#cyber-and-careers

For someone with 5 years of cyber security experience?

Because I am thinking of going for it

In relation to other certs its not that hard

It's good to have a cert

Take a look at the Exam Material on Comptia's website. With 5 years of experience it shouldn't be hard

Is it practical like OSCP ?

Or ask questions ?

No

It has multiple choice and then some longer form questions called PBQ, or performance based questions

Questions like what's the OSI model?

All of the material on the exam is available on Comptia's website. Exam specifics aren't supposed to be discussed I believe, so you'll have to go there

Oh yes my bad

I'll probably do Sec+ myself in the next month or so

i haven't taken it myself but i don't believe "open ended questions" like this are in the exam because it is marked by the computer, not a person

Oh I see

I want something that can give me the cyber investigator title

That's what I have been working on for the past 5 years

I mean every company is different

But I suggest looking on LinkedIn or Indeed for Cyber Investigation roles and then seeing what certs they require

After graduation does a post graduate specializing in cybersecurity helps you in getting a job or starting from a startup with an entry level position ?

No

A postgrad degree will price you out of most entry level positions - if you go for a postgrad right away, be sure you have a pretty in-depth personal projects section for practical implementations

If you don't have a work history or someone in your network willing to vouch for you, it can be difficult to break into mid or senior level positions that the M.Sc would otherwise qualify you for

In my college, the job prospects for cybersec and ethical hacking are not available. Any suggestions? Even the teachers teaching us ethical hacking and forensics dont teach us the important stuff rather than just theory and no practical. Any suggestion?

I had decided to work for a year or 2 in entry level jobs in startups and then go for cybersec postgrad in US or Aus?

is it a good approach?

My advice is don't get a postgrad unless you can convince someone else to pay for it

Either a stipend from the university to be a teaching assistant or get a company to pay for it as part of a training program

Hmm well I wanted to go abroad for getting good job prospects becoz the financial condition of the country is too unstable to depend upon

though of getting a master degree in it

but ppl said it would be bad

to get it if you still in entry level

That is correct

then how do i get a degree

and btw why is it bad ?

Getting a Masters before any relevant work experience is going to price you out of entry level positions

and if am priced out of entry level

i wont get expreince

for the higher level potions

Companies are less likely to hire you

positions*

well what degree should i get

A Bachelors if you want to get a degree

that's

a 4 years degree

BS in CompSci is common

am 22 atm

BS in Computer Security is also an option, you just have to be aware of the program you're entering

i decided to go into cyber defense

As I mentioned before Cyber isn't Entry level. You may have to start somewhere else if you don't want to go through the degree process

but am sure cyber defense is a generalized concept

And getting a degree also doesn't guarantee entry level cyber positions

i got

a degree in MIS

it's not relevant to cyber security tho

A degree is a degree

It checks a box

ya but doesnt companies want it

So you have a bachelors of science in MIS?

in a specific area

not exactly

Bachelor of Commerce in Management Information Systems

this is my 4th and last year

atm

So a business degree?

am hoping to get good grades this year also

Never heard of Bachelor of Commerce before

but i realized good grades aint everything

it's sort of busniess analyst

So, I would start looking for jobs in the computer field. You may not start in Cyber Security right away but there are avenues to it

IT, helpdesk, etc

i dont think i get you

you mean look for a job in computer field

once i get experience

i try to switch jobs ?

or

No

You get experience in other areas of the computer field and then transition to a Cyber Security role once you have relevant experience

sorry for the stupid question

There are no stupid questions

but how do i know i am in a relevant job experience

IT, as an example, is a common starting point for Security professionals

working in anit department you mean

Yes

If you look on your local jobs board I am sure there are some entry level IT positions that you could apply for

Even with your degree, just send out applications to entry level computer and Cyber Security positions. You don't know unless you try

well a degree alone

won't work

am i right ?

How do you know? Send out applications

need certifications

and other skills

Some companies may be willing to take a chance. You just have to put in the work

well the question

of how do i get experience for a job if i need the job to get experience

Certifications, practical things like tryhackme.

It really depends on the company, I've seen a lot willing to take someone with entry level It experience to train up

i looked for jobs while we speaking

they need bunch of shit i never heared about

Don't get hung up on this, just apply

A lot of job postings are written by HR

Job listings are a cheat sheet for skills to look into, if you like the company, see what kind of a tech stack they use/skills they require.

You can find tutorials on most things, also applying doesn't hurt.

speaking figuratively'

My current job was asking for 3 years of experience. I applied with 0 and got the job

^^

that's awesome

but what skills you had then ?

I had a Bachelors of Science in Computer Security and Information Assurance

And a Security Clearance

That's it

I got Sec+ after I was hired

wait am ask a question like atm in college we took databases and a tiny tiny tiny part of sql

i saw a job needs the degree i have and a good understanding of sql with someother stuff ofcourse

is my degree enough like that?

Degrees are just a checkbox, most of your learning will happen on the job

or should i try to improve my self ?

but going with 0 knowledge about sql will be bad right ?

am talking like an example

since ya we took a tiny but it was litterly nothing

so you can say we didnt take anything

Applying for a database administrator position without experience in SQL would probably be bad

But database administrator isn't entry level

no no like

an mis specialist

Something with specialist in the title likely isn't entry level

If you don't mind me asking, what's your home country?

egypt

i really fked my self up

cuz i didnt pay attention to what i was doing

untill this year ( my final year in college )

ya i got good grades

but my memory my knowledge of the stuff i took is

close to 0

unless i revise on the stuff i took to remember them

oh ya and when i really explored my goals i found that i liked cyber security

it peaked my interest

At this point, I kind of feel we're going in circles. All I can suggest is to go on your local job board and start looking for entry level jobs in the computer field. IT, Cyber, Analyst, Engineer, etc and start applying. You won't know until you try and the worst they can say is no. You're completing a degree, which is mainly a checkbox in most cases and used as a baseline of education not necessarily job experience. Make sure you have a presentable resume and show you are learning outside of school in a projects section with things like a Homelab, HTB, THM, etc.

okay so basically i keep working on thm i finish my college try to do other projects for my resume while applying to entry level jobs when i get enough experience and certain certifications to help me transition from my spot to a cyber security position

and i try to make sure that the entry level jobs that am applying for is relevant to the cyber security filed

unless ofcourse i got an entry level at a cyber security position

did i get it right ?

Yup, that's correct

Awesome, thanks for the advice. Yeah that's fair, I'm also not sure I'd be completely prepared for something in cyber by that point because my classes are going in a different direction next semester, but I've been going through and marking things to apply for, so I'll start applying and try to talk to an advisor in the meantime

Gave +1 Rep to @stoic cave

Speaking of degrees, how likely is it that you can get a job without a degree (but with relevant experience), when the job posting says:

1. "Requirements: (or 'Qualifications:') Bachelor's degree in $field or related area"
2. "Bachelor's degree in $field or related area required"
3. "Bachelor's degree in $field or related area."
4. "Bachelor's degree in $field preferred"

This depends on your skills and what you can show them. Generally a Bachelors degree can be substituted with "3-5 years of experience" in the relevant field.

You're welcome

Excellent

Think it's highly dependent on the experience you bring. As Mr. Glitch said, experience can be substituted in for a degree but this isn't always the case. There may be specific requirements that have to be filled which do not allow that. If it says Bachelors or Qualifications under requirements I would still apply

I was worried they'd be after some kind of background/foundational knowledge gained from the core classes or something

Agreed here, even if it says they require certain qualifications always apply. The worse they can say is no

Agreed

Which I'm sure is sometimes the case, but I'm also sure some of those can be compensated for by passing one of those cognitive tests they like using now

or otherwise demonstrating ability/aptitude

What I really need is to pin down the technique for selling the concept that I may have gaps in my knowledge but that I'm very aware of them and they can be filled quickly as needed with minimal wasting of TL/SME time 😛

Start a blog and document what you already know/what youre learning into useful bits others can use

Ooh, yes

At this point I have years worth of blog I should have written just of routine stuff I keep having to look up again because I never think to make notes in the heat of the moment 😄

(Even at work I would end up writing all the ticket notes at the end half the time, lol)

lol I do the same, I find having my own archive of publically available notes helps tremendously because I not only have to write it down, but I have to explain it well, so it sticks in my head a lot more

You could start with a static site using github for hosting for free too!

I'll have to make a concerted effort not to over-engineer it lol
I'll totally go to make a simple blog and end up creating a bunch of self-imposed prerequisites because at some point I decided I need to set up a comprehensive note-taking system involving org-mode or vim plugins that auto-publishes to the web and shines your shoes

Im exactly the same way. Ive managed to mitigate that by keeping my stuff short and to the point, along with a few other guidelines. Limits are good 😁

Arbitrary constraints enable the best creativity :V

How likely is it to get a job that isn't Help Desk with a degree in CyberSec, certifications & an internship? I see people saying that they have these things but the only thing they can get is Help Desk jobs ??

Overview:
I’m currently studying in a degree for Cyber Security and Forensic Computing in the UK, this year (Level 4 BTEC) is solely Computing, but next year we’re going more into both offensive and defensive security (from what I’ve been told).

I might have the opportunity to go into a Level 6 degree apprenticeship next year, but of course I would have not completed level 5 by that time.

I’ve previously applied for a similar option last year, and a bursary scheme from the same organisation this year with no luck, I wasn’t able to get any personal feedback but put it down to being the excessive number of applicants and perhaps due to me only currently having 5 A Levels under my belt as opposed to higher education grades.

That being said, a person who works for the company where I’d be getting this degree apprenticeship opportunity from did say himself he never had the exact qualification that the company he was at were after and instead kind of just social engineered his way in. I have shown keen interest both when he has come to talk to our class as well as my lecturers, so I’m hoping I may have the chance even without completing level 5, especially as my lecturers have seem that I am excelling in this current year and trying to push myself further where possible.

My questions:
Would you say taking this route is wiser if I have the opportunity?

Has anyone taken a similar route and how did skipping level 5 work out for you? Were you able to complete both level 5 and 6 in your degree apprenticeship (mine is lasting 3 years, so I anticipate I’d have the time and resources to do so) or was it not even necessary to do so? Should I seek work experience and perhaps regular apprenticeships while I’m currently studying my Level 4 or focus primarily on the degree apprenticeship route?

Considering my current position, are certs worth going towards? Where should I look to begin with certs and/or other similar things?

I think it will greatly depend on the circumstances surrounding you applying for a job and that will show whether it was wise to skip a level. I live in the UK (not studied here), my understanding of BTEC levels are that they're extended levels, am I right in saying that?
I only went as far as college in my country and I only have a diploma. I do not hold any kind of IT certification, yet I have been successful at several roles within IT and am now in management trying to branch out into cyber.

I've always felt that if you know what you're talking about, prospective employers will see that and if they need to take a chance with you, they might take you on. I'd highly recommend you watch this clip from The Cyber Mentor on how he transitioned from being an accountant to cyber: https://www.youtube.com/watch?v=GuAYRYCDdq4

I can't speak from experience yet on how it is like when you land a job in Cyber but am confident in that I will be able to get hired at some point hopefully this year

As for certs, I am looking to get Sec+ as I do not feel ready for OSCP

but then again, a lot of people say that certs may get you an interview but not necessarily a job (I am living proof of that for other roles in my IT career)

I also applied for the bursary you're talking about and didn't get it either. Hopefully next year!

I’m from the UK also and from what I understand they are the equivalent of most forms of education, e.g. BTEC Level 3 = A Levels, Level 5/6 = Undergrad degree, I’m not sure what those would equate to in your country.

Thanks for the feedback, I’ll take a look at the video when I have the chance! Good luck to you :)

Gave +1 Rep to @vivid flume

Thank you! Good luck for next year also! Dedication is key :)

Hey y’all career question for you. Would it be better to do an undergrad in cyber sec or an joint undergrad masters program with undergrad being in IT with a focus in security and a masters in security?

Assuming that the universities are of similar prestige.

I would make sure the cyber security degree is up to par, but i would do the undergraduate personally. The issue with getting a masters so early in your professional career is that you price yourself out of entry level positions that you need to gain relevant experience.

The undergrad is from a NSA center of excellence. The joint program also is.

Be very very wary of getting a masters.

Depends. You just have to start applying honestly. I just had a Degree and a clearance, nothing else, and got a job as a Cyber Security Engineer out of college. That being said, it's not bad to ride help desk for a little bit because you learn a lot and gives you perspective.

Same conclusion in my opinion. Undergrad. Get someone else to pay for your masters later in your career.

Thank you!

You're welcome

Hi everyone. I am new here and I wanted to see if anyone have some advice or guidance to how to move my career from a network admin / jr dev into a Cyber Security career. I been looking online, found Cybrary had a career path goal that seems promising for $299 a year. Now I am not sure if that is the best option but maybe you guys can advise something. A little about my background I been doing IT work since 2008. I have held positions at Computer Support Specialist, Network Engineer, Cellular Field Engineer, and Network Administrator with some Jr Developer training at my current job. The place I am at is super limited if not the worse for Cyber Security positions, so I am looking to move this year away from here. I been working hard this past month to get my stuff together and hopefully start focusing on a Career path in CyberSecurity. I am torn on whether I should go first for my Sec+ or Net+ or CCNA. I have a degree AAS in Network Systems Administration and hold an expired A+ cert. Done a few courses here and there but nothing major. What you guys recommend I should focus and start with?

Get your Security+ and then start applying. Not sure if you're salaried now but you may take a slight paycut initially before advancing past where you are now.

Hi there, thanks again for your advice. I am salary at the moment but I been for years now from different companies I have worked with here in town. Is Cybrary a good platform to obtain my training for Security+ or Udemy?

Gave +1 Rep to @stoic cave

I would self study personally. I haven't used udemy or cybrary. Professor Messer, Get Certified Get Ahead, and Dion's quizzes are all excellent resources

Oh nice, I will take a look at that.

Keep in mind the current exam is 601, not 501

Gotcha!

would you say sec+ is a good initial cert to get into a cybersecurity career? I already have a bsc in information technology but I do need more academic experience to help my transition into cybersecurity

yes

thank you, I noticed you did your pentest+ as well. what was your experience getting it?

Gave +1 Rep to @native elm

It's a great cert. It's rated a bit more advanced than CySA+ but I would say it's slightly below that level. The material is easy and enjoyable to learn thanks to the PenTest+ path here on TryHackMe. I did the beta exam, it was a very reasonable exam. If I hadn't done all the labs here I wouldn't have passed.

Gave +1 Rep to @surreal marsh

okay that's very helpful. I'm definitely going to go for the sec+ cert but i'm not entirely sure which cert I plan to pursue afterwards

Would not recommend going for pentest+ it is not worth it.

It is 0 hands on, a big part is remembering flags of nmap💀

It's a good checkbox for DoD 8570, better than CEH

Is DoD a US thing?

yes

US department of defense

Ah fair enough, I am not from the US 😛

btw, if not pentest+ which cert would you recommend?

Assuming you would like to become a pentester, probably ejpt

eJPT doesn't hold much weight with recruiters yet

What country?

It does help getting your feets wet with hands on experience

I'm in South Africa

My #1 recommendation would be looking on LinkedIn at what cyber security positions in your area/country are asking for

Certs and HR requirements vary so much, especially between countries

Yeah I've noticed, sec+ is well regarded here, then most companies want CEH after that.

Howzit oakie?👀We actually have a South African hacker community with local recruiters. Might be worthwhile to ask there.

oh awe that'd be a huge help, where can I access the community?

I don't know if I'm allowed to post server links here so send me a friend req and I'll dm it to you.

I'd appreciate that, your acc isn't currently accepting friend requests tho

I sent one instead.

thnx

Hi guys, Please, help me.
I wanna be ethical-hacker, pentester.

Education:

• High school - knowledge about networking and hardware, and little bit about electricity
  Experiences:
• 1 year Front-end Web Developer (React + Typescript)
  Sometimes I code in python scripts for my Raspberry Pi
• 4 years using linux Ubuntu and Kali, I thing I have anought knowledge about kernel and system.
  I training on HTB academy and THM,
  I have experience with SQLi without sqlmap, BurpSuite, metasploit, nmap and other common tools,

I passed wargames by overthewire, (bandit, Leviathan, krypton),
and some machines on HTB and THM,

Now I dont have money for certificates like OSCP (Pen200), and others,

If you are pentester or you work in cybersec, Can you please give me some info what is important for juniors?
I wanna know what knowledge and skillset I need for this job on junior level.

Thank you so much 🙂 and sorry for my english 😄

where are you based?

Slovakia,

Slovakia is an EU country and afaik you have access to free education. You should look at whether there are applicable Degree programs in cybersecurity.

Pentester positions are highly competitive and most require you to be able to demonstrate an understanding of the kinds of skills they teach you in OSCP and above as well as other skills you'll have to pick up elsewhere. Having some low level THM/HTB Academy/Overthewire probably won't be enough and you'll have to demonstrate your skills in an advanced environment.

Take a look on recruitment sites like linkedin, indeed or some local sites and see what kind of roless are available in the region and what specifically they're looking for. I'm currently seeing a lot of junior pentester jobs looking for OSCP+ level skills

Can someone give me a brief explanation of what a security architect does? I've read some pretty mixed answers online. Are there many practical components to a job in that area?

Share with me as well i am in kenya

Hi Pugz, probably something along these lines
#general message
#cyber-and-careers message
#intros message
#cyber-and-careers message
if you use the search bar you'll see a few folks ask the same question you're asking and might get an answer more quickly

Oh wow I didn't know you could do that. Thanks 😊

@inner elm thanks

Gave +1 Rep to @inner elm

Thanks! This answered a question for me too

I'll also say my days are spent in meetings / on calls, doing visio diagrams and various documentation

hi all, just wondering if there's anyone here mixing geopolitical analysis and cyber? I ask because the former is my strength and though I'm working on my cyber skills, I wonder what kind of job one could do with that mixture

also assuming it will take a while before I can claim I am competent at any level in the cyber field

Visio is the best. 😄

You mean something like this?
https://www.indeed.com/m/viewjob?jk=6bccd3ab0e9b00db&from=serp&prevUrl=https%3A%2F%2Fwww.indeed.com%2Fm%2Fjobs%3Fq%3DGeopolitics%26l%3Dworldwide

https://shehackspurple.ca/2022/01/01/jobs-in-information-security-infosec/

good post on a large number of different roles in security!

It sounds like it could align with a few CIA intel/threat analysis jobs and maybe some stuff on intelligencecareers.gov as well. Plenty of private sector places doing similar things everywhere if that's not an option. Does your prior work not give you any contacts in need of a crosstrained tech/analyst?

Cheers ❤️. Many thanks

Gave +1 Rep to @pseudo creek

Cyber Law and policy is definitely a thing. Usually, during cyber incidents, you either have people on the law side, or the computer/infrastructure side, but very few actually straddle both fields.

I can't speak to it as much as I'd like to because I've only ever done it competitively as part of the Atlantic Council's Cyber 9/12 competitions, but maybe you can find something here:
https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/

If you're a student (graduate or undergraduate), I recommend trying a competition out if you have the resources to. If not, then that's as far as my experience goes.

Is dice a good place to attempt to find an entry level help desk IT job in my area?

Is that what your geographic area uses the most? I would look where employers are most likely to post listings in your area

I believe so, I'm not too sure, I should attend more tech conferences for more information in my area

In the US, LinkedIn and Indeed have a fairly dominant hold. There are some boards that are more tech centric

Indeed is a really good source, I found out about dice through google jobs tho, it's a nice layout of a site

But entry is more than likely to be on the main boards

thank you 😄

Gave +1 Rep to @stoic cave

there ya go!! +1

You're welcome

what are some infosec careers that have a pretty heavy hand in helping others? I know tracelabs exists, but I'm curious if anyone has an opinion/ view on different areas of infosec that are really involved in this aspect

I'd think anything in these sectors would be important in helping people: https://www.cisa.gov/critical-infrastructure-sectors

we work with cisa on a semi-regular basis, can confirm. CISA provides awesome services.

you might even say they are critical to the security, economics, public health or safety, or any combination thereof

Hm yeah makes sense. Thanks for the link

Anything that involves ISAC (Information Sharing and Analysis Centers) is going to be very community oriented. Same with any role that involves threat intel.

Ah cool, I'll certainly look more into those. Thanks for spelling out the acronym lmfao

Gave +1 Rep to @languid hearth

CISA is one of few government agencies that is actually on top of things from what I've seen and studied

Established in 2018 I believe

I don't know if any other gov agency was involved but it broke off of DHS, which was doing that previously

Thanks for responding. Indeed that is one attractive place to look for a job but, unfortunately for me, I am not a US citizen. I've seen lots of opening that vaguely would need you to have that kind of understanding (politics/sociology) or a PoliSci degree but almost if not all of them need you to have clearance or be eligible for one which in turn...And as to my job's contacts/career opportunities, also unfortunately no. I work at a place where most people can only think of cyberattacks in terms of the US 2016 elections or ransomware, so little opportunity to be got there

Gave +1 Rep to @static heron

Thanks for the feedback. That's definitely one angle I'm gonna explore. Somehow I didn't think of the law side which is where I could have some 'natural' advantage. Definitely going to dig into the ACC...at least it would give me a good idea of what a compettive profile looks like at the end! thanks a lot!

Kinda. I almost always get no reply after applying to this sort of vacancies and I presume that's because I have limited professional experience using CTI. The one time a credential got my foot in the door, the assignment was highly technical and less analytical. If I may, did the profile I mention sound common in your experience -at least in the US job market?

From what I know, I'd second that take on CI. I've been following this unicorn start-up called Dragos and their growth seems to be exponential. They focus on that partical sector

If I'm understanding what you're looking for correctly that field is typically manned by individuals who have government or military experience and have moved on to the civilian sector or have gotten involved through academia

man dealing with those line-arrows is such a PITA....

yeah, that's what I meant...makes sense too!

Flow diagrams. Go with the Flow. 😄 When you become a Visio Jedi, you become one with the Flow.

I have no idea what to even apply to anymore. I have A+, Net+, CCNA+ maybe I should get Sec or something else

Hey all, looking for some advice. I graduated with an engineering degree but quickly moved into tech. I worked as a SWE and now as a kind of product manager, but I want to move into more IT/cyber security

I just acquired my TS/SCI through the military and was hoping that would make me a solid candidate buuut I have no certs or anything so I’m not sure where to start

My ideal role is likely something DevSecOps

@stoic cave @vital laurel What are those jobsites for those with tickets? I can never remember

https://www.usajobs.gov/
https://apply.intelligencecareers.gov/home

For cleared work?

LinkedIn is actually pretty popular, USAJobs as spooks just mentioned, and then Clearancejobs

Yeah I’ve been using clearancejobs but tbh I don’t feel like I’m super qualified for stuff outside of the clearance

Intelligence Careers is NSA specific afaik

nsa best three letter

A lot of times the Federal agencies will post the openings on their websites with links on where they want you to apply

A few are internal but most are USAJobs

Would it be better following some of the paths with tryhackme or just going for a cert?

Then Clearancejobs and LinkedIn are popular with federal contractors

certification will likely help more

DOD 8570

https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

Sorry spooks, I didn't know you were public sector

I didn't have any certs when I started though so it's not an absolute must

I'm private, want to go into public later down the line

we're heavily regulated by the public sector though

Certainly helps though

Security+ is probably your golden ticket though

Degree, TS/SCI, and an 8570 cert would make you a super easy hire

if my team lead didn't bail shortly after getting clearance I'd probably have it by now ;-;

Don't worry about that honestly. Apply to the entry level jobs, the worst they can say is no

Are you poly as well?

Man, the people at clearance jobs who called me had to do everything themselves, no remote session, couldn't hardly say anything about the issue half the time, they were pretty much just calling to get the manual and whatever material I could think of that was tangentially related

Not poly

have you noticed many differences in work opportunities for those who do have poly vs those who don't?

HI I'm applying to internships with little luck and I was hoping I could get some input on my resume. I'm not yet at the stage where I have anything special or impressive but I'd appreciate any suggestions.

I'd put projects at the end under awards personally but other than that it looks good

Also don't limit yourself to cyber internships if that's what you're doing. I took an IT internship when I was in college

appreciate it

Yeah I'm applying to IT + software eng too, casting a very wide net hoping that I get something lol

You're applying which is what matters. I didn't really start hearing back until March so just keep on applying

gotcha

Hi, I need some more advice. Amazon is recruiting me for an IT Support Engineer Internship. I’m currently an intern for another large organization, but they’re promoting me to a Jr role and extending my contract. When is a good time to tell Amazon that to try and leverage my way into more pay + a Jr role with them? My final goal is to stay with my current company (I like them a lot) but to try and use this Amazon recruiting thing to get more pay with the promotion

First, did Amazon provide a signed offer. If they did, you can bring that your current company and say "Another company has extended an offer and I'm considering taking it. I would like to stay with you guys though. Is there a possibility we could renegotiate my contract to match or improve what they are offering?" I would be prepared for some pushback and outright denial to call your bluff. If that's the case, I would heavily consider departing for Amazon

I would tell them you currently have a better offer than theirs, and you'd like to work for them - but your requirements have changed

Juun will more than likely know what to say better than I

Be careful about playing these money games, its very easy to hurt yourself and the trust you have with your company. I have known managers that will cut people loose the moment they play the game

Yeah, that's an unfortunate reality

"So another company has made me an offer, and I am finding it very hard to say no because of the pay. I would love to stay here, but I can't with the offer they have made. If you can get close, I would prefer to stay"

But be prepared to walk out the door when you do that

No they haven’t given me an offer yet, I’m about to schedule an interview. Should I try to leverage my promotion to try and have the interview be for a Jr role instead of an internship? Does the distinction matter? Or should I just try and get the offer for the internship first and then go from there?

And okay that makes sense, I’ll be careful. I don’t want my current place to wanna boot me for that lol

I think you're getting ahead of yourself, personally

Okay, I’ll just get the offer and then go from there

Thank you guys

I appreciate the insight

Yeah. Do not rush into asking for more when just interviewing.

You don't have an offer, which means you have zero leverage and nothing to fall back on. On top of that, I don't think it would be smart to try and get more out of Amazon because their internship programs are super competitive

Really?

They'll just drop you from the pile

Damn yea then I’ll just focus on landing the internship lol

Yea wont even try and get more from them then

Yeah, don't try to shoehorn an internship into a jr role. That's going to change things pretty significantly. If you aren't interested in amazon, just don't do the interview

I mean I am, it’s Amazon. My company is great and in a very profitable sector, but it’s not Amazon lol

Amazon or other big tech company interview processes can be stressing.

Amzon leverages that respect you have to treat you bad

Look up their hiring/firing practices before going there

I wouldn't work for amazon or google, regardless of the prestige

They could offer me a really good 6 figure salary tomorrow and I would turn it down

Due to the hiring/firing practices, or something else?

Jeez it’s that bad???

Ethics for me

Yes to all of it. One of my cohort from undergrad is currently a SWE at amazon, others I know have been devs at google. The stories they tell over a beer or two is enough for me

I turned down a facebook interview request for that reason. The job would probably have been interesting.

Malicious compliance would be the very least of my efforts working for those companies, I know I wouldn't be able to help myself

Lol

Good to know. I know at like lower levels in warehouses it’s complete garbo. Didn’t know it was bad all over

why in the lord's name does CyberArk have an AD auditing tool

jesus

You can usually judge a company by how they treat their lowest level employees

woops wrong chat

we just got a dev from amazon, very nice and knowledgeable guy but def wanna hear the dirt

does Amazon pay their interns more than minimum wage?

he talked a bit about they build everything in house which is pretty cool but also somewhat a nightmare

Cuz if they don’t then no reason for me to even apply, even for leverage

And it sounds like they’d pay minimum, lol

Most tech internships pay above minimum wage. That shouldn't even be a part of the conversation.

Oh sweet okay

That being said: The interview process can be a good learning experience. And stressing as hell.

I do love stress

/s

I ended up on the phone with AWS support because 2FA was failing (read: I was using the wrong password and their error messages are not great) and she sounded wiped out just sayin' ;o

every time she took me off hold she'd be taking a deep breath lol, sounded like me at the call center at the end of a shift that started with a hangover

**OFF TOPIC: **fellas, is it weird to message a recruiting manager introducing yourself on LinkedIn? I think I found the Tesla Recruiting Manager on LinkedIn and I was watching a video saying it'd be good to call in a say Hi and let them know that I applied but they don't have a public phone number or anything anywhere

I wouldn't personally

Cold calling is a good way to get blocked even if they are in a "public" position

Recruiting manager = not a recruiter (anymore) = you just get passed off to one of his people and spend some time making yourself look like you might not understand the org chart (or you're going to jump the chain of command a lot)

If you find a recruiter and especially if they're the one who's been posting job ads in the past (I'm told you can see this on LI sometimes but I haven't yet) then it would make sense to pitch some ideas about what you can do there

If it's Ryan's post saying he's hiring and asking if anyone knows someone who'd be interested, then he'll be looking for people who want jobs recruiting people for Tesla residential solar

guys, I'm a planner by nature....what would you say is the best environment/company to do offensive security?

My current job will see me dealing with compliance, risk and everything blue team so I wish my next step to be on the other side (Thinking in 1.5/2 years. Immediate next step is to do the PNPT training and take the exam)

(coincidentally the same applies to people and how they behave in public!)

in offensive security it's very much take what position is offered to you - don't say you want to work for Intel as a penetration tester

do say you want to work as a penetration tester

my big chunk of advice is you never know how mature a companies pentest/red team is, they might be just starting out, or might have been around for 10+ years. Try to find that out sooner rather than later.

Gotcha. Thanks! I don't really want to get stuck with clients that don't care about the off sec service they are buying

Gave +1 Rep to @languid hearth

sorry I have a question, if i finish THM pentesting path, am I ready to entry in world job?

prob not 🙂

but you are on your way, it really depends on a number of things

I would look at entry level job listings in your area, see what they are asking for and see if you meet the qualifications, if not, start working towards them

Anyone have a good template for a cover letter?

I think awesome CV has an example cover letter? If not, I can DM you one of mine

I'm seeing a few examples but im just not sure if they're really good examples per se, I've never had to do a cover letter before. I'd really appreciate a dm if it's not too much :)

Not a problem. I'll see if I have any on my phone and if not I'll hop over to my computer in a bit

Sent you a friend request because it didn't want to send my message

Oops

I hate cover letters because the one I always used had to be specialized for every single place I applied to

Well yeah, that's really the point, it should be a curated tour through the parts of your skills and experience that are relevant to that position, and why you want to work at that company / what you can do/solve for them and what it means for your intended path or sense of purpose or whatever. It can't be the same unless you're just using to say "Hi I want a job and I think I'd be a good fit, I can solve problems, see the big picture outside the box, and function on a team please find resume attached"

Which I think can sound redundant since it's kind of what you do with the resume, except you get to be more verbose and qualitative about it

That's true. It does give motivation to apply to only the jobs you really want though which I think is a double edged sword. My current job I didn't cater and just had a generic but wasn't really interested in the position. After going through the first interview awhile back and getting to know the company and what I would be doing it changed my perspective. I ultimately ended up spear heading the next 2 interviews and pushed to get in

i am looking for cybersecurity job...... basically penetration testing

can anyone help or refer

location/experience?

current location - India and experience - 6 months as bug bounty hunter and 7-8 months as penetraion tester at craw security , Delhi

can relocate

best bet is to use LinkedIn and try to make connections there

just did, but no luck

we don't see a lot of requests here for people in India, but you can keep an eye on the #jobs-board

no i can relocate even if its outside india

but thanx anyways

Any certificates?

@edgy tiger no bro

I do think it will be extremely hard to find a position especially as a pentester, maybe try to find a sysadmin role or something similar to build more experience?

Or you need to have a huge list of bugs you have found and wrote blog posts etc about it.

I am not even getting to a point where i can get a interview call...... Maybe i am not being shortlisted or some other issue...... Van use some helping hand

I think 7-8 months as a pentester sets you up quite well to be a pentester.

But international hiring is often messy

I even have rces ,sql injection in my bug bounty achievements..... But still facing some issues

Ya thats why i am frustrated as no one is showing intrest

Then you should go back to the drawing board and reviewing your CV, motivation letter etc.

If its not too much to ask can you just finds some mistakes in my resume...... I'll be more than happy

Hi

hey what do you people think a good entry level cert be for penetration testing be? (im sure the most common question in this room). i was studying for my pentest+ but when looking at job offers on linked i didn't see it that much..i saw more ceh or oscp but those seem like big dog certs?

So you have to remember entry level could have two meanings.
Entry to the workplace, or entry as in learning the field.

OSCP is entry to the workplace.

so certs that are entry into the field are just a building block to eventually lead someone to the OSCP to get the job?

Also IMO avoid CEH outside India.

No, it's not like OSCP is mandatory

i understand that but if that's the bottom line..whats the point of the pentest+

It checks DoD 8570 same as CEH does ¯_(ツ)_/¯

and less than half the price

Exactly

but noone is talking about it.

as in, it isn't on any job openings

I ain't in the US

it is still one of the newer certs, give it time

The DoD 8570 approval was even more recent too

PT+ offiiclaly released mid-year last year, it'll take a bit of time for word of it to spread and be recognized by industry

basically how certs get on a job listing? Team member gets cert, socializes that out, manager asks for recommendations on what should go on job listing... team member puts cert.... OR Team member gets cert, becomes manager, puts on job listing

ahh

not always but word of mouth is usually how certs get on job listings

Or customer requires something.

i also dont assume 'this one thing will get the job'

yeah its not just one thing

especially for a noob i figured other certifications more specialized in the field..burp,linux,etc

Eh, I wouldn't say those are so recognised

linux certs are mostly useless unless you are a Linux admin

burp isn't recognized, think that is really new? but burp knowledge is good

yeah i figured it just showed interest or ability

I'd argue your knowledge and skills are more important than a bit of paper saying you have those. Hopefully you'd get a change to demonstrate them.

like chess club after school

yeah but I wouldn't spend time on a Linux cert (hardly anyone does...)

Network+, Security+, OSCP are generally good if you are in the US if you are looking for a cert path

sec+ as opposed to pentest+ ?

oscp seems more in the trenches, but its twice the price as some others

if you are trying to get your foot in the door, its good, if you have time, you could do pentest+

Sec+ is a wide foundational security cert that's applicable to a lot of different roles.

what do you mean "in the trenches"? because... thats pretty basic stuff for pentesting

Certs are an investment and ideally you should see them like an investment

thats what i mean..more hands on work

and well recognized, its costly but good idea is to get security+, get a cyber job, try to get an employer to pay for OSCP

Sinking $1200 now, is that going to get you an ROI?

pentesting is hands on though

yes i'm agreeing with you. it seems more apt at testing your ability than the others

There is some risk related stuff there, but largely that'll be left to the client.
Understanding business risk and security from a slightly more formal rather than practical perspective is useful IMo

oh also https://www.cisa.gov/uscert/ics/Training-Available-Through-ICS-CERT

cisa is having free ics training if anyone is interested in industrial controls

Might be worth copying that to #resources as well

Hello guys, i have some problem with the factor of CEH and OSCP 😦

@latent kettle you could read up this conversation we just had or TLDR; CEH for India, OSCP for everywhere else

unless you have a specific question

speak of the devil and he shall appear

its an OSCP/CEH morning apparently

Someone needs to put together a FAQ on it

do you think it'd be read? I looked at the pins and didn't see anything but yes, a FAQ say "read this"

I'm reading now

or a mandatory straight up noob rooms with questions about all that

its all fine here but yeah we should / can put together a quick FAQ on it

Cyber/IT certs and applicability -
CEH - Cert highly recognized and valued in India, not useful elsewhere. Not good for learning.

OSCP - Cert highly recognized, useful for entry level pentester positions in multiple countries including US, UK, Europe and others. Good for learning.

PNPT - Not highly recognized but those that are aware of it would recognize the value. May not help pass HR filters. Good for learning.

CRTO - One of the few certs to cover "Red Team" vs Penetration Testing and those that take it, have spoken highly of it as a learning resource. May not help pass HR filters.

Pentest+ - Not highly recognized, yet but Comptia is a well recognized company. In the US, meets the DoD 8570 requirement so can be useful working for companies that perform work on behalf of the US government. Possibly useful in passing HR filter in the future.

eJPT - Not highly recognized but good for learning the basics needed for pentesting. Useful for showing interest on resume but may not help pass HR filters.

eCCPT - Not highly recognized but those that are aware of it would the value. Good for learning. May not help pass HR filters.

Security+ - Cert highly recognized, useful for entry level cyber security positions

Network+ - Cert highly recognized, useful for entry level network administrator positions

CCNA - Cert highly recognized, useful for entry level network administrator positions. More valuable than Network+ in many countries.

CISSP - Cert highly recognized, requires years of Cyber experience, useful for mid level positions in the United States, useful for managerial positions elsewhere

might have to make into a blog article or something at some point

I'd add a line on at the end saying that certs don't only have HR value. Something like PNPT is good for the knowledge. Same with CRTO

ahh

thank you so much 😍😍

Gave +1 Rep to @pseudo creek

found this medium write up about the oscp https://medium.com/@galolbardes/passing-the-oscp-while-working-full-time-29cb22d622e0 ..yep gonna need a few more months..before i can even get ready to start studying for

lots of people download the syllabus and go topic by topic

Yeah I do that and I work full time + more

Means when u come to going through the PDF you're a lot more clued up and you'll have more time in their labs.

Also IIRC their Kali course is free? (but the exam isn't)
The first section of the PDF aligns quite closely with the Kali course

yeah their kali course is free but I couldn't find it last time I looked

they seem to have hid the link once it became part of learn1/unlimited

https://kali.training/ Behind a signup wall now but free

ahh ok, yeah I wasn't sure, you now have to signup at portal.offensive-security.org

wow that's a great resource!

ahh but i assume the KLR cert does nothing either haha

Yeah don't go for the exam

Just the learning

KLCP hasn't gained any traction, but free is free.

Education is always good.

i agree

that's why i was gonna take the linux course from linux..just to get better at linux commands

i'm trying to get the grep king

regex101.com great tool for testing/learning RegEx

bookmarking as we speak

I use regexr for testing

Oh, I like that interface more. I'll have to play around with it.

Can anyone lend me some advice I'm trying to get a remote role more in security or honestly anything outside of help desk. I have the CCNA, A+, Net+ Any advice on what roles or skills I should learn or roles I should apply for?

maybe try as a network admin/engineer

also SOC analyst, but network admin/engineer would be solid

and always check with job listings to see what they are asking for or just go to a job site and search for jobs listing CCNA and see what pops up

Cyber/IT certs (continued) and other related topics
Anything SANS - SANS is expensive but if you can get your employer to pay for it, go for it. If your employer offers tuition assistance, SANS also has an undergraduate degree, undergraduate certificate, graduate degree and graduate certificate. SANS certs are thought of highly and the courses are overall really good.

Cloud Certs - A number of useful certs can show interest and knowledge in cloud. Azure Fundamentals (Az-900) and AWS Cloud practitioner are good, quick exams to get your feet wet. AWS Solution Architect Associate and Azure Administrator (Az-104) take more time but are useful for jobs that require more cloud knowledge. Overall, cloud is good to learn.

Linux certs - Generic because there are a few including Red Hat. Useful primarily for Linux admins. Mostly a waste of time for those with focus on jobs in Cyber security. Good to learn Linux, not necessary to get cert.

Master degrees - Master degrees are generally used to advance in an already career and are a poor way to break into Cyber. They can also sometimes provide a disadvantage. If you are having trouble getting an entry level job and have a Masters, take the Masters off your resume. In the US, Master degrees are mostly similar across the board (except for SANS and maybe a few others) and are Cyber management focused.

zojja what a great list! Thanks for the info.

Do you guys know of any masters for cyber sec focused on the technical aspect? So far I've got:

-Tal Tech (You can choose operations or crypto focus instead of management/risk)
-Ben-Gurion
-ITMO
-University of Helsinki
-Carnegie Mellon
-USNA (Only US nationals and looks to have some cool stuff)

Start looking for Cloud Analyst/Engineering JR positions. The companies looking to fill in these positions should already be working remote.
If you already have the networking experience and CCNA knowledge, getting into cloud networking should be trivial for you.
You could start off by doing Cantrill's SAA course to get a good grasp on how cloud works. If you complete it 100% and do all labs, you should already have a good AWS security base (Given that many topics seen in the AWS sec specialization are taught in his SAA course)

SANS has technical aspects although also managerial

but with SANS you also get technical certs

looks like a good deal

I am getting my master’s of science in cyber security at university of Missouri St. Louis. There is a comp sci path and an information systems path

Emphasis*

quick perusal, it seems similar to a lot of the other managerial ones even the comp sci track. Is there a lot of hands on technical work?

I did the info systems route because my undergrad wasn’t comp sci.

I mean looking at the courses I see a lot "discussion about..."

But there were a lot of labs

I’m not sure what you mean by technical

The only business class I took was project management. Which I did not like lol

technical meaning lots of hands on stuff, projects, vs writing papers

like if you look at the CMU degree, you'll see the courses mention lab work, hands on

Yeah not many papers and no thesis

so what type of projects did you have?

We had labs almost weekly (hands on) in most classes

what were you graded on though?

Graded on successful execution of lab, discussion posts and sometimes quizzes and finals

like my MS in Cyber Security was a 'non-technical' masters, mostly managerial, we had labs but they were to explore various topics, Cryptography was really our only true technical, technical class

What is your undergrad in?

Comp Sci

I'd expect technical projects as part of a more technical masters,

What are your concerns?

none, just that in the US, lots of the cyber degrees are more focused on those going into management, think 4d4143 is trying to collect the more technical masters programs, which are rarer

partly because the NSA partnered with a lot of universities to design Cyber Masters in the US and they went for more of a managerial slant and even those universities not partnered with them, went the same way... it basically makes a Cyber Masters good for those that want to get into management, not so good for those that are entry level

Management usually touches on everything in cyber security anyways.

That’s not true..

but it is

You can def get into entry level with masters

In the US, it can be very, very difficult without experience

I used to work with a lot of entry level cyber folks, basically we had them take their Masters off their resumes and they started getting interviews and jobs

I mean if you did, kudos, but that doesn't seem to be the overall experience

There’s a difference in masters of art and science as well

I feel like you are over generalizing. Sounds like the masters you got wasn’t helpful.

and there is the overall discussion of whether a masters as all is worth it.. technology is changing quickly and generally degree programs are teaching classes built 5 years ago... sometimes certs in various technologies do better than a masters

Masters is higher tier than bachelors

nah my masters was fine, but I got my masters after I was already in cyber and I have 0 plans to go into management

I don’t understand your logic tbh

I'm talking about MS in Cyber...

but I really didn't know better overall at the time, it was many years ago

I wouldn’t think a bachelors in comp sci is the same as bachelors in cyber either

Hey guys, Im starting school on Monday for Cyber Security. Ive been thinking for about two years now about making this move, and im really excited to start. My ideal job is to eventually manage a team, making sure goals and deadlines are met, while taking care of the paperwork and upper management. Is there a specific job title for this?

I have a natural sense of leadership, and im very good at communicating.

I'm not talking about bachelors... generally in cyber, what you get your bachelors in is less important than the fact you got one...

Manager? Cyber security manager?

there are also things like Manager, Senior manager (manager of many managers), Director (has multiple Senior managers under them), CISO (has multiple directors under them)

Definitely Cyber Security Manager.

I think im asking the question, knowing the answer, hoping to find a gem of information that im not aware of.

Will look further into the other roles though! Thanks

remember, Cyber is huge, you can be a manager of various areas, if you want to go into management, you might want to look at Governance, Risk and Compliance (GRC for short), look at certs like CISA

but if you decide you like application security for example... you could be a Cyber security manager for a group that does application security

That was my next question, about pathways and things I need to focus on while im in school.

You are awesome.

good luck

I have a question if my goal is to become a Sys-Admin will anything on THM help with that? If so what pathways will help or is there anything like THM that will help with that?

THM does have some "Blue Team" Content. You're more than likely going to need to use other resources though as well as learning on the job @stable walrus

Do you know of anything else besides THM for this purpose?

Getting Systems Administration experience starts with getting a job on a help desk

and working your way up

Homelabs are another way of self-learning but dont count as professional experience

If you're in college, see what clubs may be available as well

thanks a lot

Gave +1 Rep to @stoic cave

not a problem

if there isnt a club, see if you can start it yourself

Talk to an advisor to sponsor and also IT to see if they would mind shadows and students learning from them

Most of the IT at my University was student led

1. Is this a weird thing to request
2. Normally they send an automatic reply within a minute but I haven't received one and it's been over 15 minutes, is it safe to assume they didn't receive it and I should resend at a later time?

I wouldn't send them multiple emails rapidly

comes off as not having everything together I feel

I'll wait a few days then

Problem is they said they'd invite for an on-site assessment, and I'd rather have it changed before then

Not sure when I'd get the invite tho

I'd give people 24 hours minimum to respond to a non-emergency mail (so like all of it I guess lol), if you're replying to an existing thread maybe that's why? Or maybe it sends the canned reply when they acknowledge it in whatever kind of overwrought candidate management system they're using these days 😛

If you have anyone's [anyone appropriate/relevant/involved] number or direct email I don't think it would be unreasonable to follow up in a day if there's not a lot of time, but if you can wait 2-3 that sounds fine to me for sure

@teal lion I hope you don't mind but, I wouldn't send that email at all, IMO. You don't want to be seen as having 'lack of forethought' or however it might come across.

Also if I have zero experience but have certs such as (CCNA,NET+,A...etc) should I just start with helpdesk

I have no certs and am a sys eng lol

helpdesk is for people like me who skipped school and certs to get a foot in the door and work their way up

you should be good to go for whatever you want

@teal lion wait tho is this directly with an employer or are you talking to a gov. employed advisor for the apprenticeship thing? I'm not very familiar with it but unless you've been talking about this most people are probably assuming you're talking to HR at a private employer

"Founded <university> LUG" is an item I'd jump at the chance to take for my resume lol

yup, this is how i moved up. started on helpdesk, 60k in raises later and 3 job moves has me in a cozy security job

still looking to get some new certs and move after a year here

I don't even know if I want a job in security lol

McSkidy went through hell this xmas

log4j had my team in cahoots

I was thinking the same but ended up sending it anyway, the truth is I didn't even see the other position when I applied 💀 so it's slightly worse

I'm speaking to the employer directly, afaik you don't really speak to any government advisors when it comes to apprenticeships, it's like applying for a normal job

Think I need to have some experience to do anything. But thanks I'll just start applying and see what happens

Gave +1 Rep to @smoky slate

I’m looking for a Junior Cybersecurity Analyst position in DMV on-site or remote. I have less than 1 year experience using SIEM solutions and EDR tools e.g IBM Qradar, Crowdstrike, Proofpoint, SentinelOne, Splunk ES, Tenable io. Jira and Resilient ticketing as well. I’m CompTIA Security+ Certified. I will be happy if a recruiter will give me a shot. I’m open to learn as well. Thank you all

just wondering but what position are you currently at Flex

Hey guys im looking at a position as a Junior pentester at a uk firm, they mention demonstrating the ability to obtain SC (security clearance) or higher. I'm a bit worried about this since i have a history of mental health difficulties. Does anyone have any experience with this sort of thing?

SC is probably not going to care. DV might.

https://www.gov.uk/guidance/myths-and-misconceptions-about-the-security-vetting-process - they're replacing this doc but here

You're quite unlikely to even get interviewed

oh nice!

thanks a lot man

There will be a big form to fill out. Criminal record would be the real problem. Medical stuff is private and not relevant

good to hear thanks man 🙂

Everything Alces said are excellent points. You should also consider trying to specialize from the go in one OS. There are jobs out there demanding knowledge of only everything Microsoft while others want you to focus on Linux (RedHat, SUSE, Ubuntu, etc.). In my personal experience, playing and learning Linux is far easier. For some reason it's more friendly to learn and experiment with (For me)

thanks

Gave +1 Rep to @twilit arrow

They definitely don't look into mental health issues, I'll say that much.
Or, if they do, they don't care. You'd need to declare any health conditions that could affect the SC though iirc (e.g. Schizophrenia)

This probably a very loaded question. But I'm not sure if I'm interested in Networking or Security. Anywhere I can look that goes into this? The different roles in security and networking? I know the two intermingle a lot

There are lots of specific roles for firewall security, AWS Security, Azure security. Networking is becoming more and more cloud centric.
You can even look for IT network engineer or security network engineer positions sometimes have that mix of skills.

Ok so I'm in high school and I wanted to get a pentesting job without going to college. I'm on tryhackme and is there a way I could add online certifications and courses to my resume and get the same job as someone with CEH?

Because if I completed tryhackme and hackthebox plus I did python would employers be willing to give me a try?

Not to burst your bubble, but Pentesting is not an entry level position. It's a very niche occupation within the Cyber Security field which itself is also not an entry level area typically. With a degree you may be able to break into Cyber off the bat but it's not guaranteed. Furthermore, I'm not sure what you're asking about the THM on the resume but in this case I'm going to assume that you're asking if you can put it on the resume as experience. In short, no. To expand, THM and other cites like it are extracurricular activities to expand your knowledge. They do not qualify as professional experience and with that should be put in an Extracurricular category or a projects category on the resume. Things like CEH, Security+, OSCP, would go into a Certifications category as industry vendors can verify that you are knowledgeable on the material as you have taken a proctored exam.

All of the above being said, it does not mean there is no path to pentesting. It may just take a little longer. There are a number of paths where you could start out and get base experience and work your way up the ladder so to say. Helpdesk, Junior Administrator, Telco, etc

Yeah, I was applying for a Junior pentesting position and they are mainly interested in certs and whether you've done stuff like HackTheBox or TryHackMe in your spare time. Stuff to prove you have an interest or knowledge of pentesting. A degree gets you noticed, but you'll need more to through the door.

So like I should also get CEH but could I put THM and stuff on my resume as extra or something?

Also is THM good for learning bug bounty?

If you don't mind me asking, what country are you in?

America

Outside of India, CEH isn't exactly wanted except to check boxes

So you'd be better off with OSCP

I know in the UK they are interested in CHECK and CREST

Yeah i updated it

hit up the website, go to the search bar, type bug bounty and you'll see NahamStore, a medium room labeled with the basics of bug bounty hunting and web application hacking

This current associate's thing I've applied for asked me to do a bunch of tasks on their pre-configured system and to produce a writeup

I think once you get the hang of pentesting, It wouldn't hurt to make your own writeups, detailing how found the vulnerabilities and how you would go about fixing them on like a public blog

Shows you can apply the skills you've learnt and that you can document the process, which is a big part of any testing

Yeaaaaaah, considering CEH is a literal meme, avoid it unless HR insist in your area

Then work from within to change that policy, because by all accounts it is utter crap

Some companies want you to have CEH tho

Like DoD

Although I'm not sure what other companies require

OSCP?

Exactly. Get it if HR insist, but from a learning perspective it's crap. Effectively a case of: read the material, pass the exam, get the bit of paper, then promptly forget it all because it's mostly outdated or incorrect anyway 🤷‍♂️

OSCP is much more widely recognised anywhere that isn't US Government or India. It also has the advantage of actually being useful for learning at an entry level.

Exactly. Right now I got a few years till I'm 18 and on my own so right now I'm focusing on actually learning stuff rather then getting a certifications

Like I wanna try bug bounties and get paid in Bitcoin

Evaluate what you need from the cert. If you already have the information and jobs in your area need a certain cert, go for that cert. If you just want to learn, prioritise the useful certs

Oh Lord

And learn python

High level programming languages are fun but I feel like they don't let you interact with the machine

But u spoke with a bunch of hacker guys at this event and they all said to learn python because companies love to see that

Since you can code shocker scripts in python

Scripting is more useful for most simple pentesting things than programming is, so, yes

I still jump to Python for most quick scripts 🤷‍♂️

Yeah

Absolutely not true. There are a lot of robotics projects that are written in python for the control code.

I like pythons capibilities for wifi and socket programming

Yeah ik

Arduino

Good for GPIO programming on embedded devices too for that matter

Yeah, and microcontrollers

Although I just learned about bug bounties so I want to learn JavaScript since most bounties are wep applications I think

IMO mBed is more popular than python for MCUs, but academia and learning is a very different world than 'real' mechatronics engineering

Web

Web and mobile, generally, aye

academia and learning is a very different world than 'real' mechatronics engineering
True that 😦

I don't know any java tho so I'm not any good in Android applications

I know python and I've had experience with the C programming language

As well as html

Don't get caught up on the languages you know -- they're all just a means to an end anyway

The important thing is programmatical thought constructs -- the ability to follow a flow of logic and "think like a computer"

Once you have that, languages are just syntax

Exactly!!! I found it very alarming how similar different languages were other then syntax

Like c and python both have the same socket functions and stuff

I mean, the concept of a socket is the same regardless of language -- it's a construct in its own right, just with different implementations in different languages

Different things to connect to as well, for that matter -- they don't just do the TCP/IP stack

Yeah

I like learning python but it's hard to find python tutorials specifically for hacking

Like I get you can learn regular python but it's harder for me to learn the math stuff

Because why would they exist?

What is "hacking" anyway?

Well there is black hat python

And people write python scripts all the time for hacking

Programming languages exist to solve problems. When you understand the language you can apply it to problems to find solutions -- including for hacking

Yeah but idk for me python is becoming really hard

Like complex arrays and stuff

And I'm bad at math so

i.e. don't get caught up on "hacking". It's not some mythical thing to strive for.
"Hacking" is just the curiosity mindset. The thought process of: "Oh, this looks fun, what happens if I do this...". Poking things to see how they react.

I love playing with conouters

Computers

I think that's why I got into hacking

Just making computers do things they aren't supposed ti

To

Focus on foundations. Focus on understanding how tech works. Focus on figuring out how things fit together. Then see about getting it to break.
A hacker is just a master of all trades 🤷‍♂️

That's the spirit

Do you think I should learn hacking directly like tutorials and courses or go for programming and learning machines first

Go for what interests you 🤷‍♂️
A lot of people jump straight to exploiting stuff (i.e. "hacking" courses and tutorials) but without the foundations they'll never be as strong as they otherwise could be. Hence why things like the THM Pre-Security pathway exist.

Yeah I went to tryhackme but took the cyber course first

It's good stuff

And I need to learn networking better

Although I learned that s lit

TCP/IP OSI etc etc

I just dream of doing and learning stuff and getting my dream job without a long time in college

I just got excited

To learn fast

Put it this way though. My first year of university (on a degree that is literally a BSc (Hons) Ethical hacking degree) was two C++ programming modules, a computer architecture module, an introduction to security concepts (non technically) module, an introductory networking module, and one elective

C++ ?

Hmmm

Note that, despite the degree emphasis on offensive security, all of that is foundational stuff -- the kind of thing you'd see on a general computer science degree

It's important, and pays dividends to know

I guess they wanted you to learn low level languages first

Well I gtg for tonight I'll see you guys tomorrow

Also I got a raapberri pi

Model 4

Raspberry

No, they wanted us to know A language first -- programmatical thought matters, syntax does not

👋

Networking does mean a lot in this industry, that's for sure

You're telling me -- I've got a fricken' conference to organise around it

Stick around communities like this and meet people. Hackers thrive online -- it's genuinely one of the best ways to meet people, especially during COVID

Everyone here is here because they're passionate about it, and there are plenty of recruiters / high-fliers to boot

Infosec Prep is a good one.
Offsec seems to developing into a really well-rounded infosec base now as well, although it is largely run by the same Infosec Prep folks
John Hammond's community is always lovely.

Laptop Hacking Coffee is another of the traditional ones, but I've not spent much time there personally.

The Many Hats Club is dead now unfortunately, or that would have been good as well

Np 🙂

Well I just popped back on for a sec but in order to learn networking I recommend you start at the physical level

Look at it router and understand how your computer and devices are connected

To the internet

And then go from there

Learn the OSI model

And methods of device communication like TCP/IP

And learn about packet

Packets

So you know how data is sent

The science elf made great videos on the internet and networking

Not that kind of networking

The social kind of networking

i.e. meeting new people. Building contacts

hi

gm

No offense, but what if you are just bad at interviews?

It's really not. Networking just helps.

I don't know you from Adam, but one possibility is that you might need to develop your soft skills.

Wow

Is assembly language good to learn?

Because I heard people code Trojans with assembly language and it's really good for that stuff

Not really.
You'd largely write in C, C++, C# etc.

Is there any point in getting AWS if I have zero experience?

AWS account or one of the AWS certs?

One of the certs

AWS Certified Cloud Practitioner
AWS Certified Developer Associate
AWS Certified Solutions Architect - Associate

Look at job postings you plan to apply to and see if they require any?
I'd also recommend making an aws account as a playground. You get a bunch of services free for 12 months but be careful when adding services. Some add ons will not be free.
I initially learned by just creating a free account and playing around.

Ok thanks

What are some remote roles to apply for with the Net+ A+ CCNA? I've been applying to random things but haven't really gotten anywhere

Support engineer/ junior system administrator / service desk probably a couple more

Good to look into yes. Also AWS Security Specialty 🙂

does anyone have any knowledge of what this little additional information means? are they saying, based on how hard you will work will determine how much you get paid

very likely you have a baseline salary with a variable on top depending on how customers rate you

Sounds like it's just a "pay per customer" model instead of a straight salary or per hour.
To me it sounds like you would get paid $22/hour during your training period then after you're training period you may get a low flat rate + $x/customer you work with or just a straight $y/customer?

I read it as it will be based on your ratings from the customer.

And here we have why you should def ask the recruiter/HR guy for extra clarification

Think of a waitress. Some make only $2/hour and then could potentially make another $10/hour off of tips

+1$ an hour for bilingual Spanish lmao

lol I seen that.. oof xD

wow yeah i haven't applied yet, that 22 looks good but that's insane how they won't even put how much you'd make after training lmaooo

thank you guys for the input 🙂

in case you go ahead, always ask to get everything in the job offer before you sign

You will definitely want to clarify the pay after training. If you get a base salary + per customer compensation or no base salary at all. Meaning if you didn't work with any customers you wouldn't have a paycheck

don't ever think for a second you are being "dense" or bothersome if you ask every single thing of a job to be clearly spelled out

you're right! it's important , i mean you are doing this for a majority of your day

yeah i might call in and ask just to be curious

To me, the job environment is more important that the pay/how get paid but you definitely want to get clarification to make sure you'll be comfortable with it as well.

For example this job I started last month salary is about $15k less per year than another offer I got but it's a local government job with better benefits and I get my own office with 40 employees total versus thousands all being crammed in cubicles 🤣

OH WOW yeah those government jobs are nice

Sounds like garbage per-customer contracting to me

those ones i don't hesitate on applying for because I just know they'd treat you well

okay so my gut was right 😭

I got an interview for a cannabis company this Wednesday , definitely going to make up a word document full of questions i'd be interested about, mainly benefits and just average day to day tasks about being in help desk there and what programs i'd be working with the most

Local family owned company 😉 I started dec 20 and got a sign-on/christmas bonus on my first week xD Extra week paycheck. Ton of cookies to take home, bottle of wine for new years and he takes groups of people out for lunch and just relax a couple times a week. Much better work environment than someone standing over my shoulder criticizing why I'm not donig the same work as the guy besides me that has 10+ more years experience than I do 🤣

I'm happy with my not $100k/year job over cubicles 😂

oh wow yeah you're living life over there LOL that's definitely something i'd want to strive for, how much experience do you have so far in this career path? 🙂

I'm not in the cyber career path yet. Something I'm working towards. I have an Associate in Software Development (currently working on finishing up my Associate in Cyber Security), 2 years work experience as a Windows Application Developer with some full stack web stuff. Work is paying for my cybsec schooling and various certifications as I was brought on as an Application developer to be moved into a more jr. cyber security analyst position later this year.

I'm not saying exactly how much I current make as an Application Developer but it's somewhere between $60k-80k plus work incentive bonuses + profit sharing

holy shit yeah you do got some ambition for developing for sure, i tried to develop some websites using 3D models for about a year or two and it was extremely stressful 😅 but i do see that if someone were to put in more drive towards it it can be second nature; i just think that web development and even just freelancing just wasn't for me and i'd just like something a little bit more strict? cybersec just seems amazing and i just believe now it's just something anyone in this day and age should just learn, even for just a little bit!!

To note, I am making about $10k more than the original job offer because I was able to bring up personal projects or stuff I've done for friends (websites, servers I host at home and through AWS) to negotiate a higher pay rate

I also hold a few optional certifications with c#, javascript, html, aws, etc to bump the salary as well

yeah i need some more experience in the field, hopefully i can take this job on wednesday and just hold that down for a year while i get my a+ and learn more about pentesting

Yup, agreed. The first job I took in the field I hated but it was experience. I don't suggest doing the same though. Try to get that first bit of experience where you'll be happy or you'll eventually be miserable and change your views on the field itself

My first job was an IT technical analyst where the job description was completely different than what I actually did everyday xD I was basically a glorified help desk tech. I ended up leaving for somewhere else because they were forcing me to get the A+ certification out of my own pocket. (I had 0 intentions of getting my A+ lol I passed it up my first time in college)

aw i see, yeah i'm trying to look into jobs i'm just a little bit interested in for sure! wow they were really trying rush you to get the A+ cert ? that thing is not cheap at all and if they REALLY wanted that then they should've paid it for your 100%; either way i'd say you made a good choice, i mean look at where you're at now LOL

i'm going in the industry with little to no real experience on me, i mean i've been working with computer since i was 7, i went to a high school where they thought me engineer and computer science all 4 years, passed the AP comp science exam, did a bunch of stuff, graduated in 2019, didn't really want to go to college, mom died, covid happened, yada yada yada, eventually i thought that i'd be better off going into life RAW, it's a little intimidating not gonna lie but it's communities like this that help me push through so I can be a better person each day, i am 21 so it's going to be a hell of a journey for sure

Exactly, it gave me a good foundational knowledge going into the industry with some insight on things like AD, AWS, linux env, etc.
The moral of the story is be picky but not to picky about that first job. Be happy with what you do and enjoy what you do. I've always looked at a job and thought "hmm will it feel like work if I'll be doing this or that for 8 hours per day?"

Also pluralsight has been my life line since I graduated college the first time! Some topics it may not have the best amount of resources but overall I spend probably 8 hrs/week on pluralsight learning something new or learning how to change something I'm already doing to make it better

Unfortunately it's a paid service but the handful of jobs I've had were all willing to pay for the subscription for me

Is it hard to become a junior pentester?

Because I was thinking if I got junior pentester and earned reasonable pay like $70k per year I could then become a full pentester with the previous experience I had

yeah! surprisingly a lot of companies didn't reply back to me when I applied for them but oddly enough I chuckled about this Cannabis company I applied for LOL, it's definitely something I'd be happy going into work everyday about! pluralsight looks like an amazing tool! i'll definitely look into this, do you know if they have any courses that would help with A+ certs? I'm doing the subscription of THM obviously but I am curious if this tool can expand me where I want to go!

also sorry for the late replies, currently working from home LOL

eventually i'll meet a company/agency that will pay for all my cert stuff or at least reimburse me with it! i'm okay with out of pocket pay for now!!

All good, same lol
Definitely ask any questions you have during the interview process. An interview isn't just for the company to see if you're a good fit, it's also for you to see if the company is a good fit.

that question is vague, i don't have much knowledge in it but i do have some computer science knowledge, all in all, everything will be frusterating, it will be hard, but something about this path is that you will never stop learning and as long as you have that drive to continue to learn then you'll be okay 🙂

Wait if I pay for the tryhackme subscription would that help me get a job in the future? Like if I got the tryhackme pentesting certifications could I apply for jobs on the tryhackme jobs section?

some would possibly say that the 70k-100k per year trades off very nicely. it depends on person to person, but i think it trades of nice

Because they have well paying cyber careers there

Like $80k a year

it's a resource to help you get those certs. but no there are more viable certifications that companies look for, a simple search on reddit or on google will help you find some certs that they look for

i think cyber seek is good

Ceh

https://www.cyberseek.org/index.html

Pentest+

OSCP

I k

Yeah ik good average salary

And rn I'm looking at bounty hunting for bugs

Bug bounties

free lance?

Bug bounties are kinda like thay

That

Fund a bug report it get money

It's like mining gold you don't know if you will get lucky and find a lot of it

And also maybe I can get paid in Bitcoin

Someone in here told me once the certification path will depend on where you live as well. The best way to find out what employers are looking for in your area is look up the job descriptions of where you want to work. I seen someone mentioned CEH cert but was advised in my area it's not really worth it etc

I haven't really looked up jobs for this so I don't really have input xD
I'm going to be moving from within my company to a cybsec position so work is approving/paying for the certifications that they want me to have

Any other thing else like THM that would prepare me for something like a Jr Sys admin role/ Sys Admin?

Linux or Windows?

are there any free certifications I can get that might help me on a resume

az-900

other then thins like CEH or pentest bcs they cost a lot of money

and I will have to g et those later

az900?

azure cloud fundamentals

not sure if you have to attend a free webinar to get a voucher, but they hand out free vouchers like candy

Was that a question for me? I would say either one

well for hakcing use kali

kali linux

yeah, which do you have a stronger affinity towards? Microsoft has a ton of stuff on their site and just came out with a new Windows sys admin certification

and for cyber I say use red hat

it has a lot of admin capabilities

Possibly windows. I will check on their site. Thanks

Gave +1 Rep to @pseudo creek

For Linux, there are a few different options for learning, THM has some, Acloud guru has quite a bit, Pluralsight also has stuff for Windows but not sure if they have stuff related to the new Microsoft certificate yet

I know its better to know both though

Sysadmin for Linux = most likely Redhat

I didn't know it was redhat

thanks

Redhat is a corporate offering and used in many environments

generally a company looking for a sys admin will be looking for either Linux or Windows, if you know both, that'd be awesome

Would you say either one takes years to fully know

you can learn the basics of either in a few months, enough for a jr sys admin

and if you get a related cert... all the better

Thanks a lot

are google career certificates good

Im looking for something I can take in 3-12 months and doesnt cost a human kidney to get. Plus google career certificates are well looked at

I've not heard anything good about google career certificates, maybe google values them

A+, Network+, Security+ are pretty inexpensive I think and are valued

https://www.coursera.org/specializations/python-3-programming?utm_source=gg&utm_medium=sem&utm_campaign=11-GoogleITwithPython-US&utm_content=B2C&campaignid=8986236679&adgroupid=90732373397&device=c&keyword=google python&matchtype=b&network=g&devicemodel=&adpostion=&creativeid=516859841235&hide_mobile_promo=&gclid=CjwKCAiAz--OBhBIEiwAG1rIOgmdBUW3w6qM9vJeHXtV8GcZsHSgbBmnRvIIgsZLbxCHEnAGmcdSMhoCIDUQAvD_BwE

this coursera course

is python development

and it is made and offered by the university of michigan

could I use a course like that?

having python on your resume is good, but better is to have a portfolio with python coding vs a course

TryHackMe has a few python things, there is also this course could be helpful https://academy.tcm-sec.com/p/python-101-for-hackers#:~:text=Course Overview,successful in this introductory course.

So basically a bunch of courses to make a portfolio?

Use what you learn from the courses to create your own projects then put it on your portfolio/resume

I do write projects in github

https://github.com/1madtanker1/Network-Exploitation-Toolkit here is a hacking tool I made

Would a project like that be good or is it too simple?

I coded it as my first python hacking project as I code entirely in python

if you are trying to avoid certs, then a portfolio is a good way

sure any projects, writeups are also good

Yea

But I'd it ok if I don't know all the python commands?

Like a lot of times I'll have to look up a tutorial or something to see what to do

But I understand the purpose of what I'm writing

I just have trouble remembering certain python syntax and stuff

Is*

I feel like you're over thinking this

No one does lmao

It’s about knowing what’s available for you to use, and using those things appropriately

anytime I take a break from python for more than a month, I'm looking up commands

So like it's fine if I look up a tutorial on his to write a port scanner or something bcs the ppl in those videos look like zombies writing it from memory

sure

but it'd probably be more like looking up components

Yea u do that

Like I know many commands

But I watch the tutorials to see specific parts

Like I want to build a MITM attack project but I need to see videos in how to build parts of the script

Also what's the bug deal about frameworks?

Can't you just make a normal attack script in python

Like why does metasploit build a framework

Instead of a normal ruby script

You used much msf?

Yes

It's all consistent, and it does a lot more than just exploits

I'm a hacker but I'm learning python since a bunch of fellow hackers told me to learn it

Since it would get me a much higher chance of getting a job

But can't you program a python script to send exploits?

sure

and you'll find some exploits on exploitdb in python

What would you say is the best place to learn python skills for building hakcing scripts

I heard the book black hat python was good

it is good

Yea but I can't find too many tutorials for things like that

any sales engineers in here ?

If you have a question I would just ask. Others may not be that exact position but can provide you with an answer.

I'm lost on where to take my career. I want to have a remote role with good pay. I have the CCNA, A+, Net, Sec+ and I think a few other certs from school. But I'm at Help-desk. Should I look into Cloud Computing? That seems interesting and I'm really interested in Infosec obviously.

Yes! Highly recommend cloud computing

We need security people desperately

How long have you been there?

6 years?

Started working in cloud computing by studying AWS and applied for a job

is i smart to learn cloud hacking since the cloud is expanding?

I would imagine

Is it possible to get a degree in cybersecurity or are they only certifications

I am going for my BS in Cybersecurity and Information Assurance right now

I think they have quite a few degrees in cybersecurity nowadays

Thank you

👍

its interesting NSA doesnt require a cybersecurity degree

only the CEH exam I think

I started bug bounties for the first time on bugcrows.com is this a good starting place or should I start somewhere else?

Bug bounty doesn’t count as experience but it’d be a extracurricular activity

Just don’t sacrifice time you could be learning with doing bug bounties

what do you think is a good path for someone like me to get more into hacking

bcs Ive gone trhough the beginner stages

and Im kinda in beginning intermediate

like I can hack windows 7 computers and so computer scans

but what would be a good path to get a job

How r u hacking windows 7?

I used eternalblue

exploit

on a vm

https://tenor.com/view/hacker-hackerman-kung-fury-gif-7953536

what do you guys think of online courses like freecodecamp.org and programiz to learn python? I know the certifications you get from these course alonewont help you get a job but if you build a portfolio it will help greatly. Also, Im mainly trying to learn the python programming language rather than get certifications in it as of right now

since my goal is to build hacking scripts in python

Just. learn.

Talking about what's best doesn't get you anywhere. Learn the language to aid you in your hacking. That's all.

You've asked this like 3 different times now lmao

Quit overthinking it, basically 😆

I get that but Im scared that Im gonna be learning the wrong stuff

like if I learn python programming just regular then Im learning a bunch of data science and stuff like API and machine learning which doesnt really seem to apply to python

for hacking

sorry if Im coming off as a little annoying

sometimes I get anxiety over the dumbest stuff and spend more time worrying about something then just trying it😆

u can learn python the “regular” way, how u apply it is up to you. Just gotta explore and experiment as u keep learning

That's hacking as much as network sockets are hacking 🤷‍♂️

Learn machine learning in python and who knows? You might end up hacking a robot one day

Hacking is just the flip side of development. You literally cannot go wrong by teaching yourself development and computing fundamentals

Don't think of "hacking" as being its own separate thing: it isn't. Learn how computers work, then apply that to the "What happens if..." mindset

There are connection between python machine learning and cybersecurity, so not completely "time wasted"

Not time wasted at all 😆

It just not hacking

Sure it is, if you apply it in the right way 🤷‍♂️

Hacking is literally just mastery to an extent that you can take something to bits and figure out how to abuse it

The first hackers were literally programmers who enjoyed pulling code to bits to find flaws

That's all hacking is, all it's ever been. Learning how to develop things, how to build, how to put things together, just makes you better at taking them to bits.

Master how something works and you're in a significantly better place to take it apart again

It's not using "hacking tools", or scanning a network, or any of the "exciting" adrenaline rush stuff that you get from doing a CTF, but that's not the ethos of hacking anyway

It's all just a mindset. The idea of "If I do this, how will it affect that?". The curiosity to go and explore things, pull them apart and try to put them back together again. See what works and what breaks.
If you have that mindset then you're hacking

Ah, i see

I do do CTF events

picoCTF

and hackerone

so if I learn computer sicence in python and machine learning thats also good?

since hacking is just applied programming

Sure 🤷‍♂️
Learn what interests you

You can't really go wrong as long as it's in computer science

Heck, go pick up a psychology textbook -- that'll be really helpful

Most hackers also seem to have independently picked up lock picking as a hobby (myself included) -- not entirely sure how, but it's useful nonetheless

Yea

I'm really interested in learning more python

Because I know beginner python and stuff

But not enough to code my own tools

Just enough to maybe make a multiple choice quiz

Or something