#cyber-and-careers

yeah, we had the very expensive support plan

lots of zeros involved

yup

like multiple senior AWS people on site or on call for us all the time. Same for MS, probably way more $ their way actually, just lower quality of support

yeah we have a ton of AWS people assigned to us, I've only been on a few calls with the Azure people

how does the azure cert you're doing now compare to SA-A or D-A for aws?

(am I remembering right that those are the aws certs you did?)

it is closer to SysOps

I studied a little of SysOps but then was like screw it, I don't need another AWS cert right now

but I think its hard, there is so much to remember, seems harder than the AWS content

hm

What was your study/prep process for them?

A Cloud Guru? Books? Just playing around with the services?

ACG/LinuxAcademy (when they were seperate)

and obviously using the services

I'm actually in an Az-104 class this week

Yeah, I felt ACG did a decent job of prepping me

plus actual usage, obviously

and some practice exams from udemy or tutorialsdojo

I really liked when they were seperate... I found ACG prepped you more for the exam, Linux Academy prepped you for usage

hm. I hadn't used LA much. Had an acct there but didn't use it hardly

LA is where I had my account, ACG, I bought from Udemy

I'm grandfathered in at the $150/year price so I just hold onto it

I was studying for the aws security specialty, but decided not to get it, start of pandemic, things closed, exam repayment changed at my employer. But the content was underhwelming

yeah I just had no interest, I do have an interest in the AWS networking

oh nice, 150/yr is cheap. Now it's like 50/month. I don't pay for it anymore

but I may do the AWS DevOps

I kinda want that, and I kinda want to never ever get it

after I get a few Azure certs

I get so many recruiters contacting me for devops, but I don't want to do JUST that

nah its just so I have a better understanding

oh got a recruiter notification in my target city today... was totally AWS DevOps with a side of security...

I was like hmm you haven't read my LinkedIn have you?

do they ever?

nah

i get so much recruiter spam. Most of it is garbage/not interesting

I just like reading the recruitment messages, AWS has been recruiting heavily, so has Salesforce

In the last year, I've started to notice a transition from companies heavily looking for aws certs to looking for more azure and gcp experience

used to be aws was the only thing I got contacted for, but that's definitely changed

because I live in the DC area, I tend to see a lot more Azure recruitment than AWS, now I'm getting more AWS recently

well, that jedi program/lawsuit is still being worked through the courts

yeah

but there are plenty of other contracts/subcontracts that are not related to that, that can play with whichever cloud they want

but the recruiters have been Azure heavy for a while and I only have a slight mention of Azure on my profile

interesting

yeah, kinda similar for me

but I've also noticed a definite uptick in gcp recently

(which I know nothing about)

I get none of that, but I don't have any interest in GCP

neither do I really

my aunt said her company (amusement park) uses GCP

I've never used it. But people contact me for jobs that "we prefer gcp experience, but since we can't get it, you'll have to suffice" kinda

My tentative plan for now is to try for the pen+ in june, then maybe? do aws security, then either aws networking, or azure, or net+/sec+

right now, I'm Az-104, then maybe Az-500, then swing back to AWS DevOps, then Azure Devops

I love Cloudacademy, I've had training from QA before and it's so good 😄

I've never even heard of CloudAcademy, I don't think

https://cloudacademy.com/

I think our company had a trial of it a few years ago and I didn't like it as much

I'm definitely curious to hear what your thoughts/experiences are as you go

but like you said ACG is $$$ now

yeah. At the time, my company paid for it, so... 🤷‍♂️

but before I left, I did download all the videos to like 20 classes 🙂

Thanks for your feedback! 👍 I am pulled towards Azure as already as my friend did the course as last year so I can borrow his material and he can give me pointers. Once done, I can return for Azure before going after the beast that is CCSP!

guys does anyone know will knowing technical side of cybersecurity help me as a lawyer maybe to work in this industry? any thoughts or experience would be much of a help cheers

I would focus on knowing the technical side of the cyber laws would serve you best but am no lawyer ...

https://www.collegedekho.com/careers/cyber-lawyer

the various tests have changed so quickly, I'd just be cautious of using past materials, but there are a lot of good materials online depending on what exam you are going for.

what is your goal overall? Obviously there is the IP side of law but is that your goal? or is it something else? I've known quite a few past lawyers who went to cyber but didn't practice law and vice versa, cyber people who went to law school to focus on information protection laws.

ey yea well my mainly goal is to focus on data privacy and knowing more about laws that regulates data protection and cybersecurity like GDPR NIST Framework HIPAA and such. And i just saw a job post like IT risk associate i gues that one is the closest i would like to work, the requirements are knowing both technical side of infosec and laws? Any thoughts on this ? thanks for reply cheers

Gave +1 Rep to @pseudo creek

Ey thanks, really cool site i will check it out definetly

This is my ultimate goal, going cyber to law. Have people you know been generally successful? Do they practice law or do more like think tanks or policy?

There are a lot of jobs regarding regulations, you don't need to be a lawyer but it doesn't hurt. IT privacy, IT regulations, GRC are generally job descriptions/titles you might see

Well businesses definitely aware of IP laws, although many of them are toward patent law. you don't need to be a lawyer if you are considering the policy aspects, again it doesn't hurt but its not a requirement

Yeah I agree. You dont need to be a lawyer to work in policy. However, if you if you want to affect change in current computing law or defend people from overbearing entities a law degree would be needed

I had a Cyber Law course and business law course as degree requirements and they were pretty interesting

Cyber Law though mainly focused on the overreach of the government and the 4th amendment and how it applies to the cyber domain

Cyber law can vary including international law where you are trying to ensure compliance with various laws, companies definitely need lawyers but there is also general compliance which is the aspect where a law degree isn’t required. I’d probably look at actual law degrees/law school info on what they mention.

I basically just want to do everything...😑

I appreciate the responses!

Don’t we all

LinkedIn: company x is looking for: Cyber Security

Me: "well isn't that specific"

Hahah yea cybersecurity is pretty broad field

If you actually click into the posting it's extremely specific

What is it about ? Pentesting or

Looks like a 1099 for Cyber Security Threat Engineer

With "supplemental duties"

I dug into that job in my target city (found the company and job listings). Job actually looked interesting but it was gcp and azure. It’s also a much smaller company that I’m in now which has pluses and minuses

You saw that listing? Company start with a C?

Chuck's Chicken Shack?

close

Nah it is called Dexcom

ahh different company then

if you're in the DMV though youve probably seen the listing

Yeah this was one a recruiter messaged me about today

It was actually what I do... so kudos to recruiter

lol

Usually they are so far off, it’s funny

I got a message for a Line cook position about a month ago

Well not that far off

ehh it was semi close

within three jobs ago

I recently got one looking for a mechanical engineer. Nowhere near my field.

"you're a great fit!"

Oh yeah Ive gotten those

Or a machinist

I got a fun one for 'we think you'd be a great fit for our front end developer position' - my current LinkedIn skills are 90% CI/CD, don't know they managed to fit that into an angular.js jr position

you gotta wonder how broad of a search they do to get those hits

Oh I get those all the time

that and "full stack" (i.e. we don't really know what we want/need, can you just do it all?)

I actually messaged back and was like "bro, I can barely change the brakes off my car and have used industrial tools once"

'oh you know c++? and have done some embedded systems work? we think you'd be great at UI/UX'

yep I have C++ on linkedin and get those too

Most recruiters are like one step up the educational ladder from fast food fry cook / barrista

and sadly, most of those people working those low paying jobs have expensive degrees that are relatively useless

My favorite one recent one was a Linux admin... I was like well that’s interesting

I have a love hate with linux

Not sure what part of my info would scream Linux admin

my Gnome decided it didnt want to be a Gnome anymore

It paid well at $170k but no

Is this related to your earlier RHEL7 problems you were posting about here, Moose?

so now I can't use userlevel 5 anymore

same system yeah

Depending on area, that's a low offer

ive got it narrowed down to rngd

but the machine doesnt have a tmp device

Reading between the lines, it was a contractor at NSA

But like our Linux admins don’t get paid that much

... /tmp isn't a required device?

Yeah, that's a lot for just a linux admin, but that's also an expensive area to live, I've heard

whoops TPM

like the security device

Last time I switched jobs, I could've made about 70k more than the job I ended up taking- I'd rather have good people than more $

It has some cheaper areas, NSA is commutable from some cheaper, more rural areas

I tried to have it sit over the weekend to see if it could pull itself together but 🤷‍♂️

it fails Certmonger in the boot

I rather have flexibility that more pay but I can’t complain about my pay

$170k in DC?

In MD

or Meade?

Meade

thats a lot lol

I wish I made $170k

if the lappy doesn't have a TPM, you can try a luks encryption instead.

You’ll get there

oh also rngd says it doesnt have any entropy if that means anything to you

there is no source which I thought was odd

If it doesn't have any entropy, it's not generating any random numbers

right

more entropy == more randomness

and when I tried to set a source it just went "nah bro"

not enough entropy

that and hwrandom didnt exist in whatever directory /random is in

It's been interesting to me how salaries have changed in the last year, with more west coast companies hiring more remote workers

Is anyone here living off of bug bounties? How realistic is something like that?

Not very unless you spend lots of time and live in a country with a very low cost of living

I'm not, I am not that skilled yet to even try doing them.

But yeah, what she said is what I've heard from a lot of people

It’s extremely rare to make a decent living... so rare that it makes news when it happens

I'd be happy with $50k a year

That’s be difficult

Sad

It is a side hustle/learning experience for most people

It's like actors in hollywood- a few people make big bucks. The rest wait tables and struggle to make rent

Another reason is that if you have the skill set to earn a lot from bug bounties, there's a decent chance you probably also have the skill set to get a job at a tech company. And getting a guaranteed salary is more reliable as an adult

(again- I can't speak from experience, just relaying what others have said)

And what you don’t see is the years of work where people spent thousands of hours getting paid nothing or next to nothing

there are also those with the skill who sell to gray market or black market :/

True, but you have to deal with employers, office politics, etc. That's outwheighs it in the negative direction for me

That's fair! One option to split the difference: You could also work as a contractor and do bug bounties in downtime between contracts

Being happy at work isn't really about being happy. It's finding a workplace that is broken in acceptable ways.

But say you spent 40 hours to get a bounty that pays $500, company says thanks but someone already reported it

Tough, but the contractor option sounds good once I get some bounties under my belt.

some contractors/consulting companies can pay quite well

20-25k/month

Yup

Being a contractor introduces a whole other set of problems. Being self employed really means you work all the hours you can get paid for - and you have manage your own retirement, healthcare and other benefits without the advantage of having paid HR to do it for you

also true

I'm not saying people haven't been successful doing it - but understanding the business side of things is a necessity. I prefer not to have to care about doing all that business related stuff

give me a SOW and i'll generate my own tasklist and we can all be happier 🙂

Yeah i was told that 1099 you should ask for 3 times more than what you are looking for from a regular opportunity

Pretty much

I saw a recent Reddit post where a guy was making $30k/year but doing bounties 80-100 hours per week and people were saying that was excellent pay and I was like uhh no

Reddit is they key word here

That would be the case ideally, but there are many more expectations in a typical workplace other than strictly work

Consulting may be the place for you then

I really like being a consultant - stress is very low compared to the firedrills I had to run weekly as an infosec engineer

True but I was amazed at how many people said they thought it was great

But if you absolutely love doing that, happiness is worth a lot

Consultants also tend to get the "sh*t" work though, too

Would also help if you had a SO

True... but I'll take the 'fix this broken stuff' if i'm allowed to tell them I set it on fire and rebuilt it correctly

If i move on I should be looking for a 15-20% increase right?

I don't know what you're being paid now vs your skillset

I'll have certs and more experience at that point

You should be looking for market rate

Also depends on what another job may offer

Also true

How much time will it take for first response after submitting bug in private program of Hackerone

I actually want vacation next time

when i made the jump from infosec fulltime to devops consulting, it was a 35% increase

A position with growth would be preferable to more money

I didn't look into that lol and it kind of bit me

You don't get vacation?

Another thing I saw on reddit that I thought was really great to keep in mind, is that your job should be paying you twice

I accrue one day a month

It should pay you first for the tasks you do; and it should pay you a second time to give you room to grow into your next position

that's not HORRIBLE, depending what "free" holidays you get

Standard fed

2 weeks of vacation is pretty standard for early career

It's not so much the amount I get it's how I get it

I'd rather get it in bulk up front

almost nobody does that

Yeah nobody does that

They are all accrued?

pretty much, yeah

My dad and my buddy from college both get theirs up front

my current place has a "flexible time off" policy, so we can take as much as we want, whenever we want

Unless you get "floating holidays". My PTO is accrued but I automatically start with 2 floating holidays that are just a day off whenever.

I thought that was normal

Last company I worked for required 6 months, then you started to accrue 2 weeks annually at a scaled amount for each partial hour worked

but realistically, most people only take a few weeks a year

So if you turned in a timecard with 1 hour on, you got something like .15 minutes of PTO

Yeah I get floaters and ‘sick’ time up front but then vacation time is accrued monthly

yeah, depends on if you are salaried or hourly/have to track hours

I get PTO and standard fed but no sick leave

my current PTO accrual is based on the quarter; doesn't matter how many hours I bill, i get the same amount. But that also accounts for sick time as well.

that kinda stinks

That's the one I can't stand. You have to use PTO for sick leave.

PTO being what? Your vacation hours?

Standard fed is a lot of holidays off isn't it?

Yeah - universal paid time off

Yeah my accrued time off

Hmm

something else to look at it healthcare and 401 and stock options

different companies do that differently, but it can be a big $$ difference

I get essentially 20 days a year + holidays

stock options can be a big suckers game too

potentially so can bonuses

So getting vacation up front isn't normal? It's mainly accrued? TIL

A really really rough heuristic to try and figure out appropriate contractor pay: take whatever your annual salary would be at a salaried job. However many thousands it is, convert that to dollars per hour. So $120,000/yr would mean you want $120/hr as a contractor. Which sounds like a lot by comparison, but you pay more in taxes, don't get paid time off, have to pay for your own benefits, etc etc

IMO better off throwing that money into a 401k or IRA until you hit max, unless the stock options are ridiculous

I get about 6 weeks of time off plus some holidays but I’m old

like 15 points under previous quarter minimum or something

I should probably look at my 401k

We just switched providers

Yeah, that would be a 2x markup. People I've talked to say 2x-3x is a good number to shoot for

My new job said I would get 401k then I got here and they told me it doesn't start until after a year. I don't plan to stay that long.

It also depends on where you live. The USA has a pretty poor quantity of vacation time on average, versus somewhere like Germany where the legal minimum is like 4 weeks for full time work

401 matching can be a big thing too

Yeah i get matched

Yeah

I'm only putting in 6% a month right now

Try to time it so you hit your 19,500 max contribution in early december

I once worked at a place that did better than matching- they paid something like 7% of salary into 401, no matter what I put in

Definitely put a decent amount into 401k, I’d say at least 10%

Mainly because I have other expenses

put as much in as you can afford to - the longer you feel poor, the more money you'll have at retirement

max out your 401 AND your roth

I’m in the US

that's currently about 26k/yr

That’d be ideal

Yeah i have a strategy I just need the capital to do it

the more you can do, the earlier, the more years it has to gain interest

sell your toys and eat beans and rice for a few years in your 20s if you have to

you'll thank me in your 40s

I would say for the 10-15 years of gainful employment, whatever those ages are

I did eat beans and rice in my 20's and still can't contribute that much to 401k 😂

Your 401k lowers how much you are taxes, do what you can to put at least 10%

I was a slacker and worked lowpaying job for years

so much wasted time

I'm building my emergency fund right now and I am putting little bits into dividend stocks

the stocks can wait

the 401k is very risk averse....

IMO that doesn't make you a slacker, that's just how our society is set up :c

Yeah don’t do stocks if you aren’t putting into your 401k

yep

I mean, i had the option for university. I was making really good money at the time; then the economy dropped like the titanic and i decided i needed stability. got into school as soon as i could

401 and roth first, THEN stocks

(I feel obligated to mention that 401k is, under the hood, a bunch of stock investments. So bear in mind that you're still leaving your retirement savings up to the whims of capitalism)

Also remember that the Roth IRA has rules about the maximum amount you can make before you aren't allowed to contribute anymore

You can ladder with a Roth

That's true Scarlett. Big difference between experts managing your money that way, and playing at being a day trader

Yeah certainly

There is also some things you can do with ROTH

Ladder?

True, but it's a little more diversified than a single stock or fund

Yeah tax avoidance is the name of the game

And investing the $$ means you'll hopefully at least keep up with inflation, rather than the money being worth notably less in however many years you retire

You can move money from a traditional to a roth penalty free and then hold it in the Roth for 6 years and then pull it

Isn't it YOU who posted the joker/batman/irs meme?

Yes

I am not a financial advisor do not take my advice literally

I will be talking to a professional before I do anything

401 and roth are easy - just dump everything you can into those

once you max those, then go talk to an advisor

Up to the annual cap

right, which is about 26k/yr right now

Over-contribution can mean some pretty signficant penalties

That's 50% of my salary

50%ish

Again, get 10% of your salary into 401k

I already spend 24k a year on housing

I am though

Then work to increase it

and every raise you get, put that immediately into investments

Ok

so your standard of living doesn't change but your savings does

This. I recently switched to a much better-paying job and doing all I can to not increase spending and squirrel it away.

One of my friends still uses the same budget he came up with 1993 - only adjusted for cost of living

He just paid off his house 15 years early

Nice

that's what I'm currently working on

Oh poo I should probably look at my student loans

yeah, that's the other big one

don't worry about student loans as much

the interest from those tend to be much lower than other forms of debt

Fed has had them paused and I don't want to get penalized

if you have any credit cards, zeroing those should take priority

my mortgage is actually a fair bit lower rrate than my student loans

They are my highest interest debt

Are they fixed rate or based on prime?

I pay my cards every month

Again I’m old but yeah 15 yr mortgages are preferable to 30 yr

I did a 30, but paying it like it's a <15

Usually 15 will have lower interest

gives me the flexibility to cut back the extra payments some months if I want

I think fixed? Whatever Federal Student Loans uses

Nelnet

well, my rate is about as low as they will ever get...

But interest rates are amazing

It really depends on whether you got subsidized or unsubsidized when you were applying for them

You can refinance now for < 3%

My highest is 5.6% interest

We are paying our house off next year or else I would’ve done another refi

ah, gotcha. yeah, it takes 2-4yr to make a refi worth it

My car is .5% less interest

something else to consider- there's a lot of talk about student loan forgiveness.

Aren't 15 year mortgages usually pegged to prime rate? lower at first, but possibility of a rate blow-up if things go bad

Not gonna happen

no, depends on the mortgage

It's all the blue checks

No? It’s a fixed rate loan

I thought that was one of the tradeoffs of 15 vs 30 yr. 30 yr normally has a slightly higher rate for having guaranteed consistent payments

Wait a 30 year mortgage has a higher interest rate?

Nah you can get 10 yr and 15 yr fixed rate loans

sidenote: i'm currently trying to save up for my first home

nah, you are thinking of balloon morrtgages, I think, juun

ah

you can get fixed rate for any term

Yeah balloon mortgages hardly make sense

My rent is almost as much as my parents mortgage

or a graduated rate, or a balloon payment

the whole balloon payment thing is what caused the 2008 crash

Yup

the balloon mortgages make sense as an investment vehicle - buy, live there for 2 years during the low-rate time, then sell right before the balloon hits

Isn't that happening again?

Aren't we over another bubble

adjustable rate loans have a much higher amount of surrounding regulation - or at least they did 3 years ago

the thing about bubbles is you can only see them when you're in them/past them

There are issues with our current bubble

i think current housing market issues are over-valuation, not bad loans being made

at least in my area

I thought i saw an article where the same dum dums were caught doing the same stuff they did in 08

people always say we're on the verge of another bubble, but we really won't know until it hits

People are taking 50 yr mortgages

well sure, the folks on wall st. will do whhatever they can to make a buck, no matter who it hurts

why?

well, in 06, a minimum wage worker making ~30k could get a loan for a half million dollar house based on some vague assurances from a CPA

That's a thing?

Because they can’t afford 30 yr

are these just low paid workers, or massive houses?

Expensive areas

depends on the market

that's a really common thing, from what i hear about the LA and SF markets

Yup

That's why I will never live in California

jeez. I knew prices were high out there but that's kinda ridiculous

1800sq ft home in silicon valley goes for something like 3-4 million

That and their ridiculous exit tax

Also the market has been artificially boosted to help soften Covid but we’ll have to pay eventually

i might have the numbers off, i'm basing that off a conversation i had with a family member who was working in SF for google

I think that is why I see us in a bubble, I hope I’m wrong but

maybe that area is, but not nation/worldwide, I think

I think inflation will hit relatively hard in the next couple years, but it won't be a hard crash like in 08

especially since people are starting to move away from high cost areas, with remote work

Now places are going to suck though

i'd rather live in convenient driving distance of denver than move somewhere like idaho or fallon, nevada

All the good states are getting the whiney people

I like where I live, I just wish I had more land and bigger house, but what can ya do

I’m hoping people evacuate California as it’ll make it cheaper for us to move

Or the people that ruined their states in the first place

to move TO cali?

i could probably halve my living expenses to moving to middle of nowhere (assuming i can get good internet there), but i need a chiascurro within reasonable driving distance -.-'

Yup

Yeah why would you do that?

Because aging parents

that's a good reason

Ahh ok that's respectable

AZ is crazier than CA, believe it or not

AZ is a little weird

The cost of living in California where my family is at is the same cost as living here

Just throwing out an idea- might make more sense to relocate them to you. Or to relocate both to a third place

Although food is cheaper in California

🤔

Cheapest/best food I've had in a long time was LA food trucks

street tacos there are hands down the best i've ever had

I have dozens of family members in California and I live in an expensive area, so it’s aging parents plus other family members

Groceries are so cheap in California that it makes me cry

Buy a farm in rural VA 🙂

I have no desire to live in a rural area

yeah me neither

but I also hate the crowded cities

I pass this one place on the way to work every day... It's wow

We are going to most likely move to a near rural area, it’s a city surrounded by wineries

But it’s a city and close to various places

California isn’t bad depending on where you live, Northern California is crazy but Southern still has some areas that aren’t too expensive

what I’ll miss are the amazing trees we have here on the east coast

What I won’t miss are ice storms

I found the place on Google maps

These people have to be old money

What place?

A private residence on my way to work

You come around this hill and there is a giant white gate that leads up a perfectly manicured dirt driveway

Chevy Chase?

And nestled into the top of the hill you can just make out a southern style plantation home

I found the place on Google and they have two full size tennis courts

And other rich people house things

Lots of houses along the Potomac are like that

Yeah this is further inland

Not gonna say where though lol

Ha

It’s not unusual in the DC area

Just lots of rich ass people

Yeah this also isn't DC

It's like the north of the true south area

I mean the metro area

Oh yeah

I get to go to Richmond on Wednesday though

I love it here but the selling of land to build more houses is gonna drive me crazy

how so?

I like my wooded areas

ah

yeah, that's happening everywhere

They are just making it more and more dense

Yeah it's kinda gross what they are doing in my area

All of the town houses

unless you can get into a neighborhood that's like arbor foundation certified or whatever

there's some law about amount of woodland required for that

Like legit people are finding DC to expensive so they are coming to where I am

I live on the edge of a protected area so I’m good but whenever we drive anywhere, trees are gone and houses are going up

And turning it into another garbage pit

I know some people who are very seriously talking about moving to Mexico or other places where cost of living is much lower

Like they literally built half million dollar homes on the edge of a junk yard

Sell the house and half your stuff, go down to the yucatan and live like a king

Which cracks me up

well, may be a junk yard NOW, but not in a decade

Maybe not but seems like whoever owns that junkyard isn’t selling

maybe it's the same person who owns the house

nice easy commute 🙂

They never are

No It’s a row of houses

Or townhomes I guess

someday I want to get anoother house or two and make it a rental property. Get some passive income going

I can't afford that any time soon though

I have a rental property, there are pluses and minuses

All I see now are signs for Ryan Townhouses

But overall it’s been good

enough to make a profit?

Yes

or even just break even while you build equity

The tenant pays a bit more than it costs me and it’ll be paid off in the next year, the value has almost tripled but that’s always the risk

nice. Then you sell it and there's your retirement

Well have to figure out that dance.. but we’ll see

well sure, the details are up to you. But it's nice having that option

I don't. Yet. Might not ever 🙂

It was an accidental rental, I bought it to live in then started dating husband

hey, still works

I'm kinda hoping for a similar situation.

I've thought about buying a duplex when the time comes but idk if I want to deal with that

I've heard that's a really good option too actually

Yeah you get the first time home buyer loan, purchase the duplex with it, and the have your renter pay most of the overhead

I'm working on a duplex or quadplex for my first purchase in the next months, got a real estate agent scoping to see what we can find right now

quadplex is the highest you can go before you need a commercial loan

and usually if the numbers are good, you live for free in a quadplex or have very minimal costs in a duplex

deal with what? The renter living next to you? 🙂

hi

not only that but if something breaks at 2am... you are responsible. If your tenant decides to stop paying, depending on state laws, they may be living next to you for months before you can evict them and get a new tenant in there. And also, Covid brought interesting times for people who do renting. People who do AirBnB were affected greatly but lots of others were as well.

But is that any different to any other kind of rental than one half of a duplex?

depends, you don't necessarily share a wall with your tenant

and I actually pay a management company to take care of everything for me, its fairly cheap and still my rental income over my mortgage and hoa fees is enough to cover the management

Depending on the state there are various landlord and tenant laws and Idk if I want to deal with that. There are a lot of intricacies and some things are your responsibility if you provide them but others arent

And on top of that people in the US are sue happy

Is it wise to take the OSCP if I have no experience ?
I have a degree though

what do you mean no experience? do you have experience on TryHackMe, HTB and others?

and lots of people highly recommend eJPT first

Yeah, I'm doing eJPT course atm

It's fun - I have nowhere near enough knowledge for OSCP and it's soooo expensive as I'm only a school student

I'm looking to pivot into CyberSec and looking to start at Utica College in their BS in CybSec with a concentration on Cyber Operations. I already have a BSN (Nursing) and have been working as an ICU nurse for the past four and a half years. I have a minimal computing knowledge (built my own PC, have played around with basic router settings). Does getting a formal education matter?

It helps

From your background specifically I would say yes

Thanks

well I'd disagree a bit, a BSN is a BS, now its not a traditional BS but that doesn't really matter, if you did some certs, you could apply to various jobs, you might have to take a slight pay decrease initially

if Utica College has a 2nd masters, that isn't a bad option, but may not be entirely required

I'm in NYC and have a feeling if I started out in an entry level IT position I would take a significant pay cut. Nurses in NYC start at almost 100k+ in every hospital and I'm in the highest paying one.

They also have a masters program, but I don't think I'd feel very comfortable taking it.

yeah but you'll eventually catch up

I wouldn't do a Masters

get a Sec+ and start applying for jobs, get a blog, add some writeups there

something like SANS may be good https://www.sans.edu/academics/undergraduate

if you are a woman, there might be various programs out there like this one from SANS https://www.sans.org/about/academies/womens-academy/

and for a foot in the door, may not hurt to look at medical based companies or any company that may be concerned with HIPAA, companies always need GRC type people and that is a good entry level position

http://catalog.utica.edu/preview_program.php?catoid=44&poid=3396

This is the program, I'd need to complete 58 credits and if I wanted an additional 16 for a minor in CS

its not really needed, education is usually a poor way to get an entry level position if you already have a BS

it is really a mix of education (BS is helpful, specific degree not necessarily), work experience (any work experience helps for entry level) and certs.

like the SANS undergraduate certificate is 6 classes, 5 certs

the SANS academy is similar and its completely free (difference is you need to be a woman)

Ooooh, I like free!

yes, its meant for career changers or first time career people

and its competitive

I'm in grad school, so not qualified. That would've been cool to know about a couple years ago. Oh well.

grad school for security?

but anyway, I've been in security for a long time and I've worked with people with a variety of backgrounds and previous degrees including biology, psychology, criminal justice and those with no degree as well

Yeah, I heard from plenty of people that I didn't really need it, but I love learning. Thinking about PhD one day.

yeah I am thinking about PhD in Math

PhDs are often not worth the time/money investment.

what are the highest paying blue team jobs ?

Not sure, but perhaps threat hunting and forensics

I'm recruiting, if anyone's interested: https://careers.astrazeneca.com/job/macclesfield/senior-cyber-security-engineer/7684/17106876

It would be a retirement degree 🙂 basically 'for fun'

Not everything is about money or career opportunities 🙂

I imagine I'll do the same with physics 😛

also education in greece is free so here's something to think about

Is a masters in cybersecurity worth it?

I think it is

Brilliant idea.

I legit was thinking of doing a master's in algos, it'd just be for fun tho

Literally every person I know that's doing a master's right now (or finished recently) is kinda disappointed about it

Unless you're trying to be an academic, you need to seriously consider whether it's worth it

Just be aware, that this is quite dependent on where you live. For instance here in Denmark, where I live and work, a master's degree is quite helpfull for career posibilities and salary levels, especially in Mathematics, Physics, and Economy (and most of social sciences and humanities), but also (to a lesser degree) in Computer Science and Engineering

only if you already experience in cyber security, it is a poor way to break into cyber security and can potentially hurt your job prospects

Yes I love theory of algorithms a lot so I'm sure I'd be fine 😁 If I did a master's I'd for sure go to another Russel group uni so I'm used to heavy boring theory hahah

MS in Cyber in the US are not really academic pursuits, they are career advancing pursuits, if you want to be a technical lead or manager, only then is a MS in Cyber really worth it

Yeah in that case I'm sure you'll be fine

I've considered it as well, just not right now

Would anyone rec the Juniper data centre free certs? Like, will I learn stuff that I wouldn't have from cloud certs?

Trust me- nobody does a PhD 'for fun'. Those who've done that.... did not have fun :). We can talk in DM if you want.

Nah it’s a bit of a future state, I’d plan to get a MS in math first, I know it’s grueling

Very much so. And you probably won't get to work on stuff YOU want to work on

you're essentially an indentured servant, doing whatever your advisor wants you to do

I remember a dental hygienist I had many years ago who told me she was about done with her PhD but she never ever wanted to see a dead dolphin again (she studied marine biology)

My idea is I’d retire at 60 as I transfer into a PhD program

Maybe earlier if the finances work out

What's your goal? Just to say you did it? Or to do research on something you find intersting?

or to publish?

Right now, it’s just to say I did it

Well, you'll be paying 5k-10k+ per year out of pocket to work for someone with less experience, being treated like you know nothing.

I know someone that sold their company and moved to uni to finish their PhD for fun. They could've got well-paid job in the industry, if they had wanted to.

The point I was trying to make is that getting a PhD usually isn't actually enjoyable (fun). Your motivations for pursuing it might just be for fun/hobby, but the actual process is not fun.

I don't think anyone said the whole process would be fun. There's a difference between doing something for fun, and enjoying every single moment of it.

yeah exactly

I've been floating around the thought of continuing with my PhD at some point. Perhaps one day.

Personally I think that's a lot of money just to say you did it but if you want it the only person stopping you is yourself. Personally, unless I were to go in to the academic world, I wouldn't do it.

I used personally twice dammit

the point is I'd be retired, I'd have money saved up specifically for doing it

I don't think a degree that would cost me nothing out-of-pocket would be a lot of money. Naturally there'd be lost income and what else.

Yeah schooling isn't exactly free in the US

I'd be going to a state school, which would be relatively cheap

You'd have lost income, expenses of being a student, and the school expenses

thats why it'd be a retirement degree

I understand

but we'll see where things go

Back in the days I signed up for a PhD program, but then slid into working in the corporate world.

Yeah, getting a masters with no previous experience or even certs wouldn't make sense. I was referring to it being beneficial for career advancement

yup definitely it can be

Can I go into cyber as a computer info systems major? Or do I have to be computer science?

Degree doesn't always matter

Depends on the position and if any experience or certifications

Location is also a pretty big factor in degree requirements as well

It's called vision bro...

https://www.bloomberg.com/news/articles/2021-04-27/iterable-startup-ceo-says-he-was-ousted-for-taking-lsd-at-work

Sorry for the late response.
I have experience in Vulnerability Management and Cloud Security.
I only did Penetration Testing for a couse and in CTFs as entertainment

How much the the eJPT cost and how to follow their course?

More than $300 I believe

200 USD

https://elearnsecurity.com/?post_type=product&p=10890 The training material is free to access by getting an INE free Starter pass.

mods are taking care 🙂

I'm recruiting, if anyone's interested: https://careers.astrazeneca.com/job/macclesfield/senior-cyber-security-engineer/7684/17106876

Here's a plan I have for myself (so far)

Complete Beginner path --> Web Fundamentals path --> Study for Network+ --> Cyber Defence path --> Study for Sec+

Any thoughts? I would appreciate any feedback :)

sounds good

A little while back, some people were asking about the use of a law degree in cybersecurity. Here's a quote from an article that jumped out at me related to this:

One of the first things companies tend to do after cyberattacks is hire lawyers, and they put them in charge of the investigation. They do this for a specific reason — it means everything they find is protected by attorney-client privilege and typically is not discoverable in court.

From: https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack

I think this applies to a lot of us:
https://youtu.be/PTywlFBr2-s

Hey guys i graduated from college in December and started working as a systems engineer for a small company, i want to work towards cyber security after i get some experience here any tips that can help my career, i don’t have much experience in working in IT and I’m basically learning a lot of stuff right now

@thorn pebble @haughty leaf

Wow cool didnt know they hire lawyer right away. So if someone was in that position to lead investigation i guess knowing this technical stuff would be much of a help. Thanks for sharing this cheers

Gave +1 Rep to @light urchin

You're welcome. And yeah, I didn't know that either, but it makes sense.

Yeah if they don't have general council they will bring in lawyers

My understanding is that they bring in outside lawyers specifically to take advantage of the client privacy laws

.....

what have i done

Invoked managed code?

why did I post that in here the heck

Does anyone know if joining an org like ISA or OWASP is a good idea? I've been told it's good to network and meet people, but I'm hesitant because it costs money.

Low cost alternative: look for a local meetup in your area; community colleges are a great place to start looking for user groups

I see! I'll check those out

not good stuff

I wanna just learn something for fun, not sure what(why I'm asking here).

What's something fun I could do? Examples I have in mind: Cryptography, cybersecurity etc..

What do you guys recommend?

online training is not easy .. focus

https://tenor.com/view/stay-focused-michael-rapaport-cameo-concentrate-remain-focused-gif-18006605

thank = u

https://boards.greenhouse.io/monzo/jobs/2984718

Junior level cyber security specialist salary ranges. (East Coast of USA)

thats a wide range... GA, NC, FL would pay less, Boston, DC, NYC would pay more

Are you offering a position or asking what the range is?

Philadelphia Area

@stoic cave Asking ranges for my own desired salary

I'm not exactly sure philly but that seems like it'd be pretty standard, $70-$85k probably

Yeah i dont think there really is a standard range for all of the east coast. It's definitely regional and going to require some legwork on your part

I would set up a budget and come up with a desired salary, an acceptable salary, and then an absolute minimum

true and I'm assuming college graduate, college graduates will generally land around $70k/year

entry level but could be more based on experience or in more expensive area

Yeah i personally wouldn't take $70k in or immediately around NYC/DC

Too expensive for that salary

yeah generally I've seen people say $80k+ in DC area for right out of college. Its been a long time since I've been entry level so I can't really know personally

Yeah i got ghosted for asking for 80k. It was a sub 1% increase on the offered salary

damn

no company should ghost you for asking for more

unless its like insane

Yeah. I was like "hey, I uhh need to buy a car so I'm going to counter with a 0.45% salary increase. Very Respectfully, Moose" and then nothing

I will say I was dumb right out of college, I didn't even think to ask for more as the salary was already more than both my parents salary combined, but the funny thing is that due to them giving me the lowest salary possible, but then by the time I started the job, they had to bump the salary up as the entire salary range had moved up

Yeah i kind of got in a tiff with my parents when I said sub $70k wasn't an acceptable salary

I never even told my parents, only reason I knew my parents salary was due to fafsa

For Northeast and DMV I should say

and I was like wait a second...

Yeah i know I make more than my mom

Not my dad though

Mom isn't hard though. She's a school teacher

well depends where

School teachers get shit pay no matter where they work

I find it hard to understand teachers are paid as little as they are.

my mom was talking about my aunt who is a school teacher making $100k/yr and I was like I'm not saying anything

Where the fuck does she work?!?

she is a kindergarten teacher in San Diego area

Damn

That's like the 1% of the 1% in teaching pay

Specifically primary education not secondary

in San Diego county, the starting salary is something like $60k

I don't know about other areas

And I thought kindergarten teachers are the worst paid group of teachers.

The are at least in Finland.

you'd think so when she only works 6 hours/day for 9 months/year

San Diego tho

So 90% of that salary is an apartment

San Diego isn't even the most expensive place to live

I don't think teaching salaries go above 50k in Mass

Should be the highest paid, dealing with that many little nightmares

Or a majority dont

you can get a 1 bedroom apartment in my hometown, where my aunt lives, for around $900/month

Well, I'm not sure about how that compares to dealing with teenagers 🙂

generally Los Angeles and San Francisco are the super expensive cities

(Metaphorically tie up)

Muir don't tie up the teenagers.

Teenagers will fight back verbally and physically. Kids are easy

Sooooo, steamroll the kids? 😁

https://tenor.com/view/traffic-fbi-open-up-raid-gif-13450966

Muiri just wants to dress them with neckties.

Don't do that in a a school environment, smh

Oh God, I just realised how that'll sound out of context 😆

Yes

😄

Yeaaaah, let's delete that one rather than explain that I am a teenager

Not for long!

ha

Hush

Don't remind me of my impending old age

At that point you move to using hexadecimals for your age.

I'm 2D

🖕

I'm in the wild 28s.

You still have teen in your age

Hehehe 😁

There's a joke in there somewhere. Something about cartoon characters?

If one is 2D, one's go-to coffee must be a flat white.

in a month, I'll be 2E

I just dont want to under or over shoot

if you happen to undershoot, then you can correct later, if its a good position for growth, sometimes a little less pay can be worth it

Sometimes it can be hard to correct while staying with the same company, though.

yup it can be

If they are asking me if "im familiar with" a list of frameworks should i just say yea then study them lol

Nice

You should be honest

I'm trying to decide what study to do. Degrees are so expensive. Maybe I'd be better off just doing the A+ Next+ Sec+ trifecta to start with? Then look at pentesting once I've got a job? (I have employment now but in an unrelated field)

getting certs is a great way to break into cyber security

Is there any cloud-based security certs?

at least AWS security ones, do they count?

yeah CCSP is probably the big security cloud cert, AWS security speciality focuses too much on their services/products vs security knowledge, AZ-500 (Azure) has a bit of both, security knowledge and security services/products

there is also the one I got last year, ACSP, which is through the Cloud Security Alliance, and then its younger sister the CCSK

CCSP is all theory and dry as hell, reason I have 0 interest in it, its like the CISSP for Cloud

aws security specialty is half IAM and half configuring firewalls and security groups

I was a bit disappointed by it, tbh

I thought it was more about things like guard duty and what not

yeah, there's some of that too

I had a coworker who did it, she provided a breakdown and I was like nah I'll pass

I didn't actually take the exam- I was studying for it right at the start of the pandemic, then the world went to sh*t, and I never took it

she said it was a lot about their security services

but that was over a year ago

but the content and practice exams I was seeing was a little underwhelming

yeah. their services, and iam, mostly

Would definitely like to hear about the ccsp though, I don't know anyone who knows anything about it really

one of my coworkers took it, and she said it was very dry, very boring, very CISSP like

but is it useful? either in the knowledge gained sense or the employment sense?

Sounds like AWS security ones are no different than the other AWS certs.

or specialties.

I think CCSP being ISC2 could have some usefulness in employment sense and potentially knowledge gained sense, if you had zero knowledge about cloud, may be useful

but I also think that if people have been around security a while, has CISSP then they spend some time with one of the cloud vendors, they can infer a lot of the stuff that is part of the CCSP

Azure Fundamental for Ethical Hackers and Special Ops Team :https://www.biztalkgurus.com/blogs/msft-biztalk-community/azure-fundamental-for-ethical-hackers-and-special-ops-team-free-whitepaper-by-nino-crudele/

I know Google has some as well for Google Cloud, for example: https://cloud.google.com/certification/cloud-security-engineer
Or if you just wanted to learn by doing some labs/exercises, there's https://www.qwiklabs.com/ which is also owned by Alphabet so it's sort of pseudo-"official" learning?

I haven't done any of the Google cloud cert stuff so I can't speak to the value/quality of it. I have done some stuff on Qwiklabs and felt like I learned a bunch though. (Disclaimer: I work at Google, and also I got free access to the Qwiklabs training stuff that I did)

interested, didn't know they were bought by google, I've only used them (when they were free through work) for AWS

My friend is applying here, can anyone TL;DR what they actually do and why they need to exist? https://www.collibra.com/

I'm not exactly sure but it seems like they are a way to make sure that the data you are using is validated and verified

And then providing it in a cloud solution

It also mentions record keeping on another page

After doing a 5 second Google they are also being referred to as a Data Governance and Data Intelligence company

nvm it's a semantic web company that tries to use more exciting words than "semantic web"

thought it would be neat to see if any job postings on LinkedIn mention THM

Hey guys what do you think about this? https://www.tspa.info/job/tip-trust-and-safety-analyst/ I feel like they're asking for too much. I also feel like this is more of a SOC person and not "Trust and Safety" in the usual sense.

why do you think that is too much? That sounds like a full stack developer position to me (doesn't look like a SOC position)

Because it's "entry-level". I've also been under the impression that most trust and people also have to deal with content moderation and investigation not just on the infrastructure side but also on the community side.

I'm still trying to build up some skills and understanding on cyber as a whole to get a better understanding of what job I want. Seeing these kinds of job postings confuses me a bit as most senior trust and safety people I've worked with are more forensics and community management focused

that is how the 3rd party site you are looking at lists it. I found the job on the careers.upwork.com site and the job title is actually "Senior Data Analyst". Its not an entry level job https://careers.upwork.com/jobs/4400722003?hsLang=en

that makes more sense

Is there any list of topics or tasks that you MUST KNOW before sitting the OSCP exam?

@leaden yew Try this: https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/

Take a look at the official OSCP syllabus from offsec.

Is it actually possible to do the OSCP without doing the PEN-200 course? 🙂

Nope

You can’t get one without the other

well you don't have to do the course, but you have to buy it lol

Is it absolutely necessary to get a certification if your switching into one of the streams in cybersecurity from a different career field and if so which one you guys recommend for a complete beginner like me. Also I am on the complete beginner path on THM

certifications are a great way to break into cyber security. A lot of it depends on where you live, you'd need to look at entry level job listings in cyber to see what they are asking for. Security+ is a common cert for entry level

I am from India. I have looked for entry level jobs here but every job I have come across so far asks for two or three certs net+ and security+ . But I am totally new to the IT field itself so is it possible to take up the Security + without taking the net+ and other pre requisites ?

IF you are new to IT, that is not a recommended path.

The CompTIA beginner certs are sequential; net+ assumes the material from A+ is known; sec+ assumes net+ is known. It is possible to skip, but I would not recommend it to anyone unless I was confident that the earlier material is already known

Yeah that’s why I am kind of confused and also each cert costs a bomb. I am currently unemployed due to COVID situation so I thought finishing the paths in THM would help me land my first job in the cybersec industry. It’s possible right to participate in CTFs and try to up the ladder in this platform and use that in my resume and convince the managers ?

It would be a very stupid idea to try if you're not already either pretty experienced, or certified with an equivalent cert (e.g. eCPPT) or above

Yes, I agree! 🙂 I was just wondering because I found no mention of it on Offensive Security's website

Hey, is anyone here an info sec analyst?

we have a few, you might just want to ask your question as we have many people at different levels that could provide some feedback on it

Well, I have an interview tomorrow for an info sec analyst position, and I want to prepare for it as much as I can. What exactly do you guys do on a daily basis?

most analysts work with a SIEM in one fashion or the other, but it will always depend on the job

and I do have to say when you get to the point where you get to asks questions do ask that one so you can feel for what kind of things you will encounter

Gotcha, I know for a fact we have Crowdstrike Falcon, I believe that's a SIEM, and I've worked with that a little in the past.

IIRC analyst is a really really really wide job title

It can include a lot of things

Crowdstrike Falcon is a more of an EDR

What about Nagios?

ayy crowdstrike sent me a tshirt for passing one of their certs

Nagios is an older SIEM platform that has been around, most SIEM's will involve multiple logging sources

Ah. I know the engineers are more of the quick response team. So in that sense, wouldn't the analysts be the people who look and see like "So this virus did this, got into this system" or "this unauthorized user made his way to X server, how can we fix it? Which application allowed him to execute what he did, can we update it?"

that would be more IR team, but most of the time the analyst would be frontline person that sees and alert first or does a large amount of threat hunting

Hopefully the job description of the job you are applying for outlines responsibilities and the technical proficiency scope. Any fancy words in it, like Splunk, or ELK stack, etc..?

Job description is the most valuable thing here IMO

I'll have to recheck, I know my current job didnt say anything about shipping 100 monitors within 2 weeks....

Hopefully it will mention a toolset familiarity you can focus on. 🙂

Do you need a degree to get into IT security?

not a requirement but many companies like them

they can be used to supplement experience sometimes too

@golden ore Because when I look up jobs for IT security it says that I need a Bachelors Degree in Computer science, Information Technology, or engineering.

most companies will request them, I have seen many ask for them or list them as perfered

you can sometimes supplement certs for a degree, it all depends on the company

@golden ore Would getting an internship be a great start before getting an entry-level job?

Yes

If you're in school yes, it can't hurt if you're not and still living with your parents

At the same time if you get a start in IT most Jobs will forgo the degree requirements in lieu of experience

Any good sites to find foreign country interships, or is it country specific?

Is there a differeence between security analyst and Penetration tester?

Yes.

Please elaborate for me - thanks

Have a look at some job descriptions

security analyst - blue team
pentester - red team
If you'd make research about those teams I'm sure you'll know the difference soon

@old niche Thanks! I tried but my google dorking failed to spot that.

Gave +1 Rep to @old niche

@peak steeple Check out a couple of these books: A Tribe of Hackers, A Tribe of Hackers Red Team, and a Tribe of Hackers Blue Team. They're all a great way to get to know the industry as a whole.

@warm hinge Thanks very much! I want to go Red but keep getting Blue Teeam roles soo I might try and see if it grows on me more. Thanks for the reommendation.

Gave +1 Rep to @stark steppe

@peak steeple From my understanding, the Red Team jobs are just a small portion of the CySec industry so it may take sometime for you to land something in the RT field. Get to know the BT side so you can learn how the BT defends the RT -- they'll call that the metaphorical Purple Team. It will make you a much better "hacker", too. The key to a good offense is knowing how to play against the defense.

@warm hinge Thanks once again! Great insight.

Gave +1 Rep to @stark steppe

can i benefit if i am a system administrator and i want to work as red team after getting certs?

Of course. You'll have an understanding of the systems you'll be attacking, common shortcuts people take etc

If anything having that experience will massively benefit you as you'll have a deeper understanding than most going into the field

i heard someone once say a good sysadmin is an undercover redteamer

Blue and red team are two sides of the same coin

The better you are at one, the better you can be at the other.

Shadow IT is the bane of all security

shadow it?

Shadow IT is infrastructure that isn't being governed within the policies and procedures of an organization.

Like, a sysadmin that sets up a game server in violation of company policy

or a network admin that builds a 'secret' VPN in or out that doesn't conform to company requirements

ohhhhh i see

Hey that's on security plus lol

I think they call it sprawl though

what if the shadow IT is the only security you got 😂

Just had to deal with a shadow IT audit meeting today.... Too coincidental 👀

They’re on to you!

I'm like the shadow IT to our shadow IT, I set up shadow infra to stop them from setting up shadow infra. Genius, I know

praise be

wrangling Shadow IT is part of my job

Had my interview yesterday for the info sec analyst job. I thought it went pretty well, waiting to hear back.

the job was internal right? even if you don't land it this time there is hope for future and you can use the feedback to brush up in those areas, but all the best and good luck!

Yup, internal job. And thank you 😁

Gave +1 Rep to @opaque laurel

good luck

anyone here “work from home” abroad? what are the tax shenanigans or other things to think about?

my friends company have just announced they are allowed to work from abroad now 🥺 lucky 🥺

what do you mean by abroad exactly? in another country?

yeah so him and the company are both in the uk

and he’d like to work obviously somewhere exotic lol

export regulations and tax are the main factors, as well as relevant visa's I think

yeah

also if he's thinking out of EU, GDPR regulations and data handling

okay awesome thanks!

regarding visas, is a work visa needed?

Yes, I believe so in most countries

cool thank you :)

Gave +1 Rep to @opaque laurel

I'm not sure about the UK but in the US if you work abroad you still have to pay taxes back to the US as well as where you are

There are tax credits though for that I believe but I am not certain. Talk to a CPA

cpa? certified public accountant?

The US is weird with taxes though. Dual nationals with US passports are expected to pay US tax as well

Yeah accountants, at least in the US are the tax experts. Unless you are a corporation then you get a lawyer

Yeah basically if you have US citizenship you're expected to pay

he works for a large company so i guess he'd be able to speak to people in it

Yeah he can probably set up meetings

yeah for my company they can make arrangements on my behalf to do similar things but I haven't looked too much into it

My company is a whole hell no on work from home from abroad

Yeah the WFH abroad is definitely something I would consider later in my career

Specifically I want circumnavigate the globe by boat so yeah

hacking from the middle of the pacific

Dude it's going to be possible soon

You have Iridium Go and now Starlink

If they made a marine grade Starlink it would be a game changer

My company basically considers you a foreign National if you live and work in another country

Yeah i would definitely be out of government work if I were to do it

I used to work with somebody who had a small consulting company registered in the US, but lived in France

I’m not even in gov work but I couldn’t do my job if I lived in another country

This is what I would probably do. Just not live in France

They would not let you on the US network if you live in another country

beocme the network engineer and then you decide who gets on the network

This video is brought to you by NORDVPN

Lol

?

On all the VPN ads its always access content from different countries and make it seem like you're in another

Shadow IT again

my company has locations all over so its a bit different for me, some of my team are not in Australia even

My company is in Australia so you could be hired there but you’d be supporting our Australia projects and get Australia pay

And you’d be on our Australia network

yeah that makes sense

the pay disparity is a big deal when changing countries

But you can’t just change countries due to visa requirements, you’d have to apply for a job

Yep

This convo also just reminded me of a video I saw about why this government contractor always wore a Rolex when they were in a foreign country

yeah exactly

o.o

It was something along the lines of "everyone knows what a Rolex is and if you don't have cash or pew pews it can be traded for goods"

or you could get mugged and killed for it 😉

In his line of work, probably

Guy was also a SEAL and accidentally swam in to the dolphin cages

"accidentally"

If you didn't know, the US Military trains dolphins as harbor protection assets and anti-swimmer

It was a training dive during the underwater demolitions course if I remember correctly, their night dive

Yep, I'm aware 🙂

I know you know lol

On my phone I sent that before your "accidentally" message

ah 🙂

I don't know watches

One of the lowest price Rolex's is like $5000 so you can trade it for a lot. I think the example he used was trading it for a car

but you can also get a fake rolex I'm guessing pretty easily

My dad worked with them!

Yeah you can get one for like $50 but people will usually try and sell them for higher

That's cool

How to find the ip address of the google meeting in which we are connected

You don't

ethical and legal hacking chief

"ethical"

ethical.

I am a Security Engineer with CEH. I am wondering what cert I should take up next. My long term dream is to be a Security Researcher and I'm inclined to Web Security but not fixating on it. Suggestions?

https://elearnsecurity.com/product/ewpt-certification/
https://www.offensive-security.com/awae-oswe/

of course before you go for a cert, there's a ton of free content you can look at, most notably portswigger academy (since web security is your main interest)

Already started doing the labs and enjoying it 🙂

Anything that's not web focused. I'm keeping my options open

you can browse to the rest of the certs from those pages. the entry level certs of those 2 orgs are OSCP and eJPT, respectively

thanks

Gave +1 Rep to @cosmic ingot

Is there anyone here who's currently or has worked for Taos as a Technical Support Specialist and willing to give me some insight on the company?

yo one question for anyone who has passsed eJPT recently

are the exams harder or easier compared to the 3 black box test labs they have ath the end of the course

definitely on par, which means that if you are able to do those boxes, you're good to go for the exam

ok thanks

most people say they're harder than they exam but if you manage them ok then you should be good for the exam

hey I was wondering if any of you guys happened to like work like a job in cyber security? cause I have a question about like college.

@icy kestrel Please don't ask the same question over several channels like that, it's very spammy

OK sorry I didn't know. I don't really use discord that often

just ask your question that you have

some of us do work in cyber, you can just ask your question here

A little bit of background: OK, well I'm 18 and a senior getting ready to go to college . I want to seek a career Cyber Security and the college I'm going, to allows you to choose Cyber Security as a major but, some people I know are telling me I shouldn't choose that as my degree and I should get a degree in computer science. Question: So what should I do ? What degrees do you recommend and would those be beneficial to me at all?

sorry its so long ^

either will work, Comp Sci is the traditional standard as Cyber security degrees are fairly new but it doesn't matter. Choose whichever one looks more interesting to you

and regardless of which one you choose, in your junior/senior years, look at getting some certifications such as security+

yeah I plan to try and as many important certs as I can but I find both of those interesting so it kind of hard to choose. Also my neighbor told me that I should try to get into cloud security is that the same as Cyber Security?