#cyber-and-careers

Feel free to post in #jobs-board at will

Thank you 🥺 while I have you, what's the process for adding certs into my profile here?

Gave +1 Rep to @undone shore

just ask @bronze lodge

no formal requirements unless you say something like "all of them"

Thanks! I wasn't sure if there was a better way or just DMing, I have quite a number of them and didn't want to just spam an arbitrary chat 😅

Gave +1 Rep to @languid hearth

GRC and sec clearance.

MIT

@tribal flicker panic at the server!

i have some questions regarding ceh anyone free?

Just ask your questions.
No one knows if they can answer until they see the question

i just want to know the format of the exam

also why are their labs slower than thm boxes

like the hell

That's definitely going to be on their website

That's pretty common with exam lab environments in my experience

THM spoils you. Sets you expectations of quality quite high

hello i basically started today and got introduced to the website by my dad, i have absolutley no clue what i am doing if there would be anyone interested in helping me i would greatly appreciate it, my PMs are always open

i have been put in a free room and dont quite know where to start so as i said if anyone knows abit about anything i would gladly hear everything they have to say

@slate timber Did it already enroll you into the Tutorial Room?

no i dont think so i just got put in a free room after completing the two first tasks and idk what im doing in there to be honest im just clicking on stuff

haha no worries! At the top of your screen, It'll show Dashboard, Learn, Compete and Other. Click on learn, and then the search button. Search for Tutorial. There will be a button that says, Enroll in this room. Click on that. It should guide you through the basics of tryhackme. If you have any questions through that, feel free to PM me.

@rugged sable wanted to have a chat about the job you posted

Hello everyone, I am sorry to bother you, I am writing here hoping to gain some information about the CompTIA Security+ Certification & Exam by someone that has completed it.
I recently approached online quizzes that tried to resemble the Security+ exam and generically got some results shown up, some of them were about choosing one of a few options, while others were about open answers to questions.
I am here to ask, is the exam about multi-choice, open answer or is it structured in a specific way? how much time do you have to complete the whole thing?

I also tried searching up these questions in various places and found generically different answers, so I hope to get some info from someone that has actually gone through the original thing.

Also, is the "Free CompTIA security practice quiz", offered by the CompTIA website, actually a good way to practice, or would there be something better?

Thanks in advance.

I'm interested!

#jobs-board

For sure, check out my post on #jobs-board and hit me with any questions you might have in my DMs

Hello all! What languages should I learn for penetration testing and how in depth should I learn the languages also what languages are common for DevOps?

Python is a pretty solid language to learn

For devops? Any application language

@pseudo creek I already have a very strong understanding of python, I was looking to expand further

Is there a difference in titles
Director of cyber security vs CISO

Thought the ciso was a director of cyber security

Director is a title for someone that heads up a division within a department

For example, within a security department that rolls up to a VP/CISO, there may be multiple Directors. Compliance, Security engineering (SOC, sec tool management/tuning, vuln management), network engineering may be divisions requiring a director that all report to a CISO.

Not all orgs will have the Director role specifically, but it's not uncommon either.

yeah we have probably 5 or 6 Cybersecurity Directors who all report to the CISO

Ty

Can someone help me and tell me that any cybersecurity course which provides certificate for free ?

Any certificate or certification that will have job market value will have a fee for the exam or course; free courses/certificates are only good for continuing education credits required by some certifications.

@flat sedge I'm a beginner so I need some course that gives certificate also

Why are you so focused on the certificate? #start-here

certificates will rarely help you. Certifications will.

pretty much got carte blanche from mgmt for training and courses for security people - what classes/training/certificates would you guys have on your wishlist as a SOC analyst?

Is there a SANS course?

Anything that gets me out of the SOC - I do not have a good temperament for SOC roles.

If so probably take that

for500 is another big one if you're doing ir

I'll be honest, I don't really know that any of the 400 level certs are really worth it

except maybe the ICS ones

and 498

i was thinking about for500, there is definitely opportunity to hop into the CSIRT after some time if I ask

What certification should I focus on Post-Security+ if I want to focus on Web App Pentesting?

eWPT(X) would be a good bet 🙂

OSCP -> OSWE for whitebox as well

Gotcha, thank you! @undone shore

Gave +1 Rep to @undone shore

Np 🙂

does certifications like oscp and ceh equalize with work experience ?

From what I've seen and heard, no. Certifications can get your foot in the door and check HR boxes, but there is a qualitative difference between knowing about firewalls and actually configuring a firewall.

That said, certain certs, like OSCP, do require technical ability to earn

Not to a technical hiring manager. 🙂

CEH definitely doesn't smh

But no. They prove knowledge and methodology, not experience

There's a huge difference between a cert and a real-world environment

hi

I've gotten pretty invested in Malware Analysis

Is there any other certs besides GREM that gets your foot in the door with malware analysis or is there anything else there that can help out?

elearnsecurity has a certification on it, but I don't know the quality

eLearn has its eCMAP Certification

https://elearnsecurity.com/product/ecmap-certification/

the best way you can learn is by doing

ine interface is hot trash to learn from 😔

there's a fair bit of stuff I wouldn't necessarily say is useful to learn in analysis, I think characterizing the malware (i.e. it's a dropper that retrieves a file from x domain and executed it by y command. Afterwards the adversary collects passwords via lazagne, then evaluates if this is a target they want to proceed interacting with. If so, launch VNC, poke around manually, then pop cobalt strike) is far more useful than knowing how it "unpacks" itself

I'm still waiting when it will be possible to access their "premium" content with a monthly subscription..

i thought they did that

just credit card things lol

with monthly sub you don't have an access to their labs..

https://ine.com/pages/plans

that's still why I refuse to support them

rip

it's utterly ridiculous

i'm just using my sub to watch the videos and use their labs

since using their slideshow thingy is ass

I could understand why they didn't do it at first, due to high demand, but it's way past their initial launch and interest has majorly died down

Ah, should I be learning C as well?

asm over c

but one doesn't just learn assembly

The learning path I recommend for ASM is to learn some C first

Then start studying comp architecture

disassemble some simple C programs, see how that converts to ASM

when you use things like IDA, everything will be displayed in assembly. Some will convert it to C pseudocode, but as long as you know how to generally read programming languages, you'll be fine

then try to implement decisions and loops

there's a lot in ASM that sort of translates to higher level languages, seeing the two side by side will help see the patterns

gotcha, thanks!

I'll get started trying to learn some, is it just primarily C or is it also C++?

C will be a more direct mapping. C++ encompasses 4 distinct programming languages, so the mapping of things like STL or variadic metaprogramming is a lot more difficult to see.

Gotcha

How's the content though?

its also really expensive

some of it’s decent, although the spelling and grammar could have been qa’d

Lmao. "Some of it." That doesn't give me much hope.

Anybody looking for CIRT role (telcom company in usawith great pay pm me. I can have good referralfor u

Hey all - I'm looking for a senior pentester with 5-7 years experience... no degree required, OSCP pref. Message me for details.

Hello all. I am new to cyber security. I studied and was able to pass the security +. I am trying to build skills and get familiar with programs and commands commonly used. Anyone able to point me in the right direction?

I have been completing labs on tryhackme but any advice is appreciated

What direction are you looking to towards?

what entry pentest cert is the best to get? (considering both for getting a job and actually learning). Thinking of CPT or CEH

btw is two years of work experience an option or requirement for CEH

Do you have any experience in IT?

I’m in college so I do not

Cybersecurity entry level is a bit of a misnomer, pentest in particular. What's your degree area?

Double major in Cyber security and Comp Sci

@flat sedge I’m thinking incident response

I’ve also heard from some sources that pentest+ is a good one to start with

it’s also a lot cheaper so I’m thinking about taking that

@peak bluff Unless you are India, CEH is not recommended.

I’m not, good to know

@flat dawn I don't know much about IR; most of the folks I know who do it have a deep background in networking or LEO.... can't be much help there

It's rare that pentesters get hired without having a few years experience as infra or network - if you like CompSci, your best bet is to get devops or infosec internships while you are in school. Don't neglect to make use of longer breaks to get your foot in the door

Now is the time to start looking for internships, at least in the US. Reqs for those should be opening soon, and most of them will be filled or closed by January.

that makes sense, I’m trying to get into a cybercom internship program next year

Speaking from experience, applying to incident response fresh out of college is a longshot

meanwhile I wanna get a cert to have a better chance of getting in

I realized that while applying places and am now working towards eventually ending up in IR vs starting there immediately

Dont' worry about certs until after your degree.

The degree is much more valuable, even if it's less useful right away.

And your best bet, from my own experiences, is to get the internships while you are on summer break. Having that 3-4 months of experience is much more beneficial to getting a job after graduation than 1 or 2 certs

Agreed, I got my current job with no certs

unless those certs are something like SANS or possibly OffSec.

Is SANS better than OSCP?

If you feel like you have to get a cert, get something like the basic Splunk cert. For an infosec engineer or SOC analyst role, knowing anything about how a SIEM works can mean the difference.

depends

SANS is basically unattainable without financial backing from a company

Just putting that out there

GPEN isn't practical, so

honesly your best bet at getting a job is knowing someone

Yeah. That's kind of my point though - the certs that would be a wow factor for new hires are not affordable

ok, got it

get the degree, get hired at entry level, work towards your goal seems like a reasonable plan to me.... but everyone's path to cyber/info sec is different

their work-study program and graduate program are actually pretty affordable ways of taking courses, still not cheap but work-study will run you 2.5k for a course last time I checked and their graduate program is something like 20k in tuition (financing available) which also gets you 4-5 GIAC certs

you know

i think i might do the masters degree

thats a ton of money tho

reee

I might do law school

Would like to add to this to do side project that you can present on your own blog/github

Especially if your trying to get your foot inside the door 😄

Why do you want to get your foot in - won't get your head inside the door be more benefical 😆

Is the Comptia Cloud+ cert worth anything

@warm hinge Yes and No! Yes, it's okay but basic rather do a provider (AWS/Azure or Google ) cert which is backed by the Cloud provider of your choice.

Hey sorry to disturb everyone actually I am new here seeking some advice regarding how can I start learning about cyber security

I know some basics using linux from past 1 year and learning something On basic level but need some serious advice

Pls help

I mean as someone who had no knowledge before coming to tryhackme doing the pre-security and complete beginner paths has been incredibly helpful

okk thanks a lot i will start with it

Yep. Can't recommend those 2 more. Absolutley fantastic. And from there you have a ton of different options to explore.

lol

lol

what the shit is that process

Amazon

"This position is:

• On-site only
• I can't tell you the salary unless we know what your salary is, so we can lowball you
• Btw you'll do 5 hours of interviews non-stop"

https://tenor.com/view/bill-hader-sign-me-up-gif-10903641

Yeah, I had to add several local amazon recruiters to my spam block list

Daily emails for shit I already told them I was not interested in? Hard pass.

A bad one

Oh whoops

Nothing loaded

how the hell did we let companies get this ballsy

I just get the crap I am waaay over qualified for

I have AWS phone interview coming up as a Cloud support Engineer-Security. Anyone with idea how their interview is and what questions are expected? Pls any help will be appreciated. Thank u

I have an interview for Digital Forensics Any recommendations for studying for the role and general interview questions I might see?

Uhhh digital forensics isn't a role its an area. Do you have the actual role name?

Order of volatility for artifacts may be a good one that comes up

Like Technician, investigator, analyst, etc

Yeah order of volatility is a good one

Basics of triage maybe? Idk how to form a question for that one

our eDiscovery guy has been interviewing a ton of people and been super-selective apparently, turned down a guy from Mandiant last week lol

Damn

I think he's looking for a certain certification though, as I'm pretty sure is the case for a lot of DF roles

Yeah Crypsis hit me up a while ago for a technician role and then was "oh we'll keep in touch" when I told them my DF was education only

I was kinda bummed because the posting was only looking for 1 year of DF experience

DF is definitely a tough one to break into and takes a certain temperament too, can't even get your hands on 90% of the software and hardware the pros are using to practice with

Yeah, that's also why i was kind of bummed, I've only used high level stuff lol

Cellebrite, FTK, Encase, and then some Autopsy

I was Cellebrite qualified for a while too, that cert ran out though

I think that 5 rounds is the standard for Amazon.

I like being called someone else's name by recruiters on LinkedIN, keeps me humble

The recruiters rarely read your profile, so why would they read your name?

I guess that's the problem with blue stuff in general. Not many vendors offer free trials for practice.

Just got a job in cloud(azure) cyber specializing in sentinel playbook!

Congrats! That sounds awesome

Congrats NikitaD!

Congrats! Be interested to find out more abuot it.

Just got an offer in cybersecurity, thank you guys for kickstarting my career. I knew nothing about cybersecurity at the beginning of the year. I learned so much this summer from THM and plan to continue so long as i'm in the field <3 😊

• What qualifications did you already have at the beginning of the year?
• What parts of THM did you focus on to develop skills, and what skills did you develop with THM?
• What job did you get an offer for?

Big grats all around!

In March I had 0 qualifications and no IT experience other than my coursework. This summer I did several hours a day of THM trying to learn as much as I could. I joined groups and networked and joined the Cybersecurity club at my school. I got an offer from a really good company in my city for a 2 year cybersecurity rotational program. So excited :)

With THM I learned Linux, networking, basic hacking, I also knew a little python. More than any skill I have, I think what stood out in the interview were my personality and passion for Cybersecurity and learning.

That is really great to hear you were able to utilize TryHackMe for your career path! 🙂

Love it. Good for you!

thanks! 🙂

so australia based in last year of a bachelor of IT, what would be the recommended certs to look into on last year of degree

anyone here work in cyber?

currently*

lots of people

Can anyone look over my resume

Just post a redacted copy

More eyes equals more betters

Skills above experience

Umm maybe even education as well if it's a college degree or working towards a degree

I wouldn't list all the distros or server versions you know

Roll each OS up to single entry

For the experience I wouldn't necessarily have it setup like that, I would only put job taskings, ie "Conducted AARs for the S6... Blah blah blah"

Let me see if I have a redacted copy on my phone

This is good stuff

Also even out the line endings for every bullet

Line endings?

The eye rebels because of the line lengths

word wrapping isn't consistent in the screenshot

It should be more organized like in blocks?

Screenshot of old resume

+1 for the LaTeX resume

It's more organized and robots can read it

So yeah, +1

I've been told about the latex

Is it the move?

Honestly yeah

Recruiters cant change stuff either

Recruiters change things?

If a recruiter asks you for a word doc version of your resume when you've already provided them with a locked PDF, probably

And thats diffrent if u use latex?

And i shouldn't say recruiter, talent agency is probably the better word

latex is a typographic programming language

like markdown turned up to over 9000

Wow ill look into that

Ill make those edits real quick

So like (Windows Server, Linux, VMWare/ESXi

Yep

The way you look to be approaching your resume, is that it's an elevator pitch not a complete history.

I'm not sure I understand what that means

Snippets, not a novel

Less is more

The hiring manager needs to get a complete picture of who you are in the time it takes to move 1 or 2 elevator floors

Not necessarily less, just more concise

If you want to add more write a cover letter

It should also be the jumping off point for the background interview

Cover letters should be done on request and tailored to the potential job - don't write a generic one.

Yeah was just going to say that

I was just thinking about writing one

If there's a slot I always write and add one

So your saying I should wait untill its requested

If there's a spot for it in the application, add it

I feel like there has to be a way for me to explain the VMware part

The recruiter was asking about it so I added that

The resume should be written in a way that its easy for long form conversations to take place

Should I leave spaces were the bullet points are at

Like "hey I see you have x on your resume, I would like to know more. I also saw that you did y with x, how did that work out"

I like that projects section

Like during my interview I think I talked about CDP and my homelab for a half hour

Really

I've been told to make something for my github to use

And to look into splunk or something

I mean sure but don't force yourself into something that you don't need

Ok

You can also put level of clearance, idk if you just redacted that for here but yeah

So education put the start and expected end

JS and python should be put into the same category, regardless if you decide to call it scripting or programming

Agreed

For your internship, expand

I would also clarify VMWare ESXi vs vSphere - potentially two separate ecosystems

Try for 3 bullets of what you did not just "gained experience with"

almost forgot to add that

IIRC both bash and powershell are also turing complete languages - no need to separate them out as 'scripting' unless you want to differentiate administration scripting vs application

so basicly just remove python from scripting?

so just put programing

I would just put "Languages"

Or yeah programming

To be honest I don't like the listing of technologies in the experience section

vmwar

lowercase?\

The experience section in my mind should complement a skills list section and be more about how you applied said skills to the position

there was an e missing

lol

if also try to rate your proficiency in languages

Proficiency is usually done by listing the languages in level of comfortability/proficiency from right to left

you can put down regex and might get asked a question like "presented with a bunch of application access logs, how would you filter on these x protocols" or something

and you might have http:// smb:// https:// ftp:// ssh://

good point

i wound not like to get quized on regex

and if you (like me) only know http.+:// lol

Everyones scales are different so trying to quantify the level may not be possible

ok

if someone were to put a 7/10 I'd expect them to be able to do lookahead/behinds lol

if they put a 5/10 I'd expect them to know that a dot means match any character, and [a-zA-Z] means match alphabet

Right but that's your scale

good conditional lookaheads are just chef's kiss

That's what I'm trying to say

There's no global standard

and then they find out you know regex and all of a sudden you're the splunk dashboard guy

Lol

right, but if a candidate rates themselves 10/10 and only knows how to match exact strings you have a general idea of what to expect as a whole from that candidate

10/10 would be perfect e-mail regex off the dome

brb gotta whip out the rfc

I hate regex

same

there we go

have fun regexin' that

how should i format my degrees expected end

Date format should be consistent throughout the resume

start-anticipatedend

like

start- 08/2021, anticipated 08/2025

08/2021-08/2025

Lol

Personally I like the month as written

That way there's absolutely no confusion if it's month or day

Your date over to the side isn't uniform with the others

this websites trash

OverLeaf

Side date is still not uniform

not exactly sure im understanding what you mean

Far right the date should either be 08/2021 - 08/2025 or 08/2021 - present

i see

University of TryHackMe            08/2021 - 08/2025
  * Undergrad in Com Sci

thats how it should be, really

It's knitpicky but it matters

Yeah was going to get to that in a second

THM has a university now?!?!?!?

this is how mines formatted

was there anything beyond the date i should fix?

Any courses you've taken relevant to the field

• NETWORKING: DNS Servers,
  Exchange Server......

And if you have a baller GPA

that bothers me, personally

courses like ?

Look at mine

ex. FOR572 SANS

or maybe Introduction to Cisco Networking from your college

?

I should have said classes

Not courses in that context Spooky, though a course like that should be on the resume

Business Ethics!

almost failed that one...

Lol

Yeah we had courses in ethics and law

Is that what the extracurricular activity is?

Cyber Law was basically "the fourth ammendment is a thing, here are cases that have violated someone's rights"

I would shorten your USMCR info, give it just a higher overview, you can go deeper if they in an interview

No, I assume you're talking about about CDP. That was my senior practicum and it was a live fire exercise against other students

Oh ok

Like how much shorter

move the network and server pieces out to a skills sections and cover relevant skills (not many employers care about EIGRP or VTP), that should really contain what you are doing as a Marine,

That makes sense

Now let's all assume this employer is Facebook how hard would u say an interview would be

This could help you @errant acorn It's an open source project that generates resumes on Latex. You can use it locally, no need for the online website.
https://resumake.io/
https://github.com/saadq/resumake.io

Thx

Gave +1 Rep to @livid cipher

That should actually help a lot with the formating especially the date problem

also try to setup your resume for the type of job you are looking for, if you want to be a developer highlight more developer skills, if you want to do cyber sec than highlight those type of skills

im going to work on that too tonight after i finish these assigments

that resume was for this recruiter because I think he wants to see my general skills to fit me into a position hopefully if im lucky

Not saying this recruiter is doing this but just be aware that some think service members are easy targets and try to exploit said group of people

I usually keep several versions of my resume in my private git server

so that I can target types of jobs more easily

resume#main is the all-encompassing version, with resume#dev being oriented towards SE, resume#qa for software testing, resume#sec for security, etc

one of the reasons i prefer latex over a word template

Yeah i separated mine into IA and DF

The one I posted was rough draft DF

i have been told that before, this may sound desperate but tbh rn I just want some more experience under my belt lmao

I just have 1 but I only wanna do 1 thing

And that's what they exploit

I have been enlightened

ill defiantly look more into this recruiter, ik someone else that already works there for more details

It took me 3 months and probably 100 resumes to find my current job

do you know about VetSec?

I guess they are Slack not discord https://veteransec.com/slack/

i have heard about it in refence to courses

TheMayor has his own discord with a lot of military veterans, but I think VetSec seems like a great place if you are looking for cyber jobs/info/etc

Clearancejobs is another good place

But its not really a group

https://www.clearancejobs.com/

Yep

yeah I get all sorts of notifications and what not from them

but I'm WFH 4 lyfe so...

WFH?

work from home

Yeah i get their daily emails about ways you can lose your security clearance

my job 'technically' requires a clearance but I'm full time WFH... mostly requires a clearance just because they like making their cyber people cleared people

I'm just waiting to see what people are going to risk their clearance with the vaccine mandate

o i see

That's a can of worms

I think it will get struck down eventually but how long it will take who knows

oh yeah it is, there is an uproar by a small vocal minority in my company but like people even started talking about fake vaccine cards and I'm like ixnay ixnay

I think it'll change once Covid gets better, really doesn't matter too much after most everyone gets the vaccine, because even without a booster, the protection is pretty high

If you are interested in cloud(azure) and cyber, look into CS-900 cert.

I would also like to point out that there is a difference between antivax and anti-mandate

Unfortunately, people just like to scream at one another

honestly, I would've never thought myself pro-mandate 10-15 years ago but...

I'm assuming you mean Az-900

whats the difference between that and idk a sec+

Personally I can't get behind it but that's not a convo for here

Az-900 is an intro Azure cert, its not a security cert

Sec+ is a intro security cert

Sec+ and GSEC are the intros

Vendor agnostic as well

oh there is also an sc-900 cert, which is an entry level security cert from microsoft, focused on SOC stuff

Interesting

or maybe not SOC but I thought the SC-xxx line from Azure is their SOC certs

https://docs.microsoft.com/en-us/learn/certifications/exams/sc-900

Makes sense

AZ-XXX are their azure cloud certs

o thats good af to know

starting to have a more clear mantle picture

SC-900 is more orientated to azure focused course and more beginner friendly as sec+ gives you bigger picture of security and less of cloud ☁️. It's really up to you, what are you focusing on?

thanks will look into it

Gave +1 Rep to @fading summit

Hello

Your advice pls

I am no good at windows investigation at all

But wanna get better

Would u recommend specific course? I be done the investigating windows but I think it is more basic

generally, you'll want to learn more about the windows system architecture. I'm sure there's some courses that teach it but generally you want to learn about the following things:

• Parent Processes
• Child Processes
• Kernel Mode
• User Mode
• The Hardware Abstraction Layer
• PE structure
• The Windows API
  And other fun stuff like that.

Also, take a look at the Volatility room (https://tryhackme.com/room/bpvolatility)

@languid hearth thank you for your answer!! If there is some course to share pls do!

Gave +1 Rep to @languid hearth

Case of the Missing Szechuan Sauce is a really good exercise to go through
https://dfirmadness.com/the-stolen-szechuan-sauce/

@ancient prairie thank u!!!

Gave +1 Rep to @ancient prairie

I'm forgetting the name of it but I remember the name Jane, it was the first DFIR practice I did

It was an older looking website and they had a bunch of labs that you could download to your machine

Anyone here, think they are well qualified in their job of cyber operations? (The offensive side of it)

Aka someone who "knows their stuff"? I'd like to learn your path and what your job is like.

Apologies if that sounds too front 😦

not to answer for someone else, but that seems like a question better suited for a talk in the style of "A Day in the Life Of" - which I think would be a good idea

but as a general answer, everyone's path will likely be different which is kinda the beauty of the field

Absolutely. I was just seeking some career advice. Some background; Getting out of the military, plan to go to college to learn about this type of stuff and try to major in it. I know jack about it though.

Got any clearances thru the military?

Aggressive security roles are not entry level

Not the highest.

Secret but not TS or TSSCI?

I would assume so. But I'd like to see how to get there, the pipeline

Just a secret

That limits some roles, but there are lots of contract companies who will hire you just because of that, regardless of your skillset. You may not end up doing what you want, though.

I want no limit so, I could just get out go to college and become an officer and apply for the TSSCI there

Part of the problem of cybersec is that even so-called entry level requires a pretty good understanding of a specific domain and how security can be implemented in that domain for organizational goals

thats def an advantage, I'm not sure how long those clearances are active for but you should leverage that unless you are set on school

Is college not the best way to learn?

I think clearances also expire after 3 years if you don't have a sponsor, so someone more knowledgeable than I am can speak to that

Ill ask my guys about that ty juun

It depends on what you want to do, how high you want to go, and how much time you want to spend being poor.

Money ain't an issue

ehh just think about it, by the time some material even reaches a full-blown curriculum its likely to be outdated already by the time its taught

It's very rare that upper management doesn't have a Masters, a BS or BA is almost required for the step up to management

school is definitely valuable but on-the-job experience trumps nearly everything

And management is where the money is huh

Being poor is more of an opportunity cost than an out of pocket, I assume you have something like GI Bill.

Eh

I do

The money is in being really good at something

And I been livin poor for a while anyway so, it aint bad. Food and a roof is enough

Typically technical people are lured into management by higher salaries, but that isnt' always the case

I wouldn't necessarily say that, Droogy. A lot of the upper level security stuff is as lot of mathematical theory. Like Bell LaPadula modeling.

If you are going to school just to learn a little about everything, a CompSci degree ought to have enough electives to give you a taste of everything if you seek it out

If you just want to enter the workforce immediately through on the job and are looking for a low cost low barrier entry, getting certs from a partnered college (like a vo-tech, junior, or community college) is a good way to crack that door.

Joining local meetups for IT is also a good way to make the social networking contacts needed to have a successful job search

Networking is a life skill.

All valid points ty

Im still unsure of so much though

Another thing to consider: the TSSCI basically means you live in the IT closet working on systems at minimum 5 years old.

Greenfield is not a thing most clearance holders touch in their career as a systems integrator for a prime contractor.

So that means... it might not be beneficial to go for the TSSCI?

It's a guaranteed stable job

It could be but it could also not be?

Flipside of that is it is unlikely to ever touch any 'sexy' IT stuff

Most SCIF programs I've heard about are using 2000-2015 software and hardware; the more secure it needs to be, the older it is, generally.

Makes sense

I'm not saying don't do it, just making the case to think about where you want your career to go.

Sorry Droogy, didn't mean to take over the conversation 🙂

Absolutely

Mind if I ask about what the jobs are actually like?

That I can't really talk about from experience. This is gathered from a lot of co-workers who have clearances

All I can see it as really is connecting it to cyber warfare. Emp's, overtaking satellites, blinding radars or something along those lines. Stealing information.

I have worked SCIF adjacent but not inside for a couple years

Ahhh

Yeah kinda hard to find a clear answer. Obviously lol

Do you have an idea of what you'd like to do?

I know it sounds naive, but the offensive side of things. I'm infantry in the army but I got interested in the idea of the other side of warfare, information and electronic.

The idea that hostile takeovers of sattelites, or emp's that charge off twice to take out the backup generators in a nation were real threats. How to defend against that, how to do it?

In the "field" it was about monitoring radios or jamming them

It sucks

Boredom eh?

Having to plan to piss ahead of time cus of how long it takes to sign out?

No, it's loud and cold and any problems you have you pretty much have to grind until you think of an answer

Sheesh, loud? Why?

Because we have racks of servers

Ahhh. Grind til you have an answer, that sounds like it sucks...

Yeah somedays you won't be able to think of a solution and then the rest of your day is thrown off

Guess thats a flaw for me then. I like to step back and focus on something else for a bit then come back and see it in an entirely different light.

You need to have a really good understanding of how things are put together before you can take them apart in an intelligent way - it's not like disassembling a vehicle or field radio. Many of the components don't have visible components. Start with the #start-here material, and if you like it, it'll give you a taste of the sorts of things you'll have to learn for that kind of role.

Ty absolutely

is there any point of learning advanced lvl offensive pentesting or cyber defense if u cant get a job in the near future? for ex ur in high school, and have a couple yrs till graduating, should u learn anyway or put it off till its relevent for u? cause this is 1 thing tht even if u enjoy learning u cant really practise it if u know wht i mean

Learning something will never hurt I guess

but isnt this sorta the type of skill tht unless u practise ur just gonna forget?

Hi everybody !
I will pass the CEH soon and I wonder what paths or courses should I follow for prepare myself as well as possible (we can talk in French if you want) ?

like tht has happnd to me, ive learned c++ and python in the past but i just couldnt find a gud use or place to practise and i just forgot

If it's something you like you can keep using the various tools you've available online to practice and improve your skillset

I mean, they're both an endless learning game. So the more you learn the better. Long as you keep learning lol.

ive learnt some beginner lvl penetration stuff before, like sql injections, ddos attacks etc, but i cant really practise them, if u know a site where i can pls share it

Well, tryhackme

You can also use other services like hackthebox, for example

Or doing CTFs

So with the resume edited by some people on this discord I have upgraded from being ignored to now getting replies not interviews but this is an upgrade

f

Lmao idk id say otherwise

I was able to make my resume look more appealing and got replies back

And looking at it i could tweak it more for more specific roles

Rn its somewhat vague because of experience

Please, could somebody give me some advices ?

hello

The CEH really isn't that popular around here, there is a discord called "Certification Station" that may be able to help

Are you taking the CEH Practical? if not then maybe that would be worth considering maybe

Hey anybody here who can enlighten me with cybersecurity careers ?

what you mean?

review the rules, rule #1 says no unsolicited DMs. Generally career questions are best for the channel to crowdsource an answer

Oh sorry , actually I did CEH and confuse wheather should I go for networking path, security testing , cyber forensic path

well... whatever interests you

I got interest in every path of cybersecurity , just wanna know which is more beneficial for the future

it depends what you wanna do in the future, any of them would be solid choices

Then I should go for cyber forensic ig

its all about what you find interesting. A friend of mine and i got into cyber sec at around the same time and now im on the offensive path and hes on the defensive. Find something that interests you and explore it. Worst thing that cna happen is that you dont like it so yuo try something else

I understand thank you :)

Does anyone know much about the quality of Open University's Cyber Security BSc? 👀 I feel a bit awkward doing a bachelor's degree in cybersecurity since I see a lot of people doing some sort of computer science bachelors degree followed then by a cybersecurity masters.

Masters may be a detriment more than a benefit early career. It moves your salary too high compared to your actual experience. I have a Bachelor of Science in Computer Security and Information Assurance and I was able to find a job so don't feel awkward. I don't know anything about Open University.

Masters are for Management

If you are in the US, don't go to any school that is not accredited.

Are they not accredited? Then definitely not

Or is it the UK school

I'm from the UK and Open University degrees are accredited

yeah it's in the UK but it's known for its distance-learning and flexibility :P

hmmm ok :O

Are you from the UK?

Yup

Whoops

Didn't see that

hahahaha nono it's ok :D

I don't think I mentioned it actually 😅

hi guys, i have a question about the try hack me path certificat, is it useful to include it in a resume ?

THM fits well in a resume as a hobby. Do not count it as experience.

can it be counted as a certificate ?

i mean for me a certificate is more like CCNA ...

Certificate of Completion is separate from an exam certification. 🙂 Hope that helps.

Yeah, it's not a certification

very helpful, thank you 🙂

Gave +1 Rep to @distant pier

alright, thank you for your help 🙂

Rule of thumb is that it's a certification if there is a proctored exam - otherwise it may count as continuing education credits for job or ongoing certification renewals.

thank you 🙂

Gave +1 Rep to @flat sedge

Hello 🙋‍♂️, I heard that if you want to apply to a job it's important to have projects in your CV. What kind of projects can you make that involve security, hacking or maybe automation testing ? I also want to mention that i am entry-level and learning everyday . Thank you !

Homelabs, tools that you've created, blog with writeups on CTFs/boxes, YT channel if you have one, you get the idea

Setting up an opensource siem like an elk stack or greylog on your homelab is a good security project

yessir

splunk also has a free 500mb index allotment a day

kibana is so good to me

you can allso contribute to tools rather easily

I think contributing to tools is easier and you get the added benefit of working in a team which is great! 🙂

One of my projects PyWhat has a lot of good-first-issues for newbies to look at (10! But I can always make some more if you don't like any of the ones there :D) 🙂 https://github.com/bee-san/pyWhat/issues?q=is%3Aissue+is%3Aopen+label%3A"good+first+issue"

We even offer mentoring / a lot of support over in the Discord if you're confused by something or need a lil more help 😄 https://discord.com/invite/zYTM3rZM4T

I need some advice for career in cyber security

I have some cyber security experience but the pathway i took was kinda bad. I am in the middle of a crossroad and need some advice

try to be more specific about your problem.

I am confused of what I am doing with my career and wanted a change but have no idea how.

I graduated with an IT degree and worked a year as a post sales engineer in a telecom selling firewall. Then moved to a big firm doing pentesting. I am hired bc they are desperate for talent. Without any training, they straight away put me in projects doing insider attack, Web penetration test and vscanning. I had a really hard time completing the tasks as I am so lack of the skills required. I self learn everything from thm and am able to do some of it. But now I am afraid to take another project as I know I won’t be able to complete them.

The web pentest and insider attack were really fun. But I don’t feel like I can or should go on with this job as I am far too behind for the skills required.

Besides, I am moving to Canada in 2023. I am not sure how the job market there is for offensive security. I feel like after a year i will still be a beginner in this field.

Therefore, I would like to know what kind of job i can do now before attempting the pentesting career again and should I do blue team stuff instead if i want to secure an entry level job when i arrive in Canada?

thats very... Canada specific but I'd say generally security jobs are similar in various ways from country to country. Honestly, even after 20 years of experience, sometimes I feel like I know nothing 🙂 After 1 year, you are definitely a beginner. What you should've had is someone to help guide you. If you want a more entry level position, SOC analyst surely is that but you'll need to look at various skills required to get there.

What certs do you have? What are you interested in overall?

I can’t find anyone willing to guide me. And probably no one would want to?
I have CISA and CCNA. Both are quite useless for a hands on security job i think. I would like to work in pentesting. Interested in cyber security. But probably will be jobless if enter Canada looking for pentesting job. No idea what skill to develop to prepare for

Security+ would be a good one if you want to do anything security wise as would Splunk certs if you want to do SOC. Basically, a company when they hire a junior should be willing to guide you. If not, its not a good company

Not all companies use splunk i think. I saw some using kibana. Yes terrible company but multinational company. Good on paper

Will security+ help me to get a job? I wish i can find a cybersecurity pal to guide each other

if you know splunk, then at least you understand the concepts.

security+ will help show you do have base security knowledge

I want to get cissp and oscp instead. My friend got cissp by only studying for 4 months. It seems to me is not a difficult cert too

I only know Splunk is a monitoring platform with search head. Log forwarder from client site to send log to soc. they use spl language to find event and create alerts

Logs from on perm, cloud platforms. Azure gcp etc.

If you have the experience then sure. If not, you can only get the Associate's.

CISSP (full) requires 5 years of experince in cyber. Otherwise, I'd recommend Security+. OSCP would be good for pentesting but it is still considered an entry level pentesting cert. If pentesting is what you want to do

That’s why the problem is I don’t know what i can do now after i leave this pentesting job. I don’t know what i can apply. I don’t want to suddenly be jobless

Feel so useless

I order to move to Canada don't you need to have a job waiting for you in Canada?

Canada has very strict immigration standards

Immediate family members with citizenship is enough as well

I'm fairly certain that you need someone to take financial responsibility of you for 7 years after your entrance date. Meaning if you go and then you stop working and paying taxes they will held responsible

That is true

I've looked into it a bit. My grandfather has dual citizenship, which, according to them, is enough for me to be allowed to emigrate if I wanted 🤷‍♂️

Yes

If you have family it's fairly simple

I'm very new to this. Can anyone help me to learn hacking

Oh, have you seen the change in rules btw Moose?

Went through this morning 🙂

I've just found that many think emigrating/immigrating? To Canada is simple

Do the pre security pathway

Must have changed after I went to bed.

Thank you

How ?

!rule 11

Rule 11: No distribution of illegally obtained materials within the discord. Do not pirate books in #bookclub. This also applies to classified (or potentially classified) materials, which should also not be posted in the server.

🙂

#start-here

Do you have an account on https://tryhackme.com?

ok tq

You're going to want to head to this channel and it will explain everything for you

Did uh
Did someone post some stuff with a secret squirrel marker?

Don't ask 😆

If it's the twitch stuff, it should say leaked senstive data instead 😉

Nah, it was vaguely government documents

funny how that has to be stated

It's not a "Higher Diploma" is it? is there any more context?

Hardware Design?

You're welcome

Why would a junior Systems engineer be doing helpdesk?

I still don't see how help desk exp is required for sysadmin stuff.

It's usually not - it's a stepping stone position to get familiar with process and config before 'graduating'

helpdesk can encompass everything from answering calls to on-site support

sysadmin helpdesk is usually a bit more tied to helping users with server errors that they may be getting that the user doesn't have access rights to fix

helpdesk is a solid pre-requisite for most IT jobs

everyone should really do a stint in helpdesk

I would say customer service, in some capacity.

the most useful things that I've seen people get out of helpdesk is the set of soft skills

is it hard to get a job in cybersecurity without a college degree?

very

Without a degree yes, without certs not necessarily

You should read the 'Tribe of Hackers' book series. They give excellent advice on where to start

i'll check them out

even with certs?

Do you have prior experience in the field?

They're basically a set of interviews with experts in the cybersecurity space in various contexts. There's 4 books in the series but yes they discuss certs to a certain extent, as well as the importance of gaining experience and how to go about it and the importance of networking and making connections

nope, still in high school

Then you need a degree

Security is not entry

Or in most cases it isn't

Yeah you need to show some level of proficiency in sysadmin, programming, networks, cloud etc.

Some certs are very good indicators of your ability, some are good at showing you've followed a course but you should gain some experience building things. Also, getting a start in tech support/junior systems engineering/Code QA should be on the list of roles you're looking for as a summer job or first job out of school/college

so would it be possible to get an entry-level job in something like tech support or junior systems engineering without a degree and then use that experience as a substitute for a degree in the future to get into cybersecurity?

Well it would be a good idea to research the availability in your area. There's likely jobs fairs in your region from time to time, also local recruitment agencies would be able to advise you.

There may also be apprenticeships in your area

But you're still going to have difficulty with breaking into the space without a degree even with the experience

It's also heavily depends on the company, some have graphs where x number of years in the field = degree

And vice versa

If person A comes in with a degree and experience and person B comes in with just experience but more of it, depending on the company, person A may be taken more frequently than person B

okay, thanks for all the information. i'll definitely spend some time researching all of this

I would also look into scholarships and grants as they can greatly reduce the cost of college

hey, is it worthy to mention devops skills when applying for pentesting job, is it relevant? is there any way to put it in practise or in use in a cybersec carear

many pentesters write their own scripts during tests, so putting the code you know and skill level can help

docker is super valuable

What do you guys think are my chances at getting an internship (for university) as a pentester (or the like) in europe having no experience besides multiple CTFs and THM, having a degree as an IT assistant (ITA), studying CS and having multiple years of work experience as an developer and sysadmin? Also there are little to no explicit internships advertised in my area but many full-time offers - shall I enquire them about an internship anyways?

cc @quick forum @undone shore

Quite high, I would say

Certainly in Britain

It never hurts to ask - if nothing else, it helps broaden your network for when you start to look for full time work.

Very high if you look at wider areas than just your local are, if you live in a small village of 30 people and want to work locally it’s quite low

I did internships with far less experience than you

Hi

No reason why you can’t reach out and enquire about an internship

I made my apprenticeship by contacting a company when I was 15

15?

Wha

I'm curious, if u guys don't mind me asking, can u tell me how much u guys make and ur job role?

when i interned i made like ~£1500 for ~3 months or so but accommodation was provided so it was cool

On that topic, are unpaid internships common?

Not really anymore and honestly you shouldn't take it if thats the case

When I was an intern I was hourly only working 40 a week. Not going to give you an exact pay but I was making more than first year chemists in the Greater Boston area

Housing was also paid for

In the US, my advice is to never take an unpaid IT internship, especially if the internship is with a tech company

guy i need to encrypt file like 28gb sized and decrypt easily

with password

Wrong channel but if you have Windows versions higher than Home you can right click and go to properties, click advanced, and then go to Compress and Encrypt.

You also have GPG

and

i cant do both compress and encrypt

its also includes subfolders

and i have to wait for 22 hours?

So zip the folder structure with something like 7zip or Winzip

Large files take time to zip and perform encryption on

i want to upload this files on a website

Most websites arent going to let you upload 28GB

unless they are a file sharing website

🙏You have my thanks, Juun and Moose.

Gave +1 Rep to @stoic cave

I've just got my first entry-level cyber job as an SOC Analyst making 23500 GBP just by having CompTIA Security+ and doing THM. I do have a masters in Physics but that was >5 years ago.

Any good sites for applying for Cybersecurity jobs Worldwide? I am considering relocation and just want to understand job market before committing.

I would suggest LinkedIn

hi lads

i'm applying to UIUC, UC berkeley, stanford, caltech, georgia tech, ucla, usc and gonna major in computer science; i'm also probably gonna go to grad school to study cybersecurity or AI/ML. which path would y'all recommend?

i wanna get rich off stocks too, so i don't want a career that's too busy (10+ hours a day)

@warm hinge I'll answer you here as it's more on topic for this channel.

To answer your question usually a post-grad degree is overkill for entry cyber security roles, though a degree does act as a check box there are other certifications that can hold an almost equal value such as OSCP.

The key thing you'll want to do is start developing an understanding of how to use tools such as NMAP, burp suite and study vulnerabilities such as OWASP top 10.

As you progress you'll also need to cover infrastructure so learning how to attack Active Directory, general windows and Linux is also going to be required to get a start.
Though a lot of employers don't expect juniors to have an insane knowledge base, they do expect a base standard so ensure you understand everything you're doing

if that's the case, cyber isn't for you

though you won't be working 10+ hours a day every day. There may be some days you are required to work additional hours

i'm in high school right now lol, and idk anything about hacking and shit.

the only thing i know is how to do calculus, physics, how to do well on the SAT, etc

LMAO

so yea what should i do?

should i focus on getting into a college with a decent cs program first?

oh...

College especially in the states is a big checkbox to fill. A lot of roles will require a degree to get through to interviews so focusing on college is a great start but you can also use the time in college to learn these skills and get a head start

sites like TryHackMe and HackTheBox do great work in teaching these skills through interactive walkthroughs and challenges

okay

when i go to grad school, should i study AI or cybersecurity?

i feel like cybersecurity is fun in one way, and AI in another

although i secretly feel like AI is more "advanced"

That isn't for me or anyone else to answer. It totally depends what you find interesting and want to study

i mean, i just wanna earn a stable income and use that income to become an investing God, tbh.

lol

there are easier fields to break into for a stable income if that's your only goal

and if i wanna earn a stable income, i'd rather do something i'm half passionate about, so i'm doing IT

lol yes i'm dumb i know

but i just love investing

any IT field requires a lot of time and drive to learn, advance and progress. Even though a cyber security job may be 40 hours a week, you'll actually do closer to 60 through self-guided learning

due to how fast it advances there is no real downtime

jesus 60 hrs a week?

i'll probs be dead by 35

i cannot imagine that even though i stay up until like 3am everyday cuz of AP classes

40 hours of work + 20 hours of your own time studying

You can work 40 hours a week as per your contract but chances are you wouldn't last too long as you would never remain on top of emerging attack vectors/vulnerabilities

so basically a 9-5

yea i'll just do AI LMAO

I think those are fair numbers right? Obviously self-study differs for everyone but isn't too insane?

cybersecurity is WAY too complicated for me

AI also is

but i like AI a bit more i feel like

just cuz cyber is for geniuses

Its maybe not for you.

yk what? i might just major in finance

i'm so fucking done with life

idk what to do

i don't have any skills

yeah sounds about right, i do about 2hours/day of stuff loosely related to work, and then probably another 2 hrs/day/average of just anything it related

If you're still in highschool no one expects you to have your entire life mapped out especially career. This is what high school and college are for

are you an MIT grad?

no lol

then how are you studying cybersecurity

i didn’t even go to university

hard work

bro i feel like i'm so behind and worthless; the only thing i can do is get good grades, good sat, and those aren't even valuable skills in the job market

You'd be surprised how many of us haven't got any university qualifications based

if you wanna work at BIG companies such as google, you kinda have to have a degree don't you?

honestly it's something to think about (career wise) but like I said, no one is expecting you to have it your life and career plan mapped out at your age, you have plenty of time to work it out as you go. Figure out what interests you and see how to go from there.

The main thing is managing your own expectations, as long as you see progress and take steps towards your chosen path that's better than nothing

Sure in some instances, but a lot of the time experience speaks for itself over a degree

that makes sense. i'm probably just stressing too much rn because it's college application season

for the love of God, please, please, at least one top 20 accept me.

i will literally kill myself if i get rejected from everywhere

i worked my ass off

4.0, 11 AP classes, all 5s, 1570 SAT

i'm sorry i've said too much

Yeah that's a stressful season, best thing to do is just take a step back and chill. You've already said you're getting good grades so there's not much more you can do once those applications are fired off

if it's meant to be, it's meant to be 🙂

🙂

i'm gonna play some fifa lol

btw, is tryhackme.com for beginners?

like does it start from "what is hacking" or something?

like really basic stuff

yeah

no preliminary knowledge required?

nope they cover topics from the ground up aimed at complete beginners and have content that tapers up to more advanced topics

yay

i'll try tryhackme

Best thing to do is dip your toe in and see how you find it

yep

also i have a question for the cybersecurity experts on this server

is white hat hacking the exact opposite of what hackers do in the movies?

as in, is it boring af?

I wouldn't say that its boring, but the stuff you see in movies are mostly exaggerated 😄

hacking is completely different to how movies depict it. Some parts are really fun and others aren't. It's all part of the package

guys

if i become a cybersecurity engineer(?)

will i have time to learn about the stock market and invest?

Work full time and put your money in an index fund like the S&P 500. Day trading sucks and you will lose money 70% of the time. Seriously, your average day trader loses money.

i know, obviously i will invest long term, but i've got my homies who are literal investing Gods

man made $500k from $1000

in like 6 month

months

so i wanna be able to like communicate with em and trade with em

Well you can make ~40k from 0$ in 6 months with a career in cyber.😆

You can also make $0 from 40k by investing.

Very quickly and easily

tbh gambling is more reliable in that.

And for every success story like that there are a 1000 failures you won't hear about. Also this is not really ontopic for this channel or discord server.

hello, i am currently studying computer science (cyber security track), there is a lot of fields in cyber security. how can i find my self into one ? i have been confused. which is the most common for jobs?

Cybersecurity is a broad field within computing. If you want to get into any of these roles, you'd be expected to have good general computing knowledge as well as an understanding of the security field. There is no 'most common cybersecurity job', and there are no entry level jobs in cybersecurity. You're expected to know what you're up to.

Understanding the concepts discussed in certifications like Security+, SSCP, CCSP, CISSP etc are a good way to grow, but you should also understand the topics discussed in this space, like hacking/pentesting, cryptography, systems security, risk management etc... Having a decent grasp of Linux, Windows, Networks, Scripting, Coding etc would be expected in most cybersecurity roles. choosing the role that appeals most to you is down to your own investigation in the field.

A lot of people will already have some experience in tech support, system administration, coding, qa or other roles prior to going for a cybersecurity role. Gaining knowledge and experience and being able to discuss and operate the tools of the trade are an important part of your studies.

There are a lot of resources you can find; such as Conferences, vloggers/YouTubers, bloggers, a lot of really good books from publishers like No Starch, Wiley, Sybex, O'Reilly and others and then of course, training platforms like Try Hack Me and others. Of course you can learn a lot through academic or professional certifications/qualifications and you can also learn a lot by practicing in a safe environment.

Of course, understanding Law and Ethics will be a big part of your journey but the general idea is to not break or break into something you don't have absolute permission to... Your lack of knowledge of the law does not absolve you of punishment, no matter your intentions.

Where you go from here is up to you but there's lots of good advice in here

my homies don't lie with their calls

trust

hey

i want work as a remote internship

doing pentest

do you know which company is hiring

good luck getting remote internships for pentest

Yeah, unfortunately I do not think those exist

they do exist but typically at top firms - FireEye I think just closed their round of applications for next summer's internships, which are remote and include a wide range of stuff, but yeah its uhhh a little competitive

I would imagine that FireEye would also have residency requirements for any remote positions, internships or not

can confirm FE/Mandiant's interview process is rough

😬 there's a cybersec internship for summer 2022 that opened up, but I don't want to take my chance at the stupid application AI pruning..... is it a bad idea to send my resume to the senior director through email if i have it?

i wouldn't

external attachment filtering and all that

I got an interview with Crowdstrike for Malware Analysis when I was looking for internships.... It didn't go well

"so do you have a github with any of your previous disclosures?"

Ummm I has college coursework

Oof. I applied for one but just have home lan stuff.

Thanks a lot, that's the most logical answer I got.

Gave +1 Rep to @rugged delta

If you actually know a director personally and they have given you their email address or if you have a very close mutual contact then it might be acceptable to get in touch, however, most organisations have internal application platforms and you will still need to apply through there. If you do know them, they would have suggested the best way to get in touch or make an application so that they could initiate a referral but they still need you to go through their system

Many larger orgs also have Nepotism rules now

If you know the director, ask them for advice to get noticed - they may have a backchannel that is approved.

Hi all. As someone just starting out in cybersecurity, do you think there's benefit to doing write-ups to completed rooms (specifically CTF style ones) and then having them available on a website for potential employers to read? I figured it would allow me to show procedures and thought processes.

That's a good way to show your process, it may be beneficial to start writing a blog or w.e as you work your way through a room and what you're currently learning. Not only is it good for potential employers but it's good for you to get in the habit of documenting everything you do.

lol, love the name. Yeah, that's an amazing way to document the process, and shows that you're continually active and learning.

@ionic shale Not really the correct channel, and please don't ask the same question over multiple channels

Hello, everyone. Question for those who perform vulnerability scanning and phishing campaign: what are some of the general resources do you guys recommend for this? I am about to start in a few weeks and just want to prepare myself. this will be my first security role. I have done help desk roles for 3 yrs prior to this position. thank you!

Vulnerability scanning is a lot of Nessus and Qualys IIRC

Those are common tools, but there are many vuln scanners that exist as on-prem, centralized, cloud and/or hybrid.

Nessus/Tenable, Qualys, Rapid7 (Nexpose and Insight? I think?), OpenVAS/Greenbone are all pretty common. I'm sure there are more, that's just the top of my head

phishing typically would not be wrapped up into a VM role - I don't do that work but we do have a VM team I meet with regularly. It's a lot of research and coordination with SecOps and Infra to make sure your tools have proper coverage and also report your findings. There's a ton of KPIs and OMs you'll most likely have to visualize

Depending on the scanning needed, OpenSCAP may also be in use

Honestly I'd ask them what tech, or the job position actually ought to say

thye mentioned Nessus (tenable)

There's a THM room for nessus

Good luck waiting for it to set up though. Mine took close to two hours.

Hello everyone, im new to tryhackme and have a question, what is a good start into becoming an intern where i can learn the work environment? im willing to work for free and just gain experience in the field right now

Most people in cybersecurity start in another IT position. You might have to work your way up from a support role. You should already be fairly familiar with some aspect of tech like programming, networks, Windows, Linux etc and get some familiarity with each of them. Working up to a sysadmin/programmer role would be beneficial and of course learning along the way, building things and knowing how they work.

Pretty much everyone in cybersecurity has a background in some form of tech and roles tend to require some level of expertise. I'd recommend reading a book called 'Tribe of Hackers', it's a series of interviews with cybersecurity experts discussing the various ways to work towards and into a role in the field

https://www.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World-ebook/dp/B07VPLR1DS/ref=sr_1_1

@rugged deltaIll take a look at the ebook, thanks for the reply.

Gave +1 Rep to @rugged delta

The Pentester Blueprint is awesome too and features curated interviews from that. @maiden estuary

@maiden estuary Interns are not expected to know things or be productive. If the company you have an internship for has high expectations of producing value for the company you should run the hell away from that internship.

Internships are a try-out for both company and intern, the company to locate and groom potential talent, the intern to start to get a feel for how workplaces are different than class projects.

@maiden estuary I am in my last year of school. my first internship was for state department that had nothing to do with cybersec and had to do with ML, then by practicing myself i added tools and skills to my resume along with that experience and also got a beginner cert. Then last summer did an internship for Facebook for Threat Hunting. This is a good place to learn tools and get hands on experience with them too. Learn the tools and add them to a resume and just start applying. And what juun said, most places dont expect you to know everything, its more a learning environment where you have fun and gain knowledge.

Let me tell you about my internship then

Yeah, but your career path is borked

I was expected to know things as an IT intern

It didn't go well

I'm expected to know how to reverse engineer malware and not blow up my VM. Among other things like wireshark and SIEM stuff. Honestly hard to find internships with loose reqs these days.

@clear hornet@flat sedge@stuck roverThank you all for your replies i will have to keep all this in mind when start to apply. really happy to be apart of the tryhackme community only been here for a week and learned so many things 👍

If you are expected to do real work as an intern, that company is abusing you. Internships are short term and expected to be as much a recruiting tool as a teaching tool

Anyone with CySA+, where are you now and what are you doing?

@brazen yew let's steer away from extreme politics. Or politics at all.

Noted.🙏

From September until now I got rejected on at least 30 companies, I don't have experience relevant to any of the IT positions available because until now I was a Sailor, CNC machine's engineer and freelancer. I'm also student at department of engineering and management of technological systems, navigation, maritime and river transport so i'm not into any of the relevant IT universities. I applied on any entry level positions, internships, didn't care at all if they were paid or not, I got access to three tests, before interview, that's how far I managed to go, no interview yet. The tests were mega stupid, than one was relevant and not fully, three networking questions and one basic C language question and after that only stupid questions. I'm not sad or upset, I think I'm quite capable of getting into an internship position but if it wasn't to be, that's it. Where I want to go with this discussion is that all the companies I found and applied for, required a lot of experience, expected to know a lot of things and to be super productive in the first three or six months, given that I think most people who apply are students like me, and some of us really trying to get into the game and are real motivated to learn as much as possible.

Fair enough

Can someone suggest me some project ideas for Cyber Security??

Bit of an open ended question. I have a job. I had it before I had CySa though. It's a good certification for getting an analyst role for sure.

This is mostly true of summer interns and especially first time interns in my company. Our company has a small number of year round interns, which are basically repeat summer interns who have shown interest in working throughout the school year.

I got lucky enough to land a 3 month intern role with guaranteed progression to full time role in digital forensics. I have 10 months experience in help desk, a handful of entry level certs, went through 2 full pathways in THM, and completed a cyber sec boot camp. There are opportunities out there, but they are difficult to find. I had applied to over 150 jobs for about 6 months before finding this. And as they say, you may get many "no's" but you only need that one "yes"

It aint easy in any IT field at the moment. HR and Hiring managers are a well known hurdle. Best advice I can give is don't think of a single one of your interviews as a failure. Each one was a learning experience. Play them over in your head and think about all the details. What you wore, what you said, what the interview(s) asked and what their attitude was, etc. Think about what you did right and what you did wrong and how to conquer it in the next interview. Also - although they often ask technical questions.. do NOT get hung up on them. The interview is just as much evaluating your fit at the company as it is your ability to perform the role. Many people get a position they aren't qualified for on paper but they cliqued with the interviewers and gained their trust.

It took me 2 years to get my first tech job after working in the automotive industry and gov - and I can attribute finally getting it to not having a stack of certs or interview questions memorized but instead 2 things.

1. Gamify interviewing. If you're interested in CyberSec consider your interview a Social Engineering exercise. Think psychology and recon. Learn about the company, learn about its culture (Facebook, Linked-In, employee's social media accts). Play that character when you get into the interview. Don't be fake, but think about what kind of language you are going to use and your body language, etc.

2. CHEAT! Look at the job posting you are applying for. Look at it CLOSELY. Each application you submit should be tailored for that job posting and that job posting only. Create a resume template and not a 'catch-all'. The job description and requirements for it should be what is on your resume. Don't outright lie and don't outright plagiarize, but definitely gain 'inspiration'. They are going to compare your resume to the job listing, so try and match them up.

I'm out of characters and this is already a wall of text. Hopefully it helps someone. Good luck!

Also, Black Hills Infosec has a great set of videos on getting a cybersecurity job that covers a lot of this. I highly suggest watching them.

Thank you for the reply and advices. The thing is, I already did those things and really didn't liked to do that at all... umm, I never ended with an interview at all, that's the funny part. I only participated in tests on different platforms that they gave. I will not look at the situation I am in now as a failure, I am one hundred percent sure that in a year or two most likely the companies that refused me they will start to bite their nails at the decision they made. I will continue to work and continue to learn, I will progress, and I will prove to myself that I am the one who made the mistake of applying to such companies. I just wanted to express my point of view and what happened when I applied to internships in the above conversation #junn mentioned

Gave +1 Rep to @iron mulch

Right on 🙂
Just keep the positive attitude and your nose on the grindstone, and DONT burn out! The second most dangerous thing you can do is spread yourself thin learning all sorts of different material to try and cover the random crap interviews/job listings ask for when its not what you actually want to work in. Focus on your interests and you'll learn a lot of the other stuff tangentially. Keep applying to positions. Keep taking notes. And remember you can call/email the company and ask where you went wrong/what you can improve on. Often they are more than willing to give you some advice. Sometimes, they may turn around and offer you the job. You may have been candidate #2-5 but it didnt work out with candidate #1 for some reason.

hey guys does any one know how can i find remote internships in cybersecurity ?

that was VERY clearly a joke

https://www.linkedin.com | https://www.google.com/search?q=remote+jobs&oq=remote+jobs | https://www.dice.com
Find local companies, browse their websites, call their hiring departments.
Are you in college/university? Generally they have internship programs and the companies work with them to source candidates.
Do you have any IT experience? Do you already have a degree?

Either way.

sad world that we live in

it would vary by what country you are in. Lots of internships these past 2 years were remote in the US but who knows if they will be remote summer of 2022

the last hiring round of internships I saw that start next summer were mostly remote, probably will see some tapering off there for sure outside of the larger firms that can afford/have the means to do remote internships

yeah they may be still advertising as remote as they don't know what summer of 22 will look like yet but they have to start hiring now for interns

I have mixed feelings about remote internships anyway, no one wants to commute as an intern to do crappy work no one else wants to do, but at the same time you miss out on interactions with seniors/mgmt/etc

yeah I didn't have a car in college, it would've been very hard for me to do an internship in college

yep, plenty of kids are in that same situation that have plenty of talent, it's a really thorny issue - im a bit biased because I directly benefited from a remote internship, it would have been really hard to come into the office everyday to do the work I was doing then

i'm from Morocco and looking for a remote English internship from a company abroad, i don't like the fact that my country second language is French i studied cybersecurity by my own using english resources (I'm a 4th year engineering student in network and telecommunication) we use French for teaching and inside the companies in my country this is why I'm looking abroad, hopefully i can find something but it's hard once i tell them im from Morocco

yeah generally internships are for either students in that country or citizenship. Even if you have citizenship in one country but live in another cuntry, it can be difficult. I would ask your school for advice on english language internships.

like I know my company will allow for foreign students for internships but they have to be enrolled in a US college/university

Internships are generally used as recruiting tools for companies. If you're not eligible to work at that company after the internship your probably wont get it in the first place.

You work for free or little money for the company, they get to evaluate you and bring you up to speed and hopefully bring you on as an employee at the end of it.

Gotta remember companies as a general rule have no interest in 'helping you' learn it/security out of the kindness of their hearts. They participate in internships because it benefits them.

lets repeat that... internships are kind of a way to brainwash you/get you onboard before you graduate college so that they can underpay you but you have a feeling of loyalty to them 🙂

Even better description haha.

Get you up to speed to where you benefit the company while at the same time convincing you there aren't better opportunities out there and this 'guaranteed job' after college is the best and most perfect opportunity for you.

(Which... sometimes that IS the case... lol)

At my internship we had an individual get fired day 1

wut?

yeah, it could be a great opportunity but you are likely to accept less pay/benefits

How can you fk up that bad lol

Had lied about certain things and was a foreign national

ahh

i'm actually just looking to add something to my CV so i can continue my study abroad and maybe learn bit of english while communicating and build relation with ppl

Oh. Yea. That'll do it.

Also admitted to trying to bypass security protocols on corporate equipment.... Day 1 at a company that held gov work

we allow foreign nationals in our internships which is weird because there was discussion about extending an offer to a foreign national intern and the discussion was like 'she is a foreign national' 'oh, nevermind'

Look at online conferences and group participation activities through THM etc

also blogs are a great way to expand your CV while also practicing english

Yeah that internship was rough, definitely didn't belong, lack of communication on both sides exacerbated issues, etc

Great learning experience though all things considered

Getting Global admin day 1 should have been a red flag

lol

Yeah and what I mean by didn't belong is that I was the only intern who wasn't an Ivy League/high caliber engineering school student

Twas reinforced when I was told I wasn't the first choice

how stupid

most of our interns are state schools

The other interns were great though

Super nice

I was thrown to the fire though, and I burned

Like to think I turned it around at the end though

I'm currently doing an internship and I don't feel this way at all, maybe it is something country-related

Or maybe I will realise when I actually have a job

I mean I don't think you'd feel like it when you are in it at all

Yeah that's what I meant with this

I'm fine as long as I like it

While on that, do bligs really help THAT much?

I mean its really they are trying to grow good will with potential employees, they are also interviewing you without an interview

if you are trying to show interest and ability blogs/github are a good way to do that, its a little bonus

Having a blog with some decent entries is a good way to demonstrate competency - it can also become a selling point for consulting or IT services

"Contract with us! Our consultants are experts, see here's their blog"

I see everyone doing ctf and room writeups to the point where I feel you're just another speck in a pile of dust so I'm taking a different approach. Blogging about security in emerging tech, unconventional ways I find to earn extra cash while still practicing infosec stuff, my thoughts and reasons for learning a particular discipline and how I think it makes you a better professional etc.

I don't know if that's "enough."

The point of writeups isn't to produce novel documents.

thing of blogging as a bonus as well as possibly being something a future employer could look at

It's to demonstrate your ability to write something reasonable and understandable

and writing/explaining technical concepts is important

I just blog to share it with my friends that are interested in some topic tbh, I'm not expecting to make a difference or be popular

It helps me learn and I have fun

Agree with Zojja. The softskills of communication are by far the most important skills for a SOC or infosec engineering role

being technically competent is important, but without being able to communicate your viewpoint in an understandable way, none of your security knowledge is useful

🤔 I suppose doing room writeups isn't that bad. I think I'll pump out a few on rooms I found challenging and had to either adapt or learn a new skill for. I'll make sure to make them more educational than the copy pastes I see everywhere else though

yeah i'll also start doing these myself once when i decide to redo all the rooms i`ve done so far, to see how much i remember and reinforce it

I started doing writeups for rooms that I haven't done yet. My goal Is to convey my thought process as a learn new skills so I sort of just hot down the entire process I go through

And don't think of blogs as just an extension of your resume. Lots of CTF writeup blogs are borderline useless and generally from people who just copy/pasted the whole box, and it shows in their blog. Use it as an opportunity to reinforce what you learned. The writeup of the CTF is just the skeleton, flesh it out with information related to different techniques, technologies, etc. Also, approach them as an audit report you would present to a client. Its an important skill and the writeup is an opportunity to demonstrate your technical writing skills which are very important

That's what I thought. I try to teach someone with everything I write. Assuming they're willing to follow along.