#cyber-and-careers

I didn't start working today until 11ish

ha

well I sent you the listing, look at it when you get a chance, no rush

Which isn't normal, would like to add that

Yeah, the company I currently work for is small and I pretty much talk directly to the VP

Mainly because my position isnt normal for them as I am in a different state

Gotta say though, discord is pretty great networking tool

Well, currently I am also Looking for a new remote role!

what country are you in? what kind of role you looking for?

Penetration testing role. I am in Bangladesh

you can check the #jobs-board but I haven't seen any one mention Bangladesh before

Getting a security-related job here I would say "rare". Only, if anyone considers hiring someone foreigner as an external pentester. Not so sure what is the possiblity!

yeah that really doesn't happen, generally companies only hire within their country, even for remote positions

Is hard to find a fully remote job for junior pentester in Europe?

Hey Everyone, just finished the Pentest+ LearningPath and now I'm thinking more about a CompTIA Cert.
I want to do my first Cert, but I'm not quite sure, whether I should start with Sec+ or Pentest+.
About myself: I'm studying business informatics (final semester) and worked 2 years in an Hospital IT Helpdesk, so i guess, I have some basic knowledge.

Would like to hear some opinions from people who have already achieved what I want to achieve, thank you.

I would start with Security+

You didn't list what you wanted to achieve. But yeah go for Security+ if you are starting off; will give you a broad idea of what you can do in the industry and you can niche-down from there and what seems the most interesting to you

my bad.. hopefully a pentester one day

Sec+ covers a wide range of topics but only touches the tip of the iceberg. So that is a nice way to get started

Hy

I was scrolling through job openings the other day and looked at the ridiculous requirements coupled with atleast two figure applicants. Do most fit the bill or are they just hoping HR sees reason?

As a general rule, at least for tech jobs: If you match like 40% of a job posting, it’s worth sending in an application. Companies list their hypothetical ideal candidate in each job description, but are usually open to interviewing someone who only partially overlaps

@tribal flicker you about dad?

👀

Was a cleanup crew required?

It was, someone swooped by and did the big yeet

ty bb <3

https://tenor.com/view/the-clash-should-i-stay-or-should-i-go-indecision-new-wave-gif-16201154

That's the question

I'm not a people person and I hate conflict when avoidable... Which that's all a negotiation is

The information here is golden and I like his honesty: https://shellsharks.com/training-retrospective#certification-and-training-mini-reviews

Rhino Security are recruiting for an Associate Pentester: https://apply.workable.com/rhino-security-labs/j/6978653D44/

https://apply.workable.com/rhino-security-labs/j/0C7173C530/

nice find Brent (:

Hi Guys, I have an upcoming interview this week for pentest position. Any tips?

make sure you know your networking basics

thanks @languid hearth

Gave +1 Rep to @languid hearth

Next week im gonna go back to school, network administrator, what cert is good to do after?

ccna is probably the best entry level cert to get started with :)

Thanks @static tide 👍🏾👍🏾🙏🏿

Gave +1 Rep to @static tide

Thanks a bunch!

Gave +1 Rep to @haughty sundial

we’re looking for senior pentesters (check team leaders) in the uk - remote, dm me if interested :)

Hi gang, I've been working through tryhackme learning paths for the last 4 months, and I'm wondering if anyone has any advice on next steps towards finding a job in cybersecurity. I'm thinking about starting to study for the network+ certification, but would love opinions on whether or not this is the right next step. Is there a different certification I should be going for to get started? I don't have any formal CS background (I have a bachelor's of economics), and everything I've learned so far has been from tryhackme/other online resources.

network+ is a good start (or you can even go for the ccna if you feel like a challenge and really like networking - i personally suggest this route), and then look at the security+. those paired together is enough for an entry level security position and from there you can decide where you wanna go (eg. oscp for pentesting)

awesome, thanks big dog. Any suggestions on course materials to study for the certs? I know Professor Messer has a pretty robust youtube page/course materials, but do you know if that's enough to pass the exams? Or is there a better (while preferably still free) resource out there to prep for these exams?

Gave +1 Rep to @static tide

not sure of any other free resources (thm will help you along the way though), but i see this guy suggested a lot for network+/security+: https://www.udemy.com/courses/search/?src=ukw&q=jason+dion

he has courses and practise exams

Hello everyone, i thinking a while about make pentest company. But little bit different bussines model. We will make pentest for free, if we found vulnerability custemer pay for every foud with limit when we stop finding another one. Have someone expirience with similar bussines model?

The idea is creating i dont have all details yet

that basically sounds like a bug bounty

Yes only with different have contracted pentesters with NDA and contracted client. Because for a lot of companies is bug bounty too mutch public 🙂

the bug bounties that pay well often have similar, I don't know much about it because thats not my thing but there are invited bug bounties where I'm pretty sure a NDA is involved.

I found the channel i will look thanks 🙂

Hi everyone, i am a fullstack web developer for almost a year. And i am starting to try changing to cybersecurity. I would like to know if my background as web developer will help getting a job in cyber security

Web apps should be easy lol

understanding web dev and coding can both help get a job in cyber depending on what area of the field you want to go into

guys I'm new at cyber security and i started with CS50 course is that right?

is that at your university?

no self-learning

not sure what CS50 is referring to as it looks like a university course number, but there are many different paths to get into cyber sec, the Pre-Security and Complete Beginner paths on THM are good starting points, there are also several youtube videos and udemy courses that can also help with getting started in cyber sec

thx for your help I'll search about them ❤️

Gave +1 Rep to @golden ore

cs50 is just computer science, not cyber security right? i've not taken it myself but i have heard lots of good things from people that have done it

yes it's a pretty good intro to C and ComgSci in general

A good place to start that uses your web background is going to be vulnerability management and detection. I would say start looking at devops tools that perform security scanning, and if your current employer requires that the software be compliant to a framework, start reviewing those the requirements and controls that are applicable to your products.

Hi Brent, I'm interested on this position, are they offering remote work as well?

@warm hinge I am not a recruiter - just thought it looked like a nice role and thought others might be interested. Why not apply and see what they say 😎

Thanks Brent!!!

Gave +1 Rep to @peak steeple

Thanks!

Gave +1 Rep to @flat sedge

just had an interview for a remote SOC position :), messed up one question about whether or not DNS Zone Transfers use TCP or UDP - but he said most candidates didnt even know DNS used both lol

both isnt it

ah just read the message

I didn't know that either till the other day

dump of some questions asked I can remember:

What is DNS?
What are HTTP Status codes and can you name some?
What is TCP/UDP?
What is FTP?
What is a reverse shell?
What is fileless malware?
What is an IDS/IPS?

zone transfers use TCP, but the actual lookup uses UDP

Phonebook
418 - Teacup
All info, most info
Old
Amazing
In memory
A non-deterrent

well that were some fun answers

I read somewhere that UDP can be used for the transfer if its under a certain amount of bytes.

just DNS things

never seen voip use tcp but maybe

Iirc SIP is TCP to establish the call etc?

Then audio stream is UDP

magna i think you're mixing it up? dns uses tcp if the request is over a certain amount of bytes - but yours maybe right too

yeah to start the connection maybe but when the connection has started the audio stream is pretty much never tcp

SIP can be UDP, TCP, or SCTP

Well it depends. Sometimes it's even SCTP.

SCTP is naturally used most in telco core, not much in the internet at wild

but theoretically it could be used there as well. You just never see that 🙂

The audio streams are often RTP or the encrypted version

mostly RTP, yeah

ITU standard codecs, G711 etc

ITU or 3gpp defined ones.

but basically SIP listens to UDP and TCP, UDP can be used if SDP payload isn't too big. What's too big depends, but in theory anything under 64k should be transmittable over UDP. In practice a lot of nodes limit the datagram to 1400 or so bytes, and fragmented datagram to 8k

according to the AXFR RFC, AXFR is not bound by the traditional size limit for DNS over UDP

(also, the number of SIP headers may get large in certain scenarios)

IIRC H.323 signaling is/was all on top of TCP

I'm not going to school this semester and probably not next semester so I basically have like a year off to focus on my hacking skills. Question what certifications would you guys recommend I start?

I know try tyhackme offers use discounts for the comptiA exam so I plan on getting that

Network+ and Security+ are good entry level certs, beyond that, depends on your country

Got it thanks

Gave +1 Rep to @pseudo creek

-rep to swag

Phones over Ethernet?

Anyone doing successful bug bounties?

@buoyant pendant

Guys, any preparation advices for a SOC I interview?

Hi

#cyber-and-careers message

Aah thanks Jake. Luckily I know those. Been studying some Yara rules

Gave +1 Rep to @static tide

Isn't a free one offered by HarwardX?

That feeling when you can exploit most of these but can't define a few lmao

Would you guys recommend the OSWE before the OSCP?

I'm going for the Pentest+ next but was wondering if the OSWE should be before the OSCP

no OSCP -> OSWE is a natural progression

OSWE shows a good proficiency with web applications for code review and exploitation, OSCP is basics on that so is a good base to start with

Hi, I their is any way to earn money online using our skills leagally?

yes, check out bug bounty programs like HackerOne, Synack Red Team or Bug Crowd

So what skills is needed to work on this.

means in which field we have expert to for this

bug bounty is mostly web app based unless you get through the application process to join Synack Red Team in which case you'll also get infrastructure

Also bug bounties are very unreliable ways to make money

Currently in the hiring process for a blue team position! Any tips on what I should expect? Will be my first true experience working SOC

Log analysis

I was interviewed the other day for a SOC position and was asked these questions, definitely make sure you not only understand networking fundamentals, but be able to summarize terms and aspects of it quickly when asked

#cyber-and-careers message

The HTTP STatus codes and Family of Status codes is one of my faves to ask

Hallo, I have a question about my first job, Is Rapid7 Associate SOC Analyst a good first job?

I am very old to not have a job yet its very sad but I know what I doing wrong now though I have all the technical ability for entry level I just need to jump down a staircase more So I can answer the questions about culture better

... Pardon?

I’ve never been so confused by something

could you possibly reword that to be a bit more verbose in what you want answered?

R7 probably a pretty tough place to get a job at

associate positions aren't exactly entry level either

Also just got hooked up with an interview

Hi guys! I’m currently looking for a remote SOC Analyst position. My current employer decided to change rules and we getting back to office. Which is impossible for me as just bought house and have baby on the way 🤷‍♂️ if anyone can help I would be grateful. I have over a year experience and I’m eager to learn to be the best! Also I do not like to change workplaces so future employer can be sure I’ll stay as long as I can. 💪 @dire rain any chances you have something?

good luck

question:

im currently in university finishing my BA for Computer science with no experience in cybersec (what im looking forward to do). I am aware that i should begin by getting some certifications, however im not sure which to go for first. I am thinking security+ but a lot of articles ive read say to try to get your network+ before you attempt security+.

If you are getting a BA, in CompSci what are you looking at for internships and post-graduation jobs?

BSc surely?

Depends on the college, liberal arts colleges do have BAs in science disciplines

Did you take any networking classes as part of your degree? Network+ is often recommended but I’m not sure why you would need it before Security+

yes BSC i meant

and no actually only did some minor stuff with MySql but thats it'

i read that security+ has concepts of network+ so thats why they recommend network+ first

it wouldn't hurt then to take network+ first, networking is very important in cyber security

Today I got an invitation for an interview for a pentester. Chief HR and their project manager will be present. Any recommendations? This will be my first interview for this kind of position.

doesn't sound like it will be a technical one, but they might ask a few "what is this vulnerability" type questions, so make sure you can clearly explain sqli, xss, ssrf, csrf etc. - although they might be just behavioural type questions and admin-type questions (expectations, salary, clearance if required etc.)

it is probably just a pre-interview. thanks.

For those currently employed in infosec roles, when it comes to certs do you need "a collection" or will one do depending on it's rep?

Depends on your role. I ended up as an infosec engineer doing compliance work with only a CISSP - I do have a B.Sc in CompSci though. I would say don't get any certs unless you see them in job listings.

Unless you're after them for the learning materials attached

In which case it's still worth getting them

Or for the challenge, for that matter

Cert learning materials are almost always pretty terrible.

If one is after the learning part, pay close attention to the exam objectives, that will be a better syllabus to guide your study than any official course material.

PWK is pretty good

ETBD is very good

Got it. Thanks for the help, Juun and Muiri.😃

Gave +1 Rep to @flat sedge

+rep @undone shore

Well that didn't work.

Anyone know of CSPT or HDE? (Cyber security professional tester, Hacking defined expert)

what's etbd?

Pen-300

OSEP

ohh

what's that acronym you used

Evasion Techniques and Breaching Defences

That's its real name -- like PWK is the "real name" for Pen-200

Both naming schemes are actually still in use -- every course has an ID designation and a name

?

Never heard of 'em. Who makes them?

It's more of a general certification

It can be made by any company who is certified to do so

No clue who certifies them tho

Never heard of them 🤷‍♂️

Damn

It's also like recommended to get oscp after but unfortunately I will have to pay full price on the oscp labs aswell as the exam

OSCP is generally the entry level cert just now

Yeah I know

Btw does anyone know a good way to get into exploit dev?

sell your soul to the devil?

Honestly I would to be good in exploit dev💀

Easiest method😂

Also best for your soul cause it will be DAMAGED after learning it

exploit dev requires a solid foundation of systems programmings, you'll need to become skilled in C, C++, ASM and become very familiar with WinAPI and programming paradigms

Ight thx

Is C++ necessary tho?

I'm cool with C and asm but C++ seems s tad bit unrelated

You could get away with not learning it - but many of the paradigms and abstractions you'll want to use as a systems programs are natively supported in C++

And, C is a subset of C++. C++ is really 4 separate programming languages

once you dive into Windows documentation it will be hard to get away from C++. C# is a good alternative but either way you need those to easily interface with Windows systems

and technically you could use C but that seems like a not fun time

Ayeee thx guys

But then its learning 1 less lang

😂😂

Honestly tho, selling my soul seems alot easier so I'll go with that xD

It's really not though. Learning C++ well encompasses C. C# is an entirely different beast.

I know C a bit already but the hardest part of learning different langs is the sources to start

Highly recommended https://www.youtube.com/c/CalebTheVideoMaker2/playlists Hes courses are very good.

I have invited to join a start up Pentesting company and when I start I mean it literally started last month. I am into minds about joinnig such companies: on the one hand the experience would valuable and hopefully decent money and on the other hand - they are soo new I could join today and they go out of business next month. Is this too big a risk or too good an opportunity ?

do you know the ceo? what's their background like? salary? do they have someone handling finance/hr?

i work for a startup but he's been doing pentesting for tens of years and had all the right people to handle the admin side of things

@static tide Thanks for quick reply! I know of him but don't know him directly. I understand he runs some kind website offering trainning but know nothing of what's in place HR and admin-wise. If he were established like youe comoany for 5+ years - then my mind would be at ease but from the sounds of it - this is not the case.

Gave +1 Rep to @static tide

Do they have Cyber Security/Cyber Operations Insurance? This is required for most consulting/incident response and cyber operation companies

Plz.. anyone help me...
How to kali Linux or parrot os install process on windows pc?

Bro it's simple just click on the download .

Ok thank you

Do you guys think I can get a remote job with A+, Net+, CCNA? That's all I have right now and minimal experience

when you say remote job, do you mean a job in a regional area? or do you mean a job where you can work from home 100% of the time?

work from home 100% of the time

Work from home jobs are possible but harder to get without experience… not impossible

Yeah thats what I figured

😩

Doesn’t mean you can’t try

It is also very country dependent

I guess just have a look for roles with your requirement (wfh 100%) and see what they are asking for, if you meet a chunk of the requirements or feel you could do it just apply

Thanks @pseudo creek @opaque laurel

this video might be useful for you :)
https://www.youtube.com/watch?v=ITag3nc49oQ

thanks

Gave +1 Rep to @static tide

Should TryHackMe be added to my resume?

Context: Currently a Sophmore Cyber Security Major who has minimal "Technical" experience

not unless TryHackMe experience is specifically asked for in the job listing, some advice I got regarding that situation is that worst case you are better off creating a blog, getting active on GitHub (which can cite in your CV as being an "Open Source Contributor" ) and reach out to career services at your school if possible

on the other hand, if you've created content for tryhackme - definitely stick that on there

What do you mean by reaching out to your career services at your school? I'm already working as a Technical Support Specialist / Help Desk at my schools IT Division

well ya should've mentioned that lol, that's good enough to apply for entry level security roles

at least look at sysadmin/netadmin roles

Okay yeah bc I have some experience in a Technical position just my resume seems a little empty and wanted to see if adding TryHackMe training would be a good idea

it may not be a bad idea in an extracurricular section but I'd put details about your job and skills more than anything

if the job posting asks for a knowledge of specific tools (Nessus, Burp, sqlmap, ...), would you put them to your CV if you have experience with these tools?

yes

thanks

is hard to find remote job in europe as junior pentester, which certs are best for it?

Hi

I am getting a CCSK CERT from cloud Alliance

Will it be worth it

do you see any jobs asking for CCSK? Cloud Alliance certs are considered fairly easy, and covers the basics but I've never seen a job listing asking for them

Yes

That's the problem

CCSP required 5 years of experience

it does?

Yess

ahh I didn't realize CCSP asked for it as well

honestly vendor certs are the best

AWS, Azure

And the CCSP made by Cloud Security Alliance with partnership

CCSP and CCSK are vendor neutral certs

Like CISSP

For cloud

yeah I got the ACSK or CCSK-A... they changed the name I think

but it was as part of a class at Blackhat

CCSK

Is a open book cert

yeah mine was as well

but if you want to go into cloud, I'd look into AWS or Azure certs

The concepts are great

But if the opportunity are less it's not worth it

I have azure one's

which ones?

Fundamentals one

AZ900

any others?

Just started

To look into cloud

ahh ok, I'd go beyond fundamentals

Looking to get SC900 AND AZ500

AZ-104 is a solid cert

and then AZ-500

That's for Administrative

AZ104

yup

its a great cert to understand Azure

What's its like to work in Cloud security

I am coming from VAPT bg

I like it, there is a lot to learn and you have to constantly be learning but its fun

What would the path I should take if I am coming from VAPT

like I said, I think I'd look at taking AZ-104 and also knowing AWS would be helpful, AWS solutions architect associate is a good cert there

CCSK is like understanding a high level video of cloud security concepts

Which can be applied on all the clouds platform

View*

if you wanna do it, no one is stopping you

I am really confused

Company need cloud skills

But cloud is huge

😂

Big 4 need cloud skills

yup, seriously if you get certs from one vendor, you can easily translate to another vendor

EY KPMG DELLOITE PWC

All the company moving to cloud

They have just started

I've been doing cloud stuff for about 6 years myself

Can I DM you ?

why not ask here?

Sure

So if I am moving from VAPT and begining into cloud security

I should go for azure ?

Or aws

Right?

if you are in the US, definitely

Google is 3rd but has less hold in the US than in some other countries

Well I am from Big 4 these are not product base companies

I want to switch

To cloud

so what do you want to do? vapt for the cloud or something else?

Cloud

honestly, its not much different but understanding the services within AWS / Azure will help

Done with VAPT

well what do you mean by Cloud? what do you want to do?

Cloud is like saying "Data Center"

Anything related to cyber security

so cloud security engineering is an option, there are lots of options though, anything you can do on premises, you can do with the cloud

Cloud Security Engineer seems good

What is the path ?

well I'd look at job listings in your area but understanding the specific vendors is critical

I see

Getting a CISSP if I move to cloud

How's that's ?

Will work?

if you want to continue with Azure, this might help https://acloudguru.com/blog/engineering/which-azure-certification-is-right-for-me

Does getting a job in Germany is hard? after Bsc in CS and CEH?

mention my name is replying

CEH doesn't have much respect outside of india

comptia?

CompTIA has some.
Pentest wise, OSCP is fairly universal (excluding india)

CompTIA A+ network+ and security+ really helped me alot, working on my OSCP now

Which will be better for freshers?
A+ sec+ net+ or oscp?

Hi

Am new in this field

Will anybody please guide me

?

hello, what kind of guidance are you after?

your description/question is a bit vague

I want to make carrier in cyber security

So from where i can start

What can i learn first

well you can check out #start-here

I suggest making an account on the website this discord is for, www.tryhackme.com and completing the pre-security or as much of it as you can, learning path

from there you will have a better understanding of what you need to know

specifically, for a career, you should look at jobs you are interested in, in your area, and what requirements they list and as a longer term goal, work on those requirements

that depends on how new you are

as A+ is basic IT knowledge , Security+ basic security knowledge and net+ basic network knowledge

meanwhile the OSCP isthe industry standard for getting into pentesting

but imo its much harder and more practical then the others

@jovial leaf please don't send unsolicited DMs (rule 1)

Ok sir

Sorry sir

hey man, if u dont mind, can you check the #offensive-pentesting-path please i need some help

Please don't do this.
Ask, and be patient. Everyone is a volunteer.

ok sorry, it's because a saw you helping another guy with the same question but i couldn't get any solution

if I'm planning to take a Sec+ exam in 1-2 months from now, should I list this cert under the certifications in my resume with a note when I'm planning to take it?

nope, only when you've passed

thank you.

Gave +1 Rep to @pseudo creek

hi guys, i need your advise... i'll start a stage next year, what is better for starting to you? SOC, Pentest, or something else?

thank u all

or even digital forensics idk

Network and Security fundamentals. 🙂

sorry, i mean which job choose to start

Network analyst /admin ? 🙂

various jobs have different requirements, ease of entry and of course interest to various people

Goodmorning everyone! Quick question here. So, I have sec+. In the beginning of the year I will be making my way into cyber security. I have had a few people tell me to go for AWS certifications. Can anyone give me some insight into that?

if you want to do cloud security, AWS certifications are a solid choice

Okay, awesome! Thank you for getting back to me.

What roles in CyberSec have the highest ceiling in terms of Pay?

CISO or getting lucky with bug bounties

CCNA or CEH which exam should i give ??

give or take?

I can't speak for CCNA(imo just network cert with not much focus on security), but if you have CEH money you have money for a better cert like eJPT(course is free exam is like $200) + eCPPT or OSCP (each ~$1300)

they are widely different

if i want to go in Blue teaming then which exam should i give first?

ccna

actually the thing is CEH is MCQ based exam and i kinda don't like that

MCQ based?

Whichever cert exam you take, be sure it is a proctored exam. Non-proctored certs are worthless.

multiple choice questions. CEH is 125 questions and 4 hours. and it's really really bad

this isn't exactly the proper forum for that

Ok i will dele it

I suggest you contract with a proper firm for that kind of thing

I am looking for pentester into my startup company :) but if it againts forum policy i will respect it

it's mostly that we can't verify your claims, so best to stay on the safe side

Do you have expirience where found good pentesters for contract?

sorry, I don't know. Others might

@raw current not sure if you can help out smixers here

Yup, can help for sure, contract and perm

i have an interview tomorrow and there's 2 paths for the position "Network Analyst" and "Information Security Analyst". My question is what are the basic differences between the two so I can ask more about specific responsibilities of the roles in the interview?

also what are some questions i can ask about a "information security analyst" position or good questions in general for an interview?

Do they have the postings, or can you look on a hiring website? I'm not sure I could tell you the difference just off those names, maybe one is network and the other is EDR. Hard to say there, Good luck though! @quaint flare

I mean
Which will have more chance to land me a job? All the + combined or oscp single handedly?

oscp, because it would kind of already imply knowledge from sec+ and net+

but it depends what job

Any kind of 😂

definetely OSCP

Then i should prolly start preparing and save money for it 🙂before my college ends 😐

good ideaa

would recommend that for sure, if you wanna go to the pentesting/offensive side

it does help in blue/defensive side asw el but not as much

What for blue? Cissp or something?

Also what job roles i can expect after oscp?
Is there a blog/article about this all stuff describing roles, payscale and other things? I couldn't find one

well it’s gonna depend on where you live and when you’re searching

the most accurate results will come from looking at job boards yourself

search “oscp” or “junior penetration tester”

Blue a lot of time they dont ask for certs until or unless you go into Risk Managent where the CISA (ISACA certs help) . But if you wanna look for some elearn has some great blue team content, then there is Security Blue Team which is preeety nice

aand on the what to expect after OSCP , my thoughts are exactly what jake said

It really does vary by what the specific company means by network analyst or information security analyst. Like toaster said, if you have job descriptions, that could help some

CyberSeek has a lot of info about the US... this is a good start although they have various other tools on their website https://www.cyberseek.org/pathway.html

this is all that it says about the specifics

Information Security Analyst – Monitor computer networks for security issues. Install security measures to protect systems.

well thats vague...

it doesn't even give a description for network analyst 😂

if you know you want to go into security, then take the InfoSec analyst position

You can try to pick up some siem certs. Splunk 1&2 are easy enough and can’t hurt for analyst roles

gotcha

i'll ask about that in the interview

like day-to-day responsibilities

So I have no IT experience besides having a few certs(Net+,Sec+,A+,CCNA)(know basic Python and still learning) Are Helpdesk positions the only thing I can apply for right now since I have no experience? End goal would be something in a Security role

@mint hound Depends which country you're at as well. Job markets differ wildly even with remote work.

I'm in U.S.(TX)

@mint hound I'm in the same position as you and a lot of job postings are asking for CEH or OCSP certs. HR loves these two for entry level ethical hackers

I'm just learning as much as I can. Udemy, Try Hack Me, every where I can to get hands in experience. If you can identify bugs and be able to talk about them on a blog or LinkedIn etc, it really helps people tell me.

@mint hound since you're in the US, there's really no shortage of jobs if you can learn the core skills .

I just looked up the cost for the OSCP/CEH...😩 Why are they so expensive lol @hazy torrent

OSCP is pretty cheap compared to some others.

SANS certs and courses, in particular, are very pricey.

@mint hound Haha they offer pretty comprehensive training and you get a voucher to write take the exam. Guess the training is what costs $.

I know CEH has self paced online me training which is cheaper than the live classes. Think you can get it for like $650. Not sure if that's withing your price range?

@flat sedge a lot of people say you should do OCSP but that is like a 24hr hacking exam. Think it's a bit hectic to start with

OSCP is a gatekeeper cert to perform the business function of a pentest and generate a reasonable report on a professionally unacceptable timeframe.

It's technically entry level, but every level to security means something very different from every level webdev or sysadmin or network admin.

@flat sedge Aah this is true. Things are always changing in this field as well. Guess the barrier to entry is higher in the cybersec, infosec space.

I wouldn't say that the barrier is higher, as you said it is changing and companies keep changing their requirements for desired positions

Yeah a blog is something I need to do because I'm horrible at explaining things. I didn't realize you needed an OSCP or CEH to be considered for blue or red team roles

you don't need either to be considered for a blue/red team, I have no degree and 2 certs (A+, eJPT)

networking, networking, and more networking; that is the best advice I can give

thanks

Gave +1 Rep to @ancient prairie

Where? Linkedin?

I see
Good to know there is good opportunity in both fields

yeaah indeed and yeah search on linkedin/indeed if you are in the us

What about outside of us?

linkedin, glassdoor, indeed, every job board really

O_O
Will check out
Thanks

Gave +1 Rep to @static tide

really hope I can skip over having to apply as a Help Desk position and find something remote

there are remote help desk position, depends on what you are doing; you can go for an entry level analyst often to skip the helpdesk

This is probably a stupid question but how much customer interaction does that role have?

it varies, most SOC analyst have limited interaction but it changes from company to company

Thank you

Gave +1 Rep to @golden ore

Out of curiosity what roles could I apply for if I have the Sec+,Net+,A+,CCNA? I'm not sure what to apply for but I want something leaning on the Sec side just don't have experience

without experience might have to settle for helpdesk or some jr sysadmin work, should still try for a SOC analyst or generic infosec analyst position though with your knowledge

@undone shore

guys i want to ask

do you know any info about international seminars?

please help me if you know

thank you

What do people think about CREST exams, more specifically the CPSA & CRT. I'm looking into taking them both soonish and was wondering if they are the right path to get a job as pen tester. Thanks

CRT is a great help if you are looking for a job, a lot of consultancies tend to deliver projects that require CTM. They aren't the most exciting of certs to get but they are valuable. If you have CRT and OSCP then you're laughing and will likely walk into a pentesting job

Unfortunately i do not have OSCP 😦 and as of right not have no aim to get it. So to confirm you do recommend getting BOTH crest Certs as they help in getting my CTM. I should've also added im from the UK if that changes your answer. 🙂 ❤️

So to get CTM you will need both yes, CPSA is the prerequisite certificate to CRT, CRT is well recognised so will be a great start and likely be able to land a role with it 🙂

Is all good, if you said you were from outside the UK then I'd probably of said not to bother as it's only really recognised here 🙂

ah okay, really appreciate your help fellow uk person. So i will continue on my path and prepare myself to do one of the courses they recommend. Do you have any recommendations on which training provider to use?

unless it’s getting paid for by a company, don’t bother with training

network security assessment book is really good, and some of the recommended reading

if you take money out of the equation would you still have the same verdict on training?

depends who it’s with tbh

i had some ctm training which was good

Is there any kind of roadmap out there for going into Blue Team or Red Team? I feel like I'm learning things right now that won't even carry on to my desired role.

Actually I guess the THM room should give me an idea

The ones that are approved? are they any good

i couldn’t say but look around for reviews on each one if you’re looking to go that way

Good Evening,

I hope this message finds you well. As I write this message I have become comfortable at my current role and have started to consider a change. This wouldn't be immediate, more then likely 6 months from now or longer, but with the Government Fiscal Year ending I was wondering if you knew of any approaching opportunities.

V/R,
Moose

I know we had this conversation a couple of weeks ago but I got distracted

I made an edit to my current job situation but I think I may edit it again

I think im going to go with "as I write this message I have started to consider a change"

Yay or nay?

who would this message be going to? talent acquisition/hiring manager?

Talent acquisition. We have communicated in the past and she tried to get me before I took my current job but our time frame was off

ah okay, tbh I'd say its a bit too formal, but it works if you see that she doesn't have any jobs posted currently

most of the time I would see a job i wanna do, reach out directly to the talent acquisition "Hey I noticed your company was looking for a network analyst. I'd love 5 minutes to chat about the role whenever you get a chance"

Has jobs, not going to get specific as they would immediately dox her as they are hyper specific , but they aren't anywhere near our field

gotcha, if the other jobs she does have posted are recent, you can probably assume she doesn't have anything for you right now but definitely doesn't hurt to re-introduce yourself

unless she is the key to some jobs you're set on, I wouldn't worry too much and keep working other talent people

They just posted a ton of cyber positions 20 minutes ago

nice, definitely seems like theres a hiring spree going on near me in the north-east

hi guys and girls im new in to the cyber security feel did one you like to give me some point what to do

more like in getting job in the that feel

@ashen halo Get on LinkedIn and other job boards in your area and start looking at job postings. Look at what skills and experience they are looking for. Look at the technology stacks they expect you to know. Get familiar with that stuff as well as make your way through some of the learning paths on THM.

The #pre-security-legacy-path and #878393611929129000 are good places to start

thanks buddy

https://tenor.com/view/south-park-buddy-guy-friend-canadian-gif-6183589

😉

Do you guys think that a master's degree in IT Management and an OSCP cert would be enough to get a junior penetration tester job with no prior experience? Just curious to hear from people who have been there/done that 🙂

Generally speaking, yes.

There are many external variables to take in to account, but I can almost guarantee you'll at least get some interviews

Thanks @iron mulch that's reassuring to hear

Gave +1 Rep to @iron mulch

I have my bachelor's degree in accounting, so I think that doesn't help me though

The bachelors degree is usually your HR filter.

(in my experience)

Contributing to the field/industry, OSCP and having a positive presence in the community are also valuable

Hopefully that's enough to look past my bachelors

Appreciate your insight 🙂

No problem. Have confidence, work hard, give back. It'll fall into place.

The masters may actually hurt you in reality

It will price you out of what companies are willing to pay for junior roles and removes a few years that you could get real world experience

Some others on here will agree, masters are for management level roles

I'd sign on to that.

Its not a guarantee but I have seen it happen

Yeah if it was a bachelors+1 I'd say maybe but even then it's up in the air

Honestly, most companies don’t care what your BS is in if you can show your skills. They just care that you have one. A better bet is to get a few certs and build a portfolio

Thanks, yeah that is kinda what I was hoping for with the OSCP and some of my GitHub projects

Gave +1 Rep to @pseudo creek

Yup

We have annual cyber security conclave with many experts from cyber industry. You guys can register if you want
https://bit.ly/CYVIT2021

Is there any age limit for Security + ?

Have to be 13 to take it

So I am currently 17 so i can go for it right?

Yep

Thanks

Finally my IT Support contract is ending - I am now looking Pentesting or Cloud Sec/Pentesting roles. I am UK based and open to remote offers.

There is a discord called Cyber Job Hunting that might be helpful to you

@native elm Thanks! I will search it out 🙂

Gave +1 Rep to @native elm

If you can't find it, DM me and I will send you an invite

I'm going through an looking at infosec analyst positions and some are asking for c++. Didn't know that was required

it's not a requirement, might depend on what the company is doing with it

Lots of things are written in C++. But yeah it's going to be dependent on the company

Job descriptions > listed requirements

Most of the time lol

If an infosec job is listing c++, it's very likely that code review from a security perspective is on the list of responsibilities for that role

Another scenario could be that they have some custom tools that they built in house using C++

C++ honestly isn't too hard to learn. A little time and personal projects can get you to a functional level

the data types are the only bad thing about cpp

especially in a windows env

Is anyone in the SysAdmin/SysEngineer/DevOpsEngineer space who would be up for a chat?

I mean I am a Cyber Security Engineer but I do, what I feel like are, a lot of SysAd tasks because we don't have one

Beard, I've done some platform consulting. A few POCs for k8s. Depending on what you want to talk about within that space, I'd be up for it.

I don't mind a bit of an open forum chat; I'm basically fed up of working helpdesk, and have raised with my manager that I'd be interested in something more technical with my company (started with coding, but over time my current role evolved to not), so I'm trying to look into that kinda space, with the view to eventually step into that CSE space @stoic cave .

Basically just looking for the overview, thoughts etc - what am I getting myself into, what can I expect, and what are some good fundamentals to get in place before I bother asking for the interview with the Infra manager?

(And of course... other questions that I don't really know enough to ask yet, but feel free to add 😄 ) .

What section of infra is this manager managing? Or is it just "all the things"

coding != devops

Yeah was just going to add that as well, I've seen that a few times now

All the things really. Head of Infrastucture is more correct I think.
And no worries on the coding != devops. I'm not the greatest coder in the world, just good enough to get by haha.

beard, if you want to have a more indepth talk, ping me in 3 hours. i need that long to get through my task list today. We'll jump into a voice channel and chat a bit, if you have time then

anyone is welcome to listen in and contribute, too

You can ping me as well if you'd like.. can give you some of my perspective since I'm in a very weird devops job

3 hours? Sure

Might be a wee bit too late for me at that point as I'm back up again in the AM, but if I'm around that's certainly a shout, can have a bit of a chinese teaparty type call 😄

yeah, 7 hr time difference is killer

tell you what, i can move it up to 90 minutes from now. i'll reorg my day a bit

Going out with the dog and the mrs right now though, will be back in about half an hour or so and can catch up there, thanks guys ❤️ .

Yeah my path, I feel was rather a-typical, so my advice is somewhat specific

I sat on a helpdesk for 3 months as an intern, had a bunch of personal projects, and had just finished my BS in Computer Security when I was hired as a CyberSec Engineer. Don't even have junior in my title which I thought was weird/cool

could i get a ping when you start if you remember please 🥺

Sure

Yo so I just graduated from UC DAVIS cyberbootcamp

I am trying find job in IT sec filed

congratulations

Is there actually a malware developer course like OSED? Or is Malware Developer = Exploit Developer?

yes, malware developer = exploit developer

Depends on your definition of malware. Offensive tooling? OSEP.
Software that can only be used maliciously? (e.g. Ransomware). Nope

I would disagree with Zojja, purely splitting hairs over definitions of "exploit" and "malware". OSED, for example, covers low level memory manipulation to develop exploits in specific pieces of software. Malware is software in its own right that is especially written to be malicious

ahh yes that is true, you can certainly have malware that aren't really exploits

but I'd say the more interesting malware are exploits but depends on what you call interesting 🙂

Course developers likely avoid the use of the term malware due to the negative connotations, like SANS calls SEC760 Advanced Exploit Development for Penetration Testers. That's pretty clear what the course is going to be about. Playing it safe is a good strategy. 🙂

There’s also the sektor 7 course which is closer to malware dev

Hi everyone, just joined the THM community this week and really liking the content and friendly vibe.

Question for Pen Testers - In your opinion, which industry certification for pen testing is the gold standard? For a newbie like myself, it's a bit overwhelming trying to work out what certification I should work towards

I'm not a pentester, but the OSCP is pretty much the most recognised pentesting certification. It's not geared towards beginners, though, so it would be something to work towards in the long run.

But malware is relevant for penetration tests, isn't it? Or is that really only used in the black hat space?

Not really, no.

Depends on your definition of malware

Kinda.
There's offensive tooling (e.g. shellcode injectors, AV/EDR bypasses, AMSI patches, etc), that are used by both sides. That's the kind of thing you might learn through a course.
Anything that's full-on designed to he malicious is entirely irrelevant to anything white-hat though. Again, for example, something like ransomware which can only be used to cause trouble.

I just landed my first cybersecurity job thanks to comptia security+ and THM!

congrats!

Thanks!

Gave +1 Rep to @pseudo creek

Congrats!
I'd like to know your degrees and any certs you've got, if you don't mind.

I have a Masters in Physics from 2015, and I have a little experience in python and c, but I've never worked in IT and the only cyber cert I have is security+ that I got in August

Thanks! I wish you the best.

Gave +1 Rep to @barren anchor

You, too!

-_-

What should I do my masters in? I'm currently in my final year of bachelors of computer engineering

Honestly if you don't know what to do a masters in, then you shouldn't do a masters.

Would you rather recommend a pure computer science study or a cyber security / it security study in the bachelor?

I'm biased since I graduated in comp sci, but I say comp sci. Gives you more options in your career and you can always pick up cybersecurity whenever with the comp sci foundation

Also if you search for "computer science" you can find other answers on the topic, it's asked a lot

In the meantime, this is also my thought that it is better to study pure computer science.
But the chances of getting into infosec are much more difficult with a pure computer science degree, isn't it?
How and when did you do your OSCP? Or how and when did you start hacking / penetration testing to prepare for your OSCP?
Does it make sense to deal with something like that during your studies?

But the chances of getting into infosec are much more difficult with a pure computer science degree, isn't it? Not really, but you need to remember that infosec is often not an entry level field

A common path to pentesting is graduate with a degree in some computery thing, do SOC work for about a year, and become a pentester

How did you make this fancy quote?

That sounds like a great way to go. SOC can also be a system administrator with infosec reference, right?

I do not understand that second question

https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline-

I mean that there are system administrators who primarily deal with infosec, e.g. to build more security in a network etc..

I was talking about SOC analyst jobs.

I still don't know what you're trying to say

security is becoming a bigger portion of system administration, but system administration is not considered a security job

and SOC analyst is a specific job

How and when did you do your OSCP? Or how and when did you start hacking / penetration testing to prepare for your OSCP?
Did my OSCP early last year, got into infosec 2 years ago (was in web development before then)

but there are tons of jobs within security

Maybe they're thinking secops?

At what stage of your career were you at this moment?

SOC Analyst work with SIEM as an example, right?

About 10 years into web dev? I was getting burnt out so wanted a change (was predominantly front-end)

yes, will work with SIEMs, EDRs and probably network health monitoring too

I meant as in if I want to get into security, what should my masters be in? Information security? I've basically done my bachelor's in computer engineering I'm in my fourth year, no subject is gone into in detail so this whole degree was like an introduction to help me decide what I like. The thing is this whole time during my bachelor's I was so occupied with just completing my college stuff which didn't give me enough time to focus on getting into depth with any of the subjects. I don't want that to happen with my masters aswell like where I'm just mediocre in everything and not really good in one thing, so I'm tryna avoid doing a master's in computer science

what degree would help me in cybsecurity as a career?

after the certs

ive seen a lot of people recommend computer science

My bachelor's wasn't IT related, but I find this statement goes for all majors. One of my professors gave me the best advice which I'd like to suggest to you. He said something along the lines of 'wait until you work before diving into your master's. Master degrees are often for people who've worked professionally and now want to specialize. Also, you can sometimes find a company that'll pay for your master's.' Also, just my opinion, but you wouldn't want to be over-papered but under-experienced. I'd suggest getting some work experience before master's.

Yes, computer science is the most often recommended major for degree pursuers.

can getting CompTIA CYSA+ get you a SOC anaylst postion, with a B.S. IT degree and 2 internship?

Give it a try. 🙂

Certs will help you more than a masters. Unless you have a burning desire to do a masters in a specific area, I’d skip it for now

Computer science is the most common BS degree we see for people going into Cyber but you aren’t limited to that

Second the rec to not to a masters unless someone else is paying for it. Typically it's a career advancement checklist

@rugged sable re: your job posting: "We have payroll set up in four countries: the UK, Ireland, and France." 🙂

oh nice i forgot we had that

if your company can bump it 20%, i'd consider moving to Ireland for it 🙂

But "four" countries? 🙂

lol

I think the 4th might be Spain

but yes our job descriptions aren't the best

I'll report it 😄

😄 It got a smile on my face!

We also have this role but I can't talk much about it, I am not very close to this team 😛 https://boards.greenhouse.io/monzo/jobs/2984698

Help me I'm trapped in open parenthesis

You have 5 years + experience within information security incident response, and within a commercial environment (ideally a tech company.

When applying for a job offer as a penetration tester, do you include your THM / HTB rank along with your CV, with possibly a screenshot?

coz software developers are often asked for a portfolio. Whats the portfolio in infosec, specifically in Red Team?

Honestly I was looking at Masters in another country because I want to move out of mine (its kinda getting bad lol) and the education system isn't very good. Australia, UK and Ireland were the possible options. Any suggestions on which would be a good place in terms of jobs in this field?

sorry no clue

Where do you currently live?

India

OK

Alright thanks

Gave +1 Rep to @pseudo creek

Often tooling. Your Github is a good bet

Thank you!
But what kind of projects can I do on GitHub that are relevant to a job as a penetration tester, for example?

Gave +1 Rep to @undone shore

Code tools to solve problems. Doesn't really matter if they've already been solved.
For example, I needed a lightweight windows port scanner, so:
https://github.com/MuirlandOracle/CPP-Port-Scanner
Equally, exploit PoCs are good.
Anything that you could use in your job is of interest to a recruiter.

Just... don't put anything illegal there

Can having just my A+, Network +, and Security+ guarantee me a foot in the door at a job?

along with THM certs and accomplishments?

@rugged sable What kind of requirements would your job posting need in order to work at this job you posted in jobs-boards?

Just for educational purposes 🙂

alright thank you! The company I'd like to work for as an 'Ethical Hacker' has the following in their job description:
'You write your own malware in C#, Powershell, .NET using DLR?'
Would that be an area to do a project on for GitHub? 🙂

Gave +1 Rep to @undone shore

"You write your own malware"
"Ethical hacker"

That sounds cool!

The fact that i love programming, this maybe an option for me as well 🙂

Yes and no.
A) A job posting asking for malware development is sketchy af. Maybe clarify that one.
B) if they are really asking for offensive tooling, then yes.

Don't actually post malware on Github

That's right 😄

Be aware though: any tools you post on Github will not bypass AV for very long

Well, mine ain't so popular so it's all good there

No, thats only a subfield 😄

Malware dev is not ethical

No matter how you put it 🤷‍♂️

#1 most important skill is ability to learn we can teach u everything.

Ideally we look for (for that role):

• ability to break things and think outside the box, you are a hacker after all!
• cloud infra stuff. So if you know AWS you'll be good (cassandra / kubernetes is also very very good. Bonus points if you know Go)

That is an incredible wow!!! XD

big motivation

These are the full requirements (the original job description is in German. I just had it translated quickly now with DeepL to make it faster 🙂 ) @undone shore

A QUICK CHECK:
Do you really think about realistic attack scenarios to actually help your customer?
You write your own malware in C#, Powershell, .NET using DLR?
You know how to perform a Golden or Silver Ticket Kerberos attack and can explain how it works as well?
Your OPSEC is so good that you stay under the radar for any Blue Team?
Even when Microsoft ATA and ATP are executed, you act successfully?
Powershell one-liners do you shake out easily?
Do you start with the tasks of a domain admin? You don't rest until you find the leak.
You can communicate your results in an appealing and understandable way to a diverse audience and are able to translate these results into concrete recommendations for action?
Do you enjoy sharing your knowledge to help improve the team?
Experience with Vulnerability Assessments, Pentests, Assumed Breach scenarios, Redteams, Purpleteams, and Threath Intell Based Redteams?
Do you have a relevant university / college education?
You are OSCP, OSCE, GPEN, or GXPN certified or would like to obtain these certifications?
You can answer "yes" to some of the above questions, then we want to get to know you!

for example, when i make a PR to change how Kubernetes works security-infra will normally have a lil nosey at it and DM me with "yeah that's not gonna work out well for us, there's a giant glaring security issue you've missed"

will python suffice ? Or Go is what your company look for sepecifically?

any language

MY god!

you can learn Go easily

we use Go, with some Python and a lot of Bash in infra

I installed go in my ubuntu

golang-go no?

The wording of that really isn't very professional

NGL that sounds like a reasonably senior role too

but we have a 2000+ microservice architecture all written in Go so it really helps to know it 😅

And the malware dev stuff is sketchy af

If it's written by HR then it makes sense

Bee do you use spotify and want a rust project?

Ah, very interesting

learning go on the go 🙂

i do yes use spotify

you can stalk our github too, this is our most popular tool:
https://github.com/monzo/response

Which is now its own startup:

https://incident.io

maybe i should create go app called learning go on the go lol

Yes pretty sure it was written by HR. I'm already in touch with HR.

Thank you for your response. It was quite insightful 🙂

Gave +1 Rep to @rugged sable

Hi @rugged sable can I DM about the job role?

It's just a silly little thing and I'll make it quick

okok

@rugged sable Hi! Can I DM you about the job? 🙏

any exam name to start in blue teaming?

malware researching and all defensive work

From one of our users giving advice to a younger member on Indian Infosec careers.

I actually now have friends who got cybersec job without any cert. But anyway I will explain the landscape there maybe it will help. First i would like to clarify two-three things.

1) indian companies need a degree. it's not like they hate ppl without degrees but investor led companies need to show their investor that they are hiring right. and cllg degree is kinda mandatory over here. With a certain cgpa.
2) In india acc to my experience certs has less value, u can have 4-5 certs that doesn't mean u will get a job.
3) It's true there are cybersec companies that hires ppl without cert and without any experience but if you want to go to a good company then you would need experience and like 3-4years at that. That's the sad truth. For example, paypal india's junior sec job demands 5yrs of exp in security.

So the easiest thing is to break into IT industry, doesn't matter the field. Like QA, Dev, Network Engineer, Systems engineer. Get a cllg degree and get a job. Now comes the hard part.
Now if you want to pursue security positions the best way would be to
1) switch to a different company.
2) switch to a different team on the same company. MNCs (even bad ones) have multple teams and if u are persistent enough they will put in the security team.

And if you switch in the company they will not ask for certs. If you switch to different one it may ask for certs like CEH. Not OSCP, most companies has this list of certs any one you can take. maybe it can be just sec+ or pentest+
so yeah. that's my 2cents.

and another (unwanted) advice is that try to be humble your behaviour matters. you as an 18yo at this moment think you know everything but obviously it will not be true. So try to have an open mind and do your best.

add me or DM me 🙂

@rugged sable I tried, but I couldn't

Hello all. I'm new here and was wondering if anyone has ever submitted the certificates THM provides when finishing a learning path for CPE credits. If so, did you encounter any issues? My primary concern is the certificate has my username and not my real name, therefore the vendor not accepting the certificate.

you needed to assign your name on your profile before generating the certificate.

if you have Adobe Acrobat, you might be able to edit the text on the certificate if you download it as a pdf

I did the same mistake with my first THM cert. You can fix this relatively easily by editing the cert in GIMP (or photoshop if you have it), use the WhatTheFont website to identify what font is used to display your nickname, download that font, apply it, change the width/size/placement of the text etc. and with a bit of work I'd argue that you can make it indistinguishable from the originally generated one. Not an ideal solution but really the only one I could think of since it's currently not possible to re-generate the cert. Hope this helps.

added!

is CCNP Security any good to do for someone to get into cybersecurity sector?

Should I choose computer networking as a career line (then transition into cyber security)
Or should I choose full stack mobile app dev (then get my certs and transition)?

computer networking would be easier, but i think full stack mobile app dev is awesome and probably more fun for u

Alright

There are probably other, easier certs... like Security+

Maybe he can start with an EJPT ... Is a pratical certification

depends what the goal is... if you want to break into cyber but not necesarily pentesting... Security+ is widely accepted, eJPT isn't (yet)

yeah you have right ... I hope that the exam isn't like Pentest+ ... In the Pentest+ exam there were questions in the exam with answers that were all wrong. It has happened to many people

I already have Comptia Net+ and Security+ also that new CCNA

I am looking for the way, how to move from IT support to cybersec, I would be happy to do some Analyst job... But everyone wants Certs what cost like 3k or 5+ more years of experiences

it is possibly you are looking at the wrong job titles? how many years in IT do you have? You should be able to find soc analyst jobs with limited/entry experience. I mean you could get CCNP but I don't think thats going to solve your problem

also cyber security analyst is another possible title, I'd just start searching for cyber and se what pops up on job sites

I have IT job since January 2020 where i worked as IT support in WH, and since may 2021 I work as Senior IT technician for small MSP company in UK

ahh ok, also I can DM you a discord that may help with jobs, run by our friendly UK recruiter who is here but lots of discussion about moving into cyber as well as various job listings

that would be great, thank you

Gave +1 Rep to @pseudo creek

I got feedback from my previous interview. They said my offensive security was knowledgeable but my cyber defense and networking need work.

They asked me a lot of scenario based questions

Like, "Your logs show multiple icmp scans coming from a set of IP address from a single source what defensive measure would you implement first?"

The majority of these questions aren’t necessarily there to test your exact knowledge but to find out if you have a process in your head that you follow.

Hello, I am MSc Cybersecurity student and looking for any part-time or freelance work.
I have 7.5+ years of experience in Infrastructure Services. I work with small company to large scale Enterprises on Network, Security, and Cloud technologies. Highly skilled in public cloud offerings from AWS and Azure. Expert in design, installation, configuration, and monitoring of network/security appliances such as Switches, Routers, Firewall, Wireless Controllers, Application Delivery Load balancer, Storage Area Network, and WAN Accelerators.
Good Understanding of DevOps and SysOps methodologies, experienced in bash scripting, Jinja templates, Yaml, Ansible, Git, Terraform, CI/CD pipelines.

please let me know, if anyone can help me on part-time job.

sounds like companies should be snatching you up lol

look at my #jobs-board it says part time too in the description 🙂

Hey, I'm currently a Sophomore Cyber Security Major in University. I'm curious what type of entry-level / beginner level internships are feasible to obtain? Excluding Help Desk as I'm currently working as Help Desk.

I'm really interested in PenTesting, but slightly worried that becoming a Junior Pen Testing as an internship is extremely difficult.

Determination, passion for cyber security, doing job research in your area, networking with others, attending local/virtual events, all these and more will get you very far.

I'm cs major freshman in college want good job for beginner entry level what u recommend please and thank u

Ok so I'm thinking of going to uni next year and doing something related to cybersecurity. However, I've heard that people tend to go for a computer science degree due to it giving more flexibility. I'm based in the UK if that helps. I'm just looking for some advice 😅 .

Thank you in advance you wonderful people ^^

Cybersec degrees in the UK are slowly getting more respect

Before Muir gets here, Abertay's ethical hacking/cybersec degree course is very well respected

I don't know whether I want to just work in the UK though. That's why I'm trying to keep my options as flexible as I can at the moment. Thank you for your advice, James :D

Gave +1 Rep to @quick forum

well indeed computer science gives you flexibility but if you are sure about persuing your future in cybersecurity then queens university provide really amazing course of cybersec. And also it has one of the largest cyber security university research labs in the UK, the Centre for Secure Information Technologies.

ooh ok. thank you for the advice :D

Gave +1 Rep to @slate fractal

@rugged sable would like to apply for https://boards.greenhouse.io/monzo/jobs/2409362. let me know if we can connect.

Anyone know how much is CEH training cost for edu?

1k usd iirc

that's how much I paid for mine

I think you get a discount through an educational institute if you go through them

Although why you'd want to is beyond me

I paid nothing for mine

There are many different companies with varying prices for bundles of training and exam fee /voucher. I’m trying to ascertain which one is the best price. I can do edu now for the discount.

that was with the edu discount lol

afaik training material is a required purchase with the class

normal price is about 2k

It’s like you fishing for the price lol

I'm cs major freshman in college want good job for beginner entry level what u recommend please and thank u

Hello, I am MSc Cybersecurity student at University of Hertfordshire, United Kingdom. and I have 7.5+ years of experience in IT Infrastructure. My expertise on Network, Security, and Cloud technologies and I hold industry certifications of ITIL, CCNA, CCNP, F5 ADF, Palo Alto, AWS Solution Architect.

Please let me know, If there is any part-time opportunity (20 hours per week UK work permit) for Network Engineer, Cloud Network Engineer, Security Engineer, Infrastructure Engineer, F5 Engineer, DevOps Engineer, Cybersecurity Analyst roles.

https://www.linkedin.com/in/suresh-gurugubilli/

Looks like I'll be extending my SOC team here in Amsterdam quite a bit.. expect some job postings soon 🙂

University of Hertfordshire?? Damn O.o

does anyone have any resources on equity in startups for employees in the UK? Specifically:

• Should I early vest?
• What are the tax implications?
• Does the tax change depending on when I vest vs price of share?
• How long after vesting do I have to wait to sell? I know in the USA it's 1 year

yep. Are you there before?

I don't go there but I know that a few of my friends went there and it's very nearby.

thanks for this, what about coventry?

Gave +1 Rep to @quick forum

they also do an ethical hacking course

So i'm currently in my 2nd year of comp sci (no co-op option with my program), and a good chunk through the beginner path. I'm Canadian. Beyond that, i don't have a clear idea of what I should be doing to help my career prospects. Data sci and software development seem to have these very clear project guides and networkigne vents at school that cyber security just doesn't have.

any insight would be appreciated

There are quite a few security conferences organized, also in Canada: https://infosec-conferences.com/country/canada/ , those are always a good opportunity to network

especially BSides is usually very friendly for beginners, you might want to skip on the IEEE ones listed there since those are mostly academic

Also check out if there is a hackerspace near you: https://wiki.hackerspaces.org/Canada

even in Winnipeg of all places :p

thanks, are you a fellow Canuck?

Gave +1 Rep to @cold dawn

Nope, Dutchie

There was a recent job opening in my area for an application security engineer which is quite rare.(Unsurprisingly, there's only one applicant) I was curious about the skills required to do the job, relevant certifications etc. I can only think of eMAPT and general web app knowledge tbh.

Some SDLC knowledge, SecDevOps experience, that's what I'd look for in an application security role. But totally depends on what their actual responsibilities would be, could be on either end of the lifecycle; doing threat modeling and educating developers, or auditing existing systems for issues and implementing remediation measures.

Sounds like a headache that I'm definitely not qualified for. The posting also listed familiarity with the cloud on top of all that. Highly doubt they'll find someone who meets 70 percent of that.

always worth applying 🙂 most of those broad job descriptions are just trying to trigger as many people as possible with a lot of different terms

usually isn't anybody out there that would qualify 100%

I would say that something that specific, there aren't going to be many who even have 20% of that who have worked in dev or security.

If you meet even 10% of the listed requirements, it's worth talking to them about.

Seems like it.😅I'd apply especially considering I actually have cloud experience(the AZ-900 cert and studying for AWS solutions architect) and the fact that it seems like they're gonna have to provide a training budget for whoever gets through but I'm still in school and it's a full time position.

You may be able to work it as a part time internship, if you can balance school and that job

the trick to managing that role is not work more than the time you allot to a one task

I feel if I'm able to make it to an interview and they had no other preferable candidates then they'd be willing to discuss that. Thanks, Juun!

Gave +1 Rep to @flat sedge

what are some good entry level information security jobs?

SOC analyst

can you do without degree or experiecne? @pseudo creek

generally, they will want some IT experience for any cyber security job and it depends a lot on what country you are in. Getting into a SOC analyst position in the US without a degree or experience may be difficult even if you get a few certs.

i dont really have anything, what would you recommend as a first stop in US? @pseudo creek

🥳 Pre Security learning path is a nice place to start 🥳
https://tryhackme.com/path-action/presecurity/join

ive done it

IMO if you are looking to jumpstart a career, fastest way to get employed is net admin or sys admin. that'll still be at least basic competency certs, but they will be relatively affordable.

A lot of great advice from many members in this channel. Peruse the pinned messages in this channel, and scroll through what has been mentioned previously here. There is a great amount of information available. 🙂

IT help desk is a good start if you don’t have a degree or experience

hm ive heard somet things about help desk tbh

It's not a perfect job - but it's a way into IT that is both quick and accessible with a minimal amount of training and education

Hey guys! I got a quick question, i've always hated school and ended up being a dropout at a pretty low age, I just turned 19 now and i'm thinking of finally doing something with my life. I wanted to know if learning from thm, htb, h1 etc for 2-3 years and getting certs then getting a job in IT would sound realistic knowing that i have no high school diploma? My dream job would be pentester, would i still be able to achieve my goal over time by getting experience from other job titles? Thanks! P.S: I live in Canada

cc @tacit bobcat might know a bit about how important education is in canada :)

a degree is, or at least was when I was searching, a huge HR gate in Canada. you'll want at least a Bachelor's degree. But you can probably get lucky without one, you'll just have to work a lot harder

Thanks for your answers! So I guess I should go back to school? I still hate it just as much as i ever did so that’d really be my last resort, but at the same time I want to make sure I don’t waste an additional 3 years of my life. I’d expect things to go much smoother after getting my first 2-3 years of job experience, would that be the case?

Does Canada have an equivalent of a high school diploma? The US has something called a GED where you can test out and get an equivalent of at least a high school diploma.

In canada you have to do 5 years of high school, then you get a diploma. If you are 18 and do not have a diploma you can take a test to figure out where you're at and finish the remaining years to get a diploma (Or something equivalent, i'm not 100% sure, but it works just as well as a diploma). @pseudo creek

yeah then I'd work on that

and don't just go take that test, see if you can find a prep guide for the test so that you can test out of as many things as possible

Yeah I’ll probably have to do that sadly :/

It's definitely something to consider. Keep in mind that a life in cybersecurity will be one of continuous learning. Maybe try to figure out how you prefer to learn. Also try to think on what made you decide to drop out (don't need to share it here), so that once you can identify that, it may help you avoid similar situations do you can remain studious. We all learn in different ways. Try to find what works for you

and I don't know how Canada is but I know in the US without a high school diploma / equivalent, its hard to get any job let alone a job you want. I also know that in the US community colleges (where most people complete GED requirements), there are a lot more resources to help people especially those with learning disabilities. I'm thinking Canada probably isn't much different.

not to say you have one but lots of people with undiagnosed learning disabilities is one reason people in the US don't finish high school.

I don’t know if boredom counts as a learning disability, or I don’t know if it’s just me being extremely lazy but I can’t ever get myself to sit still and study school subjects, I just zone out without realizing and think about other things everytime, ive never had problems learning things I actually enjoy though, I’ve done a fair bit of messing around with computers during the time I was home and things went quite well on the learning side of things, I’ll have to find a solution, thanks guys!

well everyone is lazy, just people push against that desire. I used to have the same problem where I wouldn't study things that didn't interest me and it was just something I had to fight to do

It depends on the province, but in general yes

In most provinces after Grade 12 or 13 you go to university. Quebec is a bit different, in that after the Secondary system, there's either 2 years of CEGEP (basically college), followed by University, or a 3 year technical degree in CEGEP

if you don't have a degree, you'll need to find other ways to prove your competence, which can be extremely difficult when HR screens are looking for the right boxes to check

I'm in quebec ^

How hard was it to just fight against yourself and do it anyway? Especially on a daily basis? It's extremely hard for me to even keep a basic routine so i can't even imagine waking up everyday and going to school at the moment @pseudo creek

You're gonna have to wake up and ask yourself the same question every day. Where do you see yourself in 10 years? Poor, struggling to get on or financially stable? Discipline is the diference between those two situations. Not many like school. I don't but I love computers and everything about them so I've got that going for me. Maybe you don't want to get a diploma. Try West Governor's University or University of the People. I'm not sure if WGU requires you to have a diploma to join but the latter sure doesn't and they're both affordable according to US standards. UoPeople is tuition free but there are still fees for signing up and assessments. Enroll in the Comp Sci bachelor's degree program and learn while you work part time. They're both suited to people who work alongside study. Get experience AND a degree for that edge. Cheers. Take this with a grain of salt and do your own research first though

Are those available in Quebec though? I’ve never heard of it

honestly if you are having trouble with basic routines, it might be worth talking to a doctor and/or psychologist. It is all about discipline and working towards a goal and keeping an eye on the goal

I’ve seen psychologists and doctors my entire life, they fed me some useless medication and called it a day, I’m better off by myself for now, I feel like I have a little bit of motivation left to work on school though, I plan to do it at home so it’ll be easier for me.

Did Tryhackme get rid of the ability to pay for the annual plan? The button for the monthly plan works, but not the lump sum

@charred kernel #site-bugs or #site-support

Oops, didn't realize I was in careers

They are 100% They're both online.

anyone online

Nope

I definitely need to leave this country

Like it's one of my biggest restraints

The education system is in shambles its basically scam honestly

In my 2nd year In the university they were teaching us Pascal 💔

And that's a year before the covid-19 outburst

Well In my 3rd year things have gotten a bit better it's all C ++ and C#

I knew more in cyber security when I was younger than now

Cos honestly if I was properly mentored then or had a simple guideline things would have been easy

Now aside for my love in computers and pentesting I'm just back to learning this stuff for financial security honestly

I'm 20 and life seems like nothing is going

Imagine a country that even bans Twitter 💔

It's currency is shit and the exchange rates are so high that a student can't even consider buying courses anyhow, you have to be extremely prudent and stringent in your picking

Basically I'm a noob like a total one

I don't know I need your advice on path to take and what to do and how to be secure financially cos only then can I learn to my heart content in this field with no worries

Currently I'm stuck

I've always loved pentesting and the idea of it

I'm sorry if it's too much, I've never said all this out loud

But definitely after my degree I'm leaving this country

Honestly if you’re going to uni you should be fine no matter what, you paid money (I assume) to go to that school and spent a lot of time learning so why wouldn’t it give you a good job?

And then maybe come back to strengthen cyber security in the country cos they are lots of cyber criminals in this country

Lol

My school education system doesn't guarantee a job upon graduation
The country is corrupt
It's so corrupt that I'm ashamed to say it sadly

Even the president of the country once said graduates shouldn't even hope of getting a job after that there's no job

Sounds like a rough time :/

I recently started learning python and networking tho

Where do you life if I may ask?

China, Iran, North Korea, and Turkmenistan one of those must be it right ?

As they are the only one that I know that banned twitter ;p

In my opinion, you won't learn everything in the university.

Nowhere should.
It's up to you to find a job after you graduate.

So Pascal is actually a great language for teaching the concepts of Computer Science. When I went to school, Pascal was the language they used to teach us despite knowing it wasn't using outside of school. Basically if you can learn 1 computer language, you should be able to learn them all.

No university in any country guarantees graduates a job that I know of. We have lots of people in the US that graduate in even STEM fields and don't have jobs after graduation.

||I've never been able to understand Pascal||

It's easy as hell just by looking but my brain never agreed

You forgot Nigeria. In North Korea, the internet itself is banned for all but state sponsored hackers.

Look out for David Bombal and TCM's giveaways. Their content is excellent and occasionally given out completely for free. Start with INE's starter pass and penetration testing student. It's completely free and teaches you the fundamentals of pentesting. Of course, do TryHackMe and Hack the Box to supplement your newfound knowledge. Document everything and publish it to a blog. Perhaps atleast twuce a month. I'm not sure on your level of skill so it may be better to lay it out for me. Here or in DMs. I recommend here because others can add their own advice.

It's much easier to suggest free resources when I have an idea of what you want to do and your skill level. I have a bunch somewhere.

Hi all, about to start CEH, although I have the option to study network+ security+ and pen test+ first. Will it be nessecary for me to study these first? Or as a newbie/beginner to hacking/testing will I be ok just going into the CEH?

Are you in India?

UK

Avoid CEH like the plague then

Already paid for 😭😭

It has practically 0 respect here, and it's not good for the knowledge either

Really wish I had done my research first 👎

What’s the most comment/best?

Commen*

Common*

UK, you want to look at CREST

and Offensive Security

Or other CHECK certs

QSTM, Cyber Scheme too

Thanks! I’ll still have to do the CEH as I’ve now paid for it 😫😫 but thanks I’ll check those too! Surely having too many qualifications can’t be a bad thing in this industry?

Hello Everyone! Wanted to come in here and get some tips in getting an internship in Cyber Security in SOC in the U.S?

Start looking for internships now. Companies usually hire in the fall for the next summer. Get your resume together

a lot of internships focus on coding as well

Do companies hire interns from other countries in the USA?

Usually to work for a US-based company, one needs proof of eligibility to work. Some employers will sponsor, but it is very rare.

Are there companies which provide remote internships? for pentesting and related stuff ofc

Same answer.

proof of eligibility?

like some tech profiles and certs?

Typically some kind of documentation that you are authorized to work in the US, have appropriate tax IDs, etc.

Visas

oof , guess i used wrong word to ask the question

i meant virtual. like WFH

Same rules apply.