fall-asleep-falling-asleep-sleepy-doze-off-dozing-off-gif-10742301

That's why.

Why are there over 200k people in this community according to stats but my understanding of supply of cyber security workers is scarce? Maybe 200k isn't a lot.

the supply of mid level/senior cyber security workers is scarce

i think that was thier whole game so that other company would not copy their template of labs/presentation

Yup

just purchased it a few days ago 😆 , was hesitant but in the end it was a no brainer

Most of the people in here are young people aiming for a better carrer in Ethical hacking/pentesting .

Anyone have link to professional reporting template for real client?

There is a sample pentest report by Cybermentor

https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report

270k accounts on Tryhackme compared to the world at large that’s pretty small. You then have to account for how many of those people will continue their education and knowledge more than say 0x4. Probably a good 10% - 20%. Then out of those people who will actually get a job and continue to be part of the very small infosec community that actively contributes to research and defense which is pretty small.

Any one have thoughts on SANS certifications and the organization as a whole? Thinking of taking this program to supplement my career journey into Cyber since I already have a degree. https://www.sans.edu/academics/undergraduate

@languid hearth

SANS is great, Montgomery College is a great community college system. I will say that myself I am more of a traditionalist when it comes to school but an AA from MC and BS from SANS along with the certifications will take you far

although alternatively if you already have a degree (sorry missed that), i'd look at their graduate certificate or graduate degree. I'm kind of anti getting a degree to break into Cyber but SANS is kind of different as their courses/certifications are pretty well respected in the industry as a whole

GSEC is good if you are totally new to CyberSecurity, GCIH, GWAPT, GPEN and GCFA are all great certs (I'm not familiar with GCIA so I can't speak to but looks solid)

And if you missed their graduate certificate, this is it: https://www.sans.edu/academics/certificates

As far as immediate usefulness - I think Jr colleges and community colleges are a great place to learn how to be immediately useful to an organization. More long term, the value of a BS and terminal degrees cannot be understated. You want that bigger payday? Get that next degree. There are a large number of reasons for it, but in general, higher degrees = better ability to put thoughts down on paper for other people to understand. Most of the community college and jr college graduates do not have very good writing abilities; writing a coherent report and building documentation is the easiest way to provide HUGE value to an org

I mean you just use a template broski a majority of the people I know making over 6 figures now don’t have a degree. It makes it easier to get a job, I don’t think it honestly has any affect to your job however

average lifespan for most tech and IT is 2 years at the same job - that's a lot of paper that gets shuffled around

already in a job and don't plan on moving? great, don't pay for that degree unless the job tells you to, or its a requirement to move into the next job you want

after a certain point in your career your degree doesnt matter and who you have worked for in the past can vouch more for you

I think its relative

youre basically pushing people away from community college and jr college to get a cheaper education that does the exact same thing

i'm speaking from my perspective and experience - after a certain amount of time in the workforce, i agree with you 100%. A lot of recruiters won't look at the resume or CV without particular keywords. I'm not saying that jr college and CC isn't valuable; I'm saying that getting that next degree or progress towards that degree may be a requirement to move up or to change companies for that next promotion. For example, to go from a system engineer to a system architect may require another degree. If a company denies a promotion once, time to consider the situation at that job. denies it twice? I think it's time to move

a degree is honestly more valuable later in your career

especially if you want to move into management

feelsbadman got 4 years left

it really depends, like my company hardly hires anyone without a degree... even our IT help desk has people with BS in CS

damn

and if somehow you do get hired... you are kind of capped without a degree

except if you have military experience but even then

A lot of it is dependent on the organization. If an org isn't willing to invest in making you a better employee, be very leery buying into whatever 'loyalty to the company' party line is common

yeah my company basically puts tons of people through school, masters degrees, some bachelors degrees if you don't have and certifications

but competition is pretty stiff, and we get way more applicants than jobs available and they have a robust college intern program to get people in

damn thats sick

Thats what i want to do 2 study for 4 years than follow a 2 year program at a big company near me

Greetings everyone, I am posting here to get advise for job hunting in the cyber industry. I am currently set to graduate this month with a masters in cybersecurity engineering and am studying towards getting the security+ certification. I have not held a job in the cyber industry yet and have been applying anywhere and everywhere trying to get a potential job lined up for after graduation. I am wondering if anyone can offer advise on job hunting in the industry or any potential positions they know about that are out there I can apply to.

Thank you all and have a wonderful day!

Start applying now for internships - I'm assuming you don't have any other IT on your resume? A lot of (the better) companies use internships as a recruitment tool, so it's a low-risk way for them to try out potential employees. Your degree should get you a step above entry level in a SOC, it really helps to know one or two tools reasonably well, so having a home lab is a huge plus when interviewing

I worked for 2 years in the IT industry as well as some internships and part time work during my undergrad. All the internships I come across don't start until May/June while I am graduating in December.

you are starting your applications really late

can anyone give advice about the pivoting in ejpt i heard its nothing like the course

I have been applying to places since September

for June hires as a new grad, you start looking in december/january - for december/jan start, you needed to start looking 2+ months ago

if you aren't getting interviews, i'd recommend working with a recruiter or your campus' student careers office to help re-write your resume

get your employer to pay for the courses, they are costly.

what is 0x4?

try hack me rank, you have 0x1 for example

Oh, how many rooms or questions do I have to complete to get to 0x4? I just started December 1.

"0x" means that it's in hexadecimal, so when the number 10 comes up, it is changed to A, so someone with level 10 will have "0xA"

not too many, I got up to level 8 in less than a week, and haven't progressed further

follow the beginner's path and you'll get many points and get better

My goal is to complete everything. Think I can do it in 6 months? 3 hours a day.

It's possible if you do it regularly

Well... Not really. New rooms are being added all the time

But thats a good thing! Theres always more to learn

Thank you. Absolutely my employer gives us up to $10k a year for education. Will definitely go for more education. Everything about Cyber is very engaging!

Thank you so much for the advice! I'm really looking forward to changing careers so that helps.

I’d also say it is even earlier. I’ve heard companies are sending offers in august/September for June hires. My company closes internship applications in November for May/June start.

Good luck

I would take your security+ as soon as possible. Certs weigh more heavily than a masters for someone with no experience trying to get an entry level position. Also, no doubt it is going to be tough due to COVID. Also lots of companies don’t truly start their new budgets until February. Apply to everything and anything entry level IT. SOC analyst, IT help desk, etc

Has anyone worked in IAM and could answer a few questions in dm?

You’re going to get a quicker and better response if you just directly ask the question

I'm not saying a help desk position is bad but wondering your honest opinion if you think a help desk position is a good position to apply for when it comes to wanting to get into working in the cyber industry? Do you feel its a good way to get into a company and then work on certs to move up?

maybe not the best way to move up, definitely a good way to start your IT career

It is a good way to get experience in IT and a year in help desk is a good foundation for other positions. The goal is to get you a job and recommend you work on your certifications

I also think it's really beneficial to work in another IT domain before jumping into security full-time.

Has anyone bought WAPTX or WAPTXv2?

I have heard if you buy the first one you get the second for free

Do you have a reference where this is mentioned? Because, I'm sure people would be interested in checking it out.

I don't, I have heard it somewhere arround the office, maybe they bought the WAPTX before WAPTXv2 was released?

Is it worth buying over WAPT?

That sounds plausible, as a free upgrade.

Considering everything has shifted to INE this is probably different now

True... but you can download the contents of this courses and then buy the exam

Its really easy to find the content

@distant pier did you take WAPTX?

Perhaps now the update applies to the exam voucher.

I did not take WAPTX.

mate, thats piracy please dont discuss it here

Ok sorry

not only is it illegal you wont get updated course material, access to videos, or labs

Daam

Please read the rules and understand them. 🎄

Ok

But, did anyone take the WAPTX exam ? Is it worth the money? Is it hard?

I dont feel comfortable answering your question as youve already said you will illegaly obtain the course materials

mileage will vary for each individual depending on how much you know. If you've taken AWAE, probably not. If this is your first web app cert, probably so.

els has very little respect in the industry, 19 current jobs in the u.s. on LinkedIn asking for waptx, vs 100 asking for oswe

LOL, tell me where did I say " I will download the course illegaly " ?

“Its really easy to find the content”

Lol

take my advice, drop it right now. you're a mods notice away from getting yeet'd.

And? Does that mean I will download it? Hell no

If you work in a cybersecurity company they'll pay for your certs lol

And learning material

Oof

From what I have heard its a pretty nice course, content wise ofc

True true I just read the recent stuff

You can probably find stuff about any certification on the internet, its the internet lol

Everyone knows that

What supuki chan said about the course and all. Thats good advice

But people straight up assume you are promoting piracy lol

no mate

its the point that your discussing it here. That's a no-no. This is a partnered Discord. you we're told not to, yet you continue.

dont act like you didnt do that lmao

you straight up said contents of the course

dont be modest now that mods are here mate

They're dealt with

Okay maybe I asked a generic question last time. So specifically I am focusing to get a entry level Cyber Security job (Penetration testing is what I am interested and want to do) Is preparing for OSCP good to go? As I am in Final Year and will graduate in 6 months 22 days and my resume gets rejected (Prolly have to work on this). Or are 'skillsets ' enough to land a Entry level Cyber Security job as one wouldn't give specific domain role at the start.
Thank you!

Certifications are one of the best ways to get an entry level cyber security job. And to be fair, lots of entry level cyber security jobs aren't entry level jobs. OSCP would a great start but you'd still probably be looking at things like SOC analyst and potentially IT help desk or IT sys admin

Pentest is almost never an entry level job - done wrong, it can cause horrendous outages and have a huge business cost. I'd suggest getting into the org in another IT role and building that trust to get that buy-in that you can be trusted not to break stuff

look through the job boards for the job you are looking for, they will list different "requirements" or things they would like, it would give you a good idea since every company is different

Haha I disagree it’s beginning to be more common for more entry level jobs for pentesting to pop up it’s still not crazy common. As he is going out of college he probably has one of the best chances to get a pentest job out of the gate

I see but the money is also the issue as I don't want to ask the same from my parents and want to invest with myself. So I was thinking I would do these Certs when I have an job but job best suits certs which I feel is like a paradox.
So I am also trying to get engaged in companies coming in my university(Specifically Associate software developer which is also good) so I can get started alongside learning cyber security then switch to my interested role.

IMO software dev is a great place to start for pentest - I would only recommend network admin over dev as a place to start for pentest

you'll unfortunately face a lot of rejection because "security isn't an entry level field". Which is partially true because you need to understand networking, IT skills, etc. I was most certainly an exception to that, but I digress.
You can find an entry level Security job out of college. Hell, I did it and I only have my 2 year. Be prepared to face a lot of rejection, but when you find someone who understands what it means to have gone through a certification like the OSCP, the job will likely be yours

if you are about to get a BS in compsci, i'd suggest going the dev -> route. pay attention to the SAST results your security team wants to see, and that can be a good 'in' for the security org

Noted!

I see

you could certainly do that, if you can get an entry level IT job. I went from BS in CS -> Network sysadmin, it was a good jump start into Cyber

also a piece of advice, don't be afraid to admit you don't know something or have experience with something. No one here knows everything.

If you want to do cyber out of the gate, I would look at analysts jobs as most are entry level

you can always move up from there

Thank you for the insights everyone ! Honestly I was living under a rock that I didn't discover thm earlier. But hey, never the late. I will make sure to follow all the advice and rock it and get back here and message 'I made it'.

and I'd definitely continue applying to places, now is prime time for someone graduating in 6 months

refine your resume and just continue searching

Does anyone know any company hiring junior pentesters? Location is eu/remote
Almost a year at the SOC and I really wanna change also uni student cs

Hello everyone,

On cyber careers
On your first year on your security careers what did you focused on?

Focus on clearing the fundamentals of Cyber Security and get aquanted with the terminologies and jargons.
Slowly move towards specific domains in this like programming, cryptography, Networking etc.
Move with doing CTF's - - > THM, HTB etc and essentially knowing which specific domain you want to pursue in Cyber Security and work towards getting certified and hired. I did like this and am do following this but someone experienced should be able to give you a better pathway. Cheers!

Yeah I'm not sure how to answer exactly. I was doing network admin stuff, realized that I wanted to do network security stuff so started learning that. Basically I'll say I saw what the job was, what it required and worked towards filling those skills. Which is generally a good idea, if you find a job you are aiming for, try to find a job listing for that job and work towards those skills.

Someone was looking for pentester to find vulnerability on his website. But he given the project to a coder.... hmm

Is it worth getting a CEH?

Not really unless you want a DoD position even tho they seem to be liking Penetst+ more I think it’s only good if you’re in India

I've seen a lot of US analyst listing asking for a CEH - while its not a technical cert, it's one of those that management and recruiters seem to like to see

Companies that contract with the US government will also list CEH as an accepted cert but there are better certs out there

Sec+ is now on the same list

Yeah but somehow CEH still prevails on certain job listings

Sec+ was only added to the list in the last like... 2 months or something

Yeah so may take a while for job listings to catch up

@merry hound Seriously, go for the dev positions. Show that you can code securely, get a grasp of the environment that you are working in and make contacts with the security team. Do smart things like vuln scan the software you work and that would be a great steeping stone into pen testing.

Sec+ has been on the DoD requirements list for years, I'm not sure about the rest of the US government.

https://www.comptia.org/blog/what-is-dod-8570-certifications

Ah I meant pentest plus

Howdy all, I'm trying to develop a behavioral test for some applicants on the blue side, multiple choice and easy to weed out the wannabes (like me). Would anyone have some insight as to questions I could/should use?

Ideally they'd be fairly straight forward such as Snort has produced these 3 alerts <picture of three alerts>, which would you respond to first?

With work experience of 3+ years in cyber security field, is it worth doing Masters in cyber security?

I'd go with questions that ask Why? instead of a more random pick one questions. Something to try and judge thought process instead of rote(spelling?) knowledge. What situation would you address first: a critical vulnerability on limited systems, a medium vulnerabiltiy on many systems, an active system outage, or a helpdesk ticket from the CIO.

Thanks for that - trying to see the thought process as well as make it fairly obvious. In our last iteration, we had 120 people say they were proficient at network defense and of that 120, about 10 had any clue.

I would say multiple choice is still probably a bad idea. Some idiots may pass by pure random chance, meanwhile the perfect candidate might skip YOU because he thinks your test is demeaning. Just personal feeling, but sending out essay questions, or doing inital 5 minute phone screens, or anything else really would probably work out better in the long run.

It usually becomes REALLY apparent if someones resume does not match their knowledge, usually <5 min in a technical interview

Because the word proficient is ambiguous. It is better to include a year-range related to 'proven work skill in network defense'.

People with no prior work skill will abuse ambiguous terms to their advantage. 😉

What is your goal? Is it to move into management? A MS in Cyber is generally a step I'd recommend if someone wanted to become a manager in the Cyber security arena

@slim osprey Please read the #rules no DMing without asking first, I rather you ask your quesiton here than DM me

Ok, Why do you think MS is towards managerial role, won't MBA qualify for that.

I wanted to move towards research and developement.

Career wise, MS in Cyber is thought of a management move, generally MBAs are pretty rare in tech but you'll find a few, MS Cyber, Comp Sci or others. For research and development, you can do some of that without a MS depending on what you want to do. If your goal is research on things like cryptography algorithms for instance, you would more focus on a PhD in potentially Comp Sci, maybe mathematics, again depends on the area

Zojja, do you know of any countries in which that's not exactly the case? I've moved away from the idea of doing a MSc, but every now and then I see some practical roles (like pentesting) that interest me which have MSc as a nice-to-have, and sometimes even as a requirement.

I live in Greece, forgot to mention. I know you should take stuff in job postings with a pinch of salt sometimes, but a MSc seems kinda important

I would think this is mostly US/Canada. And if it is not a management role, but a lead role, it may have sense to potentially list MSc. I can't speak for other countries though. I'm not sure why they would want a MSc for a pentesting position

it doesn't have to make sense 🤷‍♀️

thanks 🙂

Thanks 😀

Hey all

After trifecta, what would you say, next go and do cysa? Cause its more hands on and so on?

trifecta?

OSCP

A+, Net+, Sec+

ahh

Whats OSWP like?

easy

I would say depends on your goals but OSCP is a good option

its a nice weekend course

May add it to the list, looks fancy

i don't mind sharing my notes if you're interested

Interesting

Lemme finish OSCP first then I may hit u up 🙂

You know i have a problem. I dont have 1 path i am in interesting

its enough to get you through the exam, but you'll be missing out on the theory

do you currently work in IT/security? what are your goals ?

So its harder. Done aws ccp and liked cloud, started sec+ and loved it.... need more experience, hands in

if you expect to do cloud, I'd go past CCP, I'd consider that more of a manager's cert because it is very basics

I am IT field engineer. 2 years experience, no security or cybersecurity at all. I know will need to start from entry level jobs. Dont mind. But still. Everythingnis interesting to me

OSCP would be good all around honestly

I'm going to do it next year even though there is 0% chance I'd ever be a pentester

Hey, Is it important to renew ur comtia certs every three years ? Like do have to take if off of ur resume or like as long as u passed the exam and got the cert u can have it on ur resume even if it expires? If so whats the point of renewing ? do people ask if they’re expired or anything on the interviews ?

Or any other cert in general

I think it is more about what your goals are or other certs you have. I still have CCNA (expired) on my resume for the hell of it but ...

OSEE looks hard, Advanced Windows exploitation, nah nah nah Im good

imo, not really worth it to renew unless your job wants em current

Yes i did wonder about renewing. Bet loads dont ask

and I'm pretty bad, I have never renewed/kept up to date a cert, not even CISSP

Got ccna coming up to renew... but I cant be bothered - want more cyberz certs

ccna cy ops!

yeah I wouldn't worry about it unless your goal is network engineer

Ah thank you all

Like comptia , £150 and i think 6 hours study and you can renew your highest cert so all others will renew

just be aware that some certs do rely on others, like I was looking at the CISSP architecture one (which is newer) and I'd need an active CISSP... which I was like damnit guess not

I just got mine, so still 3 years to go. Will notnstop at what i have

just be aware that some certs do rely on others, like I was looking at the CISSP architecture one (which is newer) and I'd need an active CISSP... which I was like damnit guess not
@pseudo creek good to know thank u

same with some of the Cisco certs as well, they require a CCNA, so I'd check on your prospective certs before not renewing a cert

Not really anymore, even CCNP can be done without CCNA

GIAC GCIH for me soon

I know my husband went for the IIOT one and it required a CCNA

Oh ok

but weird CCNP doesn't require CCNA anymore

How many hours study are people doing a day

I am 4-5 hours a day, today like 8 hours and my eyes hurt. That might all change when cyberpunk comes out