#cyber-and-careers

How hard did you look because I’ve already found multiple manuals and articles on it

wow

how much does it cost homie?

Sounds like a weird homework question

If Steve buys 20 univac 9000s and Bob buys 10 univac 9000s, how many does Alice have?

42

helloo i was wondering if anyone here holds the GCIH certification. if you do, i would appreciate if you'd PM me as i have some career related quetions

GIAC Certified Incident Handler?

yes thats the one

Which SANS FOR course relates to that one, I can't remember? 508?

it is offered by SANS but im not sure of the course name, i am only familiar with the certification name

i'm just wondering how respected they are in the field

and whether they have the potential for an entry level incident response role

I don't have that certification, but I imagine any GIAC certification is well respected.

i see, thank you!

SANS/GIAC is imo THE most respected certification vendor in terms of content and job eligibility. IMO it is also far beyond an entry level cert

okay but i hear OSCP is also a top-ish level entry cert - i know the OSCP and the GIAC Certified Incident Handler are aimed at different purposes but would you say the GIAC one is more respected than OSCP? or maybe on the same level?

Has anyone taken the PenTest+ after utilizing the PenTest+ path on TryHackMe? I was wondering how well it prepared you and any other resources you might recommend...

Download the PenTest+ syllabus from CompTIA, which shows an overview of the exam learning objectives. Compare it to what is covered in THM's PenTest+ Learning Path. 🙂

Oh I'm going to do be doing it, and I understand that it covers everything on the test, but the PenTest+ is so new that there isn't a lot of info out there as to what constitutes 'the best' resources, I was just seeing if anyone had first person experience with it

Probably most of the study guide style of information you would find in books, like: CompTIA PenTest+ Study Guide Exam PT0-001 by Mike Chapple and David Seidl. Supplement that with THM's hands-on Learning Path, you might be golden. 🙂

I would say highly respected.. at my husband's work, although he doesn't do IH... almost all of them are expected to have GCIH

thank you, this was practically the answer i was looking for. would you also say that what you during the GCIH certification, could come in handy if i choose to pursue the OSCP?

they are 2 different arenas, I haven't taken the GCIH or the class for it... so I can't speak to that

gotcha. thank you for your input!

anything by GIAC is top of the top period

there is a reason SANs is 7000

Network Chuck

This will help me learn hard way

Hi. I'm a student in first year, so I was wondering when I should start worrying about getting certifications.

I'm still learning and I know that I'm still at the beginning, but I wanted to know for future.
Also, it's possible to get a decent job without any certs?

A few hundred/thousands dollars are a bit spicy for a student raported to my country's economy lol

And what certification should I get first? I like the offensive path more if it matters.

@mystic river most folks wait until they have an employer paying for certs for them; however, they do definitely give you some talking points for interviews.
It is possible to get a decent job without certs, but it generally relies on having good contacts in the industry. In fairness, that applies even if you do have certs. I would suggest networking as much as you can. Hang around communities like this one -- make friends. You never know when someone might have an offer for you. Equally, conferences are obviously a lot harder with Covid, but if you get a chance to go to some, take it! Virtual isn't quite as good for networking but better than nothing.
The goal for entry-level offensive certs is usually OSCP. If you're in Britain then CRT (much cheaper) is a good bet instead. If you're in India, CEH (expensive bs though it is) will help you more.
For a first cert, a lot of people go for eJPT. It's a really nice introduction to offensive stuff, and the training materials are free. The cert itself is $200, but I would argue well worth it because it proves to potential employers that you're committed. Once you have a job, your employer will often give you funding for other certs.

Oh. I didn't knew that employers actually give people fundings for other certs. That's great. Thanks for the info, helped me a lot.

Np 🙂

Hi guys,
There is a bitcoin company(startup) in my area hiring cyber security analyst.
I'm wondering whether I should apply to that job, because the word "startup" kinda remind me of "long working hours"? I looked up glassdoor for that company and there is only one review, the guy was a client service representative and he mentioned that there is no lunch hours if busy. Is this a bad sign? (But this is a cybersecurity role instead of client service representative roles, so hopefully things may be different?)
Is it usually longer hours than big corporations? Please advise, thanks

eh missing lunches is a fairly regular occurrence for me so thats not really a huge deal but startups are kinda iffy to work for

on one hand they'll hire people with little experience just to get the ball rolling, and your pay will usually be commensurate with that fact

and also job security is a concern, you could be out on your ass in a couple months if the place fails

on the other hand it could be an amazing opportunity - my advice is if you are in a position to take on the risk the experience would be worth it

My major concern is the working hours as it's pretty far away from where I live. Also, may also need the experience proof/sponsorship for my future security cert requirement

Lunch hours exist? You kind of fit in food when you can

@covert cobalt by any chance, does the company start with P and end with x ?

Question: If im rank 4000 on THM what percent am i in?
I was thinking of putting it in my linked in bio to show experience

Top 1%

But bear in mind that rank doesn't mean a whole lot

yeah i know but its for the gatekeepers

I have never worked in cyber and anything helps to showcase experience

Yesss, that it does

Damn gatekeepers need things easy to understand

Probably useful to add the duration of having been on THM listed as Continuing Education for Ethical Hacking and Cyber Security, covering both Defensive- and Offensive Cyber Security hands-on skills and methodologies. 🙂

This is great advice! thank you.
Im new to linked in and just setting one up now.
Is there a Continuing Education profile section i can add?

I have only worked hospitality and sales and i don't really want to put that in the job section im not sure if its relevant.

I put my jobs relevant or not on my resume

Shows work history

yeah you need to put your jobs there

hmmm i see, so i guess i will put my sales and hospitality jobs.
I just dont seem to have relevant jobs to put.
I guess the soft skills and management experience is a good thing.

honestly, showing the fact that you worked for someone/on a team is very valuable

By putting those jobs there it also allows you to show other skills that you may have developed or problems you may have solved

you don't have to emphasize those jobs, but they should be listed, a few bullet points each is sufficient

Yes very true, i tend to suffer from impostor syndrome because i have never had an IT job but i know i have marketable skills

I just want to put my best foot forward

Everyone goes through that. Don't let it eat you and you'll be fine

Everybody had to start somewhere whether they like to admit it or not

Yes your right, i guess its a very common thing among people unfortunately.
Im going to get to it and put some of my good jobs i have done down.

Put them chronologically as well

Thanks for the advice people i really appreciate it.

good luck 🙂

I want to get out of my current job so bad and its all i think about

I want to do something i love and not dread going to work

I need to be challenged every day or i get bored and depressed

How would u guys show tryhackme as continued education/learning on LinkedIn? Carrying on what cyber was asking prior?

Personally I have a projects section on my resume

In it currently are my senior practicum and my homelab but I also change it because each application I put out had a custom resume

For my job I have now it was my Homelab and Digital Forensics/Cyber Defense Practicum. Then I also had Network Security Practicum which was offensive

My god this is very strategic

Applying for jobs is in itself a full time job

Got ya. So lets say writeups someone post on the git or there own website. U would throw that under projects correct?

Like u post it but would I just leave it like that or would I create a section to emphasize my writeups?

Do you use the Skills & endorsements section?

projects, or perhaps a "community engagement" or "continuing education"

So for me coming out of school it was Education, Certifications, skills, work experience, extracurricular activities, and projects

you'll probably find that on linkedin, you will get a lot of recruiters contacting you each day, just from keyword searches on your profile

And im assuming you put this in your resume and not a linkedin "add profile section" right?

Im guessing that comes from the skills section correct? @light urchin

probably everyone has a different format that they prefer

Ah okay, im just trying to learn the best way to professionally format my LinkedIn

for me personally, I have a couple paragraph blurb at the top of my LI page. On my pdf resume, I have a qualifications section, which is just bullet points I want to emphasize at the top, and then a publications section, at the bottom, with work experience and education in the middle

honestly, I don't think many people read LI pages. Not for the initial contact

recruiters do a keyword search, and spam you with a form letter

Education was where I went with GPA and then a rotating list of courses that I would change depending on the job. Skills was certifications, software I've used, technical skills, and then programming languages I can write in or read. Experience was past jobs. Extracurricular activity is to specific a section for here but it included a club where I was a junior administrator for the university. And then projects as I mentioned were CDP and Homelab

This is some good stuff, thanks moose and empty

The entire skills section would change as well per job application

it also depends on what stage of your career you are at. As a recent college grad, focus on skills/classes/side projects/community engagement, since you have no work experience to speak of

Yes

Yea thats me currently

later on, you can focus more on what each job's duties and accomplishments are

Great advice same here

and if you are still in school- try to get an internship, or a few

I'm 6 months in to my job now but I still don't think I would move away from my Uni stuff yet

looks great on a resume, but also will help you figure out what you like and don't like

yeah. After a couple years on the job, education isn't that important anymore

unless we're talking graduate degrees

True. Or if you're trying to switch into the field your degree is in

right

I'm kinda straddling right now

I also skipped junior somehow

I've interviewed and hired a LOT of people over the years. I can say that the things I look for are enthusiasm/personality, and passion. I'd gladly take a college kid with few skills who spends his/her free time learning/tinkering for fun than someone with more experience but no enthusiasm, or a pain to work with

Lol

The last thing is a sticking point

yep

I'm so glad I was forced to take public speaking courses as part of my degree

someone hiring a fresh college grad/intern/etc. isn't expecting you to know everything. Just that you know the basics, and know how to learn. And showing that you're enthusiastic about it with side projects/THM/github repos/blog posts/youtube howto vids, that says something

I would hope so

People also thought I was weird for buying a Dell R710 to tinker with

those were the wrong people 🙂

I have a few laptops, a separate network, raspberry pis, etc

I would agree but not everyone gets that memo. I've got scars man... Lol

lol

Yeah ive got almost exclusively dell gear, R710, Inspiron 660s, Inspiron 620MT, and a pi for a camera time-lapse project. I'm prepping for a storage server right now

Honestly need to think about getting a rack because it's getting messy lol

I used to have a server rack. Got rid of it to save space

Yeah ive been eyeing a 42u lol

I think its welded though so that's a no bueno

With that size rack though I would put literally every piece of electronic equipment I own in that

42u is a beast. I had an 18u and it was plenty for me https://smile.amazon.com/gp/product/B003WAT7WC

Yeah we have some extra big bois where I work

I think one is 48u? Maybe bigger?

ah, yeah, if you are getting them cheap as discards, then get what you can

Like im pretty tall and I stood next to it and I had to look up

yeah, and also think of how hard it's gonna be to lift a heavy server that high

Oh yeah we can't take any of the extra gear

I had 3 UPS that were 2u each, I think, and like 100+lbs. Just getting them into the bottom was tough

I don't think OPM would like $10000 racks disappearing

Or whoever handles overall procurement

military?

No but gov

sometimes you can find really good deals on discarded stuff from military and gov

universities too

yah you right man

Yeah I'm in between like 5 mil bases so much stuff

https://www.govplanet.com/ is one I know of, but there are others

DC is an absolute goldmine

yeah, call up the DRMO office and make some friends

govdeals is another one to look at

Yeah there was another that I'm thinking of but I think it was vehicles only

I was scrolling one day and there was a 270' PSV for sale lol

It was mad cheap too

Big RIP to all the sysads dealing with exchange right now

hey can ya'll give me advice on whether i should take up an internship that has nothing to do with my bachelors nor my field of specialization, which is security, is internship experience that important?

i need to log about 500 hours for an internship to graduate for my bachelors and quite frankly i've been struggling to even find remote IT/security internships online and those that i have applied in and interviewed with doesn't reply to my emails

sure go ahead any experience is better than no experience

in my job interview they made me redesign TryHackMe architecture even though my job at TryHackMe was not technical at all

they knew I was though

the job is an accounting associate and its unpaid too

i got interviewed for this infosec intern position at a financial company, they said i'd get a technical interview and praised me for my certs but my friend who also applied as infosec intern who didnt know a thing abt info sec got the offer, but he worked in mcdonalds for 2 years so i guess thats that

yeah some experience is better than none

or i could turn it down and spend another 2-3weeks or so applying and waiting for available IT internships? i've sent a few emails but the process and response is very slow, in fact i earned a technical interview with trendmicro but havent got a reply yet

I would never take an unpaid internship - what you are doing is still valuable to the company - essentially it is on the job training. if you are a good intern and positions are open, there is a very easy path into full time employment; if nothing else, a good internship builds your network for post-graduation applications

infosec internships, really, any internship, shouldn't make any assumptions for qualifications or background. my advice, always, is that if you are applying for an internship that is going to put you on a path for any kind of engineering or development role, do not accept unpaid. if the company isn't paying you, they don't see you as a potential asset

Hey, so it seems like a lot of people say that for someone entering infosec it's a good idea to find what specific area of they're interested in. I'm kinda looking at incident response and threat hunting. I was wondering if anyone who had any experience in this could weigh in on how the day-to-day is.

haven't done any threat hunting, but i've done some ir, what specifically do you want to know?

I know this isn't exactly what you asked, but this is great for anyone interested in DFIR https://dfirdiva.com/

check out these modules on thm, they'll help give you more of an idea of what tools are used within this area:
https://tryhackme.com/module/incident-response-and-forensics
https://tryhackme.com/module/threat-emulation
https://tryhackme.com/module/threat-and-vulnerability-management
https://tryhackme.com/module/security-operations-and-monitoring

and I've done some limited IR many years ago but I worked side by side with people who did both threat hunting/IR

I guess I'm curious as to how things are like in a "usual day" and if there's anything in particular you find fun/enjoyable about the area

I'm not married to any particular area so I'm definitely open to checking this out too. Thanks for the resource! I will definitely read this.

I think on some level IR is similar to pentesting in you are trying to put things together... but you are also trying to put a story together... what happened? Can you trace what happened? what was the point of entry, how long were they there, what did they do while on the system/network

of course if your life is good... IR is a small portion of the job 🙂 or you work for a MSSP, which provides services to multiple companies

and I'll say my view is skewed as I only provided support once an incident was confirmed, so I didn't have as much purview of the various possible incidents that were investigated and turned out to be nothing

I see! I've been kind of under the impression that IR can be stressful, but it also seems pretty exciting. I do like that "investigative" aspect of it.

Ah, I see. I was pretty curious about whether people in IR had to deal with incidents every day or if it's like a more occasional event.

I think its a mix of handling investigations to determine if there is an incident and doing stuff to increase ways to get indicators/information about incidents

and a full blown incident can be stressful as its a bad day for your company

Oh okay, that makes sense. I was a little apprehensive of pursuing IR if it's dealing with full blown incidents all the time.

hopefully not unless the company's security sucks

lol fair!

Thanks for the insight!

@warped moon sorry i got caught up. depending on what size you company you work at, as an ir analyst you won't always have a potential breach that you'll be able to work on

so you might also get to do things like writing rules

No worries! I'm grateful for the input.

IR does sound like something I'd like. I'm not sure how many incidents I'd be able to handle, but since it'll vary anyway I don't think I'll mind at least trying it out.

I would like to add, having applied to to many IR and DFIR positions relatively recently, companies are looking for people with experience or some sort of previous IT experience

It was one of those "entry level position" that requires 5 years of previous experience deals a lot of the time

A lot of orgs want to see a broad level of experience though they're not always concise with their needs. Even if you don't have 5 years, maybe list specific technologies you're familiar with and to what extent, or any qualifications you might have or courses/modules you've completed.
Look at the job spec and use exact words from it next to the names of particular related tools you know how to use in your resume/cv. You need to tailor your cv for the particular job so it should be an easily changeable template

Yes, I know. I wrote individual resumes for the 100ish jobs I applied to. I was specifically told by a majority of the positions hiring managers that they were looking for more experience

I'm employed now though so everything is good

Yeah I guess it's really difficult to show work experience if you haven't done that kind of work previously and some employers can be really pedantic on actual dates and that kind of thing and they'll use any excuse. Glad you found a job and I hope it propels you forward

https://thehackernews.com/2021/03/warning-new-android-zero-day.html

isn't that #resources ?

:))

Oh oof my bad

One of my teachers told me about one open spot as a Information Security Monitoring Analyst. It's not offensive (i like it more) but as a first job it seems okay. I'm only 19, so I think it's a good way to get some experience.

So she's gonna talk with Team Leader and ask if they agree for me to work 6 hours a day instead of 8 'cause I have college as well, and if they do, i think i'll apply for the job.
So my question is : Any good/fast ways to learn about IR and writing reports at a beginner/intermediate level?

they won't have you writing the reports, but the blue team path on thm has lots of stuff on ir and threat hunting with more coming soon :)

Cool. Thanks. I'll have a look on the blue path on THM then.

Hello
I am passionate about pentest and cybersecurity in general
I would like to work for someone to have experience in the field but I am a minor I am only 15 years old (but ambitious x))
there are similarities?

and another question I am in high school and I do not really know where I should go if I have to do a general technological baccalaureate then a school DUT ...
ps: I live in France

imo you’re not going to get anything at 15

yeah getting professional experience at 15 might not be possible (unsure about policies in france), but if you continue doing tryhackme and sorts, by the time you’re 18 everywhere will want you

set some goals, maybe certifications, that you want to achieve, or maybe do some but bounties to prove your knowledge in the real world

Okok thank u

Hey! I have 0 experience in cybersecurity or coding field. I am a High School Student highly interested in cybersecurity and have read books about some basics like what a trojan is...what's phishing. But I have never had practical experience. How do you reckon I start? Any resources to start learning?

checkout the #resources and #bookclub channels, there is a lot of good starting info

#start-here - check out THM!

Ok thanks a lot

Getting pursued by hiring managers is :lightsaberpepe-1:

I'm leaving that lol

There are quite a few scholarships in france that could suits you after your first degree (bac)

CTFs and bug bounties should be fine for now

what kind of certifications do you recommend to begin with

In France go for the "bac" then a computer science degree, university, engineering school or coding school like 42, epitech, epita. Then spécialize in cybersecurity.
Of course along the road, TryHackMe, Hackthebox, vulnhub.
And cert, eJPT, CCNA, sécurity+, OSCP/eCPPT.

are you saying that you would need bachelor degree and engineering college to be able to work in the Cyber field?

You don't need degree or cert
Its juste an "optimal" path

any alternative to the painful, expensive and long university path? 😄

Hello!

Am an CS student n need some cybersecurity project ideas can anyone help🙃

42

check out this channel. you may find some interesting ideas.
https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA

Thnx

Lol IM 15 TOO

Thoughts on OSWE? Seems decent and quite in depth

@split plank Completed OSWE recently so would likely be a great person to touch base with on it. Seems like a lot of code review and white box techniques

Hey guys...is this the right channel to ask about ap attacks?

OSWE was a lot of fun and learned a ton! But I'd very much recommend getting some experience with the mentioned web technologies. Being able to quickly read and understand various programming languages (C# .NET, PHP, Python, Java, Node) will make the course so much easier.

Only thing I didn't like about it was the focus on white box, it would've been so much better if it was a better balance of white and black box testing

I have experience with 4/6 of those languages, I'll take a look at improving on them, then may jump on it. Thank you for the reply :)

Np! GLHF

Can I get a job with OSCP certification if I don't have cybersecurity degree?

Potentially. I've seen job listings like that. Heck, look at #jobs-board.
That said, certs just give you a talking point -- they don't guarantee anything

Certainly in Britain it seems to be CRT/OSCP + a degree being the magic combination

And of those two, definitely do OSCP from a learning perspective. CRT is arguable more useful from a hiring standpoint, but (like CEH) it's apparently useless for anything other than checking a HR box

It's doable that's for sure. I don't hold a degree but hold OSCP and have been working for 6 months at this point. The main consideration is you have to be going above and beyond. Show you're passionate about the area and know what the job roles requires of you/processes you'll be expected to follow and you should be fine

thanks for replying me Master

https://shop.tmz.com/sales/the-complete-2021-comptia-certification-training-bundle-2?utm_medium=Facebook_Ads&utm_source=facebook&utm_campaign=Prospecting_Comptia3.13RELAUNCH_SaleID%3D169817_3.23.21&utm_content=InterestsDeal&fbclid=IwAR2-8fX--ZjDBWWGbPDUSCgyIANKZzn4Zna9CnI-ZKYktFF71qsIYM-cmxM

Is this legit?
Idk what's the most appropiate channel for this.

I'd air on the side of caution with that tbh

I mean, 4400$ to 69$? Just why?

Assumption is it's just an udemy course, won't include any of the certs with it

That's what I was thinking as well.

Just the prep material, if you feel you'd need them it isn't a bad idea to reinforce what you likely already know

I'm gonna stick with THM and some other courses that I have right now, I just wanted to see if they're legit or not.
Thanks for the info.

people say that doctor messer is the person and its free

We’re is a good place to start to get in to cyberSecurity

TryHackMe.com

Quick question

Can you go straight for the Pentest+ instead of the Security+ if you're mainly just looking to get into pentesting?

If you want to yes you can, PT+ is not exactly recognised tho, unless you're in America and want to go for a DoD position

Ah okay, yeah I'm in the US currently

is there anymore certs I should be working towards as well?

You're most likely better off going with sec+ because that has a lot of recognition and can open a lot of doors

Gotcha, alright I'll stop procrastinating it lol

thanks

You can go for the pentest+ straight off but you really should have a good understanding of all the concepts in the sec+ or similar certs, even if you don't take that exam. Depends what job you're going for. Some certs, like @unreal arrow suggested are good for parcticular kinds of recruiters. Your curiosity and capability are the things they'll want on the job. You should just consider Pentest+ an intro to that career path, there's so much more you can learn, Would help to know some Linux, Windows, networking and scripting too 🙂 Have fun

I've said this before but do not try and pigeon hole yourself before you even start your career. Idk about where you are but around here pentesting/Red teaming is not an entry level position and those teams are looking for people with experience in other areas to make a more effective team

That being said if you do get in on the entry level make the absolute most of it and learn all you can. Good luck!

I need a hacker who can delete a server

@quick forum

-ban @pallid cobalt Joined to ask for a hacker who can "delete a server"

🔨 Banned dexter#9661 indefinitely

Instead he got a server that can delete a hacker.

I wonder how long it'll take to go from no certs to CISSP lol

In order to take the CISSP exam, it requires a work sponsor who can vouch that someone has 3 years of security related work experience. 🙂

and the CISSP is just the basics... there is the associate CiSSP which means you don't have the work experience but anyone can take the test

Oh that's cool

Im not sure which cert to start studying for after THM

Comp tia A+ or security+

sec+ is a good starter cert

Oh great, I'll start studying for it after THM :)

what do you mean "after" THM? are you at a point where you want to start looking for work or already actively looking for work?

Nope, I'm not looking for work

I'm in uni currently and I just want to have some certs before graduating

Rn I studying computer engineering and then I'm planning to do a masters on cybersec

But I want a lot of experience beforehand

why are you going to do a masters in cybersec?

a sec+ would also be helpful to get you internships and what not, worst mistake people who want to work in industry make is not having a job while in college

if you want to go onto PhD and academia track... that is a whole other thing but then you would want to make sure you are doing research now

masters is pretty imp from where im from

thats why

if it wasnt i dont think id need it but yeah, its imp around here

is that Europe?

nope

far away from it a bit haha

hmm ok never heard anyone say that before other than a few European countries

in the states i heard its not rlly imp

but yeah, i want to get certs before going to masters

it would be helpful if anyone here can hit me up and give me some advice :)

sec+ is well regarded in lots of places as an entry level security cert

i recommend studying sec+ by whatever medium you find most hopeful (books, videos etc.) and use thm alongside your studies to help reinforce your knowledge in a practical manner

Brilliant. I heard the sec+ expires in 3 years

Is that true?

i think so yeah, lots of certs have a 3 year span

you can still say you've achieved it on your cv or whatnot, it just won't be active

and if you do any other comptia certs, it automatically renews your sec+ (i'm pretty sure?)

If you are in India, CEH seems to hold some weight

Nope far from India too lool

Thank you guys for the advice btw

well I'd look at job listings in your area to see what certs do hold weight

How good is eJPT? I have no certs until now and I am planning to take up eJPT, Do you have any other recommendations?

did that change? Last I checked, CISSP was 5 years, 4 if the candidate had a 4 year degree or post grad degree in a domain-related field

Sec+ expires in 3 years without continuing education I believe

You can submit any credits you have accumulated and then it will reup

It's a really fun cert, but with 0xD God I don't really think that you'll learn a lot from it. Maybe you'll get more friendly with pivoting. I'd advise you to check the INE free course for eJPT (Penetration Testing Student) and see if you're familiar with the topics.

I am almost done and completed about 80% of the course, and it's not that exciting for me as well but does the cert really help for the HR process? or would you recommend me to takeup something else?

For eJPT?

It's very beginner level

Check what jobs are actually asking for, go for those certs.

Okay will do some research, @quick forum do you have any recommendations?

It 100% varies depending what country you're in

I am from India but I am planning to takeup masters in cybersecurity in USA, so I am getting ready to keep my profile to appear for internships as soon as I got to masters, so now do you have any recommendations for certs which companies there prefer for the initial HR entry?

If you are going to do postgrad in the US, you need to make sure your visa allows you to work outside of academia. otherwise, your student visa could be revoked if you get a job while taking courses

I am on an F1 VISA and my course is a STEM so I can take advantage of job opportunities with OPT.

Check your visa - F1 only allows you to work on campus.

that's true. https://www.uscis.gov/working-in-the-united-states/students-and-exchange-visitors/optional-practical-training-extension-for-stem-students-stem-opt

OPT only applies once you have graduated

Yep thats true.

that's what I meant doing.

@flat sedge where are you from?

not any more people are going for oscp now

I just go by what people have said

nvm bro

Not a bro, I’m not in India, if you say employers are asking for OSCP and not CEH, I believe you

Hi

XD

Hi Guys, just a question about the OSCP, how do you find the pwk course? Is it comprehensive enough for the exam or is it best to do alot of med-hard difficulty boxes on THM and then follow this with the PWK course?

@umbral field I would suggest doing PWK and all of the labs, then following it up with THM and VHL

The PWK gives you technical skills to the level you need. It does not give you methodology, so in that sense, no, I wouldn't recommend going in with only PWK. The extra experience of seeing a wider range of vulnerable machines is also really helpful.

awesome many thanks for the help 🙂

Np 👍

hello guys

im doing computer science engineering, my goal is to work in the field of cyber security

as i just started i dont have more ideas on this

can anyone give a rough road map on this

Hi friend, There's some good content in the pinned messages for this channel. Best of luck!

thanks alot bro

My pleasure

Any one from Australia? Doing masters in cyber security?

Anybody else get sick of getting rejected from Jobs and just go "f*ck it Ill do it a masters"

Because im vibing for that rn

there are a couple things you can do, look at the various jobs you are applying for (do they ask for experience ranges well outside your experience?) and also have someone look at a sanitized version of your resume. Depending where you are, a MS can make it worse (in the US at least). Also the economy is in sort of a buble and some companies are hiring but others are holding off

Im in Scotland

Like, I like the idea of staying in Uni and getting a proper qualification and the unis I'm looking at have good links to employers

Which uni did you do your undergrad in?

Strathclyde

Im still doing it

You Scottish as well?

Ah, so it'll be a more generalised computing degree then?

Aye. Abertay for me though.

Yea, strathy does do a MSc in Security, but you can only do it if you are employed by a specific list of companies

Kind dumb but it is what it is

Irksome.

Abertay is one of the ones im looking at, along with Cally and Edinburgh

I remember being disappointed at their open day that it was only the one module on cyber. Way too offensively minded 😆

Yeah, can't speak for the Abertay MSc but the BSc is great, and the MSc is world renowned

Yea my dissertation supervisor was trying to get me on the MSc but he couldnt 😆

They both are, tbf

Aye, I know somebody who went to Abertay to do the cyber course and she said it was good

First of its kind, and apparently still the best. I can't really confirm that though, not having experienced the others 🤷‍♂️

Aye fair enough

I had a look at the Edinburgh one and its got good accreditation but the tuition is expensive lol

That's Edinburgh for ya 😆
Do SAAS not cover masters?

Oh, of course not. 4 years of study isn't it

5 years of study, but it needs to be undergrad iirc

Worth a shot

But if you do a teaching postgrad thats covered

Aye SAAS is weird cause they'll cover 5 years of UG but not 4 years of UG and one year of PG

That's so strange

Guess it's to give people time to drop out and move courses

You can get a loan I think, but its not paid by the government like undergrad

Shame. But yeah, a teaching pg should do it. It's a shame about the jobs though. The one thing I will say for Abertay is that the networking is awesome.

Yea I'm definitely considering it

check out the open uni

they got a new cyber security degre

not red brick though but still a high standard in the industry

YES!!!!!

WHAT about teeside university Msc Cyber security?

Red bricks don't mean anything just go to a Russel group if you want to flex on people

I know they don’t, just sayin

Does the certificates have any meaning outside US? For example in Europe?

Yes

Thanks.

Im 21 years old and I am graduating with a Bachelor of IT degree. I am from Toronto, Canada. Anybody from there can provide me guidance on which certs people are looking for in that area.

Have a look on linkedin at jobs you want to apply for. See what they're asking for.

In Finland they aren't really a requirement for most roles, like they seem to be in some countries. But they definitely won't hurt you.

@ebon mica Kiitti.

You're welcome, but let's continue in English.

Hello again, i kinda realised that i want to be a privacy consultant\technologist and do nnot know where to even start with that, any tips? (thanks whoever adviced extreme privacy book, i just can not buy physical books right now)

Thycotic has a bunch of e-books and webinars on it

Ooh, thanks for answering!

There's actually a certification for that, called the CDPSE: Certified Data Privacy Solutions Engineer. It's an ISACA certification exam.

thank you very much, sounds cool

How’s the marker in this field and is it difficult?

How’s the career market for this field and is it hard/difficult?

'the marker'? and what field?

career markets depends a lot on location

Hello everyone, this is somewhat offtopic question but can you all help me which university is good for cybersecurity for masters degree?(any country, preferably US, UK, Canada, Singapore) I'm hella confused about university
I eventually want to get a job in pentesting

The Abertay MSc in Ethical Hacking and Cyber Security:
https://www.abertay.ac.uk/course-search/postgraduate-taught/ethical-hacking-and-cyber-security/

Is ejpt a decent cert in Uk ?

I want an on campus university

Why all the UK universities provide 1yr degree for cybersecurity?

That's an MSc

Most masters degrees are one year

If you're after the undergrad BSc then that's four years

My degree is Btech Computer science and engineering

I'm doing my master degree in cybersecurity at University of Twente (Netherlands). I'm not writing this to either recommend this university nor deny it. It is definitely a program where you will NOT learn about "hacking" or pentesting. It has a lot of practical courses but it is mostly around Research (I hope I am not wrong). You will learn a looooot about cryptography and how things work under the hood. Why would you choose some algorithms over others, how can you store data securely, how to write secure code (I also learned Rust, pretty cool). There is a lot of programming and a lot of information but you will not do anything regarding the above mentioned, pentest or "hacking". DM me if you want to know more about courses from the program I am in or anything that you might be interested. Also, a big plus is that everyone here speaks English 😄 I'm not from NL and this was a huge plus for me. Cheers.

a lot of MS degrees in Cyber in the US are really about Cyber management, there are a few technical courses but I had to try hard within my program to get the more technical courses

no

Doesn't really affect your interview..

i disagree

I mean, you can get it doesn't get a recruiter's attention.

it does for entry level positions 🤷

I wanted to go for it but I rather save money for OSCP, still an entry-level cert but it is better than eJPT.

oscp is better yeah, but it's also 4x the price

and probably 4x harder:))

eJPT has some easy tasks and you also have 72hrs to get it.

eJPT helped me out with my job - it also always led to an interesting conversation as well

also the whole 24 hours test thing doesn't cater to people with learning disabilities and isn't terribly realistic/healthy

24 hours ?

isn't it a 72hours exam ?

as far as bang for your buck goes, its really hard to beat the eJPT imo

bruh

im talking about OSCP

oh yeah

oscp is meh

not really easy but not the hardest exam

have you taken it?

OSCP ?

either

I didn't take it, because I am not 21+ to have a job as a pentester in US and if I take it now I would just waste my money in my opinion.

Because in the future, probably it will be more updated

you didn't take OSCP but talking about its difficulty and its value to HR?

yes

do you see the problem here?

@languid hearth also regarding this, you're under 21 right and working as a pentester? or do you do other security stuff?

https://tenor.com/view/yoda-sad-upset-tired-star-wars-gif-15907225

pentesting is also not an entry level role for most places, you could have all the certs in the world but without any real-life experience a lot of places will discount you from security roles if you have no real-world experience
(coming from my chats with recruiters)

correct, i was actually 18 when I started iirc

seeing I had the job for little under a year and a half and my teens are about to end

Aye but we're not all as 1337 as u

step 1. simply be the only one who's willing enough to go hand the ceo of a pentesting company a resume
step 2. he be impressed and send you an email inviting you into the office

thx for the answers, i think im gonna take it as its not that expensive

All certs are an investment, if u get good u can pay them all with bug bounties 😉

Well I`m not sure if bug bounty is for me , is not that easy looking for errors and vulns after already got a pen test 😄

@lilac plume thank you for your detailed msg

a small initial $1,000 investment can turn into millions over a lifetime

I meant “market” & Thanks

i should be millionaire

what am i doing here

not investing in stocks and or not investing in yourself kekw

Stocks are eeeh

Not great if you only buy and never sell and are just worthless papers TBH

It's IMHO just gambling

Stocks are long term investments. Short term buying and selling of stocks is not advisable and shown not to work by Warren Buffet himself

TBH there's always a big risk of loss

That's why I compared it to gambling

On the short term. Long term you will always come out on top

| ||
| I | _

Long term is 25+ years

Something like that

Companies can go bankrupt long-term

Look at eg the bubbles

Dotcom and others

its also kind of important to clarify the difference between stocks and investments

Those were risky investments though. You have to look at the market and do your research. AT&T, Coca-Cola, and Index Funds are good choices

renting is probably one of the best investments you can make

Yeah real estate investing has a good ROI

as long as you've got a stable job with ample income and can afford two mortgages it something happens

Or you can use your first time buyer house loan to purchase a duplex

👀 👀 👀

someones done their research

Then you have the renter cover a majority of the costs

tl:dr work smart, not hard

but yeah, AT&T solid choice, .50c dividends quarterly is nice

i just need to drop all my nonsense yolo buys stock and put it back in AT&T

$30/purchase for $2 gain a year is great no matter how you look at it

3M is another good one

Right now I've got 3M, Tesla, AMC, Nokia, SolarWinds, VTI, SPGM, AGG, and Coca-Cola

Then I have a bunch on my watch list

Lockheed, CAT, some real estate funds, and some bank fund

Tesla is not really that great in the long run AFAIK

AMC and Nokia i bought for the meme and not anything more than that

It seems that it's linked to bitcoin apparently

And eeeehh

And in the long term it will crash

Tesla I have $6 invested into it

Tesla will not gain as much foothold as other tech companies did

Yes, I deem them a tech company

Not really car but also car

I agree that Tesla is a tech company

I don't really believe that they will keep foothold, they will potentially make way for other companies

My crypto even though it's only 5% of my overall portfolio has had a monster ROI

But they won't stay around

Doge to the moon 🚀 🚀

people think tesla and elon

as long as elon is associated with tesla, the stock prices will continue to rise

I agree with that too

Anything connected with elon will do well at least until he retires or passes on

Then it will fall to the merit of the company

is the company work $700+ a share? hell naw, GM is worth what, $50?

granted theres other things that account into the share price

ie supply and demand

I mean was Apple worth $400?

Debatable

I'll give them a maybe because they are one of the top companies on fortune 500

Also true

Ford is one of the largest auto manufacturers and they only have a $6 share

shorting is also another thing to take into account

Yep

tl:dr the economy is one giant game

The people who screw others over and get protection from TD Ameritrade

And politicians

im just curious and wanted to get a reality check, how hard is it to find a job for cybersec/ EH?

There is a shortage of people with skills around the world, if you put in the work it should be possible 🙂

Finding an entry level job is generally tough for most sectors... Generally people get a job in some IT field then get a job in cyber security but not always.

I ended up in a job which says "Security Analyst"after being trained in Cybersecurity . Trust me it's basically endpoint antivirus support.. What I found out in last 6 months is offsec jobs needs skills .. try get a certificate from CompTia atleast

@red palm

would I seem stupid for putting my write ups in an blog that i reference on my cv as my portfolio? For someone yet to have an cybersecurity job i think it can have some value or not?

Having a blog shows you're passionate and spend time to demonstrate what skills you have. Usually stuff like that can turn into a great talking point in an interview so there's value in it for sure

Blogs are great way to showcase your interest, knowledge and projects

What tools are you guys using to do this? To write down the steps you take and, as Zojja said, you show interest. Im currently taking notes in Sublime but I think it would be way better to have some online portfolio to share in your CV

i'm using gitbook and it's very easy and nice to use as a blog :)

Depends on what environment I'm in but I'll use notepad, notepad++, OneNote, Text files from the terminal, Word, etc

Notepad++ or OneNote probably get the most use from me though

I started by using github pages but recently found out about gitbook and they make it easy to import your repository's into gitbook

Whoops thought they meant note taking in general

I run/host my own site

if it comes to note taking in general i have to share my discovery of the week

notable app is great

it supports markdown and idk just works for me

Guys I need your insight about getting certification sec+ combine it with CCNA ,or go to cyber boot camp for 6 months. I am on the job transition, which one has good chance to land on good cyber career ? Thanks

combine it w/ the CCNA

bootcamps are rarely worth it

plus you can learn it all yourself

Thanks

Would VHL be a good stand-in for the labs in sec+?

Really want to get certified in something just don’t know what

@warm hinge no idea about sec+, but given they're a good extension of the labs for OSCP, I would imagine more than enough.

@warm hinge what stage are you at career wise? I would imagine you're based in Scotland?

I am, I work as a cleaner at the moment but would love to learn a new skill to maybe move jobs

So, I would start on something like TryHackMe and aim to go for something like eJPT for the time being. The materials for eJPT are free, and the exam voucher is £200, so it's not breaking the bank. That gives you a bit of a negotiating position / talking point. From there going for something like CRT would cast you in a favourable light for the UK market.

Thanks muiri

The other thing is: network, network, network. Conferences are obviously a bit dead just now, but any chance you get to make contact (or dare I say: friends) with recruiters or people who might be able to spring you a job, go for it.

Np 🙂

I’m considering subscribing to tryhackme

Well worth it, although that may be slightly biased 😄

Only £8 a month

Hi everyone, new here and would like to interact with everyone.

I'm sure i will be welcome 😋

Welcome @winter girder 🙂
I'd suggest dropping into #general for a more enthusiastic response 😄

Thank you @undone shore

are there any good entry blue team certs?

and another question

certs like eJPT have any value if it comes to blue team position?

I wanted to take eJPT in like two months

but i figured it would be much easier to get entry job as SOC analyst or smth

eJPT? Nah, OSCP, yeah.

The theory is that by being an attacker, you know what movement/tools should look like

it's not always the case, though.

If you're 0x6, you'd be able to nail eJPT after studying for 1/2 days easily

alls you need to do to pass the exam is glance at the pivoting content so you know what they expect

So if you'd like to do that for fun, don't stress yourself too much

Comptia CYSA+ or EC-Councils Certified SOC Analyst are 2 good ones for entry level SOC, there aren't a ton of blue team certs outside of SANS or EC-Council

Splunk fundamentals!

What I would take:

• CCNA Cyber Ops
• Splunk Certified Core User (Fund 1, Splunk does their own training on Fund 1 for free, use the PDF they provide like a bible)
• CompTIA Security+

in this particular order?

nope

i was thinking about security+ just to expand my security knowledge in general

bottom up would probably be the best way imo

Sec+ is a good all around beginner cert

alrighty

sec+ it is

I saw a video on youtube that was recent on different certs, I just cant find it right now

there's the whole "Blue Team Level X" certs, but I have no knowledge of those

Just ask the question

That doesn't sound really expert

it also doesn't sound related to cyber-and-careers

Any recommends for sec+ courses ?

Professor Messer, Dion I've heard is pretty good, i'm currently using his udemy practice exams

Thanks,I’ll check it out

I wanna get into, Cyber Threat Intelligence

ain't able to fetch much helpful resources on that,
as well as , what are the career aspects of a Cyber Threat Intelligence Analyst ,
how can I become one?!

@everyone

That’s a bit of a hard question to answer as it is a little bit of a more advanced role compared to others, it really stems from working in a SOC, dealing with CTI, Red teaming etc to get the experience as there aren’t a lot of courses on it besides SANs. In terms of getting into it with no proposal job experiences is minimal but I have seen a few internships for it pop up but you typically have to have connections or a stacked resume to even be considered.

What is the average salary of a senior penetration tester? 116k?

Interesting question, what about junior too?

Are you talking £?

@sick crystal USD

it depends a lot on a number of factors... there are regional salary differences and also someone who owns their own business can make $$ if they are able to market their services vs working for a company

I would expect that if you are a senior anything in cyber security, you would be making over $100k... perhaps well over $100k... if you are a junior in cyber secrity, you are most likely making under $100k but not by much

Recently, i got a interview question that what is my salary expectation as a senior penetration tester.

I'm a senior in cyber security but not in penetration testing... my 'guess' would be $130k to $150k

They need skills of Exploit dev, Vulnerability Research, Knowledge of windows kernel-c/c+, python, web+host+network pentesting skills etc

that range would still stand, if you have multiple years of experience in those areas or in a super $$$ area, then it could be above that range

ah...

Not sure what kind of exploit dev skills they want... They are not so clear at it. Exploit dev is not a small thing. I think An experienced exploit developer alone can make more than 150k yearly.

sure

ranges are all generic... but like you could be a senior exploit developer with 5-7 years of experience... or a senior with 10-15... like what do they consider senior, and what do they really want

Job description, 5+ years info security experience, 3+ years in pentesting, exploit dev, vulnerability research, and fuzzing. Most of the requirement i see they are asking about low level skills windows such as kernel and debugging.

that isn't a lot so I would be surprised if that is $150k or more

@pseudo creek Do you think asking for 150k is fair?

but if it is NYC or Silicon valley then that would be different

no reason not to ask if you think that is a fair salary

Ok

It's totally fair in that case to ask what they have budgeted for the position

It's also fair to ask for whatever you want. Only caveat I'd put on that is be ready for either negotiation or to walk.

They often want to have you give a number. And if you give them one, they have the initiative.

When do you guys think a person should start studying for Sec+?

I'm planning to do it later on, but I'm just not sure when lol

To put it in further detail, would studying for it after finishing both the beginner and offensive path be good enough foundation?

nvm im pretty sure i should do A+, Network+ then Sec+

What is your goal?

Like end goal?

End goal in terms of certs or what I'd like to do in the future?

Job at the end of it

Because I'd recommend choosing certs based on what they ask for

Well, from where I'm from it's always preferable to start a business, so I'm going with that

But if I can't do that due to some reason, I'd go with being a CISO as an end goal

Long road ahead of me, I know

A+, NET+, and SEC+ are good foundational certs, but depending on your current skill level they may be easy, some companies do ask for them but there are other stronger certs that you can fill in for them

I see, well tbh I don't mind taking the easy certs and doing foundational stuff. More knowledge in the end :)

But yeah, I think if I had to choose a job as an end goal I'd go with CISO

you might want to make a career-map on how to get there and fill in different certs that would help get there as there a several that could fit and I think there are a few designed for cyber sec management

Yeah, I found some that lead to senior management

I would need CISSP & CASP+, CISM

I wouldn't answer that personally. I would politely return with asking what they have allocated for the role. If they continue to push I would give them a range of "between 40-160k"

Or "I have not really thought of a number, I'm more interested in what the role is like"

That was the step I forgot

That would come before the massive range

I wouldn't ever give them something that you wouldn't take

in Australia we have seek.com.au and when employers upload a new role they can specify salary ranges, if they hide it you can kind of change sliders of what "you" are looking for until the job stops showing up

fascinating

so you could get a good grasp of how much certain types of roles are paying

I don't know if other employment websites are similar and its not our only one but it's widely used

I'd personally go into an interview with a salary expectation and not worry too much about what the company has allocated for it I guess but I feel asking about that would be awkward

honestly, you know your skills, you know what you get paid now (unless its your first IT job, which makes it tough but original question was about senior position) and you can use salary sites to kind of gauge

indeed, I agree with that

and there is always room for negotiation

If there isn't, then you probably don't want the position.

I've heard of negotiations going like "take it or leave it". And yes, in software.

they will sometimes especially if they have other applicants

Okay last time I ask cert questions I swear lol

I have a friend who got the CySA+ instead of the Sec+ first, was curious if the CySA has more opportunities since it’s the more advanced one? Thanks

I think Sec+ is more well known

Sec+ is more widely known but a lot of organisations that recognise/value CompTIA certs will be aware of the CySA+, Pentest+ etc

There are some recruiters whose application selection algorithm looks for specific wording or certifications though as part of their elimination process.

It depends... if a job listing has Sec+ but not Cysa+, you may never get passed the HR recruiter

I was typing as you were 🙂

Yeah it really does depend. bu you also have to decide if you want to work for a company that overlooks a more detailed cert. If a company isn't doing its homework in the field you want to work in, they might not be worth pursuing

And of course it can be hard to get past the recruitment stage because of cert requirements but a lot of orgs only want to know what you know if you're looking to apply with an entry level or slightly higher cert.

A lot of places will ask if you have a particular CompTIA cert but if you have a better one that won't be overlooked by a company who pays attention.

It is important to have a lot of the skills and certs an organisation looks for but a lot of the time one can be exchanged for another and they won't only have a specific cert as a qualifying need, unless it's the US DoD or another one with documented certification requirements

Go and get the cert you want for the job you want and what the recruiters are asking for. But state what skills you have as well. That's what they really want you to demonstrate

So I’m not familiar with either cert but looking at sec+, it says it covers the fundamentals and one thing I find from some entry level security people is they don’t understand the fundamentals so I can see why someone would make sec+ a requirement

But sure follow the cert you want but Sec+ is an easy HR checkbox

Yeah that's certainly true. A lot of jobs have it specified. And that alone might be a good enough reason to get it. The point of a cert is to give you a shot at getting on the interview list.

hello everyone

👋

Hey how hard is it to get into an entry level SOC with just an oscp?( I'm coming from medical science academic field.)

should be fairly easy with oscp

Thanks What's the starting salary typically for entry SOC? (In US)@static tide

unsure in the us i'm sorry, i'm in the uk

Ahh kk

Wondering if 80k is doable with no work experienve

my comment was also based on the uk market but i assume anywhere will love an oscp joining as an entry level soc analyst

acording to payscale entry level soc analyst makes $81.351

Thanks

Is it difficult to get into entry-level pentesting with OSCP?

Depends where you are etc

Let's say I lived in a city that is considered a tech hub

Ok, but country matters

In the UK, job listings tend to be OSCP && (Batchelors Degree || Experience)

CRT (or CHECK status) is apparently more common UK wise. Not really looked yet -- got offered the job I'm currently in.

This massively comes down to whether you can stand out as an individual by showing a passion alongside it.

It can be difficult to get into pentesting with the oscp

If you have a blog to post individual research, write ups or any other tech related stuff it can do wonders

Hm, okay. I think I may know what to do

It also comes down to country. As muirland said a lot of recruiters in the uk will ask for crt or equivalent. Though a lot of private companies don’t tend to look for it as much

depends what area you are in but with a college degree, yes its possible in certain areas, $70-$80k

I wonder if its different than in seattle

America is fairly different. Oscp is a solid start but depending on whether the job is government or private it can change quite a bit

there was someone in the infosec prep discord that had OSCP and bachelors and had a heck of a time getting any job.. they ended up getting one through discord

so network, network, network

Tbh certs and qualifications don’t land the job, the person does

So networking is massive

have a profile on LinkedIn, stay in tune with cyber security discords

Okay

also realize that like penetration testing jobs are like 1% of the possible cyber security jobs out there

Thank you

@pseudo creek thanks I have a PhD in immunology. So I have technical writing experience but no cyber work experience

Were they applying exclusively red team?

Everywhere

If you're open to working in the government they are always hiring. It can also be a good foot in the door to a clearance which further solidifies your hireability

Was it recent? Could the reason be because covid drying up the job market temporarily?

@stoic cave I've been looking at those job reqs. All of them say that prior clearance is required. Is that just some clerical/administrative thing they put on the listing?

I was in the hunt last year from May to August and it was pretty rough. I had just graduated with a degree in Cyber Security and Information Assurance with a digital forensics specific certification and I had to open my scope wide. I also had to heavily network with fellow alumni

That depends and there isn't really any guidance on it

So typical government lol

Some jobs will allow you to get your clearance but others will not consider without it

Gotcha thanks

Yeah if you're not on Clearancejobs I would get on it. LinkedIn is also heavily used by gov and gov adjacent

I would also advise, as others have above, the cyber field is very wide and isnt just pentesting. Those companies that do pentesting are looking for people who come from all different sectors of the industry to make their teams balanced. I think in only two recruiters/hiring managers/alumni that I had conversations with were looking for people with no prior experience somewhere else in the industry. One was at INL and the other was with the DON

also it helps to build your skill set in general, I got my first cyber job because I had networking experience along with shell scripting knowledge

I'm in security but right now, most of my studies are focused on cloud stuff

Yeah currently I've used everything from my degree including what I learned in English class lol

Is it alright to skip A+ / Net+ and study for Sec+?

sure, many orgs will want networking knowledge, so be sure to be knowledgeable in that area even without a cert

True

Not rlly looking for a job though, just doing it for the cert lol

Absolutely if you want to go solely towards cyber. If you want to do Network or endpoint security then those certs may be useful

@glad cipher Yeah im just trying to go solely towards Cyber. I'm thinking of going over past exams/concepts before actually studying for it in the future.

A+ and NET+ provide network and systems fundamentals, iirc, if you are comfortable with those 2 areas no reason to take them unless they are requirement for a company (usually gov though)

I recommend reading this https://github.com/ED-209-MK7/5pillars/blob/master/5-Pillars.md

Basically, Networking is a key component for cybersecurity... when we are hiring security engineers, although we don't do network security (per se), networking is a key concept we look for in security engineers

I'm more focused on cloud security and networking is also a weakness I see in people trying to get into cloud security

Second that. Ingress/Egress into cloud environments is one of the most misunderstood concepts I see with VPC management

Cloud security is huge and growing at fast rate

yes, its awesome

Looks interesting, I'll definitely read into that. But yeah, I'm not looking to get hired or anything. Just want to get certs in the future lool

for what purpose? just because?

Well, not exactly. For now I wouldn't want a job since im already in uni, but I definitely want to do something in the cyber field after I graduate. I just think it would be time efficient to start things before I graduate

honestly I wouldn't recommend getting certs if you're just trying to learn, they kind of encourage a bad way of learning which is just cramming their often esoteric and non-practical objectives

yeah that is true

Ofc

but I would recommend building a strong network foundation if you eventually want to go into cyber

There is also the risk of hte certs expiring before you enter the job market, depending on how far along your degree program you are

Oh definitely.

3 years for a renewal is laughable - goes so quick

Its alright if I took my time, but I don't want to take my time too much if that makes any sense

IaC is also a huge area I'm seeing right now, with both network and system infra

Yeah, I need to build that up first.

Learning Ansible or Terraform is a big resume boost from what I'm seeing with clients

but def check out exam/course learning objectives - they are usually posted for free and are often drafted by professionals

I'm loving Terraform

Also eJPT's training material is nice and free for a foundation. You don't have to do the exam.

PI is so much easier to deal with in a lot of ways

Isn't it from INE? Or something like that? I tried checking it out the other day and it told me I had to get a subscription in order to access it

Yeah, and the PTS content should be free

Got any personal recommendations on where I can build on that?

Net+ or CCNA is the common starting point. I learn better by misconfiguring and troubleshooting, so I got some used cisco gear for cheap when I was starting

Sounds good

I'd for sure need better networking skills

Then went through a lot of CCNA study materials.

But before all that, I need to level up a bit first haha

uhm hi
I have a question
for a person with lets say average or below average programming knowledge(beginner basically)
how do you get into cyber security
cause im really confused and the things I read constantly contradict each other

You don't need programming to get into a cyber sec job

It depends what role you're looking for in cyber sec

Cybersecurity is a pretty diverse field, its not rlly about programming so don't worry about that. But I heard it would come in handy in the future

uhm lets say the pentesting field

Programming and hacking are loosely related, but not the same thing.

ooh

You'll probably do a little bit of scripting, but really not much programming.

There is a path in THM called the Complete Beginner path, you should check it out :)

thm ?

TryHackMe

Paths are a great way to keep you on track of things. If you don't have a subscription though, there's a free path for beginners as well :)

ooh okay

but do you have some tips on starting out

ooh

That said, many don't.

There are entry level roles, things like junior SOC roles that people often go into out of uni.

Subscribe with free THM and if it’s for you, pay $10/month is sooooo worth it

hold on what path specialises in the "breaking into systems" aspect of cyber sec

Offensive Pentesting

But you'll want to get a grounding in the basics first

thanks

I second that. Basic basic & network

ayt

CompTIA will start beta-testing v2 of their Pentest+ (DoD Approved) certification exam in a few days!

For $50 you get a sneak preview at a brand new pen-testing exam, plus if you pass the exam you get a valid certification (which normally rings in at $350).

Sign-up starts April 13th, via PearsonVue. You can find all details here:

-> http://comptia.org/certifications/pentest

Interesting. For that cheap, I might try it just to see, although I doubt I could pass it. Can anyone comment on the difficulty of it or good study methods/materials?

Anybody here using both plural sight and ine before? If so can you give me your opinion which one is better prepare for job? 🙏

For cyber sec, INE is better path

I really want to pursue a cybersecurity job for the government in the future. There is a uni course for cybersecurity that guarantees me a cybersecurity job after completing the course. But there is also a computer science course that is quite popular and I feel like computer science will teach me more, so I need a bit of insight.... Sorry if this is a dumb question

i wanna know how to hack

then i will hack microsoft

@compact shore Just a warning. We will not tolerate unethical and/or illegal hacking here.

Welp they left

Maybe they were a bug hunter

Smh my head.

well what do you mean they will guarantee a job? I mean its up to you, guaranteeing a job can be enticing but I've never seen any program that will guarantee a job unless it is military enrollment

oh, yeah, not like work but "12 weeks of professionally recognised, paid work experience in the Department of Defence", which does sound enticing.... But it sounds like a good opportunity for experience

I guess maybe computer science will benefit me more then in the long run...

well its an internship then which is something everyone should do, but I would look at both programs and see what you like more

ok, that's fair

I'm just scared that my ATAR won't be high enough for computer science smh

thank you for your advice

Pluralsight is free for the month of April so you could try it out yourself if you wanted

One semester of computer science won't teach you a whole lot. The internship would probably be more valuable. Really depends on what the courses are teaching and what the internship would be

I figured they were talking about a course being a major... I might be wrong

Ah. Yeah, if 'course' meant a 4-year major, then that's a different story entirely

ahh yeah, sorry, I meant 3-year major

What you guys recommend doing to get better at offensive pentesting?

What I am doing right now:
Doing boxes/labs on thm and hackthebox
trying to learn php/python3 (which is pain)

I would like a more reliable path, but there are so many options

hey guys

what you recommend to start in cybersecurity

start off by doing the most difficult box you can find and realize that u have too much to learn

I feel like that's not a good way

ctfs or certs? which will make you good at pentesting and ethical hacking?

They're not mutually exclusive.

Ohh

Hello guys,
Could anyone tell me how could I learn Hacking by using Kali_Linux?

hello :) give #start-here a read to get a better understanding of how tryhackme helps with exactly that :)

Ok thx

Hey guys can anybody tell me what path should i follow for an entry level job in cybersecurity in India. I am currently in the third year of my Engineering .

can anyone please help me

i am so tired of this

my computers and phones have been hacked

anyone

it depends on what you want to do

Go to your local police, that's all we will help you with here.

i already did that

i figured this would be useless. no one gives a fuck

We're an ethical hacking forum, we can only advise what its best you do, which is going to your local police. This isn't the place to discuss such things. This channel is for cyber security career advice.

No, we just can't break the law 🤷‍♂️

hey

would a diploma of networking or software development be most helpful in cyber sec area?

pentesting mostly

I had an interview for an it security job for a bank yesterday and I have my 2nd interview on Friday.
I asked a few questions about the work environment like what’s the retention, is this role a new role or am I replacing anyone, is there travel, is it remote.

But they kept saying “do you have any more questions for us?” As if they’re hinting on me to ask something specific. Or maybe I’m just looking too deep into it.

What kind of questions would you ask if you had your first IT security job role so I can ask those in my second interview

you are probably looking too deep into it

but also a good question is "what is a day in the life of someone in this position?"

Yeah sounds like common courtesy

Depends... I would look at job listings in your area and see what they are asking for

you could ask about the culture of the company, if they offer compensation for continuing education/skills

a good one that usually opens up some conversation is "what challenges have you faced because of covid and how were they handled?"

but yeah for every interview we do, we make sure the candidate doesn't have any additional questions before we sign off

I haven’t had an interview for like 3 years so I felt rusty lol

most of the advice i've heard is that you should try to ask the interviewer a meaningful question - but yeah probably not a big deal if you genuinely don't have a question it's just a conventional thing

Similar to what Droogy suggested, I usually ask something like "what are some of the biggest challenges you've faced here", and mention that I don't just mean technical- could be management, political, people, whatever

the way they answer that usually says a lot

ahh ok

or even something like "what challenges do you find with remote work?" if iti s a remote job

Ty yall

Alrighty I got signed up for a Network+ boot camp in May and a Security+ one in July thanks for the tips again guys

good luck

Good luck!

Hey guys can you suggest free/paid online courses for network+ a+ security+ certs as they will be beneficial for me to make my base strong in os and networking

professor messer on youtube has courses for all three of those

if you have the money, cbtnuggets are my favourite for certification training and they have a course for each of those too

For anyone who has done the pentest+, I'd love to hear your thoughts on the exam (format, what you did to prepare for it, difficulty, things to study/watch out for, etc.). I'm considering doing the new beta exam, since the cost is currently so low, but I'm not sure if I could adequately prepare in time.

We have until June to prepare, I'm taking the challenge

Have you done any other comp tia certs?

how much is the beta?

might do it just for the sake of trying

I heard $50 earlier

Yeah, I think that's correct. https://www.comptia.org/certifications/pentest

For $50, I'll take a gamble on it, even if just to see what it's like. But I'd like to actually prepare for it. I've got about 60-70% of the THM pentest+ path done (lots of overlap with the beginner path), and I might have some udemy courses I bought a while back as well, but would like to hear thoughts from people who have taken it and/or know a bit about it

Is pentest+ the one you can do in a week or is that eJPT?

eJPT is 3 days

PT+ is 165 minutes

Personally I just pushed my Sec+ exam back to the 8th of May. I was supposed to take it this weekend

I believe it's eCPPT, that's 7 days

Because I was a dummy and forgot when I was taking it and didn't read GCGA

I pushed out my OSCP indefinitely but thinking of scheduling as-104 for early May

Yeah im taking OSCP in December probably

I think 7 months of study is good right?

Zojja (or anyone)- I'd also be interested in thoughts on the CEH

Allegedly a meme but gets you in the door in the US specifically

So 🤷‍♂️

It satisfies government requirements if that's of interest

Say I don't care at all about getting in the door or career advancement, just knowledge

All my security focused learning is (for now and the foreseeable future) just to augment my "day job" and for fun, not for a career pivot to security. That may come in a few years, but I'm nowhere near ready for that now and won't be any time soon.

Oh for knowledge, I wouldn’t do CEH

Honestly, I’d just stick with TryHackMe

so waste of time other than as a resume padding/checking off the HR filter?

Yeah

CEH is a waste of time if anyone with knowledge is reading your resume

Well it depends on your goal

exception being DoD I think

IIRC there is a checkbox on the DoD stuff that CEH can tick off

DoD is an understatement... any company that does work for the US government has certain certification requirements to meet

CEH helps meet those

But so do other certs

If an org needs it for a checkbox, fine. But doesn't it fill the same box as Sec+, PenTest+, and CISSP? Only reason to get it seems to be to schedule someone out of role

But it won’t teach you hacking, even as a meme cert, my company has CEH classes to help people get the cert

so what does it cover, if not anything practical?

CISSP requires experience, Pentest+ is new to the list, Sec+ is a favorite in many circles especially direct contract roles

yeah, my plan was to do net+ and sec+ first just as a foundation, along with CEH, and then build on those

but with pen+ being so cheap, I might just give that a shot

It’s ethical hacking but some of the stuff they get wrong and up until recently, it was a multiple choice exam

Experience for CISSP is true, assc of ISC isn't counted at all?

The associate is also newer, I’m not sure by how much

It wasn’t around when I took my CISSP

I was an associate for 2 years, the test is the same

To uplevel from associate to full CISSP just requires time + another CISSP to vouch for the candidate

Yeah but again it’s a new offering... we have ton of CISSPs in my company but I heard about the associate in the last few months on discord

Ah. The CISSP exam also changed drastically I think 5 years ago? something like that. No more questions about expected lifetime of outdoor security lightbulbs in Alaska.

42

I didn’t get those... just TEMPEST

I don't remember TEMPEST

@pseudo creek you happen to know what counts as experience for CISSP?

Like, does THM content dev count?

And a lot of questions that really only applies to gov environments

work in IT, you can count off 1 year from requirements with an undergrad degree in some IT related field of study

Needs to be 2 of the 8 domains

Wonderful. Reckon my other work probably does, so it'll only be three years out of uni before it's an option 🤷‍♂️

You could still take the test

You have to have something like 20+ hours per week for a full year for it to count towards time in industry

part time work may not count

You, uh, know I'm famous for getting out of bed, working, going to sleep, right? I'm a workaholic 😆

That said, CISSP isn't one of the ones that hugely interests me just now. I just like having options.

For example, I couldn't count 1 of my years as a private CompSci tutor, because the hours just weren't there. 50+ hours per week for 5 weeks a year with <10hrs/week the remaining time wasn't enough

If you want to bridge between business needs and IT groups, CISSP is a good one to have

There is a huge difference in understanding of 'proper security'

Reckon I have a few more years of "I just wanna break stuff" to go before hitting that point 😆

Honestly, CISSP helped me a lot to categorize what kind of broken stuff should be fixed, what can be fixed, and what is going to be impossible to get fixed

Worth doing then?

If you want a holistic picture of the landscape, yeah

It's also a soft requirement to jump from jr analyst type roles to team leader or management

it's a 5" deep view of the 8 ISC categorized domains from 1km up. You won't be seeing the end of the mineshaft, but you can see all the silos

Given I've so far been focussing on the nitty-gritty technical stuff, that could be useful

It's helpful to explain to business folks why you want $1m to spend on new firewalls... and to explain to the network team why they need to ditch the 20 year old cisco stuff

I usually call CISSP the lead cert (lead engineer, lead analyst), a bridge to manager role, which could be typified with a cert like CISM. But also probably senior roles and architect roles, etc..

You can thank my professor for those questions lol

Got sidetracked but he apparently wrote the initial CISSP exam

CISSP is managerial and strategic to be able to govern the overall information security posture for an organization. It touches basically everything within information security but nothing in depth. IMHO it has no real added value if your day to day consists of operational technical security tasks and responsibilities.

sure it does, CISSP covers the basics of cybersecurity, which anyone in cybersecurity should know

I think one of the biggest skills you can have in security is trying to show other people why it matters. If you can talk about risks, vulnerabilities, threats then you can intelligently talk to people why something is 'bad' vs telling them they ned to do something due to corporate policy or just saying 'this is bad'. Too many people really don't have the foundational knowledge of cyber security and it can create an adversarial relationship with those that you are trying to protect. When you are starting out, sure you don't exactly need to know it but once you get to the part where you may be giving presentations, may be interfacing with people outside your team, its a good thing to have.

Yes it does but more from a strategic and tactical perspective. I agree everybody certainly in the security field should have foundational basic information security knowledge but I think there are others beside CISSP that one could pursue to fill that void. Not everybody talks to the business 😉

Until june to buy the beta cert, or you have to buy it now but you can schedule it as late as june? Where'd you find that date?

I dunno, I took the CISSP and don’t really feel there was anything strategic about it. I will say it opens a lot of doors in the US and I wouldn’t ignore it

Schedule as late as

I'm buying it today after work

$50 for a stab at the test is pretty solid

Only bad part is we don't get Results until October

I would because there is a limited amount of registrations

I don't really need it for my work at all, but it would be nice to just have

Oh for sure. I am studying for my OSCP but having another cert and especially for only $50 is fantastic

Yep, or at least the experience of taking the cert, the timeframe is a bit rough for me because I take classes/work M-F 0630-1600 until June 29 but for $50 I'll study for it

It took me about 2-3 weeks to prepare for Sec +

Thanks Jake I also got to know about these resources from the cyber mentor YT channel

@glad cipher any recommendations where the best resources/ teacher/book for study OSCP ? Thanks

I'm thinking of completing A+ Network+ and sec+ from professor Messer and then move on towards Linux and then to pentesting and thm htb how does that sound? @static tide

And how much time do you think it will take approx?

sounds good to me, there's lots of rooms on thm that can assist in those certifications too, so you don't need to wait until they're complete to start on thm :)

I just reserved my pentest+ for mid June. Hard to pass up at that price. I didn't see anywhere that they wouldn't be releasing results until October, though. Hopefully it ends up being sooner than that. 🤞

Just booked Pentest+ for mid-June too, good luck to everyone! we might be able to get a study group together, i reckon you probably only need like a month or so of studying to prepare

I'd definitely be up for a study group. Right now my plan is to finish the beginner and pentest+ THM paths, along with some udemy courses I picked up. beyond that, not sure yet.

Hmm I might join yall

Hey guys whats up, I am trying to get the OSCP cert. Relatively new to cyber, how relevant is the event advent of cyber 2. Will that help me align with OSCP per? is there anything I can take from that course.
any information regarding this will help me

I need to seriously study for sec+ though. I am procrastinating too much

hahah same issue. Take it as a challenge, throwing away my masters in cyber into trash unfortunately industry is more interested in certs.

If i go back for a masters it will probably be in a completely different field. Maybe ICS Engineering

I've also scheduled a Pentest+ exam for mid-June and would definitely be open to joining y'all in a study group

Yeah this path was suggested by a friend..
I did start beginner course on thm it was fun learning hands on but it's 1 HR/day 😭 atm I can't afford to get a sub I'll have to rely on free sources..xD so professor Messer is the way to go ig

you can have your own virtual machine that will allow you to access most of the sites content for more than an hour a day

just bought my pentest+ for end of June.

Anybody in here a security engineer/analyst? If so would you say pen testing and analysts share some skill sets? I’m having a hard time choosing between the two.

I've noticed from my experience and I'm neither one of those, the security analyst usually has some "pentesting or hacking experience" at the minimal their mentality. If you know how you would break in you know how to stop it.

When I learned defensive measures I was first taught how to break in.

They do, you cant defend something if you don’t know how it gets broken 🙂

You also need to understand the process to break it to make a plan to improve defence

If you only know “ they are root now “ and you dont understand the process you cant do sh*t

Hi guys i have good basics knowledge of networking, so where should it starting pentester carrear?