#cyber-and-careers

Interesting will totally give this a look tomorrow.

I assume some formal networking fundamental quals wouldn't go amiss either?

I found it funny that BHS had complaints from clients that they are potentially telling their employees how change jobs. "How dare you give our employees the information they need to make informed decisions and properly assess their value in the marketplace!"

.

https://images.imdavidday.com/i/CZcOVidvVWYVDVv5 does this sound like a good plan?

Network Operations Center, get experience -> pivot into SOC

I appreciate the share. I'm also going to check this out. Haven't heard of him before and I only just recently heard of Black Hills Info Sec.

NOC -> SOC is a more traditional path.

Necessary? No. Not remotely. IT Helpdesk -> SOC would be a better path imo

Definitely appreciate the advice

NOC, Sysadmin, IT helpdesk all give good background learning for the SOC, but depending on the SOC position you could go straight into the SOC

to be truly useful in a SOC you should have experience operating the kind of systems and applications you are monitoring, so that can include Linux/Windows/MacOS, also network devices or specific applications

if you have no idea what the 'normal' should be when looking at logging or alerts, then you have no tools to separate true positives from false positives

no need to know all the ins and outs, but at least some poweruser level knowledge of how networks and operating systems work from a logging and protocol perspective

Are you looking for a Junior Security Analyst role in AZ, USA? I just saw this online: https://us60.dayforcehcm.com/CandidatePortal/en-US/centauri/Posting/View/897

HI

Looking for someone with a premium subscrition

sure what do you need

thanks. I want to go premium on tryhackme, but i'm wondering if the offensive pentesting and cyber defense will allow me to get the necessary skills to be a great ethical hacker.

they will definitely be a good start, worth it imho

im not sure if its just me but whenever im looking for jobs in cyber security in the uk the description just looks overwhelming when trying to look for entry level

A lot of positions look overwhelming as they are not always written by the people who do the day to day, try to see if you match some of the criteria and then apply

I needed some advice regarding prep for oscp. If someone can assist, please dm me.
Thank you.

Hey everyone, is there anybody who can tell me about Cloud Security? I find it very interesting

I am in cloud if you have specific questions

@quartz light do lots of practice.

https://github.com/jaegeral/companies-hiring-security-remote

I'm learning pentesting and I would like to know if cloud pentesting is a good job specifically and how to get into it?

useful link, thanks

Gave +1 Rep to @cold dawn

Not sure about specializing in cloud security specifically, but you’ll need to know how to pentest cloud environments at some point, so knowing how that area works can’t hurt

Can you suggest resources for pentesting cloud environments?

Depends on what you mean by good

Thanks a lot! One more question if you don't mind. I'm going to take the eJPT exam and It'll be the first cert to get. Do you think it'll get me a junior position or should I wait until I add eCPPTv2?

Gave +1 Rep to @meager hazel

A junior pentest position? That cert alone won't be enough; I have it as well. You will need to bring other experience and projects to the table

Could help with a junior position in other parts of cybersecurity though

What kind of experience? Like TryHackMe ranking? Or starting with an internship then hopefully get an opportunity?

Real-world experience (internship is one). I would file TryHackMe and similar stuff under projects. They show you have initiative but don’t show how you would work in an actual cybersecurity job

An internship is extremely unlikely to be enough of a background to get a pentest role.

I have some questions regarding eJPT.

How helpful the certification is? Worthy for experience or the cert itself

The possibility of breaking things is much higher in a pentest than even normal change management stuff; a pentester needs to know more than just how to exploit systems, knowledge of when to exploit systems is at least as important.

Its been 2 months since I started into this field.

I got in the top 6% in the ranking. I know this ain't much but I don't get a lot of time to practice

I switched careers into infosec, so I used eJPT as a confidence boost, to show employers I have initiative – in addition to other stuff, I didn’t rely on this cert alone – and to be more comfortable in prep for OSCP. Was certainly helpful for me but you have to assess what you want to get out of the cert and hours spent preping for it

That helps , I am thinking to take exam for this cert next week or so. Is 2 months of practice enough? I am about to complete the PenTestingStudent course .

After this I think of going for OSCP or CEH

CEH is useless unless you need a checkbox filled, or you work in India.

ejpt easy in my experiance with your 2 month practice

I would like to share my plan and I hope it'll help others. eJPT>eCPPT>get an internship/job after I get my master's degree in Software Engineering > PNPT (cybermentor) > OSCP > eCPTX > eWPT > eWPTX > OSWE. With time, practicing in THM and HTB and getting certs, my job position upgrades. What do you think guys?

Yeah I am from India

Then I will go for it.

Thank you

ejpt is a good cert, it is not recognized by many companies yet, but having it on your resume/cv wont hurt and if you get to an interview with someone that knows about it will help you

masters is not always needed, if you are already in the course then keep going

certs and degrees can help, experience needs to go with them though, not all companies will advance position with different certs though

I have honestly changed my cert and learning plan many times over the years

How about CEH?

bad unless you're in India

still a bad cert tho

CEH is a joke

Get Sec+ instead

oscp?

@rich blaze bias?

Oscp is good but expensive and their lab infrastructure is not that good from what I've heard but its a solid cert

true my frnd actually like did the xam and couldnt connect with vpn for like 3 times(re exams) he did the xam 3 times and still couldnt do it cuz of technical errors and really hard questions.

lisa >rose

🙏

ur bias?

@rugged sable

Thanks for the answer. I need masters because it's required in my country

Gave +1 Rep to @golden ore

Got u. Thanks good to do eJPT instead and then OSCP

Gave +1 Rep to @languid hearth

there's a reason why it's not very good.

Everyone looks at it with the wrong mindset (the certification too.)

The OSCP is a certification designed to be taken by people with little to no Pentesting experience. It's designed for System Administrators, Network Admins and those type of people. The crowd that has never exploited a device before.

If you have remotely any experience at all, the labs aren't going to be valuable for you.

You make a completely valid point- I think the cert is definitely helpful in regards to proving that skill to employers though, so that's the benefit I see, being recognizable.

If there was an alternative certification that was cheaper and still challenging, heavily recognizable, it would probably lose traction

CEH was a strong cert for a long time, there have been other certs that are comparable that have come out that many companies have gravitated to

tl:dr people over prepare for OSCP and or go in with the wrong experience level

Let us not forget other rising stars like eCPPT, IACRB Penetration Tester, From UK we have CREST, CSTM and QSTM.

There just seems to a fanboy mentality for everyone to get OSCP like its the only certification in town. It might have been back in the days fot just CEH vs OSCP but no more ...

Certs have changed like technology, some get better, some fade away, and new ones are always popping up

I would argue that CEH has never been 'good', just that there was a lack of competition for a long time.

my major issue with els is that it's unproctored.

any certification that's unproctored has zero validity to me.

I have a whole list of grievances of why I won’t be taking another els cert or course again

I agree with that sentiment

Would you argue that OSCP is considered an "entry-level" pentesting cert?

yes

Not an entry level IT cert, but like

it sounds like a simple cert if you know what you're doing

well- I should clarify, I guess every cert is easy if you know what you're doing

But I mean, OSCP seems geared toward people who want to learn pentesting, hence the required PWK course

(I'm probably gonna catch some flack for this)

popping one off boxes isn't pentesting

my huge problem with the OSCP is systems irl are interconnected

Active Directory runs everything.

I get what you're saying

being able to hop from machine to machine

that's pentesting yeah?

there's a phrase for it

but I can't think of it atm

Pivoting

ah yes

both Wreath and Holo teach it

has anyone ever considered a cybersecurity position in a US embassy? i would love to work abroad

i know there's plenty of ways to work abroad but i thought that would be cool

At least its practical and hands on, there is a ton of people that cheat on CCNA, CCNP, CCIE written, etc and its proctored.

lisa > jisoo/jennie

ceh is not good at all total waste 💯

My personal opinion though

I believe this is done by the DSS. You have to sign a commitment and I think go on 2 tours minimum

Also there aren't straight Cyber roles from my understanding it's the all encompassing SIGINT/IT thing

Aside from being, well, crap, CEH also has the disadvantage of being created by EC-Council, who have consistently proven themselves unworthy of patronage over the last few months.

If the uselessness of the cert wasn't enough of a reason not to get it, the attitude displayed by the company should be enough to boycott it.

that's interesting. 2 tours as in the military or similar?

No you'd be a government employee

I talked to them when I was first starting my job search

If i remember correctly it was 6-9 months on rotation before coming back to the US for 3-6 before going on another rotation

But then I believe there was another position that had full year rotations

6-9 months in the embassy?

what do you mean 2 tours then

Keep in mind this might not be the DSS

It definitely fell under the department of state though

Yeah so one tour was 6-9 months and you signed a contract for a minimum of two

When you're not on tour you're back CONUS

that sounds awesome. i'm definitely interested 👀

Yeah it seemed like interesting work just didn't entirely match up with my current level of experience

Are you cleared?

noo. maybe one day

You'll need to be cleared for those roles

There probably is a pipe to get talent cleared for those roles though

i have a basic plan. graduate next semester -> SOC work -> get my employer to pay for my masters -> get a govt internship/SFS scholarship in grad school -> cool public sector work for DoD or similar/work abroad in cyber 😁

my plans change everyday though so we'll see 😂

also i just came up with that but it sounds good to me lmao

You don't need masters off the bat

hmm

but it would speed things up right?

I went from bachelor to dod

No it might slow you down honestly

An early M.Sc in compsec can make it harder to land a job.

You'll have little to no real world experience

And your salary requirements will be too high

Because you price yourself out of the jobs you need to get the foundational experience

Additionally, it's to the benefit of the company to keep you in a role you are overqualified for - not saying all companies do that, but from a financial perspective, it's better to do the bare minimum to keep an employee than to have to hire a new, higher priced replacement

If you want to work in the SOC, work as an admin or dev or network engineer for 12-18 months

admin as in sysadmin?

Yes

I've also heard from someone that having too much education can make employers think you are purely academic.

path would go IT Helpdesk -> Sysadmin -> Network Engineer -> Security Analyst?

That's not really a problem. The pure-academic thing is more from a usability standpoint.

i wanted to start as Security Analyst

juun, ah, I see

I also think limiting yourself to a "path" is detrimental

a friend from my school went straight to security analyst with a sec+

true, it's a loose plan

Blaze your own trail

A high school grad with certs or AS degree is likely to have immediate practical value - they can run the console for their product. They lack depth and breadth of understanding across the domains; this isn't an immediate problem.

well yeah true

and also why im talking about it :P

In contrast, a 4 year (or higher) degree will have the breadth across more subjects but lack the immediate practical value. it takes 6 months to a year for the 4 year candidate to show the value their education provides, because they know the abstract and not the concrete.

The defense space is always hiring

makes sense

yea i wanna get in and get experience immediately

@stoic cave starting helpdesk is important though right? Like, you could go help desk -> SOC, vs straight into SOC with no experience

or helpdesk -> sysadmin -> soc even

the Bachelor's or Master's degree also has a higher starting salary; you have two entry level SOC positions. Do you hire the candiate with Linux+, Net+ and sec+ and no education, or the BS candidate with no practical experience but coursework in all those subjects for 30% more?

I didn't do helpdesk so 🤷‍♂️

I did a 3 month Enterprise IT internship and that was it

dang

Now I'm a Cyber Security Engineer

The BS candidate will also move up higher faster, as once they hit the sweet spot, their education outpaces the immediate value of certs

So that's why I say paths can sometimes be detrimental

I mean, you learn important things in help desk, so I've heard - what you learned during your internship, do you think that is similar?

you had some form of introduction to the environment

I also make sure to self teach a lot of material

If you have a BS, or are on track for a BS, skip the help desk.

@flat sedge I'm finishing up my associates in general studies

Help desk doesn't need a degree, you will immediately price yourself out of that role.

Yeah i had BS, internship, and projects to show that I understand how things work

Homelabs are important

what kind of projects

Specialize ASAP. If you have a CIS, CS, network, or sysadmin path, take that instead.

@stoic cave Do you think you could send me a list of home labs I could do to prepare?

specialize my degree?

General studies doesn't provide any concrete value that makes you a more attractive candidate

Not home labs, a Homelab

I am going for general studies because it gives me more transferability- I have 2 semesters left.

what's that? like my own vm?

is tryhackme a homelab? 😂

Yeah vms are a start

tryhackme is on my resume

Do you have a specific 4 year degree picked out?

I was thinking Computer Science

but 4 year degree is still in the air for me

I bought a Dell R710 and run all sorts of infrastructure and open source projects to tinker and build with

how do you describe that on a resume?

I get my college for free so I figured it'd be better to get general studies and then transfer into a program in the future to save on money

You need to talk to an advisor at both your jr college and the university ASAP. Certain CS courses can be taken at the community college for guaranteed transfer; things like Java101 or equivalent. That'll save you a ton of money, and make progress towards both degrees.

assuming the general classes would be required anyway

Skills - Education?

a computer science degree would help me more than general studies though then yeah?

Don't make the mistake of getting all your general electives done at the community college - you'll end up doing nothing but major specific electives in your degree path, and that will work you to death.

I just don't want to specialize and then have tough transfer options

Yeah, where I went to college, I needed to take a bunch of pre-requisite courses before I could transfer to a university for computer science.

Calculus, Physics, Programming

yeah, I'm trying to knock out general courses for my first 2 years

Pick a university now; local universities typically have transfer programs to ease transition from CC to University. Go talk to program advisors and get that sorted so you can make the best decisions for you

Well, I haven't fully determined if I want to pursue a 4 year program, that's the thing

Doing this in a vacuum from paperwork is NOT the right play here.

I would not be a college student, had it not been free, most likely

since it's free 2 years, I figured to get the best bang for my buck, I go associates in general studies because it knocks out the required classes should I want to transfer

then I only pay half the costs for a 4 year degree

thank you. this helps me more than you know

Gave +1 Rep to @stoic cave

you're saying I specialize and still save on money?

I am a non traditional student, as well. I put myself through CC with a combination of state grants and working 40+ hours; when I got to 4 year I had to take a lot more loans.

CC?

It's possible to do, if planned right

Community College.

Community College

Oh yeah

soz soz

Damn im slow

XD

No, I also appreciate your help - I'm just trying to understand this in full depth

Yeah

Not a problem. This is an old one but same principles apply

College is almost as complicated as programming

can you DM this to me by chance? so i have it saved haha

Click the image and download

👍

So, @flat sedge , I'll definitely speak with a counselor because you raise valid points. I've only finished two semesters, so I didn't waste any time, yeah? Like, I can probably still specialize

I mean, first 2 semesters being general probably won't hurt me by any means

Alright, here's my advice (for what it's worth) @solemn marsh : Talk to a program advisor before next semester starts. See if there is a guaranteed credit transfer to a state university for your BS in CS plans. If there is, follow that plan and recommendation.

especially if I transfer to 4 year, they'll transfer as well

Semesters of nothing but gen-ed will overload the hell out of you later on.

why overload me?

because they're harder classes?

No because it puts all your technical classes at the same time

yeah, like more technical all together; that makes sense

Save some easy screw-off classes for your junior and senior year, nothing sucks more than having to take 4 really hard major electives (security, networking, OS, distributed computing, adv discrete) because you took all the easy ones your sophmore year

it depends on mindset really. 4 classes a semester even if theyre difficult is doable imo

Ah- I really appreciate you thinking about it that way; helps me

Another thing, juun-

It depends on how much you want to enjoy your time on campus.

I fear having an out-dated degree

If you don't mind constant misery for 3 months, please disregard my advice

I took 21 credits first semester senior year just to go abroad

im doing it next semester and as ive gotten used to working hard it's not that bad

will computer science, should I specialize, at least be more applicable and less likely to become outdated?

and im still lazy in general

as opposed to say, an IT degree/

or a cybersec degree

where things are changing

VERY rapidly

a BS teaches you how to learn about the major subject

RIP

I'm just concerned because my high school cyber teacher had a degree that was outdated

study abroad or just travel?

I think comp sci will teach me more foundational without becoming outdated for at least a while

So you learn from first principles more often; it's why you see a lot more architects with 4 year and M.Sc degrees than you see Sr admins with them

I still feel like a dunce with a BS but it opens up opportunities

The advantage of the 4 year is it teaches you how to learn on your own. There is some of that with the more practical cert route, but the thing that drives me crazy about certs is that the course material is almost always inadequate in some way

yeah I mean, very true points

Not saying that uni courses spoon feed you, but i really hate the response when feeling lost of 'try harder'

my cc sorta sucks tho lowkey for tech, at least from what I've seen

they have a whole course on the OSI model

And that's bad?

Study abroad. I only needed to take 12 credits but they wouldn't let me only do online classes while abroad so I had to take in person and classes to get a visa. They were all history and language classes

OSI may be outdated but there is a LOT of value in understanding it

especially in security

I mean, it's not bad, but I covered the same content in my cyber class because my cyber teacher talked with the cc about making the cybersecurity class we had dual-enrollment

but he rejected the offer because their program isn't as extensive

Honestly, I could probably lecture for at least 2 days of material on OSI and how it applies to the entire IT stack

oh yeah, the OSI model is very important, but like, my point being, they don't cover things as much as my high school class did

If you got less than 2 hours of lecture on OSI, you got a huge disservice

next semester i was supposed to study abroad in korea. i went through the whole process and everything for months and even got my visa. just canceled the other day tho bc of covid/personal issues, i'm sad but i will graduate a semester sooner and have a plan still.

@flat sedge I got 2 weeks of OSI

full in-depth

still, traveling is one of my dreams (why i was asking about work abroad)

maybe more, because we started building on top of it

Your high school class is also spoonfeeding you more information; in higher ed, you are expected to do the reading beforehand and ask questions for areas you don't understand. If you don't ask questions, it's assumed that you know it.

another thing- they don't gear you toward certs in their programs

ah true

let me take a look at the programs again 1s

My degree was pretty much Sec+ but extra with digital forensics and management

https://images.imdavidday.com/i/X2EE7Ksxcz6f9SeQ

This is what their program is, for a "certificate"

computer forensics was one of my fave courses

it's a 1 year program

it just sort of seems really foundational and would probably be the exact same thing I went thru in high school

Looks like a good basis for Net+ and Sec+.

we used cisco netacad

Maybe not quite indepth enough for CCNA, but a good start

Yeah I mean, it's not bad foundational, it's just stuff that I already sort of covered in my class

It'd be a gamble because I don't know if it'd be worth going over the foundations again

Yes. But your CC isn't accepting the credit. Taking the easy A will give you more time to learn new things on your own, which is arguably more valuable for where you are now.

(it's always good to cover foundational info again but I want to get the most out of my free college tuition and I'd love to cover new content)

One thing higher ed does poorly is practical stuff.

I mean, I see both sides

I guess there's two ways I could work this out:

it's a 1 year program, so I could do this in theory

If you re-do this material, you can start to build up your homelab supplementing this coursework to go deeper in depth than your high school class did.

BUT, I would miss out on some gen ed classes I might need to take later on

but I could cover stuff I already know, and learn on my own at home

with free time

You already know my opinion on taking a lot of gen-ed classes now.

OR, I could take like Java / some comp sci classes

hmm

idk- this seems a little more tempting but it's just sort of a gamble

but I mean, I see where you're coming from- it would strengthen the fundamentals

ehh, but a whole entire 3 credit course on network layers

it just seems like it's gonna be either very in-depth new information

OR just absolutely drawn out stuff I already know and would love to cover other things

Seriously. Go talk to an advisor for programs you are interested in. You are speculating HARD about a bunch of maybes without getting their input.

BUT, it would change my degree

which looks good at least

Go do the networking

well, the thing is, they're going to advertise their product

a counselor is going to say that their program is the best

They are the experts for this, listen to what they have to say. Especially regarding guaranteed transfer courses.

Yeah- I'll reach out to an advisor.

Just get CCNA if you are working towards it, apply for NOC jobs, profit

Could probably even land SOC roles in a metro area with just CCNA

I mean, my end goal would be SOC/Pentester eventually

but I have to start somewhere ofc

The amount of entry level pentesting jobs is pretty slim compared to SOC/NOC or networking, programming, and sysadmin jobs. Once you got realistic IT experience its usually easier to get into pentesting roles. You can definitely get a pentesting job though, just search up job descriptions and gain those skills

does my college know what they're doing?

https://images.imdavidday.com/i/HZCvbfC54Rx40iXU

why are there electronics classes and advanced circuits

for computer networking?

oh yeah I'm more than happy with a SOC to start

IDK, seems more like an electrical engineering class

yeah lol but look at it

CCNA R/S

outdated lol

CompTIA + CCENT Networking Certs

nothing listed

Yeah, I got CCENT and CCNA R&S

its just CCNA now days

yeah

I'm going to work toward my CCNA after I finish my Sec+

Well, simutaneously I should say

because I mean, I'm not from ground zero; I know some networking stuff

Nice, shouldn't be too hard there is a lot of good study guides out there

defo

My senior high class was centered around ccna r&s and ccna cyberops

so I got a lot of good knowledge

i honestly feel like this school puts "cyber security" as a buzz word

it makes me cringe

https://images.imdavidday.com/i/dA5EK7BUjviVPsbN

its an industry term that is definitely umbrella af

and the pictures

pretty annoying lol

they make me cringe

https://images.imdavidday.com/i/zwUwx2taJVLtZkbl

that's the header for the poorly designed page of my school

https://images.imdavidday.com/i/8APfDY8HmsUvzZV8

There's a typo

and also, wtf CISSP?

THAT TAKES YEARS

Yeah you can get the associate version or whatever

ah yeah

I'm going for my Security= 😂

It's not the worst, once you got the exp you get CISSP and big orgs love that

they want you to have it for bigger pay roles

ew

Software Design???

??

i just feel like no counselor will help me cuz they will advocate that these classes are the best things ever

I didn't go to college

in reality I'm going to lose 2 years of my life because the classes are so "buzz wordy" and exist for money

yeah I wasn't planning on it but I got it for free

I am still in school

I guess I can't complain

free school and youre young, go for it

@snow kraken I was going for a general studies degree because it's easy to transfer

but talking with @flat sedge , he recommend I maybe specialize, and it makes sense

problem is- my school seems to be weird as crap

I just don't know the best route to go

honestly some of the best things from school is probably IRL connections

haha, of course

during a pandemic though?

where all I know is online school?

literally class of 2020

it sucks

If I went back, I'd grind out WGU

I graduate high school, right?

once you got CCNA or sec+ you could get into it

so, class of 2020, I had prepared my graduation to be some awesome thing

robbed.

online.

drove up and did an in-person graduation collect-my-diploma ceremony

sure, 20-30 mins, it was unique

it was special

but man, I'll never get another graduation

completely robbed

I spent 12 years for that?

then, college with online school

robbed again

I wanted to meet new people, get connections from school

barely happened to the degree I wanted it to

I could go back in person, but 1) I'm not vaccinated 2) I don't feel comfortable getting it, and 3) I am so used to online

so there goes my chances of meeting people

join local clubs or meetups if you can

and I only have my learners still

so I have to get my license or my parents drag me to whatever I want to do

if you're in a smaller town it may not be a thing, but you could start em

yeah true

but yeah dude- it's rough.

does making a writeup on CTF can help me improve in making a pen test report ?

it can do slightly, but a lot of aspects of a pentest report won’t be applicable in a ctf

Yes it will

thanks guys

can help if you treat the CTF writeup as a pentest report and try to use the style

i think it’d be cool to have a room where there’s like a snippet of an email from a client with all the details that is common in pentest pre-engagement

like detailing the why, the what, scope, timeframe etc

and actually treating the box like a pentest and reporting on all findings rather than just exploits

I think that's how Wreath and one of Mayor's rooms handles it?

I'll certainly consider it for the next realistic style box I make though

ye i like how wreath has it, was thinking of just a challenge room though with the email bit, not sure i've seen mayor's box with it though

I heard some interesting rumblings from Muirland's direction that are somewhat aligned with what you're saying, so keep a look out

even a pathway / module with different actual pentest scenarios would be cool i think, ima chuck it in #feedback-and-ideas

It really depends on how it's taught, it can be V useful to know how software should be planned and written, as opposed to bodged together

Hi

Just so I understand what you’re asking. You live in Africa and are looking for remote jobs in North America or Europe?

Remote jobs outside the country of origin are extremely rare and most often require specialized skills. It requires a lot of red tape for companies but if you are the top .1% in your field or something, they may be willing to do it but they usually find you

Snagged an interview for a help desk position today with a large insurance company. Wish me luck.

Good luck!

Good luck. My first helpdesk position involved a typing test, a listening test, and a technical test that was a little bit easy, but mileage may vary.

Any tips or tricks you think I should know?

Or just general knowledge?

Is sec+ pentest+ CySA+ enough to get into cyber?
I have all 3 and no one wants to hire me

Are you in US ?

Yeah Arizona

That's strange. I mean I'm just starting out too so I don't know why they're not hiring over there.

Have you gottena cyber job yet?

Not yet. I'm still working on some certs and finishing up school. I have sec+ as of now. Planning on CySA+ next.

I've applied to remote positions outside of Arizona too. Either no call back or not qualified enough.

Wow you even have a BS in Cybersecurity too. That's very strange I mean at least someone should call back because you're resume looks very good.

BS is going to be finished July 2022

Yes I mean still it's a solid resume if you're applying for something related to Cybersecurity.

Is CompTia A+ easy to obtain and how long does it take prepare for it?

Look into remote jobs in Georgia. I know they are short on a lot of jobs, or if you are willing to relocate there is a lot of demand there.

I'll check out Georgia after work today ty

Gave +1 Rep to @weak elbow

Companies are also hesitant to hire someone on full time when they are still in school

You also need to expand your description of the degree. I also wouldn't go past 4 bullets under each job. Give them the highlights and if you really want to write more, write a cover letter

Does the real resume have the companies next to each job?

Slowly filling out job applications! eek

assuming you've never touched a computer before, anywhere from 1-6 months I guess? really depends on your aptitude for learning, background in tech, and how much time you can dedicate -- overall though it is not a difficult exam, just tedious

my follow-up question though would be; why do you want the A+? Speaking as someone who has it, I only got it because most of the jobs I was applying for wanted it, so I got it - it's definitely not a cert you'd want to get if your local job market doesn't demand it

Yes real resume has the companies.

I would say I’m pretty tech savvy but wouldn’t classify myself as some computer wizard. I’ve built a few PCs in the past and attending university for Cyber Security (just meaning I’ve taken courses regarding the topic)

I’m seeking an CompTia A+ Cert Bc I am looking for an internship next summer. I’ve been going through TryHackMe Pre-Security path and though obtaining a Cert would make the search easier.

What do you mean expand?

B.S Cyber Security gives zero information

You should have the place you're attending, GPA, honors, relevant courses

It has the University name on the real resume

If your GPA isn't good (3 or higher) don't include it

4.0

No honors

okay in that case I'd say you could pass both tests in like 2 weeks or a month -- but have you done research into what certs (if any) internships near you are asking for?

Because if you're not seeing A+ being asked for, then I would recommend getting Security+ or something else instead

If I listed relevant courses on my resume that would take up 2 pages.

2 courses for my A+
Course for N+
Course for Sec+
Course for PT+
Course for CySA+
Course for SSCP I haven't finished yet
SQL Course
Legal issues in infosec
Cryptography Course

Could I DM you to make it easier Bc I few other questions to ask you

sure I don't mind but I recommend you keep it in here as the info may help someone else in the future

If you're just starting out, you'll want to put your skills and achievements first

Are these considered accomplishments or do I leave them as bullets under my work experience?

Automated my L1 help desk job.
Learned powershell on my own. my Job title had no expectations of us To even know what PS was.

Act as SME for co workers
Led a few training sessions
Update our knowledge base
Improved ticketing process and greatly reduced ticketing errors through servicenow incident templates. Brought attention to the biggest offenders of backlog incidents through servicenow reporting.
Consistently scoring as quarterly top performer for call handle time and first level resolution rate

Most of these seem like accomplishments that look good for another help desk role. Not infosec

The only projects I have is homelab and tryhackme

PS is a good skill. You could automate security task. You should try learning Python too. It's a good and versatile scripting language.

I know basics of python but not like stackoverflow level

Other stuff seems like it should stay under your job stuff

It would be great if you could add metrics to it.

I made a reddit bot in python to scrape comments looking for a specific phishing trend I've seen going around reddit.

But idk where to mention that on my resume

Having a home lab is good. Put it on there, as well as that you're doing tryhackme

I have a github. Wasn't sure if I should add that or just stick it on applications when they ask for social links

Maybe put some of the rooms and/or learning paths that you've completed

If you have a github, I would add it at the top with your personal info

Do you have a Twitter?

If not, you should get one

Not one I'd want an employer seeing lol

Infosec is on Twitter

Make a separate one

Start following the big names

If you don't already, try joining local cyber security groups. Attend some local security conferences. Network! Pretty much everybody in cyber security got in b/c they know somebody.

The first word of your bullet points should be "action words". Provided, instead of provide.

Ty updating it after work

No problem

also, you'll want to have your education in a separate category of its own. With more detail, such as what institution and dates attended

Try looking at sample infosec resumes on the internet

FYI the DEF CON Career Hacking Village is doing resume reviews + coaching calls the next two days if you need them: https://www.careerhackingvillage.net/signup.php

This is my second year having someone from their lineup review my resume and it's always useful

nice

Kirsten is great! She's also usually in the Car Hacking Village

Any jons out there?

Jobs

@worldly gale check out #jobs-board

Hi! May i know what are the skills do i need to brush up if i want to become a SOC Engineer?

Linux, RegEx, general system administration concepts. Know how to set up firewall rules, change config files on backend for software, configure services, understand cron expressions, etc. I never worked as an Engineer but this is my understanding for the most part. You also onboard and troubleshoot log sources and many other things.

Graylog, Elasticsearch/Kibana, Lucene, Kusto Query Language, Splunk are some of the languages and tools you might need daily in a SOC

And for more analytical heavy roles experience with Jupyter/Zeppelin notebooks, Presto, visualisation libraries for python

Free course on KQL, what Microsoft uses in its security products: https://www.pluralsight.com/courses/kusto-query-language-kql-from-scratch

(not Kibana Query Language, which also uses KQL as acronym)

No mention of AQL and QRadar? You have betrayed your own 😉

Oh yes, and i2 notebook if you work in intelligence 😁

I think someone asked this before, but is the blue team more valuable than red in terms of income? I've heard that it's a much stressful job being in defence.

I assume they are both as vaulable. If the Blue Team is not tested - they could be complacent AND if the Red Teams dont simulate the latest attack vectors will be easily caught. However I believe its easier to land a BLUE Team role than Rad from what I hear.

Stress is a sign of a bad company culture or boss, that shouldnt be present in either side

Oh i see, thank you both :)

I dunno -- some jobs lend themselves to stress. Anything that's delicate and/or urgent will always be stressful. Medicine, for example, or disaster response. Firefighting, mountain rescue, etc. Hell, I bet your average investment banker is pretty damn stressed.

Super hard question to answer. I would say there is money on both sides. and plenty. Being in defense can lead to burnout... it can also be very stressful. But yeah it isn't always, in fact it can be ridiculously chill. Really varies. Blue team has sooo many jobs and companies, always do your glassdoor research etc.

Yes true, it depends on the type of stress I think, maybe I'd call the good type excitement or just an intense job :)

Thank you

Anything can be stressful. Anything which has deadlines or something chasing targets is stressful

since we're discussing income... what's your opinion on income of a web developer vs red or even blue teamer?

depends entirely on contextt

web dev at Google level 6 with 40 years of experience will out-earn a red teamer with 2 weeks of experience by 100 times 😛

i generally think all tech jobs pay around the same

🤷

that's a nice way to tell somebody that the question is dumb 😆

no dumb questions 🙂

just questions !

This is very helpful, thanks a lot for your great help, and its something which i can revise to understand further about it

Gave +1 Rep to @native elm

You are welcome! Good luck. I recommend getting the free version of splunk and trying to practice with doing things with it on the linux command line, editing stanzas, fixing log sources, etc. 🙂

In another server I’m in, there’s people like this with this many certs. Is it ever practical to have this many certs for a certain job position?

It’s awesome but I guess is it useful after a certain point to have so many

came back from vacation that I wasn't looking forward to but I ended up having a blast

we don't actually list all those certs on our resume

it's honestly expected that you'd likely have that many end of career

it adds major negotiation power to your salary

is it difficult to keep up with so many

having to renew them all

you dont really need to

employers dont really care if its active

i've never been once asked to verify any of my credentials and I work for a fortune 150

how much so?

depends

on wat

your negotiation skills

how much can it vary i guess if i have 3 certs vs 20

well, if you have 3 big name certs and 20 no name certs

i.e. OSEE, CISSP, CCIE

you're going to have a lot more negotating power than someone who has ITF, A+, Network+, CCENT, Linux Essentials, LPIC-1...

interesting'

where are you based? if i may ask

U.S.

how long did it take you to get so many certs?

3 years?

interesting

i will get there eventually :P

thank you for your input @languid hearth

Gave +1 Rep to @languid hearth

Hey, guys. I have 2 questions. At the moment I am working as a full stack developer, but I want to get into cybersecurity. As my professor of network technologies used to say: "you cannot study cybersecurity, you need to come to it, because how can you protect the system if you don't know how it works." What do you think about this? Did you immediately come to IS or did you do something before that? And 2 question. If I'm interested in offensive security, what should I focus on? Pentest and network technologies? And what certificates should be obtained in the future?

I partly agree with what your professor said. However I also think that anyone can get into cyber without prior knowledge. I did security first although I did know a bit of Linux already. If you’re interested in offensive security, try some of THM’s learning paths, probably pre security, then beginner, then offensive security. In terms of certificates, one of the most common is the OSCP. It’s fairly advanced but there are other easier ones like the eJPT. Correction: I also knew some python before starting, but you don’t need to know it.

Ok, thanks, that was useful @frosty dove

Gave +1 Rep to @frosty dove

Are you Malaysia: This might interest you: https://en.wizbii.com/company/ernst-young/job/ey-graduate-programme-technology-consulting-associate-cybersecurity?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

Nope, EU. Why do you think so?

I also came from dev - more front-end than full-stack though - and predominantly do offensive security. But I didn't focus on OffSec first. I went "a mile wide, inch deep" first to get a good view of what cybersecurity is first and then decided what to focus on after.

I might be biased but I think that's a better approach than focusing on OffSec from the beginning. With your developer background you might be asked to do tasks because "you speak developer" but if you focused just on OffSec that might hamper you.

IS for now more like a hobby, but I'd like to make steps in there. a mile wide, inch deep - This is a good rule for those who are just getting into security. But still, someday, I'll have to make step deeper and learn something, which will be related to my specialty, not essentials, but, I think, I should already know 'vectors' of my development. As you say, with my developer background, I already a little bit know how it works, so, that's why I wrote what I would like to do

What does it take to become a security architect (expereince, skills and certification-wise) ?

Network, platform, application, cloud solutions? There are different skillsets involved. 🙂

architects are usually the group that design the security for a company then hand it off to an engineering team to do the actual work

While I want to start in Pentesting/Cloud Security - I want to reach security architect in due course. Any advice welcome 🙂 So far CISSP has been recommended by others.

CISSP is more of an admin cert, if you are looking for cloud/pentesting certs you might want to look elsewhere

@golden ore Thanks! I will do! For now I will focus on pentesting and cyber sec basics.

Gave +1 Rep to @golden ore

that’s my ideal journey too brent :) i wanna end as a network security architect

so for me, along with my pentesting certs i’m going for ccnp security, and i think cisco nuked the design cert but if not then i’ll look into that too

architects rarely get to touch systems, usually using visio or other products to design, put me in the trenches where the fun is

Architecting is fun

And security architects would want a CISSP, at least in the US

And I'll say that a security architect, generally have a wide breadth of knowledge. I'm a Cloud security architect, which requires knowledge in a variety of operating systems (Linux, Windows), understanding of various cloud services, possibly with multiple cloud vendors (Azure, AWS and GCP being the most common), understanding of web applications, databases, storage, understanding of automation / orchestration tools, understanding of authentication mechanisms, understanding of networking & various associated devices. And although you aren't an implementer, you should be willing to get in there and test things out, try differentt things, deploy in test environments, etc, etc.

May I DM you if you dont mind @pseudo creek

yeah, and on top of all that, being aware of all the new technology as it comes out as well, it's a pretty wide scope role

sure

Looks it going to a long track but it's my long term goal as I have been stuck in some job for too long as I wasn't sure where to jup ...

yeah it definitely is a long road

cloud adds a lot of dimensions to almost any roll at it is always changing and you may need to know multiple clouds depending on the company

generally if you learn 1, its easy to learn others. I think knowing 2 overall is best but even when I only knew AWS, I'd still get a ton of recruiters for jobs using Azure

One thing that is hard with learning is getting distracted easily, knowing AWS really well is better than knowing a tidbit of Azure + AWS. Once you know one cloud service provider really well, then adding another one should be your goal if you want to work in cloud

Do all Help Desk Jobs require a certification such as CompTia A+?

no, but it helpful

most helpdesk are entry level positions so they usually don't require certs but do have them listed as optional

Thank you! Follow up question I had was: Does anyone know how long after Jan 2021 will the CompTia A+ Exam be available as that's the end of the current cycle.

Gave +1 Rep to @golden ore

CompTIA usually cycles a new version every 3 years. Anyone is fine to correct me if I'm wrong. But a quick internet search shows that the A+ switched over to the "220-1001 and 220-1002" series on January 15, 2019. That would mean that it will retire in 2022. After that, the new version comes out, and the old version is still available for testing usually for 6 months.

Okay perfect, I just wanted to make sure as I've also heard its around 6 months. Hopefully giving me enough time to successfully pass Core 1 and 2

I’m looking for an entry IT job folks. I have CompTIA Network+, A+ and Security+ is in view. I need to get hands on experience and I would not mind the pay for now. I just need a job to help build the experience and take care of my family. I live in Washington DC. I would appreciate if anyone can help or recommend me. Thank u in anticipation. Felix

You might be able to find a job that will sponsor you for a clearance in DC if you don't have a bad background

Once you get Sec+

I will be writing my Security plus September. Really hope I can see something like that as u said. However, I’m 100% open for entry level

Fill out a Dice/LinkedIn/Indeed profile fully and try to tailor your resume for an IT job best you can

What is the first certification that i should strive for? CREST, CEH?

@frank kernel If really depends where you re and CEH has fallen out out of favour! If you have an eye on CREST then you 2 options: OSCP > CREST CRT or CPSA >> CREST CRT. Note that there are other providers out there QSTM, CompTIA. Personally I have gone CREST as am UK and more and more countries recognixe BUT some might not.

i would not advise oscp > crt

the whole point of taking crt is to become ctm which isn’t an option with the equivalency

@static tide Morning jake, Excelent point! I know some people are OSCP fans which is why I added it. Jake is spot on. CSTM/QSTM is another opton but CREST seems to lead the way so far any way.

ye i'm also gonna have oscp but i did cstm too

Situation: I'm in an IT Helpdesk role.
Question: What is my good first qualification that will be a step towards the CyberSec industry?

@dire rain There are quite alot. CompTIA, isc2 SSCP, CEH, OSCP, PEH - really depends what country you are.

@dire rain One avenue into security from a helpdesk role is governance. Understanding policies, guidelines, and procedures and how they apply to the helpdesk tasks builds that familiarity. Reaching out to an infosec or cybersec engineer or compliance analyst is a good next step; the primary security-specific function that helpdesk executes is policy enforcement.

Fortunately , a part of my role is creating those policies, guidelines and procedures, as well as building the helpdesks from scratch 😂 .

Another route is just look for Helpdesk roles in Cyber sec companies and work your way up once you have a foot in the door. Never tried this but I have seen similsar roles.

@peak steeple , UK based, btw 🙂 .

@dire rain Another Crew of the UK massive 🙂 Consider isc2 SSCP, CSTM or CPSA.

If you go CSTM you don't need CPSA

@lofty ibex Correct: CSTM leads to QSTM as they are different providers. CRPSA leads CRT ect.

You can do QSTM without CSTM afaik, so would likely disagree that CSTM leads to QSTM

one is tiger scheme and one is crest

QSTM however, is more about spotting the rabbit holes and niche ways they word their exam/practical

All good! I ma just giving my opinion - if you disgree then you disagreee. All goo 🙂

Hell yeah @warm hinge , reppin' Scotland 😄 .

Man... CyberSec sure does like its qual abbreviations 😂 .

Oh they love them 😂

The generalised theme in the UK, is that most roles like to see OSCP or any of the certs that can lead to an application for CHECK team member

Aint that the truth 🙂

I would advice just visit ajobboards and see what roles you like and then aim for that. I have friends who with SSCP, CSTM\QSTM and little of me working on CPSA/PEH. Soo many roles in cybersec so take you pick. All the certs I mentioned are more offensive. I msure there are defensive and cloud ones iif you sek them out 🙂

So generally the best bet will be to look at job roles and see what they're expecting?
Are any of these qualifications considered practical must-haves for entrance to the industry?

@dire rain Check this out: https://www.cyberpathways.co.uk/ - this might a place to go.

Oh nice, I'll have a look now, thanks @peak steeple (and same to others who chipped in xD )

Gave +1 Rep to @peak steeple

@lofty ibex @peak steeple cstm and qstm are totally different, cstm is cyberscheme and qstm is tigerscheme, both allow you for check team member but you only need to do one

to get ctm you either need to go:

crest (cpsa and crt)
cyberscheme (cstm)
tigerscheme (qstm)

@static tide I s CSTM associated with Tigerscheme ? I stand corrected https://www.tigerscheme.org/qualifications.php. If CSTM= CRT, what is the advancd level cert I have no info ....

no, cstm is an exam by cyberscheme which is a different company to tigerscheme

I bow to your accurate knowledge @static tide . Thanks

Gave +1 Rep to @static tide

crest just like to split their practical from written into two separate exams which is why there's cpsa and then crt

whereas cstm has it all in the one exam (and i haven't done qstm but i assume they do similar to cstm)

Secured an IT position at a company that does school IT. Not exactly a cyber security career but it feels good to have a stable job and not be doing random contractor jobs that end within a few months

Congrats... I know that feeling. 🙂

A benefit they have is they pay at least half of your certification tests so it makes me very glad I was lazy and didn't take any cert tests yet

@dire rain you said one could ping you about that job you posted, right? I can't send messages in the jobs board, so is it fine to ping here?

i wanna know too!

What certificates are relevant if I want to pursue pentesting?

completely depends on where u live afaik

@tacit minnow , yes please. Feel free to @mention me and I'll pock them up after work.
Just letting you and @quaint flare know I'm aware of your messages now , but will be around 6pm UK time before I can properly have a chat with you.

What is the name of the role who's job is to identify attacks against an organisation

hey Guys, iam planning to take CompTia pen+ PT0-001 , But PT0-002 will launch in coming october.
should i wait for new release or go for PT0-00Q?

Sounds like a Cyber Analyst

Yes bro

Thank you

👍

i am now 15 i have interested in ethical hacking can i take it as an career option

of course you can :)

ok brother

Can anyone tell me more about these roles: Threat Hunter, Resource allocation Specialist and Cyber detect Analyst ? Thanks

Threat Hunters look for IOCs, known TTPs working primarily with Threat Intel trying to identify potential threats in an environment

Cyber Detection likely works w/ Suricata, Snort, Security Onion and all of those technologies trying to develop signatures on known TTPs

Yeah. In fact it will be great to start practicing at your age.

I'm in GMT+7 so I'll be asleep at that time. But if you're serious about the possibility of remote work, I'm keen to chat or DM.

pretty useful guide put out by CISA it has a companion
pathway tool that helps with looking at different roles and what might be needed for each of them https://www.cisa.gov/publication/cybersecurity-workforce-training-guide?utm_source=socialmedia&utm_medium=Twitter&utm_campaign=CyberGuideAug2021

This is neat! Thanks @golden ore

Gave +1 Rep to @golden ore

i have an exam at 6 @dire rain so I can't talk then but I can afterwards

No problem. I'm off work now until Tuesday, so we can arrange a time that suits you to chat.

Hello guys
im new to pentesting environemnt
I have been following owasp framework for testing web apps
for carrying out 'network' pentesting specifically what framework should i follow?
SANS NIST or any other frameworks I looked up doesn't mention specifically about network services like how to test each server specifically
what im trying to ask is is there a framework like owasp for network testing?

I'm cool to chat any time before 1 PM London time.

MITRE ATT&CK

Thank you that was really helpful 💯

Gave +1 Rep to @languid hearth

can anyone tell me whats this +1 Rep ?

When you reply to someone saying th@nks, it will give rep. If you go to #bot-commands and type -rep or !rep you can see the leaderboards. It doesn't mean anything but it's ncie to track how much you've helped others.

thanks mate

Gave +1 Rep to @native elm

You're welcome 🙂

Probably the easiest rep ever lol.

They all count!

is there any best uni for cybersecurity in texas? with good reserch

Idk about Texas specifically but I would expect the "best" to be somewhere on https://www.caecommunity.org/cae-map although obviously that's not a guarantee

Please avoid asking the same question over multiple cahnnels

@quasi stream Hey man, autumn is coming up soon. Did you end up applying for a master's?

Ask @warm hinge

applying for spring gonna start my process this month

Not in the UK I take it?

which country has best standards UK or USA?

I have no idea but from what I know the fees are more manageable in the UK

as for course contents it depends on the uni as well of course

I was just wondering what CMNatic ended up deciding since we spoke about this like 2 months ago so was curious

agree

I'm all but certainly going to attend UCL and study Information Security

just haven't deposited any money for it yet so I can still change my mind

what is CAE

?

there is no response soo i asked here mate

this helped me thank mate

Gave +1 Rep to @potent iris

Why are the requirements for this role soo specific: https://randori.bamboohr.com/jobs/view.php?id=24&source=bamboohr. Is this a Senior or Junior role? Seems to asking alot of applicants.

It doesn't seem to be a lot of requirements? Based on the fact that they want 5+ years of offensive security experience, I'd say its a mid level to senior role

I just have not seen a role with such a list of requirements - I'm looking for a juniorish role -willl give a miss. Remote opps are rare.

and even they say that they don't expect everyone to have all those requirements but its a good check list if you want that type of role

what type of role are you looking for?

Junior Penetration tester would more my level. Too old for internships and apprentischips would pay enough.

ahh ok, I keep a look out on the roles at my company but a junior pen tester is pretty rare

Thank you! God for your kindness 🙂

Gave +1 Rep to @pseudo creek

also apparently there is a retirement trend lately so you may even just seen an uptick in senior roles, more than usual

I did not know that! Thats good to know.

@dire rain i'll be available today and tomorrow, if you want to chat. Feel free to DM me!

For a thousand years

I lay dorment

WHO HAS THE TESTICULAR FORTITUDE TO PING ME

Muiri xD

Oh

Of course its him

Cockwomble that he is

This guy @severe lagoon was looking for advice about best University in Texas for Cyber

fuck

he's here

he totally saw that

Most unis dont really focus on cyber until your a grad student

Atleast around here anyway

Rice will probably be the best

But you should do some research on your own

wgu > traditional 4 year

It depends on your goals

wgu?

online, at your own pace

ah

wgu is great if you are already working and don't expect that you'd have interest in academic research but are trying to meet an employer requirement for a degree

(that is my second hand knowledge based on what people have said and just a review of their curriculum)

I had to do a lot of research for my degree, the academic structure is much different than a standard university but they still have to cover the requirements of the degree

it is designed around more non-traditional learners that may not have a large amount of time or that have issues sitting in a lecture day after day

you had to do a lot of academic research? I guess one perceived advantage would be that you could do research project under a PhD and be published, which is a path to a PhD. As you'll need letters of recommendation, have started to be published, etc, etc. And really that is for academia vs not.

I did the masters program so most if it was focused around report writing and doing research though, I know many of the bachelors are more designed around different certs

Although their are professional (non academic) MS degrees, that is very, very rare in the BS realm. Although Community Colleges have the flexibility that would offer night/weekend classes, 4 year universities often still require people to work around their schedule.

I would say their MS is still a professional masters, even with research. I also did a professional masters, and yeah research was critical but being published wasn't a requirement.

with professional masters, there usually isn't a path to an academic PhD, most PhD programs would still require an academic MS. But for employers, employers heavily rely on professional masters.

although Doctor of Engineering is an emerging higher level degree that is more of a 'professional' Doctorate

I'd rather have a doctorate in cyber, then it would go great with the BS and MS in cyber

yeah and those are the doctor of engineering degrees that are available at a few universities

personally, I don't see the point ... I sometimes think that I'd like a PhD in Math but I'd have to go get a MS in Math first

but like I said, thats why it depends on your goals on whether WGU is better than a 4 year or not. WGU MS seems pretty equal to the dozens/hundreds of professional MS programs out there.

Me

UTSA has a really good cyber program

Consistently in the top of the rankings

Light, enjoyable reading
https://www.westpointcyber.io/job-search

Hi guys, I'm kinda lost at a request I got today, as I don't work yet on the cybersec field (I'm a network admin). A client requested for us to scan and search for vulnerabilities for his entire network (actually 5 /24 networks) wich includes ~100 servers (all kinds of SOs from server 2008 to rhel) firewalls and all that things, my question is how would you quote this and explain how this request is not trivial (he has support hours already paid for, but I don't consider this request to be the current pad support hours). I'm sorry if this is not the right place to ask this, if so delete my comment.

Gotta look at the architecture, do you have access from a single location? Do you need dropboxes? What are the uplink nodes/bandwidth

Is this in the scope of your contract? If not, don't do anything until you renegotiate

Ill definitely apply for this uni

Thanks for info mate 🙌🏻 💯

Gave +1 Rep to @pseudo creek

has anyone done oscp

Anyone with the OSCP role has passed OSCP

Why are the pentest salaries that small? (Maybe I watched the wrong sites but the salaries are veery small comparing to other security jobs)

just had a good interview and wanted to share some questions they asked, might help other people brush up

"What do you know about IAM?"
"What do you know about SSO?"
"What do you know about AD?"
"What is your experience with scripting?"

this was for a IAM Analyst role (even though the job listing was for a Security engineer lol) they seemed really interested in the scripting part and asked some follow-up questions there

oh cool, awesome info @ancient prairie thanks

Gave +1 Rep to @ancient prairie

not sure where you are located but pentesting jobs start at like $80k around me

Eastern Europe..

This is very insightful! What was the role ?

@peak steeple read the next line ;D

Well said! I was too excited for him and the instant feedback 🙂

Hey, sorry I'm only just replying to this (always catching up on pings)

I got a place and am studying my masters which starts in September (: It's been a very rapid thing so just trying to get the pieces all together for it 😄 How about you? iirc you were also considering applying to a University

Yup, I applied to UCL and got in. Gonna start in sept as well

doing masters in Information Security

also got my postgraduate SFE loan approved today

Oh that's wicked!

Nice work 😎

Msc in Cyber Security in the end for me

Same thing, more or less I guess

congrats to us both 😎

Indeed 🎉 excited for it?

of course

I took a break from all the stuff this summer so I'm excited to get back into it now

Ah that’s great! No rest for the wicked here. I need to switch from work mode to study mode 😅 enough to keep me busy I suppose!

I can enrol in bsc hons CS program in a good uni but have been unable to get in a good uni for a btech CS degree, should I take a drop and try again for btech or go for bsc this year instead, would it impact my career in a big way?(Assuming I stick all the way through with cybersecurity)

tbh no one will give af between the two

You’ll just be another person with a cs degree

are you UK?

I would pick bsc over btech for sure

btech is like college level / higher national institution which is memed about in the UK (like CEH but for actual academia) whereas a BSC isn't 😛 (and I have a btech!!!)

Nope, Indian

BTech isn't a UK btech, it's a batchelors of technology like a BSc is batchelors of science

UK used to use BTech for batchelors with placement years but abandoned it

Yeah

Does anyone know what AWS is?

You, uh, know that's literally how THM works, right?

Uhhhh

No

😂😂

I have some certifications with them and it’s super hard trying to find a career

And I was wondering if anyone has tips

@undone shore

Is it architecture or cloud security you're trying to get into?

Architecture

But I can work on cloud security

I have AWS solutions architect

And AWS cloud prac which isn’t much obviously but yeah

I suspect @pseudo creek (apologies for the ping Zojja) may be your best bet there. Generally speaking we tend to focus more on the security side of things, but I a few people have a bunch of experience in that side of it.

She's offline just now, but I'm sure she'll respond to that ping at some point when she gets back 🙂

Ooo okay, thank you. And what certs do you recommend for cloud security

Cloud security? Honestly, afaik, just the same proprietary architecture certs as you're going for just now. I believe SANS might have some cloud specific ones, but don't quote me on that.

Okay thank you much

Np 🙂

The amount of open S3 buckets is insane.

Hi everyone, I graduated a few months ago in Computer Science(Information Systems Security), I also have 2 azure certifications and security+ that I got a week ago. I'm using my OPT voluntary with one small company(msp). I would like to stay in the US, but I will need visa sponsorship. Do you have any advices, or do you know some recruiters that I can talk to, for some entry level job in cybersecurity.
I'm currently 40 min from Sacramento

What country are you in?

@rugged sable USA

can someone give me some advice on this unique situation I've been trying to gain comfort in? So, I'm a music producer, and I brand as David Day - I have a personal instagram with my profile tag as with my first name, middle initial, last name - I only add IRL/close friends on this personal instagram account, but I do post links to my music from time to time, hence, drawing a connection from my music identity to my IRL identity - at some point, I dabble with privacy , and then I find my progress redundant because I also want to grow as a music producer/content creator; what's the point in trying to be private, when it's feasibly seeming to be impossible to grow without sacrificing some sort of anonymity? What are the draw backs? 0day's instagram has his alias connecting with his full name, so I mean, I guess it can't be that bad since he's an elite hax0r and obviously seems like he knows his stuff enough to know he's not exposing anything crazy. I just want to be safe, but I also want to grow, and it's stupid to say that this type of thing is stunting my growth as a producer, but it is, and I've been fighting it for a while now - my first name is David, but my last name isn't Day. Is my branding too close to my real name? I guess at the end of the day, it all depends on what I want to sacrifice. Should my music blow up, my irl friends would eventually leak my real name, wouldn't they? (given it's tied) , or, my face leaks, and someone ties it to a LinkedIn page, or something along those lines - at this point, I've tried everything, and I'm wondering what I can do from here; does it really even matter that match? It's been driving me crazy. (For reference, I was one of those people who would change online aliases every month and I always am crazily on edge with paranoia)

Another layer to note to this is that I would be pursuing information security, so at some point I believe that my music and infosec careers would overlap and my real name would be figured out as some point- there's only so much you can hide, especially considering my real name is attached to my music on the back-end.

Relax. As long as you aren't posting your bank details and your accounts are secure, there is literally no drawback besides 'people know who I am oooO'. IMO people in this discord in particular act like we are all criminals with their approach not only to privacy but policing others accepted choices of privacy. I asked 0day about this in voice chat and he even gave me his full address because he has given it to loads of people and not one malicious thing has happened xD For me I really dont see an issue when you have nothing to hide etc. In other cyber discord people just post their linkedin, but here people act like they are secret agents

lmao yeah I feel that honestly- it's just this thing I've been battling for so long in my mind; It's assuring to know that there's not the harm people build up in their mind

Like, eventually I'll show my face as an artist probably - I think that's sort of something I want to do

Worst that can happen is a hitman or something I suppose

Bit of a stretch 😄

lmaoo

naw but dude I do appreciate you taking the time to give a well thought out resposne

it means a lot

No worries man, I get tired of the browbeating about privacy here. Literal rank 1 dude has a FB page where he talks very frankly about his life and experiences.

That's why my goal is to work for myself/at such a high level, that sharing myself and being authentic is not a crime

lmao yeah- I mean, that's very comforting honestly

and when you're #1 you have enough knowledge about hacking to where you're a threat IF anything should happen 😎

like, nobody will fw you lmao

Yeah but they can't really do shit with the basic info anyway except maybe sign you up for fraud stuff which you could sort out easy enough

I mean, yeah

Yeah everybody scared of 0day, hes super nice and friendly tho haha

You know, I thought of the other layer to this, is that I know all the vulnerabilities, so I have the inside scoop and paranoia

but people on the outside don't see those

it's the spotlight effect

I often have non-techie friends think because I work in Security I should have OTT-privacy going on. Some of my friends do. Like only encrypted messages, no social media, etc. There is no need, we aren't gangsters. It's a personal choice

Yeah

I mean, honestly, my threat model is data brokers

BUT

There's going to be some sacrifice

bc not everyone is using Element

or Signal

etc., etc.,

Like, as a content creator, it's impossible to get big without using the big platforms

or telegram

yea lol

yeah about your original thing, I know what you mean, since I also want to promote my music but I don't want to be some wannabe influencer

It's a dance we are all forced to do

like, good luck getting a fanbase of like 2M+ on a platform other than the mainstream tech that will sell your data

exactly dude

unless you are like dre,kanye, joyner lucas, who are already famous and make their own platform

oh yeah definitely

Dude- you're speaking my language. Thanks for being so relatable 😛

Hahah that's a good compliment. Have a good day, @solemn marsh

😂 yeah dude - anytime. It's a pleasure to speak to people who are interested in the same stuff as you, especially after growing up trying to communicate to your family and they're so uninterested in the topic

Like, idk- I've always felt like I lacked the relation with people, until I met discord servers that literally are full of people who speak your language. It's an amazing feeling.

and I regret not joining discord servers like this sooner.

unfortunately it just never crossed my mind to join a hacking discord or a music one until last year or so

why? Idk- I live my life on repeat it feels; same thing, everyday

so, it just never crossed my mind

but something changed the sequence, and here I am

That's a shame, you can always find people like that in real life too man. Just gotta put yourself out there 🙂 Next friday I go to an open mic night for example

yeah dude, only issue is irl with covid- I was hoping to meet people in college, but right now I'm online-college and it's not easy

So solutions architecture (AWS and Azure have certs in this) are focused on creating a design based on the specific solution (e.g., AWS) but that isn't necesarily security architecture. For Security Architecture, Cloud or otherwise, you'd want a wide breadth of knowledge. Wide understanding of Cloud services for 1 or more vendors, knowledge of Unix (mostly Linux these days), Windows, Windows AD, Authentication in general, Automation and Orchestration (e.g., Ansible, Terraform, etc), Containerization (e.g., Kubernetes), Networking, Networking devices (e.g., routers, firewalls, proxies, vpn), and probably other things I'm missing. And then you'd want to understand how to secure all of that.

If you are currently in cyber, I'd look at getting the CISSP, if not, look at Security+ and CCSP (ISC2 cert for Cloud). If you want to focus on AWS, I'd aim for the AWS Solutions Architect Professional. A lot of the other things I mentioned may not require you to have a certification in those things but understanding them will go a long way to becoming a security architect.

Can anyone suggest me best resume template as well as cybersecurity resume sample.

any oscp here?

Hey guys, can someone please give me a hand thinking through my plan? Ill be finishing my bachelors in CS in spring of 2022. My dream job is an application security engineer, and my plan of attack was to try and work as a software engineer first, and then transition to a role that is more cyber focused. I've been spending this summer mainly prepping for technical interviews, and just started sending out apps for internships. I haven't had any SE internship's yet, only a volunteer experience learning and teaching basic cybersecurity concepts with CodePath and IQ4. I figured I could volunteer my time and try to work with cyber as much as I can through a software developer role and leverage that experience to get into cyber. Is this a dumb way to go about getting into cyber-security? Do you think it would make sense to try to get into a master's program for cyber-security while I'm pursuing SE roles? Sorry for the long post, but I would really appreciate any feedback.

Some of this may depend on what country you are in. In the US, I'd say absolutely do not go for a Masters.

Are you saying you have 0 work experience? With graduating next year, that should be your #1 priority. Anything remotely CS related should be your goal. If you can't find a job, look for local organizations which help others in tech. Things like Girls who Code. Make a blog, have stuff related to security on your blog. Have a Github and projects on your github.

Then look at certifications, get Security+

Doing software engineering to app security is a path. You could also see if you could find junior app security position. Start looking at job listings now and see what they are asking for. I would get a Masters in cyber until after you have a cyber position.

if im going to go SE to app security, do you think I should wait until i get more SWE experience before doing the cert?

no, I'd get the cert now, its a good generic cert

okay cool. I do have tech experience, its just all unpaid and related to cyber - not SWE. I was worried if I couldnt find a SWE internship before I graduate that I might have a hard time finding a full time position -- which is what made me think maybe a master degree would allow me to go straight into appsec and skip over working as a SWE? But ill still need some type of entry level tech experience regardless?

You think certs are better value than a master's if we already have a BS in CS?

if you don't have a job in cyber, then yes certs are better than a masters

overalll, it would be harder to find a job with a masters than without it unless you have a few years of industry experience

100% agree

I think I get you, overqualified for an entry level position?

yeah, so they rather pay someone who is cheaper

If anyone has the time to scrutinize my resume, I would appreciate it. I'm going to continue my original pursuit of SWE roles and try to work my way into appsec.

https://docs.google.com/document/d/1kw5O3n_uzSYIupQIr0QEq1-Yh8iGBy3DizEYxZjGhT8/edit?usp=sharing

Thank you guys/gals for the input, the pressure is on -- graduation is coming quicker than I thought it would 😆

Good luck @iron rivet

1. Was this resume crafted for a specific job listing?
   1.a) If it was, then make sure that you are using phrases and keywords from the job listing itself.
   1.b) If not, I would suggest you re-examine how you make your resume, i.e. tailor your resume for the position itself
2. I'd probably cut out the part about being a contractor - I have a similar background with 8 years in an unrelated field, I always leave it out and if it comes up, I'll tell them about it briefly and just tell them it wasn't relevant for the position, in my experience they don't really care
3. I'd turn Projects and Technical Skills sections into one just called Professional Development.
4. Going back to point 1.b, list skills and word the Professional Development section in a way that mirrors the job listing, for example, if the listing is for a SOC analyst, they are probably gonna want someone with SIEM experience or familiarity, so you should tweak that section to reflect skills related to SIEMs, e.g. you have a website so talk about how you monitor the logs and handle incidents, etc..

also list some classes you've taken at CUNY or maybe some sort of capstone project

also name and contact info should be front and center, wouldn't hurt to throw in footers too, you have no way of reaching you listed here - understood if you purposely redacted that info for this though

Thank you for taking the time, I really appreciate it. I'm going to make some updates based off this advice and keep sending them out

Gave +1 Rep to @ancient prairie

Yeah you got it, I have my name, phone, website, and linkedin at the top -- I felt weird leaving the info in a cyber server 😆

understandable, I've made that mistake of sending out a resume and forgetting to include contact info lol - best advice I can offer is to not do the spray-n-pray approach across LinkedIn/Indeed and take the time to do a little OSINT and find the talent acquisition/hiring manager at the company itself and reach out to them directly

This is a great idea. I've heard it before but now understand why -- I feel a little silly sending these generic resume's and cover letters out as its pretty obvious 😆

plus prob gets lost in the stack of resumes when web scraping half the time too

yep, also depending on the company there's potentially dozens of people you could just try reaching out to instead of just sending in your resume just once

Glass Door and Linkedin. You can tell how good your profile is by the amount of traffic you get, it's been blowing up lately.

yeah LinkedIn has been super active lately

don't know if this is the chat for certs, but what certs do you guys recommend?

Depends what you want to do. Broadly speaking, I'd recommend CompTIA Security+ first for most people.

Depends what you wanna do and where you re from. However Security+ and ISC2 SSCP are good options.

Maybe check out https://blog.tryhackme.com/cyber-security-certifications/

Just realized that it's less specific on certifications than I remembered ...

It's the thought that counts 🙂

I really hope I will be able to obtain my CompTia A+ Cert during my school year. #NoSocialLife

me too. my goal is before the end of the year :D

how important is it to know AWS/Azure for a security analyst role?

and would getting AWS certs be beneficial for an analyst role?

Going to be a grind but hopefully we can pull it off

definitely. We can do it 💯

What year are you? I'm going into Sophomore year majoring in Cyber Sec.

i'm a senior. next semester is my last semester

Exciting stuff!

exciting and scary haha

but absolutely exciting :P

Yeah, I can honestly imagine.

reposting so ppl see

this too

Do you mind if I DM you a good video?

you can no problem

I mean, I spent 5 years as an analyst and I didn't need it at all. I worked with Azure AD before and cloud-based log sources but that's fine. I'm not saying 'dont study it' but it would definitely depend on where that job is. Really if you study azure/aws it would generally indicate a DevSecOps path, which is a good and profitable path. As an analyst, not so much.

yea a friend was saying he really wants aws certs and stuff

but i didn't know if they were necessary for that position

that's good to hear. thanks for your input :)

Gave +1 Rep to @native elm

Wanted to ask if anynoe here is familiar with Cybary and whether or not that is valuable to someone looking to get into "entry level" positions i.e SOC L1. I guess a better way to phrase it would be for people lacking experience or "2+ years in [...] position"

Perhaps check out the Cyber Defense learning path: https://tryhackme.com/path-action/blueteam/join

I checked out Cybrary myself, but honestly, I found the content to be super outdated. I highly recommend THM over Cybrary, as you will get both up-to-date content and hands-on experience versus just lectures. I'm currently doing the Cyber Defense path on THM, and it's great so far.

Thanks @wooden tundra @distant island That's what im sticking with, I know that THM does offer a little certificate at the end, out of curiosity do you know if that is favorable on resumes

Gave +1 Rep to @wooden tundra

Sorry I meant to thaank @distant pier

Not sure. But it beats nothing. Also, just the fact that you'll have a hacker website with a profile showing your accomplishments will probably look really good. Anyone in the community should know what THM is, and if not, a lot of people seem to be catching on, but maybe that's just my perspective. Anyway, hands-on-keyboard beats book knowledge in this industry any day, from what I've heard.

Cybrary provides a solid pathway, it takes you from the basics to advanced topics so you know what you need to know before become hands on. I initially used it to follow penetration tester pathway. But I found THM platform much easier to understand and they update their content quite regularly. If i had to choose I would choose THM over Cybrary. Less expensive too!

just wanted to know guys, it is necessary to have a ccna for your pentest career .i.e if u aldry knw about networking

?

it’s not necessary, no

it’s good to have though to prove fundamental network knowledge :)

thank you @static tide 👍

Gave +1 Rep to @static tide

@dire rain are you still interested in chatting about that help desk position?

Anyone wiling to take a look at my resume and tell me what jobs should I apply for

Where I have chance

would a comptia a+ be a good addition?

Hi guys. What do you think about the masters in Cyber Security in EC council university?