#cyber-and-careers

And I try and tell them to use one specific one so it's easier to manage but they just say 'ok' and don't do it

that's definitely a valid complaint though and definitely not just you not being good enough

IT person, he was somehow managing these sites in addition to others although I haven't really seen him since the first week

I mean it sounds like something to talk to your manager about, having a consistent ticketing system

and enforcing it

I can't even imagine using different ticketing systems 😂
When I get lost in a high priority ticket I completely forget the system exists, let alone multiple lol

Thoughts on joining the military for cybersecurity anyone?

Talk to your boss and get his support to tell people that only one ticket system will get a response.

Country?

US

You need to want it. Joining strictly for cybersecurity isn't something I would recommend

whys that

Because you're going to miserable

You need to want to join the military, cybersecurity should be a secondary reason.

interesting

its like a wombo combo of being worked senseless? that is what i am hearing

More than that but sure, that is something that can happen

You're going to need to do some more research before you talk to a recruiter

100%

talked to people in the military and done my own research

but im 17

so got time to ask more people

been studying cyber security for about a year also

Doesn't garuntee that you will do cyber security, once you sign up you are basically at the governments Beck and call

If they decide they need a guy to load mortars, you may get pulled into that

Alright. No problem. It was a comment that was directly below mine, and can also be perceived as a reply to mine.

And it kinda seems the US is pushing for a war in Ukraine so if they need bodies, you may be one of them

You get 10 choices in the military

In the AF you do at least..

Not necessarily true

Marine Corps has guaranteed MOS for enlisted

Afaik Army is similar as long as the MOS needs manpower

And you don't fail training

yeah but if we go to war wouldnt everyone also be drafted

This is a careers channel, let's not

whos tryna get payed to write a cover letter

this is my career in the military. pros and cons we are talking about

Not necessarily unless its bad

A draft hasn't been implemented since Vietnam

thats not a thing anymore

Most of the US is too fat anyways

Write one good one but leave [INSERT COMPANY NAME] in it so you can easily find and replace it with the company and position titles

no im just a horrible writer

would be 1000* better for someone else to do it

Selective Service registration is still a requirement, but the likelihood of a draft is 0.

According to Baye's theorem probability is usually not 0.

But yeah, very unlikely.

I'd rather keep the force volunteer than bring in people who don't want to be there

And as mentioned previously, America is fat so you can't just draft people. You'd need to implement a fat camp prior to boot in order to get people within the height and weight requirements

Bayes'. And yes, probabilities can go to zero in bayesian theory. If you come up with a non-zero number, you aren't weighting the politicians input high enough

I've definitely let myself go since being told no to the army 12 years ago 😂
Used to be about 160 muscular and could run from sun up to sun down...
Now I'm lucky to get out of my computer chair at over 200lbs 🤣

Using a politician's input as priors

one or two depending on the requirement. I have a lot left off for now because it's not appropriate for linkedin
https://www.cnbc.com/2020/12/30/why-2-a-page-resume-may-be-even-better-study-shows.html

Interesting but I assume that these things may differ for different countries / markets, so I'd rather take it as a suggestion and not as a hard standard. I went through a 1-month program about a year ago and part of that was how to conduct yourself during an interview and also how to make a cv. Those people were pretty strict on exactly one page. Although, what I said before, I didn't mean to imply that if it's more than one page then it's wrong; exactly because it's probably not the same everywhere

yes, everything is subjective

my first job with a city required no resume, because i'm a people person

But from everything I've heard so far in general, recruiters probably don't really spend that much time on our cv's. But also, if you have important stuff you want to put in, then do it, and don't confine yourself to the rules just because

you mean connected or that you killed the interview?

yes to both technically

luck is part of the equation 🤷‍♀️

yeah, that's part of the reason there's no hard and fast rule on this. better to collect all the info you have and customize it to whatever is appropriate at the time

it's a lot easier to forecast what kind of impact you might make when you can quantify the impact you have made. hiring people is a gamble and every employer is going to have a different risk appetite depending on a ton of variables

decision analysis matrix go brrrrrr

don't I know it

I also don't particularly like all the pressure for marketing yourself just right

omg @cosmic ingot check this out https://www.geekwire.com/2012/job-decision-matrix/

I'm currently reviewing my 1, 3, 5 year plan and I think I'm going to try these strategies out to figure out what to do next

I'll make a mental note cause that's tl 😄

I was already doing this kind of unconsciously, but when working with a partner (say a wife for example) this might be a good way to communicate different preferences

yeah but also I think you shouldn't convince yourself that everything depends on getting your next move just right

it's ok to make mistakes

and I think it's ok to pick something and roll with it instead of waiting for the perfect thing, except if you have a good reason

I personally don't let "perfect" be the enemy of "good"

I am just not ready to make a move out of my current organization because it satisfies a lot of my personal/family's needs. But I do the 1,3,5 thing because goal setting has helped me get out of ruts, stay on a satisfying course, and get buy in from people who help me get to where I want to be

and of course there's bumps in the road and adjustments need to be made, but big-picture there has been a net benefit to identifying what I want to accomplish and creating plans to achieve those results

yeah of course

Staunch supporter of one page resumes

i already applied everywhere in like september but all ive gotten is rejections so far. which is hella annoying

which sucks because I really like to lean/do cyber security stuff

How did you apply for the jobs? Did you make a resume for each position or did you use the same resume over and over?

Did you submit a cover letter?

Shotgunning your resume isn't what I would consider a good way to apply

Have you spoken with any resume builders, alumni associates at your college, guidance counselors, mentorship programs, hell maybe even an instructor could get you pointed in the right direction. Student Affairs can be a big help... for example https://studentaffairs.psu.edu/leadership-career-success#

Yes. You have a guaranteed MOS in the Army as long as you pass the training.

If you don't, then the Army puts you where they want you

Right that's what i thought

It changed when the services went from conscription to volunteer

Getting cybersecurity in the Army isn't the easiest. You have two main MOSes, 17C and 25D. 17C can be applied for when you join but it's a packet MOS. They have prerequisites they look for and if you don't have any certifications or experience it's unlikely you'll get in. To apply for 25D you have to already be in the Army for a certain amount of time and have some experience.

If you really want to join the military and get into cybersecurity with no experience or certifications your best bet is to go 35T, 25B, 25N or other related MOSes. After you get in and get some basic knowledge you can apply for 17C and 25D.

Isn't cyber also more reserved for Warrants in the Army?

There are cyber warrants but 17Cs and 25Ds make up the majority of the cyber jobs.

I only remember there being a networking MOS and then an IT generalist MOS

I see

The real difference as a warrant is that you don't have to worry about a lot of the soldiering related stuff, you just do your job.

Right because warrants are the SME of the field they are in

Or are supposed to be

Yeah

My networking professor was a CW4 Commo?, I think, going on CW5

He had reclassed a couple of times

Too smart for his own good

That’s going to be my plan if I get into 25D. I’ll try to go for warrant when I’ve got a few years in at the job.

Everybody leaves you alone

We had two warrants at my Uni. Absolute unicorn sightings though

At higher echelons they become a lot more common. My last unit has a couple of CW5s.

Interesting

I'm still waiting for one of my good friends to go through the "Street to Seat" program before I commit to anything

I've heard flight school is brutal.

Yeah, guys and gals that were 2-3 years ahead of me in AFROTC are just now getting their airframes

Ngl, dropping was kind of a double edge sword

But that's in the past and now I got to look ahead to the future

Gotta say though, AFOQT is a dumb test

Air Force and their testing

what's a good Air Force cyber job?

https://www.airforce.com/careers/detail/client-systems ?

I'm noticing no Warrants though

Army is the only branch that has warrants

https://www.airforce.com/careers/detail/cyber-systems-operations

AF has Techs

I don’t know Air Force requirements for cyber jobs though

Be smart

“Be gooder”

If you want to go OCS, you'll probably get placed cyber

Knew several people who despised computers and were terrible at using them that got branched cyber

Cyber is a Non-Rated position so make sure you look for that designation

It’s not guaranteed though. That’s the main reason I didn’t go the OCS route. The MOSes they offer are all based on open slots and there’s a possibility you don’t get your top pick.

That is also true

But AF is lacking cyber

This was 3-4 years ago but everyone who put cyber, got it

Afaik it still holds true from my underlings that are still there

Definitely something you have to watch for though

Marine Corps TBS into MOS selection is absolutely brutal with how they do it

looking like coast guard is the way to cyber glory

I forgot the Coast Guard existed

that's part of why I mention them, low barrier to entry since they don't have a flood of people trying to do cyber. my guess is that it's easier to be a 'cyber' officer

Honestly though, from people I've talked to, Marine Corps enlisted cyber sounds pretty rad

Tons of money, any cert you want level of quality

Hey guys has anyone here heard or knows people who pivoted from a random cyber role to a pentester position? (Even if it's Jr)

I've started to think that by the time I finish the stuff I have to do at the place I am atm + my experience, I might be overlooked if I send my CV for a jr pentesting position

I have

Actually I started at a infra role > cyber sec eng > pentester

https://www.talent.com/salary?job=cyber+operations+planner

and how many years of xp did you have before getting into pentest? Did recruiters ask too much about the role change?

Is there a difference between a Security Analyst and a Cyber Security Analyst?

Not really

2 years of infrastructure (Mostly linux and opensource), 4ish months of cybersec engineer

They asked out of interest, not because they found it weird or something.

That's reassuring

Thanks!

Gave +1 Rep to @edgy tiger

it depends, Cyber security specifically relates to networked systems, there is security that goes beyond that. I'd look at the job description to see what they ask for

Hello Room. I'm a newbie with passion in Cyber Security. What path and lessons would you recommend?

#start-here

Is the certificate worth putting on your resumé? I am a 16 year old that currently studies and I don't have a job. I was thinking of applying for a "summer-job" that they're currently offering (job opportunity for teens to get a job during the summer) at a IT center in my town. Will the certificate be something I would show of when applying? (The Pre Security cert, and im doing Jr Pentesting right now)

I would not no

Certificates are given for completion but doesn't certify you actually know the material. In my opinion, the better option would be to make an extracurricular section your resume and put THM in there. Talk about how you're using it to improve your learning

If you have an old computer, make a dedicated homelab

If you don't, set up light weight VMs on your PC and start playing around with different technologies and techniques

Oh ok. I'll put it in my extracurricular section. Thanks for letting me know.

I have a linux as well as an Windows VM right now that I like to play with, so I'm learning a lot.

That's good

Add that to your extracurriculars section too under "homelab"

Shows initiative

Okay. That sounds great

But at 16, focus on being a kid

First and foremost

Of course hahah : )

Don't let yourself get caught up in the stress

I won't. I'm just really into IT and basically everything that involves it, so I thought it would be fun working at an IT center, as well as making some money

Even if you don't get a tech focused summer job, any job is good

Yes. I'm just trying to apply for the ones that I know i'll like first

In your opinion, what are some good IT specalities that is attractive for someone at my age, like networking, troubleshooting? I am an "all-arounder" when it comes to IT, because I haven't found my specialty yet.

Do you have any professional experience? Unless you do, you are an "unknown" in my opinion. Which isn't a bad thing

I don't unfortuneately

Not in IT atleast

Working an actual IT job is a lot different than doing things for your own learning

Which again, I wouldn't get caught up in any of that yet

You're still in HS

I'm in sweden, so I finished HS last year, now I'm in a "Gymnasium" (swedish college)

Ah I see

And it's usually at this people get their first jobs

My bad for assuming US

No worries

I cannot speak to that unfortunately

If you're looking for your first "adult" job then, help desk is where a lot of people start

If you read through local listings you'll see what employers around you are looking for in the role. A lot of the time it's "a desire and willingness to learn" for such a green position

The helpdesk jobs I've found in my town are for people that are older with more experience, so I need to contact companies for myself, because they usually don't list summerjobs, which is often the only jobs you can get at my age, unless you know someone who can hire you.

The IT Center is the only people I've found that have available summer jobs in IT. That's why I was curious about the certificate and what they would like on a resume

Because they didn't list the job, I didn't get any requirements or qualifications on the job. They just told me to mail them a resume

Networking with local employers and people is the best way to get a job

Yup. That's what im trying to

Totally bombed an interview 😣

@hazy tree how do you know??

Rambling

Brain farts

Silver lining, now you know what NOT to do for future interviews??

Just practice in a mirror, thats what I used to do.

Then upgrade practicing with another person.

I did those things in my interview and I got hired so

I'm just hoping to get to the interview

Yea, but it’s stuff I should know.. A user reports they can’t RDS. What do you do?

Lol

Yesterday I did great and got a invite for 2nd round

Good Luck!

I totally bombed the interview for the job I'm currently working

@pseudo creek Today must just be a weird day..

To be fair I completely brainfarted my first interview at my current company.. lol
Still got the job after redeeming myself on the next 2 😂

I'm still flaborgasted as to how I even got that second interview

Anyone here able to comment about their career experience in malware analysis or reverse engineering?

I'm looking to make a change and wondering if I do how much of a negative impact it may make on the bottom line

It definitely seems like malware analysis/reverse engineering has shrunk as a career in recent years as companies have popped up with services and also as companies have been able to share information. Your focus would probably be to work for a company that offers malware analysis as a service. Although some random companies may still hire the random reverse engineer or include it as part of a different job.

lots more work seems to be transitioned into exploit development these days

Hey guys, has anyone started on a helpdesk then worked their way off into cybersecurity? If so, could you please share your journey?

I work with a number of people who started out as help desk, basically, get certs, try to network within your company if possible

What certs do you suggest to begin with? Company does not have a cyber division as it is a small business

Network+ and Security+ are good solid certs

does your company have IT services? IT admin (network/sys admin) is also a stepping stone into cyber

They are apart of the helpdesk also lol, at the top end. Thanks will take a look. I already have a Network+ equivalent so will look at security+

what is network+ equivalent?

I completed a Network Engineer Level 4 apprenticeship which included some BCS exams such as Network Induction and principles, Systems & Architecture, and Network Security

ahh ok

thank you for your help!

What do you do, are you already in cybersecurity? if you don't mind me asking

i'm a cybersecurity architect, we have people of various cyber professions here

thanks for info

Gave +1 Rep to @pseudo creek

no prob, my husband did it for quite a few years but pivoted to something else because it really wasn't viable in his company anymore and he didn't want to switch companies

theres cybersecurity professonals here too? 😮

maybe i will be one of htese professionsals someday...

what sorts of job titles do stuff like malware analysis and research?
i think these job titles sound interesting to me:
-malware analyst
-malware researcher
-cybersecurity researcher
-cybersecurity engineer
-cybersecurity architect
-cybersecurity analyst
-reverse engineer
-exploit development
is there other job titles you think i may be interested in? this is mainly to help me google search for internships and jobs
im taking a web security and network security class and i think those are interesting too

Heck yeah there are pros here. I'm on an IR team and use THM all the time. You can't know everything in this field and it's a great platform to level up on knowledge.

is there a lot of overlap with malware analysis and exploit development? i think exploit development sounds like an interesting job

Not really tbh. AFAIK exploit development is all about taking potential vulnerabilities and weaponizing it into an actual proof of concept. Malware analysis is breaking down and reversing malware to understand how it functions and the indicators of compromise.

The key thing is that malware doesn’t always use exploits or 0days. You can definitely learn a lot about TTPs from doing malware analysis, but it isn’t as close to exploit development as you might think.

Yeah not really, but they use some of the same skills and knowledge

i think i understand it better now thank you for the explanations 🙂

you wont really find many positions titled "Malware Analyst", you'll need to look for things like "Security Researcher" or Cybersecurity Researcher".

it's generally an opsec concern for the company unless they're a large firm (i.e. Crowdstrike)

ok i wll do that thank you 🙂

Gave +1 Rep to @languid hearth

What got me interested in it is the stuff they cover in the GIAC Exploit Researcher and Advanced Penetration Tester cert

I need to go shadow someone or something 😄

I know nothing about this other random course, but this syllabus seems neat

I'll be doing GREM in a couple of months

I expect that I'll wind up taking that sometime within the next 6 months, you'll have to let me know what you think

they switched from IDA to Ghidra which is cool

how to start in binary exploitation..hv thought of start learning but always get my foot behidn for that

oh neat. I don't have real experience with either, GXPN touches on gdb but I've only really kinda of heard about ida/ghidra

there's a huge difference between disassemblers and debuggers

really you want to use a disassembler and debugger in conjunction with each other

you'll probably learn it in GXPN

https://github.com/guyinatuxedo/nightmare

I don't think they mentioned IDA at all but I'd have to take the book off my shelf and I just got it organized 😄

nothing about ida in SEC660, but looks like I'll get to learn about it in SEC760 eventually

Haha good to know

Hey folks, I came across a cool podcast episode that has unique information coming from a cybersecurity recruiter. I have no affiliation or anything, just thought some of you might like it. It's relatively short. https://anchor.fm/ayo-adeojo/episodes/Ep-6-Special-Guest-Kim-Stephen-Cyber-Security-Recruiter-e17iv3c

Got the role as a Cybersecurity Analyst, it's been a long journey from the helpdesk to this point and I wanna thank TryHackMe for all the advice

gz

I took the GREM course many years ago, never took the test, it was a great course then

hlo

anyone

?

🙂

Wwyd? I got an offer a month ago, I countered , they countered with 8k more. I kindly reject the offer. .A month passes by. During this time I notice another position (senior) opens up.. so now their down 2 positions.. Today I get a email saying they reconsider my counter offer and are offering me what I asked… would you take it? Would you decline because they weren’t really transparent in the beginning??they are in a pickle to fill positions? Who knows.. Just wondering your thoughts.

They're in a pickle and likely need positions filled now. They may have had other candidates nowhere near as qualified as you, or had others who negotiated too high and weren't as skilled, talent pool might not be there, etc.
Ask yourself why you applied in the first place. Is this some place you'd like to work? What are the pros/cons for making the change?

You have expertise in the field of IT security and are looking for a new challenge, then apply to join our team at Bosch!

https://jobs.smartrecruiters.com/ni/BoschGroup/e5195c50-f92f-4b83-8d58-14643a5889b4-it-security-specialist-capability-expert-eg-15-m-w-div-

Awesome. Probably better off in #jobs-board

Might be able to get a recruiter role from staff.

Will do so, thanks!

Gave +1 Rep to @dapper depot

Figured out that i have no permission to send that messages in #jobs-board

Yeah you need the @.recruiter role. I assume a staff member can assist with that.

Maybe @tacit bobcat

That's a muiri thing

Thanks for responding 👍

I'm not a recruiter, only wanted to share this job :) so feel free to share or apply

And thanks for your support for clarification 🙂

The "join our team" bit got me. Could only assume you were recruiting.

how far off is the 8k more from your original counter?

Might have been a budget constraint. It can take time and approvals to get budget allocation increased for a hiring position. 🙂

Do you want to work there? is the offer fair? Often times budget constraints limit giving someone what they ask. Maybe they wanted to hire you but what you asked was outside of their budget for the time. They may in reality offering you the 'new' opened position that had more budget allocated

Is this a good place to seek career path advice? Kinda new to the community. Striving for a career in penetration testing.

if you have a question, you can certainly ask, lots of people from different background here

of course sometimes advice may be country specific so keep that in mind

okay well I live in the US. well so far I have A+ Sec+ and I have attempted Net+, I do all kinds of home lab projects and hardware repair/builds in my free time and I plan on applying (again) for some entry level positions very soon to build my experience. (have already done 6 month help desk internship with local hospital.) But my current employer is offering 100% free tuition up to a bachelors even for part time workers. So my question is should I go for a bachelors even if I don't exactly need it? Couldn't hurt right? Still getting certs and experience wherever and whenever I can.

Bachelors degrees are still important for many/most companies in the US and there is a lot of bias that exists that may limit mobility within a company or prevent you from getting a job.

One thing to consider is, can you move upward in your current employer? what does getting tuition assistance bind you to? Many employers require some payback if you leave. I know the company I work for requires the past year tuition assistance paid back. (i.e, if you get a bachelors degree, 6 months after you graduate, you leave the company, you owe 6 months of tuition back to the company)

No my company is offering 100% free books and tuition period. only requirement is you have to stay employed and maintain a minimum 2.0 GPA

and no payback if you leave right after you graduate?

and yes, while i do not currently have a tech position with my company, they are a huge company and there is opportunity to move up to a tech field within the company which I have certainly thought about.

no payback

ahh ok so thats a good thing, I'd say go for it

not that it matters really but the company I currently am at is walmart. And while it's not my dream job, they do have pentester positions and other entry level tech positions I could potentially transfer to if I relacate.

**relocate

I'm just asking because I have asked this question on multiple places now and I get a lot of mixed answers. Some say degree requirements are going away for the most part in this field and make it sound like a waste of time, others say it will make the uphill battle a little easier and make you more money in the long run and tell me go for it. Just wanted a few more opinions

Generally a degree will never hurt and can greatly help. It can help with advancement later on too

Before making any decision, look at career progression and starting salary metrics for 4 year degree vs 2 year degree vs certs only - It'll give you much more information to decide how much debt is acceptable for you

They said the degree is 100% employer paid

Oh, that's a no brainer then. That's free money.

And I wouldn't say that degree requirements are going away in cybersec; from what I've seen its one of the few domains where not having a degree doesn't hurt you.

Or having a degree in another area doesn’t hurt either

I’ll say I’m a bit biased as I work for a company that rarely hires people, even in cyber, without a degree

even if they have had a previous job in a similar/same position elsewhere?

The company I work for likes to think of itself as a meritocracy - there are a lot of people with degrees, but there are also a lot of people who do not have a strong academic background. On the engineering side, there are a LOT more people with degrees compared to consulting.

Yeah and if they do hire you, you’d be paid less than your counterparts

Yep

A degree has a much higher expectation for general competency, almost universally

It’s not impossible, like if you have 20 years experience, then a degree is definitely less emphasized

if you have 20 years of experience, you are being hired for a very different reason than someone with a MS for the same type of role

Yup

Like I run into someone within my company without a BS every once in a while and generally they are ex military

To give a related anecdote, a good friend of mine has been a network engineer with a mind towards security for almost 30 years; he now does client solutions architect work for a distributor/vendor. When he and I were collaborating on advancing a vulnerability management set of policies and procedures, we were approaching the problem from very different vectors. We each brought value, from our experiences and knowledge. He was very much on the 'here's how to do it right' and my perspective was oriented towards 'here are the edge and corner cases of the argument we are presenting'

That’s funny considering teaching people edge cases are one of our biggest challenges

Also lack in trust of decision making

Proof writing coursework was probably the biggest help to me on that project.

unfortunately the real world doesn't work the way I'd like, but I firmly believe the only base competency you need to make it in cyber is a high school diploma

its sad to see companies shrink the talent pools

And there is nothing magical about a degree but it shows a few things 1) you can write somewhat 2) you can research somewhat and 3) you have tenacity to follow through. In a world where your competition has degrees, it becomes a differentiator

schooling is also not an option for some and even harder for neuro-divergent folk who are all capable of learning on-the-job skills quickly

It can be harder but that isn’t really going to change minds in hiring practices and bias

no argument there, but gotta put that good juju out there and hope for change

15

o damn that is quite big

so they now offering 23k more than their original?

Yes and yes. This may have been the case, but confused b/c I was well in the range they posted

I’m 100% for making school and vocational training easier to obtain for all, even given that, won’t solve the cyber problem

Yea!

Cannot agree more. the world has changed since the blue collar factory days, and the educational system has not kept up

all valuable input thanks everyone! I've been on tryhackme all day and forgot about this chat haha

But I enjoyed reading your opinions thank you

I am someone that has never wanted to go into debt over my education so it being offered for free just seem like a terrible thing to waste. I plan on getting much more experience in as I go but I think the degree will certainly help me in the long run. I am a pretty independent learner and very hands on, I'm sure I could get somewhere without a degree but I don't think it will hurt anything if it is free.

Hiring for Security Analysts based in Tampa, Vegas, or Dublin. 1-2 years of experience preferred however equivalent knowledge is good. If you have completed the Cyber Defense pathway and like to spend time working on your homelab this is a good role for you!
https://reliaquest.wd5.myworkdayjobs.com/en-US/ReliaQuest_Careers/job/Las-Vegas-Office/Security-Analyst_R10813-1

hi

what shuld i choose in 10th grade to become a cyber hacker

its my dream

Oscp

is security engineer a combination of an offensive and defensive cyber security ?

Depends on what the organization needs. Could be any of the above, could also be a technical analysis of other business requirements to determine what security needs to surround those requirements

Hello guys, someone know , if this certs worth ? https://iclass.eccouncil.org/wp-content/uploads/2021/11/Web-Application-Hacking-Security-Program-Guide-2.pdf

does the rooms in THM give me exp with defensive tools like splunk ?

i mean good enough for a job

As a general rule, if it's EC Council, skip it.
If jobs in your area are looking for it, then maybe 🤷‍♂️

I am not against the EC-Council, there are worse certifications, in my opinion OSCP does not teach anything, the course is poorly done and the exam is what I do every day on HTB or THM. Good courses are the ones that explain very well the things you need to do, in my opinion OSWA is already a good course. This W | AHS would also seem like a nice in-depth course.

INE too is very very good

Ec-council isn't an ethical company and also what their certs depend on are often counter to reality. Luckily, their certs have been fast falling out of favor.

currently offensive security is also becoming hated by people. has already become the new "pay harder"

OSWA cost me 2500$

i have a problem

i think i will only do this in my whole life

I cliked on a IP grablink 1 days ago and now my connexion is slow and crashsomestimes also discord tell me your WIFI not securised

OSCP isn’t hated by employers, it’s your choice, no cert is better than a cert from ex-council

I have no idea what your issue is, but this isn't the channel for it... try asking in #general ... if you think your system is compromised, a reinstall is in order

I take courses to learn new things, not to wave my certificate. OSCP is useless, and in my opinion it doesn't make sense. Every day all of us including the people who use HTB, do CTF all the time. OSCP teaches nothing, it's just a challenge. Nothing more, eg I have read several blogs of people who have OSCP and they say what I am saying. If one day I had to take it to remove a doubt, I would say the same that it is useless.

I have linux mint

no one is arguing against what you are saying... Certs, in general, are an HR filter. OSCP is not useless in that regard

Damn, I recently got advised to go for OSCP by my technical interviewer. 🤔

Because lots of companies, in US and Europe and maybe elsewhere require OSCP

Because it is seen as good by HR, the same is true for CEH, it is always seen as good by HR but not by the community

I figured that's the case, still demoralizing to hear that it doesn't seem as beneficial from a learning stand point.

If you take certs to learn stuff then definitely no EC-Council
By all accounts all you'll get there are outdated or outright inaccurate stuff..

CEH is not always seen as good by HR. If you are in India, CEH is seen as good but outside of it? Nah

in my country yes

is a good certification for all companies

Just think about it, what would OSCP teach me about what I already know?

It is definitely a beginner cert, only touches on a small aspect of pentesting and isn’t real world like

Then go for it, it won’t teach you anything

Then go CEH for the HR filter, but again, don't expect it to actually be useful to you.
If companies around you are behind the times then you just have to go with it 🤷‍♂️

That said, I would be interested to see one of the new AD exam environments.

Initially I wasn't talking about the CEH, but I was talking about the new W | AHS certification, the course seems to be very very good and it cost 500$ OSWA is same course and cost 2500$

Yeah, we’ll see how well that goes, so far people are either completely stumped or say it is essy

Here we are only talking that one is offensive and one is EC. But the fabric is always the same.

Regardless of the course, EC-Council are still unethical and slimy af.
New certs often also take a while to gain traction, but who knows, maybe it will be useful in India? 🤷‍♂️

I would, uh, also be astounded if they've actually managed to make a good course*, but who knows

• without ripping off infosec content creators, which they've demonstrated they are really rather good at

Not to say other companies are necessarily ethical, granted, but at least they don't have histories of sexism, plagiarism, and possibly transphobia depending on how you read removing inclusive language from plagiarised blog posts

Actually I will do OSWA, but only to have an offensive certification. But I'd be curious to see how they structured this W | AHS

Alternatively, do what a lot of other people do and download the Web-200 syllabus and follow it. No one knows if web-200/OSWA cert is a good cert as of yet and it is most likely too new to be an HR filter

.

I would skip OSWA and go for OSWE myself -- not least for the price, but also because it's a known and trusted cert

there are splunk rooms, yes

But if web is a weakness for you then OSWA might be an idea? Up to you 🤷‍♂️

nah i mean does they give a good enough exp for a job requirement ?

can't really give an accurate answer to that

Lots of companies want to see a Splunk cert

If not previous experience

so the rooms are not enough

as a proof

but they are enough as a knowledge ?

I think they are a start, Splunk had some free training on their site if you want more in depth

splunk fundamentals 1 is free on their site

Yeah, for splunk, their certs are better proof I believe

Common interview questions and “basic technical tasks” I should prepare for, for a software support role

Please help

The role is taking tickets and doing customer service

I'm not sure if I should refer to cyberseek if I live outside the US.

nah

not for pay but for roles, I think it still applies on some level

Could hands-on security fundamentals learning replace certs?

I'm a bit anxious about spending money on a cert then failing the exam tbh

If it isn't a true entry level cert, don't spend your own money on the exam

rule of thumb for professional certs is that if the company doesn't value it enough to pay for it to advance your career path, it's not valuable enough for your job to get

Noted. But as a noobie trying to break into tech before breaking into security. What should I be doing? Because I've applied to over 60 jobs on different websites but got no interviews. I'm clearly doing something wrong.

your resume may need work and also, are you applying for the right jobs? Do the jobs ask for certs? Certs are a differentiator and yeah, fear of failure is understood

I went back through the applications to get some info. only 15 out of 65 applications were viewed on LinkedIn. The majority were Technical Support roles that asked for a Bachelor's degree among other things (I don't have a degree yet). Almost none of them asked for certs.

getting past the HR filter is the first filter

if the company has a BA or BS requirement, the only bypass would be a personal recommendation from a well-respected and linked employee to HR. That said, other HR filters can include accreditations or work history

I have none of those.

This makes me think going for the comptia certs is pointless at this stage of my non-existent career

A+ and Net+ gets you in the door for on-site support for basic tasks like setting up workstations/laptops and help desk for resetting passwords and such

If an entry level tech support role is asking for a BS, either their expectations are skewed or they are not entry level

I spoke with a recruiter about a position and they said the hiring manager was going to look at profiles for the position. This was last week and I haven't heard anything back yet. How long does something like this take?

Maybe depend on how many they have to look at, ask for a follow up.

Depends on the company, whether the recruiter is a direct employee, a contractor to HR, or a vendor filling roles for the company. More indirection is less time to wait (seems counter intuitive), as the vendor and contractors want those roles filled as their contracts likely depend on the hire to get paid

The recruiter is a vendor and the hiring manager is for the actual company. I asked for a follow-up Friday. So should I wait until this Friday to reach out again if I still haven't heard something?

last friday or 2/18?

and even then, that can be iffy

I mean you can apply to jobs asking for a BS, but I would expect them not to even consider you

I first emailed the recruiter about an update last Friday, 2/11

Don't a lot of people land jobs without degrees?

Btw I looked at my resume and the things I've done other then pass the A+. It's a barren land.

I need to work on my self and do some projects, make a homelab, etc. Instead of relying on entry level certs to carry me.

I found Roppers Academy which seems to help with that.

Oh I'm getting an Associate's degree very soon so that should make things a little better, then another ~2 years for the Bachelor's.

When transferring to the 4 year, be sure you've gone over what credits will and won't transfer, and what credits you can and should (or shouldn't) apply so you can complete your degree on your timeframe

I ended up having to re-take a course during a summer quarter because of a university rule about sourcing credits for a minor.

Security, saw that in one of your previous messages, isn't necessarily entry level. A degree is what gets you in the door with less experience. With entry-level IT, degrees and experience aren't usually a requirement because it's understood that the position is foundational

Noted. Thanks

Gave +1 Rep to @flat sedge

Junior/entry level IT jobs are uncommon here. There are around 1000 jobs on linkedin overall. I can safely assume the bigger the economy, the less reliance on degrees there is. I'll keep what you said in mind. Thanks.

I would say 'it depends', in a highly educated potential workforce (aka BS degrees are common), a degree because a base level. Now it may be possible to get an IT job without a degree but it can also be harder and if you are applying to jobs that indicate a BS degree as a base requirement, I would not expect they would look at you.

When we have job openings, we usually get 50 applicants for every job. For those jobs, 99% of the people that apply have a degree.

I see

An org without having a minimum educational standard may also lack maturity in many areas - they don't know what they need, so the requirements are less specific

that's not always the case, though

Hi I just have a question about a university decision

Would you think it's smarter to go to a place like Europe where they're schools are practically free but recieve lower tier education or stick with someplace that has high tuition and high reputation and try to dig myself out of student debt?

lower tier as opposed to where?

I honestly don't know but there's a school ranking and schools in Europe that I'm looking at are lower tiered on that than they are in the places I've gotten accepted

They are tiered in like best schools for computer science and cyber security

What country are you in currently or if you don't want to get specific, geographic region

Also, the best school for any degree in your country, is in your country. University recognition and standards set in your country are what matters

The university "tier" list are also somewhat garbage and really shouldn't be given any credence

I'm currently residing in Canada and have gotten accepted for Waterloo, Saskatoon and Alberta

Still awaiting Toronto but money is an issue

Canadian schools are fine from what I've heard

The problem isn't the actual school it's the money to go to those schools

You shouldn't absolutely drown yourself in debt to go to a perceived "better" school

Also look for scholarships and grants

Ooh I gotta get on that

Unfortunately applying for scholarships is like a full time job

The only schools I know of in Canada are McGill and Bishop

Right but are you going to let that stop you?

If you are, no offense, you're going to need to do some thinking and get your priorities straight

I don't want to assume about your situation though

Heh I think it would be easier sitting at pooter and applying than travelling to a new country

It's hard to go to a different country

I looked into it and ended up staying in the US

Thank you for the advice

Not a problem

Debt is about what YOUR comfort levels are going to be.

I could have gotten the same degree from a same-tier school for 1/2 the cost - the extra was worth it to me to have smaller class sizes

And, that student debt is going to be paid back in the worst case over a long period of time; is it worth it to to start with a 15-20% higher wage than someone without the BS and walk away with minimum $40k in debt? For me, that calculation made going to school worth it.

I have a general question, what would the best way to go from like a GRC position to something a little more technical like red blue or purple teaming. would it be more worth while to try to laterally move in company or apply exteriorly

One thing to consider is where you go to school is where you will make your first employer connections and where you most likely will find your first job after college. One benefit of traditional colleges, in general, is they will have connections to various companies and should have ability to provide connections for internships and later, your first job after graduating. This is also something to consider for schools within your country. Unless you want to live in Europe after you graduate, I'd really heavily consider staying in country.

yes, try to move laterally, see if your company has stretch assignments, see what skills they want and try to build those skills

Do you recommend to buy EJPT exam ?

There are lots of great schools in Europe. I got my BSc and first PostGrad from a great university and most of the big tech, finance, pharma and cybersec companies have their European bases here so they recruit out of local universities all the time. Finishing my second PostGrad in a different college but they're equally highly recognised and the people I'm learning from are well connected.

Quite a lot of the higher tier positions expect you to have some degree of 3rd level qualification to show your aptitude but it's not always required. There are a lot of people with BSc/MSc degrees here and a lot of people maintain some pedigree of professional certs too. You have to be able to demonstrate your capabilities to the automated applicant selector, the HR people, the hiring manager and the team you want to work for so get and demonstrate the skills you need for where you want to go

The course for it is free in the INE starter pass. It's fairly high quality and will teach you a lot, very similar to some of the content on THM. The certification will demonstrate to employers that you're on a path but you will need to show intent by following it up with another pentesting cert, either the eCPPT that follows eJPT or the OSCP or both.

The cert will teach you to work in this field under a little bit of pressure but it's not going to be too challenging if you do the course. you'll have 72 hours to answer 20 questions. I'm planning on taking this cert soon

https://checkout.ine.com/starter-pass

It is useful to learn the ropes for an entry level IT position. The schedule on this course is 6 months but it's purely down to you. If you're already interested in cybersecurity it can be a useful stepping stone as most of us start out in support roles of various kinds when we enter the field

yeah, i think im starting JR Penet. Path

maybe that will help me too

im only 16y at this moment

im not hurry 🙂

THX

Hi, i was wondering if having experience in CTF, bug bounty and certs will help you get in cyber security collage or is it purely based on my academic grades.

I personally have never seen that asked on a college application. You may be able to add it in some sort of outside activities section but I'm not sure? College applications are looking for a well rounded individual though so depending on how they treat it, may help but could also hurt

You could mention you do this sort of thing during an interview.

interview?

Some colleges do interviews after applicaitons?

but basically getting into college is a mix of grades, test scores and also extracurricular activities... you can mention extracurricular activities but it won't make up for grades and test scores

I don't know, maybe some fancy ivy league schools do interviews?

It does depend on the college really. Academic grades are very important but sometimes it's enough to be able to demonstrate your interest in other ways

Like in my country you might be entitled to a placement based on maturity (23+ is classed as a mature student) that might allow you to bypass other academic tiers like secondary education but might require a combination of experience (professional and development/educational) to get a place in college. College placement isn't always a requirement in the cybersecurity field as long as you pursue excellence through other means

if you’re in the uk and don’t wanna go the university route: https://www.civilservicejobs.service.gov.uk/csr/jobs.cgi?jcode=1771390

well I'd say it really, really depends, like if you have a 2.0, getting into a college is a challenge... if you have a 3.0, extracurriculars can make the difference

Hey not sure if this is the right spot to ask but i wanted to start making a blog/site where i can post my writeups and other work i do. Is github pages a good place to start or any recommendations? i want to do this as something i can add to my resume and show what ive done.

Github seems like a popular choice

I personally use a hosting provider

github is fine, standing up your own blog on a VPS goes the extra mile though and shows you have a little more know-how, just my two cents

getting words on paper (screen?) is the most important thing though, whatever enables you to write easily is the right solution

There's a lot of value, eithe way. It's more important to be able to form a coherent thought about why you chose a solution than to be on a particular one.

'my lab is complicated enough, i didn't want to have security implementation be the main focus having a blog' is a perfectly acceptable answer

fair point, literally just having a blog and semi-active Github was a difference maker to getting my last role

funny when I was doing resume review by the end of my tenure there, so many people would say they're into programming, et al. and not link any projects!

i ran into that a few times

where someone was coached into having things they didn't know about as 'interests'

my own github is pretty empty, but that's because the code i have written isn't mine - it's also ok if all your programming work is privately owned by previously employers

that's what code interviews are for

Thanks for the tips everyone, i appreciate it. I think ill go with github pages for now since it seems simple enough but maybe once i get a little more advanced and progress down my career, maybe ill move onto a hosting provider

There are code interviews and code interviews. I personally dislike the competitive coding and niche algorithm implementation ones.

code interviews are tough to plan

either the problem is too trivial, or else it ends up impossible. what the code interview is really supposed to show is your through process to approach a problem - first with the whiteboard, then a short code solution

Oh. Doing it on whiteboard makes it even more fun.

But I'm pretty sure about every company is doing it online these days.

https://www.reddit.com/r/recruitinghell/comments/qhg5jo/this_resume_got_me_an_interview/

Sweet, I will steal this and change the name

... a recruiter reached out to talk with me and suggested a time. Without specifying the time zone, and on my time zone that time today had already gone.

https://www.offensive-security.com/offsec/cybersecurity-job-with-no-experience/

Might be helpful to check out for some people

Still no luck yet with my internship search... I've been meaning to try to start up a blog soon and add some writeups but it has been so tough w school. sigh

no worries man. getting an internship is a numbers game you just gotta apply and apply and apply. also for the blog, getting into the habit of writing is whats important. dont compare yourself to others out there and do a bit everyday. 👍 gl mate hang in there

appreciate it man, I'll never give up

Yea man, keep applying. Even if you dont meet a couple requirements, it won’t hurt to apply. For my internship, I don’t have a 3.0 and still got hired which then they offered me a position at the end of the internship. Can’t get hired if you don’t apply;)

As someone who's sub 3.0 as well this gives me hope 😂

Haha good, I’m sure you’ll get one too just keep applying

Are there any 17A/17Cs here? I'd like to speak to one if possible.

Nice one 👍🏻

I know you have something interesting you would like to share with others within the infosec community. BSides Knoxville is your perfect opportunity. The Call for Papers is now open, so don't delay. Submit your talk TODAY! https://www.papercall.io/bsides-knoxville-2022

Hi everyone, justsaw this and know some of you might like it:BHIS is currently looking for seasoned red teamers and web/mobile app testers.

We do need people who can hit the ground running.

So yes, experience is an absolute must.

Please send your resume to jobs@blackhillsinfosec.com.

Accepted an offer and letting my boss know tomorrow I’m leaving 🙉🙈

Congratulations 🙂

for certs should i focus on taking network + then sec + or can I skip (or is that a good idea)

Do Net, then Sec. Understand the fundamentals so you understand how and what to secure.

Depends on the requirements of the job you want. Controversial opinion here, but for security job skip net+ cert. Sec+ has no prerequisites. Though there's lots of networking stuff in a sec+ exam, any sec+ prep course will teach you what you need to pass sec+. You can learn all the networking stuff you need without paying for a useless cert.

What is considered technical experience, working at a company or having hands-on practical work?

it's not work if you aren't being paid for it - it should only go on your Work Experience (or equivalent) section of your resume if you received money to do that work

So any homelabs, scripts, projects, blogs, etc, should go in a Projects section?

I'm trying to figure out why it's recommended to work in an unrelated field to security before transitioning to security. It makes no sense.

Something along those lines - don't dedicate a large amount of time and space to that section

Once you understand security a bit better, it will make more sense 🙂 Security is not an entry level role almost all the time

I don't have much to add anywhere else

You could learn much more with dedicated labs imo

that's fine; it's more important to be 100% honest with your resume than to make it look impressive

not really. There are a lot of aspects of security you can only learn through experience by working in a non-security role with people in other departments

effort for baseline config is one, best practices, teamwork collaboration to name 3

I followed up with a recruiter about a Network Security Admin position Friday, didn't hear anything back. Followed up again yesterday asking if the position was filled and about a couple other positions. They replied back with contacts for the other positions, but ignored my question about the Network Security Admin position. Should I move on or am I just being impatient?

hmm thats very weird that they wouldn't just say the position is still in progress or not available

They sent my profile to the hiring manager last Wednesday. Idk how long that part usually takes. But I'd like to know if I'm still in the running or not :/

About to break the news to my boss. So nervous 😬

So this is something I'm curious to get feedback on, but I feel like a fake cybersecurity professional for not wanting to be technical lol. I'm trying to pivot from IT and folks say my resume fits well for a security engineer position, but I just don't enjoy doing the nuts and bolts implementation stuff. I have a wife and son and want hobbies outside of work. I'm very analytical. I love picking things apart and reporting on what I find more than I do implementing, designing, responding or operating if that makes sense. Obviously I want to continue learning and developing as a professional but the technical side is exhausting and I just want to have a 9-5 so I can be with my family lol

well you'd likely be a good fit for an analyst role which what I do, still technical but don't deal with operations stuff

SOC/CTI Analyst are roles you could look at specifically

Yeah, I'm in an engineering role and I get handed buckets of parts and have to tinker and put stuff together. Also do a lot of documentation and pre production testing on outside software

Analyst, as droogy said, is probably what you're looking for?

I haven't done implementation for I dunno 16 years? its been a while... basically, I like the design aspects. Which means sometimes picking things apart, figuring how things work and then making recommendations/design decisions

What should i know if i want to be a freelance web pentester?

How to be a pentester, finding a good lawyer and writing a SOW

“Under duress, we do not rise to our expectations, but fall to our level of training.” stay on that grind y'all

You already did it? If they were a good boss, ask them how many weeks left till you leave would work out for them. Helping people leave everything "tidy" before you leave can go a long way towards helping you earn a reference, and who knows...you never know when you'll find them again in life.

Yup, we’re all good, no bridges burned.

thanks much appreciated

Gave +1 Rep to @inner elm

thanks much appreciated

Career advice

As someone who owns a small business I haven't taken profits in over a year. I keep putting straight back in 😂

Maybe in 5 years I'll be able to start taking profits and let it run itself but doubt it. I don't have the passion for it like I used to 3 years ago when I started

Hey guys can someone explain me how is a bug bounty hunter and web pentester different.do they have different methodology.And do organizations hire web app pentesters specifically.

Love this. I think knowing what you want out of life is far more important than any technical or non technical skill. We have plenty of experts who write White-Papers for a living.

A bug bounty is a form of public pentesting (frequently with limitations, such as reputation and a limited scope and not just web pentesting) against specifiied targets. Generally a company will post the details of their bug bounty program on their own website and/or through a reputable provider like HackerOne, Pentera, SynAck and others. You would be expected to maintain an ethical and professional approach and operate rigourously within the scope. This is discussed in #bug-bounty

Organisations do hire web pentesters but you would be expected to have a reasonably high level of understanding of other pentesting specialisations and the processes a pentest undertakes

great thanks!

Gave +1 Rep to @rugged delta

Important to add that bug bounties should not be relied on for money and are not stable sources of income if thats what you are going for.

Yes that's very true. You would be in direct competition with other hackers and the value of your bounties can vary greatly. Most people who do them would do so as an extra-curricular activity, a learning exercise or a way to refine your craft while also holding down a full-time role. It's only when you get to a reasonable level of skill that you could expect that income would be substantial. You may also need permission from your employer to undertake work for another organisation, to ensure your personal activity doesn't negatively affect your work performance

I was just wondering about different pathways to get a job as web pentester

Hi there!
I have a question: Do you think that THM has enough tools for me to graduate and start working in the market as E.H or some branch related to Cyber.S?
Are certificates something valuable on the market?
I would love to see what do you guys think about this
Thanks in advance

THM has enough resources and materials to help towards a professional position*, relying on THM "certs" and badges won't do you much as you can really just sit copy and paste answers.

• What I mean is, the materials used and stuff you learn will help you in other places, but it won't be enough, you will need professional certs.

Certificates are not certifications and shouldn't be displayed in a way that over represents your professional skills. Certificates merely say that you have completed the work. Certifications, which can be placed in a main resume section, both show you have completed the work but also verifies you have done it. THM is an excellent tool for your learning but its also important to realize that it's not professional experience. Certicates, THM, and other self learning resources should be placed into a extracurricular or a projects section at the bottom of the resume.

In short, I don't think it's likely you'll be hired as a pentester or possibly in Cyber Security with THM only. You'll need actual professional experience in another area, IT is an example, as cyber security isn't technically entry level. On top of that, pentesting is an even more niche area within Cyber Security which makes it less likely to break into as entry-level.

What is an "entry level" for you? (profissional experiencie speaking)

Like, Help Desk ?

First job in IT

Depends on your career path, your background, and what you aim to accomplish with your career.

Entry level is usually people with 0-2 years of experience

Depends on the org though

Help desk, tier 1 support, jr sysadmin, jr netadmin, jr dev are all entry level roles requiring a minimal knowledge background

I see...

Having a degree can also open some pathways that wouldn't otherwise be available

My plan is to learn as much as possible on THM and then go to Hackbox too (Sorry if its against the rules talk about another site)
But for now, this is my short term plan

Both are good self learning resources but neither are professional experience

Ye.. I see what you mean

Entry level to security does not mean the same thing as entry level to the rest of IT.

Entry level security roles usually require 3-5 years of experience at minimum.

3-5 years of experience in a domain that is not security

(Sorry if its against the rules talk about another site)
All good as long as it isn't a direct comparison (in either direction), or designed to cause trouble -- neither of those apply there 😄

I personally think that getting an entry IT position, continuing with self learning resources, and then getting something like Security+ would set you up for success

Not sure where you're located, but a degree may be a HR checkbox. I would consider going to a community college

Lisbon, Portugal
To be honest with you, I have a full time work and going to college now its a little bit hard for me
What I am looking for is to self learning trough internet , get a couple of cert. and somehow start working in an IT area that I would like
By the way you guys talk, it won't be as linear as I'm saying 😅

Don't stress too much about it about my man. Don't rush it. Visualize where you want to be within 5-7 years, gather the data about what's needed for that and start working towards that. If you land a jr sysadmin or jr dev role that doesn't mean you wont be able to switch over later or that you will be excluded from other security opportunities. Focus on developing your skills and building a reputation and doors will start opening sooner or later.

I started studying on my own programming and realized I wanted to get into security back around in 2017. Got my first job in 2018, doing some basic python scripting and helping with some networking stuff. It wasn't until 2020 that I managed to move over to security (even if it wasn't THE role I wanted) and only 2 months ago I got to a job similar to what I had been looking for.

How important are cover letters?

I submit them

I'll make one tomorrow then 💪🏻

i mean if you are taking that as legit advice , Be ready for the biggest burnout of your life, People arent machines they need breaks and vacations

They're slowly falling out of favour but still expected most of the time

lmao, Actually I was waiting for someone to talk about the ending part of the video 😂

yeaah it seemed like a troll but still i saw some ☝️ so i was like ayyo hope people dont take it to seriously and drop everything and everyone for bussiness because a guy said so

fun fact: that guys is a billionaire hehe

but yeah, I get your point

fun fact he might not have anyone who genuinely supports him cause it literally seems like he doesnt give a damn about anything leaving bussiness and money

which is not healthy

yupp

btw

I like your pfp

which anime

Mob Psycho 100

knew it

https://tenor.com/view/reigen-arataka-mob-shigeo-kageyama-gif-13791977

the jojo thing made me think twice idk

been a while

its reigen

being a badass

I am rewatching SAO

Sword Art Online

ezpz

got boring for me after one season

hey, may I ask for some career advice?

season 1 is goat

sure

thanks!

I'm seriously considering moving into a dedicated security role, currently I'm a web developer that specialises in security, I've found a number of critical and below vulnerabilities in my work software and other projects, I pretty much wrote our secure development policy and trained the team on technical security, I also handle the compliance side with our ISO27001 certification.
My question is: What kind of role could I expect to get? Penetration tester seems likely, but are there others? The compliance side is good but I prefer the high skill cap of the technical roles, so I don't think I'd want to do audit.

i need one too, so we'll wait for da big guys

Hey, That role part really depends on you if you like having to test things by looking at the code and finding vulnerabilites and being more or less doing sprints of asessments where you sit down on one part of the system and test it , then a pentester role would be what you should aim for,But with your skills in web development, you can also go into the Blue team side of things liek Incident Response where you wait for incidents to happen and look througha lot of stuff to see what might have gone wrong etc. basically play the police for a incident that happened, Or there is also Security Architects which basically will use yolur developments sklls and you will help organisations defence capabilities by building or setting up certain tools like MISP, Threat Intelligence systems etc.

id recommend checking out peoples experience in those fields on youtube like a day in life and advice from people in the industry to help you narrow your decision, I personally work in Incident Response and find it very fun but there are others who really like the attacking side and its always great to see both persepctives

Thanks! That's a good idea

incident response could be cool, I imagine it's relatively easy to stay motivated under those kinds of conditions, and a varied work load

I do like blue team stuff

I haven't had to deal with a breach yet but I do like responding to and fixing vulnerabilities that are found

but I also love architecture!

Thanks for your words 🙏

Gave +1 Rep to @twilit arrow

yeah in incident response the workload is variable like if a breach happens depedning on the size, you might be super stressed, but in pentesting every assessment is normally more stressfull on average, But again with a good team and nice people to work with the work load is preety chill

i havent encountered them much here tbh, But depending on their location they might be needed, I personally never needed one to work or was not asked from any of my employers

If a resume has a cover letter, I'll read it. We get a lot of people who are trying to transition into cybersecurity from other areas and sometimes I ask 'why did this person apply?' because I can't tell from the resume

Thanks!

Gave +1 Rep to @quick forum

Perfect, thank you!

Good point, I'll keep that in mind. Thanks

I got a job by mentioning that i used tryhackme to learn and develop my skills it was my strong card for sealing the deal, so glad and grateful that i jumped into this platform

That's awesome! Congrats! 🎉

Is there anyone I could DM about junior pentesting salaries in the US? I'm having a hard time figuring out what is an appropriate salary to negotiate for and would love to talk to someone who has been there.

How many years experience do you have? 'Entry level pentest' usually means 'has domain expertise in relevant areas to be tested'

Gave +1 Rep to @flat sedge

Hello, I do not have any undergrad and had a diploma in accounting . I want to do CompTIA Security+ /network+ will that be enough to get a job?

You need scop 10 it is very important @balmy radish

if you have a lot of auditing experience, that could be a great way in to a GRC role

Just want to share some good news, I decided to quit my management job to join an IT consultancy company who will fund my cyber certs for me

Awesome!!! Good luck with it!!

Congrats 😎

Do employers really care which university the degree is from?

As with everything, it depends. Oftentimes though degrees are just HR checkboxes, in the US.

Universities don’t really matter although if you are looking at alternate college options, one thing to note is sometimes universities have agreements and relationships with many traditional schools. Like my company recruits heavily from various state schools

Hi, relatively new to the server & currently doing my first "real" job search with almost 8 years of experience in pentesting/vuln assessment (long story, kind of stumbled into my role as a PT intern then went FT). How essential are cover letters in this field, really? It seems like pointless fluff, but it's been a couple weeks and I haven't even gotten an HR screener call. Also only have SSCP because my current companies' edu reimbursement isn't great, and it's too late to utilize because I have to stay a year minimum or pay it back, so I started tryhackme to get some extra refresher & maybe fill in some knowledge gaps with things I haven't dealt with as much

Hello everyone

Personally I think cover letters are bullshit, however some companies do read them so to ensure you can pass the HR filters it may be good to submit it anyway.

For such companies I tend to have a template at the ready and before I fire off any of my applications I change some keywords to fit their ad

I've not got any professional pentesting experience but did get plenty of interviews without a cover letter and perhaps gotten more if I did have one

I agree, I think cover letters are a relic of the past.
If you're going to call me and screen me before talking to someone technical to get a feel of me as a candidate, then you don't need a cover letter.

I personally disagree because it helped me get interviewed but that's just me. I think at this point it helps you stand out as a candidate because nobody else is doing them because they're "antiquated"

As a (soon to be former) hiring manager, it depends on the company whether one is required. It will always be a gamble to submit one or not. Best advice I can give is to make a template where you can easily swap out words for different applications 😁

The answer to this question would require a bit more information. Location matters a lot as well as the specific part of the industry this position is in. Healthcare, government, banking, pen testing consulting firm, etc..

out of the hundreds of resumes I've seen, I've probably seen less than 20 (maybe less than 10) cover letters included, I've read every single cover letter though. Our HR is just a filter, they make sure your resume meets the appropriate checkboxes and then send the most qualified through. Managers I've had in the past have even told HR not to filter resumes, let them see them all. And for a single position, we may get 50-60 resumes (or more) and 5 that looks interesting. We aren't calling the 45 other people to ask them why they applied.

I would assume its your resume that is the issue if you haven't gotten a call back. I think you should get others to review your resume and see major flaws. You can submit a sanitized version here

I'll also say, in the past 10ish years or so, a shift has occurred in the industry where certifications are more important. They were way less important 10-15 years ago. They help pass HR filters and often hiring manager ones as well.

Hey guys, what do you think of a couple months long trial at a company before they bring you on to formally work as an employee? I'm at Uni also so it would be part time

are you talking about an internship? with no fixed end date?

Hi, I am Sana and new here. I joined this server to get the expert suggestions. Actually, I have done Masters in Computer Science with a major in Computer Network Security with Blockchain. Basically, the thesis I did was more of a theoretical and based on assumptions thing. I have published research papers in well known journals they are also kind of review based. It's been 3 years years now to my MS Degree. Currently, I am serving as a house wife and planning to move forward towards Ph.D and want to be network / IoT secuirty expert with some practical input in the field. I want to get a true experience and knowledge of networks and how they can made secure. Which programming language do I need to learn.? Any help regarding this would be highly appreciated.

Dang had an 89 day streak yesterday 😭 I forgot to log on last night to cover the 24 hour requirement and now reset to 1 day 🤦‍♂️

Anyone working on live project or tools?

Email support@tryhackme.com and they should fix it

Happened same with me 😢 174 wasted

yeah I somehow lost my streak too, but I log in every day and take a look at my dashboard every day to make sure I get at least one question answered. I sent an email and I'm sure they'll get to it eventually

Alls good @cursive shale thanks
Maybe that's my queue to get to work on a project I've been putting off then shoot for a 1 year login later

Gave +1 Rep to @cursive shale

keep up your activity so that you don't have legitimate gap, I've reduced my activity on THM so I can focus on other projects but gotta keep that streak going. Streakers unite!

Streakers you say?

I agree!

yes of course, one who maintains a firm dedication and unbending will to the art of keeping their streak up

~~ Ben has a 0 day streak ~~

Ah, okay, we have very different definitions lmao

Yeah I gave up on maintaining a streak long ago

jesus Ben

it's ok, different strokes for different folks

yeah the streakers get the best strokes

No no no

Say what is a streaker to anyone in the UK and this is what they wil lsay

there's enough questions out there for me to make sure I keep it up with just tapping on my phone

shhhhh

🤣

Thats this reply haha

as one of my favorite artists says, "The words do whatever I tell them to do."

not my fault ya'll keep your minds in the gutter 😄

Hahaha

Very true

It probably does say more about me then it does you

Will do. The last 30 or so days I've only been doing 1 or 2 answers per day bc work got busy and my server rack expanded by about 3 times the size

Can THM help me land a job?

Did for me

Random question, how did you get the “talk-with-us” role?

I mean I can add whatever roles I want to myself, as long as they rank below me?

I have access to the channel no matter what, as a mod.

Oh cool

Does the role have any meaning?

On me? No

on what level do you need to be to know you have enough knowledge to get a job?

THM level? They don't mean much in terms of skill

can you get enough knowledge from only thm to get a job

Maybe?
Don't limit yourself to just THM though.
I'd definitely support your learning by researching and reading. Learn about security from a business perspective too, not just technical.

i want to get a job in this field but i have the feeling that i never fully understand something is that just a matter of time is it or is it just not for me i can answer most questions but often not fully understand it

That very much sounds like a personal question. Everyone learns differently, perhaps you need to focus on the fundamentals a little more and pay special attention to how things link together

okay ty have a nice day!

Gave +1 Rep to @quick forum

Wondering if it is better to stick with THM and the like content or focus on studying for Sec+

Any help would be great

I have found myself gravitating more towards the Red Teamer side of the industry

https://tenor.com/view/why-not-both-why-not-take-both-gif-11478682

the sec+ is a solid cert and will only help your chances, but neither is exactly a substitute for the other, that's why I said both

but if you have time for only 1 I guess it depends entirely on your priorities and what you're trying to achieve in the near future

Gotcha

Thank you

THM will pave the way for Sec+ 🙂

I found this interesting LinkedIn post about job hunting.
https://www.linkedin.com/posts/stefan-wa_cybersecurity-data-jobhunting-activity-6901531389234171904-BeKH/

@tall root thanks for the share. I read it. Never thought of that. Finding “hidden” roles is just like enumeration haha.

Gave +1 Rep to @tall root

Now if I could just write a script or a tool to automate this process, I would save myself some clicks

I'm doing this hacking thing for fun. I still wanna get certs.
Why do people recommend Security+ isn't it pretty basic? I was planning on getting the eJPT cert then the OSCP, people seem to get the Security+ first which seems from my point of view can just be skipped because of how basic it is.

by that logic oscp is basic too

No it's not.

Isn't the sec+ just stuff like "This is what an IP address" "A firewall stop things"

security+ is entry level security, oscp is entry level pentesting

it’s a bit more detail than that

security+ also covers all areas of security

I was thinking though, if you just want to learn about pentesting and you get say the OSCP doesn't the OSCP superseed Sec+ and if really doesn't matter at that point if you have it or not.

well the more well rounded you are the more desirable you are

Sec+ is entry level for cyber security and oscp is entry level for pentesting. Pentesting is a specialized field within Cyber Security

as a pentester you need to know more than just get root

Interesting, wouldn't the OSCP cover what you need to know though?

Beyond rooting?

Pentesting is not an entry level area as well as cyber security. By having sec+ it makes you understand some of the underlying processes and tech in an org

No, oscp won't cover it

Because it expects you to know it from previous learning or experience

i mean in the sense that when writing about issues you’ve found for your report, security+ will come in handy to link everything together. also you might end up in a role which isn’t always web test or network test. you could be doing firewall reviews, build reviews etc

As Jake said, being well rounded makes you more desirable

If you come to me with just oscp, probably not going to hire you in my mythical company

So what will end up happening assuming you are good enough and get the OSCP and not something like Sec+, you will be missing knowledge/experience people in the field expect you to have.
Interesting you have given me something to think about. I thought people who did sec+ just did as a stepping stone to other harder certs

again it all depends

OSCP is an entry level cert FYI

sec+ is also very good to get though hr

Lul

But yes

oops

Gotta get certified Jake

who’s assessing 😳

I see, I was working off this model I found because I have no experience with certification: https://pauljerimy.com/security-certification-roadmap/
I'm just a software engineer with a degree.

OSCP is higher than a lot of others.

Might be crap though, I have no idea

just gonna leave this here

This is true because pentesting isn't an entry level area of cyber security

Pentesting is a very specific niche within the field

So while security+ would be the roots to your tree, OSCP would be the start of a branch off the trunk

I see. Sorry about being confused, I want to be efficient with my time that's all but I also have no idea where to spend my time.

Aaaaaaah that makes sense

#764491023127674910

I'm gonna have a serious look at Sec+ and see if it makes sense for me to have a go at it.

Thanks for the help and clearing up some confusion

It's affordable and can't hurt

I would definitely take it

By getting it you may be able to transition into a cyber security area and then have the company pay for oscp

I might still not take the exam because I'm really learning about pentesting for fun. I just want to actualise my potential rather than pleasing HR, but that being said I'm going to start studying for it, to learn more about and security at the same time. Then I figure out if for me personally it's worth pursing to the end.

I will say thank you to give you a rep. You deserver it man 😄

Gave +1 Rep to @stoic cave

After looking over things. Getting Sec+ isn't something I'm interested in getting even though I think it's a good certification. I evaluated my priorities and why I'm learning cyber security in the first place and it doesn't make sense. If I need it and I have other certifications I can always go back and get it if it's required.

valid

Hey Folks, Need your advise on this. Is it ok to mention in your resume about taking course on trayhackme with your username(considering if they might check)?

Why would them checking be a problem?

I would be more than happy if they check. I wanted to mention what I am doing currently.

Good to mention in hobbies or interests

Definitely do not put it down as experience

Thank you. I would certainly do as you suggest. 🙂

Gave +1 Rep to @quick forum

flowcv.io even has a tryhackme field where you can add your username and it will appear with thm's logo along with the rest of your basic information

it can't hurt to add it, and they can check if they want to

Thank you that seems to be cool

Gave +1 Rep to @cosmic ingot

for somebody who's not going to go to college, what should I do on top of tryhackme to learn cybersecurity?

cs and networking fundamentals at the very least

know any good places to read up on them?

harvard's cs50 course is a good and well known course for cs; I don't know if there's something similar for networking

CCNA and Net+ study materials are a good place to start

Anyone else get overwhelmed by all the different fields in cybersec? How did you guys figure out which fields to specialize in?

This advice seen many places. Also ctfs and conventions

flowcv.io seems neat, but strangely enough I dunno how I feel about spilling my guts here

IMO there are a lot of really great templates for CVs and resumes in LaTeX - check out running overleaf in a container. There's value to a company if you can show that you built your resume using currently-hot products

any of you guys have inspiring stories about starting to earn a little at home? even make a living out of this? pentesting ?

hey all, anyone have any insights or resources that compare cyber security to security engineer to "normal" software engineer? sorry noob here

***forgot to mention I'm referring to salaries

Anyone can pls tell me if i am just a beginner in cybersecurity field and want to be a pentester which would be good for me:- codered $5 courses or tryhackme subscribtion?

tryhackme

in my second year of college , tbh i m just wasting my time here( 10 hours) , teacher don't even know the subject properly . I can't even concentrate fully due to this. I am pretty ok with my subject and believe that i can do the studies with the online resources so i m thinking bout drop out . My concern is bout the degree.
Just need your opinion on this

How many years is your course?

don't think anyone would recommend dropping out of college, a degree helps you a lot,

Nah, and if asked Why did you drop out of college "I felt like I was wasting my time as the lecturer didn't know the subject" won't sit right either.

If you any problems or issues regarding a lecturer.

you should seek advice from your curriculum manager, explain your situation and why you feel like that.

lol I've had a few of those instructors... I keep pushing through and tell myself it's a waste of time/money if I drop to just roll with it.
Those classes specifically I usually just cram out the entire semesters worth of work in a couple weeks and not have to think about it until finals

As someone who got into the industry solely because of my first degree, I recommend sticking it out

Guys I need a bit of help please.I learned everything on my own on Tryhackme Hack the box and a romanian CTF competition. Now I landed a job as SOC Analyst lvl 1 and learned for certs . I got Az900 and I hope I get SC900 at the end of the week. But I found that I need to learn a bunch of 💩 for this certs . At Comptia security+ why do I need to learn about physical security and compliance GDPR and stuff like that ? I want to learn tehnical stuff , like malware traffic analysis with wireshark or a lot of Incident Response , Splunk, a lot about SOAR/SIEM not Regulations and policies and stuff like that. Can you recomend me some full tehnical certs ? For start I was wondering if WCNA would be a good cert because I really want to be top on network forensics and malware traffic analysis. Thx

have a look at the comptia cysa+

why do I need to learn about physical security
physical security might not be much use to your job rn but it's something you need to be aware of
and compliance GDPR and stuff like that
not Regulations and policies and stuff like that.
why do you say this isn't important? they're boring sure (imo) but you won't get far without it

I just wanted to say that in this field there is a lot to learn and nobody can master them all, so if I want to focus on the tehnical part and learn about compliance at a course or training or something

Having deep technical skill without knowing the business reasons why its needed makes you useless as a security person.

Security is a business function, not a technical function.

Security is not revenue generating, it's always an expenditure.

From the Security Certification Roadmap the Forenics /Incident Response Path is for Malware/Splunk . Besides SANS and Vendor Certs , e.g. Splunk there are GIAC, eLearnSecurity, BTLO,...

How can someone become a Malware Analyst?

kind of important thing to note:
we don't traditionally call positions that analyze malware malware analysts

it's mostly an opsec thing for the company

bigger companies that are known for Intel services have absolutely no issue labeling jobs like that because it's the whole reason while they're there

generally you'll want to learn two areas:

• dynamic analysis
• static analysis
  most people screw up the dynamic malware analysis bit, you don't want the malware to know you're in a lab - you want to make the actor think you're in an Enterprise. If you don't, you'll never get to/past c2 phases to ransomware.

live sample acquisition is the hardest part when you're an indie researcher - You'll probably want to look at sources like VX Underground, but all the c2 servers on those samples are definitely dead

you'll want to spend some time getting comfortable with MITRE'S ATT&CK framework, learning some common threat actors, how different vendors name/label them, etc. Learn about common C2 servers adversaries use, learn how Crimeware as a Service works, etc.

I had same questions, all I know is that you should study C/C++ and Golang , wireshark and reverse engineering

get comfortable with EDRs, Sysmon, Splunk, Elk, learn how to analyze IPs, URLs, Domains, understand how C2 servers operate, etc.

Noted. Thanks

Gave +1 Rep to @languid hearth

hello just need some input regarding a dilemma i have. which is better to get as a beginner or entry-level pen testing cert, the eJPT or CompTIA Pentest+?

I just got off an IR analyst role interview and he said it sounded like I would be a good fit for their threat intel evangelist role because I like to research & write about things

I feel like I'm already spreading my job search too thin (looking at analyst jobs in SOC, IR, VM, GRC) but is threat intelligence basically a good place for tech writers to go who have impossible wide interests in various areas cyber?

Yeah, wouldn't be bad

I think Pentest+ has better recognition than eJPT, but that is changing. I've done eJPT and I thought it was a great certification - it's pretty comprehensive and I learned a lot.

One big difference between them is eJPT has a hands-on 3 day timed exam, but Pentest+ doesn't (I think it's all multiple choice questions). eJPT will really help you build the confidence to take on more advanced pentesting certs.

Would it be weird to ask one of my colleagues for tips/resources to prepare for when I start working? I interned last summer with the company and the group I worked with offered me a position. The title is "security engineer" if that means anything and if anyone had any tips for what to expect for this role. The mentioned briefly I could work on either servers or desktops as well.

Security engineer, just like that is way too broad (At the big cyber vendors, that means you are a salesman). You should take a look at the position description for what you are expected to do. Ask your current (or future) manager for a 90 day plan of what you are expected to accomplish in order to prepare better.

You've been already there so you should know by now if you can ask your colleagues for help/if they're open to dropping some knowledge on you. If they were open to helping you, then yes, by all means ask for support.

Try to make quality questions. Don't bother them with stuff you could have easily found after a 20 mins google session or reading the documentation for whatever solutions you will be working with. Trust me if I say they will highly appreciate if you don't waste their time and show you put in the effort.

Once in a while ask if you can shadow for 30 mins-1 hour the most experienced members on the stuff they do. Take notes. Research whatever they're doing (even if you feel like the "I have no idea what I'm doing" dog meme). If there's something you didn't understand, arrange for a quick 10-15 min call for them to explain that specific thing to you.

And enjoy the process. Learn as much as you can and try to see what you like/don't like to better know where you will go in the future.

At the end of the day, everyone knows you're the new guy and they are expecting you to ask them a lot. Take advantage of that situation and ask as much as you can. Asking basic-expected stuff after a year in your position will not be seen kindly.

so i kinda got a peek during my internship which i did some vulnerability management and code analysis (a couple tasks I did). I wont be starting until the summer so i was wondering if itd be good idea to ask them if they had any idea how to prepare/or what i expect

Can one get away with not having a Linkedin Profile?
Would it be possible to instead have your own website?
I just don't really like the idea of Linkedin both from a security and privacy standpoint.

sure

lots of missed opportunities though

Ya you definitely don't need one, but you're missing out. Especially because a lot of jobs are posted on LinkedIn Jobs

I just got an internship through Linkedin Jobs

Yeah your right,
Do you think there is a way to use it in a more private manner?
Or does that defeat the purpose.

I guess just dont put your whole life on it.
What about your resume is that publicly available?

There are privacy settings, you can make your profile private except for people connected to you.

Yeah its just funny how much juicy osint we can get from LinkedIn and then its one of the main networks for the cyber security industry.

Haha yeah, so true. Just only share what's necessary and set your privacy settings correctly and you should be fine 👍

because most people aren’t that interesting in the eyes of an attacker really

Awsome 🙂

nah LinkedIn is amazing for launching social engineering attacks

Phishing campaigns + linkedin data is a gold mine

it's really overlooked by companies right now in my opinion, a lot of employee social engineering education is focused around not falling for phishing emails...they are overlooking the data shared by employees online

Yeah very true its still social media non the less

I mean just using theharvester with linkedin pulls up so much good info

I guess i was a bit sketch on LinkedIn but i guess if used wisely can help you land a job

If you already got the offer and signed it, ask for a 90 day plan or something like that. What they expect of you within the first months. You get the idea.

Honestly, don't sweat it. The point of an internship is that you don't know anything; use it to learn everything you can, both about what kind of organization you want to work for, and for what non-technical skills and contacts you can get out of it. Building your social network is the most important part of what you're going to do this summer.

That’s a good tip, I’ll keep that in mind for when I start

But I’ll be starting full time as a employee, not an intern. Sorry if I worded that horribly.

Your first year is just learning how to do your job well. Drink from the firehose, and don't be afraid to say 'i don't know'

ask for help when you need it

Ok I understand what you mean. Thank you for tip!

Gave +1 Rep to @flat sedge

Hey guys do you think a CCNA Cert would work good if I want to be a pentester? I practice pentesting in my free time and I am very passionate about it but I am also a student, almost finished college and they recommends us to apply for CCNA cert if we want to but that's not mandatory, so I have the option either get the cert or not, so what do you say? Is it nice to have it?

I personally think the CCNA helped build a better foundation and understanding of networking

I swear penetration jobs are just as rare as C++ jobs. There are 3 in my area of both type of jobs.
If I wanted to be a web developer eeeww, there are tonnes of jobs.

Is it though? I know my company has been looking at LinkedIn for the past few years as a threat but understands it’s usefulness. We have had social media training and guidance for many years

Another thing with Malware Analysis is that if you accidentally or otherwise release malware onto a network, you are legally culpable. Containment is something you don't cut corners on. Read Practical Malware Analysis, Malware Analyst's Cookbook and The Art of Memory Forensics.

Definitely worth pursuing the CCNA to learn networking basics. Even if you're not in networking it's still widely recognised as the best associate level cert in networking

Hello. This maybe a dumb question, but can i just binge watch MIT Open courses on yt and write it on my CV? Thanks

Nope

Thank you 🙏

Gave +1 Rep to @rugged delta

Thank you 🙏

Ok thanks

Gave +1 Rep to @rugged delta

Hey actually i am in commerce stream and i am really interested in ethical hacking and cyber security can anyone explain me the correct path to join it?

How's the situation on remote security internships? I'm seeing quite a lot of them on linkedin.

Better than the Network+? Most people I've seen that work in Network engineering have cisco certs instead of network+

Never mind, just saw the pinned messages

Definitely depends on the company, but my feeling is most companies don't have education specifically for it.

My last two jobs in accounting had extensive employee training on phishing, but nothing on social media best practices.

I would recommend that you continue playing on THM and pursue the parts of it that interest you. There are loads of good books, courses and websites on all aspects of the field that we can introduce you to as well

A lot of companies unfortunately only give a cursory glance at training their employees on security, perhaps an annual video and quiz. Most people think what computer people do is very strange... like none of my accountant friends have ever said they're excited to be going to Accounting Con... Why are we thrilled about things like that? Cos for many of us it's not just a job or a career, it's a major part of your identity...

We'll never manage to engage most people in their security responsibilities without a stick unfortunately... I always preffered explaing their responsibilities and the context of things.... Takes a little longer but nudeges them on board

I’m starting a systems engineer position soon, any ideas on how I can focus on security such as implementing RMF, NIST, etc.. to eventually move up to security engineer? Anything else I can focus in in a day to day basis ? Thanks!

For people in the military industry: The Ultimate LinkedIn Cheat Sheet
https://www.linkedin.com/pulse/ultimate-linkedin-cheat-sheet-michael-quinn

Hi guys, what is the best place to work in CyberSecurity ?

there is no one best place to work in cybersecurity

there isn't even a top 10...

oh.. ok ^^

there is no cybersec companies in my country.. so i guess that i have to go somewhere to find work in this field. there is no one country where its better to work in cybersec ?

or where its better to work only ^

no, not really, your country has no companies that need cyber security people?

99% of people who work in cybersecurity do not work for a cybersecurity company

:/

ok

basically, any company that has internet access, even if they just use AWS/Azure/other cloud, will need cybersecurity people... Now companies will outsource to other companies but then those other companies need cybersecurity people

ok so it will just be monitoring and maintenance of the InfoSec of the company ?

it depends on the company, I work for a non-cyber company, I help create secure infrastructure designs... basically tell them how to implement their infrastructure, but I don't implement anything myself

there are companies that will hire internal pentesters/red teamers, they'll hire people to do vulnerability assessments, they'll hire someone to implement security services for the company itself

and yeah companies will have their own monitoring capabilities, if they don't use an external company to do so

Ok I get it. Thanks

the is so many aspects in this work ^^

yes, so many job options these days

Does it absolutely terrify anyone what a Russian cyber response would look like against our Windows 2003 infra

Ooo Zojja do you have anything like a best practices infra list in terms of hardening Windows environments? I work with Infra myself

All our stuff is internal only, but influenced by nist 800-53 and Microsoft best practices

As someone in the sector - getting ready to throw my hat in the Cyber let me share what recruiters have told me: IF you view your job as Systems engineer then then you re in IT Support field. IF you use Active Directory and view your job and approach from an IAM (Identity and Security Management) position then you are in Information security as Identity Management is a part of Cyber security and build that way.

Hi

Knowing this you can position yourself for IAM roles: https://ca.indeed.com/Iam-Security-Analyst-jobs