#cyber-and-careers

That said, the certs are still valuable; if my opinion means anything, I suggest getting a Blue team cert to go with it. IIRC the Splunk cert is pretty reachable for entry level

That was my thought. I’m working on Sec+ right now as a broad based introduction. Thinking of CySA+ next. Had someone recommend CEH but I’ve done enough research to know I don’t want to go that route (and had a really bad experience with an EC Council sales rep). The person who recommended it was basically saying to do something to make yourself stand out beyond the baseline certs required for the job. So I’m not looking at OSCP to learn the skills I’d need for the job per say (planning on CySA for that). But rather to set myself apart as someone who has an interest in the field beyond just what is the bare minimum required for the job.

Having a tool cert on your CV helps too; if you can set up a homelab to practice on, that's also a huge plus for interviewing with a security team

having certs that don't apply to the job don't always make you stand out, it is more the knowledge around the certs you have that helps

So you're telling me that the 10,000hrs I spent getting my underwater basket-weaving cert was wasted effort?

well hopefully you can make some awesome baskets

moderately useful ones

Hi, I am a computer science major and would like to transition to cybersecurity which certification do you think I should start with? I'm considering starting with either eJPT or Security+

Security+

Either one. Look over the syllabus(objectives) for each one, and pick one that grabs ur curiosity

Im an academic, so from that perspective I was leaning towards Security+ more since the topics covered the basics that could help me go deeper in terms of research. eJPT syllabus looks more fun but correct me if I'm wrong, from my preliminary search I couldn't find research topics related to pentesting.

when you say research topics, are you talking about writing academic papers for publication?

yes

well then there's plenty of that to go around. I'm not sure how well either cert would prepare you for that, though- it's more about getting ideas, that can come from anywhere

@wild moat Sec+ is giving u basic knowledge on a variety of security topics, but not enough to produce that initial “intro”. It can help u create topics to center ur paper around and than u can do further research from there. Best answer i got lol

Another thing to do is just read papers, tbh

or just look at anything and think "how can I break this?", then go see if a paper exists on that. If so, take the next step. If not, research it and write it

Yeah thats true, I was thinking that by reading and learning about the different areas I could find an area of interest and also be sufficiently aware of others.

Honestly this led me to a great project idea so big +rep here

Gave +1 Rep to @light urchin

ngl, kinda honored by that, James. 🙂

I had the project idea already but that describes the process I followed to come up with it

SOmething I've learned from academia is that most papers are the "minimum publishable unit", for a variety of reasons

so authors either have a second paper planned/in mind/in progress/etc., or they don't really care all that much, and their "next steps" is something they will never pursue

I've just learnt that a lot of them are not properly proofread 😆

yeah, that too. Depends on the journal

the publishing industry/system is pretty broken. I will spare you the rant/soapbox

Yeah, it's a big scam

I have family and friends of the family at various levels of academia including a professor (and active researcher) and yeah, big scam

My professor told me that one of my papers could be published and then didn't help me publish the paper

yeah. It's part of why I left academia. Also, way more $ in industry

That's pretty standard. THeir job is to mentor and advise, not really help

I asked what the process was and how to get started and was told "figure it out"

hah. So he/she is even lazier/busier than most

Like at least give me a starting point

and you were an undergrad at the time, right?

I have no issues with doing the legwork

Yeah

yeah, they need to help more then

I'm a little annoyed that I can't keep my project as FOSS until I've handed in the assignment

And then i also hopped on another professors PhD project but I probably won't get recognition for that either

Because of potential academic integrity/theft/cheating?

Yeah, not allowed to publish work until after

Will have to sort out what extent I can demo it etc

You should. Generally speaking, I've seen undergrads get at least a mention/thanks, if not a co-authorship, depending on contribution

Yeah, different uni's have different policies. But once you're out, that is probably still your IP. Unless you signed patent rights/IP rights/etc away

Yeah once I've handed it in etc then I'm good to release the code

It's a longer story but tldr looking back we basically did the "undergrad lead's" capstone for them and the PhD was still in the initial stages of development and execution

doesn't matter. If you contributed substantially to the acquisition of knowledge that went into the publication of a paper, then it still counts

even if you are no longer a student and/or it's years later

I've personally seen numerous instances where an undergrad helps write a tool or process some data or something over a summer, but the paper doesn't get published for a year or 3. They still get credit

Yes i realize that but idk where the distinction between the two projects were

If that makes sense

We were told that we were working with the professor on the PhD project but looking back it seemed we were doing the undergrad's senior thesis for her

ah. Well still, if a paper comes out of it, you should get credit. Whether or not you actually do is a diff story

Yeah i really don't care besides the fact that this project could be a multi million dollar company

Yeah, I doubt you'd get anything, tbh, unless you really contributed a lot

you could always try a lawsuit, but I wouldn't be very helpful

Not really after any money, frankly, I wouldn't care about the money. Moreso having my name attached to the original launch

Im having a hard time finding some answers to this... CIO is second line of defense, director of internal audit is third line of defense, head of enterprise risk management is second line of defense, CRO is second line of defense, not sure what the Chief technology officer is and the chief technology officer is... Please Correct me if im wrong in anything!

well yeah you are but I'd google "CIO vs CTO" and you can get an idea of what the difference is, they are peers to eachother normally

Hello,

My name is Iulian and I am here to get some help from this amazing community. I am a Cyber Security master student from Netherlands and I will soon take my degree (I have only 1 course left to pass, wish me luck) and I am looking for a final master theses. I intend to do this project within a company and they asked me to pick my research project but I don't even know where to start. Do you have any interesting ideas I could research or any idea on how I should look for a project? This is a really big field and I am still a beginner and I am not completely sure what this field is capable of. I would really appreciate your help.

Wish you the best,
Iulian

EmptyBuffer gave some great advice for choosing research projects the other day

#cyber-and-careers message just here

yeah, thank for that. I've read that advice before posting my message and it is a pretty good one. Anyway, I still posted my message because I am open for any other advice/ideas. 😇

If you have to specifically work with that company, I would go talk to whoever you can there that can either help mentor/guide you, or who can give you ideas or data. So, if it's a software company, I'd go talk to the people writing the software and maybe ask how they approach security. Or maybe go talk to the IT people and ask how they defend the network, or what kinds of malicious traffic they see, stuff like that. Maybe ask them what tools they use, or why one is better than another. Or maybe you can do a comparison/analysis of those tools or IDS, etc.

Dude just have a look at this you might get some ideas
https://cybercademy.org/project-ideas/

https://www.cbsnews.com/news/cybersecurity-job-openings-united-states/

To follow up with what @light urchin said, don't be surprised if whoever you talk to is not very forthcoming about their security landscape. Instead of asking what they do, it might be a lot more productive to ask about what is ideal. That takes the burden of reality away, and could allow them to be more free with what they would like to see to properly secure an environment

Good point, some people might not want to give you the whole story. But some people are perfectly happy to gripe about their complaints, so ya never know.

Buddies, what do you avoid testing when you have a web app?

@quick forum Can you give me an advice? I think you have some experience related to this

I do not.
Please do not ping me when you want help.
Ask, and see who answers.

Okei, sure.
I just read the topics from this channel and i thought that you know very well this part.
And also because you answered me with the OWASP part

You should read the scope very carefully. Do not test anything that's out of scope.

I always lose a lot of time on rabbit holes and I'm trying to figure out what to avoid

Thank you!

Gave +1 Rep to @quick forum

Hwy guys, not sure if this has been asked before. Is it worth it to show your THM badges and certificates in the resume when looking for a job in cybersecurity?

it would be a good thing to show for sure

@grand swallow in the begining definetelly positive, whatever you can showcase that you have worked with, labs, ctfs is a plus. Later on as you fill your resume with more prestigious accolades and job experience you will probably take the bades out xD

Hi guys, I'm kinda new in cybersecurity, do you think that a data science background can be useful somehow in cybersecurity?

no, I would put it as part of a quick blurb in a 'personal development' section but it really most likely means nothing to an employer

Sure, a lot of cyber security is driven by data

Hi all, I'm getting really interested in the OSINT rooms and challenges, I'm starting to wonder what kinds of jobs might be out there that revolve around that aspect of cyber security? I know that's kind of a broad question

investigation related jobs would use OSINT, you may use it a little if you are doing malware analysis when trying to identify possible threat actors

@golden ore I'm really interested in DFIR at the moment, and it seems like OSINT could go hand in hand with that in certain situations

DFIR is a lot of investigation, so yes it is used depending on the case

Awesome to hear! Thank you

you may be interested in this talk.

https://youtu.be/qkItelFGblw

@lilac escarp thank you I'll check it out

Gave +1 Rep to @lilac escarp

Had a really disappointing interview today for an Entry level cyber security analyst role. Basically the guy didn't even turn his camera on, had bad internet, kids yelling in the background. He asked 3 questions "Tell me about your experience", "Get a pen an paper 8,6,9,23,87 what number comes next?" then same question with 8,10,70,15,60. Then at the end he asked "How interested are you in being a developer?" I basically said not at all thats not even the position I applied for (but said in a professional way). I asked him what his role was and he said he's a Java developer. Then he ended the interview. I was like wtf that was so unprofessional and straight up just not correct. You'd think an international company that does over $9 B in sales would have better hiring process. But i guess someone goofed it up idk

I would follow up with the recruiter or whoever else you spoke to. Sounds like there's a disconnect there somewhere. But also- take this as a good thing- you figured out very early on that you probably don't want to work with that team/person/company. Interviews go both ways.

If there is someone here residing in Oulu area please drop a dm

Not exactly there, but used to, and I know quite a bit about the companies and uni there

Not home atm, but is it okay to dm you later Arhu?

That's fine, I'll answer when I can 🙂

alright have the PenTest+ scheduled in 3 weeks, anyone have a favorite resource? I already have Dion's stuff, currently split between the Sybex and the McGraw Hill books

hello guys. do you have any awesome template for a CV? Or maybe some tips and tricks in order to get some "points" from the company?

i would recommend using canva

they have some sweet templates you can copy

then for each application you make , make sure the cv is sorta custom and oriented to the job

and have basics like acheivements, experience(if you dont add some projects you did), Skills try to keep it relevant to the job, education etc

if you have certs and stuff do make a seperate column to plop em and add some drtail about what they are all about

and maybe in achievements you can add your rank of THM/HTB if you want

oh damn, these are some great tips. I will check Canva and I will use all the tips. Thank you @stark marlin I really appreciate

Gave +1 Rep to @stark marlin

no problems at all , Best of luck hope you get a great job

I'd love to know what you find also. I'm taking it in a few weeks too, totally not prepared for it

Managed to find PTO-002 exam objectives and a blog post detailing the difference between the two exams, you might find this stuff helpful - still undecided on the book ill get tho
https://comptiacdn.azureedge.net/webcontent/docs/default-source/exam-objectives/comptia-pentest-pt0-002-exam-objectives-(4-0).pdf
https://www.comptia.org/blog/comptia-pentest-001-vs-002

for comptia stuff the first thing i usually do is annotate those exam objectives page and try to write 1 sentence below each objective, whatever I dont know anything about ill mark for follow up

Thanks!

Gave +1 Rep to @ancient prairie

https://youtu.be/ey5tjmuHbCQ

this is there as well if u want^

Hi

hi Odaly

Does THM itself have a careers page ?

There's a #jobs-board where most of the recruiters will post if they have anything to offer

What about working for try hack me itself ?

They mainly post jobs on Twitter there was one a week ago i'll find it

https://twitter.com/RealTryHackMe/status/1395061963823230982

Cool. I'll keep an eye on the twitter. Thanks @unreal arrow

Gave +1 Rep to @unreal arrow

can any one help should we learn programming languages for ethical hacking or can be managed by the tools we have please any one help me

Yes you should learn programming. You'll understand how the tools/exploits work and you can write your own

can you prefer which programming language is more relatable to cyber security and ethical hacking

Python is a good beginner language

anything else can be good including python

Depends on what you wanna do but in general it's good to know python, bash, powershell. If you wanna do webhacking for example then you should know JS,PHP etc.

it means a lot bro

thankyou

Understanding the fundamentals is really valuable, but you also don’t necessarily need to be some incredible, super experienced programmer to be able to do security stuff. Being able to write some scripts in Python can be really helpful.

Programming knowledge certainly doesn’t hurt, of course 🙂 But you can learn as you go, it’s not a big prerequisite or anything.

https://discord.gg/VxdQKBHTSg

keeping on the theme of learning python.. i feel like learning python would aid me massively right now, i've tried to do a python course on udemy before but lost interest.. does anyone know of any courses that teach python while relating to pentest/security at the same time?

When it comes to learning a language for hacking you first need to understand the fundamentals of it. So best thing is to tough through a normal course and then relate it to security after

yea that's what i sort of gathered alright... wish i could just sit through it lol

could anyone recommend a python course? i tried automate the boring things on udemy but it really just didnt grab my attention

You might find https://www.codecademy.com/ useful, it's interactive so has that benefit

thank yaa

Gave +1 Rep to @lofty ibex

You could look at FreeCode Camp https://www.freecodecamp.org/learn/information-security/#python-for-penetration-testing

thank yaa

This book teaches you Python from the ground-up using cracking secret codes, lil secret but this is the book which inspired Ciphey. So much so that I even emailed the author to ask for help 😅 https://www.amazon.co.uk/Cracking-Codes-Python-Introduction-Building/dp/1593278225/ref=sr_1_1?dchild=1&keywords=cracking+secret+codes+with+python&qid=1622192628&sr=8-1

tytyty

Hey I applied for the Content Engineer thing with TryHackMe. Are we doing referrals for this one ?

Are network engineers supposed to have Cisco and Juniper certs?

Typically, Cisco > Juniper though

CCNA is a fairly common requirement

@polar rock Thanks I will tell me friend who lost his job due to lockdown. Allready has CCNA but no interviews yet sooo this might open new opprunitss for him. Thanks

Gave +1 Rep to @polar rock

I suppose that someone else also asked this question guys, but I would like a hand of help if is possible

What entry level jobs are there in cyber sec and what should someone need to know to start a career in the field?

interested in this answer aswell

this is a good article that talks about things to know for cyber security https://github.com/ED-209-MK7/5pillars/blob/master/5-Pillars.md

Generally Soc Analyst is jr position although sometimes you may need experience in IT in general such as IT help desk, jr sys admin or jr network admin.

Sec+ is a great entry level cert for Cyber

What knowledge you need about soc analyst. I am currently a university student and we have learned basic stuff about sec and every time I read a job offer I understand what they ask for, but I think that I cant make it. Probably because I dont have any experience from work in the field

Honestly, junior level jobs are meant for you to know the basics, so like basics of networking, security, operating systems, etc. If you see job listings, those are a good guide

So you think that is a good chance to start, at least to earn some experience?

yes but like I said, it may be difficult as entry level security jobs are highly competitive, so you might want to keep an open mind and look at other entry level jobs in IT

Thanks a lot, I'll have my eyes open then

I have a question for those who work remotely for different reasons than covid. I would greatly appreciate it if you can help me!
What kind of webcam do you recommend?
I'm going to start looking for a job in fully remote companies. I don't have a laptop. I'm thinking of buying the Logitech C930e or the Logitech Brio. I think the Brio is too expensive but it may help make the interview a bit more pleasant.

C920 is a pretty solid choice. The webcam doesn’t have to be expensive. The capability to display a HD image is the main thing

Thanks!

Gave +1 Rep to @lofty ibex

Hey anybody's company got an opening for Internships ? For Summer/Fall ?

prob better to mention which country you are looking in

i know that cisco is hiring interns

for their incubator program

you can see if its they have that program near you and apy

apply* you just need basic knowledge more and less and if you are enthusiastic enough i am sure they will pick you up

I'm from India, so if anything here or remote opens up, please do lemme know. I have been told that SoCs hire interns to validate test cases and stuff. That would be really really helpful.

Summer breaks are coming up and I still don't have an internship

Also any recommendations for the THM job ?

It's a little late to apply for either - summer internships usually recruit around november-january. Finding anything past february is really tough.

Yes, that's why I am hoping for some heads up on Fall 2021

@north hill from where in india?

Kolkata !

\

Are there certifications which you can take even if you do not have a company?

most certs aren't tied to a specific company

I mean, I got my OSCP as a student 🤷‍♂️

You can do virtually any cert by yourself

CISSP you may struggle with

Doesn't CISSP require explicitly 5 years of experience?

well, Muiri did say you may struggle with that so perhaps don't focus on that first

I followed a course which was much harder than the CISSP, but from what I heard, the issue is registering if you do not have the experience

well, their website doesn't say they won't let you

https://www.isc2.org/Certifications/CISSP

you can take the CISSP but you would have to indicate you have an 'associate of ISC2' vs CISSP on your resume as you don't have the experience.

SSCP, although not as recognized, may be a better cert to take if you don't have the experience required by CISSP

I wonder if it's a good idea to put my THM profile on my CV 😄

what do you guys think?

if you are after a cybersecurity role and don't have anything better it's probably a good start

I'm fresh out of uni atm, I don't really know if I can get a cybersecurity role since I am still learning

I'm more of a software developer with a security interest rn

It was just a thought tbh

well, it would depend what job you were applying for then I guess

but if you apply for a cybersec one i'd include it if you don't have other stuff it does demonstrate learning and interest

yeah

thanks for the replies

Seeking help! I am a mechanical engineer and was a design engineer for 2 years ! Due to covid situation lost the job and I developed an interest towards cybersecurity and started to learn from HTB and THM . But many people have been advising me that I need to complete full courses on networking and A+ and almost all job description in my region are asking for too many certs. I am halfway through my complete beginner path and I put in some stuff I did on THM on my resume and started applying for intern roles . I am not getting any calls and one of my best friend told me to do JavaScript now ! I don’t know where I am going wrong ?

One of the biggest obstacles you are going to face is skill transference. You have a lot of ME on your resume, what skills are cross applicable to cyber? What kind of IT background do you have? Do you know any programming languages? Cyber does rely very heavily on networking knowledge, especially for entry level. What kind of cyber role are you aiming for?

I was thinking of getting into junior pentester actually but yeah I don’t really have a strong hold on networking, programming or any Relevant IT fields . And as I was going through my beginner path I felt the need to dive deep into concepts , but following that approach I am losing time so I am kinda stuck . Again my friend advised me to get into web development and know the IT field and then jump into cyber with previous experience gained from THM . Do you think I should take his advice?

jr pentester is not usually an entry level position. That should be your 5 year goal

web dev is ok, but honestly, networking is much more accessible. I don't know you, so I can't really comment on what I think is best for your personally. Advice I have given other friends who want to jump into security is, work a 'regular' IT job for a year or two. Get a feel and a knowledge base for a specific domain with an eye towards security. Then make the jump into a SOC.

In the SOC, you will be exposed to a lot of different aspects of IT. From there, it'll be easier to pick a domain you like and grow your knowledge.

Oh I didn’t know that thanks a lot !

Gave +1 Rep to @flat sedge

I'm a programmer and software engineer at heart; code is my first love in IT. Web dev involves multiple technologies, some of which cause problems for other parts. As an engineer, you are likely going to want to understand the full technology stack right away. That isn't feasible.

I have had exposure to programming language C++ and C during my high school and first year engineering so I am comfortable with coding !

When was the last time you touched it?

Yes my friend advised me to focus on front end development for now and then slowly take it further learning frameworks and back end

Way long back I retain the concept s but definitely don’t have developer level knowledge!

C++ has changed pretty significantly in the past 5 years. Regardless, take some time and poke around the different security domains to figure out what is most appealing.

Yes yes but I also felt entering into help desk and working my way up into networking and then security as the best way . But following advice from YouTube created all the confusion 😩

Also @flat sedge do u think if I focus on learning JavaScript from Udemy, practice coding from codewars and then learning react or node.js would land me a job ?

I think JS is pretty garbage in general. I would rather wade through SIEM tuning than touch front end dev

Also some people advised me to do CCNA or NET+ but currently I have issues at home so don’t have money to take the certs ? Can I get a job as junior network engineer without those certs but by taking courses ?

Hating JS is a personal opinion though; there are many people who disagree with me that it should be taken to the desert, shot, set on fire, then buried in a shallow grave.

Most vocational courses will guide you towards CCNA or Net+ as part of the program; it's likely that a vocational college or junior college in your area will have a voucher program to either include or reduce the cost of the cert exam by taking their classes.

I didn’t know about SIEM till now. Thanks again for informing me about many things. I was an idiot thinking I can get a job after finishing complete beginner path 😅

Gave +1 Rep to @flat sedge

The SIEM is one of the primary ways that an organization monitors the entire IT landscape - it's a really important tool to get into a SOC role

So if I learn that tool without prior IT experience will I be hired ?

If somehow I can afford NET+ do u recommend it ?

Probably not. Net+ and CCNA are both valuable to getting an entry level networking job.

Your ME experience and workhistory probably isn't going to apply to IT, and you will more than likely have to start at entry level and work your way up again

Oh yeah I guess you’re right about that, maybe that’s why my resumes getting filtered 😅

Thanks again @flat sedge I feel light now and THM is awesome for learning cybersecurity. I will work on getting an entry level role and keep gaining knowledge from THM . You cleared all my confusion I can’t thank you enough @flat sedge 👍👍 🙂🙂

Gave +1 Rep to @flat sedge

I actually wouldn't take the time to bury it in a shallow grave. Leave it in the open for scavengers to pick at.

@summer reef I added my THM to my CV and they told me they looked it over. Not saying it got me there, but it was noticed.

I applied to 37 positions and every application says denied 🤣🤣.

try to get some feedback about your applications and what you could do to make yourself a more suitable candidate

just wait until you hit the triple digits

welcome to getting a job in security

i applied for around 300 positions, got 2 interviews at fortune 500s, led to one offer

this wasn't being picky either, anything from security analyst position across the country to red team down in the city :|

I'm sorry to hear that. I'm happy you received an offer tho. I'm just trying to get out of my current job. I'm babysitting developers. I spend my working hours hacking in labs because I'd rather be doing that. I hope we all have a good year. Good luck everyone

I would love too but they don't even respond

Anyone have advice on how to receive/be sponsored for clearances? Seeing a lot of jobs requiring them going in but everything I read says you usually have to be sponsored or pay a bunch out of pocket.

You cant get a clearance out of pocket. You have to have a sponsor

There is no standard wording for what to look for but many jobs will require secret but allow you to wait while the process is being conducted

Things that will do you in are debt, foreign contacts, foreign, holdings, and lying

Lying is the biggest one on the list of bad things. Probably the 'easiest' way to get a clearance is to join the armed services, but there is still a large amount of risk. If you have close-ish family members who are citizens of other countries, it can make the process a lot harder.

And also remember that federally, Marijuana is still a schedule 1 drug. It does not matter if it's legal in your state

This includes all cbd products

On top of that be prepared to have POC at every job you have held since you were 18

Or the past 7? Years

I know a good amount of people who use quite heavily and still hold high clearances

That's great until you get tested

I wouldn't bank on the if, it's when you get tested

True

Oh also foreign travel

Pre-clearance it doesn't matter unless you are still in contact with people from places you visit but during the investigation or post investigation you need to keep records of where you go

Good to know thanks! @stoic cave

Gave +1 Rep to @stoic cave

Also if you see a job asking for a clearance, just apply as long as you are a US citizen.

Debt and even past alcoholism and criminal records are not disqualifiers. I've known people with TS with all that

Depends on the kind of debt. Student loans? Nah. 30k to a loan shark? Probably.

Yeah, illegal debt would be bad. But really the reason they ask that is because it's a potential vulnerability. If you owe half a mill on that house and student loans and credit cards and somebody offers to pay all that off if you'll just steal a few measly little state secrets, then....

That being said, I know people with 6+ figure debt and clearances

Yep. If they took student loans into account nobody would have clearances

Sad but probably true

Hello carbon-based lifeform , i have an interview for a junior pen tester role soon an i'm hyped as hell , its gonna be from what i understood half tech half behaviour, do you have some tips guys to share ? like what they will likely ask me in the tech side , i'm kinda confident on the behaviour part but some tips there will be good too.

My behavioural tip is to not assume people being "boyz".

Hope its better now

not by a large margin, actually.

'Folks' is a very acceptable gender neutral term

I like y'all personally

Or even "Hello, " would work.

You lot also a good call

I'd go with scallywags

You lot is more regional for the UK, I think. I've never heard that in the US in a semi-professional setting

What about carbon-based lifeform?

Hey, so try learning about OWASP-Top 10, TCP/IP netwokring,

But what about bots and silicone-based life? 🤖

DNS , how websites work

Sounds kind of derogative, I wouldn't use it

"Hello mammals"

and also learn basic stuff about i guess how you would detect some of these attacks,what is consdiered as sensitive data

This discussion is somewhat relevant, actually, I know someone that had her choice of job influenced by the other companies' interviewers asking what her husband does for a living.

what is CVE, MITRE, ATTACK, should also help i am not sure they will go into very specifics but i am sure it will help you to know these

I don't think that's legal. Not in the US at least

It's not in Finland either. That doesn't mean it doesn't happen.

true

Sounds like a lawsuit waiting to happen

Pocket recorder and that recruiter is busted

MITRE and ATTACK?? Doesn't these both focuses more on the defensive side...like the past approaches and groups

you would have to do reporting as welll

so you need to know basics atleast

on how to patch stuff and some defensive techniques

Thanks

Gave +1 Rep to @stark marlin

Thanks a lot , sound like a good start

Gave +1 Rep to @stark marlin

no problems

and Best of luck Space ghost you got this

I know a few cases where the recruiter was basically like "so any chance you're going to be pregnant soon"

Best of luck sexyplumbs

thanks folks i'll do my best and a bit more , and if i get this job some will be thanks to this community and the material on THM

...and this is explicitly forbidden in law. Then again, people rarely take pocket recorders with them to an interview.

That's definitely illegal to ask in the US

Haven

Haven't heard anyone carrying a recorder to an interview

Only caveat to that is be sure you are interviewing in an area where 1-party consent is the legal requirement

Finnish law pretty explicitly states that a person can record their conversations with other people. Publishing them is another matter.

In the US, it varies state to state I think

Yes. CO and NY are one party consent, IIRC Alabama is not

mmh, I wouldn't know anything about other European countries and their laws about this.

Which might get interesting if you're interviewing to a position in another country

Trying to find an internship this time of the year when summer vacations are coming is hard...10 applications in, 1 no, and the rest is pretty much 50/50 we'll get back to you or havent heard anything yet

Guess there's some phone calls to be made this week

Kalma which country?

You are looking super late in the year for a summer internship. June internships are usually filled by mid January

Any company filling summer internships this late is probably a hot mess

yeah our interns started last week

Can I apply for the winter? If yes, where can I find the notification that the portals have opened up

Thankyou

Yeah when I interned I interviewed in March/April and started in May

I would look, I know my company only does summer internships or round year internships for those that have previously been summer interns

and our applications for summer interns start in November

Yeh but the thing is that the training I

I'm doing started a few weeks ago

So the whole schedule is pretty fast track 😄

It depends on the company size and how many people are applying honestly

Maybe your training has a work-study position?

A lot of vocational tracks will offer work-study to supplement their office work at near minimum wage

Thanks

Gave +1 Rep to @pseudo creek

Finland

anyone here pursuing career in cybersecurity?

working towards atm

atm?

atm = at the moment

Can someone tell me what exactly a junior security consultant do ?

I had applied to a company for that position based on my THM knowledge and got a mail today saying I am screened ! I am not feeling confident about going for it actually because I feel I lack the basic IT skills required? Any advices from experienced peeps ?

honestly, it really depends on the company. What did the job listing have in it?

i just got a job as a junior security consultant hehe

but yeah if you share what the job desc says we can help more

Congratulations

Well the attached pic describes what they are expecting!

thanks :D

Gave +1 Rep to @wispy rock

okay so that’s a very broad job description tbh

it’s literally “be familiar with everything in IT” lol

Well to be frank I am quite shocked how was I even screened because I was discussing with @flat sedge the other day about how I am finding it difficult with my ME experience and my learning curve 😅😅

but make sure you know the osi model, common ports, owasp top 10, lateral movement techniques

I am confident about the osi model and ports . Will have to go through owasp 10 and lateral movement techniques 😅 regardless of whether I get the job or not I’ll consider a good experience and quite honestly if i do somehow crack the interview, I feel like I am cheating people who are far more deserving than me and have the networking, sysadmin exp

there’s always going to be someone better in one aspect

but as long as you have foundational skills in all areas you’ll do great

That’s there as always!

for owasp top 10, there’s a huge thm room with really good content!

i recommend going through that

Yeah in that case THM has the best content to make even a career switcher feel confident

Yep currently on that only.

Congrats My friend

thanks!

Gave +1 Rep to @peak steeple

Hi guys

Hello

!docs verify

I want to start my career at cybet security

Alright, Cyber Security is a pretty large field. Do you have any specific interests?

My networking is good

Dont know much rathar than that😅

Right but you aren't going to want to do that as a career if you don't enjoy it

I mean networking concepts

Maybe do a little googling into the different corners of the cyber landscape and see if anything interesting pops at you?

I want to i m intrested

Ohk

Are you signed up for THM?

Yes

Intrested in bug bounty

This is my personal opinion and I know some others share it, but bounties should not be relied upon as a stable means of income

Thats true

If you're already signed up for THM, I suggest also going to #start-here. There are a multitude of free rooms that are excellent and expose you to more cyber security concepts

Sure

Hey anyone working who's company is opening up Fall applications for Internships ? Too late for summer.

one question, Comptia or ceh ?

CEH seems to only have real value in India, and in the US for DoD positions

Except the value in the US is a little less, as there are equivalent certs that are actually good now

Summer internships have already started. You're best bet is to find a part time job or start applying for fall internships that allow you to take your classes

Yeah, that's why I want to be early on those fall applications.

Aside CEH which other certifications will broadens ones knowledge

Comptia's Net+ Sec+ Pentest+ and CYSA+

good base certs

CEH is not that good

What are the various fields or specialization in HACKING

But good for basics right . I’m a pure starter even though I have knowledge on Linux and other basic IT. Want to start with CEH

No

usually you would want to go do a red team or pentester path

CEH is only valuable in India really

The knowledge is frequently outdated etc

You mean CEH?

Yes

I mean I said CEH so yes, I mean CEH

Which is the red team

CEH updates the test yearly, but it is usually updates from the previous year

THM has an offensive cyber path to learn and practice on

Noted , so what’s the current program in the market now for someone who want to starts a career in cyber security and hacking

James gave some good examples previously

Will go through

It's heavily depends on your current skill level and knowledge base

Comptia's certs are some of the best to start with and then progress from there

Seen

Comptia is widely recognized

And are thorough in their approach to the material you need to know

Which computer language is best for aspired hackers who wants to be successful in their crafts

most start with python

Does anybody know how are comptia pentest+ performance based questions like?

A quick question for people in the know: Is there any advantages in getting a CCNA certificate over a Comptia Net+ one? From my googling they seem like they cover largely the same areas, besides the focus on Cisco products and IOS in the CCNA

CCNA is a lot more cisco specific but the basic networking models are covered in both

that doesn't answer their question though and I think it's a good one. I'd like to know as well especially since I'm currently enrolled in a ccna course

I think a network engineer should get CCNA for preference, due to the prevalence and dominance of cisco hardware. But Net+ covers the same info, minus the cisco IOS specific configuration commands

Net+ is trash, no cap

yeah if you are interested in practical networking CCNA will be more useful

deadass

worst certification I've ever taken

not the feedback this channel deserves but the feedback it needs 😛

Both are entry level networking certs, most reasonable employers recognize their interchangeability

I think there's definitely more value to security researchers with the new CCNA

they cover APIs and stuff like that, which I'm actually pretty weak on and having exposure to backend technologies is fairly nice

super far left for a networking certification tho

https://learningnetwork.cisco.com/s/ccna-exam-topics

Is this a different than the 200-301 series?

nah, peep the 200-301 objectives

I'm about 80% through vol1

haven't really seen security or automation topics yet

it'll be towards the end

it even shares overlap with OSEP material (Ansible)

Worst thing about ansible: people keep callling YAML files 'code', and keep adding a ton of loop and when conditions. If there is that much variability, write a py module. It's not that hard.

HTML would like a word

Please yes. Config files are specifications, not programming

keep up the good fight

Hello, I need some help👀

I just completed my degree and I want to get a job into security field.
So I checked some websites and saw I need to learn about networking stuff, OS working, firewalls.

Is there anything else that I need to learn?

well "security field" is pretty broad, can you narrow it down a bit?

I'm new in this area😅
So I don't know exactly about it.

I did pico ctf once and it was fun👀

well, maybe start with the beginner path on tryhackme or the "advent of cyber 2020" room to get familiar with some of the topics

Okk,let me check👀

networking and how to use an operating system would be bare minimum, what degree did you get

B Computer science

they don't have that stuff?

interesting

And if you're really great at networking you don't even need to know anything at all!

They have ,but I didn't payed much attention to it😅. I do know about them little bit

If you apply to "Fresh graduates welcome" postings they usually give some leeway. you don't have to be a master at what they're looking for. as long as you're not completely clueless and you can show that you have the mindset to learn stuff

I think first yeah get some understanding of the topics involved - https://tryhackme.com/room/adventofcyber2

this is kind of not as long as the beginner learning path on the site or as in depth but it does help you get your hands a bit dirty and see what kind of stuff it involves

Ok , I'll give it a try once I know about this field little more👀

Thanks, I'll give it a try

Gave +1 Rep to @opaque laurel

To the people who hire for Cyber Security Roles : What do you find more important in a resume ?

• Personal Projects/Forum Ranking, or
• Internships/Prior Work Experience ?

Aka, should I quit my internship to focus on personal projects, more rooms and learning over the summer ?

experience > everything else

definitely don't quit your internship

It's not even actively on security, rather content curation on some CISSP stuff

experience is experience

If it was an active security role, I would have loved it

Okay, then 3 months of almost unpaid work it is :))

personal projects are really just extras tbh

Some might not even give af about your projects if you dont have experience

There are things to learn in any job and in any role. Re-focus on what you can get out of it, and focus less on your feelings about the task. Internships are to broaden your experience and its rare that an intern does the same thing for the entire time. If you really hate this task, just get it done so you can move on to another.

Thank @flat sedge

Gave +1 Rep to @flat sedge

I needed that :))

I took a 9 months almost unpaid job for a good work experience in a good company on my cv

my prof says its something ill thank him for later

Tbh the money doesn't even matter if the work is good enough

I can go on coding security tools, learning stuff and try to break things for hoursssssssssss

But documenting stuff for hours is kinda cumbersome

The most important task in security is documentation. Because you can do all the cool stuff in the world, but if you can't write up what you did for someone else to understand, all of that time is wasted

Furthermore, if a full-time dedicated security team is doing implementation, that organization is broken.

Thanks @flat sedge good answer

Gave +1 Rep to @flat sedge

Hello hi would showing tryhackme level make me seem like a showoff

Nope

Whoops

!docs verify

everyone in this industry has an ego complex, showing your tryhackme level shows ambition

How's the Georgia Tech Online Msc cybersecurity program?

7000 $ is really cheap, and you get the same diploma

No, they hire a third party

coworker is currently going through their online Masters (Cyber Physical Systems) degree and isn't really enjoying it, but he's also got hella experience, so

That's really cheap for a post-grad degree. Have you verified that the degree-granting institution is the same for both programs?

Yeah i was going to say. My degree and our masters school was $700 per credit hour minimum

Is EC-Council a good University?

lol no

What did you experience?

Just read supukis certification talk

https://blog.spookysec.net/certifications/

speaking of that, I should update it

Supuki described CEH pretty good: You can forget everything the course taught you, and you’d be better off.

updated, the only thing that's missing is GNFA

Hello! Is here anybody from Austria willing to talk about cyber-security/development jobs in the country?

NetSPI are recruiting: https://www2.appone.com/Search/Search.aspx?ServerVar=netspillc.appone.com

-mute @merry pollen

🔇 Muted SommoDuce#1219 for 1 day

Yes it's the same, it's really a good deal

So I decided on going to a Community College in September for cyber security I want to become an analyst..Is there any free courses or apps or anything, i can look into to get a jump start on? Thanks in advance.

tryhackme.com . Ur in the perfect server as well for any thm related questions if u get stuck doing a room. Since ur focus is security (blue team), do the beginner learning path first to grab the fundamentals if u haven’t already and than u can move into the cyber defenders path on thm to get knowledge u need to put u at a advantage once u come out of college. Overtime, u can learn and apply ur knowledge on other platforms like rangeforce, cyberdefenders, securityblueteam labs, etc. but start on thm

Ok thanks. I'm going to try that site right now.

Np! And good luck in September 🙂

Thanks

You are enrolled in a cybersec program? What's the degree or certs you get out of it? I'd look at stuff like THM as a gap-filler, but the bulk of your training is going to be coursework

Its a 2 year associate's degree. Just to get my foot in the door for now.

AS or AAS?

It doesn't particularly matter - AS is more of a track to transfer for more education, AAS is more oriented towards vocational. I wouldn't worry too much about doing prepwork for your courses. That's the point of the courses. Just look at things like Udemy, THM, Coursera, LinkedIn Learning, et al, as supplementary or outside study.

Hello guys,
I am from india pursuing my bachelors in tech cse... i am preparing for eJPT. how can i get a entry level job in security. do i need to do job in india only or can pursue any where in worldwide. like do companies hire entry level international employees do they sponsor i mean?

A lot of companies outsource security tasks to firms with offices in India. Those firms are probably going to be your best bet to start; don't count on being sponsored for work-residence in another country until and unless you reach a much more senior position.

oh ok thanks for the advice. so can i give interviews just like for practice??

Gave +1 Rep to @flat sedge

That is a good idea - be aware that there are some huge cultural differences in interviewing across national boundaries.

like what difference can you give me some example?

It depends on the level of the interviewee and what kind of interview it is.

A technical interview is run totally different than a personality interview.

For a technical interview, I will sometimes say something intentionally incorrect but within the supposed skillset of the candidate. How they correct me tells me a lot about them.

For a personality interview, I'm looking for things that aren't technical but will determine how that person will slot into the team.

Thank you for the advice.. it helped a lot!!

Gave +1 Rep to @flat sedge

Bear in mind that I'm from the US, and I have a personal preference for people willing to step up and say 'no, you're wrong'. My experience working with people in India, is that they won't always speak up because of respect to seniority/authority. But again, that's my experience and isn't applicable to everyone.

Yeah, this is what we are told india not speak up to seniors can't deny that. I will keep your advice in mind.

told in india*

Thanks @flat sedge... I'll also keep this advice

Gave +1 Rep to @flat sedge

and here is to why I dropped enrollment into Maryville University in STL $7k a semester.

that's a sans certification a semester! I know which I'd rather do

Hello! Is here anybody from Austria willing to talk about cyber-security/development jobs in the country?

Side topic: Would you guys put "Kali Linux OS" or "Linux OS" in your resume?

Not really

I wouldn't put Linux OS because you don't put Windows OS lol

and I wouldn't put Kali Linux because there isn't a Kali Windows

I would put the distro(s) I am familiar with and feel confident being an admin for. Like CentOS, RHEL, Ubuntu, OpenSUSE

I'd say familiarity with them, perhaps. But what makes Kali Kali is the tools. You don't learn Kali, you learn the tools and concepts.

what goes before Jr. Pen Tester? lol, Jr. Jr. ,

security analyst kekw

Trainee

Source: my role that I just got an offer for

congrats! that doesn't exist in the US, they want ppl to magically show up and be pen tester, the jr role is not really even a thing, and then they complain that they can't fill roles,

I didn't get the role the normal way, sort of headhunted

It probably exists, just rare.

yesterday I saw a trainee one, (obviously applied) but kinda stared at it for a while, in disbelief.

As long as they don't call you bru, I think you will be great, lol

And I'm kind of the opposite, I'd just say Linux as the distros aren't really that different from eachother, minor nuances. I don't think there is a need to list every distro

That's a fair point. Maybe only list a specific distro if you consider yourself an expert in the nuances that make that distro special?

On my resume I think I said "experience working in Windows and Linux OS environments"

I'd have to double check

I wouldn't list them unless you have a special cert for it like a "RHEL Certified System Admin" or whatever it's called

Debian-based and RPM based Linux

"can bash head against keyboard and make things work"

The most important skill

I was forced to use man pages again today. My terminal decided it didn't want to have functioning software

Terminal as in computer not the Linux terminal

does anyone working as system engineer?

if you guys did, would you recommend becoming one?

I’m only interning but I work for one. I think it varies based on the company your working for.

This ^

I'm a Cyber Security Engineer but I do some systems engineering tasks if you want to call it that

The titles tend to have different roles in what they do/don't do between organisations.

I'm a lead system administrator but spend more time doing DevOps work than I do SysAdmin

That's fine though - do you really want devs mucking around in your CICD infra?

Very very fair point, not "technically" my job desc. but reduces the headache of dev messing things up

If one wants to interview a professional in the field they are considering what would be the best approach?

Just ask for a few minutes of their time - politeness and respect go a long way towards getting helpful feedback and information.

Be sure to include a date and time when you'd like to talk to them, and a topic you'd like to chat about.

Yep, can't hurt to ask. When looking for a job post graduation I would message alumni in the industry and ask for a moment to chat. 10/10 would respond and if they couldn't chat themselves they would direct me to someone else who could

That is what I have heard but I never knew it was that easy.

Yeah, just be polite and concise

And come prepared. Don't waste their time with garbage questions

systems engineering is great experience. Like Moose mentioned there can be cyber crossover, my past job was kind of systems engineering + cyber security

Hey guys, just the regular inquiry. Anyone's company hiring interns ? Maybe for Fall ?

I'm really pissed at my new job here

Hi guys!
If you were to put "TryHackMe" in your resume, what would you put in the description?

Explain what THM is and what you do on it in one to two brief sentences. Also put it in a projects or similar section not an experience section

What @stoic cave said and you could also point to any write upd you done on the labs

Just a suggestion, this is not a good way to go about this

Yeah, a job is a job

Yeah I've generally heard it's bad advice to say bad things about your current company

Doesn't reflect so well on you.

It is

I have been working with Startups and all, and have been through my share of bad bosses and stuff. But here it's all new.

Borderline comical

Ok, think about this from the perspective of an employer. Would you hire someone who keeps talking about how bad their current company is?

Thanks so much for your help, and as well as Brent1972. I've just started my beginner programme and thinking what to put in the resume

Gave +1 Rep to @stoic cave

It doesn't paint you in a particularly flattering light, it makes you seem like you're going to complain about the new company too.

Yeah got it man. No more of this.

I actually love working and it's not even the pressure. It's the 7-day week and the bad culture

I'm not saying the complaints aren't valid

But it's a red flag if you're shit-talking your employer.

Got it man. Thanks for the advice. I guess I'm just frustrated.

Atleast gotta hold onto this till better things pop up

BTW I'm re-writing my resume and wanted to run it by someone who has been hiring in this field sometime

@misty vigil I just checked my CV and THM is listed under 'Further trainning.' I have listed the labs in 1-2 sentences but described what tools I used for X task if that helps.

This is definitely very helpful, thank you so much for your sharing and advice. Deeply appreciated. I will try to do it accordingly 🙂

Gave +1 Rep to @peak steeple

is having 2 CVs common?

I don't have enough space to list all the things I know I'd rather cater 1 cv to 1 type of job like software eng and one type to security

@summer reef Not sure if common! I too have 2 CVsIT Support, Cyber and IT Support as each CV highlights what is of interest to that sector.

yeah that's what I was thinking too

just relevant info and skills relating to each sector is what I thought

You usually tailor the CV to the job each time.

Use key words and skills that they use in their job advert

I had 4 tailored CVs when I was applying for a new role some months back

as James said just tailor it to fit the role you apply for

cool, thanks lads

It's a lot of work, I know

yeah it sounds like it, I had heard this advice before but forgotten it so thanks for reminding me

Gave +1 Rep to @quick forum

This. Gossiping about current company gives you a bad reputation as being a complainer; when people start telling horror stories, you can bring up things you hope previous employers have fixed though.

I keep a massive CV that is my entire work history, everything I've done. When I'm applying for jobs, I cut it down to what's relevant to that position.

Yeah, thanks to James and Moose for putting it into perspective

Gave +1 Rep to @flat sedge

I guess I am just drained and exhausted by this new job

Hey ! Free rep xD

Startups are a different beast. It's a 'high risk high reward' scenario - except as an intern, you don't get the high reward part. Either bring up that their expectations for interns are out of line with what the reward is, or just take it as a learning experience and move on at the end of the internship period.

Either way, allowing yourself to be emotionally wrung out isn't worth it. You can only do what you can do, and dumping more and more work on you doesn't fix it.

Well it's neither. Infact we had a startup as well but it fell apart after our lead investor died out of Covid19

The other alternative is that you are seen as being too smart for your own good, so you have to play alone until you can learn to get along with others.

Rather "another alternative"

I've had interns my group had to put in time out until they learned to play ball with the team - a couple never learned the lesson though

The case back here is horrible. Like my teammates are useless. And I don't even mean it ironically, last day they spent hours "debugging" my program and creates a mess saying it was all buggy. Turned out they were running it with python2 when it was to be run with python3

Did you add the #!/bin/bash/python to the first line of your script?

And then they blamed me for not documenting it whereas the first line mentioned it was there

python3 not python

#!/usr/bin/env python3

it's also considered best practice to add the runtime environment in the README.md

which you should do for every project

it's one of those things that may not get explained "because everyone knows"

This was another instance. All I said was please upload all docs as Markdown files.

Did you document your code with something like sphinx?

I really like my stuff well formatted and neat

Not really. It wasn't even something great. But I did add all the important stuff and test cases with relevant data.

The thing is I have to clean up after them. Plus this 7-day week doesn't leave much time to learn. But I can't even leave the job yet

That's it. Like I have been working hard for a long time and now I am paired with these people. Feels like all of it was in vain.

Are you hourly or salaried? As an intern, I hope hourly.

And that you are being compensated for that overtime.

Nopes. It's a one time payment of 10K INR for 3 months which translates to about 130 USD

And no, there's no overtime

These are the working hours

What country are you working in? I can't imagine a first world country that is legal in

It's a ERM company, sorry I can't disclose the name yet

I like to work @wild citrus, like I really love working no matter the pressure. That's what I learnt working for a startup but I need good motivating people. It's not even the money which matters

Ok. I think I have an idea; it sucks that is the situation, but do what you have to, to see the other side of it. It sounds like you are letting the stress build up enough. There is a book I think you may benefit from

I rather look for a good work culture

https://www.amazon.com/Subtle-Art-Not-Giving-Counterintuitive/dp/0062457713

Aah this one xD

Will surely give it a read sometimes

Meanwhile, I'll hopefully develop a few more rooms on THM and try to get that Content Engineer thing going

Someone once told me that till you're 30, it's not the Company you work for, its the people you work with and the Boss you work for

That's what I am looking for

Can anyone help me with this

When you install Ubuntu server, they give you the option to install Docker and Kubernetes. It also installs the security updates if you choose to do so.

So that works to begin with

Setting up specific docker instances is a whole new story though

It says to use ansible

I'm sure if you Google there are tutorials on how to do this

it's always more about the people, IMO

Yeah. That's what I am looking for. A good team and mentor

I'm not sure why this would end at 30

That was just a saying

But the general idea remains the same

Btw, @ebon mica has your company opened Fall applications ?

I've no idea.

Can you lemme know in your own time ? Really really really need a job/internship

What I know is that we only have summer internships in Finland.

Oh. Nevermind then :)) But as a general question, what do you seek in a Fresher's resume ?

Nothing - I'm never involved in early phase recruiting. And rarely even in the later phases.

Something that shows self-motivation and the desire/willingness to learn

Well I'm willing to learn, as I said, a good team and a good boss is what I look for but I haven't been lucky of late

There is a difference, and I'm sure others can explain it better than I, between saying and showing your willing to learn. Companies don't necessarily take what candidates say at face value as their first priority is the protection of said company. By showing through extracurriculars, personal projects, etc you're more likely to break down that first wall

Yes, that's another question we often discuss among friends. Is this (in a security context) implied by personal projects, CTFs, THM, curating voluntary content and stuff ?

In your case- you've created a few rooms here. That's worth putting on a resume, IMO

"Achieved highest level possible on THM and have also given back by creating X new rooms for the cybersecurity training community" or something

Thanks man. I'll be sure to add it on my resume once the rooms are out :D

@mild crystal Here 😄

saw this interesting editorial that summarizes my thoughts on WFH pretty well
https://ez.substack.com/p/the-work-from-home-future-is-destroying

Even when it was proven that people can do their work from home and still be productive... employers want you to suffer. They want you to fight through traffic, come in, sit in your little cubicle box, and sweat through a whole day where at a moments notice they can come to you and bother you about something inconsequential.

Bosses suck.

I think there is value in coming into an office. Don't undervalue the social comradery that comes from seeing your coworkers and team members on the daily. A bad manager is going to make the team miserable regardless of whether its 100% remote, hybrid or 100% on site

I don't think that matters. They are paying you, sometimes an incredible amount of money, to perform the work and frankly they can dictate where you work and when you work.

You don't have to work for x company

They most definitely can. I think it comes down to micro managing. They want to see you. Even if your job can be done from home, most employers aren't on board with that yet. Even after COVID.

Which as a company, is their prerogative. If the workers don't like it they can seek employment elsewhere

Absolutely.

To an extent, I agree with you Moose. There is a balance of power that needs to exist between the corporation and the employee for both to be successful. If the loyalty and relationship only goes one way, it's not healthy in the long run for either part.

agreed 100% - it would be nice to have a in-person mentor, i think my main takeaway from the article in particular is how theres this whole class of middle-managers who can't wrap their head around this new power dynamic

It really comes down to how much does a company value retention

I think it will also help when people realize that loyalty to a company is pretty much dead and isn't rewarded

People are loyal to people, not abstract entities. Advocacy goes both ways, it's not a corporation treating employees right, it's other employees treating employees right.

As a senior person, I love working from home. It’s quiet and I can avoid the drive bys that happen in the office. I can avoid IMs easier than someone sitting on my desk next to my computer.
On the flip side, I think it’s horrible for growth of junior employees. Networking isn’t as great and having someone face to face to show you things is so much better. Some people also have a lot of distractions at home or lack the space needed to work properly.

I’m an intern and if people are micromanaging their workers, it’s largely hurts productivity in my opinion. We operate on a trust basis in my office and I’ve never seen so many people working hundreds of times harder than they would being micro managed. Micro managing is poor leadership plain and simple.

Yeah, if my job forced me to come back to the office, I'd just find another one. Plenty of options out there

thankfully, I think I've found a great job/company/group of people, which is really hard to find

Which certification should I opt for as a fresher in ethical hacking? Any information shared will be valuable for me. Thanks!

which certifications do you have? If none, I'd start with Sec+

also if in India, you'd want to eventually get CEH, if not India then there are other options

if you could provide what area you want to work in would be help full but i would go with OSCP first .

I'm a fresher and I don't have any certs as of now

OSCP is a fairly advanced cert, probably easier to do something like Net+, Sec+ or Pen+ first

there are ton of resources out there to learn from if you want to learn from

I would like to work as a Pentester / Ethical hacker or even as a security analyst

What about C|EH?

oscp is a go to then spend time doing THM and once you are in a good shape take OSCP but remember you have to work a lil harder for it then any other cert

dont go for that thing

I've heard CEH is not very useful anymore. What Zojja said earlier is what I've heard a lot of people say

U talking about CEH ANSI or practical?

the non-practical

the practical is newer, I know very little about it

Oh

OSCP is beginner focused course but the exam is hard for that you have to practice a lot

if yo do THM well and after taking OSCP course u practice there lab yo can crack it

I've also heard about CISSP

Hows that certification when compared with CEH?

yeah there are lot of certs

Okay, thanks a lot guys

cissp requires industry experience (5 years iirc)
Both C|EH's are really impractical and not worth it at all

if you want things that focus on real world pentesting, look at OffSec's 300-level certifications like OSWE and OSEP.

Oh

Okay, thanks.

Gave +1 Rep to @languid hearth

CEH practical is also worth less. Go for eJPT instead.

I just cleared CEH practical last month and don’t think it’s worth it to pay $550 and eJPT cost only $200.

Okay, thank u

Gave +1 Rep to @bright vortex

It also depends on the country, CEH has value in India, outside of India, not so much

Any good certs between eJPT and OSCP ?

I cleared my eJPT and now gotta plan those finances accordingly

@north hill A few good ones are! eCPPT, VHL, Pentest+ VHL (Virtual hacking labs) is getting rave reviews online and so it eCPPT.

@north hill This might interest you:https://www.cbtnuggets.com/blog/certifications/security/how-i-passed-the-oscp-on-the-first-try/

Imma sort it like I sort my wishlist. Prices low to high

Thanks dude. Gonna start the prep soon(once am done with this job). Especially with web and windows.

Gave +1 Rep to @peak steeple

@north hill Aweesome! Also ping any members with OSCP for pointers.

It's gonna be a while xD. As someone who earns as low as 130USD in 3 months, OSCP is gonna take a long while xD

Totally understand! I hear there's lots of priv escalation and pivoting so definintely ace all the THM labs on simillar topics.

I thought you were in India? Or am I imagining it?

Well it's the equivalent in INR. 10K inr in 3 months. To put it into perspective, eJPT costs 15k inr

No i mean your focus, I’m not but it seems everyone says CEH is basically a requirement there. I’d focus on that before OSCP unless you’ve heard otherwise

I wanna get away from here. I still got 2 years of uni so might do it while in the final year if nothing else works out

Gotta grind till I get a good Internship with a humane environment

I'll start my prep though. I love this field

The path that I was told was from hyd3sec he said eJPT > eWPT > OSCP

@pastel solar That path seems solid to as eWPT will cover the web apps side.

Many roads lead to OSCP as long as you cover syllabus topics 🙂

For sure, I really struggle with web concepts sometimes so I think it’s even better for me.

@pastel solar No worries! Dont forget https://portswigger.net/web-security Not used myself but I have on very good authority that it's free and provides solid web apps coverage 🙂

eWPT is like 400 USD Man

Too expensive right now

Then I would recommend using the free resource that Brent sent. And complete the web path on tryhackme

I got a one month pass and completed all 4/5 Pathways. This summer, I'm planning to get stuff going with the web app thingy

Great man good luck on your journey I’m sure you’ll kill it!

Good luck man! I am sure you will indeed kill it. @north hill

Does anyone in here work as an ethical hacker / pen tester?

I can answer questions regarding the roll - former pentester

I can also answer some questions 🙂

Question: I am trying to break into the cyber security field, and i was wondering if i should include activities or certificates from things like tryhackme or hackthebox. I dont have any experience in the IT field, im coming from a restaurant/corporate dining background. I have earned a BS in Information systems with a concentration in cybersecurity *programming as well as the security+ cert. any advice?

I also came from a restaurant background with 0 IT experience and you are way more qualified than I was on paper, I wouldnt mention them specifically per se but I would maybe include a line about CTFs under a "Continuing Education" section

How close are these certificates to actual experience? I've only done desktop / server type IT work.

but if the job posting specifically mentions anything about CTFs/HTB/THM, by all means lean into that a bit and even mention your level - I've seen a few mention HTB/THM by name so you should respond in kind there

some of the conceptual stuff you'll retain from certifications - but in my limited anecdotal experience they rarely translate to actual experience unless its a tech-specific cert like an Azure or AWS specialist

@exotic vortex Hi adm, welcome. When not on THM- I can be fi=ound googling for similar answers omline. What I understand is that they provide the foundations to work towards higher mo0re realistic csrts like OSCP/CEH/eCPPT, You can check the value of a cert by the level of employer demand. Visit any job board and take a note of what the employers are asking for yourself.

If you have a lack of relevant experience then putting CTFs on there can be quite nice, you can always talk about the concepts you learn from them in interview to draw in the links

Even now I still put CTFs on my CV even after working in industry for almost a year

Awesome thanks for the info guys I appreciate it

And I wanted the security+ cert as a stepping stone towards pentest+ as that is the goal for me right now

Can i be prepared in one year for the oscp exam

If i am starting from zero

easily

It comes down to your drive to learn and ability to question what makes something work

How should i question things
And what should be my strategy of preparing towards my goal

@warm hinge I definitely cant tell your strategy but wha would I ? I would 1st complete THM beginner and Offensive path - get your basics down. Then I will try and locate which THM courses match OSCP syllabus. Once done - complete either eCPPT <elearnsecurity> or VHL <Virtual Hacking labs >, make you have wen app skills and then finally tactle OSCP, If in India, I hear CEH is BIG there - so you can add that too before OSCP. Good luck and take lots of notes.

1. eJPT content - no exam
2. Offensive Path - TryHackMe
3. Buffer Overflow Prep - TryHackMe room
4. Linux/Windows Privesc courses - Tib3rius
5. VHL - 1 month subscription
6. Proving Grounds - 1 month subscription ( TJNull list )
7. Ippsec videos (Just watch and take notes) - HTB TJNull list
8. OSCP labs

Thanks to @thick sable

Gave +1 Rep to @autumn robin

Before this indeed the THM Beginners course

hello
is there a way to bypass an rfid scanner without having credientiatls??
i have good knoledge with linux and bash scripting and python
i use kali linux(parrot sometimes)
i got an arduino and am doing some testing

I've been studying cyber security for about 1.5 years now and just passed my eJPT from INE. I'm currently the top one percent of users on TryHackMe.com and have dabbled a bit on HackTheBox.com.

Right now I'm trying to figure out what to do and what "learning path" I should take. My next goal is to complete the "Cyber Defense" learning path on TryHackMe.com. Im currently halfway through it. I'm also looking at BTLO/BTL1 (https://securityblue.team/certifications/).

I have a lot of questions that hopefully you can help me with:

• Is it worth going to school for a cyber security degree?
• What do you think of gamifing hacking platforms like TryHackMe, HackTheBox, BlueTeamLabOnline and RangeForce?
• Would you recommend teaching ones self through these platforms?
• What certifications would you recommend?
• Which certifications should I pass on?
• What person are you looking for when finding new team members?
• When is some "ready" for their first entry level SOC 1 role?
• What credentials / qualifications does someone need to gain the attention of recruiters?
• What are something that you wish you could tell newer employees?
• What is one thing you wish you did that you didn't do?

What I tend to hear from people who work in infosec is very different from what HR Departments are job postings. There's not a lot of great information online right now to navigate this industry and would really like some help.

Thanks!

My first recommendation would be taking a look at Linkedin/other sites for job postings for things you'd want to apply for.
Look what they're asking for, skills and certs and experience wise. Let that guide you.

What I tend to hear from people who work in infosec is very different from what HR Departments are job postings. I disagree with this.
Certs get you past HR. You need to check their boxes. You need to get an interview.

anyone know what's the statistics of who got in/who got accepted?

Yeah. Who they like🙂.

Only they got in

I'm asking for stats :)

Search on linkdin

Almost everyone got who applied...and those were rejected whose form weren't completed properly....this is what they said

i see. makes sense, looking at the number of people in the meet XD

Yep

Anyone have idea about masters in cybersecurity

?

is it worth it to do masters?

where are you? what’s your experience? what’s your plan?

I am from india completed graduation in computer science

No experience

Hi everyone! I require your word of advice. I finally obtained my Diploma in Computer Forensics. I've been looking for positions in cyber security, but I've always been turned down because I don't have a degree, certifications, or work experience.
• But now I'm seeking for a job to obtain work experience, and none of the companies are interested in hiring me.
• Degrees and certificates require time and money to obtain, and I've been working hard to earn and save money for while hoping of gaining work experience.
• I've even included TryHackMe in my Further Training Programme to demonstrate that I'm genuinely always learning.

Do you have any advice for me?

Are you only looking for cyber security roles? Or also looking at help desk jobs etc to get some form of relevant experience

I believe that the best way for me to acquire job experience will be through cyber security positions that will allow me to learn relevant skills and experiences.

cyber security entry level jobs are few and far between, usually people get a job in IT then pivot to security, not always but its most common way

especially if you don't have a degree

Second what Zojja said. 'Entry level cybersec' usually means '2-5 years in sys admin, infra management, net admin, dev, telco'. Picking up security without having at least a working professional's basic knowledge and foundation in a domain is really challenging

The relevant skills you're referring to can most definitely be picked up in non cyber security jobs though, which is probably the experience you are currently lacking

I know the general consensus is IT for a few years then pivot to security, but in y'all's opinion would solid internships, relevant degree, and OSCP net me a JPT interview?

possibly but no guarantee, not a lot of junior pentester roles out there

that don't want years of full time experience

Thanks, certs don't allow you to cheat the experience system I'm finding lol

nope

oh and James don't come in here talking about your job (or do) 🙂

Depending on where you are, over here they're mostly asking for a (degree || exp) && (OSCP || CREST)

I recognise I'm at a huge advantage here because I was referred for the job by a lecturer

I heard that security companies tend to hire red team out of college more frequently than an enterprise would hire blue team

certs are usually proof of continuous learning, and a baseline of specific knowledge. The hardest part of IT is getting into the industry; one technical role leads into others. Internships as part of a BS or BA program can be a huge help.

theres a lot of variables, college hires are cheap

but if you are on a red team, you can screw stuff up majorly

my company hires blue team and various cyber roles straight out of college but usually they have been interns for our company prior or have had military experience

Red team hires out of college? The whole point of red team is understanding the risk vs scope scale of actions, in my experience most college grads think they know a lot more than they actually do and risk production more than the scope of the SoW allows.

but YMMV. Most of the interns I've worked with have been pretty good, but they need a certain amount of initial spoon feeding because of the differences between academia and industry

That's what I think I'll be emphasizing once I'm closer to graduating. Demonstrating a lot more soft skills and practical experience that bridges the gap between academia and actual IT work

Thanks guys

@quick forum I can substitute an OSCP for this?

h

...Perhaps add the word cybersec to your search query.

So the thing with CREST is you are required to work under a check team leader in order to be recognised as a check team member

hahaha

You can gain the required CPSA into CRT or QSTM which will help gain a job within a CREST accredited company massively in the UK

Also James was it Nick that recommended the role to you?

It was

ooo 👀

it was to get you quiet about uop Throwback, bet

it didn't work.

They just ended up muting the entire discord

No more riots 😭

ggwp

Let's just be careful around Rule 2 here 👀

Is CREST more relevant in the UK than the US?

It seems really important, surprised I haven't heard of it sooner

https://www.crest-approved.org/crest-in-the-americas/index.html I mean this is their webpage discussing CREST in the US

Doesn't look overly US focussed

CREST is in the US but it's certainly not as big/adapted as the UK iirc

Thank you so much for helping me to answer my question.

• What role would you recommend me to go for in IT before pivot to cybersecurity?

Gave +1 Rep to @pseudo creek

Thanks man, agree to have at least a working professional's basic knowledge and foundation. To be honest, I needed a working experience which will really help me a lot to understand the live experience

Yeah man, experience is what im currently lacking now and needed to build on that

Hey 😊 new here, ive been lurking today to pick up on the advice given but definitely open to any wise words of wisdom! I'm in my first year of a full time degree in cyber security so due to graduate 2023. I'm studying the degree full time whilst working full time as a manager (and also trying to find time for PC gaming) so its pretty exhausting and id love to source a role within the IT industry to get a foot in the door whilst I'm studying as I'm really keen to work within a relevant role as appose to my current job. Has anyone had any experience in gaining a basic entry level role in IT support or something very low level with no experience in the field? I'm prepared to take a pay cut for the greater good so if there are any other roles you can suggest looking into im all ears!

Common entry level is IT help desk. It may help to get A+ certified for that, possibly looking at network+ as well, but I'll say... its hard to balance gaming, I miss gaming a lot but... got goals

Hey guys, i have been working at my company for almost 2 years doing network security(mainly creating firewall policies) and i am ready to move on into a more IT focus role, ideally a cyber security analyst or SOC position but am having a bit of trouble.

1. How did you guys know what you wanted to do next? Did you just apply to anything that caught your eye or did you guys have a plan in mind?
   2)How did you go about planning for technical interviews? Currently this is my biggest as I have only done 1 technical interview which was for the internship that lead to my full time position now. I am currently making my way through THM complete beginner learning path just to ensure i have the basics down packed but i still feel like its not enough. My fear is that im going to be stuck in my current role and i dont want that to happen.

Any advise you guys can give would be great!

Network security is an IT role, I was a network engineer for many years. When I made my shift, I had just finished an MS in cybersec and was ready to take the knowledge I had gained further. You need to have an idea for the role you are looking for, I would recommend starting by looking at the job boards and trying to figure out where you want to get and what is needed, then apply to the jobs you want to move to. When it comes to technical info, think of them like a walkthrough room, here is a scenario how do you respond.

I was doing network security for a few years and I knew I wanted to do something different but wasn't 100% sure what, then I saw an internal job that caught my eye (security engineer), I applied then got the job

Thanks for the response, as far as looking at job descriptions go, the one thing i lack is the 5+ years experience some of these "entry level" positions require. I have majority of the skills and i know i can learn what i need to once im in but it seems like my application gets filtered out from the lack of experience any idea on how to combat that?

Also in regards to the tech interviews is there a particular way you prep?

Gave +1 Rep to @golden ore

Thanks for the response! So did you prep any before applying or did you just go for it?