#cyber-and-careers

for resumes

its like "prior experience"

internships are also great for prior experience

One of my mentors was with III MIG (MEF Information Group) in Okinawa before he retired. He said they're doing a lot of good things and learning a lot on offensive and defensive operations.

JROTC is an extracurricular, not professional experience. Anything you do in that would be under the extracurricular category of your resume.

USMC Cyber is taking huge strides. Know several people who are in and it's honestly one of the preferred services for cyber now in my opinion. AF is also good, just a different culture.

@stoic cave I'm about to go through the Navy's in a few months.

I got out right as the big changes started happening. Good things going on.

Nice

Yeah my service choice changes depending on MOS selection

I've given myself until 25-26 to decide what I want to do

Dream would be to end up in the Army flying rotary. Currently have a good friend going through that program so I'm kinda waiting to see what happens

If you can go for a comission I would recommend it.

Enlisted route isn't always the best.

I already know commissioning isn't for me

I should also say that, I'm changing my rating (or MOS for non-navy) to CTN. I've been in the Navy for 10 years.

Nice

It was on my plans ! I'm not doing it atm because I got hired for another startup to help consolidate their infosec program and well...gotta admit it's lots of fun

Warrant would be perfect, but it's not guaranteed.

From my outsider POV I always understood it as Navy > AF > Army > MC due to their operating requirements (Tho in all countries it's almost always the Navy the one with the top cyber/crypto expertise)

@stoic cave You have to be in a minimum number of years to even qualify to apply for that

@warm hinge I would argue AF they have a lot of things. But I don;t know how much of those things are getting shifted to the space force

There is a caveat. Army Air has a "street to seat" program and you go straight to Warrant

That's a very basic explanation but there's obviously criteria

Yeah just be aware of how everything works. I've seen a lot people get a short end of the stick because they didn't know how everything in a certain program worked.

Oh i know lol

I had a different university experience per say

10th Mountain had a large presence on campus

If you want to go to the intel community Navy, AF, or Space Force.

Yeah, I'd like to do something different than what I do professionally now, which is cyber in the government sector. Dream, as previously mentioned, Army Rotary. But if I can't get that I would be looking at Reserves in either the Army or Marines, but more specifically a Combat Arms MOS. Marines I would consider Cyber

You want the 17xx field.

Yeah that's cyber

Ngl, probably a weirdo or a lunatic for my preferred MOS selections

Army would be 12 or 13 Series and then Marines would be 08xx or 17xx

Maybe a 68W for the Army too

can someone explain me the "drop a packet" when you go to the recruiting office thing?

like, I've read people that signed up for 18X in the Army, failed and then ended up being sent to....cook?

something like that?

and that you shouldnt do that

@warm hinge yeah

shit happen in the navy too

People fail out of the class

and then they go to "Needs of the Navy"

but how does it work? You select a couple of MOS/Specialties in order to avoid that?

you could end anywhere

Maybe I've never had to go through it. I know people who have. Usually Seal drop outs for example

oh no screw that lmao

Don't do this

that must suck

they go in for SEALS, get dropped and get bottom of the barelljobs

18x is a fools game

But its just an example

yeah saw the comments about how you are almost signing up for failure if you do that

like the Crypto Networking School that the Navy and Air Force use has a 40- 60% artittion rate

My friend signed an 18x

Called him a few choice words but he made it

attrition**

People failing though are ones with bad study habits or are just fucking around

Yeah, AF Special Operations has an attrition rate of 90%

Knew one guy in the PJ pipeline, just different

Pretty amazing to watch him go

Fuck that. That's how you end up with a bad back.

Yeah staying apolitical, my mindset is that this country has given me a pretty damn good life so far. I can give back a few years of pain and suffering. Not everyone feels that way though.

Bad back is just a given. Been going to orthopedic doctors and PT for months now.

Though the VA refuses to admit it's because of my service.

Assholes.

I see there are a lot of ex and active guys in the uniformed services

perhaps there should be also a pinned message to help them transition from military to civilian jobs

like what advantages and programs there are out there, right?

There's a ton

Of resources.

Where do you guys see the cybersec trend go in the next few years? What is going to be the hottest / best paid specialization? my guess is cloud pentesting

I personally see cloud in general. Dev is already booming with cloud jobs with more and more companies switching from their in house servers to Azure and AWS.

Cloud security is needed in general

yea there just isnt a lot of tutorials explaining cloud stuff

like people learn the stuff when they can watch tutorials on things like metasploit and understand how vulnerbailities work

but since cloud is new and different you have to have been already in the aws world for it to work

There's tons of courses and materials.

Look up training for Cloud+ and CCSP.

Oh and CCSK.

That was a fun test

there are tons of tutorials in cloud stuff, entire websites

I learned AWS through AcloudGuru and Linux Academy (which was later bought by ACloud Guru), I learned Azure through Pluralsight and a few random things. Basically, Cloud is 'just someone else's computer'... to secure cloud, you have to understand basic security principles, which can be taught in a class like Security+, and then use those security principles in a cloud environment...

I need to check out ACloudGuru. People told me it's good for Azure stuff too.

its not really all that different, if you can understand the services, you can figure out how to secure them

Got another SC test in a couple weeks.

I didn't use it for Azure because people said it wasn't great for AZ-104, my company has ESI so I did use the official 104 book and just spent time in Azure

I will also say honestly, that I feel like I make good money working in Cloud Security because people think it is something strange, different and has different principles

Yep

Sounds accurate

yEP

True. Except for some particular networking stuff....the rest is still...the same?

even the networking is basically the same, I think SDN is lagging behind in corporate environments but it'll catch up and not to say it'll be the same but will be close in forward looking companies

Heh you should meet my networking lead

now I understand you get a million buttons (Just looking at the S3 console, in particular the permissions, in AWS might confuse someone) and that's where people find it difficult. How everything interacts with other parts

Still uses static routing and manually does ACLs. Standard port security.

oof

Trying to convince him to do dynamic routing, 802.1x, and SDN. He won't go for it.

crazy here in Argentina almost all companies went big on SDWAN

I saw some banks looking to replace MPLS with it and to deploy sdwan appliances in 230 branches in one go

its expensive but it can have its benefits

the reason I heard is that the telcos were making bank on the MPLS lines and having SDWAN would make them lose that leverage

not to mention the administration capabilities you can have with it

networking is really a complicated and deep topic. No wonder there are so few CCIEs around

Curiosity... anybody else been approved for infragard? If so how long did it take to get approved?
I'm about 2 months in of waiting and I've had different levels of clearance with past jobs

It can take about 6 months. I'm waiting as well, applied in October.

Oh wow lol ok I'll keep being patient 🤣

It said it could take months but doesn't really give a time frame so I was curious

what do yall think of thecybermentor?

I was thinking of taking a few of his courses

and he launched a pentesting certification

because I heard greta reviews about his courses

and I think his pentesting certification seems pretty hard to get

any of you guys working at home having some nice income doing pentest ? no 9-5 jobs pls

I think he's knowledgeable and a good resource. However, his cert doesn't have the exposure to get you past HR as far as I am aware. Also, we've been saying this repeatedly. Get CCNA or Net+ as well as Sec+ first. You don't have and don't plan on getting a degree which will put you at a disadvantage breaking in to the space in the first place. @sharp rain

I do

I plan on getting one of the hackings certs

certs = for employers to work 9-5 jobs

Im not some rich dude tho so I cant afford to just shell out thousands of dallrs right away to get a certification

dollars

I have to save money

to get the course

This is the actual final time I'm going to say this to you: Moose is right, get the entry level certs and get any IT job. A half-decent company is going to allocate money to train you and for you to get additional certs. Your plan makes no sense, and you have absolutely no way to implement it, from what you've said before.

hawk , the skill gap is huge, its required for you to have your former IT experiences with new security certificates to gain entry thru hr

ik

but you havent heard the second part of my plan

I don't think I need to.

so there were these hacker people who worked for the nsa that I was talking too (the same ones from earlier) and they recommended I get an intership to show experience

Do you know how you get an internship?

after I learn much more IT expeirence

yes

kidna

How do you think you get an internship?

hard to explain

It's really not.

Frankly, there won't be a second part because you don't have a solid first. When you build a house, you need a solid foundation. At this point I honestly don't know if you're trolling or not.

dude Im not trying to troll

You go to college, that's how you get an internship

Internships are opened only to current students at some kind of higher education program.

Internships are for students getting degrees. Otherwise, you get a job

Usually community college and junior college attendance is allowed as well.

Any form of accredited learning above high school really

Ive read a lot that if you can prove your skill

you can get an internship

Nope

I also do a lot of ctf

No

hoping to win or get in a competition

That's a great 'personal project' entry on the resume, but it does not replace education nor experience.

I get it

but there are also career expos

with interns

Who are college students

Can you provide some links for the acceptance criteria for these internships you are talking about?

sure

Please do so. Because I have never seen an internship that doesn't have 'you are a student in an accredited program' as a pre-condition to hire.

actually nsa does interships for 16+

in cyber

AND you can be high school or college

Do you live near Fort Meade?

I live not far from the nsa headquarters

Do you have links for the other internships?

Also at this point, you'll be applying for summer 2023 internships for the NSA if you apply. Will you still be in High school?

Yes

This summer I want to save for getting future certifications

Like sec+ or net+

And maybe getting OSCP, Pentest+ or CEH

i want to grasp the reality about pentest freelancing, any testimonies? not want to work 9-5 jobs

Many high schools have AP programs that allow you to take classes at local community colleges or universities. If you get into one of those programs, you could get entry level certs at a very reduced cost.

As in, you might have to pay for the exam, but the course material would be paid for by the school district or state.

Do you have a legal team on tap that specializes in cybersecurity?

Unfortunately not my school I don't think

I'd have to check maybe

That's why I wanted to also see jrotc options

Remember JROTC is extracurricular, not experience

I see, thanks for info

Will CEH Master and CPENT give me a decent job? I'm a CS student (Graduating in April 2022) and I want to work in CyberSec. I have completed CEH Master and CPENT, this led me to think that will these certifications give a decent job?

I never heard of CPENT but looked it up. Are you In India? CEH is primarily a cert these days for those in India. In the US, you want Network+ and Security+ for entry level jobs.

also if you are graduating in 3 months, you should be applying now

Yes I am in India

you'd have to ask someone in India about if CPENT holds any weight, we don't have very many professionals in that region

But what if I get shortlisted, and they ask me for my grad certificate

grad cert takes way too long to come

yeah I dunno India hiring practices, sorry, in other countries we apply many months ahead of graduation

I have researched about EC-Council and many EC-Council Certs are liked by the Recruiters in India

oof

I have no idea about CPENT cause its a new certification

Hi SpreeZer. I completely get where you're coming from but right now, standing from where I am right now, I can safely say that the need for certs is gradually becoming obsolete in India. I interviewed with two big firms: one dedicated security company with clients like Razorpay, TATA and a some reputed banks while the other company is more of a computational based product company with clients like: Google, Amazon, Nasa, etc.

In neither of those interviews were my lack of certs were an issue. I had to qualify for the first by winning a CTF while the latter was via a shortlisted resume and a lot of technical grinding. So, I guess, look up your target companies and see their hiring strategies on LinkedIn. Also, look up possible hiring methods over Glassdoor.

I haven't yet graduated so I'll be joining them as intern but with that sweet sweet PPO.

Thanks alot!

Welcome and keep playing CTFs!

never knew India kied the CEH so much

but CTFs are alright but I always had trouble doing them

Id get a few ones done and stuff escpecially ones related to the linux file system but not too many

and I would become confused and have to see a walkthrough to understand the challenge

India is about the only place that still likes CEH

Even the US DOD is moving away from it

although it is still a baseline ceetification sometimes

but I can see its flaws

obviously its all multipule choice which I like but

it doesnt have any real life scenarios

and much of the info is outdated

multiple choice questions suck. Pretty much the only way they can be made challenging is through ambiguity and trick questions.

Or how comptia gives you a bunch of info in a question that can basically be thrown in the trash xD

Im not a fan of trick questions as I always think they are trying to make the perosn fail

like they shouldnt be TRYING to make you fail

the questions can be challenging

but if you know the mateirla you shouldnt be stuck on a trick question that will never pop up anyway

the real life scenarios are alright

like aksing what would you do if....

all pentest/hacking exams should be like ecppt (or now pnpt) (haven't done them myself but heard from others), where it is actually like a pentest: get given a scope, do the hacking, report on all findings (not just vulns), potentially a debrief too

but it's not gonna be like that for a long time

You mean the exam should reflect the real world? Crazy!

ikr

I mean to be fair the multiple choice is going to make you learn the word and stuff you need to know when you hack, and it makes ti easier to study since you can study and be proficient in a certain area

Like say I wanted to get certified on wifi hacking, it would probably be best to make a multiple choice to learn that area, however if you were taking a pentesting exam in all of the penetration testing scope, it would probably be best to have a real life scenario exam

I'm about to graduate (in the US) with a BS in CS focusing on network security, and need some help and guidance from someone more experienced in the field if you'd like to add/dm me (if that's not allowed). If not I'll post it here, I didn't want to spam up the channel

I'd honestly recommend posting it here.
Means more people can engage, and also means that others can learn too.

Yep, I graduated in 2020 and have been working full-time since then. Feel free to ask any questions you may have here.

I'm graduating in May with my Bachelors, and plan to take my Pentest+ at that time as well. Apart from that I don't have internships or experience besides my classes working general programming with python/java, OOP and other standard classes, and more specifically using linux/kali and what I'm learning on tryhackme studying for the Pentest.

What's the path for me now to get a decent starting position in the field after graduating? Work on some personal projects for my resume as well now and look after graduation? I want to start applying to jobs now but just having school experience doesn't seem to be enough, and adding "going to take pentest+" doesn't seem appropriate, but maybe I'm wrong I don't know how my qualifications match up with other beginners to the field.

This is only my uneducated guess, but I feel like software development/engineering is easier to get a better paying position out of college than I would have the opportunity to in security, and I've been questioning if I should use my network background and work on those skills instead and seek a junior position there since I don't have much practical experience.

Thanks for any feedback

do you have any work experience at all? I started as a Network admin out of college, I also did CS specializing in Networking (and AI). It was a good stepping stone to cyber. You should be applying to jobs right now. Security+ is a good foundational cert. Also Network+ would be good but your networking classes may be good for any company to start out. Try applying to a wide array of IT jobs as well as cyber jobs

and no, I wouldn't put "going to take Pentest+" but I'd emphasize skills such as Python, programming in general, Networking, any Unix/Windows, etc on your resume

No experience in tech at least, no. My professor believes I can pass the Pentest, and I imagine that will make it easier to take lower level certs.

and your resume should include various extracurricular activities, did you give a presentation at a student club/conference? Did you do a research paper with a professor? and things like that

your resume should also include work experience even if it isn't in tech

I will say you could pass Pentest+, without previous cyber courses, no internships and no previous work experience, a pentesting job would be near impossible, but you could get a job as a SOC analyst or even a GRC job out of college

I do have a research paper I didn't think about adding, that's a good idea. I'm sorely lacking in extracurricular work related to my major

which is why I'd say focus on something like Security+

i'm not tied to the idea of Pentesting it's just what my professor recommended for my independent study

and didn't catch your focus was network security, not just networking so you do have some coursework in security

ahh

Yes

Isn't that all pentest exams above "entree" level?

if its for independent study, sure, it won't hurt

but I'd also make sure, as pat of that, that you build a portfolio, do writeups on THM and similar platforms

make a blog or something similar

OK, thanks a lot for the help

What do y'all think of the idea to code Blockchains

If the nft industry continues to go up it would be a great future job opportunity

NFTs, currently, are stupid. Most of them are stolen intellectual property and art stolen from small time creators. Most of the time I don't give anything with those buzzwords any credence. My $0.02

The average blockchain developer salary in the USA is $143,167 per year or $73.42 per hour. Entry level positions start at $121,875 per year while most experienced workers make up to $185,250 per year.

That's what I think.

holy crap

yea I generally imagine the average NFT guy to look exactly like the art they make. I truly will never understand why the hell someone would PAY the price of a small HOUSE to get a piece of bad looking digital art

I get the blockchain idea

but hey if someone is gonna pay me $121,000 a year to code a blockchain for them Ill do it

The artists may think the same 😄 If someone is paying me a stupid amount of money for weird looking apes and mutants, i'll do it

Money Laundering

"SOME PEOPLE THINK ITS FUNNY TO SCREENSHOT NFTS"

remember this is a #cyber-and-careers channel

ik we are just joking lol

anyways

Im interested in the cisco networking courses

they seem to have great potential

are thye good for preparing for net+ or sec+?

or the cisco certifications

which also seem good

probably the courses aimed at passing net+/Sec+ are good for preparing for net+/sec+

generally Im looking at the cisco courses

is CCNA good?

as an entry level cyber

sicne you guys said to start wtih those

to get IT and netowkring

networking

CCNA is a base level networking certification. It's course content is foundational to cyber security.

https://www.netacad.com/courses/cybersecurity

I like that cisco makes some fre eintroductory courses at least

free*

form what Ive understood cyber is more "blue team" type scenarios

defense against a threat

experience in blue team cuber is preparation for red team attack

cyber8

Cybersecurity is about managing risk, at it's core.
Offensive cyber seeks to remove those risks by finding vulnerabilities and exposure. (Other people then address the risks and vulns etc)

Learning about risk is something I'd really really recommend for anyone starting out

@sharp rain look at local colleges that use Netacad, they'll likely do CCNA training

mine did CCNA R&S, CCNP ROUTE, CCNA CyberOps, etc.

https://www.cisco.com/c/en/us/training-events/training-certifications/training/digital-learning.html - if you've got a bit to fork out

Hmm

yea that mught be worth it

in trying to do everything online

so online courses and certifications like these are what i look for

escpecially neteorking and aunderstanding tcp/ip

understanding

A lot of this. Risk is central to most of the higher-level certs out there.

Yeah the big exams are a lot of trying to learn the stuff

And a lot of preparation

It must be scary going in to an exam like sec+ or oscp

Your career lies on the next 4-6 hours

Security+ has a 90 minute time limit

And OSCP is 24 hours

Although, tbf, if you're in the OSCP exam and don't get anywhere in 6 hours, you'd be so demotivated that you'd probably give up right there tbh

You get through that exam on little more than the adrenaline bursts you get from breaking into one of the boxes

Gunna echo that on all offsec exams

The 48 hour exams are ball busters

24 hours? How many boxes are there? I assume full reports and everything. So I'm guessing 8-12 hrs on the boxes and 8-12 hours on the reports minus sleep time
Is it proctored or anything? I'd hate to be that proctor 🤣

Yes, the exam is proctored. AFAIK, they do shifts

Holy crap xD I was planning on taking that soon after I finish my AZ-900 and Sec+ but I might put that off for a bit lol

That means 24 hrs straight of exam time

CCNA first it is lol I only planned on these 4 plus I think Linux+ and Net+ are through school before I end up graduating

Yeah, the proctors change four or five times during the exam

That's crazy 🤣 I like the challenge though! Just might save it for later

The 24 hours in oscps case is testing. After you have 24 hours to submit your report

I know it differs

But that's gotta be terrifying

Having nothing else to help you hack and having to do that

Like I mean you have to write your own scripts and make a port scanner

I get they want people to understand the actual process but you can still do that while using some tools that you would have at your disposal on any kali Linux machine

I watched a couple yt videos on prep. It’s not as bad as I thought! It can be broken up and it’s 2 24 hour periods for testing and reports. Definitely will need to take a couple days off work for it lol

And don't most hackers use kali Linux anyway? Or even if it's like Ubuntu most hackers are gonna install a bunch of shocking tools like metasploit, hashcat, etc

So it doesn't make sense to not let people use those tools

No you don't smh

The only tools you can't use are autopwns and high-powered vulnerability scanners. So no Burp Pro, SQLMap, Metasploit, etc

Everything else is fine. It's not like they stop you from using Nmap

The idea is that you should understand what you are doing hence, only allow metasploit on 1 machine. And no auto exploit tools. If you became a pentester/red teamer, chances are you'll use metasploit.

And/or a more powerful C2

Hey /b
... apologies, wrong forum 😆

Fellows, need your advice, so here it goes:

I've been a Wintel Engineer for 10+ years and been with my current org, a State Gov Agency, for over 4 years in various senior roles: Tech/Team Lead and I've swapped multiple teams: Server, AD Projects ... loving my current role with Directory Team where my focus area is Security Hardening. However, I've always been passionate about InfoSec (that's what had drawn me to IT in the first place) and for the past two years I have actively been working on pivoting into cyber, mainly applying for internal roles with our Cyber Investigations Team. I've even applied for an entry role with the same team and was told not to go for such roles again, that I should chase a Snr role (in the mean time I've completed a bunch of courses/training, even self financed SANS training/cert).

At some point last year I've started looking outside of my current org and began applying outside and I was successful with a Fed Agency, however as their security vetting process is very extensive it got so prolonged that after more the 6 months I've only received my Sec Clearance.

In the mean time our internal CSI team has recommended me for a new team, for which I have interviewed and got a Senior Role 🙂

4 weeks ago I took my first leave in two years and went overseas, last night I checked my work emails only to find another offer - the CSI team for which I have applied 3 times and have recommended me for the new Cyber Team, have asked me to join their team 😐

tl;dr

I will be back from my leave next week, I now have 3 offers to chose from and it is really difficult to decide what to do.

1. Role: Senior Cyber Security Compliance and Policy Officer
   The newly developed Cyber Program, pushing compliance policies from highest Gov instances
   Internal to my current State Agency
   My current salary is maxed out and would be the same in the new this role

2. Role: Senior Cyber Threat Intelligence Officer
   Would join a newly created Purple Team
   Fed Agency, requires Sec Vetting (which I have received)
   Would also require me to to move to a new City
   Salary: most likely LOWER then my current level by 30%-40%
   ... This is my dream role!

3. Role: Senior Cybersecurity Incidents and Forensics Officer
   Cyber Investigations Team. Applied for this team a few times
   Internal to my current State Agency
   My current salary is maxed out and would be the same in the new this role
   Perk: would receive more SANS training 🙂

OOF that is hard. For Role #2, is it a city you'd want to live in and is the COL lower there?

I know Fed Agencies also have caps as well. Personally I'd go for #3 of those. #1 is mostly paperwork, it is valuable if you want to go into management/move to a corporate job and be in management. But it seems boring to me.

SANS courses are a great perk. But also living where you want to live is something to consider.

I have to agree with this, Offer #3 seems the best from all the above, but that only applies if you find the job itself interesting, if you look at it from the outside, you have the same high pay and get SANS training, which is something you get only in that offer.

Option 2! Simply because you put it's your dream job. I will take doing a job I love over anything else. Moving away sucks, but I've come to terms it's worth it to move for what I want to do. Less pay oh well.. you'll earn some of that lost salary back over time 🙂

I'd try to see if they would counter offer your existing offers at least for #2... I'm also cynical about dream jobs as reality doesn't always match the dream. But also, in general, good experience isn't wasted

Thanks guys, basically I agree with all answers.
I really need to wait for the official offer from #2 as I am only assuming the salary packaged based on some insights. tbh I was ready to accept it even if they offer me the lowest sal option but offer SANS training.
#3 is mos def the winrar when it comes to desired role vs convenience vs training i.e. the most logical option.... sadly I am a romantic dreamer 😄

its ok, but you can still try to counter offer I think, I've never worked a gov job so I'm not sure how willing they are to negotiate

If it's on the GS scale, not much if not at all.

Yeah all you can do is try to get increased in Steps or Level, not numerical salary

Need some soundboarding from y'all. I waited a little longer to hear back from the recruiter and she actually ended up reaching out to me this morning. This is where I need some help. The position that she provided is a SysAd position supporting the cyber area. For me, this feels like a regression as that was only a bullet in the position she provided. The rest is your typical duties you would see as a SysAd. Thoughts?

For reference, I am currently a Cyber Security Engineer.

I mean, I'd ask. It doesn't line up with what you were told, something's changed and you deserve to know what.

I went from a titled "Cyber Security Engineer" to a role more focused on Linux SysAd work last May.. and now I'm going to be their pentest lead and I handle a majority of their cyber security work

(If u have the choice), which Certification should u start with if u wanted to become a pentester ?

I wasn't told anything in the first place really. She and I had developed a rapport when I was initially looking for a job out of college but due to timing, it didn't work out. I ended up getting an offer for my current job and she encouraged me to take it because the roles she had coming wouldn't be available for a couple of months.

What's your background otherwise?

Bachelor of Science in Computer Security and Information Assurance, Security+, and 1.5 years as a Cyber Security Engineer

Work in Gov sector

I work in the gov't sector too, clearance and all that hoopla. What are you actually doing as said "engineer"?

Not going to go into details because it's covered by the hoopla but I do everything. I'm the only engineer on the project. So documentation, testing, planning, server care, environment build out, etc

My takeaway would be this.. the sys ad job is likely mostly sys ad work with vulnerability management (Nessus scan result mitigation, mostly) to comply with STE/STN requirements. It won't hurt to take the job if the pay and benefits are better, and it won't hurt in your career progression. It never hurts to learn more ins and outs of operating systems.. but I'd be more willing to take the sys ad job if it was Linux focused.

I can also provide insight into most major companies as I've worked for a majority of them

I'd ask if the position is brand new (newly created) or if it is a transitioning position from traditional SysAdmin to more CyberSec oriented. 🙂

Hmm, to get a mental picture of the org chart and see if there is movement? Not sure im following

To understand the context of where the job is, and where it is going. If it's a transition job, it might better explain that the majority of the job is still advertised as "doing SysAdmin work". It would make less sense if if was a brand new job position. 🙂

So, the thing that threw me off was in the initial message she wrote they were looking for a "generalist"

I'll ask some more questions

The most disliked term in hiring. 😄

Yeah, I'm just nervous because my IT internship wasn't a great experience and I'd preferably like to stay away if that makes sense

This is interesting, I saw job interview preparation tips that strictly forbade the use of AI tools like copilot. I didn't know it's already at this point, but can't really say I'm surprised 🙂

Moose, I think the question you need to ask is: does this fit my 5 year plan better than my current role? You are still very early in your career and have a lot of time to find 'the right path'. A lateral promotion that gives more opportunity a year from now than your current role does is worth looking at - contrast that with a 5-10 years of experience where a move doesn't make sense unless it's a title and 20% increase.

100% this^

What would Design Change be in reference to Cyber Security? I know what it is in Engineering but i dont think ive seen it in cyber yet

an example would be helpful too

I would think its the same thing... but we don't use that verbiage, but if someone said they had a design change, I would think the architecture has changed in some way or the controls

This position seems like its a cross between Cyber Security Engineering and actual PE engineering

so I said i didnt have that experience

Application is probably going to get tossed immediately

This sounds like CISSP Domain 3, if it is actually security architecture related. An example would be the principle of least privilege. But could simply mean anticipating security impact due to architectural platform design changes. Ambiguity reigns in cyber security. 😄

Yeah, the question needed more context haha

It was for a Cyber position within a Professional Engineer department so I didnt know what to do

Ask for a broader explanation of the daily duties of the position. Might give a better insight what the position is actually about.

Im going to if they reach out

In the past I've been in positions where, when reading the HR approved "description" of the job, my first reaction would quite often be: this barely explains what I do on a daily basis. It's abstracted to HR terminology and industry-accepted weighted-words that can be quite removed what it tries to describe. 😂

Someone should write a book: The Art of Reading Job Descriptions, Seventh Edition. 😄

You know, we actually covered that in our Security Management class

As well as matching job descriptions to job titles

That's a good exercise.

I've got another stupid question 🤣
So I tested out of my Network+ class. Barely though.. by only a couple %
I have Cisco Networking I, II, and III coming up in the next 3 semesters (ccna prep). Is it safe to say if I run through ccna and get my cert I'd be equally prepped to take the network+ cert with minimal studying?

Take one cert or the other, getting both is a waste of money

Both are already covered. Just debating if I need to actually prep for network+ after taking ccna. Or just prep now and take network+ and dont even worry about it later

The way it was suppose to go is I take the network+ class this semester, get the cert. Then my last 3 semesters would be ccna prep and then I'd be graduated but I basically skipped an entire semester by testing out of 3 classes.
I suppose now that I think about it I can see if work paid for the network+ cert already and if not see if they'll switch it to something else since I'm getting my ccna

.

If you can pass CCNA, Net+ should be fairly easy.

I took Net+ last year on a whim without studying and got 790-something. Knowing CCNA is good.

hi, currently following complete beginner path and about to start with Linux Fundamentals part 1.
But I think I have to ask what I need to know/learn for a cybersecurity job because of effective learning. 🙂

Probably I need to be specific what I want to do in cybersecurity job.
Well I think I want to join the defense security with networking knowledge and computer programming knowledge.

so yeah my question is which path to follow in THM site and which tool to download on my machine to learn and understand better the cybersecurity part. I am also wiling to subscribe.
It's time to find a job 🙂

Hi

Well in my opinion, if you want to go on the defense side, SOC Analyst especially, i think that you should do the Pre-Security Path, you can complete the Modules you have left in the Complete Beginner one and after these 2 you should take the Cyber Defense path, it's suited and tailored for defense security jobs...

Cool thanks for the insight 🙂

Of course it didn't give a +1. Stoopid bot lol

Only does if you leave the reply ping on

That's annoying 😂

Thanks @low osprey sorry for the ping lol

Gave +1 Rep to @low osprey

Thanks for the reply and the advice. 👍 This helps because now I can write it down which path to follow and what to learn 🙂

Gave +1 Rep to @peak wind

No worries, after doing these i think that you should be able to get a SOC Analyst level 1 job, depending on other factors of course like country, company etc but you should have a strong base at least...

Thanks to yalls feedback I'm able to reallocated the Network+ funds that work was providing to something else since I'm going for my CCNA anyways 🙂

Probably a good call. Only reason I went for Net+ was because I was getting a bunch of CompTIA certs for school, and wanted to "complete the collection"

Same reason I got ITF+. Which was a surprisingly fun and challenging test.

Nice lol Net+ was originally in my curriculum but since I tested out of the class itself it automatically bypassed the certification class and exam.

I'm not a big "complete the collection" kinda guy 😂
That's just more certs that need renewed later and I'm not exactly sure what I'll need in 3 years.

I'm just really kicking myself for not taking the Sec+ in 2020 when I had the chance... but then again it'd need renewed early next year anyways!

Eh, most of the ones I got fall under CASP+ so as long as I keep that up-to-date, which is easy with THM, then I'm good.

Just gotta do Linux+ separately.

lol my Sec+ somehow got renewed all the way out until 2027.

What do you mean easy with THM? Like room preps orr?
And ya I haven't even looked into Linux+ but I'm taking the cert prep class this semester so I might as well attempt the cert

The learning path certs. I upload those as CEUs.

I just add the hours on to the cert using Paint, and it's good.

Oh! That's cool 🙂

lol

Do you have your Linux+?

Yeah

Not sure what I'm gonna do for CEUs for that one.

How is the exam for that?

Having gone into it with almost no practical Linux experience, only using what I studied, it was hard.

Someone who has actual Linux experience and uses it regularly will probably have a much easier time than I did.

Gotcha. Dang. I use it daily for personal use but no practical use with it. I'll keep that in mind through the semester

Dual boot, and I run a few ubuntu server 18 in my homelab for basic hosting for landing pages and home smart device controls. Stuff like that

lol I tried running Parrot for a daily, Got fed up within a couple hours and reloaded Win10

lol I haven't touched Parrot in awhile. For thm I've been using kali

Yeah, I use Kali for THM. A VM.

VM through proxmox. Which I haven't really gotten into what all I can do with proxmox. I thought about just moving all my servers over to it and freeing up some rack space.

I started a home lab up using a server a work buddy gave to me. Got TrueNAS loaded onto it, pfSense, and piHole for DNS. The setup stopped there. I was gonna wire up some Ethernet through my home for it, but I can't get the lines ran. Need to get some MOCa adapters and use those, just gotten lazy since I started.

My previous home I ended up running lines from my server room through the outside in conduit into each room. My homelab really only consists of proxmox for test playground and Kali, a couple pis I haven't touched in forever (used to control my outside lights), a couple 1U's running Ubuntu, switch, etc. It's not very much. I had a couple 2U and 4U running game servers but I've moved them over to online hosting because I was having issues with my provider having outages like once a week.

I'm in the middle of building this massive Ark server box xD Thing should have enough cores and ram to run about 20 maps with 30 players on each map at once. It's an expensive little gem but the client backed out of the build last year and I just kept the hardware and paid what he had put in it - fees. I won't pay out of pocket for a clients project ever again though lol I had about $3k sunk into it out of pocket when he backed out. Not including the $1kish I gave him back to buy out his portion

Just got 1 old 2U from 2013. An Intel model. Was gonna use it for labs doing malware analysis, test offense/defense scenarios, and run a home net firewall/DNS. But the cabling company I was gonna have run the wires said they can't do it because of the way the walls were done. Every room has coax to it though, so I'm gonna use that once I stop being lazy.

Dang that kinda stinks! I'm going to start looking into buying my own home next year where I hope to completely wire up my house and not worry about it for the next 20 years. We can't have any more kids so as long as we get something with at least 2 extra bedrooms than we have now we can both have an office and I can have my server room back lol
I'm currently working out of my bedroom with my server rack beside my desk 🤣

Make sure the home is amenable to having new cable ran lol. Or do a new-build.

Definitely! Houses are popping up everywhere around my state. I don't want to live in the city but I also don't want to live 2 hours away from the nearest city lol So it'll be interesting when we start looking again.

Last year when we looked into it everything was just so freaking expensive! We decided to keep renting another year or 2 and go from there. And now I'm transitioning into a new job so I'm thinking spring 2023 we move into our own house.

The bubble will pop eventually. If you can wait until then, oughta be able to get a home relatively cheap.

Ya we're in no hurry when we can save 20%+ on a home just by waiting it out.

We got real lucky. Bought in late 2020, right before it started spiking.

Home has gained like $60k since then. If living with family were an option I'd sell.

my husband and I are also thinking Spring 2023 for a move... because oof... houses where we plan to move went up 50%

Oh dang! Could always find you a lease for a year! lol

Had a buddy whose father-in-law died and left them the house. They sold theirs in a day for $50k profit and now are living mortgage-free.

Shitty situation, losing the dad, but that was a good outcome.

I'm slowly seeing prices around me go down. What really urks me is my previous landlord bought that house in 2015 for only about $60k put about 10k into it and has been renting it out since and just sold late last year (we had to move) for over $120k

Dang at least something good came out of that Gamer!
I'll get my dads house when he passes but every year that chance goes down and down so I'm not counting on it for a life goal 😂
We went from being super close to just sending a quick text on holidays if we remember. I haven't even been over there in about 2 years

I talk to my step dad about daily though and he lives down south about 8 hours away where either we go visit or he comes up about every other month 😂

Yeah my parents going will not be a fun time. Not just because of losing them, but having to deal with the messes they'll inevitably leave behind.

Oh man.. Responsibilities of children right lol
My mom passed almost a year ago. Luckily my step dad told everyone to stay back and he handled literally everything. I think it was his way to mourn

But we also had 2-3 years to attempt to fathom mentally preparing for it..

She was actually the reason I got my s**t together and started my career 😂

My sister dropped out of multiple colleges, got with some deuschebag and she wanted to see at least one of her children do something with their life before she passed 🤣
Woke up one day and said "yup I'm going to college"

wanted to see at least one of her children do something with their life
Fuckin oof

Ya 🤣
My brother is about grad high school and my youngest sister is a complete trainwreck and my oldest sister is autistic who's got her life together as well but then again she never lost hers 😂

I'm also 10 years older than my oldest sister though

I'd say the majority of the 4 of us turned out alright 🤣
My youngest sister would be better off if she left the slumbag somewhere along side the road but time will tell.

Anyways! Back off the personal life train lol
Having issues with Packet Tracer software. First day of semester and I'm already having issues with compatibility versions lol

security engineer intern interview soon, kinda nervous

You'll do fine, nervousness is normal. Make sure to ask questions at the end of the interview. Questions that make the questioner think are good ones.

Not surprising. Old and new versions don't like to play with each other, and I bet the school/instructor hasn't updated in a while.

Packet tracer

Actually all course lab content is from the NETACAD website so that's why I'm confused 😂
It literally walked me through using the latest version (7.2.2 I believe) then hands an assignment out I assume for an earlier version lol

The instructor uploads the material to NetAcad though.

Class technically doesn't start until Thursday and I'm at work so I haven't messed with it much since I got the error

I think I'm still a NetAcad instructor. Wonder if I could do some classes.

My networking class was a 3 hour block

It was horrendous

lol

Sounds it

My CCNA class was 8 hour/day for 3 weeks. That sucked.

Back in 2015, I think.

3 hours a week for about 4 months for my first year

Convinced my command to send me to it since CCNA was "technically" a requirement for network chiefs, which I was at the time.

Ah so I should bring it up with the instructor. Makes sense. Luckily the CCNA is broken up into 3 separate classes instead of one huge block

About 6/7 hours a week for another 5 months of networking and things like WAN and embedded system devices

Plus coursework and exams

Yeah, each class we would start with subnetting by hand. The problem was that the instructor would teach us a new way to calculate every class

So I’d probably do about 6/7 hours a week first semester of networking and then maybe 12+ in my second all in ky undergrad/bachelors

And about 15+ a week for my current networking classes

Since September 2021

Going for P?

I only had to take one true networking class

Then there were some networking security courses

Just trying to survive my masters

Tbf

I do love networking so I don’t complain

I just get it

I complain

I only feel that way about malware analysis and forensics

anything out of all of those 3 I really struggle to learn and enjoy

Oh I complain nonstop. But I do still like it. Except for troubleshooting multicast. Routes, ACLs, ports, things like that I'll dive into no complaint. Multicast? Screw that. Hate it.

networking is the best

Oh yeah

Let’s not talk about ACL’s LMAO

Our "main" ACLs (one in, one out) are over 100 lines

Thanks, I needed that

Gave +1 Rep to @stoic cave

Not a problem

Maybe I should find a job in game server hosting xD
It seems that's all I do in my free time because people want more and more stuff and I spend hours debugging how a mod just crashed a dozen different servers across multiple clusters 🤣

I know we were talking about things like CEH, Pentest+ and OSCP but what about eJPT? It seems like an interesting pentesting exam and you can do a lot of ctf preparation for it online with different courses I found on the study infosec page. Would this exam be a good intorductory exam for pentesting and would it be any good for jobs?

The study materials are free and a good resource. If you take CCNA, Sec+, and OSCP you dont need it

You dont need it as in you dont need the certification

Ok but say you took sec+ as an example, wouldn't employers want to see another more hacking related certification or course like the jEPT or Oscp?

And how would you rank a lesser known exam like jEPT anywau

Anyway

OSCP is the entry level pentesting cert

You'd be wasting money

Yea I don't think I'd do that

And I'd be scared to death of oscl

Oscp

Plus right now I'm not trying to figure out certifications I just want to enjoy learning computers as a passion and get a job when I'm on my own and need to fully support myself. But for this year my resolution is to learn this stuff to an advanced level and do hacking challenges rather then do exams in 2023 and 2024 I'll worry about getting the exams

I do not agree with this

Ejpt is a nice introduction to blackbox, so yes you will probably learn a few things especially if you are new. On the resume end it won't be that much of an added value is it is really entree level

sec+ is just a nice introduction it covers a lot of different topics in the security area but none of them in depth

OSCP, is known as the entree level pentest cert** (entree level pentest cert does not mean entree level IT certificate you do need to have decent knowledge already)

@tribal flicker We got a sales person over here 😦

eJPT does not have the recognition in industry

@boreal sand please do not advertise here, it's against the rules.

oh!! i am sorry, i mean to just share info for testing the knowledge, i am not any sort of agent for that 🙂

sorry my bad!! just learner to explore

i was planning on taking it. does it really not have recognition

It's not got a lot of recognition at all. It's good for training material, but if you're UK or US then I'd personally do Sec+ or something for a start in security for about the same money

im from india

CEH is the cert with respect in India. That's about the only place it has respect

okay but sec + also has right

CEH is costly

compared to sec +

so damn confusing

CEH practical is pending for me till march after completion i guess i will go for CEH or other less expensive one

https://www.usajobs.gov/job/631584200

There are still many jobs that hire people with a CEH certification, I was looking the other day and many jobs had it

BlackHawkX, the reasoning for that has been explained to you many times already. It's not respected in the US as a cybersecurity certification of competence, HR hasn't yet caught up to the reality.

We've had this discussion too many times to start it again, it'd be clearly futile to do it again.
You're free to spend your money how you want, but none of us are going to recommend CEH.

if u wanna see someone with no competence that has ceh look at me

So I'm having second thoughts abt an interview I planned to schedule for Friday cause the company has some pretty bad customer reviews. Glassdoor has some good employee reviews but could only access a handful.

I know I'm not in a position to be particularly selective but idk I just don't want to lock myself into a bad environment.

Where did you see those reviews? Is the site reliable (or can anyone post a review there)?

Also customer reviews are not employee reviews

They can tell about the company and its values in any case, if they're trustworthy

Customers are much more likely to leave negative feedback on the services the company provides, which isn't a reflection of the actual working environment

Doing a good job at a bad employer is a great experience: knowing how to deal with stress and what a broken environment look like are super helpful long term

in your next job(s), it really helps to know which landmines you shouldn't step on.

The other good thing about starting out at a broken company: it can only go up from there

And an interview won't bind you to anything. You can usually ask a few questions to (carefully) poke and see if the working environment seems bad. If attrition seems high, it's often a bad sign.

You also gotta remember employee reviews are across all departments not specifically the department you'd be entering. I've worked for some companies where certain departments had like terrible pay, bad supervisors etc but the department I worked for was amazing

My advice is take the enter view and learn more about the position and direct management. An interview is both for them to see if you're a good fit as well as seeing if the company's a good fit for you

True, google reviews may not be too reliable

Thank you guys

I'll go forward wit hit

Now that I got packet tracer software running, this is pretty sweet lol
As a newbie to the Network world I think it's awesome you can completely visualize any network and watch how it works. Thanks to those that helped me yesterday! lol It ended up being the instructor uploading the wrong (not newest) version of packet tracer so the assignments weren't compatible.

Do they also have to adhere to US Code Title 50? 😄

I might actually apply

Lol

It's only GS-12

Wait i cant read

Title 50 covers the CIA and NSA, but even more importantly: Wind tunnels. 😂

@vital laurel what's GG

I've only seen GS

GG is Intel

https://www.quora.com/What-does-GG-stand-for-with-regards-to-US-government-jobs

I see

Hey guys Cyberforensics is starting to look really appealing to me, I am wondering if there is a non-degree route for this? I've been looking around but im having a hard time sifting through information

I recently entered a digital forensics Consultant role. My degree is in art, so not directly applicable. I personally took a cybersecurity boot camp and got A+ and security+, then a bunch of free certs, added with some practical home lab and studying on TryHackMe. So it's possible but I consider myself lucky to have landed this role so early in my career. Previously I only had 9 months help desk experience.

If you're truly interested in the field, try doing some specific digital forensics practice. There's a new room on TryHackMe, "windows forensics 1". Also try cyberdefenders and search for forensics related challenges. Check out dfirdiva. She put together a lot of awesome resources and updates fairly regularly.

AntiSyphon training (from the team at black hills information security) have a couple forensic related courses. Some are "pay what you can."

Hey could anyone recommend ctf challenges that could go on a resume? As well as other related penetration testing credentials that could land an internship? Could really use the help as I am a university Freshman in my second semester in search of an internship, thanks.

I read this before and it gave me the impression they don't do much in and of themselves https://www.reddit.com/r/hacking/comments/hlihw7/how_do_you_use_ctfs_on_a_resume/

CTF challenges that you compete in can be put into an extracurricular category on your resume. Since it's something done on your own time it wouldn't qualify as professional experience. If you're a freshman, internships don't exactly open up to you. I would focus on your studies right now and then start looking around this time next year once your a sophomore

At your university, see if there are any clubs that you could join. My university had an "enterprise" club, not the actual name, but it handled a lot of the schools infrastructure including the labs the students used and some school servers

Also as you're looking for internships, don't exclude other areas of the computer field. You may want to only look for cyber security or pentesting internships but that's going to severely limit your options and defeat the purpose of an internship, which is to gain professional experience in the general area.

@paper grove Also I've got my Sec+ the thing that's holding me back more than anythign in Cybersec is the lack of experience compared to others. What certs do you have? Got a redacted Resume I could look at?

Gave +1 Rep to @paper grove

@stoic cave you ever do any Cyber Patriot stuff?

As an example, my internship was with an IT department and I probably learned more in those 3 months than I ever have before. Now, I'm a Cyber Security Engineer.

Is that the High School one?

Yeah I think they do middle and high school

No, I didn't start anything Cyber until college

I meant as a mentor or coach

Oh, no i have not

But i guess not 😅

I would consider it but ngl, CTFs and Offensive doesn't scratch that itch for me

I hope my long diatribe answers any questions you have had. Feel free to ask some more here if you have any

Paid certs I hold: Google IT Support, A+, Sec+, my boot camp
Free certs: Fortinet NSE_1, Fortinet NSE_2, Splunk fundamentals 1
Additional papers/accomplishments: ACM cyber threat hunting L1, THM pre security, THM complete beginner.

Let me redact a resume and I can post. If it'll help

Yes that was great! Thanks!!

Gave +1 Rep to @stoic cave

Would love to see that as well!

Here is a redacted ish version of mine

This was when I was in college

What does a SRE (Site Reliability Engineer) do?

Specifically as a intern if anyone had any insight

Here ya go. This is the resume I used that led to me getting my current role.

Wow

@paper grove Thanks for answering all my questions 🙂

Gave +1 Rep to @paper grove

It seems like a broad part of that resume is experience. Like he has tryhackme and a bootcamp but a lot of it is the job experience of doing things

well experience is the biggest factor

Experience and Soft skills are two of the biggest factors in hiring

Hope y'all are around to help me with my resume in half a dozen years

how come you're waiting that long?

No need for a new job for now, work is steady and I'm comfortable where I am

I need more experience so that I can get a good geek squad job or something

cool cool, you working in IT now? or something else?

what do yall think of bootcamps? Ive seen a lot of coding and hacking bootcamps and they seem to be a cool thing to do to get a job, and even a few sites I went to compared them to a college degree. also how much do the bootcamps cost? Because I have about $1200 I could take from my income this summer to pay for an online bootcamp

I watched logs for awhile looking for bad, now I am basically middle management, making plans for others to do the same

I would use that money for certifications. Bootcamps can be hit or miss

Yes, I agree with what @stoic cave said. Hit or miss. I enjoyed mine, even with their hiccups. I've seen some that didn't do much. Even some of my classmates weren't happy with the price and outcome. I definitely recommend doing lots of research.

The absolute best advice we can give you right now is to cool off, seriously. You are trying way too hard and going down all the wrong directions (and have been for, what, a week now?)

Don't get fixated on learning a language, or getting a certification (especially one that you've been told numerous times by numerous professionals is shit), or investing in a bootcamp. You have literally years before any of this becomes an issue. Focus on learning naturally, don't force it. You have plenty of time -- just do what you enjoy and progress steadily instead of trying to cram it all in now.

Do some THM. Go practice programming -- any language, doesn't matter if it's "good for hacking" or not; just pick one you enjoy working in. Build a lab. Read an interesting article. Whatever works for you.
You don't need to fixate on what will get you furthest 🙂

Thats what I said earlier. and I know I go too far and Im trying to stop myself on it. Its been such a passion for me to get a job in this that I want to get the stuff I need as soon as possible, and I literally get anxiety over the stuff I should be enjoying. So Im taking it back and enjoying the process of learning code, no certifications, no 6 month long course, just me learning stuff for fun and I can hack things. Right now Im working on a kahoot flooder to practice my socket programming and learn how to enter input into a machine and tomorrow Ill work on ctf. but I try so hard because I get so passionate that it becomes my life basically

I would, uh, suggest not working on a kahoot flooder...

That's likely to end up with you receiving a not-particularly-nice visit from your local police force

no no it isnt a ddos attack

its for me to use but all it does is just send a bunch of random bots into a game

and only I use it on my kaahoot games

I suspect that's still a breach of ToS, but you'll need to check that

Gimme five minutes and I'll give you something productive to practice on

ok but pls make it related to programming 🙂

because Im trying to practice python

and projects I can add to a resume

What kind of resume you putting a flooder on?

Yeah, something like that may come off as immature and be a detriment to your resume

well it was more or less for me to practice

but right now Im on picoctf doing ctf practice

Id rather learn actual hacking then just knowing how to enter an ip on some tool a person made for you

If you mean hacking as in getting into somebody's servers to acquire info that you shouldn't have (or destroying others experience) you're in the wrong place? Please clarify 🤣

no Im a good hacker

Our type of hacking is literallt punching some numbers into a tool and finding vulnerabilities to help companies better fix their security (very simplified but you get the gist)

well what I mean is Im trying ctfs

and practicing

I hear ctfs were great for practicing and they make you think like a hacker but you are at the same time not doing something illegal. but yes I might do bug bounty

but first the ctfs!

Real world security and CTFs have only the same concepts in common.

There is no 1:1 mapping between them.

Ive been doing ethical hacking on kali linux and having fun but what ive realized is that all I knew was how to enter the IP address of a windows machine into metasploit and watch it do everything for me, I want to venture out

well of course I dont think theres anything that will 100% be exactly like the job you will do

.....

Doing the exact thing but each box is a different path to how you get from A to Z. Branch out by finding different ways of exploiting boxes

but ctf also has that exact thing. you learn how to do binary exploitation, sql and web based injections, general skills, etc. etc.

I was only referring to your comment "...enter the IP address of a windows machine into metasploit and watch it do everything for me, I want to venture out"

well theres nothing wrong with metasploit I personally would love to shake the hands of the genius that made it but I still want to know what an EXPLOIT actually is and how to write ones like buffer overflow

I mean I do dont worry

but the problem with doing all the automated stuff is you lose the fun and actual skill of hacking

I suck at Metasploit 🤣 I have to find a walkthrough every time. I personally like sql and web injections since my background is mostly backend web/application dev. Makes me realize how much of my stuff is exploitable that I built when I first started

lol Im the opposite, I struggle to understand sql, but I really want to for future stuff. But I started stuff in metasploit and for me sometimes I need a walkthrough but I understand the commands. Im glad even the senior and experienced hacker people still also have to look things up occasionally

I'm still a dev working towards a sec or net position but ya lol

By the end of this year I'll be broke into the space

Yeah, between this and folks who like to write malicious stuff there's plenty of job security for those of us who find and prosecute the exploiters

That 👆lol

Lol Im new as well, but Im trying to learn the stuff. I plan to learn binary exploitation, Web exploitation, reverse engineering, and forensics in order

The royal us of course, cyber security professionals. It's sad to see immature individuals get caught up in that but oh well I guess

Ive been doing cyberstuff for the past 6 months

Job security isn't going anywhere that's for sure

I've only been doing cybsec stuff foe less than a year but I've been doing dev ops and network stuff for longer as a dev

I'm transitioning into a weird network and security admin type role at work. Doing anything from network setup/maintenance to internal pentesting to setting up key fobs etc

That took longer than expected -- I am too tired to be designing these things

Are you connected to the THM VPN?

unfortunantely not I dont have the premium subcription

Eh? The VPN is free...

openVPN?

that one?

Mhm

I installed open vpn but I couldnt get it working, also doesnt it just let you deploy the machines from your browser?

Eh, this part is your problem -- I'm off to bed 😆
Figure out how to get connected, then solve the programming challenge I'm about to DM you. I want the flag and a script showing how you did it by the time I wake up 🤷‍♂️
That work?

Deal!

send it to me pls!

Just did 😆
An IP and a port -- that's all you're getting

where did you send it?

muir sleeps for about 20 minutes so good luck

This will give you a chance to practice your socket programming, as well as enumerate and understand a challenge

Anyway, bed time! See y'all in 20 minutes!

Ok

(Just kidding -- you actually have about 7 hours)

but first lemme get connected to the openvpn

oh ok sighs in relief

You know you're not verified? Just curious. You can link your thm profile to your discord account

oh ok also hey real quick Ive connected to the openvpn network but how do I start a machine

like he gave me the ip and port to attack

but I need to start a machine

Sounds like he just hooked you up with a dedicated ip and port. Use your own kali machine to openvpn to the thm network

https://tryhackme.com/room/hello

oh ok

Thank you lol I'm not at the pc to link the room 🤣

dude

this is so annyoing

when I go to the access

it says Im not even connected to the network

even though I just can the config file

ran*

Screenshot the bottom of the cli output window after you run the config

Did you try to ping the ip in a different tab?

Let me try that

I GOTTT IT :d

😄

Lol sweet. Well get at that box you're down to about 6.5 hrs now 🤣

lol

tries to access ssh server

cries in pain

so I've been a net/sysadmin for the last 10 yrs but in places that were relatively small. we didn't have a dedicated security team but it was something I always baked in.

I'd like to move into security engineering bc it seems the quickest route for me (and then maybe move into vuln mgmt/pen testing)

but when I look at postings it seems like I need to be an expert in 5 or 6 stacks. I've always had to wear multiple hats, so I know a bit about a lot of things, but I'm def no expert in AWS/ISE/Python/SIEM/NIST/Okta/SAST/DAST altogether

so...I guess I'm just trying to figure out what's the best thing to focus on studying

Well if you look at things like Pentest+ they are designed for system admins and networking admins

Who are new to the cyber hacking workd

World

Someone with 10 years of experience would be good for that

try looking for positions as a "Security Architect" - there's plenty of orgs that have security teams without people who have sys admin experience that is very much needed

are there lots of remote jobs for pentesting? that's my main concern. I had heard that pentesters tend to need to travel/be on site

I would honestly try to focus on general security certifications ex. Security+, GSEC, CISSP, and others alike. Once you fall into position like that, I would start building up an offensive toolset, take certifications like PWK/OSCP, GPEN, etc.

the world is very much changing in regards to work from home - odds are you wont be on site 8 hours a day, 5 days a week. More so just when you need to do physical work that cant be done remote.

Frankly I'm not a pentester so don't take my word as final but I've honestly never heard that before it really depends on the position I think

And yes remote work is a big option on the cyberworld

if working remote is a big ask for you don't get too hung up on pentesting, being open to any SecOps position opens up a world of possibilities for remote work

https://www.linkedin.com/jobs/view/2877834960/ - Here's a job that sounds like it would be a good fit:

CrowdStrike is looking for a Security Architect to join our growing Security Architecture and Engineering team within Information Security department.

Security Architect will work in a cross functional role and partner with other teams as a subject matter expert by adhering to the industry best security practices.
Leads the planning, implementation, documentation, and testing of security systems
Develops security standards, policies, and procedures
Partners with business units to understand technology needs and to integrate security across various business use cases
Determines security requirements by evaluating business strategies and needs; researching information security standards; plan and collaborate with team members in conducting system security and vulnerability analyses and risk assessments
Prepares security reports by collecting, analyzing, and summarizing data and trends
Maintains relevant job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
Enhances department and organization reputation by accepting ownership for accomplishing tasks; exploring opportunities to add value to job accomplishments
Assist with ad-hoc operational tasks as required

like security analyst, IR, things of that nature?

my last job was kinda like this but less security focused. I don't like planning, designing, gathering info, etc. I like the operational/maintenance aspects more

yep exactly, but with your background - a move into Architecture like spooky suggested is a good fit

they can be pretty hands-on

that's honestly one of the quickest ways to transition from Net Admin/Sys Admin -> Security - if you're unfamiliar with the tools and technologies that exist in a SOC, this is how you would learn them. Integration + Initial setup would help get you off the ground and into a working state very fast.

also worth noting, you'll probably be looking at a pay bump if you go from Sys Admin -> Sec Architect vs a drop if you go from Sys Admin -> L1 Sec Analyst

heyo, so I'm interning as a GRC anylist and my 3 months is up soon I'm pretty sure they wanna offer me a position but I enjoy the more technical aspect then the anylitical and I know you can pivot in this company but there currently not hiring red or blue team soo idk what to do. do I request a more technical position or just take what's offered because I'll be finishing my degree up soon

a lot of the sec arch postings I'm looking at seem a bit over my head, esp since most of my exp is small/med biz. I don't have much exp designing & implementing projects, just managing existing infrastructure

maybe i'm reading too much into it though

look at it this way - which is going to go over your head more. Security Ops and Penetration Testing or Sec Architecture?

arch probably lol

I always enjoyed running nessus scans and verifying the results. just recently started learning how to use metasploit and did my first exploit on ms2

vulnerability management is an option, it shouldn't be that difficult to get into with prior infrastructure management experience

but you never know until you fire out applications

what titles are those usually? vulnerability mgmt engineer?

something along those lines

big thing with that is they need someone who knows how to talk with people & who understands that vulnerabilities may not always be patched timely and understands the business reasons behind all of that

that sounds perfect for me tbh

question guys ist worth to do some other cert before OSCP to get into infosec job and then do the oscp exam?
or just go for the oscp exam without other cert

Sec+ -> OSCP imo

From what I have seen it usually is a task under security engineer

And within that team there are most of the time people who are more focused on vuln mgmt and some are more focused on SIEM

But hey those are my 2 cents so I could be totally wrong about it

yeah I was going to say Security architecture is an advanced position within Security, usually you need years of experience in Security. Security Engineering is also sometimes a design position for projects. Sometimes though titles for Vulnerability management are also called Security Engineering. Look for position titles of Security Analyst, Security Engineering and Vulnerability management.

If someone is looking for various roles, this is a small glimpse of roles/areas within Cyber and I'll say the salaries look off, the Cyber Architect especially looks low for an average. https://www.cyberseek.org/pathway.html

thanks for posting that @pseudo creek

Gave +1 Rep to @pseudo creek

How much would you say they usually make average in your opinion?

are you asking about salary expectations? It depends a lot on location, company, role and experience. Especially location.

I was more just wondering if the pathway's salaries for the other roles were out of date

If you look at the salaries, they're all pretty close to each other. Only Cybersecurity architect stands out. So the data is skewed somehow - you wouldn't expect one in an entry level role to get more than one in an advanced role.

I don't think they're out of date. I think it's polling based off of available job openings and the pay scales mentioned, maybe?

its an advanced position, I don't know exact numbers but I know architects who make $300k+ and low $100k (~$120k-$130k) is pretty junior

ahh I see, yeah not a lot of job list salaries, I can see that the few that do would be low especially depending how they define architect

yeah, I wouldn't say that the site is a fact-of, or expectation-producing, reference for sure. there's a lot of variables at play

more like "generally speaking, if you want a lot of money, build your skills and gain years of experience to become a cyber architect"

lol

Jesus Christ. Thanks for the answer. Like Justenius said, I assume that would have to be due to experience, skill set, as well as location and all that.

It's often pretty weird looking at the US salary figures from the other side of Atlantic. 🙂

haha, yeah, USD conversions and all that too

Not that part, it's straightforward. The levels just are totally different.

what do you mean?

Cost of living too.
Varies massively even just within the US, some areas have super high salaries because they need to pay that much to retain staff due to cost of living.

100%

comparing san fran to montgomery alabama... that's a drastic swing

A six-figure salary is good in pretty much any European country.

Are you saying that seeing the averages seems high comparatively?

From that link? Yes

The same job in the US could have a 30-50% swing at minimum depending on where the job is located

columbus Ohio is going to be very different than NYC

What would you say would be an average salary for a cyber architect in Europe?

to have the same quality of life in NYC that I enjoy where I am, I would need roughly triple

Where are you juun?

within easy commuting distance of a small-medium metropolitan area

I'm in the Denver-metro area.. and you'll see similar swings like that in COL all within an hour of the city

No idea really. I'd guess in Finland it's somewhere between 5 to 10k a month. But I've no data to back this up 🙂

interesting 🙂 I'm sure a lot of it has to do with cost of living too

Sure it has. And that already includes some pension contributions and whatelse.

Not really. I'm pretty familiar with Denver and the Metro-Denver area, advantage of Denver is that there are a lot of much cheaper easy commute options to DTC and Downtown; you don't need to rent a 16th street apartment to work there.

sure, sure. just wild to hear the comparisons. i like learning about it all

Sure, that all depends on how much of a commute you're willing to take on. Commute options are simple in NY/NJ/PA too. And yes, living in Aurora, or Elizabeth, or Thornton vs Littleton, or Highlands Ranch, or parts of Denver.. you're looking at a big housing cost swing, which is a huge contributor to cost-of-living

When I was a cybersec engineer in the way south end of centenniel, that company paid below market - they paid with a title. Good part is, the higher title means the next job is a big bump.

And we're not on the lower level of pay scales for European tech staff. Not on the top either, though.

Yeah, a lot to consider with that too.. Titles do carry a lot of weight seemingly

wild!

A quick search through the interwebs found security architect salaries in the Netherlands and Germany at around 80k€, in UK for £100k+.

That link is only US salaries

yeah and although I'm paid well, to work in the San Fran/Silicon Valley area, I'd want 3x my salary...

Silicon Valley/San Fran is just crazy cost of living wise, it always has been but its just not worth it for myself

I agree wholeheartedly

Anyone working as a Cyber Threat Intelligence Specialist/Analyst that I can ask a few questions about this specific career path?

Post the questions in here. Even if people don't have the exact title, there are very knowledgeable individuals in here.

Thanks mate. Mainly curious if it's a rewarding role and if people are happy working it.

I think that's almost an impossible question to answer, as it'll depend on your personal bias. When looking at the role's responsibilities in the job description, does it sound like something you'd be interested in? Even then, once you actually get into the job, it's dependent on what actually goes on. I did a similar role for about 2 years. Was it rewarding? Sure, because I enjoyed the analysis, discovering what threats are out there, adversarial TTPs, etc. I also had the opportunity to do incident response and analysis while I worked the role. I've moved on since, but it was good work. I just didn't mesh well with the company.

Thanks, that's the type of answer I was looking for, personal experience with the role and what your thoughts were while doing it.

Don't be afraid to ask the recruiter or rep what the job entails and what expectations there are. If you're hoping for something technical, make sure it offers technical work too.. if you're just trying to get in the door and start exploring.. then go for it

I naturally didn't check out what the site in general was about before commenting :). The dollar sign was the only giveaway on that exact page.

Hey guys, is SANS undergraduate certificate of worth in the industry, or is there Applied Cybersecurity BS really the creme de la creme https://www.sans.edu/cyber-security-programs/undergraduate-certificate/?msc=main-nav vs https://www.sans.edu/cyber-security-programs/bachelors-degree/?msc=main-nav

What does a SRE (Site Reliability Engineer) do?

Specifically as a intern if anyone had any insight

O'Reilly has a great book on it, hold please

Cisco hold music?

Yeah, it's the monitor lizard book by Beyer, Jones, Petoff, and Murphy

https://sre.google/books/building-secure-reliable-systems/ This one?

also Google has a related Coursera course on it

Yeah, because I currently have an interview for an Internship position and I'm curious what type of technical questions I should be ready for

Honestly, I've been looking into SRE because to me it seems to complement my Cyber Architect skills... not to become an SRE but to be aware of the concepts

SRE is a huge area to be honest.

Basically, its about customer delivery, providing a good enough service and balancing development with deployment

at least from what I've started reading about it, which reminds me a lot of cyber security, you balance risk vs customer experience/needs

ig there's only one way to find out they're going to ask

if you are looking at non-traditional BS programs, it seems like a pretty good one, primarily aimed at those that are already working and don't fit into the traditional experience

Not quite, that's secure reliable, not site reliability

Ok cool. Do you mean already working in Cyber or just a regular job

a regular job

Yeah that's what I've gathered I was just curious if they specifically need to actively code bc I've came across how they need to automatize testing that they do, but idk if that would apply for an internship position

Ok. I already have a BS fyi, but it probably doesnt hold much weight.

in Economics

look at the SANS graduate certificate then or... just look at getting some certs

I've seen mention that coding should be a skill set an SRE has

Oh is the graduate certificate good enough to land a job if I already have a Bachelors degree in something else?

yes, because it is cert based, I would think so

The one I pasted is good as well - even when it's Google centric.

this was a link I was just looking at the other day https://www.gremlin.com/site-reliability-engineering/how-to-become-a-top-notch-sre/

Its also like half the price too

Yeah me too we'll see ig bc I got accepted as an Intern bc I'm still in college

but you don't need a (specific) degree to get into Cyber, really, a few certs, like Network+ and Security+ should get your foot in the door... SANS certs are amazing though

Yeah sans certs look really good

the GIAC ones apparently are top

and arent they known for their great training as well

yup

Dope. I might just give them a call or join the next info session

wonder if paying 24k is worth it to get 4 SANs certs and their training

Thing is I wouldn't want a situation where an employer would look at my CV and see an undergrad cert from SANS, and look the other way, at other job candidates, but I doubt this would be the case, considering I already have a BS, and would have certs by then.

When you put it like that it, it makes it seem overpriced

yeah I've known lots of cyber people with different undergrad degrees, cyber is very friendly to those that didn't graduate with a degree related to comp sci

it is considering I think you could get a few comptia certs for $1k and get an entry level job

build up a portfolio, get a handful certs, get an employer to pay for SANS

could you land a digital forensic investigator job with a few certs?

the entry level jobs in the industry are more help desk, it troubleshooting no ?

ehhh, i dont think so

It help desk is generally an entry level position, as is SOC analyst

My first job was as a Linux admin, and it included vulnerability management

lots of people in cyber started in it help desk

past three years or so, I've been doing more blue team work, and in march I start red team work

if you are interested in forensics, check out DFIR Diva https://dfirdiva.com/

https://www.coursera.org/articles/cybersecurity-jobs this coursera article caught my eye, but they said digital forensic investigator was entry level, which made me question it lol

Majority of the time ppl don't go to University to get certifications

Coursera is a bit iffy when it comes to job advice

sure, but considering individual courses are 7-8k each.. its a savings in that way

Thats true

SANS individual courses are like 7k

(or more)

Plus im sure SANS has a good brand in the industry for employers, but what do i know

thought the course I was looking at is $8100

but again, you don't need all that for your foot in the door

Their undergrad cert is 17k https://www.sans.edu/cyber-security-programs/undergraduate-certificate/?msc=main-nav

It depends what you wanna do, if you wanna be a technician then yeah you can obtain certs and just jump into the industry. University a lot of the times builds you as a person and develops a different way of thinking (In industry and out)

they already have a BS degree

I already have a BS yeah

in Econ

a BS in Econ and an undergrad cert from SANS doesn't look too bad

plus the certs

I wish my school offered a minor in Econ

i probably skip the initial help desk role and start bigger

when all said and done

i currently work too which is a positive

so graduate certificate sans. = 5 courses, undergrad = 4

lol sorry for rambling, but when it comes to new entry points like this, you kinda get bombarded by all the information so its hard to decipher and narrow things down

why im here

but honestly, after you get your first SANS cert, I'd start applying like crazy for any and all intro level cybersecurity positions

plus, if I remember correctly, SANS has their own network of companies looking for people through them.. and they can help you land a job

oh I got the graduate certificate missed up, the undergrad makes you take a super basic course

did i give you the wrong link> i thought i linked the undergrad cert

most people start with SEC401, I wasn't aware SEC 275 was a thing

but the undergrad cert as whole is like a program that you could put on a resume anyway right?

its not just a venue for certs

yeah I was just trying to compare, you get slightly better certs with the graduate certificate

true but thats quite upper level though

you could, but certs are really the name of the game once you have a BS

Ok. I guess ill have to look more into this. But signing up for certs right now, is the go to.

Like Security+ etc.

yup and Network+ potentially

Im really intrigued by pentesting, but cyber defense looks cool too. Honestly this whole field looks really cool.

cyber defense is much easier to get into as entry level because there are just so many more jobs

For sure, and it makes sense

Companies are getting breached left, right and center

It's a quacky industry though, in the sense that they really want experienced candidates sort of from the get go.

Some people say it's not letting the industry progress which is why there is 500k labor shortage atm.

Anyway thanks for all the help ! @pseudo creek and everyone else

Gave +1 Rep to @pseudo creek

good luck

👍

hey guys, i'm trying to transition from sales to the IT/cybersecurity field. any tips on where to start? I've heard getting your sec+ cert is a good start

yep, that's pretty much the baseline. if you've never done IT anything, may not hurt to do the triad A+, Network+, Security+ to familiarize yourself

@brisk whale thanks! I have a lot of help desk type of experience just nothing further

Gave +1 Rep to @brisk whale

no problem! 🙂 so maybe go for Security+ and start from there

depends on your patience. i think it's doable, but you'll have to be able to talk to/through different scenarios and it'll depend on the interview in general

and the company

Not sure about remote or if you'd be able to get directly into pentesting. However, in my personal experience I was able to get a job with a degree and a clearance. Little easier but I also had no certs which was sort of a detriment

i know people who send out hundreds of resumes, and do hundreds of interviews.. eventually they find a position

Pentesting is a pretty niche field within Cyber Security, so it isn't exactly entry level

^correct

I sent out about 100 applications for 3 interviews

Searching for a job, is itself, a full time job

That being said, I was hired 3 months after graduating

And then, once I was hired, companies started reaching out to me about my applications to see if I wanted to interview

You'd need an H1B sponsor

Which isn't likely for a remote internship afaik

Also, I wouldn't limit yourself to just Cyber Security or pentesting internships

By opening yourself up to other areas of the computer world, you get more opportunities

H1B is authorization to work in the US, not a clearance

It's a work Visa

yeah, definitely don't limit yourself to one niche field.. IT is expansive.. if you know for 100% certain you want to do security/offensive security.. try to find something relatable and you can always pivot

My internship was IT

It was a learning experience

lol

Local would be best in my opinion

The cost of living is likely manyfold as well.

COL in US is brutal

Especially in places with 10x-20x salaries.

I was surprised how much you could get in Berlin for 1000€

Lots of moving parts

Remote job id say there may be a small chance

Internship, more than likely no

It's highly unlikely anyone would sponsor a visa for internship.

Gave +1 Rep to @stoic cave

You're welcome

I've no idea where you're located, but check nearby countries as well. especially if there's visa-free work possibilities (like in EU)

sure, but look at other countries as well 🙂

Also, note on looking for remote positions in the US, you're going to get taxed by the US

and likely your home country at the same time

It's complicated. If the countries have a tax treaty, there shouldn't be a double taxation.

Yeah, there are variables

But the US IRS makes sure you're taxed at least once.

Like, as a US citizen, I can file a tax credit and not be taxed twice

If i work abroad

It's fairly complicated

As a non-US citizen living in Europe I have to fill forms to IRS at times 😄 (for US company's stock based compensation)

Lol

Basically: "Is there a tax treaty? Why are you getting this money? Are you sure you're paying tax?"

Yeah, if I was working abroad I would hire an accountant

That's still simple for me, as I don't have to pay any US taxes (except for dividends on non-company related US stock bought elsewhere)

Hi all, Quick question. I have an interview next week for a Security Analyst position anyone in here have some tips on qs that may be asked or what I should brush up on?

What’s your background

Been a support technician for 5 years, currently studying for Sec+ exam should be taking it mid February

Congratulations on the interview. It’s not easy. I’m the same. Expect questions like MFA, system hardening , maybe firewall questions , how would you know what an attack looks like

Thanks @hazy tree. Thanks for the examples much appreciated

Gave +1 Rep to @hazy tree

hello

Any forensic group link ?

Do you think you would need years of experience for a job like Security Analyst? I ask because I have no experience at all in any tech related job but I have been learning a lot.

You should be able to demonstrate your experience in some way. Having a certification is beneficial but not always required. You don't necessarily need to have previous tech job experience but it helps and it's useful to know how to network with people to discuss the things you do, get advice and assistance when applying or being guided through the job hunt.

Hakin9 magazine has a free edition available through their signup process containing interviews with cybersec experts on the topic. Another good resource are the Tribe of Hackers books by Marcus J. Carey, which are also a series of interviews with experts in the various fields of cybersec

https://hakin9.org/download/hakin9-open-become-hacker/

oh okay. Nice thank you

Gave +1 Rep to @rugged delta

Yes, cybersecurity jobs are not necessarily entry level. You need some experience either through work or labs

Regarding some questions I had last night..

If I wanted to apply my 10 yr tech career to something that's maybe a balance between technical and leadership - what would that be? I feel like an idea generator and love thinking about big picture stuff but have struggle with getting lost in the weeds.

A lot of my experience is wide but shallow. The perfect thing for me would be as some kind of liaison between the biz folks and the techies where I can think about big picture stuff but still be able to communicate to the technical teams who would be creating/architecting the design

Would that be some kind of security project management?

Sounds like you’re kinda describing my job - I’m a solutions architect. It’s customer facing, basically directing teams on how to adopt our software. I really enjoy it for a lot of the reasons you described

I feel like I would enjoy it if not for the social anxiety 😅 for as long as I can remember, to the earliest part of my career when j started in support, talking with clients has always been hard. Internal customers I do fine with but for some reason clients scare me haha

Totally get that, it didn’t come naturally to me either lol. Have you looked at product roles? A good PM is one of the most impactful people in any org

@tribal flicker ^ pfp

Have you thought about getting the CISSP cert? it's a very common way for technical side to learn more about how business influences implementation.

Hey guys! I'm going to take the sec+ in a little bit of time.Do you have any advice for the exam or the PBQ questions?I'm a little afraid of the sy0-601 version. I want to score as high as I can.

update us on how it goes, best of luck i have my sec + 2morrow aswell

If you aren't already, look into Darrell Gibson's training for Security+. It's what I used for.... 401? And it worked well. I wouldn't worry too much about your score. You want to go into the test confident, but realize it's a pass/fail situation. If you score perfect and someone scored a 750, you'd both be certified and no one would be of the wiser aside from yourself.

I have the A+, Net+ , CCNA+,Sec+ and I can't even land a help desk job. Should I be applying for other roles or something...? I have minimal experience

No. It could be your resume formatting. Do you have any degrees? How many jobs have you applied to?

CCNA and Sec+ are usually more advanced than help desk - junior or associate network engineer roles may be more appropriate

I don't have a degree. I applied to 200 Help Desk postions

did you personalise each and every one of those 200 applications to the different businesses and companies???

what did you mean by personalize?

can't land the job? or can't land the interviews? hugely different

its either your soft skills or your resume

likely your resume

Don't just send the same resume. Make modifications to the resume to better match each job you're applying for

can you give me an example because I don't think I have the right idea

Look at the job description. You should be able to highlight keywords that they're resume scan bots are looking for such as tools, OS, degrees, certificates, etc. If your resume doesn't match a certain percentage of their key terms.. it usually gets auto rejected

If you want to get real nitty gritty, you can try to connect with a ton of recruiters on LinkedIn and start networking with them.. tell them that you're looking for work, what you're trying to get into, etc

This but don't lie is the key here. Look at the description and see what fits your actual skillset

Correct. It'll quickly be evident if you get into an interview and you can't talk about personal experiences with things if you've lied

@stable walrus what alces thankfully explained here when shadow was eating.... you customise them to the job you are applying for to increase your chance of getting the job... while still obviously not lying on your resume

So I have my interview today (company w/ bad customer reviews) and I've been thinking about some questions to get a feel for the work environment:

• How do you handle mistakes?

• How long do members of the team normally stay here?

• How big is the team?

• Does the company have any goals/work in progress to improve work/life balance?

I understand that customer experience =/= worker exp. but I just want to get a feel for how things would be for me there

Daily life questions are good, don't ask anything that would pry into the company 'secret sauce' though.

gotcha

How senior is this role?

Personality test and culture fit are probably going to be main focuses of in-person nontechnical interviews. If it's a tech interview, most of it will be evaluating your problem solving and background.

nah this is just a security engineer internship

This is just an initial behavioral with HR person

I notice that there are a LOT of open positions at the place, including tech team. Could this be a red flag?

I'm not sure about the second question by the way. It's pretty direct. Would there be ways around it, not going straight at it? e.g. asking if the role is expanding the team or replacement or something 🙂

when my org decided to form a brand new team, we had dozens of positions open, some of them were expected to be internally filled but they were open to externals because we knew that we didn't have all the people we needed to just hire internally

its great experience and I've learned so much

Not necessarily without knowing the internal workings of the company. As @pseudo creek mentioned, often times companies have to open up the reqs to the general public even if they already have a candidate in place internally. I know for previous employers of mine, they HAD to interview at least 5 candidates before extending the offer for position internally. Additionally, if they're expanding, there's a good chance for a lot of open reqs.. and if they're anything like my company, the reqs stay open because you never know when you'll find good additional talent for the company.

and in my experience, I came external from the org but internal to the company