#cyber-and-careers

and then once signed up, you can find the course content here: https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student

thank you!!

How are the exam labs compared to the black box labs in the course, in terms of difficulty? (eJPT)

hows the eJPT exam

like what do u have to do init

after completeing the course

from what i remember, it's around the same difficulty as the first blackbox lab

you get given a network range, and you have to find the ip's that are active and pentest them as normal
then there are 20 questions which you have to answer based off your findings in the pentests

such as "what company does user x work for" after dumping the database or something

from what i remember, it's around the same difficulty as the first blackbox lab
@static tide how big is pivoting ? Cuz i saw Johns video and he said its a big part of it

ooh ok thx

uhhh very little, as long as you do the lab that they provide on it, that's all you need to know

Blackbox 1 and 3 were quite easy. The #2 was, imo, the hardest one.

Agreed

@stiff kiln only pivotting they cover is thru metasploit

John mentioned plink

Plink is not even covered in any way, shape or form

But if autoroutes all u need im not complaining

Plink is another way, along with ssh tunneling sshutle etc.

I never took the exam, but planning on it.

Good luck

I just dont see them covering a topic on the exam that was not covered in the material.

Autoroute is cheesy as heck. I prefer to use ssh tunnel/port forwarding

Yea if ssh is an option on the compromised box and u have creds

#3 you are able to do with ssh

With dynamic port forwarding

But, it is generally less hoops if you do have ssh creds

Did you finish all the blackboxes?

Yes yesterday

What are your thoughts on 2?

Was stuck on the second one had to look at the solutions

#2 was the longest and the hardest out of all 3

Definitely

#1 was the easiest

I still need to finish a write up of 2 and 3

I slap everything i find with a bit of explanation in cherrytree

What was your source on php command line navigation, if i may ask?!

For that web server

I need to revisit that

Which one are u talking about ? U can Dm if its like a spoiler

Basically, commands to get info were something like (system:("whoami") of that nature.

Im guessing php system commands

After you gave admin1 or whatever privilege thru mysql server

Ah the second box, yea so what a about it ? Sorry didn’t catch ur question? U can check the system function manual in php There probably are other functions that run system command in php like exec()

Basically u pass the command and get the output thrown out u

Percisely that. I didnt feel like that was covered in any material

As i said i had to look the solutions on the second box i was struggling alot 😆

But yea I don’t think they covered it in the material

Thats where I got stuck initially

To be honest, i never completed that box after that lol

Sqli is probably my weak point

Not sure if you know this but I learned a nice and quick command to sort thru cidr notation for open servers

fping -a -g <cidr> 2>/dev/null

They did cover that

Thats what i used to

Too

Nice clean output of open servers to throw to nmap

Nmap didn’t seem to find any

Initially I didnt do that and went the longer, messy route

Nah i used fping only its hella fast

And i wrote a script in python to || grab the names of the source code in one of the pages ||

Dunno if thats a spoiler

I just need to not jump in the first hole I find on the exam

And enumerate all before doing anything

I tend to do that lol

I’ll probably use rustscan or masscan to scan all the ports then throw them into nmap for detailed enumeration

I just remembered my first wall on 2nd box. I forgot that they said to move on from a server if you got nothing

I spend quite some time trying everything lol

Then moved on and found creds within 10 minutes

Hey

Someone who have the roadmap for network security

I like network and web security

Level 0x7

I suck at webdev (django) (most because of no experienced person in team), none of my code has ever been to production, never hosted a server (I guess I can but it won't be production grade). Taking a break from work, got 1 year exp under my belt, and am currently fascinated by security. In the past 4 months have done some 50 rooms, almost all machines with help from walkthrough. What do you guys think? Do I have the aptitude? Any tips?

If you have persistence, then you have the aptitude for hacking. Definitely stop using hints and walkthroughs, start doing the CTF rooms that require you to get user and root with no hand-holding. Doesn't matter if it takes you 2 hours or 2 days to complete a room this way, the skills you'll learn from problem-solving in this fashion will carry over into webdev as well.

I think your persistence is well suited to a career in security.
However, I believe that development experience is essential for a security job. When giving feedback to developers, you need a lot of knowledge of Development.

I recommend you keep on developing a little bit more.

I have some questions which I'm sure were answered somewhere in the past, but I would really appreciate if someone could help me.
Quick summary: I'm a designer & common IT guy, unemployed, with passion for pen testing.

Questions:
• Is it better to obtain a Cyber Security Bachelor Degree rather then a Computer Science one if you intend on following that path?
(since computer science does not cover a lot of the required topics).
• If you're country does not have a University for Cyber Security, would it be wise to pay for a Online Cyber Security Bachelor Degree?
• I'm close to 28 years, and I know that field requires a lot of dedication and work, I kind of think I might be to old to start. what's your opinion.
• Which Cyber Security Field is more demanded by companies nowadays, if there happens to be someone who works in that field.

What if you’re 134?

@warm hinge it’s better to have a degree at all. And then supplement that with cyber security certifications

Although zojja actually works in the field so I’ll let someone more qualified give a better answer 🙂

So I will say from the US perspective, CS vs Cyber do not matter. Cyber is a newer degree but most people entering Cyber have a CS degree (and some have something completely different) I will also say that getting in, a degree will matter less than certs. A degree helps in a lot of situations but if you have some IT experience, I'd look at getting some certs if its in your budget. What certs depend a lot on your location, I'd look at various open job positions in your area and see what they are asking for.
It isn't too late to start ever.
Blue team roles generally will have higher demand, Soc Analyst, Security Engineers and growing need for Cloud Security Engineers.

Oh but no it’s not too late. It’s never too late. You can switch careers whenstever you want if you’re willing to put in the time

yeah, I'll say when I was getting into Cyber, there were people in their 60s getting into it

@pseudo creek In my local area there are few opportunities if any in cyber security, what is the prospect of remote jobs in cyber security and what job positions would those be?

and good entry level jobs are Soc Analyst, jumping into Pentesting can be challenging if no security experience

Btw. Thank you for taking the time, I really appreciate.

Again it is really country dependant... like in the US, entry level remote security positions are very hard to find

@pseudo creek I know that you said, what certificate depends a lot on a person's locations, but in your opinion
• what type of certificates are good in general and
• are there any good or specifically recognized (and credible) online places/institutions through which these certificates can be obtained?

again it is very dependent on location, like certs valuable in US may not be as valuable in the UK or other countries.

Comptia certs seem to be good but people think they are mostly valued in the US

OSCP is a really good cert for most countries but in the US, may not be as valued as much as others for entry level

CCNA is a good solid networking cert in most places from what I hear

I’m in the UK and I got told if I wanted to move into cyber, I’d need CompTIA certs

ahh ok

hi i'm 3rd year in a computer science degree. I was wondering if anyone could tell me what kind of jobs are closest to this fun hacking stuff. my limited knowledge of pentesting is old men being hired by the company to jump over fences in balaclavas to insert USB sticks and type into linux terminals

all we get told is it's mostly software engineering jobs

well it depends what you define as fun, red team/pentesting is most closely related to hacking but what you don't see are the detailed reports and presentations.
There is also reverse engineering/malware analysis. Still may need to do reports but is more tinkering with applications to find holes or find out what the bad guys are doing

you can also use what you learn on THM for Blue Team as well, there are many analysts that study this for defense

how did you start off? this doesn't sound like something you'd find on linkedin

I was a network admin for a few years, decided to go into network security so became a network security admin then found a security engineer job a few years after that

I'm an architect now, so I'm more on the paperwork side, visio diagrams/powerpoint slides, went to school for CS

Thank you for answering, I do a lot of that atm so that's a good weight off my shoulders, the only thing I don't currently do is develop reference architectures, so I'll go a head and brush up on that.

was thinking you meant buildings lol

ha

no security architects are on the design side of security, consider how is everything put together to make a cohesive secure infrastructure

Has anyone had any experience with third party employment background checks before? I'm due to start on Monday and things aren't progressing

that shouldn't be your problem, should be the company's problem

mine has always been "company does background check -> company finishes background check -> start on X date"

Huh, I was given the offer / start date and then the check was initiated

I however can't start until it is done 🤔

that sucks, I'd contact HR and ask them about it ?

and is this background check and not clearance?

HR actually contacted me for documentation, and I'm waiting to hear back from them

Yeah, just previous employers and roles + a criminal background check

I'd definitely ask them how long it takes normally

As I moved to North America, they're waiting on the UK to do their part, but COVID

oh shoot

I just need a hug 😂

heyyy

i want to be a remote internship

...

i am searching for a company

im in vietnam

You have to be more specific than that

Do you have the ability to remote work in other countries

yah

What type of internship do you want ie pen testing, soc, network engineering, etc

i love pentest

web pentest

And honestly your best bet is to just google and research openings as that’s the same thing we’re going to do

i know programming in python , C++

i play ctf in rootme and some in ctftimes

lab in portswigger

Your best option is to just look through openings and apply everywhere

well

and i really want find a team

because im poor

i want pay daily cót

cost

so i want have a job for following cybersec

just google "vietnam internship program". I can see many companies.

Matthew 7:7 knock, and it will be opened to you.

fell thanks hhaa

If you’re looking for an internship about 90% of them don’t pay anything

Yeah

I think it's the big chance

For me

And with me chance is everything

hacking in Chat?

beacause please hack YoshiXD
#4925

😩

hack YoshiXD
#4925 please

@cobalt escarp

Thanks Jake

@sinful stirrup You're being banned, appeal @ jon@tryhackme.com

@pseudo creek by chance have you done ICS515?

from SANS

Nope, not one I’ve taken

damn, trying to get a good sense of what I should know going in

I don’t know anyone who has

Probably everything from ICS-410.

Hey there so I'm a fairly new self-study Cyber-sec student currently building skills at home. I just finished the "complete beginner" learning path on THM's site, but I don't know if I'm quite qualified to take on the "offensive pentesting" pathway yet. Is there any general advice on intermediate steps to fully build out the rest of the skill set and get the proper hours logged to be ready for the offensive track? I really want to dive headlong into a hacking career, but I'm kind of doing it all on my own. Any tips or points in the right direction for training I'd be happy to hear it. I've already looked into Cyber Mentor's 0 to Hero course and a few others advertised for Udemy and such, but I want to get the best training I can for the money. Thanks and sorry if this post is too long: TLDR: I finished THM's Beginner Pathway...Now what? (offensive pentesting edition)...ps. feel free to send me a DM too if it's easier. Thanks again.

just try to do the offensive pentesting path and if you get stuck, don't be scared to ask for a hint on the discord but FIRST do a research yourself

@vital kite i would start with windows hacking, AD stuff. Its fun and tough but fun 😀. Other than that, what alien said. Just take each room one at a time, use ur research skills and build a methodology for each port you will be enumerating and u should be fine

hi

My question is shud I go back to university or focus on certs and IT experience
Hey guys I’ve got entry level question if someone’s got the time - I’ve got no job experience in the field just what I’ve learned on my own growing up. I’m 23 with 2 years of university completed and 3 years of being a sous chef at a restaurant. I’ve loved computers my whole life so I have a very strong foundation just now getting into cyber. My question is shud I go back to university or focus on certs and IT experience

Where in IT do you see yourself? SysAdmin? Dev? Eventual management?

Nah I’d like to go into pentesting but a lot of the jobs I was looking at on indeed for cyber security were requiring it exp

Is that not common?

If ur in the US, just got to uni. It will help u in the long run. I wouldnt even think of certs without any experience if im being honest. U can try with an A+ or ccna first. But u cant go straight into pen-testing jobs

'Entry level cyber' usually requires at least a couple of years of other industry experience.

Different people might have different opinions. In my personal experience i would say go for the certs and self study instead of university. There might be some jobs asking for you to have bachelors degree but that's not mandatory. I'm in my last year of bachelors, if i had known of THM before starting university i definitely would have chosen self study instead of university.

It depends on your country, but almost case you should go back to University and get a degree.

Yea the first sentence naughty said is correct

Yeah juun I agree with the experience that’s why i think I might skip ink and just get job for experience

A large part of going to university isn't just the baseline standard of knowledge you get, it's also building your social network. All of my post-uni jobs have come as a result of the network of students and professors I made while I was there

@willow gate agreed enjoying thm a lot aswell

And sometimes u need the 4 year uni degree to promote up

Good point

the other thing about university, is that you will touch a lot more topics and have a broader grasp of IT technologies - you won't have depth on say, cisco ASA management, but you will have a better 'big picture' grasp than starting out as an entry level sysadmin or network admin.

Yea depends on the colleges program doe

If u go to a college with a good CS, cyber or IT program you will gain alot of knowledge

Most US universities have a wide variety of electives, including security

I went to a tier3 school for undergrad, a large part of what you come out of from university is directly related to where you put your effort

And if you happened to get a job chance abroad, you can't get a work visa without a degree in many countries.

Trust me, in the end its up to u. Its a big decision so think about what juun and all of them inputted

In my opinion, the university degree gives better options long term. The IT certs route will make you more immediately useful - where do you want to top out? Where do you see yourself in 5 years?

^

Exactly long term thinking right there

Is a masters cyber program worth it if its like DSU

Curious

Can you elaborate? Not familiar with DSU

Dakota state university

Honestly, I think any cybersecurity program is less useful than a straight CS or CIS program.

Because Cybersecurity programs are still brand-new and haven't fully figured out what to teach yet, and how to teach it.

Yea fair enough

Another 5-10 years of maturation, I think the cyber university degrees will be better, but right now I think they are less useful than putting a similar amount of effort into understanding DISA STIG.

Not strictly true. The Ethical Hacking degree I'm on (which is supposedly the first, admittedly) has been around for a good 10, 15 years. Now, granted I've taught myself far more than they've taught me so far, but that's not to say the course isn't useful. The lecturers know what they're doing.

That's fair - As far as academic disciplines go, it's still fairly new. I don't think that industry has really determined how to place cyber in terms of crossover career potential. GameDev is in a similar place though; even with the difference of a CS degree and a GameDev B.S. being 3 elective classes or less, GameDev graduates have less opportunity for regular developer jobs, from the anecdotal reports of my cohort.

All I know is that we have something like a 96% placement rate for graduates going into cyber, although Covid may have put a dent in that 🤷‍♂️

That's a really good placement rate. I know my own alma mater has a slightly lower placement rate, and they were one of hte first to get a federal government accreditation/grant for their cybersec M.Sc program

Might be the difference between Britain and elsewhere. As you say, I've also not seen stats for crossover careers, although I know some of my predecessors have chosen to go into various branches of development with no problems

(I did a MS in Cyber 15 years ago... but I do think better programs now days than what I did)

@undone shore is your degree NCSC accredited?

Mhm

Niceeeee, I wanted to do one of those but they didn't accredit many russel group unis at the time :((

Which is why I turned down my Russel Group offers

Hi

So this is really minor thing but this happened:

I know it's super early days and stuff but I want to know what kinda stuff I can go in with when I get to shadow and what kinda questions to ask. If that makes sense..... kinda like putting myself on their radar....

A good question is one that finds the gaps in their security coverage - often, tools won't do everything they need. Common tool functions are Anti-Virus, Data Loss Prevention, File Integrity Monitoring, host-based firewall. Some of those may not be present, depending on what security frameworks the org needs accreditation for.

Ok that's not something I'm going to know yet or most likely pick up, what about generally?

Other than the obvious

think about the things you as a user would like to do that are likely counter to management policy - things like installing 3rd party software without permission, visiting exploit-db from the work computer for research. Questions based on users playing 'silly buggers' will give you a pretty good picture of the organization and their culture

Okie dokes ty Juun ❤️

You welcome

that's awesome, definitely a big deal to get your name out there - seems like they may be trying to vet potential people and having your name in the hat is always a good thing

i dont work in a SOC (yet) so Im not qualified to offer advice, but just look at big picture when you start with questions - internal networking will be a huge part of that.
as a noob myself here are some questions i would likely ask that would probably lead to follow-up questions/some type of banter

"Who do we report to?" "How many workstations do we manage?" "How are we complying with regulations like GDPR?" "Are we in an Active Directory environment, if so where is the Domain Controller and who has access to it/manages it?" "What sort of egress rules do we have in place?""What are we using for logging; Splunk or something else?""Do we have an Incident Response team/ how do we escalate incidents?""How do we manage credentials?"

Awwww ty for this @ancient prairie I really appreciate it ❤️

@stable delta knowing the basic process for how to respond to incidents will help too, which is essentially

• understand the rule, why did this alert trigger? (abnormal network connection?)
• look for key artifacts pertaining to this alert (source, destination etc)
• is this standard behaviour? (should this host be making a connection to this address?)
• are any of the key artifacts known IOCs? (download the browser extension Sputnik)

Best book by a mile for this is: Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases: Notes from the Field by Don Murdoch. It's a condensed field guide for the Security Operations team.

I'm gonna say Quirky is a sleeper agent.. joins THM, gets SOC job 2 months later 🙂

Lmao I wish! We have a looooonnnggg way for that to happen to me!

And thank you @static tide ❤️

Thank you @distant pier ❤️

I just like to think that you are super hacker running circlers around us all 🙂

and good luck in any future job hunt

that is how Quirky has advanced so quickly

Lol you guys to realise i just know how to google like crazy and know what to google etc right?!

That's all there is to it

plus using write ups when stuck

And thank you so much Zojja

That's a great skill to have.

That's hacking

Thank you ❤️

knowing how to google is a very important skill

Im still bummed i didnt get selected for the soc gig@stable delta But thats awesome, wishing you the best!

Ive been focusing more on blue teaming last 2 months, that would have helped me tremendously in that interview

try to associate all your red team knowledge to how to stop it and you become purple all of a sudden

:( I'm sorry yoi dint get the role Alex. Hopefully another chance will come along! This will probabl be just a couple of hours on zoom being shown everything lol! But ty anyway ❤

Its ok. Ive moved on haha

Haha well I hope you're successful the next time round!

Got a call yesterday for a SOC analyst interview. I know it doesn't really mean anything, but I'm happy to even get a shot. I'm such a noob and I feel like I don't know anything, but among other sources THM has been one of my favorite places to learn about cybersecurity. All of you are such an inspiration, so thank you!

Congrats on getting the interview 👍 Best of luck with it

Thanks!

getting an interview is awesome

for real that is awesome! keep us posted on the journey

Good luck!

good/bad results aside you can always learn something from interviews and should be improving/working on those soft skills

Definitely means something cause you won the game of getting through HR's filter (that task by itself can run its own war in the job hunting world). Obviously a computer thinks you're competent enough to do the job. Now its about convincing the employer of the same and that you're a good person to work with.

For some reason I'm not too worried about being able to convince them of my good character, but more so of my technical abilities. The time reserved for the interview is 90 minutes, which to me sounds quite long, so I'm guessing there will be some sort of technical problem to be solved.

yeah 90 minutes is a bit long

but also good, it means they are willing to spend that much time with you

That being said I don't know if there are multiple people interviewed at the same time

Handling a SOC is a group effort, afterall

And it's ok if they throw you a question that you don't know the answer to. It's a good opportunity to show how you approach a problem with no clear answer and your thought process behind it. It could even be the point of the question they ask.

Are there any incident responders around? I start on Monday and would love some advice 😃

If you people have any ideas/resources that could help me prepare, I'd be thankful. I have no hands-on experience about SIEMs, for example. I'm looking at the free Splunk Fundamentals 1 atm, wondering if it could help me solidify my understanding about things. Don't know about their tech stack, but Splunk's pretty widely used (well-known) and free to tinker with. Thoughts?

I'd recommend getting some kind of hands-on with Splunk. Nearly every single job ad I have seen has it listed as either a requirement or desirable

Even if it's just the TryHackMe room and a uDemy course, it's good to get familiar with it

Oh yeah I forgot about the Splunk room THM has

I gotta do that one

yeah and even splunk has some free training on their site

I would just ask specifically what you want to know, might be a few people here that'd know

It was more for the day to day and what to expect. I come from a help-desk background and the learning curve is going to be almost inverted

I just want to prepare for the role as best as I can, and spend some time with some of the tools typically used in incident response

every organization will have their preferred tools - best thing do is relax and get ready to absorb binders full of documentation

Hooray for binders!

yeah I think it'd depend what a day in life is, I did some incident response early in my security career but I was more about log analysis than anything, writing scripts to help analyze logs, etc

and on some level using things like encase to find traces of 'stuff'

Good to know, thanks 👍 The role is labelled as "Consultant, Breach Response", and I'm told it's more incident response, with the occasional pentesting in between assignments

I'll maybe report back with how it goes, should there be anyone else here looking to break in to the field

at the end when they ask if you have any questions, ask them this

ask what siems and edr’s they use

Yeah, was going to do just that

Maybe even before the end if it comes up

shouldn't you do that before? to be better prepared.

could do, an interview is for both parties to decide if you’re right

but the opportunity might not come up before

but once you know one, it won’t take too long to learn another

Just gonna note that some companies may not be allowed to tell you / the interviewer may not even know lmao

I scrolled through their site earlier and found nothing. A little OSINT and I found out that they're using SIEM by a company called Logpoint. Never heard of 'em, but I'll delve deeper.

what source did you use to find that. Noob here so im curious

Just plain old Google

Google knows everything 😅

true lol was it a literal search what SIEM does such and such use? lol

Almost. Went through some old job postings by the company, didn't find anything. Then I found some website which had a link to another website with an article that had a sentence that "Our company has been building SOC around Logpoint's system" or something like that

I don't know why I didn't think about googling earlier, tbh. I just tried to find the information on the company's own website.

ah sweet thanks for elaborating. I was always curious how a more advanced hacker would google search things (generally speaking idk how ur level is) but yeah i wanna get better at doing OSINT

OSINT is extremely fascinating, sadly it's often not the "main thing" in many cyber related jobs (as far as I know)

find people that work there on linkedin, lots will have it listed in their description for the job

thats good to know and yeah its fascinating to me too

Yeah I tried that route too, most of them had something very generic like "SIEM" in their listed skills

In case you're interested in OSINT, one of the best sources ever is Michael Bazzell and his book "Open Source Intelligence Techniques"

I think a new edition just came out. Haven't read it, but if it's as good as the ones before, it's worth it's weight in gold

Which is a lot, since the book has like 1000 pages

:D

Also Bellingcat's OSINT investigation kit: https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607 (Mods please don't shoot me if no links allowed)

it was in good faith hopefully not shots fired LOL

looks fine to me

I trust ^

Is Security Onion used much in production enough where you could substitute experience with that for Splunk? I've used both and outside of the templating, ubiquity and overall ease of use for Splunk would an employer still look favorably on using SO?

any skills that you can bring will be valuable

if they use splunk and want someone with siem knowledge? sure. if they want an expert with splunk? probably not

we use

• Falcon (a frontend for Splunk)
• Sentinel
• Splunk
• Corelight
• ELK
• Tanium
  and a while bunch of other tools

honestly, enterprises get new tools added by the day, and it's typically your EDR solution + A log aggregation platform (like Splunk) + Dealers choice

If you're not strong with (lets say) Splunk, but you can use Bro/Zeek and you have access to the raw logs, by all means use it. It's free and if it'll get the job done faster, go for it.

It'll definitely be a lot better than searching through 6-12 months worth of indexed data

It’s really not you’ll mainly see it during recon in red team ops in normal security positions but there are also positions that focus only on it like cyber investigators normally work for agencies or departments. There are also threat intelligence jobs that can focus on Osint it just depends on what you look for

What about the other EDR tool that you guys just got or did you already get rid of it lmao

that was falcon

lmao is it really just a splunk front end

we still have all the others

YEAH

IT IS

sounds like the tool soup that everyone makes

lmao

tl:dr grabs security, event, audit, command logs

super easy to search by hostname

but it's legit a Splunk box with a fancy frontend

True, I know I was kinda cutting corners with my statement

cool thank you guys, I figured knowing the ELK framework at a bare minimum would be useful

Splunk has had a major learning curve in our environment. It is collecting a lot of useful data, but writing all of the statements to parse it is a nightmare, and most of the prebuilt dashboards and stuff are not nearly "out of the box".

hey everyone
i have question
how can i by pass payload using apktool in kali linux

you might want to try #infosec-general , this is the careers channel

Hey everyone. I have a strong background in sales and have some nice psychology certificates. I have been able to make a lot of people give me extra info and open my files in my career. Do you think I can shoot for a Social Engineer and if not, what should I add to my skillset?

I don't think Social Engineer is a role in itself

Yeah I suppose social engineering is a part of red team operations in general

There are some Social Engineering jobs in detective agencies etc

What can I combine it with then? Knowing that I am not an engineer or a developer (could learn some skills tho..)

Hacking knowledge is a good plus for this job

Red teaming.

more THM rooms it is then... 😄

any certs you would recommend?

it's certainly not the most important thing, although if you did, you could aim for security roles

the easiest path eJPT > OSCP > you could get a job at this point

I will research that, thanks!

Tips for starting your (not only) cybersec career by @warm hinge

Network with professionals on LinkedIn, at conferences (when permitted)
Engage on Linkedin and post meaningful content
Start a blog to show your skillset, (hiring managers lurk a lot)
Bypass the ATS by networking with hiring managers

How to stand out among others? Display:

1. Relevant technical skills, (can you demonstrate skills that are used within the role)
2. Soft skills (How do you write? how do you interact with people?
3. Passion (how dedicated are you to your own personal development)

Is it more beneficial to learn defensive security to learn how to protect systems or offensive security to know where they are most vulnerable? I'm just entering the field and was wondering if I can get some pointers on where to start.

Defensive in conjunction with offensive security, meaning 1. How to create defensive measures, 2. How to harden endpoints and networks, 3. How to monitor and respond, 4. How to hunt for threats actively (instead of waiting for a compromise to occur), 5. How to actively attack/bypass defensive measures, 6. How to find solutions for vulnerabilities and suggest/implement mitigation strategies.

The core function of a Red Team (offense) is improving the defensive posture of an organization/making the Blue Team (defense) better. That's a good context in which to look at learning defensive/offensive security together, I think.

Thanks! This really helps shape what I'll focus on!

Hello everyone. I am a (soon-to-be) 14 year old hacker and pentester. I love cybersecurity in every which way, and I have been interested in it for quite some time but only recently (6 or so months back) have I been able to really get into infosec. When this year started, i set out to have a certification by the end of it. I first wanted to try OSCP. I knew that you have to be over the age of 16 (and have consent from your parents) to be able to learn the course and attempt the exam, but I also knew that with enough proof of knowledge you can in fact get into the course and attempt the exam at a younger age. I knew that the exam will be quite hard and that I will need to have a LOT of exposure and knowledge in order to have a chance of being able to learn the course easily and have a chance of passing. After some thinking, I realized that the best course of action would be to try and get another, easier certificate aimed at less knowledgeable people. This will give me the experience needed and will help get me into PWK and OSCP in my intended time frame. I came here to ask what certification would best suit my needs. Currently I'm thinking of eJPT, but I'd love some opinions from the community on what the best course of action in my case would be.

eJPT / eLearn / Comptia will probably be your best bet

that's what i thought

which Comptia certificate do you think i should try?

there are a bunch haha, kind of confusing

eJPT is the number one candidate but i want to have a few more options

network+ or security+ imo

thanks a lot

I think I'm going for eJPT first

and if that works out well I'll look into comptia

I’m gonna be straight up if you’re really that young low key screw certs though

just absorb knowledge

You’ll be worth a lot more to a company IMO as I have first hand experience in that

can you elaborate?

dont!! skip!! networking!!

that's why i think I'll take network+ if eJPT goes well

Ok this is kind of a hard concept to explain and some might disagree with my but I personally think that you should focus more on practical aspects and simply learning as much as you can rather than just chasing cert after cert. in the long run you’re going to have a lot more potential and knowledge. Also being so young you’re typically going to be looking for internships which don’t usually care as much about certifications. In the end you can put your self in a position that is much cheaper and you get a lot more out of it. However like spooks said there a few things in which if you don’t already understand them like networking you will need beforehand. it’s honestly a matter of preference. I wouldn’t waste your time with things like sec+, A+, CySa+, etc and if you really wanna focus on certs focus on practical ones like eJPT and eCPPT

Also with OSCP being so young you genuinely don’t need it and it’s a lot of money to fork out so young

let alone they might not even let you into the exam

That’s just my opinion being someone fairly young in the industry who has put themselves into a very good spot in terms of education and finances

yes of course, I do agree with you in regards to practical aspects being a lot more important. my goal isn't to just acquire the cert and call it a day

I have experience with practical learning and how effective it can be

i tried taking courses or reading on infosec, but it just really isn't the same or nearly as effective as doing a ctf or taking some skill you want to learn and try applying it in the real world (for example, learn about c2 servers by making one)

thanks for the advice everyone, this gives me a much clearer view on what my goals will be

I see several people have a CISSP role on this Discord. Can I have the role, too?
I can show my Cert to THM staffs if required.

How important is development experience for a job in IT/security? I have some professional web development experience and have a web dev job lined up but I honestly can't stand it. It's just not my cup of tea as a job. I like programming more as small bite-sized projects (like automation) instead of day-in-day-out.
I have a degree in Computer Science. Starting out at a NOC/SOC as a "ticket pusher" or helpdesk work would be no problem at all.
Currently working towards the Security+ and planning on getting CCNA after that.
I guess my real question is: how hard would it be for me to get a job without the development experience?

You don't need dev experience to get a job in IT

The deeper you get into cyber security the more programming will be important

Depends how far you wanna go

The Security engineers that can write their own exploits and tools are highly in demand

Writing own exploits is more low-level work though, correct? I don't think knowing TypeScript will help much there.

I don't think it's the development part of the job that I don't like. I think it's the web part of it.

Honestly you don't to do development if you don't want to, some people do, some people don't. I found scripting (perl earlier in my career, python now) a bit useful for some things but I'd focus on other things if that isn't your jam.

@cerulean harness done

Thanks!✨
"I act honorably, honestly, justly, responsibly, and legally."
https://www.isc2.org/Ethics

hello i'm looking for a job to start my remote career on cybersecurity plz any help, and if anyone is freelancer and wants a colleague or also want to start freelance please contact me.

Just bits of advice, you should write (1)your work experience (2)your degree (3)your country
in such a post.

Do you recommend the training for eJPT?

most of the stuff the cert covers seems relatively basic, that you can do it without taking special material or such

oh wait lol

if you take the course you don't need to do the exam

(i think)

The course is free, you pay for the exam and you can't skip it. The exam is a good idea, because it will mentally prepare you for further certifications such as OSCP

ah i see, i didn't want to skip the exam. after doing some research it seems like eJPT doesn't have a course? it looks like they have partnered with ine.com and are reocmmending unofficial courses that are good to learn before eJPT

it doesn't seem like there is an official eJPT course

the exam looks alright, i mean all of the topics are ones i already have experience with/pretty alright at

INE and eLearnSecurity are the same company

and it's the official course for eJPT

yeah they're easy, although you didn't practice them in a stressful exam situation that shows your knowledge

oh haha

ah i didn't know it was the official course, i misunderstood

that's great, i'll start on it soon

it looks like i don't need to get the 2000 dollar pass to get access to the course lmao

yh it's a bit confusing haha

yeah lol it's always gotta be confusing with infosec

but not at the point of start

I wonder how many people got discouraged because of the $2000 price tag on INE's website, without a straightforward message that the PTP course is free

ptp isn’t free

I know I would have been

Oh sorry, the course for eJPT

Would you say the course for eJPT is good?
(I have no real ‘work experience’ for IT, so I’m trying to learn as best I can)

yes it is good :)

Yes, it would be good for your without prior experience, as it explains everything from the beginning

Oh wonderful, thank you!

Good luck with it 🙂

Thank you, there just seems so much to learn

It'll get easier soon, you'll see

a 2000 dollar bootcamp with every elearnsec course compared to a 9000 dollar bootcamp unheard of bootcamp with a buggy site is nowhere near discouraging

on the standard, ine is great

Do you think that someone taking the eJPT without even knowing what hashcat is would even take into consideration paying $2000 for a $200 cert?

Even OSCP seems more reasonable to a person like that

yeah i guess

the only reason im taking eJPT is to give me some experience and proof to get into oscp in the future

yeah that's what I did

it'll generally help i mean it's a 200 dollar exam with a free course, and it's a practical exam as well

any tips for it?

unlike ceh haha

how long does it last? i hear you have to hack into a "corporate like network"

so is there gonna be any network stuff

eJPT material is free.

yes, we know

im just talking about the exam and the 2000 dollar ine pass

do the labs, take notes from them, pass

ez

that's what I did hahah

3 days

free labs too?

non proctored

20 questions to do with the lab you hack

all the labs are free with the ejpt yes

3 days labs oof

3 days for the exam

hey at least it's free

bruh

so how does it work

is it a flag type deal or what

how many boxes

no yoy get questions about the network

i apologize for my curiosity

which you’ll only know the answer to if you’ve hacked it

that sounds easy

oh

so it's like a flag

but indirectly

yeah eJPT is all round easy

basically yeah

20 questions

3 days

not bad at all

report style questions?

i wouldn't think so

questions such as

It's similar to TryHackMe actually

“what is user A’s password” after dumping the sql database

rip

that's really easy

that's super easy

that gives me a lot of confidence

im smashing through tryhackme at the mo

is oscp anything like eJPT? (lol)

That's why you should take the exam

Nope xD

everyone does that at the start lmao

eJPT is like kindergarten for OSCP

😄

yeah it's like

ejpt

eccpt

then highschool

which is oscp

eccpt is like oscp

ecppt i think

or is it eccpt?

stupid names

so you said ejpt is free and you just pay the exam

or i the course included with the 2kt hing

the exam is a couple hundred bucks

nothing much

idk the one with many c's and p's in the name

cppt

elearnsecurity certified profession penetration tester

man that is one helluva title

xD

sounds stupid imo

yeah lol

i was being sarcastic

oscp sounds a lot better

yeah

it professionals want more letters after there name than doctors thats all it is

makes business cards look snazzy

John Doe: Certified Professional Penetration Tester

very much so

nono

phil mycrakin: eccpt, ejpt, oscp, owse, ceh, etcccccccccccc

@fringe spade ooh you taking oscp?

John Doe eLearnSecurity Certified Professional Penetration Tester

Correct

how is it?

Cool, I'm doing the basic stuff from the PDF now

around page 200

xD

of the wopping 800 odd

damn

how old are you if you don't mind me asking?

(vertey)

16

yes

wait what

(I read that)

i thought the server was pg13

it is pg13

wdym

s*** isn't allowed

it used to be

just use the word stool

nah

lol

i use "droppings"

what did u write there

I read the base xD

man so you did the parent consent droppings

yes

That took somee efort

lol why

oh

the uhm

yeah

xD

what was the course leading to the ejpt on ine

There isn't one?

The course is PTS

ah thats it thanks

Looking for an entry level job if any ones got any leads

would be helpful if you post such a thing to indicate where you are located, what certs/experience you have and what you are looking for specifically

Where?

INE

https://checkout.ine.com/starter-pass

hello guys, do u know any advices to get professional experience in cybersecurity. I would like to get a job as a trainee but haven't found much opportunities out there

i'm studying computer science engineering btw xd

Work experience? Or an actual career

If you mean a full career, with a degree then certifications are your best bet

You can find jobs, at least in the uk, where they don't require IT certs. Just a degree or so many UCAS points (A-Levels)

But it seems few and far between, imo. Work experience though I couldn't say, it's really just a case of finding a company with a program for work experience somewhere. Or get your training institute, university or whomever to try and help you as they'll most likely have contacts for this kind of stuff

sorry for the delay, just read ur message

Ya i think going for a certf after degree seems to be one of the best options

I have been finding a lot of job offers but just for seniors and 1 or 2 juniors

im from mexico and in December i will be graduated, so I would like to be able to find a cybersecurity job before that date xd

but yeah,. thanks a lot!

i am in 11 class i am not able to give so much time to hacking because of study pressure what should i do

I'm also in Y11, you need to find balance between school and hacking

whats your stream

Try to organise your day be keeping a strict schedule f.e 7PM: Studying 9PM: Hacking

Wdym

subject

what are the subject you study

Computer Science, Business Studies and Physical Education

Wanted to take music, but it seems too hard xD

You'll probably hate my answer, but. If you're struggling to balance school and hacking you should definitely focus on school first.

Especially your critical subjects like English and Maths

You'll need, in the UK, a bare minimum of GCSE English & Maths for almost any entry-level job in the IT industry

So it's really important you get them as early as possible, so Year 11

Hi everyone, I am a university cybersecurity student. It is three days that I am wondering whether is it worth taking the ejpt before going for the OSCP and I was hoping to get some suggestion/clarification here... At the moment I don't have any certification and was considering taking the ejpt as my first cert and as a stepping stone to get ready for the OSCP (and also to have a cert to put on the CV). I already have some knowledge of cybersecurity and did some hack the box/tryhackme machines, but I still don't feel fully confident... What do you guys think about ejpt? Is it worth doing it or should I go straight to the OSCP? I feel very confused😂

If you're confident with easy and medium tryhackme machines, you can probably skip ejpt

Usually, here in the UK, jobs want a degree and OSCP

Im actually expecting a decision from Abertay University for BSc (Hons) in Ethical Hacking / Cyber Security

is TryHackMe based in UK or US ?

UK.

aaah lovely

after my degree, def gotta apply for a position at TryHackMe

Thanks, that definitely cleared my confusion 😅😊 @quick forum

yeah, OSCP is better imho

if you're already a cyber security student

no point going for a "junior" level cert like eJPT

You'r a cybersecurity student, no need for eJPT honestly. Just finish the Offensive Pentesting path on TryHackMe and finish a few boxes off TJNull's list on HTB or watch a few videos of IPsec, and you'll be good 🙂

Quick qs..shd i take ejpt in summer??..what shd i learn be4 it and any experiences pls

Take it tomorrow hahaha

tmr is exam hahaha

Honestly don't waste your time waiting for summer. It took me literally 4h to study, you're more experienced that I am, so it'll be easier

nono im not more experienced

just asking...thanks a lot ❤️

You'll manage, it's 3 days, so you could even google most of the tasks online lol

You also get a free retake, so there shouldn't be a problem

You get a free retake with eJPT? Not bad (I’m... not looking forward to my third attempt at the CompTIA A+ exam)

can i get a job

can you?

no

what are you trying to find out?

can you give me?

jobs aren't just given unfortunately, you gotta search, hone your skills and apply, apply apply

how 2 get a job at 11 years old

Yeah it's free, good luck with the exam 🙂

What's your experience? What do you offer the employer, that others don't have?

@warm hinge Are you 11 and trying to get a job?

@warm hinge Step 1: Wait. Step 2: get a job

I wanted to give him some advice for the future guys :<

i offer the employer memes

With this skill, you can have every job in the world

who wanna join my google meet call

Are you actually 11? @warm hinge

yes

oof

Ya yeet

Yeah we don't do zoom bombing here.

Considering how much of a dick move it is to teachers who are already under super tough times. Totally unethical and it just makes you a terrible person.

I literally thought about the same hahahaha

Exactly

The full saying includes 'but fools rarely differ'

That may be more accurate

lol

shots fired

I'm a high school student, I'm planning on taking a cert, any suggestion thank you in advance.

I was thinking of getting A+ but I see a a lot of people talk trash about it

A+ will get you an entry level helpdesk or deskside support job. If you have the time go for something more related to what you want to specialize in.

I'm still debating whether I should go red team or blue team. Do you recommend any networking certs? it seems that networking is really important in IT

thank you

CCNA, which is all network. I think network is a great place to start because it will be applicable to everything.

Thank you for the response, I think for now I'll be sticking into A+ because I'm still in high school and I'll probably go with CCNA while in UNI

CCNA is Cisco specific, Comptia Net+ is a non vendor specific cert. When It comes to red teaming or blue teaming, the skills of both can be applied to each other

CCNA is Cisco specific but still hugely well known, hell I've seen colleges in Scotland allow people into their highest courses if they've got a CCNA cert

CCNA is far more respected than Net+, at least in my experience. I wish that wasn't so but that's the reality.

I've read that CCNA is harder than NET+

I couldn't say lol, but I have 100% seen CCNA more than Net+

Just on job postings etc

Net+ is more knowledge, CCNA is a lot more practical iirc

CCNA has more practical exam questions, and yes it is harder. A lot of Comptia exams are mostly choice and definition memorization.

CCNA is a highly popular cert due to the fact that Cisco is an industry leader. But you have to remember vendor specific certs do have a lot of the same theory, they just focus on how it applies to their equipment and what commands you would need

I have my blog in extra-circular on my CV, should I include achievements from it (views, awards, etc)? I don't want to sound egotistical but it's a computer science / infosec blog so it's relevant :))

is the blog public? I'm down to read

of course, Bee

if I came first place in a CTF, I'd be flexin that

https://skerritt.blog

fwiw this is what's in my CV

no wonder you pay so much for your blog

i went with cold hard numbers because i felt bad

Bee how many pages do you have

1 sec

you might also like this

🤯

https://github.com/XAMPPRocky/tokei

i love this

bee do be smart

but jobless

🥺

i need to redesign my website but i can't be arsed with writing css and found no templates i like

are you offering me a job jake

$0.25 an hour

ahaha

bee i will hire you to finish all the projects i have started but not finished

Does anyone know if, or can you just paste the link to study material similar to Heath TCM practical ethical hacking course? I like how he covered the HTB boxes and I like how he chose ones that complimented each other so you learned something new and was able to implement what he taught prior

Hey guys, quick question. Is dice.com generally a good place to find cybersec jobs?

Please @ me if you're responding, this discord is wayyyy too active and I'll probably miss it if you don't. Just let me know if you've personally had good results off it.

I haven't watched them but people seem to have high praise of ippsec as they have videos of HTB. I guess what are you trying to get (and this is #cyber-and-careers, you might have better luck in #infosec-general )

if you are trying to find a cyber job, I'd put your resume everywhere... LinkedIn, Indeed, etc

Hey guys, I'm asking for some advice. Do you think cybrary is a good place to learn networking/cybersecurity skills? Do you know any other places?

i've heard good and bad about cybrary

but tryhackme is good :)

Ine.com has some free content

Cybary is good for learning networking etc but it does have it's downs but the main good thing about Cybary is that they bring out free courses for a month before you have to pay for them again

Thank's guys

As mentioned, INE is a good place to learn. I also found CBT Nuggets to be invaluable when studying for my CCNA (many years ago now)

this might be too broad but resources like cybrary /coursera/udemy tend to have way too much crap on there to justify using when there are much better free resources that are actually practical

😂 Fair

Cybrary is just too expensive for me to ever justify utilising, especially as what Droogy said there's loads of good quality free resources out there. TryHackMe is a prime example. I always recommend Professor Messer's networking videos too, all of which are free and great for learning the theory, and knowledge, of networking.

Hey everyone, I was doing research for my thesis, and wanted to ask if there was space or is it appropriate if I could post it here? as it will really help me and give me excellent insight for my masters thesis. Its based on why businesses should hire security specialists by using the 2011 and 2015 Sony cyber attacks. I was going to ask the mods but wasn't sure. Thanks

#infosec-general would be a good bet 🙂

Thank you 🙂

Where are you based? From what I’ve learnt here, is that some countries have higher regards for some certifications

Ah, right!

I can’t say from experience, unfortunately, but CompTIA A+ was what was recommended to me by a manager at work - I’m in the UK so some positions do state about CompTIA certs

If you’re a junior security engineer don’t waste your time with A+

CEH is for the most part eh but it can depend on the country and company I don’t know how Portugal is with CEH

@undone shore hallo

Mhm @warm hinge. Doing exactly what you're suggesting. Refusing to sleep without 70 points

It's a death sentence. You end up just wasting time

https://muirland.link/oscp

how many points do you need total to pass?

70

why do you need more than 70? i never seen anyone displaying their oscp score

I’m pretty sure that’s what dark did

and he failed

It's an easy trap to fall into

And those boxes are brutal

what about staying up for 18 hours, 2 hour nap, and then 4 hours to try and get as many points as you can

how many of them?

All of them...

Some are easier than others

what...

no i mean in the exam

how many boxes you gotta do

But Offsec are superb at making very sneaky boxes

sorry mispoke

Like, on another level.

i can imagine lmao

4, plus a BoF

4 boxes

24 hours

25, 20, 20, 10

that gets you up to 75 points

not a 100

The BoF is also 25

is the BOF the final 25?

so, do a ton of BOF if you're hoping to get 100 on oscp

No. Learn how to do BoF and it's free points though

It's possible to pass without it, but you're shooting yourself in the foot

why do you need more than 70 points if that's all you need to pass?

depends on the BOF's level of difficulty i assume

You don't, but you're pushing it

If they invalidate any of the points and you don't have enough, you're screwed

why would they invalidate anything?

the BOF is the only part of the exam I’ve heard is guaranteed points just do it and don’t risk it

i guess not doing the boxes the right way?

Based on the report

Reporting, or misusing a banned tool

If you accidentally use a banned tool to exploit a box then you get no points for that box

Or if you mess up the report, or don't explain it well enough, again, you lose points

It's quite possible to get 100 points in the boxes then fail on the report

dang

can i use an OSCP report template?

If it's not in the report, it didn't happen.

Most people do 🤷‍♂️

Still has to be your own words though

did you?

Mhm -- heavily edited

i mean, i know nothing about pentest reports

it's probbaly best to use a template in that case, and edit it like you did

thanks a lot on this info

gives me a much clearer view on pwk and the exam

Quick question: Is OSCP a ‘lifetime’ qualification, or do you have to re-certify every few years?

(I’m assuming you have to re-certify, but I thought I’d ask)

It's lifetime 🙂

I need to stop being a wuss and get my OSCP

Oh wow

you can do it cry

Hi

Hey tell me the smallest pentesting exam noe

Or something to start with

eJPT

Is it for intermediate

And how much is the cost and stuff

How much prep is needed...

Just a rough idea would help... Then I can google

It's for beginner

JPT is Junior Penetration Tester

lol

The exam itself is $200, but very fun, if you don't have too much spare money, just go for oscp

Nah nah as I mentioned... I first wana do small ones for confidence

Then I will go for the big ones

I mean

This is the smallest you can ever get xD

Meanwhile I will do prep for them

Only smaller one is CompTIA ITF+

but that's literally basic basic

and nothing to do with pentest really

This guys says jpt... Which is better jpt or ejpt

theyre the same

it's the same

Lol ok

eJPT is with the company name

^

JPT is the name of the exam alone

So you can directly give the exam... No requirement for the courses and stuff

e - stands for eLearnSecurity

No requirements for this exam?

I mean you should do the INE preparation first, jut skim read through the material

Not specifically

It's free

Just prepare for it

Also you get 3 days to complete it, 6 hours should be enough

Like any other exam

and you get a free retake

Really... This is fun

How do I go about preparation

Like tryhackme is enough?

Or external is needed?

May be helpful

^^

What is it.. E learn?

Practical experience could always help you understand it better tho

Once you completed the course notes

But everyone learns differently

How long does it take to prepare if you daily give it like 2-3 hours

I don't have the cert so I couldn't say this is where @fringe spade answers lol

Hehe

I mean it took me 4 hours to study and I was the same level as you

It's stupidly easy honestly

4 hours for the whole exam... Are you joking

if you can do an easy-medium box, then ejpt is no problem

The general consensus I've seen is that it is very easy

4 hours for study

4 hours for the whole exam 😂😂?

4 hours, is considering that I'm dumby dumb

yes it's very easy, can't even compare to OSCP

Man... If your saying it's that easy... Then shouldn't be a problem

What benefits do you get on completing this

Nothing

xD

Satisfaction

And a boost of confidence

Hehe xD... Exactly what I want

That's what I got hahaha

Breaking into cyber advice

1. Focus on building your personal brand - including building a blog, Linkedin Profile and demonstrating your skills and value to potential employers.

2. If you are struggling for money for certifications, (for students reach out to companies as they may have student discounts) look for giveaways and competitions or even free certifications that you can put on your relevant profiles to increase chances.

3. Attend conferences (virtual and in person when permitted and safe to do so) and events to give yourself a chance to meet industry professionals and gain new connections to add to your network.

Job Hunting

1. Research the available roles out there and focus on a certain one(s), this will help you fine tune your approach to that role(s) - you can align your studies and CV/Resume to that role(s)

2. Look up job descriptions of various different role(s) and use the information to build a study path to make sure you are aligned with any expectations skills wise and certification wise

3. Be sure to include recruiters in your network (a large amount of jobs are not published on job boards, they are either word of mouth or via a recruiter)

** Study **

1. Ensure your path of study is logical and compliments the role(s) you wish to go for

2. Make sure you focus on building a good foundation of knowledge before moving onto the more advanced skills/knowledge.

3. Be sensible and take breaks regularly to ensure you are not burning out and stay motivated for a longer period of time.

4. If you can align your studies to a certification, having a goal in mind can help keep you focused and on track.

🤓

Imagine talking peacefully and @warm hinge just yeets this behemoth at us

3. Be sure to include recruiters in your network (a large amount of jobs are not published on job boards, they are either word of mouth or via a recruiter)

this is huge

big facts

Are there any pc requirements... I seriously don't have an external wifi adapter?

a few recruiters from my city already sent me a request, I feel famous

noooo

OSCP doesn't need it also

Mhm

Don't worry you'll be fine

You get a free retake with the ejpt

😃 I wish I get it

@olive orbit free pin if you want it 🙂

soz 4 ping

sorry for word wall too 😄

You get seriously

u can take the exam 2nd time

if u fail

Thanx vertey! 🙏🙏

I doubt anyone fails it

You're welcome 😄

best advice for eJPT

There is Zero Rabbit holes. it is all obivous

yup

Ears.

I don't think it'll land you a job in HelpDesk xd

Probably the same as a lot of my boxes

Aka the only rabbit holes are the ones you make yourself

But with combinations of others, it may

Which are the most funny type.

Your boxes are difficult man 😂😂( intermediate difficult)

There's like 3 difficult ones

If hackers is yours... Then I am oof

Never seen a job that had it anywhere in recommendations

eJPT - Will not help you get a role in helpdesk, but may be a good talking point in interviews

But then one good thing about your boxes is that it keeps me engaging... There have been a few more in which I felt bored..

I found one with eJPT in Lebanon rn hahahaha

Yours have suspense

eJPT is very entry level

eCPPT would be above

TryHackMe envs 😛

Literally one of the best certs

eCPPT > OSCP 😛

Other people suggested me to do CEH...

cErTiFicatIons Of ComPleTion AreN'T rEaL

@warm hinge trigger

don't trigger me

But then Ceh has mcqs man... Boring

hahahaha

😄

There's hardly any practical part, isn't it

CEH will not be beneficial, I would reccomend Security+ and CCNA R&S over CEH (price of)

or even CCNA cyber Ops

How much do these cost

My budget is not more than 400 dollars in the starting

CEH you are looking about $600

I got it discounted for like 200 dollars

currently taking the PTP course, highly recommend the course even if you dont go for the cert

That's only for the exam tho

White could I ask, what is it you would like to do in security?

I dint understand

Wdym security?

does anyone know any UK companies that are hiting software / infosec / cloud? :))

What would you like to do in Infosec/cyber/Security

I've applied to 25 companies so far and my list of companies is wearing thinly Q.Q

I also think WD is in India ? Where CEH seems to have value

That's correct

If in india == CEH

But I want to work outside

Like my plans are for abroad

@rugged sable - What kind of a role are you looking for? what level?

Junior

:))

@rugged sable I know BT are lol

oh

Best option is find job with international company in India and transfer

nvm

BT might be gooood 😄

Ah I see

They're looking for more professionals tho, rather than Junior

Bee, try this discord https://discord.gg/n4xUSPyd

@rugged sable I see lots of people hiring on LinkedIn, maybe worth making a post and see what leads you get.

^

I ve also heard that there are like 20000 oscp holders... in the world

I heard that discord gets people hired 😮

Bee, are you looking for UK companies or companies that have presence in UK?

eitherr! 😄

I only have the right to work in the UK

so 😦

looks good thanks!!!

Thanks brexit

yup :L

rip all my European options LMAO

Yeah

Thats a huge L

I always looked at Germany

Nice country but 🤷

well international options are hard at this time anyway

Yeah no kidding

Yeah English speaking and Germany seem hand in hand

Hehe

some companies are offering starting at where you live, and relocating when the situation normalizes.

Not even that, it's a nice language to learn as a native English speaker

I can help you get in touch with somme peeps 😛

And a nice country in general

Or maybe Switzerland but they are $$$

Ikr

They also pay $$$

Also it's Switzerland

What is not to love about it

The food.

Though Italy and France are near.

Best place to reach out is on LI or the CyberJobs discord. Also let me know if you have applied anywhere, I will see if I have any inside people 😄

Nox what's cysa

CySA+ CompTIA Cybersecurity Analyst CAS-002

Pretty easy exam,very straight forward, cyber defence path is a good compliment for it but is not that wide 🙂

what price range are the all exams ?

CySA+ full price is around 240-260 GBP I believe

and what can do with that entry cert ?/

If you are a student, I think you can get 65% off and more

how?

Are you UK?

yes Cumbria

https://uk-academic-store.comptia.org/ - Thing to remember, cybersecurity is not a entry level field, do you have any other experience in technology?

what salary and type of jobs i can do with the CySA+ ?

Very ambiguous question, really depends on what you would like to do, but CySA+ can be applicable for a wide range of cybersecurity roles.

Without knowing your background, exp ect I can only ear mark around 25-35 range for salary

this looks alright

Apply for it! 🙂

i have no cert

i am working towards it by summer i have to get a job just coz i am finishing collage and for sure i wont waste other year in there .

but this seem pretty basic vs a jr front dev.

Security and dev are very different

yes they are

Security Basic is not dev basic

Lol I applied for a random job, because I had qualifications for it

Nobody has applied since 3 days soo xD

The recruiter's gonna cry

lol

"experience in cybersecurity" lol xD

"web testing"

very diff but what to do if i am a nerd

"knowledge of most popular tools"

I wonder if they accept

are't you in year 11?

that's a 400+ workers company idk what they're doin

yes I am that's why it's funny xD

yes, a normal job application

i don't think you're even legally allowed

In Poland I can, just can't do physically exhausting jobs

oh my bad thought you were uk

soz

Np 😄

I'm also kinda sure about that

I mean, they won't accept me

but just for the sake of breaking the barrier

that will be a good one

hahaha

it's literally a cybersec company

providing services for customers

xD

let me guess it is indian ?

Polish

Indian

**

oh i see

they even have tennis courts

cant you do remote uk ?

jobs

more opportunity here if you can

i think that uk jobs require anything more than "web testing skills"

I'd like to do remote work at some point

could be

I'm a remote SOC analyst

dont you ?

Just need to become the hacker mastermind of the universe. Porbably do that on saturday, and rest on sunday

Remote work is beautiful

lol its the general busy i guess