#cyber-and-careers

Like they aren't valid anymore?

I just have Sec+ and Linux+. I'll need to get CISSP next year to meet a working requirement. Once your start building OJT the certs don't matter as much unless its absolutely required for the position

Ahh nice, I'll have to search what OJT is lol

on the job training, lol.

Not actually if my Sec+ is definitely out of date but MCSA definitely no longer valid. Linux+ is good choice - I should add to my list too. I have of Linux 😕

oh lol, i thought you meant it was a cert. derp

Ohh right, I didn't realise they expired tbh

How long do they generally last?

Depends on the cert, but iirc Sec+ is 3 years. Then you have to take courses to build "CE credits" and take a refresher test to recertify

oh, and pay a maintenance fee.

its just a way for them to keep extracting money from you, really.

If you take online courses, like from LinkedIn Learning or Coursera for example, you might see it say "1 hour CE credit" or something similar, it means you can submit it to your certifying body for credit towards your recertification.

Ohh okay, that's pretty cool

Not the extracting money part, but the online courses xD

I didn't know that! 🙂 Linkedin Learning videos are great - just wich they had more hands-on stuff.

Every 3 years seems excessive

When you certify - Feel free to write to then and protest 🙂

I like protesting against things so I might have to do that 😂

Its really not that bad, you can't fail the recert exam. If you don't pass you just take it again until you do.

theres no proctor or anything, its just an hour or two affair done in your browser

Oh that's not too bad then, I thought you had to go through the whole process a second time

1 hour spent every 3 years is doable

Like I said, its more of a way to get money out of you than anything else. A lot of people let theirs lapse once they get further along in their careers.

@hallow flame You can still protest for me cause am too lazy to update certs I no longer use but my newer ones I will definitely keep current.

Sure, I'll let you know in a couple years if I get anywhere with it 😆

-arole 89220092960706560 sec+

➕ Gave the role Sec+ to Tact#1357

-arole 89220092960706560 linux+

➕ Gave the role Linux+ to Tact#1357

some of my certs expire in 2 years

Should I keep working on THM to finish the learning paths or focus on a first cert? Have the voucher for sec+ waiting

THM can definitely be helpful for some of the foundational stuff but I'd start digging into Sec+. It's not a bunch of memorization anymore, you have to actually understand the concepts they're teaching and how to apply them.

^ This exactly. There are practical components to Sec+ that require a full understanding of the concepts being taught. It isn't just multiple choice to memorize

For instance, I dont believe THM goes over the roles of managerial, operational and technical security categories and the security types that fall under them. (Someone correct me if I'm wrong)

And they'll throw scenarios at you where if you don't understand what they are and how they work, you'll miss the question.

Thank you, I will focus on sec+ and use THM to go over the concepts if they have specific rooms for that

The networking stuff is a good place to start too, if you haven't gone through Net+

Will take a look at the one last room im missing, didnt come across it in the beginner path yet. Between presec and beginner path networking, ive learned a lot the sec+ book went over

I got the Sec+ yesterday, what should I do now?

Congrats! what did you do on top of reading material? Anything hands on?

Thanks!

I mainly stuck to Professor Messer, Jason Dions Practice Exams, Mike Myers Udemy course and a nice study guide I can send you I found on Reddit

Yeah, please dm me

I read a little of that GCGA book but tbh I’m more of a video learner lol

I currently have a book that i read, and listen to professor messer on my way to work

Of course, one sec

Just sent to your dms 🙂

International Cybersecurity Recruiters Answering ALL the Questions: https://www.youtube.com/watch?v=MVHjCEHp0CE

Yo

Im getting comptia CySa certificate soon, az900, along with SharePoint

Do you mind sending me that study guide as well? 😃

Hi everybody,
I'm currently studying Cybersecurity; I want to become one of the top experts in the field.

I recently made a LinkedIn account and I'm looking to make new friends and connect with other cybersecurity enthousiasts. So I invite everybody to connect with me so we can all expand our network! Here's my page link: https://www.linkedin.com/in/maximebeauchamp-cybersec/?locale=en_US

Thanks and happy hacking!

@lavish pawn Out of curiousity, how recently did you start? Since your THM rating is Wizard. That must be some hard grinding.

hey folks! It feels like I've bitten off more than I can chew after diving in to some of these courses. I've been doing tech support for ten years now, and I want to move on past customer service. Defensive seems like a natural fit for me, but going through the Complete Beginners course, while I am able to progress with help from the wonderful folks over at #room-hints , I just feel a bit overwhelmed.

@rose sky It's very easy to feel overwhelmed when trying tomething new. What I do is try is learn at my own pace and tactle it a unit at a time. Never be afraid to aks for help or hints as in the real world - you will be working as part of a Team and have someone normally to bounce ideas off. This is my reasoning. Don't try and rush it - go sloowly, take notes as you go and remember to try google before asking. We are all here to help 🙂

❤️ thank you

I'm not so much of a note taker though, that may be part of my problem lol

I guess I just suppose in a field where Googling is everything

I just assume my resources are a bookmark and a ctrl+f away

Hi @rose sky I'm in the same boat in terms of getting overwhelmed with all the new things I need to learn and I'm from a completely non IT background (Legal) and it is taking me much longer than anticipated. I don't know if you'll find this useful but what I found is when doing the rooms on THM or other online labs get too much, I signed up to online talks and listen to them whilst working or reading articles that will help me build my knowledge. Also I find note taking can take a while so I take screen shots of the things I've done and add bullet points. Not sure if it helps but hope it does!

someone can tell me about purple team pleas

im already google but i dont understand what purple team will do

This might give some insight into where to look:https://danielmiessler.com/study/red-blue-purple-teams/

tks sir

TIL about purple team

Highly recommend against that

Google is wonderful, but your own notebook, organised in a way that makes sense in your head, will always be faster and easier to use

Once you've learnt something once you should not have to learn it again

That’s not what my dms say

Yes, but you're special. We don't expect you to learn anything

Good Idea. I just downloaded Turtl last night and might start my own notebook there

it's been like then years since I've taken notes

jopin and obisidan are also good! I will check out Turl too as I need to migrate away from note books to save the rain forest.

Taking notes is a nice way of working towards an assessment/engagement methodology (the how/what/when of pentesting) 🙂

oh yeah also even for defensive I'd need to document plenty, huh

I mean as a tech support guy I take real-time notes all the time

stomps feet

Writing things down also helps you commit to memury atleast it does for me.

Here's a fancy slogan I'll throw around 😄 Operationalizing what-you-know 😄

Here's a nice operationalizing site to have an overview:
https://attack.mitre.org/ (offensive)
https://attack.mitre.org/mitigations/enterprise/ (defensive)

For any of the pentesting certs, was the scanning aspect of them pretty straight forward? Were they just like a normal THM room?

@broken notch To my limited knowledge each cert has an associated course and level of difficulty. If it is a junior level -course it willl simple as just testing what you learned like eCPPT and if aimed at a highish level - like OSCP/OSEP. LPT - it is not testing knowledge but you skill at applying the knowledge andthere may be more stickier. Follow what the syllabus recommends. practice, practice, practice and finally when you Try Harder - all certs will gradually becom strat forward. Hope that helps a bit.

Pardon me for the question but, is eCPPT the "natural progression" from eJPT?

@slate ridge Yes, In asense that once you understand the teaching format you can aim for their higher certs like people of Offsec - go from OSCP to OSEP or CCNA to CCNA (Cisco). eCPPT will set you up for OSCP if you also wish but a different teaching sytle I hear.

My studies includes a prep for CEH (without actually paying for CEH), and I for one would rather invest into eJPT -> eCPPT -> OSCP

Do you think that it'd be better to get straight to eCPPT or is getting eJPT worth it?

@slate ridge THM covers most of what eJPT does except for progamming basics (not needed for exam). I would focus on THM, just pay for eJPT exam as goodreviews and deep dive into eCPPT is my recommendation.

So I could do THM learning paths then take on eJPT?

I already have programming basics done and done, will have a master's degree by next year

Only "scary" thing is how dated my country is, still not acknowledging the need for infosec

Can't even get out for an internship in the EU, since they made it law that they only accept EU citizens

That's why I'm aiming for Certs, they could perhaps get me somewhere

@slate ridge Great! Forget about eJPT then and focus on eCPPT unless you want eJPT for taster .

With a masters degree you will probably get a work visa in the EU if that's what you want

Yes, nosfergz is correct! Masters are international 🙂

It's less about the visa and more about the fact that most recruiters prioritize locals and sometimes put a neat "Only for EU citizens"

Adding a cert will give you hands on experience.

They say that because they need someone that would have permission to work in the EU. If you have that, you'll be fine. I would look how to apply for a work visa in an EU country you like

I've heard from too many people that it's a must have by now so definitely working on these as soon, if not before, getting my degree

My degree's completion requires a 6 months internship beforehand, or a project worthy of the title of "End Of Studies Project"

aka something akin to thesis

I would assume you can do that in your country, then any EU country will be more than happy to give you a work visa

Again, I could defo get a visa (or try to) but not knowing my destination is not so cash money

And some student visa would allow you to work temporarily in the country, so not sure if you could do an internship with that

I'll continue applying for em either way, thanks for the info @glossy jetty @peak steeple

Gave +1 Rep to @glossy jetty

How hard has it become for EU citizens to get jobs in the UK? I see tons of entry level cyber jobs in the UK but I am not sure of the current state

Where are you finding them in the UK? I barely find any in my area

Anyone know about ghacking competitions with give away prizes

???

Google CTF this saturday

I would also suggest #infosec-general for asking about hacking competitions

@unreal arrow Thanks man

Gave +1 Rep to @unreal arrow

Depending on your age, I would suggest cyber start

How would study for security +

Looking through #resources is a good start. For 501 I used Professor Messer, Dion practice tests, and read half of GCGA

the google CTF is fun

I have a voucher so I'm wondering if I should take 501 or 601

601

501 is being retired in 2 weeks

Ah thanks so I'll study professor messers vidoes for 601

You're going to want to use more than just the videos. I should also mention that my degree is a BS in Computer Security and Information Assurance. Studying for me was basically a review of my degree

What wake would I want

I guess practices tests

I'm getting a masters in cyber security and domain one is my hobby

How do you think I could improve my resume for an entry level job?

Add proficiency/acquisition bullet-items that demonstrate working towards getting the skillset for a pentesting position.

Like hands on experience with nmap, metasploit, burpsuite, etc?

At first glance, it's not clear how that experience ties into a security position.

Like a Continuing Learning section that includes cyber learning platforms, taking courses, preparing for certification exams.

Well, I'm 20 years old, finishing up my associates in general studies- I don't have much experienced other than self-employment experience,

Because they're not IT or infosec jobs, I certainly think you could tie them in

I'd rather put what I have

Yeah, but link it to what they're looking for

hmm, yeah true

Transferable skills especially

I think the fact I self-taught music production and learning my way thru the DAW is transferable, right/

I mean- I didn't go to school for any of that stuff.

Just watched online videos and performed trial and error

Or, my own initiative to commission those projects; I think that could show some sort of management experience in some form, right?

So, a separate section entirely? Not a re-heading of the additional information?

Renaming it might work. 🙂

ooo- thanks for the clarification 🙂

Gave +1 Rep to @distant pier

well, and both of you, your help overall ofc

always appreciated ;0

The thing with CV/resumes is that they should be tailored to the individual job you're applying for. It's hard work, I know.

Have a master CV, the original copy, and modify it as required.

Well yeah- I mean, I agree completely, the thing is; It'd be so much easier if I had IT experience to delete my music experience

BUT, you see

as someone with no IT experience, I feel like listing the music exp at least helps me a LITTLE

You have experience of sorts, and you're young so probably not that much exp expected

Yeah- I'm 20.

But you can include the transferable skills and show how it's relevant

I mean, for managing my own business I think that's transferable to some degree, yeah?

I'm also twenty, but I have the benefit of all IT experience part time for a while

So, under the music section:

Could I mention something like, managed my own business, -> tie it in with how it'd be useful with pentesting

in a sense?

Dang dude I need to get an LLC

they're defo gonna ask

oo dude that's awesome though

Focus on the transferable and soft skills, preferably with some context

glad to see someone in the same range

mhm- that makes sense

There's a lot of people here between sort of 16 and 25

so, keep the music section, but tie it in more, perse

I'd massively develop the education section too. You're young, it's important. Especially if anything you're learning is related.

Well, I've heard varying opinions on this

Like, judging my resume off of age, it's apparently illegal to do that

What

So someone recommended me to keep the education section clean

It's not that it's not clean. It's that it's empty. Sparse

Like, they can't discriminate against age

Yeah, of course.

So, I could add my highschool diploma

I don't know how US resumes work there

But I mean, I feel like it could hurt me more than help?

I have two award I received from the principle in highschool

so if I mentioned highschool, I could mention those, I suppose.

One was because senior high I decided to do an act of kindness and hold a specific door in the building open, every day after lunchj

for the whole entire year

Idk what you're doing at community college, but again I'm sure you're getting transferable skills

and then, another was awarded because I act with purpose, and the administrators saw that, specifically when I was under pressure every morning with the morning announcements; I was a leader in regards to my video and media class, making sure OBS was set up to record every morning, etc.,

In my first semester of comm. college, I took a public speaking class- I thought that would be helpful to mention

I'm just figuring out how I would best word that

Yeah, so you haven't listed classes etc

I mean, should I? wouldn't hurt

I have my study topics listed with very brief descriptions of what they cover

yeah that sounds very wise

I mean, at least the formatting/hard part is out of the way

My degree is a cybersec degree

Yeah that helps a lot

I guess the tough part for me is going to making it "transferable"

so I should "delete" my points that I have for music and re-brand them to be more directed at soft skills?

Is what you're saying?

No, I still think it's important to list what you did in that role.

Just, as a part of that, try to develop and relate it back to the role you're applying for.

For my public speaking class, would it be strong to mention that I got a 90 or higher on all my speeches?

in some way?

No idea

"• Public Speaking, with four various speeches up to seven minutes in length. Outlined the speeches for articulate delivery." maybe?

Maybe I'll add those awards from high school in the additional information section

The about you paragraph on your resume should be in a cover letter, not your resume. If you came to me with music producer as experience, I wouldn't take you seriously as a candidate. If you don't have direct job experience, you should speak to your technical experience in others ways, maybe through a blog, proofs of concepts you developed, or cyber related activites like THM, or HackTheBox, etc. If you plan on taking cyber related coursework in college, list the sorts of projects you've done and course related achievements. You don't need direct job experience to stand out, but you do need plenty of activities to show that your engaged in the field and understand the core concepts

And if you can, get a certification.

I'm working on my sec+ ; mentioned that at the bottom. I understand you might not take me seriously, but I'm sure some of it is mentionable, right? Like, I'd hate to start from the very bottom. Surely some of the management with my own business can be transferable.

I'm in college for an associates in general studies at the moment- looking to pair that with certifications and activities, like you mentioned. This is an entry level resume. I'm looking to get opportunities for IT to be put on my resume.

Some resumes have a brief paragraph intro, some don't - it's a toss up.

I'm not totally sure what to do because some will be hardly for it, and others will be hard recommending it. It seems very subjective.

Also bear in mind that a resume, if read by a person, will be scan read top to bottom. Most important stuff first.

So security stuff near the start

Very true

Additional information would include my certs - how would I put those at the top instead?

Transferrable sure, but the idea is to not have to explain how your business experience makes you a good IT candidate. If you have a strong portfolio of directly related projects, like in a Github or Portfolium account where you can show off you skills and knowledge, you won't even need the business part in your resume.
I'm giving advice based on my experience trying to get my first cyber job, the only thing I've left in my resume that isn't directly related to IT in some way is my military experience

That's totally fair, and I REALLY appreciate you being so constructive. It's very helpful - I'm just a little disappointed that my music production experience/business management experience can't go as far as it sounds like I'd want it to.

I had like a couple of long sessions with the careers people, rewrote my CV, then got a cybersec job

Yeah, I mean- I'm sure there's stuff that I've done that I could put on my resume; it's just either so long ago, or I don't really feel like I immersed myself enough in the cirriculum to safely put it down

I know it's a little different over in the states, but a lot of the info is general

Like, there are some silly projects I made doing my web development course I got from Udemy, where I made simple landing pages

I mean, I could mention my endeavor to learn front-end web-development on my own, couldn't I?

Those types of projects aren't silly, you just have to flesh them out into something you would want to show off

Idk, I've always seen those things as not so amazing or incredible

Saw coding more as a little hobby of mine than anything; lots of those projects are hard to find now also

I mean, they exist, but they're very unorganized in a folder somewhere

I suppose I could upload most of them to github?

Idk if they're worth showing off though.

So, you're saying, get rid of my music self-employment in it's entirety

and the graphic design

and just fill experience with other things?

The idea is to show drive and initiative. An employer knows they are looking at an entry level candidate, they won't be expecting the pro, but they will be looking for that motivation and learning mindset that make fresh employees skilled employees very quickly

I mean- I would argue I have that drive and initiative; it's shown through my music and thousands of unreleased projects. My 6 years of experience self-taught. My investing experience through self-teaching myself how to read-charts through YouTube videos. I'm pretty confident at least some of that could translate in some capacity. My difficulty is 1) where to put it, and 2) how to word it in an attractive manner.

I don't disagree!

Dealing with clients, showing customer service experience with those people- I can communicate well with my clients, and I receive great feedback.

I just don't know exactly where or how to mention it on this golden ticket, that is, my resume.

You don't, you write it in your cover letter.

you can always throw testimonials on your resume if its relevant

I mean, it's not really in this case- it's thru my graphic design / music production; this is an IT resume.

Immediately it seems, only IT things apply here

if they speak to your character it wouldn't hurt to throw in

I'm sort of at a cross-road and I'm quite confused what would be safe to mention

"Day is a hard worker and always great in projects blah blah" something like that is worth putting in

I just feel like my resume is different than most because of my unique experiences. I'm not like the typical high school student that will have mcdonalds/retail on their resume

I'm at a different point in my career so showing you my resume won't really help, but I got my first job in IA with a Sec+,Linux+, and the Cyber Security Essentials course from Cisco networking. The only job I placed on my resume was my 4 year military career, which was in a completely unrelated field

It's going to have to be articulately worded, precise, and clean- I'm going to have to think about the best way to word things.

I mean- that's really helpful stuff; I'm working on my Sec+ and I'm on track to have it completed before November. I've allotted 3 months of study time.

Someone who reads a resume is not reading about you, but they are actively looking for things they are looking for. Maybe that provides an alternative way of looking at a resume. 🙂

^ bingo

That's very insightful. Thank you for that.

Gave +1 Rep to @distant pier

as long as you show you are capable of doing the job you are applying for - your background doesn't matter, over a year ago I was working construction and studied my ass off for A+/eJPT, passed, remade my resume and applied to about 200 companies, got rejected by 199

I apologize if I sound frustrated. I think I'm just overwhelmed. I want to get this right!

You guys are so helpful and I'm very appreciative of this community, so thank you. It means so much.

DANG

oops caps

Happy to help. Are you familiar with writing a cover letter? Thats where you can make your personal appeal to the hiring rep.

I mean- I've written one or two applying for a music job; obviously didn't get the job because of my resume being like 10x worse than it is currently, I'd guess, but yeah

Cover letters suck

i've heard and had very mixed results with cover letters so I won't speak on those

I've written a cover letter before.

They're slowly going away

It seems all people want are resumes

I think a tailor-made resume is much better, if they require a cover letter to get past HR I really don't care to work there anyway

like, your resume is your golden ticket

that's it

Cover letters suck, but if it comes down to someone who did write one, and one who didn't, guess who I would want to be

After your in your first IT job, dont worry about writing one. But for entry, do.

I don't think I mind writing a cover letter.

What if they're not requesting one though?

good advice, I 1000% will never be writing another one lol

Send one anyway. Most application portals will accept supporting documents

What if they request via email?

I sent my resume (im starting to cringe now cuz I sent what I sent in chat) via email as per request, for an internship

Then once your foot is in the door and you develop a good reputation, ask for letters of reccomendation from your supervisors and replace a CV with signed letters of reccomendation

sounds like a security issue but cba

CV being your cover letter?

correct

Gotcha

Would a teacher recommendation look good or no?

absolutely

highschool?

definitely

What? CV is not a cover letter!

Yeah, I thought CV was a resume

CV is the UK/EU resume

Curriculum vitae

weird, ive always heard cover letters being referred to as cv's here

either way the point is the same

Dang- well, either way; it's understood what you're talking about

Well, I guess I didn't realize a letter of recommendation would be that useful

I can get one from my senior high cyber teacher?

Would that look good?

As long as they are willing to say nice things about you lol

Yeah lol of course

I'm a college sophmore now though so idk how much they'd be able to remember about me

Also, are you allowed to see your letter?

Like, could I have the letter on standby?

of course, your going to be the one sending it in

Ah- for my college recommendations I didn't have the ability to read them

sorta sucked

is there a limit on how many I should get?

Like, I could probably get 3 guranteed

all tech related

video media teacher, cybersec teacher, and web applications teacher

I always do supervisor and upper manager concurrence. Since yours will be school, one or two I think would be plenty

cyber and wepapp teacher is who I would pick

yeah, agreed

just ask them to speak to your character and your coursework and sign it

So I guess, I'll awkwardly write an email to them lmao

it's been a year or two lmao

Trust me, I did it, lots of other people do it, its how you get ahead.

I also needed to email my cyber teacher anyway, so

Having other people willing to vouch for you and put their name on something means a lot,

especially in the professional world

Do you think this is alright?

``Greetings <teacher>

I hope you've been doing well; it's been quite a while - I'm reaching out to you because I'm working on updating my resume and getting things nice and professional for the information security field, and I was wondering if you would be open to writing a signed letter of recommendation about me, speaking in regards to my character and my coursework. I'd really appreciate it, and I really hope you've been doing well. Thank you so much for everything you've done. Wishing you the best.

Kind regards,

David <last name>``

I might want to mention there's not really a said deadline;

I know some teachers don't want a letter request last-minute.

Looks good! One big tip that I've learned, and its a bit of a knitpick, not to thank someone for something in an email before they agreed to do it. Maybe flesh out the "thank you" a little to specify thanks in relation to the class and not for the letter

Ohhh I gotcha

you just dont want to seem presumptuous

I hope you've been doing well; it's been quite a while - I'm reaching out to you because I'm working on updating my resume and getting things nice and professional for the information security field, and I was wondering if you would be open to writing a signed letter of recommendation about me, speaking in regards to my character and my coursework. I'd really appreciate it, and I really hope you've been doing well. Thank you so much for everything you've taught me in the class. The certifications in the Microsoft Office Suite were very foundational and applicable. Wishing you the best.

Like that maybe?

It's also a lot more common in academia, not just in the EMEA region. Many professors maintain a CV, not a resume, that covers their entire research history. One of the EE lab directors I know has a CV that was 30+ pages and included references to all the students he graduated with a PhD or M.Sc, as well as every published paper he contributed to.

maybe, "I really enjoyed my time in your class, thank you for your insight and expertise, it was a pleasure to learn from you"

Ye, but we don't do résumés here

Good to know! I've never really thought that much about it

should I mention after that, 'If you can't do this, I totally understand. If you can, there's no rush. Wishing you the best.'

Nope, let them tell you if they cant or wont

Oh ok

and shouldn't mention a deadline, right?

I'll let it be in their court

if you had a deadline, you would put it in the request

they'll ask about it

but since you dont, let them sk

exactly!

Sent 🙂

Thats great! I hope it goes well for you 🙂

subject line is letter of recommendation

is that fine?

request for

ah crap

sent the other one already

but for this one I changd

its ok

dont worry about it

kk for this next one

I need to tie two requests into one email

Subject line and email

those should be two different emails, just off hand

you think this looks fine? I'm trying to be as non-awkward as I can to a teacher I haven't seen in two years

Your surname was in there

oh nice

You've redacted it so far, so I deleted it

tyvm

much appreciated

I mean, I should write from scratch then?

Not try to morph it with the other one lol

I didnt get much more than the subject line

but yeah, definitely two emails

1s

one is a personal request, the other is school related

Request for Letter of Recommendation + Question about accessing my locked <school> account

Greetings Mr.<teacher>!

I hope you've been doing well; it's been quite a while - I'm reaching out to you because I'm working on updating my resume and getting things nice and professional for the information security field, and I was wondering if you would be open to writing a signed letter of recommendation about me, speaking in regards to my character and my coursework. I'd really appreciate it, and I really hope you've been doing well. I also had a question regarding my locked <school> account. Would it be possible to be temporarily unlocked so that I can access my data and perform a Google Takeout? I did this near the end of the school year but my account got locked before I could download the zip file. I really enjoyed my time in your class, thank you for the insight and expertise, it was a pleasure to learn from you. Wishing you the best.

Kind regards,

David <name>

ahhh

so not merge them then?

right, always separate personal email from non-personal.

gotcha

So, just send the typical letter of recommendation

and then make another one for the question

I could use what I already typed though?

Shoudl i wait between or send both?

also, you don't really need to say its been a while, they know

😂 true

the reason I say to separate them is because they might have to CC or forward the school request to someone

oh yeah

and you don't want the letter request going to someone unintended.

there are lots of unwritten email etiquette rules youll learn over time

I said I hope you've been doing well twice o.O

xD your just nervous

i'm removing that lol

kk i sent it

gosh its been forever

only a year or two but like dang

so should I send the other one right away?

Sure, no harm in it

oh no

my cyber teacher's email is disabled

wtf

he talked about leaving

😭

If you know their name and where they might have been going, you can look them up in faculty directory

Crapp

the email isnt valid anymore

I have a friend that has his number though

he's really privacy aware

gonna be hard to find his stuff

If you'd like an example of my resume or a cover letter, or even my letter of reccomendation I dont mind sharing them with you. Just need to redact some PII

yea thats fine o.O

I actually just went through the hiring process, so its pretty recent. Give me a few

crap dude

This teacher would have been cool

idk where he went 😭

might of got fired lmao

he did some crazy stuff

Very nice o.O

Dang that's nice stuff o.O

Is it normal for a resume and stuff to stress someone like me out a little? Lol

Idk- I'm still transitioning from that school -> business aspect of things.

is this another recommendation or part of cover letter?

my actual resume

ohhh

this isn't one page is it?

its like 3, which is on the longer side

after some point you can't do 1 page anymore, right?

I don't personally, but some people swear by short resumes

and yes, resumes are stressful. that never goes away

bruh idk what to do

i think I need to take a break lol

been thinking about resumes since 3pm today

right on

Id say you earned it lol

lol

I'm still sad I cant reach that one teacher

I guess I'll try the video & media teacher instead

as a backup

Oo

The class is less important than what is said in the reccomendation

they are more speaking to your character and quality of work, than what exactly that work was

The video & media class was where I really shined; that teacher is forever "wow"'d by me lol

He's the one teacher who I'd say would hands down be happy to do the recommendation

then thats who I would have went with first lol

I asked him during when I was applying for colleges but he forget about it

should have led with that

lmao

well, both the web teacher and this teacher

they both speak highly of me

😂

the web teacher recommended me when my guidance counselor had to solve a problem with a school and they wanted me to create an excel sheet to carry that data

lmao this was a while ago- why didn't I think of it?

sounds likes your in good hands then 🙂 if I were you, I would create a github account or a blog site and start doing writeups on all the THM rooms you complete

she got me chikfila as a token of her appreciation lmao

oh nice!

Yeah I created a github

I have a site but I need to touch everything up

I'm trying to make my personal domain dedicated to a "resume" thing

so at the bottom of my resume I can say, check out this site for projects, blah blah

you know?

and it has linkedin, github, etc.,

writeups on even the beginner rooms?

yes! many application portals will even give you the chance to paste your links

If you complete it, write it up. Your successes, failures, and lessons learned

My email is my own domain too- I thought that would look more professional than a gmail

Is there a given format for a write-up?

Even if it's a SIMPLE room? Like, linux/windows fundamentals?

Doesn't matter, write it up

Dang ok

if its simple, take it a step further

do you have any example writeups?

I want to get an idea for the format

You aren't bound by the confines of the room, those are just the bare minimum

Is it just explaining what the room is about, what you learned

like, chmod is this, does this, etc.,

cat does this

and then windows, cmd, cd = change directory

things like that

?

Do some googling, there are lots of writeups out there, part of it is finding your own style and adding you own intuition/thoughts

Github formatting is different than word right?

That's fine though I guess

I would do a blog site of write-ups but I have to get a thing that will be permanent; my site I'm unhappy with atm

I can't find a nice portal thing- wordpress is clunky for my personal "portal"

with wordpress

https://cmnatic.co.uk/

Cmnatic's my reference 😂

any ideas?

Might have to code it from scratch ;/

Seems simple other than the responsive part

Dont lost the trees for the forest

If you arent trying to get a webdev job, dont worry about the frontend

yeah but I mean

even if its templated, just make it look presentable and easy to navigate

I'm trying to make a nice portal page

I cant find a nice template for wordpress that's as similar to it as a portal

it's clunky

I need a better CMS

looks like the page you linked leveraged jekyl

ayy im gonna take a braek but its been a pleasure talking and I really appreciate all the insight you provided. it means the world dude- sent you a discord friend req; would love to keep in touch.

yeahh- it's not a problem to follow directions if I self-host, but idk how to use this under my current webhost

Happy to help, good luck out there!

ask CMN? they are on this discord right?

yeah I reached out to cmn- he offered to host it for me 😎

but I mean,

I'd love to use my own webhost if possible. I'd hate to have him do that. I'm sure it wouldn't be in his way though

very kind offer nonetheless

maybe just ask for help on how to do it and then do it your own way?

i would self-host if I knew I could have reliable up-time

there are always smarter people in the room, I try to learn as much as I can from them

i'd be hosting on a pi and I dont know if I can ensure my pi stays up at all times

plus it'd be pointing out of my own house

sort of risky cuz self-host with IP

in any case, do some research, find the best solution for you, and worry about the details down the road

step A > B, then work B > C

heck yeah- sounds great; I'll do some more research

yeah exactly

🙂 You got this

😉 appreciated as always man

ttyl

take care

I have a doubt that I am pursuing ceh currently and I wish to do a job at the same time any idea what role any company will provide me by knowing my certification isn't completed yet

Guys I again need some help

WAF+L7LB+Firewall
Or
WAF+Firewall+Network Load Balancer+Ingress

it all depends on the purpose and honestly, this is the wrong channel for those type questions

Okie Dokie :D

Hello guys

hello hackers

Hello guys! Has anyone ever gotten a job in the cybersecurity area just by leveraging skills learned through THM?

This is a great question. I have not seen it directly but I recently saw an article that stated hiring managers are looking more at "non-traditional" paths for job applicants. There is such a shortage of cyber qualified candidates right now hiring managers need to consider all options. With that said, I would recommend adding your skills learned here to your resume/LinkedIn to show that you are practicing self development and learning skills.

Thank you so much for the response. Sounds like a good thing to do to showcase what I've learned on my own!

Gave +1 Rep to @fair cypress

I sat w this guy the other day, he says application development is way better than cybersecurity in terms of income. What do you guys think of his statement?

Depends on the organization and what the business goals are. App development immediately provides business value in the form of a product that generates income; security does not normally bring money in and gets a lower priority for increased budget

How about this example, you've got 2 firms.

Firm A is cybersecurity focused and provides services in that regard. Whether its penetration testing, or defensive operations to a business/company etc.

Firm B is mainly focused on application development and offering to create apps for different companies depending upon what their vision is.

I know this answer would be based on a number of factors, and a simple answer wouldn't suffice. But, which one would be a safer bet for the future?

Again, I realise and understand the description I've provided is abstract.

Again, depends on the org. Firm A would probably be something like CoalFire or FireEye. They won't have a lot of developers, because they aren't providing a product or product support, they are providing services. Firm B may or may not employ dedicated security teams, and if they do, security requirements are going to vary based on who B is providing the product too. Government, especially 3 letter, agencies or financial institutions have wildly different security requirements that they must adhere to; developers and cybersec ought to make roughly the same in that situation. In a firm that doesn't prioritize security over everything else, developers will likely make more, based on what value that developer provides. IE, a fullstack dev will probably be paid more than a backend dev.

Thank you so much.

Gave +1 Rep to @flat sedge

Just want to add to the conversation here. In all my research, both job sectors have clear potential to get into salaries within and above $120k a year (USD estimates), but as mentioned, it depends on the organization you work at. And if you're progressing from either no career yet, or a career that previously only made $30k peak a year (like me), then any kind of increase is nice. In my opinion, getting into the fine details of which job could make $120k vs $130k is splitting hairs. Try to pursue the one that you feel can provide you with a comfortable living and that you enjoy more.

How can you get something posted on the jobs boards… I’m a security architect for a large UK company and we’ve got openings for SIRT, SOC analyst (L2/3) and security testers in house

Ask muir!

Thanks!

I didn't scroll up to see the question was about pay. It probably depends. In my experience, the average cyber security person will make the same or more than an application developer. Now there are certainly one offs, like plenty of stories of top tier developers in Sillicon Valley who make $1 mil (that is including stock options) but they also live in a place where the average home price is over $2 mil. In cyber security, to make that kind of money, you either have to be a CISO of a major corporation OR have your own independent business (think of someone like TheCyberMentor).

Ofc

I'm just asking about it bc me and my friend were debating about it

Me and him both agree that it's easier to make an independent business when it comes to app development

sure, but then you are also competing against people who live in low CoL countries who will work for pennies

Hi guys! Would you prefer to work for MNC or Government?

The big thing about being in business I have learned is a lot of it is convincing your customer about the value you bring. While there is certainly competition, do not let competition scare you from competing in the market.

Working in Government seems to have it's own Pro's and Con's especially in the US, if you have student loans there are ways to get them forgiven and there are some nice perks. However you will likely make less then working in the private sector, and when I say less I mean "A LOT LESS"

In the UK, gov jobs have really great pensions (or at least used to?) But have a different hiring process and I'm not sure about the pay.

UK gov pay is rubbish for cyber unfortunately that’s why most the talent is private sector

In the US a lot of pensions have gone away completely, there are still some but the closest thing you tend to find are 401k's.

We have our state pension which I believe our national insurance goes to which every one is guaranteed then companies put in as mandatory per regulation into an employee pension for that company

Then you can have a private one as well but all this does is make a massive pension pot mess with 20k here there and everywhere if you move companies frequently

I know one of the benefits in the US if you own your own business is you can have a single business owner 401k.
https://www.investopedia.com/retirement/401k-plans-small-business-owner/

Cybersecurity for the govt (nsa or DoD) pays less than elsewhere? like for banks or consulting companies? genuinely asking

Yes

what's like an average or range would you say for them

Depends on the job, but I have seen senior security people pulling 175-200k+ in the private sector, I have not seen that in the public sector.
The only source I could find specifically for the NSA salaries was on glassdoor
https://www.glassdoor.com/Salary/National-Security-Agency-Salaries-E41534.htm
That being said a lot of government jobs are based off the GS which tops out at 143k
There are exceptions though.
https://www.opm.gov/policy-data-oversight/pay-leave/salaries-wages/salary-tables/pdf/2021/GS.pdf

hmm

Here is an example of a government job with GS 14 that is 110-159k
https://www.usajobs.gov/GetJob/ViewDetails/607323300

im doing some research as well. this is interesting! thank you

Lots of pro's and con's both ways, either way you can't really go wrong.

But if your interested in working for the DoD I think you can still get college paid for through cybercorps
https://www.sfs.opm.gov/

what would you say are some basic pros and cons for each?

i did actually apply for the SFS

if it's not too much haha

Well, for one, I work in the private industry and also have my own business. I work multiple jobs, a lot of that can go out the window when working for the government because of conflicts of interest and anti-moonlighting policies. The pay tends to be a little lower for the position, and the private sector is very chaotic. You can be thrown into a lot of frustrating situations that make absolutely no sense and have to deal with plenty of corporate pursuits that very well may stretch your ethics depending on the company you work for and what field you work in. On government jobs, I can only tell you what I have heard. I have done work for the government as a contractor but not a full-time employee. The government moves slow and is slow to react but is predictable and meticulous in its decision-making. This sometimes means a more predictable pace and fewer turns. The government generally gives better benefits, is normally more stable, less chaotic, and with notable and debatable exceptions. I would argue ethically you might feel better than working for a company since, depending on your position, you are helping protect US citizens and government assets, so there is a patriotic sense to it. Of course, you could always be a contractor and more or less still work for the government full time as well.

thank you for this response! it makes sense now 💯

Gave +1 Rep to @worn spire

Also if you can get equity, go for it

Gov pay is also capped. Like I know I make over the gov cap.

I also was thinking of maybe going for a gov job in the EU or a hospital job. Partly because of ethics. Though I am not sure if it is the best place to start a career

Same, I couldn't work in Gov right now, it would be a big paycut for almost any job except a rare few.

I think Healthcare IT in general is a good job, I have some friends in healthcare cybersecurity that are doing very well.

yeah, healthcare IT is something I think that does well.

Any one know the entry level position ,

Did they start in healthcare?

or like on an entry level

That person specifically did not, however it doesn't mean you couldn't start in healthcare. The thing about cybersecurity to remember is that it is a sub-discipline of IT that has gotten big enough to be it's own category. A lot of things you do in cybersecurity you still have to have that IT background. I see far more people transitioning from IT to cybersecurity then entry level cybersecurity jobs. That is something to keep in mind, a good strategy might be getting an entry level it jobs that can transition quickly into a cybersecurity job, such as a systems administrator.

Is SOC usually windows or is it 50/50 windows/linux?

@thorny cloak Great question! Depends on the org but normally you will have a mix. In some organizations you even have a combination of Mac's, Windows, Chromebooks, Ipads, Android tablets, and IoT machines(like raspberry pi's that monitor production of wine or beer production).

Roger that. I do see SOC as entry level on the blue side, but Ive been focusing on Linux.. as its usually the choice for offensive. Its also most of the beginner path in THM. I have to commit some more time to Windows. Thank you @worn spire

Gave +1 Rep to @worn spire

No problem! Do the pre-security pathway if your a subscriber, it has some heavy focus on Windows and I think that will help a lot. Another key area is doing the active directory rooms.

something about THM... the more attacking I do... and I love it. I love even getting that user.txt.... but the more blue grows on me

@thorny cloak At the end of the day we are all a bit purple. Without blue team there would be no purpose for red, without red blue could never improve. Most orgs are hiring for people that have a good understanding of both.

Thats exactly what ive found looking at job reqs/preferred. I think im going to do the defense path for a bit... before i finish with the beginner path

Does defense, maybe not SOC so much but blue in general also write scripts?

@thorny cloak It depends, when I was a Lead security engineer we would write scripts, but they were very specific scripts. For example, we would use elastic stack for our SIEM. We would write custom powershell/python scripts that would send log files over https in json format to our SIEM. In that way we could automate various tools and have them ingest the logs in the SIEM. For example we took the output from Norton Power Eraser and then wrapped it using PowerShell to send logs. We used automation over PSEXEC to automatically kick off Power Eraser scans on any computers that seemed suspect(like after downloading a strange file, or visiting a strange url).

It all depends on the technical level of your team, some teams will do that, I have met some "security professionals" that can't program "hello world!". It all really depends, it's certainly an advantage if you know how and can show in an interview how you can automate security processes and bring efficiency. The big part of the interview is when you get a chance to sell yourself and your skillset. One of the biggest issues i see in new applicants is not being able to show how their current skillset will benefit the org. If you can show your value, it's a much easier hire.

Ive been purely focused on red.. So I gotta google a few things from your first paragraph. I do have an engineering background so the coding is not an issue but explaining how you use it... I had no idea that was even a thing. Im gonna get going with the cyber defense path... close to done with the beginner path but its almost purely red. Im the same % at beginner path and pentest+ path without entering that path once

Do you mind if i PM at some point when i dont have basic google questions?

Do you practice blue here in THM?

Absolutely!

fascinating. I came here to learn from scratch and see that a lead sec engy still practices.. I havent discovered 5% of this place then

I do mainly VCISO work now, but I keep my technical skills up to date as much as possible 😉

hats off to you, congrats on the climb

10 years, it's not an impossible climb

@oblique forum Do you think these are all closer to IT related?

`` Produced an excel spreadsheet for my high school guidance counselor to propogate data with relevant charts in order to propose a change in a school related meeting.

Innovated highschool daily morning broadcasts to run more smoothly by switching out the broadcasting software and delegating students to manage different positions.

Created a python script to efficiently search for available domains by concatenating two word lists and appropriate TLDs, exporting a desired amount, and copying to clipboard and a randomly named textfile for personal use.

Acquired hands-on experience with configuring Cisco 2960 Switches and 2901 Routers, such as: vlan configuration, enabling ssh encryption, enabling dhcp, disabling telnet, enabling trunking, displaying arp tables, etc.,

Coded landing pages with HTML, CSS, Javascript, and the Bootstrap 3 framework through an online course and self-ambition.``

Any one want to join my team in Google CTF, here is the join code

Hi all

What's the google ctf?

HI @hazy sky

https://capturetheflag.withgoogle.com/

Hi there. Also deep into cybersec professionally I just read

Yeah, no doubt that government’s career tend to earn a lot lesser but what do you think about career prospect and learning opportunities between both Government and MNC?

I would also like to add you can work in government but not be employed by the government. DOD Civ is a lot different than DOD Contract and you can work on cool government projects but get paid like private sector

Do you think this resume will help me land an IT Help Desk job?

https://images.imdavidday.com/i/c68352jANRoh653t

Personally, I'm not a fan of "modern" resumes. I wouldn't put a summary, that's what a cover letter is for. The work history I would replace with experience and tie those jobs into the job you're going for. Lastly, skills you need to make sure you're solid on everything you list. I got burnt in my IT internship because of it even though I thought I had a good understanding of what I was listing

that's all really fair advice- so for "work history" heading, changed to experience, but keep the same content?

So top down would be:

Title with contact information
Education
Skills
Experience
Extracurriculars
Projects (personal or otherwise)

And yeah- I liked the traditional format but the template couldn't fit everything

Website portfolio and profiles would be the contact information

I think contact at the top would be the best location

Yes that's what I am saying

ohh

move sites to top?

You have a lot of blank space at the top

ah yeah- make the heading less big

and then I have a little more room

Yes if it's a personal website, social profile, etc it goes at the top

Also by moving to a singular column you'll have more space

well, I have another template I really liked but let me show you how it looked, 1s

I need to redact some stuff

AwesomeCV is a good template

It uses latex and is dead simple

oh nice I'll play around with it o.O

free?

This is the right template?

https://images.imdavidday.com/i/RZAQtlZGqJXonVJJ

I agree w your summary idea btw I just know it's sort of subjective- some people like it, some don't

Yes that's the template

I removed the color though

yea understandable

so what about skills?

Fixed

so don't include work experience at all?

or put that in experience

That's what experience is

keep everything in my resume I showed you, just with a differnt header?

Lemme see if I have a redacted copy of mine

yee nw at all

Here is one that's about a year old

I cut the top for obvious reasons

oh yeah totally fine

Just put the AwesomeCV header there and it's a full page

and it doesn't go into 2 pages at all?

That's clean

Nope

this awesomecv thing looks great but it might take a while to change everything yeah?

If you try and print a paper copy you might have some issues with borders but it fits and can be read easily by robots

oh- definitely noted but it shouldnt be an issue

Looking for a job is a full time job in itself. It's worth the time and pays for itself with the robot readability

oh yeah I bet

so cv.tx is where all the contents are?

tex

I think i renamed mine

I don't remember

One is a cover letter and the other is the resume

ahh

I shouldnt need the cover letter for nwo

Once you look at the code structure it's actually pretty simple

I always include a cover letter

And write a new resume for each application

For position, if I'm seeking an entry level job , should I put my title as that?

even though I've not held that position before?

What? Don't lie

oh nono - wasn't intending to lie at all; I guess I'm just confused. Do I put ANYTHING there? Like,

I could put Music Producer, but this is an IT position- I'd rather leave that blank.

I got my job, as a Cyber Security Engineer, with lifeguard, cook, and a 3 month internship in my resume

Oh wow

That's why I said tie your old jobs to the one you want

I guess to better reword my question, I'm just wondering what title would work best

just because your experience isn't directly IT based, there are inter-changeable skills e.g team work, communication and problem solving

IT is problem solving

I can understand that; the thing is, SO many people told me SO many different things. It's been frustrating as hell.

Talk about problem solving skills in your little job descriptions under each job

Like look at my lifeguard entry under work experience

Well I mean, I thought I listed some transferrable skills under my past experiences in the first thing I sent - are they not transferrable enough?

I talk about management and planning skills

that's mainly due to no job being the same, every position/recruitment manager will be looking for different things so everyone has varying experiences

Yeah- I totally get that. You're completely right.

And then during my interview I was able to talk about those planning skills that I developed at that job and how it applies to the cyber domain and so on

so you just completely skipped helpdesk?

I may need to completely re-evaluate

The Defense Contractor internship was an Enterprise IT internship

So pretty much yeah

because I'm studying for my sec+; my goal is to get my foot into the door with IT one way or another

I got torched during the internship and learned some valuable lessons

A soc would be a major goal of mine to be in

Sec+ is a good start

end goal is pentesting, but I mean, one leap at a time

yeah- I'm looking to take it in November

Do you have any military installations near you?

sooner or later, depending on how I feel

They are always looking for Help Desk

there may be; the only reason I'm somehwat interested in helpdesk was to get my foot in the door with IT, but if I can completely skip it, that's cool too

Like, if I can just jump straight into infosec, that's rad

being adaptable is usually the easiest way to start in IT, helpdesk may be the job you land first, or you may apply for junior pentesting and get it prior

Until you start actively looking you'll never really know what your path will look like

I got my shot because literally the only requirement was have a Computer degree and I guess I interviewed well

Yeah , I mean- I really just want to start somewhere; my first goal is to get in IT, period. It doesn't matter what it is.

Now, that door has closed, at my company anyways

Yeah, dang- I just wish resumes were less subjective, but like you said @lofty ibex - every hiring manager is different. I've spent so much time this week trying to organize a nice resume, trial and failure, get knocked down, but I'll find the right way to do it. I really appreciate your guys' feedback as always.

After a while you get a real good grasp on what type of resume will get you an interview

Yeah, I mean- the other thing that sort of plays against me is that my music + graphic design experience is all self-employed, under myself, so I mean, not every person may consider it a business

I have yet to get an LLC license- started taking it seriously this year

And ideally, I wouldn't want to get a fast-food/retail job, honestly; I really would love to jump straight into the workforce.

But you can spin that, because it's self employed you've had to develop a strong sense of self-discipline and time management to meet client expectations while still developing excellent interpersonal skills to provide the best experience to the client

Yeah exactly- I mean, that's how I see it anyway; some people beg to differ though. Subjectivity...

Like, idk- I need to stop floating in the wind and anchor myself to one idea and stick with it

I keep asking people for suggestions and then try that idea and then someone tells me something else and I'm spinning in circles.

Sadly until you land a role, you kinda have to be a jack of all trades unless you really tunnel into one area and go ham for it

Yeahh.

like my experience and advise coming from a pentesting background will 100% be different to someone working in a soc

Well that's just the thing

I want to be where YOU are right now

Like, I'd love to get a job as a pentester out of the gate, but that just seems unlikely

with no prior experience other than my self-employment?

It's not the easiest thing and usually comes down to connections + location

That just sounds like a crazy feat.

I went straight into pentesting with no degree/relevant experience

Dang

It's for sure possible but it's about putting yourself out there, if you're able to go to cons and network that's amazing value

yeah I'd love to go to defcon - need to convince my parents or move out before I can probably do that, but like, yeah dude

or get my actual license lmao

I only got a learners right now- been reluctant to get on the road and practice more often

a full license is an amazing self investment that'll stick for the majority of your life, unless you lose it somehow

Gov is willing to pay for a lot more then private in some cases. Banks and financial institutes and large companies are the exceptions.

yeah dude- I mean, it sounds great; I just often think of that one hand-slip where I go into the other lane, and it keeps me on-alert 1000% of the time I'm behind the wheel

I think everyone starts with similar fears but once you start going out fairly frequently it rapidly disappears 😄

It may be an irrational fear, but man, there's some things I just NEED to get over.

Hopefully time will get rid of that daunting thought 😂

I'm 20, for reference-

I also don't feel like there's an immediate need for my license b/c everything's at home/accessible for me right now, but I mean, thinking ahead, it might not always be that way.

But yeah dude, you and Moose raise completely valid points- I really appreciate you taking the time to chat; it means the world. I get frustrated at resumes and business related things that seem so subjective sometimes, but man, it's nothing personal. Thanks for sticking through haha.

Aye we've all been there! It's part of the reason we help out 😄

😉 dude it seriously goes such a long way. I was never taught how to develop a resume in high school until I got to junior year, and even then, it was a very VERY basic resume. School doesn't teach you the important stuff it seems. ;/

So here I am now, sophomore in college, looking to get my foot in the door, going for an associates, should finish sometime next year, and I'm having to adapt so quickly to this new world of adulthood where everything is fastpaced, professional atmosphere, etc., I mean, thank God I have some business experience with clients and my own endeavors, otherwise, I'd be completely lost.

What is the next certificate to go for after the Sec+ if you're interested in the Pentesting side of CyberSec?

Pentest+, CEH, or OSCP?

Well you can knock CEH right off that list unless you're in India or want to work for the American DoD

It's useless, and the company who offer it are deplorable

OSCP arguably has the best value of the three

Alrighty, cool

The DOD doesn't even want CEH, that cert is hot garbo

They certainly did until very recently

Although they added one of the CompTIA ones as an equivalent a few months ago -- either Sec+ or PT+, can't remember.

So, yes, while it will still help with the DoD, you're better off with one of the others 🤷‍♂️

Sec+ and CySa are both IAT approved for DOD, not sure about PT+, I am almost positive CEH is not. OSCP is def the way to go, but it is magnitutes more difficult than Pentest+

my company does a lot of gov contracts, any position that does anything with the Gov lists CEH as a 'highly desired' cert. I don't know about gov jobs directly but I do see that in our job listings

there are also a few people in Certification station who do work for/with the gov and have said they were told they had to get CEH so...

CEH covers CSSP only under the 8570, so there is a small subset of people in that arena that need it but for the large majority of the CSWF it isn't desired or there is another more desirable cert like CySA or Pentest+. Basically, if you want to work for the govt as a contractor or civilian, the 8570 is your reference point for what cert(s) you will need

of course but that doesn't also mean that they won't ask for or expect CEH

I'm not disagreeing with you, just qualifying my previous statement. For anyone interested, here is the basline cert table for DOD: https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

and I'm saying that CEH can be a HR filter and potentially even a hiring manager filter

8570 is why 90% of our Cyber folks have CISSP

regardless if they work gov contracts or not

Again, not disagreeing with you. Its also why im working CISSP right now. Some orgs will want CEH, most won't; its as much of an HR filter as any other cert. The 8570 is just a baseline, orgs can pick and choose which certs they want to look for.

you can still say most won't want it and I'll disagree with you on that because I see it so much in our job listings and have heard from others who work in other companies

but overall, the best way to figure out what you need for the job you want is find those job listings, see what they ask for and target that

In your small corner of the DOD that may be true, in my small corner it isn't. The DOD is massive, and it really depends on the job. In all of the CSWF, CSSP is a very small subset of the work force.

I'll say we aren't a small corner but... thats neither here nor there. The fundamental reason that it doesn't matter if its a garbage cert is the fact that people don't like studying for certs / taking certs as a general rule. And the value of a cert comes with if hiring managers are placing value on it and they often solicit input from their teams. And as long as people who have the CEH are part of the process, they are going to say the cert has value. Because honestly, who is going to tell their management 'yeah that cert you sent me to a class for & is one of the few certs I have, it is garbage'. Because people generally aren't going to devalue certs they have. It is why when my company has multiple bootcamps per year to get dozens of people CEH certified, I just close my mouth. I also have similar feelings about CISSP (when I took it, it was very very gov centric, had nothing to do with my job at the time or the many years since I took it but... its value won't lessen anytime soon)

although ISC2 isn't a trash company like EC-council so there is a slight difference

I completely agree. It is one of the major problems with standarization of the workforce, you tend to get the lowest common denominator which end up being certs like CEH and CISSP. While I think CISSP is a worthwhile cert, there is no doubt that it is a mile wide but only an inch deep.

I think studying for CISSP provides you with a baseline as the topics are so great but who knows, the test may be different now, it’s been 15 years since I took it

@pseudo creek and @boreal zephyr thank you for sharing. I'm in a similar boat as Jun and your experience sharing has been helpful.

Gave +1 Rep to @pseudo creek

Starting from scratch in Cyber Security- going through some formal training for Security Plus and CEH. Expanded role in my job, and this type of content is new to me. Fascinating and Mortifying all at the same time. Trying not to be overwhelmed by sheer amount of content. Learning all I can as fast as I can due to ever increasing threats. Will follow this thread to learn what I can learn.

I'd avoid CEH unless ur in India or America DoD
OSCP is a more widely accepted outside of those 2 areas.

Pentest+ is a good replacement for the CEH if it not required where you are as a base level cert

👍

also if you do the Pentest+ path you can get a discount on the test

hot garbo 🤣 im going to try and use this phrase once a day.

This is correct. If you are trying to be 8570 compliant go for the CISSP.

Although not helpful for entry level, Security+ seems solid for that

I usually see people get Sec+ first then go for CISSP. Sec+ will get you in the door, CISSP will get you promoted.

Should I go CISSP or CCSP if I want to my Cloud my domain? Some day I need CISSP before CCSP and others say I can do it alone.

I guess it really all depends on what your end goal is. If you think you need both then why not get them both?

I might need both and start of with Associate of ISC and pray the expericne requirments overlap. CISSP for my pentest side and CCSP for my Cloud.

CISSP is not a pentest cert. It's a security management cert; it's helpful to understand the business perspective on tech and security, but honestly, it doesn't translate much value into a pentest aside from risk awareness

@flat sedge I assumed that while it covers the management side - the domains crossed paths with network/Infrastructure security as I have seen any pentest jobs requiring testers to have them .

It would validate that you have knowledge of those domains but I am not sure if it is the best cert to learn about those domains @peak steeple

Thank you for your quick replies

Gave +1 Rep to @midnight wasp

Hi
Question about career
I am a non-US citizen who is currently in the US working on a H-1B visa. I have 3 years of experience mainly in software development around the web backend(some frontend as well). Have negligible experience with cybersecurity(outside TryHackMe and CTFs). I am interested in security(pentesting), but there are some points people tell me that are stopping me from going full on into the field:

1. Pentesting is not a 9-to-5 job, and it is much more stressful than software development in general. (I prefer 9-to-5 with exceptions only sometimes)
2. My experience is not in pentesting, so even if I get a cert, it will land me in a role that will likely be junior, and its basically like resetting my career and losing my experience.
3. Since role is likely to be junior, I am going to definitely suffer a significant pay cut.
   Can someone please give some advice on this?

1. It purely depends on the company. A lot of pentesters are salary over hourly. I've worked both and much prefer salary. You tend to have a fair amount of downtime and keeping track of your hours can be a bitch.
2. Not true. You will still have experience that's valuable. Since you were a developer, I'd look at AppSec pentesting specifically. Apply for anything that pertains to white box code reviews. You might shine there. Remember, getting a certification won't necessarily get you the job, it'll just increase the interview amount. What you know will get you the job.
3. Pentesting isn't an entry level field so you shouldn't expect an entry level salary. 70,000 USD is generally a safe starting number to assume no matter the location/position.

Thanks, can I pm u, have some more questions

Gave +1 Rep to @languid hearth

Is it worth contacting a recruiter in the UK to get him to find you a job?

I am SOC analyst in Greece and looking to move to the UK and target similar roles but I'm not dure how to go about it

With the whole brexit sitation

@molten minnow You have everthing to gain by contacting recruiters or going to Cyber security expos where you can mingle and talk directly to lots of companies. Brexit is a pain and making my dream of working in Spain harder by the second. Where there is a will - there is away. Also make contacts of Linkedin and they might throw in some pointers in the right direction. Dont let Brexit put you off 🙂

What does the "CE" mean? (Continuing Education in what sense?)

LIke, continuing to re-certify?

Yep, just means you recertify when it expires

You have to obtain a certain number of CE credits in order to be able to recertify. You can obtain them through courses that offer CE credit which apply to the cert

Ohh I gotcha

ohhh

That makes sense

lmao CEH is such a joke

There are certainly better certs out there.

OSCP seems tough but after getting Sec+ and an entry level IT job, it will probably be the route I'd love to head for

It is extremely challenging. I took PWK just to get a sense of things and I felt very overwhelmed. This was back in 2017 and I've learned a lot since then, but still. It isn't something you just jump into. I'd explore and complete everything THM and HTB have to offer before challenging the OSCP.

yeahhh

I was thinking that actually- complete offensive path in THM, get comfortable with everything, and then move over to HTB perhaps,

but I mean, OSCP is like, a HUGE goal of mine, so it's definitely not something for the light hearted, so I've heard. 24 hour exam in a live box; sounds tough.

Several boxes. Lots of boxes. The documentation alone is daunting. Its one thing to be able to penetrate, but also having to be extremely diligent in recording your actions and methodology adds an extra layer of complexity. Once you get your foot in the door somewhere, I would definitely save up for the PWK or ask your company to pay for it. They give you tons of resources and videos to learn from and cover a wide variety of topics. Its expensive, but worth every penny if your serious.

Oh yeah- I TOTALLY agree with everything you said

the phrase you are looking for is "hot garbo"

When you talk about 9-5, I’m assuming you mean may require off hours work. I think it depends who you work for. Sometimes cyber in general may require wonky hours. Pentesting may require lots of travel or may require minimal travel. May require hours outside of 9-5 or may not. I don’t think there is one set tule

😂

Technically speaking, is helpdesk a good "first-stop" for getting my foot in the door with IT? End goal would be a pentester, but I'd love to get as close as I can as a first job. I think helpdesk would be starting very low, but the benefit would be that I'm in IT - I really just want to get to that end goal and want to make sure help desk would begin that path.

When I talk about 9-5 Im comparing software backend dev with pentesting. I've heard that backend or even full stack tends to be more conformant to 9-5 than pentesting.

If you get Sec+, I would skip the helpdesk. But that depends heavily on your knowledge and ability to speak to that knowledge in a technical interview. Help desk is good for learning how to function in an office setting and build those soft skills, which are extremely important. It is really up to you, a year in helpdesk won't hurt, even if it isn't exactly where you want to be.

skip it for what?

perhaps a SOC?

Yep, try and get that entry-level SOC analyst position.

even without no prior experience?

I guess my issue would be, my goal is to get a sec+ cert by November

and well, until I get that, I wanted to get an internship somewhere for next semester

i mean, you think balancing school and an internship would be complicated? I could just skip that idea and gun it hard for a sec+ and get into a sec position; that would be closer to what I want to do

From my experience, a Sec+ cert, with some of the other things we discussed the other day (portfolio,blog,etc) will get you an interview. From there, its all on your ability to wow the interviewer

Yeah- I think I could do that pretty well as long as I get into the interview. I think from now until november, if I start a blog, make it consistent - find some projects to work on, build a home lab with active directory, get hands-on experience with some of the tools in the business world, it will show my amibition and dedication to learn, and I think that's what employers are really looking for, at least, with my currently knowledge, that is

You got it, thats a good plan.

Yeah - I feel like help desk would be good experience, but I don't really want to start at the very bottom, you feel me?

I mean, it's still going to be useful knowledge, but I mean

I'm trying to shoot as close as I can for the end goal which is OSCP + pentesting, and if SOC will get me closer than help desk and it's still possible, that's what I'd like to do honestly

SOC sounds a lot more exciting than helpdesk password resets, troubleshooting, etc.,

Lots of people start at help desk, there is nothing wrong it, you may even want to apply for both and take what you can get.

Yeah that's also a good idea-

My mom has been in help desk for a while, so maybe she could help reference me; I've got an update from my digital applications teacher and he said he can work on a reference letter btw, and he was excited to see my email

so that's really a plus

haven't heard from the other teacher yet - the cyber teacher seems to mved like I mentioend earlier, so I'm not sure if I'll be able to reach him

but these teachers are very eager

Right on, I'm glad to hear thats working out for you. I would keep your references professional/academic, using your mom as a reference would look....bad.

yeah 😂 using my mom as a refernece would look bad XD

but she might know where there is an opening and help you get an interview, thats typically okay as long as you wouldn't work directly for her (nepotism)

oh yeah- I'm pretty sure she's said something like that also

in her department would be so weird

@boreal zephyr So do you think this is an improvement? Should I put some soft-skills back on the list? I replaced them to make room for hard skills

https://images.imdavidday.com/i/xovzKGiUXDvF4FwJ

I guess this is more catered to a help desk job, so I'd want to change some of the skills for a SOC

or perhaps a resume for each one

so this could be a help desk resume, and then I could have a different one for an entry level soc

Its definitely better, I usually lump education and training into one category, it reads a little easier that way, but otherwise its a marked improvement

Are you shooting for a one-page resume?

Yes- really want it to be 1 page

I think it could use some formatting, I'd put experience at the top, followed by skills, then education & training, and add the certifications under that section instead of having an "additional information"

Lastly, I wouldn't mention Sec+ on your resume until you actually have it. You could mention that your studying for it in a cover letter

I never put soft skills on a resume, people can usually tell if you have them or not when they speak to you. Thats what the first interview is for. There is not hard and fast rule against it, its just how I've always viewed it.

Ahhh I see

Man, you raise some extremely useful and valid points

I've been around the block 😛

I'm definitely going to consider restructuring it to combine training and education.

And yeah dude- I'm so glad people like you who've ACTUALLY BEEN IN THE FIELD can help

it means the world

Happy to help, I wish I had someone to guide me when I was just starting out. Its my little opportunity to give back.

so something like this right?

https://images.imdavidday.com/i/BMhYOgUVC2eiFQ80

Yeah dude it means the world - I'll pay it back somehow in the future 😂

That is a good looking resume!

You think that's it?!

LETS GOO

Move your name to the left margin and your good to go

or the center, but the right side is strange

https://images.imdavidday.com/i/EGY038dS7BCc31XE

and contact?

I think center would look good

yeah and contact

mg that is sexy

in the middle

There you go. Thats rock solid

Hell yeah

You're the best bro

I owe you

nah just pay if forward when the time comes 🙂

Plus, you did all the work, I just made suggestions.

😉 I will definitely man. It's always so cool to meet people in the field you're interested in

XDD yeah dude, your suggestions are rock-solid

Good luck on the job search! Let me know if get an interview; Do you know about Dice?

https://www.dice.com/

Hi All
i've had almos 5 years as an IT Techinician and i know about hardware and software.
i want to be an ethical hacker bum i'm drowning wether i should start with learning coding or learn the operating system or learn networking everybody is saying something and i'm just truly lost
keep in mind i live in the middle east and i dont have a lot of budget.
Thanks i appreciate it.

Networking is a good start. If you ever need any Microsoft trials for anything, you can check here: https://www.microsoft.com/en-us/evalcenter/

thank u but what should i do next and next

Gave +1 Rep to @languid hearth

learn the fundamentals of networking

• Routing
• Switching
• Subnetting
• VLANs

once you've got a grasp on those concepts, start working on System Administration - Download and install a linux distribution, download and install Windows Server, setup a domain controller
you can find out how to do some of the stuff here:
http://cis232.cis131.com/lessons

thank u very much u have been great help.

The domains can potentially cross paths everywhere during a pentest. If I wanted to engage a pentester, regardless of team color, I would be looking for technical depth in the primary domain the test is going to be scoped towards - not security knowledge a mile wide and an inch deep.

Hey everyone, hopefully this is the right channel for this. I'm sure someone has already asked about how to get into security roles, but here's my thing:
I've been a cloud engineer and am now in devops, and I've got some security certs (sec+, aws sec specialtly, ccna cyberops), but I've sifted through sites like Indeed and literally everything I saw that's cyber security related wants the candidates to have cyber sec experience. How can I get experience? Is there some small part time or temp role out there that I can use to get my foot in the door? Is that what it takes?

@blissful raft You have sec+ and ccna?

yes

And OJT cloud engineer experience?

OJT being on-the-job experience

and are currently in devops?

yes to both

Okay, you don't need anything further. Your experience screams devsecops

What country are you in?

oh ok well that's refreshing lol

i'm in canada but i'm dual american/canadian

Do you want govt or private?

hmm maybe private? i'm not too familiar with govt jobs actually

Dice for private, if you can obtain a Secret clearance (no felonies, not a drug user) clearancejobs is a great place to find work

either or, you have a great background

I would suggest creating a profile on both sites, with the caveat that you can get a secret clearance

assuming you don't have the felony/drug issues.

awesome, thanks for the advice!
nope, no felonies or drug issues. I'll look into getting a secret clearance.

You can't just get one, but a company willing to hire you will be able to put you through the process. Edit: usual terms are ability to obtain a clearance within 6 months of hire

Are you willing to relocate in the US? I might know of a full-time opening in gov. DM me if your interested with a bit on your background, resume if your willing.

Ah I see. I suppose I could possibly relocate, depending on the right job. I'll DM you.

I had no idea about dice. thanks for the awesome resource!!

Gave +1 Rep to @boreal zephyr

link seems to be throwing back an error

Does a clearance cost money?

in the U.S., yes, so much so that your employer is forced to pay for it

try archiving the site with archive org

I wonder if there's a geolocation block on google sites

damn

Any suggestions on improving this cover letter?

https://images.imdavidday.com/i/B2UiZRL9MuKPK3wK

oo good idea

Yup there is on some

As Spooky mentioned, yes it costs money and no you cannot sponsor yourself. Even if you have the funds to sponsor yourself you're still not allowed to. If you wanted to get cleared many jobs will hire for the cleared position and will have you work an uncleared assignment until you have been cleared

and in my company, they'll sponsor clearances for people who work uncleared jobs... 'just because'

do they allow non-citizens?

No

You must me a citizen to get a clearance

They have a thing for non citizens though but I forget what it's called

Limited Access Authorization 🙂

Yup that's it

All good stuff. Does anyone have any suggestions on networking? I just sent a few LinkedIn connection requests to some "talent acquisition" roles at different companies. Is there another method that's better? I currently work as a Technical Support Engineer and have completed a cybersecurity bootcamp, plus Sec+ cert. I'm really interested in Blue Team roles.

Twitter, discords, conferences, local meetups

I think it looks good overall. I would recommend getting rid of "I believe" replace with something like "I am confident" or just "my skill-set includes". For me "I believe" is not very confident, it is like saying "I think I have the skills you are looking for". I also recommend you put a estimated completion for the Sec+ course. Best of luck to you!

I should start working towards finding those companies 🙂

Add Alumni to what Cyrillic said

Alumni are a great source of information. Don't just message and say "hey gib job" either though. Message and say who you are, when you graduated from the institution, and then ask a question and also if they have a few minutes to chat over the phone

90% of the time they will be glad to help and then the other 10% will direct you to someone who you can talk to

Look for opportunities to network in your current place of employment. Is there a dedicated security team? If so, ask if they have a few minute to chat. Understand that they will be pretty busy, so if you can find a gap in their calendar, a date and time a few days out goes a long ways towards making those connections.

Thanks all. I'll try a bit of all of that.

can someone explain what a clearance is? :o

It is essentially a background check that is done to determine if a person is suitable for access to classified information.

once adjudicated, you are given a "clearance" at whatever level it was initiated at, Public Sensitive, Secret, Top Secret, Top Secret/SCI, etc

https://www.clearancejobs.com/security-clearance-faqs

what is it good for? govt jobs?

Is it public sensitive or public trust or are those different?

Any job that requires it

do you make more money?

Some private sector jobs require government clearances and a lot of gov jobs do

theoretically

Yeah, treat it like getting a cert

you might be a secretary, but you also might handle sensitive documents all day

the guys who handle FOIA request likely have top secret

its basically just yeah the government trusts you to not go and leak shit or do something stupid

Cyber Security + Clearance = $$$$$$

fax

interesting

just remember, your salary will top out

i assume it's hard to get

And then having further developed skillets equals more money

there is a ceiling that won't allow you to go higher in the public sector

yeah, at like 174K

yep, and it might take you your whole career to get there

interesting, that is really cool

Yeah but then you get a fat Pension lol

Pension and TSP

Job security and a pension is really nice

Being a government employee does have its cons though

and some of the best healthcare available

Yep

like what?

+1 all of the above

If the government shuts down you don't get paid

Pay scale is set in stone

i will say having an annual bonus is incredibly nice

And it may be hard to transition around to interesting work

And with having a clearance even if your state nullifies something it's still applicable to you as a government employee

in other words no legal weed

For instance, I would like to try CBD as an alternative to ibuprofen but I can't because Marijuana and it's derivatives are a Schedule I drug

Which means loss of clearance and sometimes prison

you get tested i assume

yep

and asked about it

but you could always transition into private sector right?

Some people get tested some people dont

always assume you will

wouldnt matter, if you have a clearance, its a no go.

its never worth risking it

Even if you have a clearance private sector doesn't matter

Fed still cares

wdym?

like if i dont want to work for the govt anymore, i could just quit and go to private i mean

Right but you're still cleared

And a loss of clearance doesn't look good on a resume

if you go to private sector you lose your clearance?

or you just transition to a company like Lockheed Martin

ezpz

you lose it the minute you're employed by someone who wont be utilizing it