#cyber-and-careers

What kind of roles you looking for?

how is there ?

Right now? Nothing. Eventually I will but at the moment I'm aight

I'm the Pizza Duke 🙂

Let me know, I may be able to help

I will 🙂

As it stands, I work as support Manager for my parents chain of Franchised Pizza places (Domino's)

munster and near Busum something like that been to see my cousin

We got's 11 stores and 2 mobile Units. We did that festival a few years back in Pompey - Victorious?

your parrents own dominos?

Yep that's the one esq

parents *

M4 - Yep. Not the whole lot, just what I listed above

I never went to victorious, very ego heavy

Was not chilled at all

Shrug. Very Pizza heavy. sold loads 😄

I was at Mick's monster burger

Chilled

you are not doing it so bad then , can you send me a pizza lol i didnt eat anything tonight Dominos making some bad ass pizza

We gotta do it on footfall. Costs a lot to run

M4 - Afraid not 🙂

talking with me ?

very sad then , well try next time then

The more you try, the less likely it is.

dont have any here in north ive heard of them that they have some good stuff

Mick's is beautiful. It's my cheat day food

Moving to general!

thats true thats why i make pancakes for the kids only 2 times a month not to much coz they wont eat it after that lol

yeahhhh pizzzzaaaaa

with mayoooo

garlic

hahaha

ok going to do some boxes enough with web dev today .

btw this cert looks easy , thanks

I applied to a company, their head of department added me on LinkedIn -- do I say hi to them? Specifically it's an A11Y job, my linkedin does not showcase A11Y so should I send them some links to my work? :)) (their application didn't let me put that stuff in)

I'd strike a conversation with them, but I don't think go and showcase your stuff unless it specifically comes up in topic

Create a new post to share an update of your various projects that may be of interest to this person

Does someone know which certs are "requierd" in germany?

They'll get a direct connection status notification without it seeming like you are bombarding them or specifically targeting them, while also subtly letting them know you are pursuing new opportunities

I seem to remember it's not so respected in India, in favour of CEH

Haha yeah! If you want to study together sometimes hit me up

Has anyone here pivoted from a System administrator position straight into a security role? If so, how did you make the transition?

Do you have a SOC (Security Operations Center) at work, or no security division separate from NOC (Network Operations Center)?

No, its a small three man IT team. A sys admin (me), DB admin, and a web developer. We manage around 300 people.

300 people, and you're still alive!?

I often wonder the same thing about my own place of employment.

You probably got the networking part down, add the security/monitoring part.

Yeah man it gets stressful, I do a ton of the help desk myself. I have learned a lot here though so its not all bad.

I went from help desk to SOC

I'd also add that some experience is better than no experience. Although many people wouldn't call IT help desk their ideal job, it is a great way to break into IT and get some experience. Go to college and come out with 0 work experience? That is a bad plan.

Also generally getting a Masters in Cyber is not a great way to break into Cyber, if you already have a BS/BA (or equivalent), then get some certs, apply, apply and apply.

Ahhhhhhhhh

It disappeared ;-;

@warm hinge I, uh, may have clicked the wrong button there -- tried to remove my pin because someone already did it and deleted the pin message, but the delete message button was right above it 😭
Please tell me that was in some text document you can copy and paste from...?

Muir

I have it

Do you want it

Breaking into cyber advice

1. Focus on building your personal brand - including building a blog, Linkedin Profile and demonstrating your skills and value to potential employers.

2. If you are struggling for money for certifications, (for students reach out to companies as they may have student discounts) look for giveaways and competitions or even free certifications that you can put on your relevant profiles to increase chances.

3. Attend conferences (virtual and in person when permitted and safe to do so) and events to give yourself a chance to meet industry professionals and gain new connections to add to your network.


Job Hunting

1. Research the available roles out there and focus on a certain one(s), this will help you fine tune your approach to that role(s) - you can align your studies and CV/Resume to that role(s)

2. Look up job descriptions of various different role(s) and use the information to build a study path to make sure you are aligned with any expectations skills wise and certification wise

3. Be sure to include recruiters in your network (a large amount of jobs are not published on job boards, they are either word of mouth or via a recruiter)

 Study 

1. Ensure your path of study is logical and compliments the role(s) you wish to go for

2. Make sure you focus on building a good foundation of knowledge before moving onto the more advanced skills/knowledge.

3. Be sensible and take breaks regularly to ensure you are not burning out and stay motivated for a longer period of time.

4. If you can align your studies to a certification, having a goal in mind can help keep you focused and on track.

Oh thank f*uck, that's gold

Discord cache

Oh, hang on

Why am I freaking?

-undelete -a

Up to 10 last deleted messages (last hour or 12 hours for premium):

11 minutes ago (Wed Jan 20 11:34:54 2021) NoxCyber#7311: Breaking into cyber advice

1. Focus on building your personal brand - including building a blog, Linkedin Profile and demonstrating your skills and value to potential employers.

2. If you are struggling for money for certifications, (for students reach out to companies as they may have student discounts) look for giveaways and competitions or even free certifications that you can put on your relevant profiles to increase chances.

3. Attend conferences (virtual and in person when permitted and safe to do so) and events to give yourself a chance to meet industry professionals and gain new connections to add to your network.

Job Hunting

1. Research the available roles out there and focus on a certain one(s), this will help you fine tune your approach to that role(s) - you can align your studies and CV/Resume to that role(s)

2. Look up job descriptions of various different role(s) and use the information to build a study path to make sure you are aligned with any expectations skills wise and certification wise

3. Be sure to include recruiters in your network (a large amount of jobs are not published on job boards, they are either word of mouth or via a recruiter)

** Study **

1. Ensure your path of study is logical and compliments the role(s) you wish to go for

2. Make sure you focus on building a good foundation of knowledge before moving onto the more advanced skills/knowledge.

3. Be sensible and take breaks regularly to ensure you are not burning out and stay motivated for a longer period of time.

4. If you can align your studies to a certification, having a goal in mind can help keep you focused and on track.

Yeah haha

Completely forgot we could do that

Cache saved it in pins

@warm hinge if you wanna copy and paste it again so it's under your name, please do. Otherwise we can just pin either of those 🤷‍♂️

hahah it is no drama long as people benefit 😄

Keys to breaking into IT Security -

• Networking
• Networking
• Networking

^This^

CCNA or Net+ ? /s

CCNA would my option but no harm in studying the Net+ material

sorry I was making a bad joke lol

thank you tho

😄

is it common for compTIA to have discounts for their certifications?

or only once in a blue moon

there are discounts for students iirc

sadly im no longer a student

so not so often I suppose

alright thanks

guess i should wait until black friday or something

it's not worth it, they don't usually make black friday deals on exam vouchers

ahh i see guess i would just have to pay the full price if i dont find any vouchers 😩

yeah, doing it when you have some free time would be the best idea

but you can find the training to most certs for free/small price

my company has udemy for business so im making use ot it

i just have to pay for the exam price

even better haha

maybe ask your company if they can finance it somehow

even as little as 30%, some have a set budget for employee education

yeah thats my plan too

i previously asked for SANS sponsorship but got the response 'subject to approval'

i guess compTIA exams should be much easier to get appoval since the price is way cheaper

if you still have access to your student email, you'll be able to get the discount

@undone shore This is great advice!

even for non US students?

I know UK students can for comptia?

im neither UK nor US

so not sure if it applies to me

CompTIA website states: "For students in the United States and other countries that have a valid . edu email address, CompTIA provides a significant discount to help you get your start in an exciting career in the rapidly growing IT field!" So, it includes other countries, as long as you have an . edu account

The comptia academic discount is only for US and Canada.

99.99% of '.edu' only addresses are in the US. Even if you got a non US .edu address and get the discount code, the discount code is only applicable for US and Canada.

Letting you guys (outside of Canada and US) know ahead instead of going around and wasting your time.

This was verified with their support person.

For some reason, they do not want to update the academic section on their website, resulting in false hopes and confusion.

found this somewhere on reddit though

@sage ivy you able to verify this? ^^

is this a white or black hat hacker group?

White

We're ethical

what does your brain tell you?

Great read https://danielmiessler.com/blog/build-successful-infosec-career/

Came across this the other day, this guy has pretty good content. https://www.youtube.com/watch?v=5NqAs5dJmlM&ab_channel=JoshMadakor

Am I able to post my SOC talk stream for Friday maybe informative for some people, I'll be speaking to Gerald Auger of simply cyber about SOC work and challenges. 😁

Go for it 😄

https://www.youtube.com/watch?v=n53S1yO9A_g

Nice

Do anyone make mod apk here?

when little kids join an security discord

Little kids are breaching ToS, so they get banned from the entire platform 🤷‍♂️

https://www.youtube.com/watch?v=SFbV7sTSAlA

This is a great video on breaking into hacking and job hunting in general! (A lot of THM shout-outs too)

Watched that the other day, really great video

yeh was good

Hi all . has anyone here done the pentest+ exam recenetly?

Making a LinkedIn profile after watching that video Magna linked, is it bad to have an informal looking selfie as my profile pic? Because I don't have anything professional looking.

If it's not showing you drinking, smoking etc then it will be fine

I think informal is better

a lot of the younger generation despise what LinkedIn has become (see CEO's saying "I saw a homeless person and laughed at them for being poor, but little did I know I can force them to work for twice tthe amount of time with little pay as all my other employees") so an informal profile pic to me signals that you're not taking this whole thing seriously

LinkedIn is primarily a marketing tool - an important part of it is keeping in mind the target market of who you want to be hired by. That said, I have never found a job off linkedin, and I think it's largely an exercise in self-congratulatory activities.

I have found a job off Linkedin, but like any other social media platform, just be careful how you use it. It is designed around the professional community

The way that the guy in the video recommends using it is to build connections and that's what I'm going to try to do, since I'm new/young and my current job isn't in the field. I'm also not on any other social media so I have quite literally 0 contacts in the cybersecurity world

you can make a lot of connections there and there are great groups on Linkedin

How do you find groups?

You can put a topic in the search, there is an option to select Groups as a filter

Thanks

Ask around for meet up groups at your local jr or community college or IT vocational school

they will likely have a list of IT related meetups for specific domains

I got to a stage 2 interview for a junior SOC position anyone got any tips or insight what i'll be in for in questions and etc.

know your port numbers, know how tls works, know how tcp works, at the end ask what siems, edr's and monitoring tools they use

when they ask about things, reference things you've done in tryhackme so they know you have practical experience

Thanks for the info. I have been brushing up on alot of this info U gave me and also been doing some research on the company and the 2 people I'm doing the interview with also trying to learn what are some the basic tools they use.

Hey, is there any chance there is a French pentester here?

For a junior SOC they will brush over technical knowledge fairly fast, they will move into understanding how you triage incidents and how you perceive criticality.

Research the most common threats to an organisation, ways they are mitigated.

I also recommended being familiar with the SANS incident handler guidelines & MITRE ATT&CK

make sure everything on your resume/CV you are comfortable to talk about

be prepared for scenario type questions as well, such as "you get an alert for xyz, what do you do"

look at the owasp top 10

can i take pentest+ before taking oscp?

nothing stopping you

🙂 thanks

Incident Response playbooks:
https://www.incidentresponse.com/playbooks/

Let's see how Jake likes these @static tide 🥳

Did LinkedIn remove stories? I can't fiind them 😦

Nope they're still there

Wow, great resource i need this a lot for work thanks 🙂

Hey guys!

Check the pinned messages there's some cool stuff there

It seems like no one is active here right now

If you have a question just ask and someone will chime in. But feel free to check the pins and history here @cerulean rain

Thank you to all for some info to take on board def will use the few days i have for prep really really want to start my career.

Ooooooh i’ll check them out !! <3

Has anyone ever heard of the "cybersecurity bootcamp" offered by the University of Wisconsin - Madison? Would it be any help for a future career involving penetration testing or reverse engineering? I'm not sure if it's what I am looking for exactly, but they are really trying to sell me on it

Hi all, anyone here taken then PenTest+ recently and got any tip for the exam?

awesome

No but most of the bootcamps I've seen are basically "we prep you for these certifications". Looking at their website, the certifications they prep you for are these:
AWS Certified Cloud Practitioner
Linux LPI Essentials
Cisco Certified CyberOps Associate
CompTIA Network+
CompTIA Security+
CompTIA CySA+
(ISC)² SSCP

For $18k, you could get an ACloudGuru subscription (~$500/year should cover AWS Cloud Practitioner, Linux LPI, Security+), Coursera SSCP course ($200), Professor Messer (Free, Youtube I believe? Network+, Security+), Udemy (~$13, Cysa+) and a variety of options for Cisco CyberOps ($59/year for CBT Nuggets, $45/month for PluralSight, $800 for online course from Cisco... others here may be able to provide best option).

Overall, if you wanted to follow their path you could, for much, much cheaper. If you need structure, that is only reason I'd suggest going for it. It wouldn't help you towards Reverse engineering, but could get you certs for a foot in the door. But are those the certs you really need? Maybe, maybe not. Those certs seem geared towards a SOC analyst type

And... and.... a tryhackme subscription is only £10 / month 🥺

£6.40 if you're a student as well

tr hack me

👀

its the best money invested so far. Personaly I like the way the site compartmentilises, uses active memory recovery aka. answering questions, practical aplication with machines already deployed as not to waste hourse setting it up

Some strange advertising goin' on here.

Hahah @cobalt escarp , just sayin what I think. Oh I almost forgot you will get a brand new vpn not for 10, not for 5 but for 0 pounds. Amazing opportunity folks hop on the thm train chuu chuuu

I mean it's not an anonymising VPN

It doesn't touch your internet traffic

yea good to mention that before people try anything sketchy 😁

It was of course a joke in a sense of me being a salesman, a typical saleseman from a tv commercial for a blender 🤣

Thanks for the thorough answer!

How much does it cost?

I think it's $500 for the trial month and then $17000 for the remaining 9 months? And you don't get those certs necessarily, but you get prepared to take them i guess

Does it mention who developed the bootcamp, what their experience is in Cyber Security? Gauge whether it is purely academic authors or not.

sounds waaaay to much

In coordination with Israeli cybersecurity pros at HackerU

17k is crazy

Yeah it is expensive, but it's college i guess

It doesn't include the certification exam vouchers, right?

It didn't sound like it

its $500 for trial month then $17500 for remaining 9 months which is where I got $18k

UCF, which is a well known school for tech also has a bootcamp... similar thing, different certs, kind of disappointing but colleges are trying to make money I guess

and I wouldn't call it 'college' because you don't get a degree

I mean it is but you probably get a certification of completion

Yeah, it is a money maker for sure.

only benefit for Bootcamps (like coding bootcamps) is that they have contacts and try to get you a position, not clear if the cyber bootcamps are set up the same way

Yeah the career services they offer during the program is a bit of a selling point

Madison is a nice University, I've visited it years ago. But that is just an extended prep-course without exam vouchers, that is crazy expensive.

The best thing in life are free or cheap. The only thing that is worth paying for is the structure, the scaffolding by which you climb and not get lost on the way.

Except for the CCNA CyberOps section, all that can be learnt for under 2000 dollars on other platforms online within a year.

and honestly, get the Network+, get Security+, apply for jobs, get your employer to pay for training...

and I like the idea of AWS, although for most people, I'd recommend AWS Solutions Architect - Associate

THM University when! 😉 😄

Just curious, how hard is it to get into cyber security? I am currently taking a certification course with Google that offers a dual Certification with CompTIA. I’m really interested in getting into the field of cyber security but I hear that it is really difficult

Also math is not my strong suit

90% you dont need math cyber security jobs

If you dont make some reverse engineering things or algoritms some security

Difficultly is dependent. It’s mainly just a lot to learn with CySec. Problem solving is essential and so is research skills.

You should be proficient and comfortable with at-least one language, you don’t need to be a full stack developer or anything though

And these language you dont need to know how to code, it is enough that you can even read that how something works but i recomment to learn some basic skills, if you know what i mean, sorry my english 😄

i was thinking developer for me since I am a dev

@rugged sable what stack do you use on work?

i dont

i dont have a job yet

i just do this for fun 😛

anyone works as a freelancer ?

yeah I used to not so much anymore, since I've gotten way too busy but it was fun while I did it

biggest tip I can give you is hire a Social Media Manager/Ad manager

was it good in terms of income and the projects assigned ?

oh my the income was great, same with projects they were always so much fun.

only issue and the reason I sort of stopped is it's usually more than 50hours a week, and I wasn't able to make that work anymroe

i was thinking to start on a plateform like fiever at least to know how to deal with clients

what do you wanna do, like SysEngineer or something?

just pentesing web/mobile applications, code review and scripting

oh okay

I'd recommend hacker1 and bugcrowd for that

i guess you were making contracts with companies ?

also google regularly for bug bounty programms that aren't listed on those two websites

I was doing general IT and Cyber work. so I'd set up printers and what not and then test for vulnerabilities and then fixed those vulnerabilities

mostly for clinics and law firms

small to medium size

that's cool

i watched liveoverflow Tshirt serie where he mentionned his works as a freelancer . i really liked it because he choose to rather accept the project or not and it also offers free time to practice new skills

yeah but let me warn you, you only have the freedom to do that once you've been around for a minute or two

cause in the beginning especially when you do freelancing and nothing else. you'll have to accept what ever comes your way

you know

yeah that's true i guess he just found the "dream job" 😂

thnx for the advices i should try bug bounties and see where i can go from there

@idle tulip how did you get into that? and how long were you in the industry before that if i may ask?

I actually started shortly after highschool I worked in a repairshop before that and had an Idea that I may be more successful if I go to people instead of people having to come to me. That idea turns out didn't really work but I picked up a couple of jobs in a clinic and then from there I hired a Ads manager and got more jobs

I technically freelance with THM

I would somewhat suggest against pentesting or any security work with fiver as A.) the contracts and NDAs can be hard to work out especially depending on who you’re working with and B.) They’re really going to undervalue the amount of work that you’re doing and you’ll more than likely struggle to make the amount of money you’re actually putting into it in time.

B sounds absolutly true I have a friend that uses fiverr for art and he's always complaining about how people don't want to pay him enough for his long work

What do people recommend as the best cloud/cloud security specific certifications that are industry recognized?

AWS probably SCS-C01 (AWS Certified Security Specialist)

Azure probably start with AZ-900 (Fundamentals)

yup really just AWS CCP and then you can move into a specialty like SCS-C01

Azure and google also offer some stuff but AWS IMO is the best option

Well that makes me feel good. I have AWS CCP and I'm using acloudguru to study for SCS-C01 right now.

I have seen some lists of 1/2 to a dozen different cloud specific certs. just curious what "higher level" if any that are good choices

Also the vendor neutral ones from cloud alliance and even cloud+ i'm curious about

Because the idea of cloud security is a bit newer there aren’t a lot of good certs it’s really about self studying and proving you understand deep security fundamentals and cloud

Yeah that makes sense. Thanks.

Thank you for the insight!

Math is hugely useful! Although I am a Mechanical Engineer, I am slow when it comes to math, BUT it wires your brain to think differently, and helps enormously with perspective. Specially with tech-related topics

Math major here! Math is more than what most people think of as "math" - like Argando alluded to, it's more of a problem-solving paradigm. A lot of higher level math doesn't even use numbers at all, it's just working within the defined confines of different structures of rules for how stuff works and exploring the implications. In the end, most scientific or technical fields are really just different forms of math in the end.

Interesting take! Definitely makes sense in the computer science point of view

I may look into Khan Academy to dip back into math while I work on my Google/CompTI Dual Credential. I just haven’t done math in like 5 years haha so rusty would be an understatement.

Probably not a big issue - if you're focusing on CS stuff as the larger picture, discrete math is going to be a big help.

You’re definitely right, it doesn’t hurt to have more skills under your belt

Just pulled up ye olde dropbox to look at class notes from...a long time ago. Here's an example of one of my discrete math exam questions.

For any integer n > 1, prove that an 2^n by 2^n checkerboard with one corner tile removed can be tiled with right trominoes (L shaped piece with three tiles)

(Updated because it's 2^n not n)

I have no idea what a tromino is lmfao

Do you mean Trinomial?

no, L shaped block basically

Oh god lmfaoo

think of a checkerboard, then think of an L shaped piece that covers three squares. That's a tromino (like a domino but three instead of two)

Ah

that's something that's not conventionally 'math' to most people, but could be a question in all kinds of areas. Can I cover a baking sheet in L-shaped cookies without overlapping them. Can I tile a texture in my video game over this plane without overlapping it? stuff like that

Makes sense

I can see the application

Just curious, if you’re a math major, whats your role in the computer science world? Is there a specific concentration you’re in?

Although this is a cybersecurity server I guess thats it haha

Joined this server with the impression that it was IT Generic as well idk

Great question! The short answer is I don't directly use my degree at all. At one point I wanted to go into aerospace engineering, then I took more physics and engineering classes (statics and dynamics..shudders) and realized I did not enhoy that, so I stuck with math all the way through as a major, but I work IT as a profession. IT is one of those jobs where "are you good at solving problems" is the single most important aspect of whether or not you'll do a good job.

I don't directly use a lot of what I learned in college on the job, but I use the principles and ways of thinking constantly

Fair enough

Hi. I'm pretty new, but I saw this conversation and thought of a question.

I recently graduated with a physics degree, but don't really have too much industry experience in IT/infosec. How was it going into IT coming from a more mathy background?

(For context I'm also interested in going into some IT related field)

Hey Vicat

I sort of cheated, in fairness. I'd always been good at computers, and worked IT as a student assistant (technician then got picked up as a jr sysadmin) throughout college, which set me up well to jump straight into IT after graduating.

Interesting.

But, coming out with a physics degree isn't a bad start - most STEM is well-regarded, and while very hiring manager is different, most that I've seen or worked with would almost prefer your degree not specifically be "major in IT". (although I'm sure it helps get through HR resume screens...)

The easiest path is to get into a desktop support role, do good work, and move up into the areas that interest you

personally, I’m worried that my lack of a finished degree will make it harder for me to land an entry level IT job, I’m trying to finish my Google CERT and take the COMPTIA A+ exam within the next few months. You say every hiring manager is different, but on average do you think with a dual certification in Google and CompTIA would net me a good chance of getting an entry level job? Even desktop support?

That super depends on the company. Some couldn't care less if you don't have a degree, some will trash your resume entirely. I have a good friend who is in a pretty similar spot, but started off in a support role, learned and built up skills, and now (about 8 years after being brand new) works as a support manager for a national company pulling in something north of $80k.

Wow thats dope!

She defnitely struggled to find the next step up though, because a lot of places wouldn't advance her without the degree

so I'm not saying it's easy, but most of IT is how dedicated you are to continually learning

I see, well I’d imagine some firms would pay for furthering your education.

Yup, usually in exchange for you working there for X years afterwards

Personally, I want this. I’m tired of working in a grim warehouse with no real future

Certs definitely help, especially in entry level. On top of that, try and network with any local friends who might work in the field, or even just at companies you're interested in even if their job is completely different

I see! Thanks for the insight!

Having someone vouch for you with "yeah they're not a complete idiot and will show up to do the job" gives you a leg up over someone the company's never heard of before

I’ll definitely look into who I can talk to, I know a colleague in the field. I think I will reach out to him. Thank you!

No problem, and good luck!! Ping me when you land the job!

I will!

Anyone interested in reviewing the resume i had made? I want to make sure it aligns with entry level positions in cyber, soc analyst, cybersecurity analyst, jr pen tester, security administrator xyz..

could you post a ss of it? and not a pdf?

nobody is going to clicking that .... everyone is paranoid 😉

Don't be scared, be REMnux prepared.

Ill post a screen shot for the paranoid. Didn't think about it until now but I probably wouldn't have clicked on it either lol

p1

p2

Small note - you misspelled "brought" in your FB datacenter tech job as "brough"

yeah im not to happy about the spelling errors as I payed a "professional resume company" to create it for me. I can fix the spelling errors but im more concerned with the content

Wrong channel rip

wouldn't this 'target' section be a bit better suited for a cover letter? being a facebook data center tech is impressive imo thats one of the first things I would want a prospective employer to read

is it worth putting prior work experience on a cyber security resume if it isn't related to cyber or IT?

also personally I've heard mixed things about including tools like metasploit/dirbuster/johntheripper as you're better off just saying you understand pentesting methodology per the ATT&CK matrix or something like that, - also the pedants might point out that Kali is a Debian-based OS, " comfortable/experienced with *nix systems" might be a more succinct way of talking about your linux experience

yes it is worth, people from different walks of life can bring interesting and unique skills into IT - soft skills are huge

ty droogy

I guess most of the "technical competencies" would just be for keyword wall bypass. It probably would be more professional to word it as you stated but I don't think my resume would make it through HR automation. At least thats what I have been told. Ill keep it in mind however.

Yeah im not sure about the targeting section either I would rather cast a wide net then use a spear. SOC analyst isn't necessarily the position I am going for they just added that, I am simply looking for a place to get my foot in the door and gain real working experience. This is the first draft, i'm trying to trust this company as a friend who does gov contracting suggested them to me. They also had difficulty finding a job until utilizing this company but found great opportunities with their new resume.

Thanks for the advice I will take it all into consideration and speak with them about it.

totally, otherwise thats a good looking resume! near me your experience alone would probably snag you quite a few offers

where are you? lol im not beholden to any location. Also my resume probably demonstrates a truthful but sexier portrayal of my abilities. I may loose a few offers when I get to an interview

what job boards have you used?

just indeed but I am done with indeed. lol its all recruiters and dead end positions. I want to find some cyber dedicated jobs boards

Check out the stuff in #jobs-board, there were some cool ones posted recently

oh weird I had good success on there - I haven't tried those cyber-oriented boards but maybe check your state's job board, sometimes some good gigs on there

what is your current position if you don't mind me asking?

jr sysadmin, started as a paid intern with waaaay less experience than you lol

Don't let a resume fool you, you may have more experience then me at this point. I am a novice and the things I did were one off situations.

i hear ya, best of luck tho, sorry for burying your resume lol maybe a mod could pin this temporarily if you'd like to have it reviewed - plenty of people in this discord that know way more about hiring than me prob haven't gotten a chance to see it

get yourself on linkedin

it is very much a cesspool but good for getting jobs

that too - linkedin/personal blog/github is basically all you need for a good IT-related online presence

and Twitter too, people are starting to post more hiring threads in infosec/IT circles - more for intermediate positions but literally never hurts to just DM someone if they're hiring and have stated on their Twitter lol

if you dont mind me asking, did you have any certs at the time and if so which?

eJPT, A+, Fortinet Level 1&2, Google IT Pro, and a few TestOut certifications

tbh none of them were particularly important besides A+ which is just like bare minimum needed in the job posting and eJPT which led to an interesting conversation in the interview which I think helped me a lot

Good evening everyone!. What kind of entry roles should I be aiming for when starting out? No former IT exp but have CCNA, A+, and Security+ certs. Was suppose to get a job back in March last year but the pandemic hit and went downhill from there and lost motivation since then. I am back on track now, got my Security+ recently. Would , INE free starter pass or tryhackme, be better for me for gaining hands on experience? Thank you!

Those certs could probably land you a network admin or sys admin role someplace. Somebody correct me if I’m wrong

Yeah, CCNA is a solid start for sysadmin

The comptia ones are pretty good for super foundational stuff. Those might get you interviews for gov jobs or something like it. I know gov requires sec+ for something I just can’t remember what.

basically anything with clearance in IT. Even desktop technicians need a sec+ within two months of hire

Thanks! Didn’t know that.

how can i start hacking?

Have you considered signing up for Try Hack Me

Thanks for the wonderful tips guys!

Quick Question regarding LinkedIn......
I'm not currently working in cyber security but i am studying full time everyday.
LinkedIn asks what my current job position is and i do not really want to put.... "Retail assistant" lol
I also feel a bit uncomfortable knowing some one could search me up and find out where i work.
I know what a great tool it is for OSINT.

I can put that i'm studying......... but i'm not at university

You can put like cybersecurity enthusiast

Yes i was thinking that but when i try and sign up it either wants what university or current job.

Im not at a uni and my current job is so average

Not sure how much it’ll help because I am not in a info sec role (I am currently in QA that does some pen testing as part of their suite)

But my LinkedIn I put I’m a freelancer pen tester, and used my hackerone/tryhackme profiles as a kind of way to “prove” I’m doing hands on testing.

I also registered an ABN to help solidify that too (Australian business number, it’s how we can “bill” people for our services as freelancers)

apart from mike meyers any good ways of learning comptia a+

Check out Professor Messer on YouTube

👍

Sounds good, I made one.
I was able to skip the University and Current Job questions
and just highlight all the other things that i am doing instead.
Now to focus on building my page.
Cheers.

Professor Messer is really worth it for security+ as well

Why is PEH by TCM in the middle

100% a beginner resource

I mean I don't know if you made it

But just a discussion lol

It says it's by Tux

And PEH covers report writing etc too.

Ah, so it does. Yeah it covers a lot, including report writing yeah. It's pretty brief though and right at the end iirc. The course as a whole is defo beginner though, still a really solid course. I just don't know if I would consider it "middle ground" in a roadmap for beginners.

The roadmap isn't "Do all this then move on", IMO

Other than certs

Suppose so, do it in any order really other than the certs.

I mean IMO they build on eachother

Till you get the ultimate goal, CEH

I agree with the websites

THM, Labs and HTB

THM first, then some IL while continuing with THM, then HTB while continuing THM and IL

Yeah that's defo the way to go

Although for HTB I would definitely say VIP is necessary. VIP+ if you want dedicated boxes like THM has rather than sharing

I had a terrible experience on the free servers

Just my point was, if you've progressed through a decent amount of THM, IL and HTB then if you go to do PEH then you most likely know a large majority of it already.

Though, the chance to learn even something small is still worth it

Yeah VIP is useful, same with Sub on here

I'd actually say that using TryHackMe without a sub is not giving me a feel of a "demo version", whether HTB VIP is pretty much required to use the site with convenience

What's IL

Look at the roadmap. See what could abbreviate to IL. @nimble jungle

what is PEH?

practical ethical hacking course by the cyber mentor: https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course

which he has a 50% coupon off of it right now

Does anybody here work at AWS? I managed to land a Security Consultant role there and I'm starting next month. Would be cool to have some friendlies on the other side.

Interested to hear about interview process and your prep. Considering applying for a similar role.

same @final goblet

consultant I am not sure is very hanfs on more risk management policies etc I believe not a expert just read up on a few things

I know a ton of people who work for AWS but I don't

Just apply and see what happens imo.

I'll dm you two

mind if you dm me too? interested to know about the interview process and questions they ask as well

@final goblet Mind sending me what you sent them? I don't have any specific questions so I don't need tailored advice but some general info is always nice to have.

Seems like a cool job.

hi guy

i want to learn security as my future career

i know a bit about computer networking ( 4 first layer) and programming

i dont know where to start

can start to learn crypto rigt now ?

and i dont know what skill i will need to

i dont know how to start to learn, by my objectif or by the international certification is better

i realy need some advice

Yeah you definitely can learn the basics of Cryptography. This room is pretty good.
https://tryhackme.com/room/encryptioncrypto101

In a Computer Science class they may have you implement one of the old symmetric encryption algorithms in C or something but that knowledge isn't necessary

A key interview question that all the big companies love to ask, is "What happens when you type google.com into your browser's address box and press enter?"

Which will prompt you to talk about TLS which involves a mix of Asymmetric and Symmetric encryption for the handshake and subsequent session

Somebody made a nice write up for it cuz they were so tired of it I guess 😎

https://github.com/alex/what-happens-when

so what basic should i learn first and what skill do i need?

Did you see my link to the encryption room?

It's a free one...

those are the basics

i see but i think i need to learn programming or linux

sry

No, not for that room

but for the career in this section i dont know where to start

yeah that's a loaded question

there's no simple answer to put it frankly

tks sir

Check out this:
https://www.reddit.com/r/netsec/wiki/start

There's so many pieces to study and decide where you want to go in security, so that's why it's a tough question

tks

I also recommend this https://github.com/ED-209-MK7/5pillars/blob/master/5-Pillars.md

hello guys. I'm currently looking for a company to attend my stage in cybersec. would you consider having a linkedin profile a big plus as to being taken in consideration?
I'm really not into social medias, but if having linkedin is a big changing factor, I might consider creating a profile.
Thanks for your time

@static tide 's SIEM interview questions (what they ask you)

What is a SIEM?
Have you had any experience with different SIEMs?
How would a SIEM help in an external brute force attempt?
How would you mitigate the above?
What common log sources are being ingested into a SIEM?

Scenario:
The client wants to spin up a new web server, how would you go about logging information pertaining to this server?

Yeah linkedin is a great tool for building a network and reaching out to people. As far as I know, a lot of jobs are filled by networking

Yes, some people will hire you directly from social media. Majority small cyber security firms don't even have HR so the CTO or lead cyber security person often looks at the person profile, then check the person's github or blog to get the feel

how should your github look? i just put up code from various projects i've done, is that enough?

yea

most of time they want to know if you can make small scripting tool

, and it also help employers to know what programming language you know.

Alright, thanks a lot for your replies guys! Have a nice day

If I ask my interviewer "name a time where you failed, what happened?" is that rude? I'm specifically looking to see how the company handles employees failing

In your experience here, can I ask how your company handles failures and in particular failure of employees?

bee no u'ing the interviewer

My logic is you should give them enough room to not answer if they're not comfortable answering

if they're not comfortable answering that question then it's probably best to avoid it

that question may come off as "I'm scared I'm not fit for this position and may fail".. but I'd totally answer it if asked and seems like a reasonable question. A softer question may be "How do you deal with less than successful outcomes, especially in particular with employees being less than successful?" Or "how do you deal with disappointments, especially in particular with disappointments with employee outcomes?"

because in business, we talk about project disappointments, or not meeting targets or the like

you could also ask something like "how do you set up employees for success? "

Is that cheaper than the vast majority of paid training resources for those courses? Yes. Is "stacksocial" a good provider of quality course material? I have no idea.

Kinda like asking "is this a good price for a car?" Maybe, but in the end it depends on the car.

Any good exploit/RE/malware certs? OSEE is a bit too advanced for my skill level

GREM which is a SANS cert

INE / eLearn has some good stuff as well

my interview went well i think, i kinda waffled and was nervous anddd they asked me to design tryhackme as a systems design question lol

fwiw https://github.com/bee-san

just copy what i've done if you want, i think mine is rather "professional"

yayy !!!! what other stuff did they ask? was there anything you couldn't answer?

nothing i couldnt answer. They just went over conflicts, why i chose languages, how i measured performance of a service etc

Awesome! Also, I'd be interested in your answer to this:)

yayyyy

ALso Monzo heavily value microservices, so I had to flex my knowledge of AWS serverless + microservice stuff hahahah

Those are two really interesting points. I'd do a few things differently if we re-built THM, but using FireCracker isn't one of them, I'll let whoever decides to build a THM-type lab using it run into the problems I initially think will occur.

The multi-region issue is also a good one, but as a startup, although high on our list, its not something that is really high-impact for us or the THM users (I say that because I have a good overview [I think anyway] on our core users demographic, user feedback and internal analytics)

Honestly the one change I'd make today is a VPN+VIP VPN server in India

to be fairr, you're the CEO -- I was just trying to impress a bank with my knowledge of AWS haha

thats why i mentioned the accelerator thing

They're really good answers tbh:)

Actually, you know what, this is a really good idea. I'll bug Ashu to see if he can set it up over the next week or two.

@rugged sable since i understood about 2 of those words, would the aws cloud prac cert teach me a lot of that?

yues it willll

okee that's another one of my list i can hopefully study for before the end of 2021 🥺

it took me a week btw

u can do it

:))))

one week ??????????

it looks huge

;)

https://twitter.com/bee_sec_san/status/1352661050144002049

yeeeeeeeeeeeeeeeeeee

basically just spend a day or two studying, and every other day just do mocks hahaha

oh wow that is really cool

poggy woggy

Hello guys, srry for bothering but I have a couple of questions related to a cybersecurity career. First of all, I'd like to know if there is a certification for beginners or somewhere to start (im studying a computer science engineering, so i'm not an expert). And, secondly, if do u know if there is like a subarea in cybersecurity where is mandatory to program. I really like to program in python, js, etc and could be awesome if I could combine those areas.

srry for the bible xp

Are you signed up on tryhackme? that's a great place to start

Cert wise, eJPT is an easy start, OSCP is a bit tougher but it also a very well-known cert

yes, i'm starting with the path selection but im still trying for figure it out what could be the best

for programming, developing exploit code requires programming, but you'd need low-level c++/assembly knowledge to really do that. Python is used a lot for scripting in normal cybersec stuff

knowing JS will help with webapp stuff, since being able to figure out what the page is doing is important for finding vulnerabilities

ok, I think that gives me hope

I really appreciate ur advice, thanks mate

No problem!

Would IT certifications give any boost to a university application?

depends tbh

to an infosec based non-russel group uni yes probably

in UK

very likely

grad or undergrad?

and is the intended major related to the certs or not?

undergrad for Vertey 😄

hmm

i'd say yes

same as any other extracurriculars

be sure to mention motivation, intent, etc for pursuing professional certs at a young age

it's the kind of thing admissions boards eat up

especially if you can work in something about how that particular uni inspires you to be a lifelong learner, community inclusion, whatever, etc

don't underestimate the application essay

That's assuming US based!

In the UK you cant write a particular uni in your application essay

as all 5 unis you apply to get the same one

😆

ah, that's fair

US uni system is based on the UK ones though - which have origins back to the guilds of yore 😛

oh we still have guilds

my uni literally has a guild of students

at least in the US, most of what might be considered a 'guild' is more like a professional union

of skilled tradespeople

Thank you @rugged sable and @flat sedge , that's the answer I needed. I'm now on the way for OSCP and going to do a few more before uni (if I pass it of course)

i've heard of various efforts to start IT oriented unions (totally support it) but so far they haven't been able to put it together

are you UK based?

DM me, I have some things for you :))

i'd imagine that professional certs fill in the gap of extracurriculars, same as chess club or sports or forensics; definitely worth mentioning even if you can't tailor it to the specific institution you want

I'm from Europe, but actually in a British school, so thinking about starting my career over there or US

do you have UK citizenship?

Nah

ahhh

:/

starting your career in the US might be tough

a lot of student visas do not allow you to work here, or to only work in extremely limited amounts. and finding a company to sponsor you without having work authorization can be tough unless you want to work somewhere super sketchy under the table for practically nothing

thank you for the help tho @rugged sable ❤️

best cases of heard of for going to school in the US then working here as a starting point is to go into an engineering degree or compsci or other hard science

that's something worth noting

the alternative is to start for a multinational where you can work and then transition to a US based role

How does one get started in this field? How much schooling? If any

That's a broad question

another member just posted this, it's a good guide

https://github.com/ED-209-MK7/5pillars/blob/master/5-Pillars.md

"This field" is really huge - with a wide range of skill and education requirements

The question gets asked a lot and like @lean dragon it's an expansive question

Start with a guide and then I'd ask more about a specific aspect of the field

Recently got interested in going into malware analysis for a career. The thing is that the only positions I can find on Indeed are either at Fort Meade or Virginia (obviously government contractors). Are there any other websites where I can look? I have no interest in moving to those states. I'd prefer staying in the South.

that's a pretty specialised role, do you have much professional experience?

try linkedin and glassdoor, i had most luck with those

I don't. It's more of a thing where I would like my career to end up in.

Just trying to see if it's even a thing outside of the DC area.

a lot of careers in that field these days are often with companies that specialize in that type of thing, less companies these days are doing their own malware analysis. So I'd look for what companies (such as fireeye) are doing it and where they are located

look for 'malware research' as a search term

fwiw my list of respoonse rates so far is:

• directly applying
• angel.co
• linkedin (with 0 responses out of 39 applications getting back to me)

I think you should use linkedin and just apply directly on the website tbh

from msot responses to least

and just searching fireeye, their only job listings for that are in the Baltimore/DC area. but that is really what I'd look for is companies like that

searching glassdoor, there is a company in Georgia (Secureworks) that has a job listing for that (its a senior position though), and there are a few other ones for Microsoft (in Seatle WA), some companies in Silicon Valley and yeah otherwise seems mostly DC area

Yeah, I figured that it would be mostly DC area. Thanks for the help though!

The thing that I really liked about it was that it's low-level (C/C++/ASM), using tools such as IDA Pro, etc.
What other fields are there besides malware analysis that use that kind of tech? Maybe forensics?

well reverse engineering really is mostly within the security realm of malware analysis/research, using ASM/C/C++, there are a number of low level development, OS development, console game development, etc

I think some of you will find this interesting. I had someone on LinkedIn just contact me stating they have a service that will RDP into your system and take certifications for you. They claim it is undetectable to the proctor that is monitoring your exam. So guaranteed pass on the CISSP is $7000 US. I told her, I am pretty sure that is cheating and goes against ICS2 code of ethics

Did you already try looking more into the descriptions in roles on the job sites? I've seen Security Engineer, Reverse Engineer, or Researcher roles that are actually malware analysis jobs when you read the details.

I didn't at first and just straight-up searched for malware analyst, which landed me in MD/VA. After asking this question, I looked into Reverse Engineering jobs and noticed that they were indeed sometimes malware analysis jobs. Luckily, there were a bunch of job openings in the South, specifically also the state where my fiancee lives so that was great to see. Thanks for the tip though!

As somebody who grew up and did my first internships in the DC area, I feel you

No desire to live and work there ever again

I also forget to filter for "Remote" as location on Indeed. I filtered for individual state. There are multiple remote positions available as well.

deffo cheating yes, report them if you can

i assume a throwaway acc though

I am not sure. The account has been up for awhile but I did report them to CompTia, ISC and the others that they say they can "help" you pass. After I told her that was cheating, she actually argued with me stating it wasn't actual cheating... smh

Anyone here work for or know about the work culture at Booz Allen?

Tried glassdoor?

Blind might be another source of information.

I've known a few Booz Allen people and they seemed happy but who knows

My friend really enjoys the events that Booz puts on for its employees like parties, sports events, hacker jeopardy, etc.

Glassdoor is good sometimes, but disgruntled employees rarely give rational/unbiased reviews. Same for bootlickers.

I heard its a good work environment, but that you are treated as very expendable and they keep that quietly over your head which seems very stressfull. Didnt know if anyone had any opinions or info

Grain of salt.

But remember to do your basic research before asking here

Don't worry I have.

@inland zephyr try anti-cheating software engineer

they also use reverse engineering skill

hey @rugged sable Im interested in what you had 👀 Im a UK citizen, currently a Network Engineer but would like to do more "cyber" esque stuff. I have a lot of network/firewall/proxy/LB/hosting knowledge that I'd like to utilize. Or was it Uni specific?

uni specific :))

nw

what are some of the best paying jobs in the cyber security field?

or engeneering

Probably CISO of Google I'd imagine

In terms of jobs you can realistically get rather quickly, it depends on the company tbh

yeah thats sort of what i imagined

You can also do some sort of freelancing with cyber security

@rugged sable thanks for the tip!

Security Engineer or App Security at any of the FAANGs, cuz of the equity. App Security Engineers or "Secure Dev Ops" are on the same pay scale as the Software Engineers.

L4 at Facebook, Google, Amazon, Netflix, etc. will be $250k minumum Total Compensation for somebody with 4+ years of experience.

Check out Team Blind for info.

And the numbers depend highly on location. Your numbers are probably correct for US, it would likely be a bit less for Ireland/Switzerland, and further down for UK/Germany. No idea what the numbers are for other locations.

Yes very true, "$" is important there

I know somebody who transferred from Google NYC to Google London and took a 40% salary pay cut. (They kept the equity.)

And AFAIK that would be in the high range in Google London.

Yeah, tbh I would transfer to the UK office in a heartbeat

Even with Brexit

Well yes, compensation isn't everything 🙂

how long have u guys been at this stuff for

I've been working in SW security for 15+ years.

8 yoe

come to 🇮🇪 🙂

I wouldn’t rule it out.

Plenty of work here, lots to do, a fair chunk of EU can be reached within a few hours flight so travel is easy to do

climate does not suit everyone though

if you're coming from somewhere hot and/or dry, it probably won't agree with you

I'll see if AWS will let me do an int'l intra company transfer in a year

they're supposedly more strict than other FAANGs

or managers take transfers more personally

I believe it's easier if they're setting up new offices

Anything specific to mention or suggest on the work part? 🙂

www.jobs.ie
www.irishjobs.ie
ie.indeed.com
LinkedIn jobs too

they'd be the main job sites

So nothing specific, just generic "there's lots of openings and opportunities" 🙂

Amazon, Microsoft and Facebook all hiring right now. There are other companies like Zendesk, AirBnb etc which I'm sure are hiring too. Lots and lots of tech companies here. My won company have minimal engineering presence here

large selection of financial companies too

good time to look at new job too, turn of the year brings new budget/headcount

Anyone here did or is doing a master's in cyber security? Is it worth it for those who have practical experience? What about research opportunities? Is that a thing?

@willow island neal bridges talks about this on his twitch stream, cyber insecurity, and says you don't need it, but if you have a passion for it you should do it

It really depends what you're looking for. A MSc in Cybersecurity can be beneficial to your career with the skills, knowledge and experience it provides, the accreditation itself and it can help you in your pursuit of whatever your goals might be. Most 3rd-level courses do require you to do some level of novel research in the field within the spectrum of the course but they usually give you a lot of freedom to decide for yourself.

It can be a good compliment to other certifications/accreditation/achievements/experience and it never looks shabby to have one. It isn't essential but it can help when you're looking for a change in your job, either going up the ladder or into a new environment

The school I went through for my Masters had several certs tied to the degree as well, but most of it was paper writing and researching. I know that some companies don't always look at if you have a degree or not, but there are some that still have requirements around degrees. If the job posting doesn't have anything about a degree in don't be afraid to ask in an interview what the companies philosophy on certs and degrees are, most hiring managers will tell you.

Thanks for the replies guys 🙏

My standard response is never to get a Masters to break into cyber. It can be beneficial to your career is you are already in cyber

I agree

I used mine for the transition, but I had many years of other training to go with it.

i tried the basic penetration testing and i couldnt get pass the second part

i really need some help

#room-help

Thanks for the tip. You mentioned not to get a Masters to break into cyber. I’m transitioning my career from litigation to computer science. I got into a Masters program that doesn’t require a background in comp sci. What if I got certs and applied to entry lvl IT positions while completing my program? Is that a decent route to break into cyber or no?

yeah generally, getting certs is how you break into cyber. A Masters just generally won't do anything for you in getting established, it could help later with promotions/management.

I see, thanks for answering my question 🙏

Before I spam this channel: If I knew of open positions, should I post them here? I'm not a recruiter, nor do I get a bonus. It would just a public service 😉

a mod might post them for you in #jobs-board if you ask nicely :)

Ah! Overlooked that one! Thanks for the hint.

Just out of curiosity.
Is having linkedin a necessity?

@warm hinge if a company want to see your face. That is the first place they would go to

or check your work history

I just know how its such a great tool for OSINT and information on targets.
Just seems funny to have one.

I mean, it's about as reliable as a CV/resume in terms of authenticity

And seeing a face gets a bit sketchy, because discrimination lawsuits

I have always felt kinda cringe about the whole idea of linkedin

People Keep saying to make one but something is stopping me.
I respect privacy and it feels kinda invasive. Just to hustle for a job?

and trust me they will google you up before interview

Often, that's handed out to other companies

I would prefer to have a website/blog to showcase myself instead

this is US

based

Especially in the UK, because of discrimination lawsuits. If they hunt you down your say... Twitter and see you're gay or have a disability, they might end up having to prove that isn't why you got the job

It's liability

Disagree about the authenticity of linkedin - it is WAY easier to fabricate and build a network of fake endorsements and job history. Only reason I have a linkedin, I have friends and colleagues who would be offended if I didn't add them to my professional network.

That said, it isn't totally useless. But when I was on interview panels, the only thing I wanted to see was the CV

Yeah, it's super easy to fake your employment history, it's the same as a CV/resume in that respect

I guess it just comes down to personal preference and the type of job you are applying for i guess.

@willow island My friend had a master cyber security. Unless you are very interest in academia, like teaching and doing research for the school I won't recommend you to get it. My friend also do cyber security research for the school, they pay really well. Make sure that your school had a cyber security research center as well. Avoid for-profit college

I just don't like the whole vibe....feels like facebook

CV is usually easier to trackdown the job history though. I have direct knowledge of multiple fake accounts with networks and 'verifiable' job histories in different sales positions and fields

CV is usually easier to trackdown the job history though. why? It's the same info

You worked at xyz for time doing abc

Social engineering.

What?

Ive always prescribed to the idea of doing things yourself and linkedin makes my cringe a bit

I don't want to skirt the boundaries of possibly promoting unethical behavior - happy to talk about some of the experiments i have seen run on LinkedIn job histories with your OK @quick forum

The point is, you have the same info on both documents

It's no different

@warm hinge you can make a blog to showcase your work instead if you don't want to make a linkedin.

I would rather have a blog/website and be active in the community.
Instead of going the LinkedIn route...

I made a blog yesterday which im going to keep working on

It is - it is very easy to get references for work never performed in a totally unrelated field by endorsing and saying something positive about a total stranger

I'm JUST talking about work history.

LinkedIn just looks and feels like facebook for jobs.
And i hate facebook.

but then again, having a linkedin will boost your chance. Some companies do not have HR so they hire people directly based on your work but best way for them to see it is from social media like twitter and linkedin

As am I - While most companies and recruiters do verify employment by calling HR (as they should), there are a lot of lazy people who will take the easy route if possible.

Makes sense

I have a blog, github, and twitter im just going to keep working on it

And stay active

if a company doesn't have anyone doing HR, that's a huge liability. Without an employment contract, I'd be very leery about signing on.

you can do research on their work before joining them

like talk with past employee

like if you work for a team of 15 people. I don't think you want an HR. It's likely your company won't be hiring a lot.

thing like crowdstrike then yeah

but small company naw

and security engineer hate HR lol

I've started my own cybersecurity education journey with a blue team and I have one question: if you need to pick one trending branch with a great future potential, what it would be? e.g. Cloud services

Thank you. I have an interest in research, but I'm not sure what type of research cyber security has in the academia. Cipher's security? Not interested. Finding vulnerabilities or performing security assessment of software/infrastructure/etc, sounds cool. But you are right, might not be the best path for me right now

Hello everyone. New here. I'm trying to learn cybersecurity. Any advice from anyone on where to begin or what areas I need to look into will be appreciated.

Netowrking, networking aaaaand networking

In short, lots of networking

Thanks Vertey. I been studying a lot of networking so I believe I'm on the right path.

Of course you are! TryHackMe has amazing modules on networking

Also the INE course for eJPT covers a lot

https://github.com/ED-209-MK7/5pillars/blob/master/5-Pillars.md

Maybe we should pin this guide in here?

What IB subjects would be worth taking for a Computer Science related degree? I'm kind of scared of HL maths (and I heard that it's required), although if I push myself it would be possible

for compsci HL Maths for sure, HL maths is literally year 1 of CompSci 😄

if i had to pick 3 a levels (idk about ib) and compsci wasn't one, I'd do maths, HL maths, Biology (biology heavily influences artificial intelligence)

Thanks Bee ^^

@fringe spade for what its worth, my friends that did HL maths cruised through compsci while i struggled, the first year or 2 years is just HL Maths, the final year is just your diss and some little modules that you think are cute 😄

If only Maths was cute... 😄

it is, you just gotta learn the fun stuff :))

https://www.youtube.com/watch?v=kbKtFN71Lfs (first 4 mins is boring but the rest will blow your mind)
https://www.youtube.com/watch?v=AAsICMPwGPY&list=PLt5AfwLFPxWJeBhzCJ_JXdaIXi_YJl7Bh
https://www.youtube.com/watch?v=WUvTyaaNkzM (great series)
https://www.youtube.com/watch?v=elvOZm0d4H0
https://www.youtube.com/watch?v=4Lb-6rxZxx0 (this one comes in handy IRL all the time for me)
https://www.youtube.com/watch?v=8t1TC-5OLdM (this ws diriectly relevant to my degree)

that chaos video is boring for like the first 4 mins btw but just watch it 😄

Going to watch them after school 😛

The Khan Academy is a fantastic resource for learning Math at all levels

i am 17 years old Can someone you help me with d any connections in Singapore pour so that i can connect with the people like hr or recruiters in cyber security here and get to known what are the requirements here to get into corporate it would be my great help am from India traveled to Singapore our for my studies its really tough for me to build connections thats why if someone can pls do pls pm me

If people like Numberphile, make sure you check out Computerphile too. The way the guests describe concepts has helped me crush interviews before.

Computerphile is great! I saw most of their pentesting material and I can tell it's great. I even watched them once more after every single OSCP module that they had a video on to understand the topics better

LinkedIn?

👆 I think that would be a good starting point. Search out some local IT Security groups on LinkedIn and start getting involved in those communities

Hey, should i do a 3 year diploma in cyber security or a CS bachelor's degree in Canada, if i wanna do solely cyber sec ?

Bachelors in CS is always a winner especially if you want to branch out in other cyber fields. I know the CS majors that I have hired are very experienced in coding and scripting which is a huge benefit. But a degree in just Cyber will get you in the door also

Bachelors in CS is always a winner especially if you want to branch out in other cyber fields. I know the CS majors that I have hired are very experienced in coding and scripting which is a huge benefit. But a degree in just Cyber will get you in the door also
@glad cipher so is it worth the extra year and math ? ( im guessing CS is more math heavy)

The money is worth it since it is technically a engineer degree. That degree usually has 3 semesters of calculus, so it is much harder

Thank you.

always CS 👍

fundamentals a plenty

I know people in CS who make quite a bit of money, even while they were in University. So CS is worth it. Do note, in Canada, CS is not an engineering degree as in Canada, engineer is a protected title (like medical doctor or lawyer). If you do want an engineering degree (in Canada) you can get a software engineering degree

I was not aware that CS wasn't an engineering degree like in the US. Good information thanks

Not a problem!

CS is an engineering degree in the US? what makes it an engineering degree? (I have a BS in CS)

Depends on program. CS is usually attached to the Math dept, but some uni's throw it into Engineering. Software Engineering is usually a completely different degree than CS, if both are offered

Oxford & Cambridge classifies CS as a Bachelors of Arts

https://www.cst.cam.ac.uk/admissions/undergraduate/undergraduate-course-overview

I don't think the BA / BSC / Eng etc matters too much tbh in the UK, especially with Oxbridge classing it as an Art hahahah

iirc it comes from Mathematics being a BA, because back in the day (idk when, like the 1200s when Cambridge was founded) mathematics was seen as an art? Not 100% on it tbh

I guess it's an art channelling your patience so you don't get frustrated at the computer when it doesn't do what you tell it to, a form of meditation if you will

The speed at which we browse stack overflow is an art

In the US the difference seems to be how many science and maths credits are required for the degree. My uni offered CS degrees as either BA or BS, difference was an extra required physics course and a required math minor

That makes more sense in the US, in the UK we don't have minors, majors, or credits so it's a mystery for us

We have credits at my uni.

Even as part of engineering department, I never saw it as an engineering degree. My CS program was part of the Math department though

I agree - the only exceptions I really saw, were the CS students who were working in the ML/AI/Robotics labs. In a lot of ways what they were doing was more in line with EE than CS though

Definitely robotics as EE. I've never seen any classes for ML or AI in EE though

(I have a BS in EE)

Using machine learning and the like, is encouraged in EE as an experimental thing, I'll add

We had ML and AI in undergrad but the software side

That's super cool

I definitely want to learn more about ML/AI as a goal

Is this even worth looking at?

https://online.stanford.edu/programs/stanford-advanced-cybersecurity-certificate

You have a BS?

No, I want to boost my chances of studying there or any other college

It doesn't look too complicated

except it requires a BS

It is recommended that you have the equivalent of a BS in Computer Science, or a background in cybersecurity.

but honestly, it seems more geared towards those already in cyber security or maybe trying to get into it

those are most likely not academic courses though and seem to be very superficial

does it hurt? probably not, will it help you get into a college? again probably not

It is just a "certification", you can get a lot of that learning elsewhere

nah what it looks like is a lot of universities have 'professional' programs meant for working people, lots of the schools with professional graduate degrees have made shorter, graduate certificates

yeah, it doesn't look like I will learn much more than after OSCP

is there anything except for good academic results that may boost a college application?

that is what i meant, I have run across it several times

extracurriculars, volunteering

It depends on the college and their requirements, I was able to bypass some of my masters requirements due to other things I had completed

(obviously volunteering is challenging these days)

like if you spoke at a conference, even an online conference, you could reference that as an extracurricular

would "real" certifications and a blog for example help with getting there?

I think it'd be taken in consideration, again depends on the college, are you looking at state schools or private?

private, I'm starting IB this year

private schools are going to want more community investment, volunteering, leadership, etc

(I like to plan things in advance)

and it wouldn't hurt to google the school name to figure out how to increase your chances for that school

things like if you are the President/VP of a school club is great

organize/establish a club, even better

volunteer at local senior center (when able to), play in the band

I did this and also got some ideas from such sites, but wanted to hear opinions of others. Thank you very much! ❤️

my first college was private and was accepted into every private school I applied, those were the type of things I did, but with online things you can be a bit creative

I will try to follow these steps, thank you ☺️

I have a security engineer interview coming up, what kinda things should I study to prepare?

@rugged sable i had one yesterday and a few of the points were around regex, server hardening techniques, and a few of the ones i previously mentioned ^^ such as choosing log sources

uhoh

regex

that sounds completely different from my job description

i'll dm you the job spec that this was for

Bee...feel free to dm me the job listing as well

(security engineer is a common job title for many security positions)

i really dislike the fact that this BS in Computer Science is so highly regarded

thank god for certs

honestly, degrees in general are often considered a bare minimum, BS in CS is a good stepping stone

Over here in the UK, it's (degree||experience)&&cert

I feel like

Having attended college

I feel like much of is theortical

*theoretical

while the certs are more pratical

They are still written exams but require you to have a decent amount of practical knowledge with the stuff you're taking the exam on

well there is a fair amount of theory and some doing, but theory can be a good foundation but the other aspect is really degrees are so common that when you don't have one, it can be a disadvantage

there are plenty of companies in the US at least that won't hire someone without a degree for a technical position

and even for those that will, it's hugely restrictive to your salary and upwards mobility

I have a friend who never finished her degree and its made things a lot harder for her

true true

its messed up lol

college degrees are worth dirt these days

yeah that is why they are mostly a bare minimum

can you give any info on the job description?

Be much easier to advise if we knew what the job entails

do goverment hire hackers i would love tu work for govermnent

America - NSA
UK - GCHQ, NCF

i am not american btw

Country?

india

???

With a quick Google looks like they out-source it to 3rd parties

wht can you bee more specific please

They hire people from other companies

It's more like a short term contract

ohh thanks vertey

did you just went to quora

they probably googled it, the same thing you should do lol

90% of my answers are googled 😄

its funny how that works, isn't it?

googling is pure art

btw, which of your certs brought you the best knowledge and recognition by employers?

OSCP

Is there any certs for secure software (writing it)? Or am I better off doing like AWS Security certs haha 😄

I don't know of any specifically for writing secure software; there are guidelines from various frameworks about what that framework considers a 'secure development lifecycle' if that helps. PCI has a pretty good 'here's what we expect from a dev writing software to be used in a PCI environment'

Pretty sure there is a NIST SP 800-something guide as well

I'd probably look at the vendor neutral certs unless you've a lot of XP with one specific platform << the reason I did the AWS sec cert

CSSLP

https://www.isc2.org/Certifications/CSSLP

pretty sure that site's cookie policy is illegal in Europe...

at least it breaks GDPR

Also, the site mentions Flash player and Flash cookies. Uhh.

Not sure if this is the correct place to ask, but does anyone know of any US Based schools that are like Abertay University in the UK? They offer a completely immersed cyber/ethical hacking 4 year program where you learn just that.. no filler like most universities... but yeah, trying to find something accredited like that but in the US. @ me if you have any ideas. Thanks

I expect you're going to have a hard time finding something accredited for that. As I understand it, almost all accreditation for bachelors degrees in the US has additional requirements to get a degree.

Aside from that, I would argue that someone with that level of technical hyperfocus will have pretty limited career options. Most jobs in The Real World (tm) will want someone with a bit broader of an education than the equivalent of "I spent 4 years getting a bunch of certs", which is what this program sounds like to me,

Sounds like WGU

https://github.com/alex/what-happens-when I'm doing some research and came across this repo. This is a way over the top description of what happens but super super informative 👍 It comes up in a lot of technical interviews so it is worth reading and starring

The closest thing is going to be the SANS BS, I believe it is at the University of South Carolina? But the problem is that in order to be considered a BS and be acredited, you need certain requirements. From what I understand from the UK, their equivalent of junior/senior year to the US is spent doing what is equivalent to the first 2 years of college, which is why they have programs focused like that

Zojja, we don't have major/minors, and your compsci degree won't do physics

It will do maths, because maths is relevant to DS/ALG

Thanks... im located in US, but i thought the BS program for cybersec at Abertay University seemed pretty good.. almost seems too good actually lol but they dont offer it online, and im not trying to move there

I know that there are a few online schools that are focused that way, Western Governors is one, there were a few others as well

where did you get your OSCP cert?

There's only one place you can get them

Direct through offsec.

Yeah, it's an extremely good degree.
We do have some American students, and funnily enough it is all online just now, but that's a minor miracle they managed to get it transferred. It's usually a fair amount of time spent on Campus.

Funnily enough I think that’s a recent thing, very few CompSci programs when I was in undergrad didn’t require physics. I was thinking more about the foreign language, humanities, literature, history, etc requirements that are part of the first 2 years of college in the US

Yeah we don't have that at all here

I haven't taken a language since I was like 14?

is 0% unemployment rate in security a fact or it just a false lie to lure people in ?

I saw so many articles claimed this lol

Maybe RAW does recruit openly.

Though there a few discreet companies known to operate with the tacit approval of the Indian authorities.

i dont think they are world leading intellegence i dont think they hire many

Who knows what they're?

They're secretive as hell.

Even for what they do.

ohh really i did but i found same answer he gave on quora but it was 2-3 years before thats why i was asking

true

i think you should delete this or edit this message

The Western agencies declassify stuff, India doesn't. The Russians and the Chinese get regularly indited by the US DoJ. The Pakistanis and their ilk are under a degree of public scrutiny, because known offenders.

India's intelligence apparatus is AFAIK a black box.

Hi can anyone experienced tell me what's the chance of success for someone with social anxiety in cybersecurity in terms of job/carrer .

You will have to work on communication regardless, it not something you just sit and do thing on your own. Gotta tell people what you do like report your work back to the lead. Unless you want to do bug hunting

soft skill is a requirement for all role anyway

Both my husband and i have social anxiety and we are in security. I had a phone phobia when I started working in IT. I’ve worked through it and got better, and more confident. It certainly can be done

It really depends on a few factors, where you live too. In the US, I'd say if that you are flexible on where you live (if you live in rural US vs larger cities which have more opportunities), you keep up your skill set, you are always learning, then the chances you won't have a job are small. The initial break into security can be difficult but if you are persistent and do what you need to do, it'll happen

Hi guys, where should I put the url of my THM public profile on my CV? TIA

I would think it depends on where you are in your career. If you are just starting out or in a junior position, I would put perhaps mention it in your cover letter or career profile/goals section (if you have one) on your CV/resume

if you were more mid-senior level I would consider putting it under Education

that's just my opinion though, hopefully other members chime in

Appreciate your opinion @spice yacht , I intend to prepare a CV for a Help Desk or IT Support role.
I am not sure whether it's relevant to put the mentioned url in that type of CV

I understand. Given that THM has a number of Windows/Linux/Networking courses, you could state that you are using it to build upon existing knowledge in those areas and also expand your knowledge in the security realm

That sounds clever @spice yacht
Thank you 😘

👍 best of luck with it.

Any tips on how to handle stress in this line of work? Starting to get to me woke up like each 30 minutes last night...

That's a tough one. At least take your time off. Try to do something totally different. Disconnect.

You need to learn to keep work at work and do things you like to do on your time off. Also take advantage of PTO. A lot of companies are starting to have unlimited PTO so that burn out will stay at a minimum. If it is goals and/or projects keeping you up at night, you will need to make reasonable deadlines and try to keep them

Yea, i need to learn that, i started working now on a friday on my freetime now too... kinda need to :/

Also try to have a different hobbies that don't include a computer. Not saying don't ever use a computer on your free time just have some other activities. This has worked for me

Yea, i've noticed that works out well and physical activities.. Hopefully this will slow down a bit after this iso certification bit is over.

How much time do people actually take off with "unlimited PTO"? We have a minimum mandated by law, and it works fine. Almost everyone takes their time off.

It depends on the employee. I usually take no more than 3 weeks total throughout the year. Others take a bit more or a little less. It mostly depends on the clients needs and if you have client work that needs to be done first. Also taking more time off can affect your bonus if you are a security consultant since it is based on billable hours. But most companies have down time between projects or client work.

Ah it is certification time for ISO. That makes sense why you would be a little stressed out.

Yeah and recently became CSO 😄

what does unlimited pto even mean

sounds about the same than the folks in my company take. We have at least four weeks per year off for everyone. And local clients take their time off as well.

"Be off as much as you dare to"

ahaha

And usually that's not a lot.

is that legit it

Nah. But typically people don't take a lot of time off.

Technically you can take off as much time as you need. For instance you want to hike Europe for 5 weeks then as long is it ok with the boss and it doesn't interfere with your assigned work then go for it. But most people respect the company and don't abuse the unlimited PTO

interesting

so basically, as long as your current project is complete, do what you want

I've seen European companies give extra weeks or a month off at times. And people tend to use that benefit.

Pretty much. But members on my team usually take advantage of the down time and study for certs, take training, etc

I barely take the PTO I am given in a year, not sure what I would do without a limit

For example Arm gives employees an extra month off every four years - in addition to the time required by local laws or other regulations.

an extra month woa that's spicy

Well I still have two weeks left of last year's vacations. I guess I could take some time off at some point, but don't really know what I could do, as I would travel in normal conditions.

hey, recently completed my CCNA, have my security+, spend a lot of time on THM doing boxes, if I want to land a job redteaming or blueteaming should the next step be OSCP?

you can deffo get an entry level blue team job with that

oo maybe i should just start applying to a lot of jobs

i got job as soc analyst with just ccna so you should be good

(and network exp but in general soc's love networking knowledge)

@tawny eagle

If you plan to red team I would move to a lesser cert like CeH and then to OSCP. A lot people including me fail the OSCP first time around and that is considered one of the top for red teaming. Also CompTia Pentest+ is also another good cert before the OSCP. However if you are advanced in your skill set then go for it.

Blue team usually don't need a skillset like OSCP but it still can be useful. So before that you should look at Network+ since it is not asset specific. I would go for threat hunting, forensics, or reverse engineering certs if you go blue team. Just my 2 cents

oh yeah i know

i failed oscp too lol

i've bought the retake though so just need to reschedule

I am going to retake PWK since it now includes more AD exploits and vulns. I took the test originally 2 years ago

do you have the updated material?

I will, my company is paying for the new course and testing

aw that's nice

Unless you're in India, CEH bad

Why is that?

I know it is a no nothing cert but it is a beginner cert. The new one has a practical as well as written

im definitely starting to lean towards a purple-team skillset given the wide availability of blue-team opportunities around me, don't wanna pigeon-hole myself into offense

CEH ticks some boxes but the new DoD Pentest+ approval makes that a much more viable choice for the US

What I was told the other day is CEH is quite outdated

If Pentest+ was available when I took CeH, I would have definitely took that instead

It's not a good cert.