#cyber-and-careers

Personally, I don't, because I don't think cold messaging people is a good way to go about things. This applies even if "it's their job" or "they are a public figure", again in my opinion. My preferred way to go about things is to look for alumni at said companies, former coworkers, or things that would make you 1st connections on LinkedIn or in real life. Having someone batting for you on the inside is a much better way to go about things and will get your further in any hiring process.

what you're describing here is the dunning kruger effect, very natural and shouldn't discourage you 😄

is it possible that when they ask you a question you feel like you're answering an exam question and you're afraid of saying something wrong? you could ask for a clarification before answering their question so you can answer in the most relevant way

but honestly, if it's a form and the question is phrased in a way that you're not sure how to answer, and it's not possible to clarify at that stage, you can answer any way you want as long as you're not lying (cause that will catch up to you)

Yeah, that's pretty accurate lol. Feels like a test or gauntlet I have to get through and I'm not really sure how to do things differently

I don't want to lie, but I also realize I have to sell myself a certain way, which doesn't come naturally to me and feels like lying sometimes lol

Like I get that there's a gray place between being honest to a fault , stretching the truth and straight up lying but Yeah lol

There really isn't. Be up front and honest with your experience and your knowledge. Stretching the truth does you no favors, it's really obvious when someone is approaching the edges of their depth of knowledge.

"Stretching the truth" is another way of saying "I only lied a little bit" - not a great way to start a security interview process

Totally get that. I guess what I'm trying to say is that I've been in IT for most of my career, right? And I want to get into cybersecurity, so in my resume I highlight a lot of the relevant cybersecurity skills I performed in those sysadmin/IT support roles. So I want to represent my best self when it comes to showing off that I have transferrable skills, but I don't want to over-represent myself either by saying I have experience with nessus when that was something I might've done every so often and not as part of a routine security audit because the orgs I've worked with have been pretty small

I haven't had a very linear career progression so I'm just trying to figure out the best way to showcase what I know about security from the patchwork of skills I've developed over the last decade from wearing many hats. But I feel like straight up saying "I have a wide but shallow knowledge of many things" is not the greatest way to sell myself lol

Or maybe it is and I just haven't found the right company that wants that kind of candidate

If you've been in IT that long, your best bet is to figure out how to include common hardening frameworks in your daily tasks - how your configs align to CIS Benchmarks or DISA STIGs or other hardening guides and frameworks

I've been a full time caregiver/SAHM for the last year-ish, so unfortunately I can't walk a current job into cybersecurity

I just got past the gatekeeping HR and I have a scheduled interview with the companies director, who happens to be head of the cyber security department too, I only applied for a junior position, but I'm losing my marbles with the anxiety that's in me, I have no certs, I have no formal education, i have no formal IT experience... only what I've learned myself in the past 6~ month. I have no baseline to compare myself to, to know where my skillset is atm. I have no idea what to expect from that interview, will it be super technical, will it be chill just to see how well I'd fit it with the team? I can't sleep... excited and scared for my life that I don't fumble this opportunity.

ensure you review any skills listed on the job listing. It really depends on the company and the position. Just relax, be yourself. If you talked yourself into an interview, you can talk yourself through an interview.

I started to personalize them and I updated my cover letter now I'm getting responses...wow

That's pretty common when entering the workforce. Stick to what you know, and explicitly say when you aren't experienced with something or you aren't sure what the answer is.

great... this means you learnt how to write better applications for jobs

Dd

Ddd

Dd😔

S

F

F

Ff

@fair swift Do you need something? That's a pretty unique set of characters to spam.

cat might be looking for a job

Well, they triggered raid protection so....

I applied for an Information security analyst role. Someone who has at least 6yrs in IT. I was told I was a bit green for the role. I applied a month ago, right before the holidays, I followed up with HR about a week after New Years, , no response..followed up again a week later.. I’m so discouraged right now.

You’re more than likely not going to get the first role you apply for

sadly that is true... the chance of you getting the first job you are applying for is not that high

@thick sable ⬆️

that was quicker then shadow expected... thanks mods

For you american folks out there, I found out how to find MSc in cybersecurity focused on the technical side: You gotta search for the CAE-CO colleges. Here's a link in which you can filter and see which ones got the tag (https://www.caecommunity.org/cae-map)

And for the European folks, you can check out the following link and see whether the contents of masters are more or less technical focused: https://www.enisa.europa.eu/topics/cybersecurity-education/education-map/education-courses

super helpful links!

Hi everyone

i am going for CEH practical and i am looking for preparation option to pass it

Are you in India?

Pakistan

I would check your local job postings before committing to CEH

Outside of India, CEH isn't respected typically

but in here job market it is recognize well

Alright, if it's recognized and respected go for it

make sure you can

• Demonstrate understanding of attack vectors
• Perform network scanning to identify live and vulnerable machines in a network
• Perform OS banner grabbing, service, and user enumeration
• Perform system hacking, steganography, steganalysis attacks, and cover tracks
• Identify and use viruses, computer worms, and malware to exploit systems
• Perform packet sniffing
• Conduct a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc
• Perform SQL injection attacks
• Perform different types of cryptography attacks
• Perform vulnerability analysis to identify security loopholes in a target organization's network, communication infrastructure, and end systems etc.

if u can do that u can be ceh practical

What are the best entry level jobs a person could get in this field

• Security Analyst/IT Security Analyst/Information Security Analyst/SOC Analyst
• Security Engineer/Jr Security Engineer
• Jr Penetration Tester

Has anyone here had experience with wgu? What quality are their classes? Why is it so cheap ? Can you really finish in 6 months like they say ? Would recruiters actually look at it? Is wgu nationally or internationally recognized ? It seems to be too good to be true or a scam

I'm pretty skeptical of any online college

1. Yes
2. Fine. You get what you put into it.
3. Sure if you want to spend 24/7 studying
4. A bachelors degree is a bachelors degree. In the U.S, we're moving to a non-biased hiring model where information (such as) where you went to school is redacted from the view. However, they are a accredited institution. You still have to earn your degree and no one can tell you otherwise.
   In other fields, sure. It might matter more, for IT not so much.
5. Perfectly fine. COVID has really helped re-enforce the online learning aspect. It's not reasonable to expect full fledge adults who have jobs to sit in a college class for 7 hours of the day and then go work a shift immediately after (or vise versa).

You graduated from wgu? @languid hearth

currently enrolled

I've applied to places since having been enrolled and haven't been questioned about having WGU down for my 4yr in progress.

Can I talk to you in dms about it further

shoot

Can you dm me its not letting me send to you

accepted

Hey, I'm starting to prepare for Security+. I have Mike Chapple's book and I'm planning to do Professor Messer's free YouTube lectures with this.

I notice that Messer's lectures are ordered in sec+ objective's order but the objectives in the book are divided into multiple chapters. How should I go about this? Follow the order in the lectures and then find the specific objectives in the book?

I would start with Messer's videos, because as I you wrote they are in the same order as the objectives. Then expand your knowledge with the Chapple's book.

right, and how would you go about reading the book?
read the whole in a go from start to end?
read the same topic as in the video - simultaneously?

I'm preparing for sec+ right now too. I have started with Messer's video, then Ian Neil’s book as the chapters go.
When I was done with both videos and the book I did all 6 Dion's practice exams (https://www.udemy.com/course/security-601-exams/) and now I will do Messer's practice exams (https://www.professormesser.com/sy0-601-success-bundle/).
As a bonus I've been listening to Messer's videos while going to/from work just to keep myself expose to all those topics and wording, because English is not my first language.

hi, I want ask, is that computer security same with cybersecurity?

computer security would be considered a realm of cybersecurity, cyber is all encompassing of networked systems, computer security would be focused on computing devices... having said that, some people interchangeably use the words computer security, cyber security and information security

wow

thank you

Dang she surmised that so well that one would think that she does this for a living or something 😆

Most of the people on here are like experienced and trained veterans of cyber security

And most of us are like noobs 😆

most of us are like me the legends , the masters

i mean legendary noobs

Dang I had to verify xD

How are you getting on with that challenge?
There may or may not be a reward if you finish it

Im trying to figure out the string

And how to separate it

I like this. omg the discussions I would have for any question here

But after this I joined Ctflearn and I want to build up my skills in there and on the THM tutorials before doing more challenges to get a bigger understanding of things

Oo, what challenge?

hi

i am new to this group

Hello

Welcome

i want some information

In what?

about tryhackme

i dont no how to use this

can you guide me pls

@simple swan create an account on https://tryhackme.com. If you're new go to "Learn" and go through some rooms you're interested in learning about

I recommend koth once you get some experience they're really fun and you learn a lot

yeah ok

tq buddy

np! if you're new I recommend "Complete Beginner" or "Pre Security"

ok sure

I sent you a link to help with that

#general message

#start-here is a good place.

👋

Gee. are we really closing on 0.9Million try hack me accounts?

oof

Hllo everyone, I am trying to start with koth.... Is it like a ctf??.... I want to get handson on ctfs challenges

for koth channel, it says I do not have any permissions... why is that?

it's kinda like a ctf I guess. It's really just an attack and defend competition

I know this might sound stupid, but you have an account right? I just tried joining a lobby and it worked for me

ohh ryt... mail is different that of accounts... may be thats the issue... thanks

Mostly likely it's this issue:
#koth message
also please go to#koth

@pseudo creek

It’s in almost every channel btw

Dealing with it but thanks @coarse geyser

Hii

What would be a good path for moving from sysadmin experience into security audit?

I know I'd need to get more familiar with nist 800, iso 27001 etc but what else would help me stand out?

https://portswigger.net/web-security/certification would you recommend burp practitioner to get a pentesting job ? why or why not? how well known is it? how does it compare to oscp and pentest plus ?

Hi, I try to ask the question here, hopefully, the question is not too stupid. I am currently working in hospitality management and started studying computer science bachelor degree 6 months ago, I am 34, in Sydney Australia, and looking for a way to get into the cyber security industry.

Is there a let's say a best way to do this? like certificate / anything to get/show in order to land the initial entry level position?

I thought that wait 3 more years to finish the degree is not the ideal solution, both for the long term wait and to avoid to be 37-38 and do a carreer change and start again from the bottom at that age

I was thinking of getting the comptia security+ certificate, and push a bit more on thm and htb and try to apply in 6ish months for some entry-level position, would that one be a viable option, asking to the more experienced in the field. Is the security+ enough for the initial step in?

CISA cert may be a good one

Burp is definitely an industry tool, having knowledge of it would be a good thing. Burp is well known, the cert is new and it itself most likely wouldn't get you a job

I've been invited to interview at a managed IT services company who offer IT support and cyber security management.

Has anyone worked in this type of role (or similar) before and be able to offer some advice for the initial interview?

I'd very much appreciate it, thanks

guys do you recommend me getting the CySA+ cert after having the eJPT ?

depends on your goals

for now want to get in the blue team as a security analyst

so i am thinking about it

is it worth it ?

cysa+ isn't a bad choice then

do you already have security+?

no only eJPT

security+ is more well known than either of those

someone i know told me to jump the security + as it is only introducing the fundamentals

the fundamentals that are important to know and can be good in an interview

I mean its your choice, a lot of it depends on what you are seeing on job listings

so security + then CySA+ will be good ?

MAY GOD GIVE ME MORE MONEY

yup

ty appreciate ur help

So I figured out the A+ alone isn't useful. I applied for over 30 technical support jobs to no avail.

For a feeder role

I'm thinking I either risk and get the Network+ and Security+ then try again, or switch and go for software jobs for the technical experience. Since my country has more developer jobs than technical support and security by miles.

Any thoughts?

CompTIA Network+ and Security+ are good. 👍

are you not getting interviews at all? It took me some doing but I was still getting callbacks and interviews with no-degree, a non-tech background and A+

No interviews at all

what are some other job titles for GRC/audit positions besides GRC analyst?

im also in the US, can't speak on what its like overseas unfortunately

I'm applying on LinkedIn mainly

dont do that

apply directly or reach out to the recruiter giving out the role

I can't recommend this video enough for job-seekers, the approach has helped me and countless others get a job
https://www.youtube.com/watch?v=Air1c697tjw

I'll watch it now. Thanks for the tips.

Gave +1 Rep to @ancient prairie

Jason Blanchard also does live streams where if you're lucky he will literally job hunt for you on stream, he is a saint

Anyone here can suggest courses that are intermediate level and with certificate for red teaming?

Is the Network+ needed before Security+? I already passed the A+ which has some portion of networking.

it's not a hard and fast prerequisite, no

I got my job through that livestream

I think i was in the first 10? Maybe 12

"Security engineer" "Security analyst" "infosec engineer" "Infosec analyst"... cyber job titles are all over the place

like OSCP or CRTO?

there is also OSEP

"Compliance Analyst" is a pretty common one.

ours is security engineer... which is hilarious

also what is your budget, SANS has a ton of classes, and then there is Spectre Ops

When i was doing compliance full time, my title was in the infosec engineer chain

oh nevermind, they changed it recently, it is GRC now

I had to go look at someone with that job

what are you thoughts on the NA job market ? did you have alot of appllicants

just curious , as a newbie

I'm realizing that I'm interested in doing a kind of balance between pentesting and GRC, like vulnerability management/assessment. Sounds like I should just make a resume base that spells out the security aspects of my IT background and just search for any kind of engineer or analyst job and be up front about what I'm interested in

this type of job seems to be very common in Europe, but if you work for a company that is heavily regulated, you might experience that as well. You may be more vulnerability scanner than pentester though because you'd be checking against compliance requirements rather than overall risk

so I'd look for jobs that have vulnerability management analyst or similar

TBH that sounds ideal for me right now as I've been slightly burned out on really complex techy things but feel like eventually I'll be ready to climb back in the seat again if I take my time learning pentesting

I'm going to watch this now and save it for later

I have a Phoneinterview tomorrow for the position of fellow cyber security engineer have you guys ever seen this type of title

fellow is usually someone who is industry facing and usually a high level tech position, like its the highest level my company has

Hmm ok because I’ve seen “principal “ but never “fellow”

Hey guys, anyone here a vulnerability analyst or was one and could provide some tips or should knows for an interview

do security before network.. u might enjoy the learning flow better ( learn how to protect and then learn how it works)

Wait I’m confused, how are you going to protect something if you don’t know how it works. I did it the other way, it made more sense (at least in my personal opinion)

Well he started with a plus. And if you read the comptia security + it’s basically full of knowledge that you would teach a gradeschool kid or someone working in retail... I could be wrong we’re all looking at this from different angles

It isn't really a binary decision, they're very complimentary to each other

You should learn how to incorporate security into your networking

Yes you can do networking without security, but it's like getting behind the wheel of a car without knowing how to safely operate the vehicle

So just do both. Security+ is pretty conceptual, network+ has a lot more hands on opportunities

anybody here do any contracting work?

Other way around. In order to effectively protect something you need to have at least a base level knowledge of how said technology operates. Otherwise, your recommendations, remediations, actions may not be possible on the technology you're trying to secure. Security is not a base level activity/profession and requires previous experience and knowledge.

Not typically around here. Unless you have a team of lawyers you employ, it's not really recommended

Security happens at all levels - network security is just as important a domain as on-device management.

Don't know what level, assuming entry, you're likely not going to be expected to know much. I'd say no more than what's covered in security+ if I had to guess. Talk about learning you may be doing outside of work or school that's always a good one. Make sure to come prepared with questions for the interviewer. Any questions that make the interviewer stop and think are great.

Thanks for the tips! I'll have to report back after to say how it went.

Gave +1 Rep to @stoic cave

I am assuming that this is entry and just out of college

So this advice may be lacking just FYI

The industry itself is all over the place.

Makes sense. Thank you.

Gave +1 Rep to @serene jungle

hey guys, as a Soc operator, if there is reason to believe a host is infected and I have access to an end point, what am I to do or check?

That'd be an #infosec-general thing ideally

I can move it, thanks

Gave +1 Rep to @quick forum

Follow company policy

Scroll up a little bit and see my response to them. In the long term I think it will be beneficial to do the inverse for the reasons I stated above.

hi

hey would someone be interested in reviewing my resume (personal info obfuscated)?

Hi

If you're redacting the personal information just post it here. More eyes = more better

https://media.discordapp.net/attachments/924564313665077309/935978939489325056/resume_fake_image.png

@stoic cave

"mac,linux,and windows" needs spacing and capitalisation fixed. Couple other places with dodgy spacing.
Cisco under skills should be Cisco not CISCO.
I'd be concerned about the big header because printing that will suuuuuck.
I'd leave a newline between the two jobs.
Not sure I'd include linkedin learning as certifications.

How is Results Oriented a Core Skill

Actual skills should go there, not abstract objectives

Agree with James about the certs, if it's not a proctored exam, it doesn't go there.

Going from top to bottom:

Color isn't exactly your friend, black and white is timeless.

First and last takes up too much space.

I personally find side bars on resumes annoying, mileage may vary.

Categories should be as follows:
Education
Skills
Experience
Extracurricular

LinkedIn learning isn't a certification
Passions don't belong on a resume

If software is no longer supported, (such as Win7) don't list it.

That too

Unless it's specifically mentioned in the job description

Also make sure the skills in the skills section are gained through professional experience or through your degree

I personally would be hesitant to put anything self taught in that section

Also remove all of the dots, properly formatted resumes won't need them

Lastly, no images of yourself on resumes

Oh and remove the paragraph, that's what cover letters are for

why ?

I think it's convention in some places

If i remember correctly you're in the US?

yes

@stoic caveshould i list a cert i almost have?

ie im going for sec plus in a few weeks

can i put security plus (pending february 2022)

Put what you have

Almost doesn't count, again in my opinion

I'd mention you're working towards it in cover letter or something

I do not have any certs yet. I do have alot of practical job and homelab experience

It avoids biases and other things that companies are fearful of, like EEO Lawsuits

eeo?

Equal Employment Opportunity

ah ok. I was following someone else's template that used a image

thought it would make it a more personal experience

To add on to this, if they ask what you're doing to learn you should mention certification study first

and for a recruiter to see my application as belonging to a real person

Not how it works usually

Again in the US and from recruiting people I've talked to

@stoic cavewhats the most optimal way to arrange a resume that both a human and machine can most easily read and comprehend it

Awesome-CV

Look it up, it's written in latex

It is ONLY appropriate to list a cert you dont' have if you have taken the test, been notified you passed, but have not received the actual certification credentials yet.

what is the optimal way to mention further learning ie tryhackme hackthehbox ctfs etc on a resume

In a projects or extracurricular section

wow overleaf is amazing

Not sure I'd agree with this one.
I tend to mention the one I'm currently working towards -- albeit in the overview rather than under the certifications section. Either way making it very clear that it's a current focus rather than an obtained cert. 🤷‍♂️

It's done me fairly well so far

That I think is fine - I wasn't clear enough, then.

Ah, fair enough

Yeah, I'd 100% agree don't list it under your "list of obtained certs"

My personal opinion is I don't like it because I haven't earned it. That's just me though because I already deal with confusion about the name of my college and people thinking I was actually in the military

Something like 'Working towards XXXXX professional certifcation' is perfectly fine under something like objectives or projects as well

It shows the direction that you're focusing in though, as well as showing that you're still doing personal development 🤷‍♂️

Also means that the company can be fairly confident that you'll have it sooner or later as well

Yeah idk. I feel like it comes up in conversation enough that it isn't a necessity. Again opinion

It's something that I've been asked by every recruiter or phone screen person

That assumes you get to interview though

Having it on the CV also gives them a talking point

I don't want to hijack the thread, but I'd love to have a resume review too. I'm aiming for a vulnerability management analyst/engineer position. anonymized: https://imgur.com/v2X3vy0

Looks decent but there is work to do. Your skills are excessive in my opinion. I would cut the list down to like top 10 or 5 maybe. If I’m reviewing your resume I’m going to glance over them and think you’re full of it. Supplement the taken away skills with projects. ie blogs, open source contribution, etc. It also just seems very “wide” to me I would try and condense it. Keep it concise, make columns, etc.

I would also cut the description in favor of a cover letter but that’s personal preference

I cut the margins a lil when snipping to upload, that's why it looks wide lol

I mean you don’t have everything compact. ie putting education and certification side by side. Experience and skills, etc. you’re taking up a lot of space that doesn’t need to be there

I don’t wanna read through more than maybe two/three pages of a resume with a bunch of fluff

If you could post an image and not a link that would be preferable

I'll give a critique if you do. Just don't click on links unfortunately

oh, gotcha. yeah I used to a two column resume like putting education/skills side by side, but application autoparsers chewed it to hell

Columns = not good for parsing

I tried to paste directly into discord and it wouldn't let me for some reason

yup, exactly

You need to verify

!docs verify

huh. I thought i was lol

Follow these instructions

ah, brilliant, ty

What are some internship positions a CS student , looking to get into cybersec, can/should do in college?
Preferably bigger companies, as brand names are weighted heavier on resumes

Not always. Experience is experience at the end of the day. By limiting yourself to those types of positions you're setting yourself up to not be successful in a search.

Obviously someone who interns at a startup isn't better or worse than someone who interned at a company like IBM, however , I've heard from people that have done internships for big companies that recruiters unfortunately think in this unfair way of preferring people with serious brand name internships

For the resume:

Jane doe is preferably centered and the links to things go under the name.

Top paragraph can go. In my opinion that's what a cover letter is for.

You have a bachelors, you don't need the associate on the resume. Order should probably be shaken up a bit. I like education, skills and certifications, then experience, followed up by personal projects.

In my opinion, you don't need all of those jobs. However, you're time at those jobs is shorter so that may need to stay.

Too many skills in the skills section. Tailor each resume to the job you're applying to. It reduces the perceived clutter and allows you to highlight skills relevant to the role.

Personally, I don't like the in progress cert stuff. Others have argued for it though.

Hot pink may not be the best color choice.

Under each job i wouldn't necessarily go above 3 bullets but yours isn't bad.

Try to keep the resume to a single page if possible. Overall, nice resume.

Hot pink?

Ohh, I'm on my phone now, I see what you mean. I think that's an artifact from taking a print screen with Flux. It's a neutral color on the Google doc lol

That may be true in the short term. However, an internship is there to provide experience to someone in higher education, generally. I personally wouldn't get caught up in the whole "I need an internship at the largest companies"

Yeah lol. For me it's straight pink

When it comes down to brass tax, experience is what matters. Doesn't matter where you got it

that makes sense. any tips on getting the internships/ position I should look into? I'm really lost and looking to do my first one

What year are you?

freshman

Ah don't worry yet then

Focus on your classes

Oh Jesus. That's embarrassing. I'm red-green colorblind and I just looked at the Google doc and the font is actually light red

Lmaoo

For this reason I stick to black and white lol. Friend is also color blind and asked why my resume was odd colors

Really? A lot of my peers are doing crazy internships at google and microsoft and stuff. THeyre not CS majors mostly finance but still, theyre only freshmen

Yeah I had no idea. The base was from a Google docs resume template so the headers were already set to that color lmao

In any event, thanks for calling that to my attention and giving some feedback on the resume!

• cut down on skills to a few that cover what exactly you are applying for
• center "Jane Doe", move contact line with your email and stuff underneath the centered "Jane Doe"
• rule of 3 for experience (last 3 jobs)
• move certifications underneath skills, one line for each cert and put the date you acquired in right margin

Junior into your senior year is typically where you'll do your internship. Especially if you are applying to places where you'll have to stay in a rental or not locally. Sophomore into your junior year I would look locally to you and see what's available. Don't just focus on a niche within the computer world. IT internships are prevalent and provide great experience.

I also think the blurb under your name is fine, just make sure to customize it in a per-application basis and it can be used in lieu of a cover letter - if they ain't asking for one you don't need one

Also, direct peers or over the internet peers

LinkedIn connections

Yeah, don't focus on that

LinkedIn is social media. It's not real life

You're only going to see curated content that puts people in the best light

90% of the student body in my CS program at a liberal arts state university didn't take an internship and they're all doing fine for themselves. Stop beating yourself up for not being a rockstar. Rockstars are either unicorns or they burn hot and fast before imploding

You're going to stress yourself out beyond a healthy amount trying to keep up with the "standards" on any social media platform. Look around you in real life and see what's going on, form a plan, and execute.

Also, just FYI, many of those larger "dream" internships have terrible work practices because they know people will put up with it. It's just not healthy

Can I be all of the above?

okay gotchu thanks guys

I like to think of myself as a unicorn rocket security Pringle

would there be anything in the mean time that's worth doing to help me get those positions later?

Network

Focus on your classes

because i can completely handle school

Look for clubs at your university

Enjoy the college life

Yea im treasurer for a club and a VP in another

Be passionate is my advice from someone who isn’t doing bad as a first year in college

Don't be an adult too early

this crap takes a lot out of you if you want to do it along with school

It blows

you need some passion and dedication

ah i forgot to mention

im a CC student and have to transfer

So I kinda need to build up an application to impress 4 years

Do you have a pulse?

xD

It’s really not that bad

You're in

I actually just submitted my transfer application today.

gl

don’t have too much anxiety about it like me

CCs usually feed into a state university

I went to a 4 year, didn't even need SAT

As long as you keep off academic probation they'll approve your application lol

I dont mean any 4 year. I got into a couple decent 4 years but none that were really my choice. My dream schools are UCLA , USC, and Berkeley and , as you might know, their CS programs have like 2-8% acceptance rate for transfers

I think i applied to 7 four year universities

Only got waitlisted at one for the computer degree.

Don't stress

I know it feels like the world's closing in but I can tell you it's not

I was told this coming out of high school

and didnt get into any of my goal schools

It's second chance for me yk, i dont wanna blow it

only reason i took the CC route

Are you a resident of California?

yes

Ah ok. Noticed all of those schools were there

There's so much more to life than saying you went to a prestigious college tbh

With CC i think you'll have an easier time with the state schools

However, even if you don't "make it" i wouldn't stress

I couldn't care less about the prestigiousness of the school tbh, its my parents. I owe it to them though

No you don't

If they say you do, that's bullshit

I was the same way

They're old school man, dont even budge

It eats at you and you constantly stress. As soon as you start doing it for yourself it feels like a weight gets lifted

You owe it to yourself to be authentic to what you want

That's it

It's your future, not theirs

Also, be an adult. Sit down and talk with them

Talking goes a long way

I understand that, but at the end of the day, it'll make them happy and that's a goals for many including me

I've got to go to bed but I'm telling you, it's a never ending cycle of misery if you constantly try to please your parents because you think it will make them happy

lol man, ive tried . After all the rejection letters from the top schools i applied to after high school, i did everything to explain to them that the schools i did get into were decent schools to say the least. They wouldn't take it for a possibility though and therefore i signed up for CC to get a 2nd chance

alright, thanks for your time!

Man very right, at some point you have to understand it’s your life you are living and it’s your goals you have to achieve, if you put effort only for them at some point you will feel burnout

I dont know. I think once I do get in somewhere they respect, I would feel more relaxed and would focus more on the things I like

Until then, I dont mind sacrificing some free time to give myself a better chance to get in , if that makes sense

I won’t worry about internships just yet then, but is there anything* in the mean time that's worth doing to help me get those positions later?

Whether it be a part time job or w/e

someone help me find the trap in this gig

It’s for a military contractor.

Raytheon

have you & your families life invested for months to get clearance 👍

it is contigent on contract award... meaning they may use your resume as part of the plan to get the contract... so the job doesn't quite exist yet but maybe.

Also just because it is Raytheon doesn't mean you have to get a clearance to get the job, usually cleared jobs put clearance on the job listings. Some defense contractors have people work jobs without requiring a clearance. Now what you'd want to do is try to get a clearance. But this looks like a standard unclassified job.

And Raytheon isn't a bad employer (from what I know).

And lastly for contract jobs, often you have the job til the contract ends. That could be 2 years, that could be 10... of course being Raytheon, you may have mobility within the company.

Thanks everyone

mhm, at least in the UK, afaik and heard you need to have clearence even for contracting jobs like that

Could be very different across the pond

I think raytheon over there do a lot more things then what they do in the UK which is strictly military tech and things?

nah not all of them, the job listing should have clearance requirements

interesting

yeah good point!

some things but also it may be a contract for a city

or they may even have a commercial side

like Boeing is a defense contractor... but they make commercial planes, Raytheon most likely has commercial products as well

They do at least marine stuff for civilians

Radars etc

How do you get a security clearance if you're not former military? Seems like the experience paradox but times a million.

You get sponsored, and then either your sponsor or your employer pays for your clearance checks. Depending on the clearance required, it could be 10k to multiple 100ks and up to 3 years to complete the process.

Ok yeah now I remember why I decided to not pursue a clearance lol

what are they checking over there for it to take that long lool

my (uk) sc clearance took about 6 months and that was hella long compared to others who got it in a couple weeks

It's backlog

Certain clearances need reinvestigations after a certain amount of time which adds to the workload as well

Took about 2 ½ months for me to get mine, US

It's 10 years of history that they ask for - and they mean everything. Places you lived, roommates you have had, employement, managers, personal contacts who aren't family - that's just the basic public trust. Which takes about 6 months to 18 months with the current backlog. For actual clearances dealing with secret classified or higher, the process is much more intensive and invasive.

Once they start the investigation, it goes pretty quickly.

I got my clearance many years ago and it took about a month... the older you are, the more you have moved, the more you have visited foreign countries, etc, the longer it can take.. Longest I had ever heard at the time was 18 months

but the company pays you during that time and tries to find alternate non-cleared assignments...

I wonder how badly being trans throws the process for a loop lol 🤔

I know a couple people who have gone through both. They haven't had any different problems with the clearance process than anyone else.

yeah I'll say the same as well

I need an advice

recently I sent my cv to an cybersec internship but they say they answer till the end of February

keep applying elsewhere

but I also got the chance for another internship from EY

a sure thing is better than a not getting either

Believe me I have been applying but in my country theres legit no opportunities for junior positions and internships are like almost non existent

thats very true

In what country?

but my thing here is one of the internships offer training for the security+ cert and the other one is mainly working with clients and a team while learning

Costa Rica

you can get sec+ any time; don't let that be the basis for your decision.

Pick the one that offers YOU more value for your career

You are right, I asked for more information on the EY offer so im just waiting for an answer

The reinvestigation requirements are almost completely phased out due to the new Continuous Evaluation program. Instead of rechecking everything when you do a reinvestigation, everyone with a clearance is constantly monitored. If they find something your security manager will get a notification from OPM.

I thought higher level stuff was still reinvestigations?

It’s for all clearance levels all the way up to. TS/SCI. CE enrollment takes the place of reinvestigation.

Maybe not at the same frequency but I didn't think that was going away

There is still requirements for renewed polygraphs for certain positions, but that’s a bit different

Yeah i had no idea what CE was, even after I was added

Nobody told me anything except my boss who was like "congratulations you're under continuous evaluation" but didn't explain anything

Yeah, that’s what it means.

So if you go over $15k in unpaid debt, get a arrest, get a ticket, etc, your security manager will know in about 3-5 months

$15k in irregular debt right? ie not student loans or a car loan

It’s unpaid debt. It has to be delinquent debt.

Unexplained debt would probably be a better word

As long as you’re paying, you’re fine

Hey I have an interview for a cybsec internship on Monday for a per job description 100% blue team role. What type of work does that usually consist of? I understand possible monitoring of logs and escalating them, and I also know using Wireshark would be part of the job but what other work could I also be doing? Also would a cybsec interview consist of technical questions? ~~ could also post a job description if anyone wants to get a more of understanding of what the job look like as I am new to cybsec.

job description would help

https://www.govexec.com/management/2020/03/periodic-reinvestigations-are-out-continuous-vetting-security-clearance-holders/163695/ oh that's so neat

Aside of certifications which could just mean the person can study ... what skills and soft skills do you look for also for Blue, Red and SOC roles?

Those are all different

from a red perspective I would look for if you can actually think maliciously

I’ve noticed a few people get into a red role but just roll through tools or methodology. Which is fine but you also should be able to think maliciously from the ground up

Same goes for blue really

Blue team is so wide I wouldn’t even know where to begin explaining that

Day in the life of @languid hearth

Screen Shot 2022-01-27 at 5.43.30 PM

my bad thought i pasted the file

Just curious how easy is it to completely work remote (only laptop) for most Cyber/Info Sec jobs

it's becoming more common due to covid

but its still hard(er) to find

Hey for some reason the plus sign to attach a file isn't showing up? But heres the job description

!docs verify - verify and you can upload pictures

Cool thanks heres the pic of the job description HERES MY ORIGINAL QUESTION
Hey I have an interview for a cybsec internship on Monday for a per job description 100% blue team role. What type of work does that usually consist of? I understand possible monitoring of logs and escalating them, and I also know using Wireshark would be part of the job but what other work could I also be doing? Also would a cybsec interview consist of technical questions? ~~ could also post a job description if anyone wants to get a more of understanding of what the job look like as I am new to cybsec.

Lol just applied and got rejected for this . First interview pretty easy just basic networking/IT questions and soft skill questions. Good luck! Feel free to dm if you got any questions.

Cool thanks man!

Gave +1 Rep to @marsh otter

What are some must-know interview questions for a pentesting internship? Done some research online already, just curious if anyone has gotten the same interview questions over and over.

@tacit bobcat nitro scam

-ban 544063193199280138 -ddays 1 Nitro Scam

🔨 Banned 544063193199280138 indefinitely

I think I biffed an interview today. And my follow up email sounds so awkward. How can one deal with interview nerves?

practice interviewing... ask friends, coworkers, family

are we allowed to share job postings in here? i assume yes but wanted to ask first so it doesn't come off as spammy

are you a recruiter? we have #jobs-board but you need a role for that, usually Muiri handles that

and we would want you to be verified

!docs verify

I'm not a recruiter, my company just has a couple of internships open rn that I think people here would be interested in. Totally understand about the verification tho, I can set that up

should I dm Muiri about that? I know there's a no unsolicited message rule and I dont want to be a pushy weirdo

@pine sorrel Mind if I message you?

I don’t mind

which country if you dont mind me asking

@pseudo creek do you give out roles?

depends on the role

what role do you need/want?

i got sec+ and ejpt

you can DM mods 🙂 about discord, not like 'hey bud, whats up' 🙂

-arole sacreed sec+

that was me being lazy

-arole 156818823218069504 sec+

➕ Gave the role Sec+ to Tracksuit Cx#3099

-arole 156818823218069504 ejpt

➕ Gave the role eJPT to Tracksuit Cx#3099

Good morning everyone. I’m looking for some advise. Currently I have a B.S. in IT, unfortunately because of personal issues at the time, I couldn’t start a job in IT after graduating. Come august, or hopefully sooner, I will be good to work, but I worry that since I graduated in 2017 my skills are rusty. I recently thought about going back to get a masters, but while doing research it sounds like getting a masters is more of a mid-career type thing. The masters program I’m thinking about would lead to two certs CHFI and the CEH, I currently have no certs. I could also go for a bachelors with the same university and that would leave me with a few certs too. What do you all think?

thank you i appreciate it

I think you should focus on some certs but no need for a masters or another degree... Ec-council certs are a joke unless you live in India. I'd focus on building a portfolio, either by blog or github repo. Take Security+ if you haven't already, possibly Network+ too

US only for internships right now. But we'll be doing a bunch of international hiring this year for full time roles

Thanks very much for your answer! What advise will offer to someone looking to learn to think like a Threat agent?

Gave +1 Rep to @polar rock

What the heck is a threat agent?

probably an attacker... honestly studying offensive security stuff will help you think like an attacker

@pine sorrelcan i message you

yep

:d

hello everyone 😄

This may sound childish or crazy to some, but after watching the masterpiece series, "Mr. Robot" , I've decided to get into cybersecurity at the ripe old age of 40, and I would like to know what do you guys think of that?

Most of the time they throw some scenario's at you

And a CTF

never too late my friend, welcome 👋

@warm hinge Thank you so much 😄

Gave +1 Rep to @tacit tartan

It's never too late to jump into cybersecurity, give it a shot, see if it suits you.

i agree with the above comment, however don’t be fooled into thinking it’s gonna be as quick, easy, or fun as he makes it look in the show

I recently applied to an internship, is it okay if I sent a follow up email? Asking the status and such?

Like they answered once and never more

I tend to give companies 2 working days max before I follow up with them. It's entirely up to you if you want to follow it up, personally I think it shows that you're interested. A quick ```Hi recruiter,

I was wondering whether you had received my application sent on X-date?
I'm looking forward to hear back from you.

Kind regards,

Mokushi99```

When I don't hear back after that one I cut my losses and move on

Yeah it has been more than 2 days and they told me if I was interested and never received any email from them, so I will send another one

Thanks for the help

No problem, good luck!

Thank you !

Ya I usually wait 2-3 business days. If they don't reply to that I forget they existed 🤣

For anyone budgetting for OSCP, the prices are raising now and soon the 30 and 60 day lab options are going away:

https://www.offensive-security.com/offsec/course-price-change/

RIP

I have money saved up for it, but am not prepared

I just took the eJPT 😂

remember pwk is designed to prepare you for the exam

you're not suppose to go into the course prepared to take the exam; you're suppose to go into it prepared with networking and sys admin knowledge.

Just accepted an offer as Security Analyst 😁

Eyyyyyyyyyyy

What kind of experience/knowledge do you have?

And congrats! 🎉

hello, I have question for people who have tried the game called Hacknet, is it a game that you learn a lot about hacking/cybersecurity? or is it just a game that isn't a great place to start to learn?

It's a game, it's designed to be fun rather than to be real

Hacknet is quite far from real hacking

I see

A great place to start learnig is tryhackme.com

You're right, I always forget about that

Hello

Hey guys! I have my first job interview for a sec analyst position coming up tomorrow. Any tips would be greatly appreciated!!🙏

So i'm an undergraduate Telecommunitions Engineering student and planning on entering the cyber security space after my degree. What other certifications would i need apart from maybe CEH and CCNA certs and also will persuing masters degree in computer science increase my job opportunities?

Look at the job postings in your area for jobs you would like to apply in the future and see which certs they are asking for.

As a general rule, steer well clear of CEH if you can.
It's useful as a HR bypass if you are in India, but as a learning cert it is outdated, irrelevant garbage.

But yeah, see what jobs in your area are looking for. If CEH is on the list for most or all of them then it might be worth getting it for that reason and that reason alone

So I have been working on tryhackme for a while now and really want to get into a job ASAP. I have been transitioning from an Engineering position to Cyber and still have had no luck getting a position. I don't have any certifications and have been focusing on hands on experience and personal training. How can I best demonstrate my skills to hiring companies? Also I currently want to gain as much experience as I can that will benefit my new career path. Any ideas on entry level positions that will help get exposure and experience?

I would say have your resume reviewed, and maybe focus on getting the Security+ to bypass those HR filters

@warm hinge thanks for the feedback.

Gave +1 Rep to @hybrid bison

Thanks @undone shore @lilac escarp

Gave +1 Rep to @undone shore

What’s your background?

Is it normal for there to be no confirmation email or automated reply when you email your CV to an employer?

i usually add a read-receipt tag

but it's not unheard of

it may have to be reviewed and redirected multiple times

if you haven't heard anything in a couple of days, i would send a followup

@flat sedge Okay thanks

Gave +1 Rep to @flat sedge

I'll wait till Friday before sending a follow up

@hazy tree 6.5 years as a IT Technician

Congrats, I’m 6 years in trying to break into cyber . Any advice/tips you can provide that you found helpful in your journey?

Things I generally tell people:

1. Get some certs, security+ is a good one to start to show cyber interest
2. Get on LinkedIn. At least post your resume, follow some people, maybe join some groups. You don't have to post.
3. Network within your own company if you can. Get to know the cyber teams, ask someone to mentor you, tell them of your interest
4. Make an online portfolio. Be it writeups, share interesting news articles, share what you are doing

👆 all great points here. Definitely network and share stuff you are learning eg THM certs.

Networking internally & sharing progress on LinkedIn has been huge for me in the last month or so. I’ve been trying to get into the IT dept for the last 3-4 years but recently was able to work my way into shadowing some cyber folks and now the AppSec person wants me to do “grunt work” for them so progress is being made! Now I just gotta convince my current manager that I can handle doing “grunt work” outside of my normal overwhelming amount of work…office politics smh.

Although, certs aren't a great learning resource as it's only used to show credibility to employers

Not true at all
Or, rather, it depends on the cert.
Some are definitely only for HR (e.g. CEH). The materials that go along with many other certs are incredibly useful though. SANS and Offsec, for example, if you only do the cert and ignore the material then you're an idiot -- it's invaluable for learning.

Fair

I can't really argue since I only have the A+, but that's how it seemed to me.

On a side note, I'm very interested in a sysadmin position before security

What would be the generally steps to achieving that?

What type of Engineering position do you currently hold? How long? Some companies put a lot of stake in certification and some don't care. If you have relevant experience, just find a company that cares about that and you should be golden.

in the US, certs are certainly a differentiator, certs are also really good for when you want to transition to a new position... if you've been doing cyber for 10 years, do you need a cyber cert? no. If you want to switch to a different positon, then certs are good for that. How I switched to doing cyber security for cloud? I got an AWS cert

Got my first request to interview for a summer security internship!

hey guys, so i had an interview yesterday that went well and the interviewer said that they would send me an email this morning for a zoom meeting that we setup, they didn't so should i send them a email asking for some more information or should i just give them more time?

I'd follow up with them

If they said something about a follow-up schedule and didn't meet it, I'd follow up as well.

does anyone have any advice for a person entering college for cyber security. there’s a lot of jobs i’m looking for and qualify for, but then there’s always that “bachelors degree needed at the end”

i’m just ready to get a job in what i love ya know

ignore that and apply anyway, note on your CV when you are set to graduate - job requirements in postings are wishful thinking, not a hard requirement

passion will shine through more than anything, id much rather have someone who can talk my ear off about things they love in cyber than someone who ticks a few boxes

you'll still get rejected, like a lot, that is part of the process if you're cold applying - do not let it deter you

thanks i appreciate it. i’m gonna keep applying

hey guys, has anybody heard of ce-council's "network defense essentials" certification, and is it of any practical value?

This might help you: https://www.reddit.com/r/cybersecurity/comments/drxf3y/any_feedbacks_on_eccouncil_certified_network/

generally ec-council is not respected, but you'd want to see if any job listings are asking for a cert

How well known is the pnpt exam
https://certifications.tcm-sec.com/pnpt/

@mellow bobcat it all depends on what is taught . I'd say this specific cert is not amongst the best known, if that helps

I've seen people mention they are starting to see pnpt on various job listings but it is still new

I'm going to take it due to the AD focus it has. Going to come in really handy for any future job/position.

@pseudo creek is it worth it to take ? Oscp seems hard and expensive so I'm looking for the cheap alternative to oscp that's somewhat recognized . I can't decide between ejpt pnpt or pentest plus

it would be more valuable than ejpt, you'd learn a lot and have talking points but if a company has a hard OSCP requirement, it won't pass HR filters

Pentest+ has better recognition due to DOD 8570 etc

Over in the US at least

and hopefully Pnpt gains more traction as time goes on

Right .... pentest plus I guess has more recognition but isn't practical at all .

and yeah Pentest+ does meet DoD 8570 but being a multiple choice exam, doesn't have a lot of cred

Pnpt is practical but not recognized

@pseudo creek what advantages does pnpt have over ejpt

primarily ejpt tests the very basics of IT vs really being a pentest cert despite the name

pnpt has a report and oral report

I haven't taken ejpt but I've seen the course for it and just doesn't have the rigor of eccpt or pnpt or oscp

would you do both PNPT and OSCP, treating the former as prep or just OSCP? Assuming cost isn't an issue

Sure, you’d learn a ton doing the pnpt courses. I’m not doing the pnpt cert but I am using the same courses as part of my OSCP prep

I've done the course for eJPT but not yet had time for the exam the last while. It doesn't look too challenging. You have 3 days (72 hours) to complete the challenges. The course covers a lot of foundational stuff like networks and programming and only the basics of hacking/pentesting and at least that is free these days through INE's Starter Pass. It shouldn't be much of a challenge for anyone who spends a reasonable amount of time with the THM platform.

Gonna get it done shortly while job hunting so I can get started on the OSCP and CISSP

hey

I'm 16, starting my last year of school and now am thinking about what to do after school

I want to be a pentester

I live in australia

should i go for a bachelors of cybersecurity?

So, I am planning for OSCP, I did my ejpt and I want to do a cert in b/w oscp, kinda covers at least some syllabi of oscp, just to boost my confidence, is there any cert that serves my purpose?
Thanks for your time, Peace

am familiar with thm

PWK is the intermediate course that prepares you for the OSCP lol. It's all you'll need.

Hello Zojjja, for the mentor part, what type of questions should I ask + what do you mean by a mentor, like some course orrr, because I don't know where to find one lol. For now I am balancing THM + CCNA + uni courses.

Thanks for the great tips! glad that I am already doing most if not all of them lol.

Gave +1 Rep to @pseudo creek

https://twitter.com/SANSOffensive/status/1489237750498963469

a mentor meaning someone you know that is in the industry, ideally they would hold a job that you want. You'd talk to them about what you are doing and ask for advice. If you work in a. large enough company, there is probably someone there that has a job you'd like to do

Oooh

wait I have to work in a company first-

XD

I had a mentor 1 month into starting to learn about cyber, connected through a relative, and let me tell you, having one is kinda pointless if you don't know how to utilize having one. I got generic advice at first since I had no idea where i was really going, but even that advice overlapped with what I was already doing on THM. Got some input on some reading material. But that's pretty much it. From there on out I just kept learning on my own, and solving any issues, roadblocks regarding approaches to a box or topic through research. I was free to ask him anything, he loved to teach, I just liked being self-sufficient, and didn't want to bother the poor guy over stuff I could google, so I never did. But that's just silly old me.

I recently had a job offer for a Incident Response Documentation role and was looking for some advice, I’m interested honestly and it would be my first cyber role but I can’t see this role anywhere else so wasn’t sure how job growth would work for it?

documentation role? what's that, like writing processes?

bluntly, (if i assumed what that is correctly) it won't be as useful as a straight IR role, but it will be valuable in helping you pivot then into an IR role as you'd be familiar with the process and tooling etc

Gotcha

Yeah I just turned it down, paying way less then I’m making rn

I have 2 interviews next week ! Super excited. More network engineer focused, so def a step up. I’ll leverage my cyber skills in this role if hired!

what about the recent you? 😂

But yeah I do agree, if I would to ask, I would just ask about what jobs is out there and what skill are they looking for (specially for consultation as it's what I am hoping to work in that field), but now I feel getting to face lots different topics general ones to networks for now, as I am also a freshman in uni studying for CCNA, might leave that question for next winter to start practicing on the specific topics required before the summer (Internshio -> hopefully in consultation too lol) .

Anyone have experience with IT-related apprenticeships in the U.S.?

@errant nymph What questions do you have?

Personally I would, yes

No specific questions, just curious about what others have experienced. It looks like some programs require apprentices to be enrolled in a certain school while others require a specific certification(s) such as Sec+ and/or training (https://wecyberup.org/). Been looking at https://www.nist.gov/nice/apprenticeship-finder. My lease is up relatively soon and I'm open to relocating for a good opportunity.

I am interested in getting into pen testing . So my question is if people would hire me if I had no certifications or should i go the full route of getting A+ first and going from there

Hi guys,
I'm wondering if it's a good idea to transfer from senior software engineer to cyber security engineer?

It's not so common to get hired with no experience or certifications.
I wouldn't start with A+ if you've done much IT before.

@quick forum okay so would it be a good idea to get the pen test one from CompTIA. I know that one is one of the hardest but I think I can do it in a few months if I continue to study everyday. I've been doing a lesion or two a day on TryHackMe, would that be enough to get the cert?

PenTest+ is definitely not one of the hardest

I can't speak for how you'd pass it, given that I haven't taken it.

First time on Discord group, hello from Ireland!

entry level pentest roles are rarer and there's not a single cert that can substitute working in an enterprise environment

not to discourage, but if you have no background in IT a much easier route to take is something like; help-desk/sysadmin -> NOC/SOC work -> pentesting

A+ is a good stopgap cert for people with 0 IT background and has a ton of name recognition with hiring managers

Is there anybody in this server that started out as a SOC Analyst and is now a cloud security engineer? I have some questions. Like how was the journey(easy,hard)? What skills did you learn? How long It took? What certifications do you hold? Did the company promote you cause you seem interested or because you qualified? Did they train/teach you?

I work in cloud security but in design, not in implementation. I moved from an internal cyber consultant type role to a cloud security design engineering role. Basically, I went and learned cloud, got an AWS Solution Architect Associate cert and applied. We always need cyber people in cloud so if you show interest and capability, you will be hired.

(on a non question note, please change your name, we do maintain this as an English speaking server including usernames)

Anything remote?

yes if you are in the US, although I don't think we have positions open right now, usually our job listings start in March (for the new year)

Thank you

Gave +1 Rep to @pseudo creek

and thank you 🙂

Gave +1 Rep to @gloomy briar

Awesome thanks! I'll keep an eye out

Gave +1 Rep to @pseudo creek

I can, remember the nmap flags

I finished pre-security-pathway and I'm continuing with complete-beginner path,and I'm loving it.I just want to know what else should I do along with tryhackme, Should I start hackthebox also along with it?And can I get a job in cybersecurity just by doing ctfs ,or should I need to get network+ and security+?

Going to say probably not on the CTFs unless it's something like DefCon. You're going to need Security+ more than likely and CCNA may be a better option for the networking cert if you want to take it. Keep in mind that Cybersecurity is not an entry level area in the computer world. You may have to start in another area before transitioning in, especially if you don't have a degree.

I have masters in CS,and been doing web development for one year as a freelancer,Then I heard about tryhackme and started to learn from there this January.

does anybody else just not want to finish applying when companies make you do super long pseudo-science personality tests?

I hate applying. Period

More often than not you get rejected.

sorry if this has been asked before. how many of y'all would recommend going for the pentest+ and ejpt before OSCP, and how many recommend going straight for the OSCP?

-arole 219232873255796736 sec+

pain

Depends on how comfortably you feel in your methodology. It's perfectly doable to just go straight for it 🤷‍♂️

Thank you! my OSCP study plan is box/YouTube focused so I didn't know if intermediate certs would be a waste of time or not if I was grinding anyway

Gave +1 Rep to @undone shore

would u mind giving me sec+ while ur here? I just passed yesterday:)

-arole 219232873255796736 sec+

➕ Gave the role Sec+ to Cedric#1443

Pentest+ won’t help you at all in oscp so very possible to skip that

eJPT like muiri said can be skipped if you feel your methodology is solid

You can do the eJPT course for free through INE and still gain the benefits. It's useful to know

Thanks!

Gave +1 Rep to @lofty ibex

if I want to be a pentester should I go for a bachelors in compsci, or in cybersecurity?

this is straight out of high school too

and what kind of job path would I need to pentester

Cybersecurity ideally. Compsci is good for careers like software. Problem with cybersecurity is that it's not an entry-level field, so you've gotta be pretty lucky to land a first job as a pentester with no form of comp sci (cybersecurity ideally though) degree (and even then it's a tough ol' time sometimes)

People jump into cybersecurity by in IT roles like helpdesk or sysadmin sorta gigs. That's a pretty common one

Not saying it's impossible ofc

oh yeah I'm not expecting to get hired as a pentester straight out of uni

just wanted to know what job I should go into

that could help me get hired as a pentester

Anything IT to get some experience under your belt I’d suggest

oh alright

well I still got 4 years to think about it

Sucks but you gotta climb the ladder sometimes

oh yeah also

I know a few people who graduated with me 2020 and are working support roles atm because they had no experience in IT after graduating

But you might find a good opportunity etc (:

is there any part-time/casual jobs that could make me a better hire as a pentester

because I'll want a job while in uni

and it'd be perfect if it could help me get a good job after uni

I’m not entirely sure to be honest. You could probably find a paid internship

If you look around (: when do you start uni? Should have some time hopefully

in about a year

just started my last year of school

Or if you’re in the U.K., you can do a placement inbetween 2nd and 3rd year in cybersecurity. They are really good for what you’re looking for

I'm in aus, may be similar

Idk what its like elsewhere

Definitely look into that with your uni!

You work in the field and get paid too without impacting your studies

alright cool I'll look into it

Plus, if you do well there you’ve already got an employer lined up for when you finish Uni

Yeah totally

oh shit yeah

They’re pretty competitive though so you gotta work hard in your first year

the uni I was planning on going to does it

Ace!

only in your last year tho

‘Eh swings and roundabouts

😄

what

Means that there’s no real difference

oh yea fair

do you need security vetting in your country? for pentesting?

It’s just a saying here probably lingo

Not for all gigs but there are lot that do require one of two forms of vetting

yeah same

It certainly opens a lot of doors

need the 2nd level of goverment security vetting for many pentesting jobs here

Ahh I see

Alright well GL with it! I’m heading off the night … at 7AM

thanks

gn

also just quick question saw you're doing a masters for cybersec

do you do psychology in that course too?

Yesss

Nope!

my uni says it has a psychology unit in cybersec courses

I can send you my modules hang on

I’ve never heard of a uni offering that for a cybersecurity masters

Or at least none of the ones I looked at did

https://courses.uwe.ac.uk/I9001/cyber-security#coursecontent @warm hinge here is what I study

these are the ones it says on mine

That sounds pretty cool

Actually, I had a module on "Human factors of cyber security" in my undergrad and it was looking at why humans are threats to security

so actually I guess that could be argued as similar to your psychology module

true but I think this is more about the psychology of the attacker

not human error on the defense side

Ah I see

Sounds pretty cool!

I love psychology

yeah actually used to want to study that

was stuck between that and programming

and now I've decided against both lol

Yeah me too. I used to study it in secondary schol but just happened to fall into IT when I finished school and here I am 7 years later

I'm probably studying / working in psychology in an alternate reality

if there's infinite alternate realities then everyone is

there has to be at least one where literally everyone alive is doing psychology

Haha you're very right!

That's quite a fun idea to think about

maybe we're living in a simulation

in fact

One big ol' docker container

if there's infinite alternate realities, there's one where we're living in a simulation created by you

Unlucky for those poor people 😄

I have to remember to eat 3 square meals a day I am not cut-out for creating a simulation

🤣

write it on your hand

"eat"

I'm left-handed it'll turn out to be something very different

"consume"

But I like that

Very 90's sci-fi vibes right there

https://tenor.com/view/eat-kirby-anime-الطعام-gif-4848690

Hi, I have a question that if web /apps can be made on Blockchain and its nearly impossible to hack Blockchain so what is the need of a pentester/ethical hacker?

Blockchain is hackable if I called it correctly e.g 51% attacks.

the amount of knowledge on this THM site never ceases to amaze me

i never even heard of osquery before

I like how whoever built this room put made it clear that it's a useful skill and gave examples of job postings 😄

@warm hinge yeah but it's quite difficult to hack. If a web is made on Blockchain so can that website be hacked by the owasp vulnerabilities or other vulnerabilities?

There's two sides to it.
There's a lot of traditional web issues.
There's also smart contract issues

Good day all, so I'm in the final year of my bachelor degree and will be applying for an internship after the next semester. I like to create projects like web apps & desktop apps and play CTF as well (but not so active recently). The thing is, I don't know which specific role to intern in since everything is sparkling. Programming is fun, malware analysis is fun, hacking is fun, defending the network is fun.....Any tips for dealing with this?

do you know anyone who does those things? do you know what a "day in the life" of each of those roles looks like?

I've seen some videos and articles on what software developers do, but not much for other roles like blue teamers.

so let's try to think this through together, I don't have the answer so I'm not being patronizing we're gonna learn together here

when you say 'blue teamer' what specifically do you mean

if you don't really even know where to begin, an option might be to find a job posting which interests you and start from there. I think that the https://niccs.cisa.gov/workforce-development/cyber-security-workforce-framework/workroles really helps to spell out a lot of stuff and to help you figure out who/what positions to do 'osint' on

and then with all this knowledge I'd probably hit up your university's guidance counselors or whatever mentor system they have set up to connect you with alumni who've done those jobs

oh this is a great idea

This list is great, thanks a lot.

Gave +1 Rep to @inner elm

sure no problem, glad that seems like an option for you. use the heck out of your school because as soon as you graduate they are going to be hitting you up for alumni stuff and money all the time

one of the people who I got to engage with as a mentor for awhile worked at embassies for like 20+ years and writes books. It really opened my eyes as to what kind of stuff is possible that I wouldn't ever have realized

wow

that's really impressive

it's crazy what awesome experiences people have that are just waiting to be uncovered and shared!

ya that's true

Do you have any instructors you've particularly enjoyed? Review the CV they shared at the beginning of class and see what kind of research/employment they've had in the past

If I remember correctly, none of my lecturers has ever shown us their CV

the university doesn't have bios or anything?

https://ist.psu.edu/directory/acs20

Most places will only have a brief bio unless it's for one of the lead posts. Most lecturers in college I've found will discuss their academic or work background to some extent in class

They had short bios like contact information and speciality but didn't specify any other information.

this sure is great hahaha

just a quick example of me searching an instructor I really thought was awesome, looked them up on the school website and found a way to get started

Cybersecurity is also a very fluid field, I've dabbled in various aspects of it over my career and then have settled into what I like

I see, sadly there's not much info on my university's website

so I wouldn't worry about picking a path after college... I do nothing near what I did after my first job after college

and this is nothing compared to the information they've shared on day one during class introductions

what did you settled for?

i'm a cybersecurity architect focused on cloud technologies

I see

but I decided that I liked design work

oh cloud

I've done DFIR, I've done Red teaming, I've touched on GRC slightly, every so slightly, I've done network security but I started out as a network admin

I think they say 50% of the people who get a degree don't actually do they job they got their B.S. in

They didn't give us many intros about themself during the first class, just a simple name then straight into the course structure.

(this is probably more accurate for traditional students)

my BS was in comp sci but have also seen people with a variety of degrees in cyber... from English, Biology, History, etc, etc

err my BS was not cyber! sorry comp sci

but Zojja is totally right. cyber is multi-disciplinary

Wow kinda flexible

very different schools I guess 🤷

I'm also studying computer science, but majoring in network security

ya

I started by driving trucks, got interested in security so dabbled in that at work when given the opportunity, started educating myself and looked for ways to move laterally. Started off by staring at logs, then did cyber threat emulation, now I'm a planner who pushes powerpoints

Sorry, but what does "a planner who pushes powerpoints" mean?

Log files are terrible to look at if there's a lot of them

I do things like this job post: https://builtin.com/job/operations/exercise-planner-cybertech-resiliency/504835

lots of emails, management type stuff, powerpoint, chatting with people who know very specific information and help translate it to people who might know literally nothing

Sorry was messaging someone just now

oh like a middle man

I'm very much a middle man. It's why I spend my free time studying. That's just kinda the path I'm on at the moment but not my greatest joy

But that's really impressive though, since you started from driving trucks

I see

BUT I do find satisfaction in what I do because I get **** done. I feel like I'm acting as Nick Fury making sure Black Widow can do what she does best in service if plans I create

Pay is better, good job opportunities, and so much networking

xD

that's great

Do this straight of it college? Hell no. Do this after a decade learning stuff? Sure

That's challenging, but I do love to learn things constantly

That's probably going to be the case regardless of what you do in cyber

I used to call myself a coordinator in a previous cyber job

'ok what do you want to do? ok let me translate that into something that can be implemented' 'hey implementers, this is what you need to do'

still feels that way some days but less so

Clarifying intent is my main job, knowing options is next part, going around and synchronizing those efforts is next, then reporting back after it's done to make sure we did what we were supposed to AND REPORTING IT, and then figure out what's next

I see

My technical capability is important in all that, but it all falls apart if I'm a one-trick pony

Like a jack-of-all-trade?

sounds like a supervisor

Started my journey yesterday, I’m so proud of myself for doing something I’ve always loved ❤️❤️

nah, it was more of an engineer type role of design

welcome

Hey there

I see

basically translating user non-cyber requirements into a cybersecurity design is the type of thing I enjoy

but now it is more like 'our company needs to do this, zojja go figure out how to do it'

Hey 👋

oh

Thank you 🙏🏼

Gave +1 Rep to @pseudo creek

Nah, that framework link I gave you sums it up pretty well though.

I see

ya the framework specifies the knowledge and abilities needed for the role

"planner" should find something similar

ya

Yeah, less of a jack of all trades because I have very specific due-outs but keeping technical knowledge honed helps me do my job easier

I see

Well, it's about time I head to bed, thanks for the links and experience. 👍

So while we're on the topic of degrees... or at least were earlier before I woke up 😂
Is there a disadvantage at having 2 separate Associate degree over a bachelors?
I currently hold an Associate in Software Devlopment and working on my Associate in Cyber Security.
I also have 2 years experience in the SDEV world and working to transition into Net/Sec world soon at my current job. I didn't really plan on going for my Bachelor's but instead get requested/required certifications in what I want to be doing in 5 years.

the answer as with every single thing is probably "it depends." fwiw, I was always told that my two bachelors and two associates are worth less than a single masters but that might be an HR-ism. You'd probably be best served chatting up a recruiter for whatever you're interested in

associates are really the basics and you don't get into really the meaty stuff until year 3 and 4

I would've done a BS, leveraging your AS coursework

Makes sense, guess will jump that hoop later lol

and I'll say some companies really don't think of AS as much unless your plans are to go onto a BS with it

There's possibilty of going for BS as well later but the current college only provides AAS/AS. I wasn't interesting in going for BS in SDEV as I knew I wouldn't be there forever

and I understand the limitation of the college, but you can use a AS in SDEV towards a BS in cyber

I should say both my SDEV and CybSec are both AAS which allowed me to take a few 3rd year level classes of each

in the US a AS typically makes getting into a 4 year school easier

And yes it was strategy if I do attend BS because more credits carry over from both into the final BS

some community colleges actually have agreements with 4 year schools that if you do X, you'll be able to transfer into Y with all the credits accepted

and most schools really don't care what your AS is in even, in the US at least

I've noticed most don't, they only care about the credits themselves that carry over

I met with BS college advisors before choosing between AAS and AS to see the advantages/disadvantages of both when I would transition over

that sounds solid, I did something similar and they helped me figure out a viable route to where I wanted to go

Plus I went straight into AAS so I wasn't waiting 4 years to get into the industry. I got into the dev side almost immediately after getting my SDEV degree. This also freed me up if I decided it wasn't right for me I wasn't already starting on a BS

AAS tend towards being more vocational than the AS. AS is usually more a Bachelors prep course.

That said, both AS and AAS are primarily intended to prepare for the workforce

So far at least at my own college. The difference in AAS and AS (between the 2 curriculum) is less core classes and I was able to take 3rd year classes in place of those. Besides that, the curriculum was very similar

Which also gave me a 12ish credit boost going into BS if I do decide to

The primary question will be whether or not the University will be willing to honor all those credits. I have a ton of credits that are only good for electives and don't actually help me in any way other than to impact my GPA

(I have two AAS degrees)

That could vary depending on the college. I mapped that out with both degrees before choosing.

Yeah absolutely which is why I say "the primary question..."

Dang in your situation I would've been bummed if I didn't check into these before choosing lol
Almost seems like a waste and would have rather went for AS. Hindsight and all

It could also be the fact the community college (AAS) and state college (BS) are transition colleges meaning they push people at my community college to attend the state college basically funneling traffic

No my degrees were exactly what I wanted in my situation

Literally right next door to each other and even the state college has some classes that are individually taught at the community college

I took a lot of CLEP/DSST too test out of courses and they knocked out my AAS in addition to some courses that my job paid for

That's cool. As long as it was the plan and worth it is the important part

Yeah, like I said it all depends

So back to this, i hope you got that answered

Welp, I'll keep trecking along and just see where life takes me in the next year or so.
I like my current company and position I'm moving into but you never know in a year once I get my AAS in CybSec where I'll want to go in life.

thanks @inner elm

Gave +1 Rep to @inner elm

how common are administrative type roles in cyber? i.e., AD admin but focused on IAM and such like things

AD management usually falls under an instrastructure management team, not cybersecurity

typical workflow is that security gets a business mandate that certain things get done and the rationale behind those decisions. If security is involved in hand-on-keyboard implementation beyond a POC, there is something broken in that environment

compliance can be a big deal, that may be closer to what you are thinking of as 'administrative'

can you clarify what you mean by administrative?

I'm not sure how to explain it, so maybe an example would help?

I'm a sysadmin who resolved support escalations, applied security configurations to routers/switches/firewalls/VPS/whatever else, managed user/group MAC requests, responded to alerts & incidents... that kind of thing. no SOC levels of analysis because of the size of the network, just "hey, web filter says some kid in the tech lab just tried to download JTR, brb"

anyway. my last job was "system engineer" and I was involved in a lot of design & architecture of new solutions and I hated it. the simultaneous levels of technical detail and breadth of scope I had to think about made my head spin. so the title "engineer" in "security engineer" job postings makes me hesitant.

quite frankly, I'm starting a family so I appreciate the ability to mentally clock out and not be cognitively exhausted from thinking about technical details all day

GRC is definitely an area I've looked at because it seems like a lot of following checklists which would be perfect (correct me if I'm wrong), but not sure how or where I'm supposed to pivot sysadmin to GRC

mainly I just want to WFH, learn/follow processes to finish tasks and be done for the day. I feel like I've put in enough 12 hour NOC shifts and on-call rotations to say that haha

You are on a good start - GRC is the link in the chain that holds the business unit requirements to the infrastructure implementation

CISSP isn't a requirement, but it helps a lot to move into that role

being technically savvy enough to verify and validate that spec meets implementation is very useful, as is being able to explain risk and exposure to the business crowd

business unit in this sense isn't just the sales and money teams - it's the stakeholder who is ultimately on the hook for a correct implementation

makes sense

you said 'kids in the lab' so i'm going to assume this is in relation to a school of some kind - the stakeholder would be the lab owner in charge of things like the budget and the functionality that the lab is intended to supply

recruiters have commented that they appreciate how I'm able to make my tech experience recruiter friendly, so I feel like I'd be good at talking with the biz folks. I usually haven't had to do that much as my leads usually did that

recruiters != BU

sure, I'm just saying the skill to translate based on your audience

a good recruiter knows that they don't know the business and they don't know the tech side - they are there to fish for candidates from a set of requirements that may or may not be relevant due to HR interference and misunderstanding technical team requirements

I've been spending a lot of time studying stuff like CIS and NIST CSF/800. I'm not targeting a specific industry with my job search but am familiar with HIPAA & PCI-DSS at a high level. anything else I should do to help demonstrate transferrable skills?

I'm also not really sure what titles I'd be looking for. compliance analyst? grc audit?

If you can give examples of Benchmarks and requirements from CF v1.1 and SP 800-53, and explain not just how you make the changes to be compliant but why the compliance is necessary

Also be able to explain a situation where a compliance requirement is incompatible with the business requirement and what should be done to rectify that discrepancy

hello, I got an assignment to complete before a SOC job interview, I got an EML file I need to analyze, I'm a bit nervous because the plague has hit me pretty hard and I need that job, was wondering if anyone can give me a few tips about how should I approach analyzing an EML file

Thank you in advance 🙏

What type of questions should I expect in a role as Junior Pen Tester ? I have secured a interview as a Junior AWS Pentester.

a lot of cloud fundamentals questions, a lot of AWS specific networking, microservices (or whatever containerized services are called), IAM, roles, how to interact with KMS, hunt S3 buckets, identify and abuse misconfigurations in buckets, etc.