#cyber-and-careers

this is the one I'm expecting, I applied over a month ago and already talked to the manager

lol mine too

NSFL

like dude, just interview me

That last one is where the ear was

oh I thought you had already got it. best of luck 🙂

nah just waiting

Here is said ear

oh boy...

will it be a big change from what you currently do?

in terms of day to day tasks?

in some ways no, in some ways yes

yeah, its driving the corporate strategy and implementation for cloud so kind of 🙂

wow

that is very cool

My lab is a bit crazy. I have 5 machines, 3 are clustered to run VMs, 1 is my repo server and NFS, 1 is my IDM. On the networking front, my lab is connnected to my network through a layer3 switch, and lab machines are interconnected with QSFP+ for fast transfer within the lab.

is that like deep into management then?

nah its still an architect position

but with a much greater focus

I'm always curious how it works in that area because we have like, managers who are always putting out the strategy and talking about what needs to occur but they often aren't technical people so I imagine it's people like you they consult with in the first place

yup pretty much, we come up with the ideas and obviously keep our management informed

Security and tech is in a tug of war with the business unit. It's always a negotiation between functionality/features and price.

you will be.. bleeding edge?

that sounds great. VM's is one of the reasons I want it. but when I think about how I would actually do it, I realise how little I know 😛

my company doesn't do bleeding edge 🙂

but it will be bleeding edge for the company

basically we've been fumbling with cloud for the last few years, trying to really embrace it in a more holistic manner

You don't have to go crazy like I did - a single machine with enough cores and RAM can substitute for everything I have, except possibly IDM. 16G ram and 6 cores is more than enough to run 3-4 VMs at the same time.

ah right, you will be a driving force with that kind of integration and momentum then?

very cool, sounds huge and great

yeah hopefully at least the cyber security portion of it

my laptop could pull that off with a small ram upgrade. I'll definitely look into that because that seems like the best starting point

You'll save a LOT of ram if you install everything to run headless. Desktop environments hog a lot of resources.

This. It also forced me to learn Linux and command line in general

good recommendation. well, right now I need it for zoom, but I can do it, I need only to research the specific software I would be using for virtualization, cause this is the only thing I haven't done via terminal

what do you use? vmware?

There is a HUGE difference between using linux casually and being a professional user of it. I used Ubuntu as my daily driver for about 5 years, and I've learned more in the first year of being a linux professional.

My vm cluster is really old, so I have installed ovirt because of system requirements. If I was to use modern-ish hardware for my lab, I'd probably pay the $200 for the VMUG and use vsphere.

For my single-machine lab VMs (work laptop, where I need to clearly delineate between work and personal data), I use qemu-kvm or vbox.

qemu-kvm on linux hosts, vbox on windows hosts

This is also true and you know why lol

I use Hyper-V at home and KVM at work

I actually wanted to try kvm at some point but it seemed more work (to set it up) than I initially thought

but I'll definitely try it if I go headless

yeah I havent really dug deep into KVM at work because I get pre configured images that I just load up

and thats about it

KVM really isn't difficult; For new users, I recommend going with virt-manager over virsh. virsh is way more powerful, but at the cost of increased tech debt. I find the new browser based interface for kvm to be slow and painful to use.

we use virsh and Ill admit i spent a bit of time on the man page. There is a KVM browser interface now?

Is that different from the one you get with a GUI installation?

oh I didn't know about that, that sounds interesting

virt-manager is the way I tried to go but still, either the wiki pages were a little complicated or I was just bored

I think it's gaucamole attached to a cockpit socket? Something like that, I avoid it as much as possible.

interesting

hello all

Pentesters, do you like your current career? i'm aspiring to work as a pentester, currently learning basics and gathering certs. Should i be doing something more?

personally use virt manager, it allows easy gpu pass through, easier hardware xml configuring and hardly any resources for the hypervisor.
The command to change ovm or vbox to qcow is nice and simple too!
The main draw back would be the time spent tinkering or weird errors that might arise, and the portability is lower than vmware or virtual box.

Wow I wish I wasn't employed right now

Palo Alto Networks just reached out to see if I was interesting in joining their Unit 42 as a Digital Forensics Lab tech

Show of hands how many people think it’s okay to have more than one page to their resume?

how do we show of hands

I gave downvote as a no. Reasoning is that recruiters and hiring managers arent going to want to read a novel and a single page forces you to be concise and to the point

Yea I feel that. Just finding it difficult to condense it. Might just drop the oldest position and expand more on the last ones. Thanks @stoic cave

if you feel that you have more to show then I would suggest expanding in a cover letter

And certain companies say cover letters are a waste of time 🙂

Thats just me though

Also true

Yea I think most look at cover letters when your resume stands out to them

Just hard to condense everything I did at my last job. Was a startup so I wore many many hats lol

been there, done that. I can't imagine working part-time in customer training counts for a lot, though 🙂

Maybe choose the most important things and use them as conversation starters?

Put the most impressive things and then expand if you get an interview

Thats what I did with my homelab

2 pages is fine if they are reasonable and actually show real things you've done and whatnot

which also isnt a job

no one wants to see 20 pages of certs

One of my professor's CV was 20 pages lol

but it wasnt certs

it was legitimate work and it was honestly impressive\

Well if you're going to list academic publications, it's another matter.

you could get a new job

Right but idk. I feel weird leaving a job that Ive only been at for 8 months

my resume is 2 pages long but I have over 20 years of experience, if you have 10 years and under, it should be 1 page, and this is general rule

I'm struggling with my CV being more than one page and I have that 20 years of experience.

if you are interested, I'd apply, could be 12 months by the time you are able to do it ... depending how slow they move

I may reach back out just to entertain the idea

Big difference between a CV and a resume - CV needs to include all publications. Resume should be the elevator pitch

its an immediate hire from the sounds of it

Yea I was full time salary and helped do a lot of operations and IT while also managing a team in my location. Traveled a lot and also built out process for pop up install and uninstalls. Just so many things lol

but yeah it cant hurt to reach back out so i will

still wouldn't hurt if you are interested, quick jumps are common in early career

Heh, I think I was employee number 8 in the startup, now working for a huge corp 😄

but a resume really is a summary

most hiring managers won't get to your second page so if you bleed onto 2 pages, the second page should be stuff you don't care if no one sees

Do it.

Word. Thanks Zojja! Haven’t had to apply somewhere in 4+ years so i want it to be great as most do I’m sure

Gave +1 Rep to @pseudo creek

yup, give the resume a good spring cleaning, make it as tight as you can

How does this sound? Thank you for reaching out. Normally, I would respond with I am not looking to make a role change at this time but this position has piqued my interest. If you would like to have a conversation I am available Wednesday through Friday during business hours. On Wednesday however I am unavailable from 1400-1500. Thank you for your time.

Personally, my resume is 3 pages, but it's a cross between resume and CV. Really depends on your background and what kind of job you are applying for. Patents and publications (some of the important ones) should be there.

obviously there is a greeting and a closer

As a non-native English speaker that sounds good to me.

Sounds reasonable. I'm sure others here can help polish it

yeah I am trying to correct punctuation right now

(although I might add a bit more "YAY INTERESTING STUFF" there 🙂 )

yeah, maybe ask for followup questions, unless they already gave that to you

kinda depends how they reached out, how directed vs "spray and pray" it was

Would you be interested in learning more? Let me know if you're up for a chat we can schedule some time for an initial conversation.```

Its not an external recruiter which is why I actually paid attention to this one

It is fairly generic though

internal recruiters carry a lot more clout for me

agreed

if it was me, I'd definitely let it play out. Could be a great opportunity

Also, there's nothing to lose by talking to them,

I read through the job description and was like "this sounds like a dream"

Alright Im going to send that message

Worst case, you get some practice interviewing and either fail it, or decide you don't want to work there

I even talked to Facebook despite all. 😄

Yeah, I've turned down a few jobs there

I'm pretty sure they'd have a lot of interesting stuff to work on.

said it before, FAANG is an absolute no lol

I don't know a lot of unit42, but I've read enough of their blog posts/etc (and watched a few talks at conferences), that seems like an awesome set of problems to work on

for me, the critical driver is the people, but in terms of "cool stuff to work on", they're definitely high on the list

Yeah Palo Alto came out of the Israeli Unit 8200

I know nothing about that

Secretive SIGINT unit in the IDF that do some really amazing work

don't send a message that says "this job sounds like a dream" 🙂

Netflix is really the only FAANG company that slightly interests me, I got decently far with a recruiter about them and talked to one of their ex employees (funnily enough, one of their original employees who is so rich he retired and just does whatever)

but in the end, I didn't want to move

Netflix would be the top of the list for me. I'd consider Amazon or Google, depending on the group, but I've interviewed with both of them and have NOT been impressed. Never talked to Netflix though

my company has a lot of ex employees at Amazon and that one is a hell no for me

based on what they've said

Netflix isn't hiring in relevant areas, Amazon and Google are. And Zürich has a lot of security folks 🙂

Netflix was looking for cloud security people

Yeah, I've heard more negative than positive. But some of their groups could be good. And the pay could be good.

By areas I mean geographic areas 🙂

ahh ok

yeah pay is great at Amazon but I'm pretty comfortable

It would take quite a lot for me to consider relocating to US.

and Google... nah

I didnt I just left it at "piqued my interest"

I have some friends who work there and like it, but again- depends on group

OOOO that was fast

dude just responded with a calendar invite for a 30 minute interview

Yeah. Last time I switched jobs, I turned down an offer making about 60k more than what I do now, seemed like much better people, more interesting work.

Sweet!

get it!

That either means they really like you, or it's a slow day, or they are really organized. Or they are really desperate

it means they need all the things

immediate need was capitalized

This, though, is one reason i could consider us 😄 salaries are still on a different level

Yeah, it was a quite nice offer. But I've chased paychecks before, to my detriment. I don't do that anymore

I could probably easily make 100k more in US than I make over here. But then again, I'd probably pay tens of thousands more for living costs.

Financially it might make sense, having no kids etc, but then again, healthcare...

That's the other nice thing about where I work- all healthcare premiums are covered

you can definitely find jobs where companies do some kind of perk similar to that

Sure. I guess even my company would have that.

But then again, over here healthcare is considered a human right, not a privilege paid for the merciful employer 😛

where's "here" ?

All in all, things balance out. I'm making a comfortable amount of money even here, not on the FAANG levels of stock benefits, but still pretty fine.

Finland.

I've heard good things from friends who've travelled there

The tech sector is pretty good here. A few fast growing startups as well.

And even Nokia is getting back on their feet 😄

my company is like 'here is our crappy healthcare, take it or leave it'

The land of the free. Where majority of us are one symptom away from a crisis lol

I get paid enough to offset any medical costs but... lots of people don't

I wish people would stop meshing health care and health insurance together

Here in the US we have some of the best Health care in the world. That's why people come here for medical attention. It our health insurance that has issues

I don't think we actually have some of the best health care in the world tho. We definitely have some great health care but I don't know the last time we were ranked above the top ten when compared to other countries.

like our healthcare is not like House, its more like Dr Nick on Simpsons

I love House.

Looking at some data, it doesn't seem that the US even hits the top 25 for health care in the world actually. Did not realize that honestly.

and in some areas, such as maternal care, it is on par with many 3rd world countries

our maternal health is abysmal. You have to be lucky to work for a company that offers leave for new parents here. Last I checked I believe Taiwan had the best. New Zealand is really good too.

and lots of companies have popped up to provide medical tourism where you are able to go to Europe, get whatever procedures you need, stay under medical supervision, then return

well I'm talking about actual birth, our maternal death rates keep rising

Oh I see

I had a problem a couple years, go to the doctors and you think its gonna be like House where its like 'we'll figure out what is wrong no matter what'... and it is more like 'hell if we know, go try this other doctor and see if they can figure it out'

5 or 6 doctors later, turned out to be a very simple problem that could've been diagnosed by first or 2nd or even 3rd doctor

My mom has had the same experience. They keep referring her to different doctors because they can't figure out what is actually going on. Her last one was a specialist in Denver that she really liked though so that's been great.

(and PS, where I live is supposed to be like top medical area in the country)

Wicked smaht

https://tenor.com/view/wicked-smart-eat-good-will-hunting-gif-15147269

Lol, you like apples?!

uh, yeah

😄

Hahah

Someone say house?

https://giphy.com/gifs/oops-dr-house-tvshow-GDnomdqpSHlIs

Oops

lol i watch house too

its so good

Haven’t finished it but I’m on season 6. I want a doctor like him lol

It was the highest rated medical show for a while and one of the top tv shows in the us for some time as well. He made like $700,000 per episode too...

Screw cyber security, I’m going to go be a tv star!

Heh, the irony

A British comedian playing an American doctor

I have a number of friends who are "real doctors" (i.e. MDs, not "just" PhDs, although some have both). Some of them are fond of saying "Half the time, people get better because of what we do. The other half, they get better despite what we do."

I didn't know he was British til much much later

also Kate Winslet has a really good American Northeast accent in her new show

all y'all get is Madonna and Angelina Jolie with their fake British accents

off topic, but there's a really interesting study/interactive quiz that can pinpoint where you grew up/live based on what you call things. It's scarily accurate, from everyone I know who has taken it

yes harvest my data daddy

https://www.nytimes.com/interactive/2014/upshot/dialect-quiz-map.html

I'm not sure, but I think that MIGHT be it

It gives me NorCal but bzzzt SoCal

it's less accurate for people who've relocated

but still- kinda close, right?

same state

I've never lived in NorCal though

you probably picked up some "East-ism" or something if you moved awawy

the one they should've asked is what do you call Cola because there is a strange phenomenon that in SoCal, brown soda is always called Coke

there is a question about sweet sugary drinks

cola/soda/pop/etc

I didn't get it

oh interesting. that was like #3 for me

I must've said something that diverted me away from that

I guess so

that's a key indicator, though- southeast (GA, SC) call it pop

my darkest areas are NorCal and Florida

Yeah, Florida is a pretty dark area to be from

It pegged me lol

It said I was from either Central Mass or Providence RI

It got me with Rotary

rotary for what? I didn't get that one

so I did it again, this time changing you all to you guys, which I switched to you all from you guys so I got questions about soda and mountain lions

still put me in NorCal but then lightened the entire east coast for me

interesting, isn't it?

and surely, if you'd answered "youse", I'm guessing that's a northeastern thing

Southern UK, I don't get how I pronounce things like Cali people do NGL.

🤷‍♂️

Wow that's a very general heatmap

yeah its pretty funny

mine had me all over about half of the northern US

and where I grew up is the very bottom left most point

and where I live at is one of the yellowish areas on the mid right

You altered your choices for that map though

I realized that I grew up with "you guys"

but I have later switched to "you all"

I needed multiple choice for that one

also drinking fountain / water fountain is one that I had to think about, I use those interchangeably

didn't have that one

you must not be from around ~~here ~~ where she's from

ha

did you get frosting/icing?

also they didn't have stuffing/dressing which is another one 🙂

I have lived all over the Us and picked up dialect from all of it

same

depending how I answer it, I can get placed in a few places

ok holy shit, I went back and select tennis shoes instead of sneakers and it gave me 3 cities, 1 in SoCal which is my city (which is good sized but not major city)

now that is hilarious

ah-ha! 🕵️

We call them plimsoles

sneakers is probably also a later change for me, I grew up with tennies

tennis shoes is closest

Which is like, not just UK, it's regional in the UK

I'm sure that the UK has similar dialect nuances all over, but I don't know of a study that does the same sort of thing. Although I did once watch a youtube video of a kid who did like 100 regional accents from that area.

I really needed multiple choice for those, second time through has about the same split though

We have some crazy variations, but our divide is mostly north south rather than east/west

it would be neat to see the question flow graph, and how which answers open or close other questions

I realise the US has a North South but california doesn't fit

https://www.tomscott.com/usvsth3m/north-o-meter/

california is pretty huge, so there's quite a bit of variation

california is 770 miles long, the UK is 600 miles

https://www.youtube.com/watch?v=riwKuKSbFDs

and central california is sparsely populated compared to southern california and northern california, so its not like it is really a cohesive state, so much so that every few years there is a serious discussion about splitting california into 2 states

Similar for FL, and CO has had that debate as well recently

Rotary, roundabout, traffic circle

Northern California wants to break off from Southern California and make a state called Jefferson with southern Oregon

In order to better represent the population

I've never heard of that aspect, join with part of oregon

there have been various suggested splits

I forgot about this one https://en.wikipedia.org/wiki/Six_Californias#:~:text=California State Legislature.-,Proposed states,West California%2C and South California.

Yeah idk because I'm not from the area but it sounds like northern and Southern are polar opposites ideologically

honestly that was only the latest proposal, most split suggestions had the creation of 2-3 states, not 6

oh nevermind, that isn't even the latest, this one was after that https://en.wikipedia.org/wiki/Cal_3

California has been the subject of more than 220 proposals to divide it into multiple states since its admission to the union in 1850,[8] including at least 27 significant proposals in the first 150 years of statehood.[9]

Seems like California doesn't like LA

Can't blame them

the SoCal in that proposal would mean SoCal would have most of the farm land in California, which can be good or bad, but Los Angeles is as much SoCal as anything and those 2 proposals were by the same rich guy from NorCal

Hey, how do you approach working for a company you like?

Think google, but not google

like for a future position at that company

Yes

many job boards let you create a search around a company and you can get info for jobs that they open up, some companies have their own posting system that you would have to subscribe to

many job boards let you create a search around a company and you can get info for jobs that they open up, some companies have their own posting system that you would have to subscribe to

Yeah search their careers website and connect with them on LinkedIn

Linkedin is banned in my country, but thank you :)

I would try to find the job boards in your country that would provide a similar service

Thanks

Any infosec jobs in Croatia? Koje firme u Hrvatskoj zaposljavaju sigurnosne strucnjake? Ima li netko popis takvih firmi? Moze popis firmi i na DM!

Keep it in English please 🙂

OK, I just ask which company in Croatia have infosec jobs.

@dry raven Jobs on Linkedin:https://hr.linkedin.com/jobs/cyber-security-jobs?countryRedirected=1&position=1&pageNum=0

This is a good starting point.

i have an engineering degree. what certifications do i need to get a job as a penetration tester?

Software engineering?

no, mechanical. but, my interest is in software engineering

how do I gain access into voice chat?

you have to verify first. Read this, and DM the bot with your token.

!docs verify

it seems ot have worked.

Thanks, sir.

you're welcome

What kind of IT background do you have?

python, matlab, azure. no certifications in any, but i run the IT for the comapny (~30 million/year in revenue) i work for rn: exchange, office admin, azure, and im starting their Managed AD soon

If you want to do pentest, I strongly recommend learning (in order of importance): basic and intermediate networking; basic system admin (either windows or linux - IMO linux is less complicated); actual programming and not ME hacky nonsense

kk. i know im far away, but I want to start the journey.

How much AD do you know?

limited

Basic stuff, or more advanced topics like DNS record managment, domain groups and users config?

AD is a huge topic, most orgs that I know of have AD somewhere in their infra as the identity provider.

im trying to set up a domain group for our company. we have three locations and a lot of the tech that they use is antiquated

they use 2008 r2 which is unsupported

Yeah, that's a tough situation. Only advice I can offer is to start doing a lot of reading from MS AD training materials and online documentation. AD is a tricky beast to tame; I've had better luck managing my own identity provider stuff using FreeIPA. I'm guessing that won't fit your use case though. If you have experienced sysadmins and net admins on staff, start asking them questions about what works and what doesn't. Just because you are tasked with setting up the domain group doesn't mean you have to do it without getting help.

Especially for a company with revenue that significant

Hey, I might have a paid pentest oppurtunity coming up, but as the good people in general pointed out, I need to sort a couple of things.

1. Insurance
2. speak to someone legal about the contract.

I'll tackle 2 at a later point, but for 1... what do you search to find the right kind of insurance? My goole-fu is failing me and everything seems to be insuring companies in case of breaches.

I believe its called Professional Liability Insurance

you should have your scope laid out in full before you get insurance though

Cool, thanks. Now just need to wait for them to get back to me then

Gave +1 Rep to @stoic cave

Hi guys!
Quick question:
As a complete beginner in Cyber Security with no pre-requisite knowledge, should I first opt for Comptia Network+ or Comptia Security+?

I felt that Network+ first was really helpful and it gave me more confidence going in to Sec+. There is also a lot of crossover between the two but Net+ goes deeper into various subjects. But if you have a good amount of knowledge of computer networks, I would go straight to Sec+. At least in my experience, I have only seen jobs requiring Sec+ but never Net+. Though that depends on your goals.

@ivory jolt neither. The beginner learning path on thm is enough to get the ball rolling. Unless ur current job or a future job requires net+ which for security positions isn’t really needed, i would just use google as ur networking resource and thm of course. Sec+ is worth it for soc analyst 1 positions or if u wanna work for the gov (usa based). Other than that, once again, u can simply watch professor messer vids for example and grab knowledge like that.

Thank you for your respond.
I don't know if I should directly go for CEH or Pen Tester before taking any of Comptia.
Quite confused atm and procrastinating more.
Speaking of Professor Messer, he has so many great contents.

Gave +1 Rep to @vital ruin

My advice. If u are a complete novice, learn ur networking fundamentals, unix/linux fundamentals, windows fundamentals, programming and that can all be done through thm beginner learning path and other resources u will find out there. Dont think about certs right now tbh. U can entertain the idea of certs once u have solid base understanding of those fundamentals topics I mentioned. Why? Because you’ll maybe want to learn more about web app security or active directory (offensive), etc. And u can pivot to any because u already built ur base. And last thing, unless ur in India, dont grab the CEH unless the company u work for requires it in some way. You will know what cert or certs u will want to get as u dive into cyber and the thm community ofc and good ol google

Great information, Oxpog.
Thank you very much.
And I'm from India 😁

Gave +1 Rep to @vital ruin

Np! Ah so yea, CEH might be something to entertain in the future. Right now, throw the procrastination and googling aside and grab ur fundamental knowledge “;)”

@warm hinge Is Python good for a starter or JavaScript? I like both Offensive and Defensive

Python is a must tbh. JavaScript eh, maybe if u want to head towards web app pentesting

Creating tools sounds fun or cool so looks like Python is the answer.

Do you believe Professor Messer is enough for my Network fundamentals?

Usually if u want to build offensive tools, C would be a good base. But yea python is easy to pick up for beginners

Yea more than enough tbh

U really wont need half that information for cyber anyways but with anything, more knowledge is never a bad thing

So, first thing, Network Fundamentals, Linux, Windows, Programming and Certs later.
Long term investment!
Thank you very much!

And any advice for a complete beginner? @warm hinge

Take notes, don’t just read what is in-front of u and move on. Ask questions always in ur head, mess around with the things u learn in ur linux vm, start developing a creative mindset

Basically, as john hammond says, get ur hands dirty on the keyboard as much as possible

Beautiful!
Noted!

Cool! Best of luck to u 🤙🏼

Thank you, bro!
Can I add you?

Uh sure

Great!
Sent!

So who here is a Security Analyst? If you are, on a scale from 1-10 how stressful would you say it is?

like most jobs it will depend, some days you will get a 1 and then all of sudden all hell breaks lose and you are at a 10, but most of the time you probably are between 1 - 5

what do you think about getting a MS in cyber security? is it worth it?

I have one, there is a lot of good things that it helps with, but it is mainly paper writing

I'd argue it's probably more worth it if you want to go into academia, compared to if you want to work in industry

sometimes it can help with some job requirements, but most places are just looking for the BS

CISSP is regarded as equivalent to a masters

That could be true - CISSP is more about accumulation of security knowledge and balanced with business unit perspective. I would say that a CISSP is a lot less strenuous than a M.Sc; only way they are comparable is in 'required' time

it is true tho

https://www.infosecurity-magazine.com/news/cissp-equal-masters-degree/#:~:text=The Certified Information Systems Security,a master's degree across Europe.

Given my own experiences, both with CISSP and studying for a Masters in CS, there is a huge difference in required knowledge

my MS was loosely based around the CISSP concepts but went deeper in a few areas, plus you don't have to write papers to pass the CISSP

My main problem right now is just trying to figure out what degree to choose. But I don't know what would be the most beneficial to me

You can do a masters after your batchelors, that's usually how it's done

Again, given my experiences with M.Sc in CS vs studying for and passing the CISSP, the M.Sc is orders of magnitude more difficult. The most difficult part of the CISSP is understanding that business drives security, security doesn't drive business.

if you have a bachelors, I would recommend looking at different certs over the masters

but the thing is i don't know what to get my bachelors in

That really just depends on what you want to do. There are so many cyber security/IA/forensics, etc degrees available now. I wish I had started this stuff when I was in college.

I'm loving my BSc Ethical Hacking

That’s awesome! Is that in the UK? I haven’t seen many of those in the US. I’ve seen a few certificates, but not many full degrees.

Ive got a BS in Cyber Security and Information Assurance. Degree concentrations in Digital Forensics and IAM

First in the world, apparently 🤷‍♂️
Abertay, Dundee. So Scotland

do you guys have any tips on getting into IT Help Desk with no job experience in the IT field? Not saying I don't know anything about computers, just don't have any work related experience. Thank you

certifications? Like A+, Net+

I studied 1001 fully, but never took the test, and than i never really got into 1002

for A+

That’s awesome. My graduate program had a “cyber operations” track, but it focused more on legal aspects, implications to national security, etc and less on actually CONDUCTING cyber operations.

^ good CV and willingness to learn etc, I used to be a mechanic but moved into IT a few years back, put my CV out to a few “lower end” paying support jobs got some experience and moved on, 4 years later I manage a small team but now trying to move into cyber sec.

Hey guys, any internship opportunities for a Sophomore in cysec ? I have tried LinkedIn and places but isn't really looking good :)

Hey man I’m a junior, and I know people beat it to the bush but you have to network and really put yourself out there. Especially with Covid internships are very stringent and the only way your gonna really be able to get one now is knowing somebody or impressing the hiring manager. Goodluck!

What locations could you consider?

Anywhere. Practically anywhere. I'm from India but I would more than love to work for UK/US/EU based companies

Like as a preliminary position to get the hang of enterprise methodologies

Thanks man. I've been extremely active on LinkedIn and places. That's the first thing I everyday :D

Gave +1 Rep to @pastel solar

mmh. getting a visa for internship might be hard, but I sure can check what my corp has available.

If any. I don't know if there's anything 🙂

Thanks @ebon mica

This really means a lot

I guess all current Internships will be remote

Especially since Covid is at a global max here

I found a few listed positions, but they don't seem to be in cybersecurity.

can I dm someone who has finished an online degree? need some advice before I decide to go nuclear on this university.

:(

Anything in Blue Teaming ? :(

Thanks for the gesture though @ebon mica :)

Gave +1 Rep to @ebon mica

@north hill does not look like. There are non-intern positions for those roles only, i think.

Yeah that's the tricky part. Usually blue teams hire interns for report making and stuff. Thanks for looking up though :D

The gesture means a lot @ebon mica :D

If a blue team is hiring interns who only make reports, that is a waste on both sides. A good internship is a try-out for a potential long term hire on the employer side, and on the employee side, it's a low-risk opportunity to try out company culture, teams, and tools. If both sides of that aren't being met, it's a shitty internship and should be left as soon as possible.

It's still helps me with the bills and certs man

I had some help desk kinda job but I left it to focus on Cysec

Making ends meet had been v v difficult of late

So anything > 0 technically

reports are actually a part of many analysts job, plus maybe you could look at ways to improve the process

My point wasn't that writing reports is bad, just that a bad internship has the intern tasked with that because it's the job no one else wants to do.

I have seen some good intern setups and many bad intern setups, hopefully the internship isn't only reports and getting shown other stuff

Hopefully man but reports can help me understand

Plus often it's not just docs

Sometimes people learn ids/ips stuff as well

plus like I said, you are a fresh set of eyes, you can always see if there is better ways to do it

Yes, that's why I want one. Plus, apparently, paying bills is really really important.

I have know many internships that lead to job offers as well

Can you guide me to some man ? Would be really really helpful

usually when it happens, it is based off your work as the intern, you prove value and worth and the company will invest, just think of it a job interview of sorts

Yes, I get that. I like to work tbh. It's just that I need a good company.

More than the pay, it's the people.

what year of uni are you

2nd year out of a 4 year program

you can often try a different company next year as well just to get a feel

Well I'm about to step into my third year and summer break is coming. That's why am anxious.

between your 3rd and 4th year you could do another

Yes, that I will, but I need one now as well, for the Resumé as well as to raise some money. I have been applying to places but no luck.

many companies look for that 4 yr degree, so getting past that is often a hurdle, but padding the resume with internships doesn't hurt and it shows commitment

Yes. That's the goal. Plus after the degree people go for jobs. That's why I am looking for internships.

Plus I want to get CEH and some other Certs as well so need to raise the funds for those

I bought an eJPT voucher with my last internship's money and now I have barely a dollar left in my savings

if you are outside India, I would recommend Pentest+ over CEH, they have similar knowledge base unless you want to the Practical CEH as well

Unfortunately I am in India, but desperately wanna get out of here. That's why I apply to UK/US/EU based companies

They have a nice environment and a good payscale as well

Any leads @golden ore ? I can share my resume if you want.

I have not been with many companies doing internships recently, plus it is a bit tougher to get sponsorship in the US right now

Well remote work ?

most companies would need an India office to hire someone withot sponsorship, it's a tax thing

not sure on EU or UK regulations though

iirc its the same for UK

no idea on EU

I see 😦
However, if anything comes your way, do lemme know :)

I have dev friends who are working for UK/US based companies tho

you may want to check with them on their setup

on sponsors?

Well nevermind. However, of you know of any opportunities please lemme know

It would be really really helpful man :))

In India, the cysec scenario is very very slim

Hi guys, just joined the server now. I have been working as an IT Technician for a couple years now and just finished my MSc in Cyber Security. I feel like I still don't know things sometimes and got my first 2 interviews lined up for next Tuesday and Friday as a Cyber Security Specialist. Can anyone give me some tips what to expect? I am kinda nervous but at the same time I have nothing to lose because at least I still have a job as an IT Technician at a Uni where I have been working for 3 years. Any advise is welcome. Thanks in advance

be familiar with what is in the job posting those will always be talking points, also you will get asked about degree and experience so make sure you have some things for that too

I think the main question here is what does the role Cyber Security Specialist involve? Is it pentesting, Compliance etc. If you know that it makes answering a little easier 🙂

First interview job title is Cyber & Control System Technician for a company that supplies gas and electricity. First line cyber assurance - asset management registers, back up registers. Incident response (trained as a first line response to cyber, icluding IDS. The ability to capture logs, complete malware sweeps and working with the forensics teams. Hopefully that helps.

Ah ok so that sounds more like a blue team role so they may ask you questions about how you'd react to x, y or z or in some cases provide a log file and ask you to identify an attack. You'd usually also find they would ask a bunch of questions about different mitigation etc

Wish I could be more use but haven't ever had an interview for something along those lines but am sure there's a bunch of people in here who could lend a hand once they read that 🙂

Nice one, thanks. Appreciate bud.

Gave +1 Rep to @lofty ibex

@languid hearth this sounds like a you thing

pretty damn close to what I do

doubt it's using the same technology, though.

Here's my suggestion:
Know Wireshark, TShark, Splunk, what lateral movement is, what it looks like, MITRE ATT&CK, what C2 is, how it works, methods of communication, etc.

Learn common types of malware, what's active currently, know TLP levels, etc.

Cool. thanks @languid hearth & @polar rock appreciate 👍🏽

Gave +1 Rep to @languid hearth

@exotic oak if you get this one, can I have your job ?

Ok, square up bot

Why does spooks get the rep and not me

what the freak

First mention, innit

thank you for mentioning me, cutie pie, mwah

Gave +1 Rep to @polar rock

Hey @polar rock thank you for always being awesome!

Gave +1 Rep to @polar rock

Gave +1 Rep to @polar rock

yo are there any discounts for ine exams vouchers? like promo codes and such

I just wanna make sure before i put my $$ in

@molten minnow no

Hey guys anyone knows any blue-team Internships with companies like smokescreen ?

hey, where can i learn about hacking?

www.tryhackme.com

is it free, or i need to pay?

80+% of the content is free

google, LinkedIn, Twitter, etc

if you want an internship you have to be self reliant not relying on others to find opportunities for you

So, now I understand why so many hate EC Council. Called a few weeks ago after someone recommended CEH to me. They recommended I take 3 courses for a total of $3000. Today I found out that doesn't include the price of the text books. Add about another $1000. And then when I inquired about a different course, they said I needed another course in addition to that. So now, with books for those two additional classes, we are at $5,000. When I initially only asked about CEH. That's the definition of a money pit. So... I'm currently working on Network+ and Security+. If my goal is to become a SOC analyst, and then one day end up in Threat Intelligence, what other certs would help me stand out as a candidate?

I'm amazed someone suggested CEH if your aim is an analyst job...

Sorry that I didn't really answer the question though.

I think Sec+ is a good fundamental for security, from either side. I see CySA+ around a lot.
Splunk Fundamentals is free, at least partially, which may be interesting for you.

Tbh what James said on sec+, but use that money for some practical cyber range type lab: rangeforce, cyberdefenders, securityblueteam

Unless they want u to use it only for certs

I had already bought the study material for Net+, Sec+, and CySA+. I even bought the book for Pentest+ just because… Oh, and I am paying for all of this out of pocket. I don’t work strictly in IT right now. I’ve been in video production and post-production for 20 years. I manage our SOHO network and video servers, and have other IT roles. But am looking to leave the industry, so I don’t work for anyone who is going to pay for my certs. Trying to make the best decision possible since it’s my own money

@warm hinge hey, I have no clue how you manage your time or priorities but it honestly sounds like youre throwing yourself at too many things at once. Prioritize one thing or cert at a time rather than throwing yourself right into four certs right away. Especially ones that can be as dry as CompTIA certs, youre going to burn yourself out very quickly and lose any motivation

I know that wasnt your initial question or statement but just an observation Im making

Follow his advice^ its gonna be a tad more difficult to migrate to cyber with just those certs because its all cognitive. But if u do manage ur time like cryl advised, u can squeeze in the thm cyber defense path at most to get some practical knowledge under ur belt

Heisenberg, are you already a sub to THM?

If not, DM me and I'll give you a free sub, @warm hinge

I should clarify. I’m not attempting to do them all at once. Not at all. What I should have said is that those are the ones I plan to take, but I am going through them one at a time at my own pace. I am currently working on Security+, reading through a book and watching a course on ITProTV. I just prefer to have a roadmap of the certs I plan to take so I know big picture where I am headed, but the actual time spent studying is focused on just one of them.

Also, separately I am going through the Beginner’s Path in THM. Planning to do Defense path after that later on. But right now my priority is getting my first cert

Already a subscriber. Thanks though

Gave +1 Rep to @light urchin

Cool, no prob 🙂

I am currently in Hs and in the fall going for my degree in cybersec when and what certain should I be getting and doing

Certs*

If you're just starting college I wouldn't worry about certs

You would get them and then they would expire before you even graduated

That being said the certs you obtain are heavily dependent on what you are interested in. Sec+ is a good starting point and after that it's really area dependent

You could do anything from OSCP if that interests you or do Encase and Cellebrite if you're interested in the Forensics areas

That said, some certs don't expire

You can certainly get some of the groundwork for certs done too, learn the topics as best as you can before buying the course/labs

Wow didn’t know certs could expire

Alright I’ll just keep learning and go on from there

Well I keep trying, and I also sent out a bunch of mails to their HR but no reply. People be really looking for that CEH though

Not sure if this is the right thread; I’m currently an IT Manager but looking to push into cyber sec. I’ve got the possibility of doing (L7 apprenticeship) MSC equiv in cyber security which will take two years but I’ve been reading about OSCP / CEH - it’s going to be more or less self funded. Any advice on best route? Working full time will limit my study potential so I’d rather tackle one thing at a time.

well what is your goal ? What would you like to do in cyber?

Aiming for penetration tester, certainly to start out with

thats ambitious to start out with but not impossible, you can certainly do it with self study, looking at Sec+, then maybe something like the eJPT, then OSCP

if you are an IT manager, unless you are vastly underpaid, you will most likely take a pay cut initially to go into pentesting

I’m not too fussed about a pay cut as I know longer term it will outweigh what I can earn currently, I work in a small business so not the best paid IT Manager out there either 😂! I’ve heard a few things about the eJPT do you think it’s worth doing Sec+ before eJPT? I’ve obviously got some transferable skills, would you recommend the vendor certs over MSc?

Sec+ has industry recognition, eJPT doesn't yet, I will say honestly I don't have either cert so can't say which one is better than the other but I've heard eJPT is pretty gentle intro

and the course is free on ine.com so why not

You’re a legend. I’ll take a look at the course and get started - especially as it’s free.

yeah ine.com has paid stuff definitely but sign up for free and look through whats there, the PTS (? someone correct me if I'm wrong) course should be free there

and thats the prep course for the eJPT

Yeah I’ll get started there 🙂 I’ve done the usual, got a couple of Udemy courses on the go along with THM but want something formal to go with to get my foot in the door somewhere

Did you get Practical Ethical Hacking by Heath/TheCyberMentor? That’s a really good course

That’s the one I’m doing now 🙂

Awesome

Guess you mean this one Zojja: https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student

I have eJPT and can confirm its a really good intro into cyber sec. Like Zojja said it has very little recognition among HR.

Can do the course for free without the exam tho

^

Its a good confidence booster tho

Yes, and will give you a jump start for other courses as it covers a lot os topics at general level.

like me

Thanks all 🙂 I’ll start with that

I got stood up

Idk if it's my fault because I moved the meeting or what but hmm

you mean you had an interview and the interviewer didn't show ? Had they agreed to move the call ? I don't think you should blame yourself for that if so, that's not acceptable

It was just a chat. I was able to set my own time on his calendar last week and then I had something come up. I went back to his calendar and changed it to a later time that was available and that time slot just ended

No call

The only links in the email were to Cancel or Reschedule. I didnt see any WebEx or Zoom Links

so 🤷‍♂️

that's rough, sorry to hear that. I hope they reschedule

I hope so too

Im already employed so it doesn't really change much thankfully

The position they wanted to talk about interested me

I'd send a f/u message and just check in, try to get another meeting set up

yeah I will

I recommend, instead of moving a scheduled meeting, to ask them to move it to another time. 🙂

Tried contacting a few people directly elsewhere, but had no luck and running out of time, so I'll put this here. If it needs to be removed or moved, please let me know.

I am a first-year cybersecurity student that is currently in University. If possible, I am seeking someone who is currently employed in the field of Cybersecurity or more broadly, Information Technology who I could ask some questions (10) of specifically relating to the industry, employability, and career management for an assessment I have upcoming which requires me to ask someone in industry about those topics.
No transcripts of this information shared will be included in my submissible work, the intent of the exercise is for me to produce a reflection based on your answers to these questions. The only other information I would need to fulfill my requirements is a first name (You can just give me a fake name if you please), your job title and the name of the company you work at.
Please contact me directly through messages if you would be interested in participating. I have no mic right now, so text is perfectly fine.
Thank you!

Is this country specific?

also the company name bit is where i am kidna hesitant

but then again your pfp is Majima sooo i wanna help

I appreciate you responding, no it's not country specific, it's more just your experience so all countries are welcome. I can understand your hesitancy, from what it's been explained to me as, they ask for it so they can google the company to confirm it's likely that I undertook the process with a professional in the field.

Completely understand if you're not comfortable though 🙂

yeaah will have to think about that last bit and will get back to you

No problem at all, Thanks for reaching out still.

for 5:30 gang. thoughtworks is hiring senior cyber sec specialist.
https://www.thoughtworks.com/jobs/2816085?gh_jid=2816085&gh_src=309f80e01us

dm for referral if u need.

Has anyone quit their previous job to focus on retraining anf ended up securing a nice in Cyber securtiy ?

I did it a bit different, kept current job while retraining then go onto secure the CyberSec job

@golden ore That's inspiring! I am struggling to find study time. I know I have organisa myself betta. Anyone else ?

i quit my job as a soc analyst and studied more to get a better job if that counts lol

@static tide Definitly does! What job did you end up in?

cyber security consultant now! :)

any blockchain developer here? i need some help

is it true that youcan get a job with oscp or eCPPT with no cs degree? Also what is the entry salary

Depends on location. Many places will let you get a foot in the door with OSCP (eCPPT isn't quite as recognised yet), but in the end you need to sell yourself -- the cert won't do it for you

I am currently still a student at a German Highschool and thinking about studying CS, but I believe that I could optain that knowlege faster. Any advise would be appreciated ty in regards.

Where about regionally?

Because if you're relatively close to Berlin there are some good options for CS. I thought about being a foreign exchange student when I was first looking at colleges

I am currently in Bavaria Munich

but some relatives live in Berlin

I also have the opportunity to go to Denmark and USA

Greeting good people.

Wanted to know, is there any job for Cyber Security professionals in the Military?

Thanks

oh most definately

militaries want defense around their systems for privacy so the enemy won't know their move

also counter-intelligence also

Thanks @pallid plank
+rep

Gave +1 Rep to @pallid plank

!docs verify

Yes, trying to get into them though can be a bit wonky

Never trust recruiters….

The only thing I’ve seen that is a clear cut way to a cyber sec position in the military was an army officer program

you need a masters and like 5 years experience though

So

I know 2 people who did cyber in military, one for army, other for Air Force. Army person, she is still doing cyber in the reserves. Both of them were enlisted

I first need to have experience as a civilian than I can apply for the job?

No

You enlist, take test, they give you options where to go and if there is space available you get placed there

I don’t think there is any way to find out where you’d be placed until you enlist

Well... Here we have civilian cyber security roles in military as well.

I’m Finland?

yep.

They're openly recruiting for those.

I think there are other things like the NSA here uses Air Force but also civilians

It’s more like you can be a contractor for the government/work for the government but that doesn’t mean you work for the military

They do have enlisted cyber security folks, and even conscripts in there, but there's also a substantially large number of hired civilian engineers within military.

Ahh I think ours is largely those actively in the military. The other positions can be found through things like usajobs.com

I think there was some talk of shuffling how military cyber is doing stuff but not sure that ever happened

You also don’t get the benefits like lifetime healthcare or college paid for if not in the military

Probably less a concern in Finland…

What have I done

Should've asked something else

But as a general answer to the original question: there's a lot of positions. How they're organised varies by country 🙂

You can get a guaranteed job before you sign the contract, and you should

^ this is true in the US, at least.

if you join the military?

Yeah that's a direct commission

Marine Corp has guaranteed MOS for enlistees

0689 is the MOS code for straight Cyber in the Marines but you have to be a sergeant and transfer from one of these MOS' MOS 0651, 0656, or 0659

But, the caveat is that "Every Marine is a rifleman" and you will have to embrace the suck just like everyone else who joins the Marines

Yep

Especially if you have an in demand MOS

For Cyber, Marines and AF probably have the best programs right now

Kinda surprised the Marines have a good cyber program... AF has always been on the cutting edge. Cyber seems a little too sedentary for the average marine corporal

Yes. It's possible to get certain things in writing (with some exceptions/caveats)

Yeah, AF and Navy seemed to have the cyber focus, from what I saw

I know someone who went infantry to cyber in the Marines and they are having a blast

Any cert they want is paid for and they get to work on cool guy shit

because they now have a roof. And running water. And electricity

Lol

For a marine (or an army ground pounder), those things are worth more than gold

Having spent almost my entire life working with and for marines, can concur. Some of the stories I've heard about Vietnam and Chad make me super glad I ended up not enlisting.

Well, vietnam was a shit show on many, many levels

One thing I learned though is that no matter how tough you've had it, somebody has always had it worse. I knew some guys who were in the "frozen Chosin". That was hell. I once talked to a guy who lived through Bastogne in WW2 (101st Airborne- same unit that Band of Brothers was about).

My grandpa was 8th expeditionary in Korea. His stories where the deciding factor in convincing me to not enlist

There is Army cyber command

I grew up in a military town so…

yeah, those guys had it rough

True. But honestly, I haven't heard much about them. Which could be good or bad, depending how you look at it

Also my grandpa was also in Korea and he said it was too cold for his liking

understatement of the century

Army cyber is the one I’ve heard most about

I never heard about the cold - my grandpa's stories were focused on the fighting retreat back to south korea and what they had to do to make it back. Truly horrifying, and more than deserving of an entire Slayer album dedicated to it.

the time from ww2 through vietnam was some of the hardest the US military has ever had to face, imo. Not that people before or since didn't have it bad, but those were where most of the most brutal conditions happened

Especially back home. As bad as what I've heard of the support for PTSD now can be, it was way worse then

yeah, it wasn't recognized as a "thing" back then

Soldiers just called it battle fatigue or shell shock. Treatment for it was basically 'get over it, that's in the past'

Re: wars and grandpas, I've always found it funny that my grandpa was too short, and was considered not grown up, and he was not drafted for WW2 era wars.

I remember being in a recruiting station once. A young "kid", fresh back from his initial training and jump school, was there, very proud of his airborne wings. Some old guy came in, saw the wings, and asked how many jumps the kid had, he responded with "five" (i.e. only the jumps from school. The old guy responded with "I did four. Sicily, Salerno, Normandy, and Holland" (i.e. the 4 combat jumps in ww2). That turned into an interesting convo.

At least one of my grandpa's brothers was wounded and traumatised by the wars, he never talked of it, and I think he didn't work a day after the wars, to the day he passed a couple of years back.

yeah, sadly that happens a lot, always has, still happens today

yep. Even when the more recent veterans here have been in peacekeeping forces only.

"peacekeeping" can mean a lot of things, but it doesn't mean "easy"

Just because the US hasn't had an official declaration of war since ww2 (I think) doesn't make anything less difficult or traumatizing

in some ways, peacekeeping missions are harder

the rules of engagement are different

Finnish forces have been in Middle East, Africa and Afghanistan operations, as well as the Balkans.

But not in active combat duty, that's at least different. But not easy.

Sorry, I keep forgetting you're in Finland.

But yeah, it's all tough.

We've not had a war since the the one against Germany in the last months of WW2. WW2 had two against Russia, and the Lapland war against Germany.

Soviet Union, naturally, not Russia.

Yeah i had the opportunity to talk to some people who were in the actual Blackhawk Down incident and some others who were involved in Operation Red Wings.

War is hell is an understatement

Yeah, I got to meet Mike Durant once and hear him talk. Along with a few of the rangers and delta folks.

I know quite a few military folks. A few in my family were in but didn’t see combat. My dad is a retired LT Colonel and was active during Desert Storm (stateside though) and my brother was injured in a skydiving incident while training for special forces). I knew one guy who was an Army Ranger in Somalia around the time of Blackhawk Down and another guy who was a Marine in Fallujah. My uncle was the only guy to survive in his platoon in Vietnam. Two other uncles were also combat veterans as well from Vietnam. Some of them lifelong alcoholics after that hell. I live in a military town so these kinds of stories are everywhere. But I never tire of hearing about them. That’s a world I appreciate but don’t understand, and hope I never have to.

Do you think it's worth putting a hospitality role I did for 6 months on my resume?

I feel like it's completely irrelevant to applying in a cyber security role

There are cross-applicable skills you can learn in any industry.

I learned more about people management and expectation setting in my years working food service, than I did in any other job

I'd say it depends on what other experience you have and where you are in your career. If you have other tech experience, I'd probably leave it off. If you're young/fresh out of college/not much job history, then yeah, put it on

Yeah, I'm basically fresh out of academia

I hate putting a resume together, but one piece of advice I love is to think of it as telling your story. What is the story you want to tell your future employer? If it fits with the narrative and it can help show you as a good candidate, then include it. If not, then scrap it. For example, I include my early years working in television news on my resume. The technical experience I gained in post-production plus my years spent running satellite trucks... It helps to sell my overall ability to work with tech

And that was 18 years ago

Yeah, it does largely depend on what skills you can say it taught you

some job experience is better than none, you don't even have to spin it but have it there if it is recentish and if you have nothing else.

Do you think I list the THM rooms or modules?

Yeah. And as a fresh college grad, nobody is expecting you to have a lot of experience, or to have long experience- so a few short college jobs is fine, imo

I wouldn't list rooms specifically, since that can be long, but modules maybe. Depends how much room you have to fill. But doing something like "Member of TryHackMe since xx/xx, Top 20 in my country for the month of April '21" is worth noting

No personally I wouldn't, I would have a "personal development" section, where you could mention TryHackMe but it should be like a single line

it is more important to list projects, skills and other stuff than get too specific about THM

Modules could count as projects, imo. For a college grad with not much work exp.

Modules could count as projects, imo. For a college grad with not much work exp.

honestly, if you are coming out of college without projects you've done, I'd be worried

now what you could do is have a blog or what not and have writeups and stuff there and link to your blog

That's a good idea, for sure

like a writeup, I could see that as borderline project, but you should have that viewable somewhere

Yeah, linking to a blog and/or github repo is good (as long as what's there is good work)

projects can be kinda hit or miss for a college student. Personal time projects might not be a lot, since you're busy with school. But certainly some school projects are worth discussing.

Nah, it's generally difficult to do anything else apart from academia if you're attending an elite university doing a hard degree

Especially if you're aiming for top marks

I'm talking about projects you've done in school

You can mention school projects though. But completing THM modules and paths is worth mentioning, because that shows both competence and self-motivation

Oh right, I am viewing projects on a different scale

Like a start up, for instance

no

and sure thanks for assuming we all went to crap schools with easy degrees

Lol, I didn't assume anything

well you assume that we don't know what its like

No. I simply said it's difficult to engage in extracurricular activities if you're aiming to be a top student, at a high-ranking university, and doing a difficult degree.

It's just a factual statement

...

We've all been there :). I went to a top-tier university during the day, paramedic school at night, and worked on weekends. And still did personal projects and maintained almost a 4.0. I get how tough it is.

We're just trying to help you emphasize the skills and experience that you currently have

Yes, thank you

yeah I worked 20-40 hours/week, it was not a piece of cake at a highly ranked school with a really tough major

I will change my perception on "projects"

Let me give you a more concrete example

and had extracurriculars, but I didn't sleep for a few years

so we know its tough but yes anything you did outside of school work, could be something you'd want to count, any school projects you did

at my uni, junior/senior students have to do a semester-long project that is building a large software application. Focuses on teamwork, project management, etc. The closest thing to "real world" software dev you get as a college kid. That's worth noting, and certainly worth discussing in interviews.

did you do individual research with professors? Did you publish your research? all that should be in your resume

For me, as someone who has done a lot of interviewing and hiring, when I hire young college "kids", I look for motivation and how easy they are to work with. I'd rather have someone I can teach, and who is motivated to learn, than a genius who is harder to work with, or lazy.

ah, okay. Noted. Thanks

So putting those extra curriculars like THM on there would get points, from me.

Gave +1 Rep to @light urchin

Yes, I have inserted my dissertations and other stuff

typically "dissertation" is a PhD level thing, at least here

that's a way different thing than undergrad degree

Yeah, it's probably helpful for the employer to see exactly what I'm somewhat experienced in, in terms of tools, and exploits, etc

yeah, in the EU, we also use it for undergrad

Or Thesis, it's quite interchangeable here

but really when we are looking at resumes, something like THM is a nice to have

capstone is general undergrad thing or research paper(s) as we have optional research classes where we work 1 on 1 with professors, its not a culmination of your undergrad but almost like a part time job of sorts

oh okay, that's nice to know. We've never used the term "capstone" here

Different schools call it different things

Mine had a different name for that kind of thing, but it was optional and kinda hard to get into, as the professor had to agree to mentor and work with you

but having a published conference or journal paper as an undergrad is not very common, so that's a nice plus to have

ahh yeah my school didn't have a capstone but a lot of our classes senior year were things like 'ok pick a project, we are working towards that to the end of the semester'. And our professors were really amicable, you could do the research project over multiple semesters.

I was doing my own research project then accidentally fell into another one with a fellow student who wanted to collaborate and professor allowed it

but it was completely optional

and to be honest, junior year was a lot like that too

Here the capstone is called a final year project

In my college that is

Secondary schools dont have capstones or anything

I have a final year project, but it's for my whole degree rather than a specific class

I was actually working all these past weeks on my final year project

took longer because i have a procrastination problem so it takes me ages to make my brain do work

I don't know if it is the same these days, we had to pick 2 specializations which basically had progressively harder classes that were mostly project based individual projects

And also because my brain's nemesis is paperwork

It just shuts down lmao

yeah paperwork is no fun

Fairly ok code, bad paperwork

Hey guys. Is it worth it to go to a master degree in cyber security ?

And is it hard to apply?

Just wanna ask to see if anyone has experience with that

in the US (and UK from what I understand), you should really only get a masters degree in cyber security after a few years experience in cyber as it is a way to move to management/higher technical levels. I don't know about other countries

to get a better idea, look at job listings around you for where you are at and see what they are asking for

In the UK, you often have integrated masters programs where you'll do a batchelors then immediately a masters

Often there's a placement year in there somewhere

placement year being where you start working?

in the US, a masters can backfire against you, make you less desirable to hire

Also called a year in industry. Similar to an internship. At least at my uni, they're always paid. They work reasonably closely with the uni and you need to fill out like reflection stuff for the uni as well.

ahh nice

Do you list security tools in ur resumes?

A good question

Ahhh I see! Thanks. @pseudo creek and @quick forum

Gave +1 Rep to @pseudo creek

only if they were super relevant to the job like splunk or something personally

you could potentially, it really depends. Like if you know it really well, sure but also don't go listing things like nmap, it'd be better to say "common Linux penetration tools" or something but again, how confident are you with them

have anyone who love to freelancing by hacking

?

I actually have the same question about masters, but my situation is more special

I am finishing my bachelor of CS, I am from North Africa. I need to go to Europe/Canada to continue my studies so I can potentially work there

but I don't know if I should go for certs and work, then apply, or go for a master directly. I noticed there's not a lot of masters of cyber security anyway compared to Computer Science/ Data Science

I would recommend against that unless you are a lawyer.

You need watertight contracts in place.

what you do think about a career freelancer hacker

?

Again, unless you are a lawyer I would recommend against it

I think you're gonna get arrested 🤷‍♂️

Companies have very highly paid legal teams that will make sure you either get into great debt or into prison if you screw up.

@quick forum you recommend against red team in general?

No.

Note the word "freelancer".

Or by freelance, you mean finding vulns before contacting the company

Freelance means not an employee, self employed.

That's point blank illegal most places

Oh alright, I am pretty new here, coming from dev' background

Like if you saw people advertising remote freelancer job for cyber security

And trying to make sense of what's best for now

What's best is to make sure you're on the right side of the law at all times.
The absolute best way to do that is to not touch anything that you don't fully own and control.
The next best way is to make sure that you have fully water tight legal contracts in place for anything you don't fully own or control.

I see, thanks

But still, concerning my situation, do you think it's best to get certs/experience before masters?

You have explicit permission from THM in the lab environment here, as long as you're only touching the IPs that you're told to.

Heck even when you're hired by a government and working with a company you can cop charges like the dudes in Iowa. (Coalfire?)

Coalfire got busted about a year ago for physical pentesting a site that the client couldn't give permission to test.

Water tight legal contracts.

nah they had permissions, they just got caught up in some political fight with the town and the state gov

My understanding is that the county is who contracted them, but it was a state owned building that was under test

from what i remember the state authorized the test but the county/town did think the state was allowed to do that

there was a darknet diaries episode on it

i need to give it a listen again

regardless, it was a cluster, and a few guys got arrested

which really demonstrates the need for a very well written contract, and good legal protection. Freelancing that would not be wise.

yeee

weird case of them doing everything right and still getting blasted

Lol fuck that

https://twitter.com/gurgaonpolice/status/1394193646124113922?s=19

Internship opportunity for those who resides in India

How is your experience with this internship ?

Am not part of this just found this from Twitter and LinkedIn

Ok thanks

Does anyone know how technical interviews for SOC roles tend to go?

I know for Software engineering, usually they have a coding problem to do

But I wasn't sure if SOC/cyber has an equivalent

usually you can expect scenario related type questions, also if the job listed any specific tools, expect questions on those

I see! Many thanks :D

Hey guys! Keen to hear from someone who's done the OSCP. Im wondering if 60 days would be long enough for the labs. I'm not working full time at present and can devote 30 hours a week to studying it

That's probably going to depend on your current experience level as well

Havent worked in infosec before but have 5 years as an MSP. helpdesk/server work, infrastructure deployments (virtualisation hardware and firewalls, mail filters etc).

*at an MSP

You can get the syllabus from OffSec to get a headstart too

great idea James. I'll grab it now

Have a look at these. 🙂 https://www.incidentresponse.com/playbooks/

Alright, thanks! I'll definitely check that out :D

Gave +1 Rep to @distant pier

Hi everyone I recently cracked an interview and as a final assessment I have been asked to prepare 10 questions to pitch to CISOs/CISSPs on Analytics Driven Cyber Security approaches and how Splunk fits into the equation. Any help from the experienced folks ?

Thanks, applied to this place a few days ago

Gave +1 Rep to @fading edge

which interview you cracked? if you don't mind

Well to be honest, it's for a company which does documentation and surveys in Cyber security but it pays and that's my best bet to pay those bills. It's just a small company of 30 people or so, but it's the only company handing me an internship.

Can i dm you?

Sure !

Which of the following certs requires the least amount of experience and is cheap?: CEH, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN
(I don't really mind about the difficulty of the exam or the workload)

you can rule out the G* exams just because of the cheap requirement

OSWP is the cheapest but you're expected to have sat OSCP first

CEH is more than OSCP...

What??...CEH costs 25000 rupees

Outside of india, it's around $1000

Sorry James...

I backed out

It's also not really valuable outside of India.

+rep @quick forum

Gave +1 Rep to @quick forum

Like all of the offsec certs you named are dependent on having OSCP. IDK if it's a formal requirement but it's certainly the heirarchy.

Yes but what about https://www.zeropointsecurity.co.uk/red-team-ops/certification-pathway

Good course, less recognition as a cert.

True! All certs need to start somewhere ... 🙂

eJPT is an underdog

I've only heard good things about it

Hi guys I need some advice on which collage would u recommend me. I got accepted to 2 colleges, first one is focused on general computer science and the second is focused on the cyber security and little bit of a law regarding cyber sec. I really like cybersecurity and I want to get job in cybersec field, but I am still wondering if general computer science that has focus on math, programming, networking and general basics wouldn't be better for me. Thanks a lot for any opinion.

i would go for the first one, general computer science

then take a master, for example, in cybersec

I agree wit @thorny bronze but instead of Masters - I would get professional certs so you cover both the academic and professional qualiffication.

I mean, in my opinion, you need to understand how things works if you wanna be able to secure/attack these thinghs

Thank you guys I had kinda similar thought. Just wanted to know opinion of others.

Plus who knows you might get bored of it when you start working. I looved studying marketing but come to work - found it boring and switched to IT for example.

Yeah u are right, who knows what will come. And I would still have possibility to change to for the example programming job if I'll choose computer science.

@tender jetty please don't advertise here

Any good internships I could apply from Morocco (North Africa) ? It's usually harder to get in, so I am looking for some European countries where it might be easier. I know it's possible

After I get my Security+ and PenTest+ are there any certs I should be eying up? I seen a lot about the eJPT and people talking about the CISSP but I don’t have the experience required for the CISSP.

The CISSP is still pretty valuable; Associate of ISC is granted on passing the exam, it's the same cert without the experience. To go from Assc --> CISSP just requires endorsement from an existing CISSP holder. It's very likely that someone you work with has it.

Oooo, thanks! That explains why I see so many people getting it quickly.

eJPT is a pentesting cert, CISSP is more of an all around knowledge cert that covers 8 domains of Cyber

Yeah. What level of knowledge do you think is sufficient to break into the field? You think Security+ and PenTest+ are good enough? I go to a college that provides vouchers for those certs as part of the curriculum.

The way I see the CISSP, is that it is understanding the balance between security implementation and business needs.

Do you have a specific industry in mind? Sec+ and PT+ fill the same bucket for HR

SEC+ and Pentest+ are really good to start out with

I would like to do blue team to start out with and work on building up skill in penetration testing.

That’s the goal anyway.

CySA+ would also be a good starting out cert

I’m not too crazy about what industry it’s in. Could be medical, telecommunications, etc.

I think that’s in the curriculum as well. However if I get this apprentice role my schooling will be changing as the school I’ll be working for gives 18 free credits a semester.

But I can always self study.

there are currently not a large amount of Blue Team certs outside of SANS, but you can use many Red Team principles on the Blue Team

Alrighty, I’ll keep on doing what I’ve been doing then.

Pretty much this semester has Security+ (Taking the test this Saturday.) and then PenTest+ at some point.

Any like Cyber Security out there (for sweden)

I know im a dumb 14 year old but

uhh

When i get older

@warm hinge You're not dumb - just young. For now focus on studies as by the time you are good to go Cyber security will have evoleved to a new level. 👊 Stay positive and finish studies.

Thanks

Really appriceate the support @peak steeple

👊

Unfortunately I dont think the Palo Alto gig is going to be a match

They are looking for someone with 2 years experience

I guess one of their senior techs is moving over into consulting

Surely you have that or close to it

Not in a DF specific lab

I only have higher education experience with straight DF

Many of the people here are either very young as well (a few 13yr olds with eJPT), or started as kids- it's great that you are starting at a young age!

Did they interview you, or just a recruiter call?

it was their divisions recruiter

And he seemed rather disappointed when I corrected him in his assumption that I was working in a straight DF environment

ah

He's working with the Lab Boss to try and fill the role

I have done the stuff they are asking, just in an education environment

That puts you ahead of 90% of applicants

especially if your resume is only polished up nice instead of full of lies

Agreed

most job ads are wishlists of the 50 things they want, but they will happily take someone who only has 10

Yeah the way I see it I am in the advantageous position as I am happily employed and they reached out to me for this phone call

I never applied or anything like that

🤓 👍🏾

wow awesome info, thanks spooki

Gave +1 Rep to @languid hearth

Having a technical interview on Saturday. It’s a web vuln env. Any suggestions on preparation?

OWASP top ten. And figure out how to exploit them. Go deep enough with sqli.

And understand code. You might have to read some vulnerable code they have inplace 🙂

awesome suggestion. will do that, thank you

Gave +1 Rep to @ebon mica

Morning all, Contract up for renewal soon workwise but should I say until I can buy a good cyer security course or just quit and build my skills with my free time? I am soo conflicted. Any advice?

hi

Hi, I am me

Hello me!

I'm also me!

WELCOME

well, trading the known for the unknown is a tough choice, for me I like having an income so I'd keep working and just try study hard after hours (and do). But you could definitely get more done with free time and not working. IF you don't have any financial pressure and think you could get another job fairly easy if the need arose you could take that approach

Thanks! All solid ponits! I too definitely need the income and will only be able to live off my savings for 2 months max.

Gave +1 Rep to @opaque laurel

Does anybody have any recommendations to prepare me for the OSWP course? Any rooms in particular, any valuable ressources? I am planning to take the course this summer.

Maybe look for the wifi hacking room if you want to learn wifi hacking? There's exactly 1 room on THM that covers it.

Just applied to a course that aims to have the participants getting a job in cyber...hope I get the place....😎

hey! is it free or paid? do you want to share a bit more?

Hey ! I'm trying to find a US master for international student in cyber security. Do you have any ideas ?

@pseudo creek could you give an ELI5 for why a masters early career isn't necessarily a good idea. Trying to explain to a friend but I can't articulate what I'm trying to get across

Overqualified. For a lot of entry and junior level roles, there is a 'sweet spot' of performance to cost that makes no-education-but-competent extremely attractive. Also, grad degrees are also seen as a fast track to management. If the org doesn't want more managers, no sense in hiring someone for a lower role when it is known there won't be a place to move up to

Gracias

some orgs specifically have rules about how much someone should be paid given qualifications so someone with limited/no experience with a MS will be more expensive than someone with some experience and no MS

I wish you good luck!!

thanks

✌🏾

I was wondering if OSCP would be needed if you're gunning towards CISSP

And into a more managerial/senior position, take CISO for example.

Nope

Cool, so a CEH cert would do just fine?

you don't need that either

Oh wow, I thought it would be a great bonus to have.

are you in India?

Nope

yeah then you don't need CEH

Hm, I have a list of certs I'm considering. I'll just drop them in the chat.

only reason I got it was similar to CISSP except I asked for an "ethical hacking" course and it was the CEH course with exam at the end of the week

Sec+, possibly something like PMP could help, CISSP definitely, Masters degree

Network+

Security+

CySA+

CISSM

CASP+

CISSP

Yeah, I'm definitely doing masters.

SANS certs are also great

but you need work to pay for those

CISSM is good to

Yeah, I heard SANS is awesome.

High quality type stuff.

What about the other certs I've mentioned, they good?

CySA+ - I don't know much about it but seems like it possibly could help you get a position which is fine, Network+ is good because networking is pretty important in security

CASP+ I know nothing about it but doesn't sound bad

you'll also want to be well rounded in various technologies, Windows, Linux, Cloud, etc. Personally I'd recommend adding a few cloud certs

Yeah, I heard Cloud Security has been popping lately

I think most of the certs I've mentioned covers a lot of ground

https://pauljerimy.com/security-certification-roadmap/

Here's a roadmap, I really like the layout.

yeah and I hate that graphic as its not a roadmap and has a ton of useless certs on it