#cyber-and-careers

You can search for internships on job sites like indeed, linkedin etc and on company websites

@rugged delta I tried but not much helpful

Hi guys. So im beginning to get my masters in cybersecurity. But my bachelors degree is totally unrelated. Meaning i dont know anything about cyber security. What is the likelihood i get a cyber job, after school?

it depends on your knowledge. You'll have the title, you'll just need to impress the right people.

Say less!

Certs are really you want to help break into cyber

Ahh are u saying. The masters wont do anything. If i dont have certs?

it is largely country dependent. Like I've heard people in Germany say masters are important. In the US, a masters in cyber is useless without experience. In most countries, certs will carry weight

What certs would you recommend?

what country are you in?

and what is your goal?

Im in the US. My goal is to switch career. Into cybersecurity

what do you want to do in cybersecurity?

Security+ is a good generic starter cert

Anything. I dont really know all the job positions for cyber

What interests you about cybersecurity?

So do do i go for security + even if i dont have the a+

If you don't have a domain interest, nothing we say is going to be useful.

and what in IT interests you? Do you have an interest in cloud? servers? networking? Do you want a more hands on position or more of using technical knowledge to provide security recommendations or interest in providing guidance on policy/compliance?

some positions in cyber are very hands on, others are less technical / no hands on

also, what drove you to get a masters in cyber?

Im interested in the all i guess. But dont know anything about it. Complete noob. i want a more hands on position.

so you have an A+, any other certs?

I like the aspect of defending something. From attacks.

Thats it

SOC analyst sounds like a good path

Security+ would be a good start, then you could potentially look at some of the Microsoft SOC focused certs or the Cisco ones

Alternative path would be sysadmin and defensive hardening as a 'fundamentals' type thing. Network admin would be similar

Oooo. ill look in to that

Ill also look in to that! Lol thanks

Gave +1 Rep to @flat sedge

Thanks to you too also

I havent started any classes yet. So i guess ill switch to getting certs instead! Thanks again😍

You might enjoy our learning paths: https://tryhackme.com/hacktivities

Anyone have experience with Linkedn? It's not loading up any jobs for me at all. I cleared cache and logged out

Should I drop great BE dev job for cyber sec or should I do both

Can anyone please give me some advice? I'm a complete newbie to CS. But I think I'm interested in cyber security....I'm currently living in Myanmar which is under military dictatorship ....What should I do right now? My family can only provide about 1000$ per month (I'm also worrying about that cuz theit job is unstable) and I can also do basic works..Should I attend a uni at other country?

and I'm just 18 right now

So, I'm not the best to give you this advice, I'm new as you, but there are a initial free course that could give you a clue about if cyber security is for you or not.

It you prepare you for the eJPT, that is a junior penetration tester test

https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student

There are the PNPT course, that prepares you to the PNPT test, if you are a studente, they give you a nice discount https://certifications.tcm-sec.com/pnpt/

I hope I helped 🙂

Thz bro

😁

Hi All
One quick question during ejpt certification examination, do we need to use our own Kali machine or elearing will provide their lab machine for exploitation or to give the test?
Currently, I don't have high spec pc, so I can run only one machine on it either Windows or Kali

Any one have good study material for Security + or Practice Test Im trying to transition in to Cyber Security I think I have a pretty good grasp of Penetration Testing, I was initally studing for CEH and planned to skip Security + but it seems if you dont have a degree the best option is to collect certifications ?

Can anyone provide me the ideas on How to track IP address behind VPN servers

1. Build a solution that can take an IP address as input and determine if it belongs to a “proxy” or VPN service provider. 2. If a “proxy” or VPN service provider has been used, details of the same should also be provided. 3. The solution should also be able to trace the actual or real IP address behind the “proxy” or VPN IP address. 4. Participants may consider a simple browsing scenario, with and without a “proxy” or VPN, for demonstrating their solution. Note: Use of external third-party services is not recommended."

3 - not possible unless you have access to the proxy or vpn logs, which 10/10 times is not the case.

The only other way is you have to have a tap off the backbone of the internet, and that's just not likely. Especially considering that they would have to cross your tap and you'd have to be able to process petabytes worth of data in seconds.

To see if host is VPN/proxy endpoint, you could compile a list though, right? E.g. All known (vendor) VPN endpoints. Pretty sure there are already lists of these floating around.

yep - just do a whois against the IP Address

if owner = "VPN" OR "proxy" provider
there you go

This looks like a school assignment?

is having a linked in account really helpful for the interviews ?

I'd say so.

The amount of recruiters etc I speak to on there is great.

For interviews? Probably not
For getting to the interview, maybe

thnx
i dont really like making social media accounts
the thing is np of getting into the interview
so it might be unnecessary

Can anyone please give me some advice? I'm a complete newbie to CS. But I think I'm interested in cyber security....I'm currently living in Myanmar which is under military dictatorship ....What should I do right now? My family can only provide about 1000$ per month (I'm also worrying about that cuz their job is unstable) and I can also do basic works..Should I attend a uni at other country?

Can anyone plz give me advice???

Yess😅

We don't do homework help here. You need to talk to your teacher

This not a homework . This is the project on which I'm working

Your first port of call needs to be your teacher

They've set you a practically impossible task. Explain why it's impossible.

Because we use VPN to hide our original IP ADDRESS

Don't explain it to me. Again, talk to your teacher.

I have already spoken. But he says think about it

That's unhelpful, go back to them. Have a proper conversation, show interest and knowledge.
We do not do homework help, this is your assignment.

@woeful ibex Please do not send unsolicited friend requests, it breaks rule 1 of the discord

Ok

so your teacher wants you to find some kind of exploit that works for each vpn/proxy service

great

Really struggling with Uni at the moment. Not the work, the work and assignments are easy. Just uni in general. Been really thinking about leaving or taking a year off. Not sure if it's worth the damage & struggle it's doing to me mentally at the moment. I don't think Uni is for me but I don't want it to negatively affect my future career in Cybersecurity.

I have a job lined up that i'll be starting soon. Working part time at a security company as a security consultant - which I was lucky as hell to get. However they hired me knowing that i was a uni student and I don't know if me leaving uni will make them reconsider my position at the company

Sometimes it's worth taking a break from things. Everyone has been through a stressful couple of years and sometimes we get bogged down. I would suggest speaking to a professional before you make a decision and finding out the deferral process for your college. It might be worth finishing the current year and then deferring while you look after your health and comfort levels.

It does sound like an interessting job role to be in and I'm sure your employer will be understanding if you defer for a year while getting up to speed on work duties. Uni itself will be quite valuable for your career prospects but really it is up to you to decide what you want to do. My advice would be to speak to someone for your health concerns and to speak to a career advisor about your future plans, academically and professionally.

Hey just wanted to say that I feel you man. I’m also in uni and some days are though af… it’s a grind. I found that it was important for me to 1. Find some friends to study with, it helped a lot with my motivation and made me enjoy studying more. And 2. Not put the grades and studies on a pedestal, meaning it’s ok if you are feeling down some days and not submit your best work or just plainly paraphrase other peoples work (not that I condone this). With that being said, if you have other things planned outside of your career (maybe travelling or hobbies) I would definitely consider taking a year off and chill it out. Ps: make sure with your job advisor/manager that it will be ok to leave school. For me, I got an internship for this summer and in the contract it states explicitly that I am expected to return back to school after the 4 months of work. Best of Luck 🤞!

Hey y'all, I recently got the Google IT Cert, and am in the process of getting the Sec+. I'll be starting my first helpdesk position in May, and want to transition quickly (within 6 months) into another role, that'll pay better.
I'll hopefully have Sec+ by the beginning of May, and also will be working on THM to continue learning and building my skills.
What's a good strategy to quickly move forward from help desk into a more security or security adjacent position (like networking)? Or is this not a feasible plan at all?

I sound like a broken record but security isn't an entry level occupation in relation to other computer disciplines. You need experience. In my opinion, you're going to do more harm than good leaving a job after 6 months.

6 months in you may even be onboarding still and not have any responsibility at the job yet

I know it isn't entry level, but I want to leverage my current skills and knowledge into something more than help desk, and that aligns more with Infosec

Well if you want to move into a security role, you should be pretty competent either as a programmer, systems engineer or network engineer in some sphere. 6 months as a support engineer will likely not be enough to move into a cybersecurity position. If you're planning on going into infosec, you should really focus on becoming good in some aspect of engineering first. I worked in a call centre for a long time and then as a network engineer for many years before I went into cybersec while upskilling and maintaining an interest

You should definitely maintain a support role for longer than 6 months while you upskill

That's why I was saying something like networking maybe a decent choice. Training's only 2 weeks for the position I'm looking at. I've got technical and software troubleshooting experience, plus management experience. I'm a fast learner and am super dedicated to learn and upskill, I just want a higher paying position since the helpdesk roles I've been offered are current downgrades in terms of pay

It sounds like you put yourself in a position then where you went too low.

If you have professional experience in those areas, higher level positions likely would have been available to you

Yeah any time you're changing into a new career track, you generally have to start at the bottom. You're going to be taking a pay cut going into a role in a new field until you've demonsrated your value and acquired thethe skills you need to move up the ladder

Depending on your past experience, you might be more knowledgeable than an absolute beginner but you should then have a list of the skills you've already acquired that might be useful

Yea, I'm going to work on rewriting my resume for sure. What are some positions I can look at besides help desk?

Are you not committed to the help desk role? As in you haven't sent back an acceptance of an offer?

Well since I don't know your full history, I would suggest you look for positions you believe you have the skills for and can actually perform in.

I have a few days to sign the offer, so I'd love to weigh my options before deciding. If I can get a higher paying position, I'll definitely want to go that route

thanks for the feedback, I appreciate it

Gave +1 Rep to @rugged delta

I do think a support role is worthwhile when starting out. Most roles in IT would require you to be able to demonstrate some skills in the area you are going into

Alright, I was going to advise not going back on that acceptance if you did. The IT/InfoSec/CyberSec community is fairly small and word travels

Yeah, a lot of people start with Helpdesk and IT

I was considering building a homelab and using that as a way to better demonstrate my knowledge and skills and putting that on my resume to see if that can push into a higher role

Homelabs are good

Talked about mine for 45 minutes in a one hour interview

I already have tons of customer service experience, some management experience, and like 7 years of payroll experience, and think if I work a bit harder on my resume to articulate my skills a bit better, I think I can land something higher than entry level help desk.

@tropic crane You shouldn't be moving out of a role until you've been in it at least a year - 2 years is preferable to show that you learned that job and can do it. The first year is just learning how to do the job right, the second year is spent streamlining and optimizing your own process to align to your managers' and coworkers.

Leaving any IT job within the first year, especially something basic like help desk, raises red flags unless you have internal promotions on the resume that show you transitioned and didn't jump ship

I've seen tons of advice on reddit and other servers saying to always be on the lookout for better opportunities, and not to stay in any one place too long

The issue is 6 months is too short

2 years isn't long in the grand scheme of things

Certainly look for better opportunities, but you won't get those opportunities if your job history looks like you're just jumping ship for better opportunities

I'm almost at two years at my current and first job

It's honestly went pretty quickly

That is true. But there is a sweet spot of staying in the right spot for the right length of time.
Leaving too late means candidate may not be up to date on current best practices, and has been working with legacy stuff that needs to die off.
Leaving too early means the candidate has not done any of the difficult work with that role, as the first year in any IT job is just learning the job and the environment.

this is all good to know. If I end up going with that entry level position, I'll just work on doing a good job and learning as much as I can and try to push for an internal raise if anything

You should spend as much of your time learning the role as you can and planning for what might be down the line, such as pursuing certifications, reading books, doing training. Build a habit of spending at least some of your free time every day on learning new things

People usually move every 1-2 years for pay increases, if you're getting the pay increases that you should be then there's not so much point

It's also OK to be paid with a title instead of money, so long as you have an end-game to leverage that title into a new role or position change down the line

I'm currently putting 2-3 hours everyday into learning more, and I've been doing so for about 6 weeks. I know IT and InfoSec are careers that require continuous learning and I'm super into that. I love learning and I'm a very fast learner so I'm all about it

It's one of the things that I took when I moved from infosec to consulting - i left infosec as a principle engineer, and ended up a consultant. The value I brought wasn't in specific product knowledge, but it helping the client have a POC that was as close to a compliant environment as possible. Including application of STIGs, benchmarks and other secure configs (where applicable)

@crimson cedar That's not at all related to cybersecurity careers

I’m a career changer with a bootcamp certificate. Working on my resume and looking for jobs.. I’m already overwhelmed and clueless. All entry level opportunities out there, including internship, demand a college degree in IT like an automatic filter. People say I have to network. Then what is the next step after making connections on LinkedIn? How can I get my foot in the door as a cybersecurity intern without an IT degree? (except for IT helpdesk jobs)

join a local meetup or user group. vmware, linux are both pretty common for professionals and hobbyists to network

Make a Homelab too. Further self learning and gives you something to talk about

You may also have to start in helpdesk. Experience can help you with degree requirements and generally everyone has to start at the bottom

Everything I know about job hunting I owe to Jason Blanchard - job listing are wishlists, not hard-stop requirements (most of the time) but follow along with this video and you are bound to find some success
https://www.youtube.com/watch?v=Air1c697tjw

I had the most success with looking at companies that are hiring, reaching out to recruiter/talent acquisition/manager directly on Linkedin, briefly introducing myself and asking if they have time to talk about job opportunities

half the time they have me go through and submit my resume thru their normal process, other times they would ask for my resume right then and ship it off to someone directly who would typically respond very quickly that way

did your bootcamp offer any career services? I would apply, apply, apply even if they say they require a degree... Do you have some type of portfolio? Also IT helpdesk is a great way to get a start in IT, SOC analyst as well

They offer resume review and resources to look into. I learned about this discord channel through them

What's the best site to look at pentesting jobs, remote, within the European Union?

Indeed won't let me filter by continent

only by country or remote

also whats the deal with UK jobs? I see a lot of juicy job postings from UK companies, and I'd be willing to relocate to the UK no issues, but i'm not sure on the legal side since brexit how it works

I'm Czech, just for reference

I think you’ll have to get a working visa for those, coming from an EU country. But I guess the employer might sponsor those. Software jobs should easily meet the salary requirements.

yea

ok ty

Pentest wise, CHECK is a common requirement so you need to be able to hold SC Security Clearance - typically 5 years of residence in the UK is required

thats a rip then

thanks for saving me time

it’s not to say that you can’t get a job without being sc or check certified, just that you won’t be able to certain work

if you get interviews for a place they’ll usually ask “do you have/are you eligible for clearance”

Not sure if this is quite the right chat for this, but could someone give me some advice on studying for the Network+ certification? I have been studying for it for far too long (before there was a 008 version so I am working on the 007 one) and I really want to get it before the 007 exam is discontinued in June of this year. On my practice tests I keep hitting around 70% and struggle to get higher unless I am taking the exact same exam again (in which case of course I am memorizing the questions more than the actual material). When I look at my weaknesses it doesn't appear that I am horrible in any one section I just overall don't have enough understanding and memorizing of the topics. What should I do in order to get to the point where I can take the exam within the next 2 months?

The company I work for (Deloitte UK) is hiring in Cyber Security, if anyone wants me to help them get a role then DM me and we can look at ur CV together and go from there

has anyone worked at Optiv? I have an interview for a security consultant role and looking to get a better idea about culture

That would be a good question to ask at the interview. Being prepared with questions can make a mediocre interview a good one

your DMs ain't open

You should probably verify and offer people who contact you a LinkedIn profile or similar so they can check you out before they send their PII your way

If you're posting job roles, please talk to @undone shore as they can verify and then give you a recruiter role if applicable

Companies like it because check work can be lucrative

70% can be decent depending on if your practice exams are harder than the true exam. If you're struggling to progress, try an extra resource or two that's different from what you've been using. Sometimes a different perspective from another author/presenter can help you grab bits of info you hadn't caught previously. Form a study group so you can talk about some concepts. Talking it out often helps.
Good luck!

Thanks for the advice, I dont really know if my practice tests are harder than the real thing or not. I am using Jason Dion's Network+ practice on Udemy, not sure if you are familiar with them or not, but most people seem to say a 85% or better on these and then you should be good to go.

Gave +1 Rep to @paper grove

Even if any one section wasn't super low, it can still be beneficial to re-study the lower parts. I took practice tests for security+ that were organized by the different sections. I'd look at the average for each sub section and then re study the lower 3 sections

I am new to cyber security field, I have done eJPT and CEH. I am looking for a mentor or some friends with the mutual interest. I can even pay something if you teach me cyber security. Please dm me if anyone interested.

Can anyone tell me what language to learn first, where to begin how much hours required on daily basis to learn cyber security, i wanna be a pen tester and a bug bounty hunter btw

python and bash are good places to start.
If you don't have a purpose for learning the language, don't.
It's going to make it that much more difficult.
Lots of time and effort is required. It varies from person to person

there's no "on average" answer

it depends on the route you take, how long it takes you to learn certain concepts, etc.

learn programming, learn networking, learn cloud, learn databases, do ctfs. There's a bunch of things you can start with. Or maybe just do some of the paths on tryhackme. I would recommend minimum of 5 min of learning everyday. 😉

My practice tests do sort out the results based on the sections so that would likely be a wise thing for me to do. Thanks for all of the advice

Gave +1 Rep to @paper grove

Hi there, is there anyone from singapore here

Probably start out with bash,python (just enough to understand how the code works), powershell and networking. Then do alot of THM rooms,at least one per day. Be patient,you’ll get there

I really enjoy learning about cyber security. I have an Information Systems degree and I code / do this in my free time. The job I got out of University was not one I wanted, and is not even in the tech field at all. TryHackMe has been an awesome resource for me.

How difficult is it to get into the cyber security field without professional experience?

Since certifications expire, and I have a few years left on my contract before I can go job hunting, is it worth picking certs up now?

Hello guys. I would like your opinion about my plan because i never worked on IT and don’t know the field as much as some of you. I would like to make a career in cybersec, but currently im a sales person. I dont like sales so i want to change. My plan is to get a ccna cert and find a technician job, parallel i would study cybersec at tryhackme, hackthebox etc. I would stay in the network path for a few years to get competent, 2-3 years at least. Meanwhile i would like to get my oscp done and a few other cert which interest me. After that i would apply for security jobs, junior mainly of course. Is it a viable plan or is there anything which i should change for better results?

Participating on ctfs while studying and doing some bug bounties too

I would recommend some of this if you have never been in IT before https://www.professormesser.com/. A+, Network+ and Security+ courses are worth to see. And the material is free. In my experience, people do not ask you any certificates. For me getting A+ was a good choice, but, mostly people will look at how much fire you have in your eyes and if you are not one of those "sit my ass off at the office" people.

+1 for Professor Messer material. I used his stuff for studying for all 3 certifications. His cheat sheets and flash cards are worth paying for as well.

Sounds good. Thanks for the suggestion!

Gave +1 Rep to @pseudo comet

I would start with making sure your foundational knowledge of networking is solid. The Comptia Network + is a great place to start. I got my CCNA but to be honest if you are super focused on doing Cyber security I would skip it as it is mainly for learning how to configure network equipment. You do learn a lot of foundational networking stuff but if it were me and I wasn’t going to be configuring switches and routers as part of my job I would just go from Net+ right into studying security+ . Then go for your OSCP.

hi guys! i need a feedback are the It security auditor and It auditor or security auditor (all those are the same roles?)

probably, just know roles and responsibilities vary from company to company

I swear its like every listing on indeed is fake now...

How so?

Because they tell me to contact them via e-mail or skype or it's always something shady most of the time.

It's just red flags

Are you talking about the direct message feature?

I'm in a very similar situation. I work in a sales position for a bank and sales is really starting to burn me out, been doing it most of my life, really. Tired of putting all of my time into trying to source customers and sell versus an actual job that I can actually dedicate time to and allow it to help continue my learning. I starting my "IT journey" roughly 6 months ago, from scratch. It's a roller coaster for sure, and sometimes it feels like nothing is sticking because I'm not applying it to the real world and actually getting my hands dirty with it. Unfortunately, with a kid on the way, it's not like I'm really in a position to take a lower paying job either to gain experience, which was my original plan short term. Currently thinking about getting a part time help desk gig at night to try and gain some basic experience that will allow me to land a job a little easier. One day at a time I guess.

Hello everyone, I'm a french student in computer science and as part of my studies, I have to give a short interview. Is there anyone here who currently works as a pentester and would be okay to answer my few questions ? Don't hesitate to DM me if you do !

what are jobs that require to be specialised in one OS ? like if I want to be specialised in Linux what can I do in the cyber field

Hello Everyone I am an Undergraduate Engineering student in my penultimate year, I have been looking for internships for the past few months and couldnt find any Infosec internships in my country,I tried applying for remote ones too, but i never got one, does anyone know where I can apply for internships or mentorships? that would be great help thnx!
also I am a CEH

Oh you poor soul 😢

Welcome, and good luck with the internship hunt! 😄

😔 gotta grind my man

As to my understanding, international students have a lot more of a difficult time finding internships, especially remote ones catered to students in the US. If I were you, I'd look for a program in college that you have to complete to get a guaranteed internship.

I'm a first-year and have participated in multiple programs that offer me internships after completion, and then on. Connections are great, you just have to know where to look specifically.

I will say though, cybersecurity internships are really sought after. Not many companies will offer interns a "cybersecurity" specific role. From what I know, government internships/programs are an amazing opportunity.

Thanks for the info !

Gave +1 Rep to @frosty basin

I think CEH would be enough for an intern

Depends where you're wanting to get an internship. India is about the only place where CEH is remotely respected. Everywhere else (with the exception of some backward parts of the US), it is quite literally a meme.

And regardless of how out of touch the recruiters are, it's still very outdated and apparently frequently outright incorrect, so general advice is get the cert if you absolutely must, then forget everything it taught you 🤷‍♂️

https://youtu.be/TM-GY01dWpo

Thank you, I can already use Nmap ♥️
Something something https://tryhackme.com/room/furthernmap

Gave +1 Rep to @regal mural

Muir's pretty good with that tool, actually.

I've heard him talk about using it once.

Nah I don't think so

Can anyone suggest me what project can I do in Cyber Sec as my major?I have searched online but only found keyloggers, port scanners etc,anything better thatn this hit me up

Is there roblox explorit?

??????????

??????????

is there?

@sharp citrus i am new is there roblox explorit?

@tacit bobcat might want to check this?

huh?

i dont understand

i want explorit in all games roblox

yeah please don't ask that here. This is illegal and unethical

Yup

NICE

There's a hell of a lot of academia out there on it, I recommend starting looking

🗿

Would you guys consider a junior soc a high stress job compared to a junior pentest job? And how do they compared to other high stress jobs like a surgeon? Let's say surgeon is 10/10 in stress. And let's say a 0/10 stress job is a highschool gym coach. How would you rank a junior soc and a junior pentester?

A junior SOC position is probably one of the best starts for a cybersecurity career, as they generally have a decent onboarding process and encourage you to learn and certify quite a lot. while they expect you to be familiar with getting around and working on modern systems, they generally do ensure your learning path is clearly outlined.

A junior pentester role is one that still requires you to be a significantly advanced penetration tester/hacker. Minimal you'd need to have pretty good sysadmin/networks/programming knowledge, a passion for problem solving and learning and a good deal of work experience; be able to demonstrate your skills at least by having something like the OSCP or eCPPT or PNPT, depending on the organisation, and possibly higher. Also you would probably benefit from being well experienced in the higher level challenges of THM/HTB or other recognised cybersec training platforms/communities and they would possibly issue you similar challenges . A pentester job is not an entry-level cybersec job by any means and no cybersec job is entry level.

A lot of cybersecurity jobs tend to give you a lot of responsibility once you've been properly on-boarded, and they can be quite demanding. Being able to demonstrate how you balance stress, work commitments, study and life in general can go a long way to showing you're worth keeping around. Companies are investing a lot in you to bring you on board and they expect a lot from you. The cybersecurity field can be stressful and if you can't manage your responsibilities, it can lead to burnout, which is a something a lot of companies now recognise as needing more support for cybersec workers.

hard to say, "high-stress" can be relative to each person - what matter more is your disposition to the actual work and your environment

Cybersecurity roles are also usually very interesting and encourage your curiosity and willingness to learn and improve

Wow thank you for the detailed write up. The last paragraph kinda helps me understand the situation a bit more. I'm interested in a junior soc right now. I'm not really interested in taking on more responsibilities than a junior position. Though that's not to say I won't keep on learning new stuff. I was just curious about the responsibility aspect because I'm wanting a stable 9-5 kind of a job. I'm not so interested in career ladder climbing. I was doing a PhD in a totally different field and I experienced that "burn-out" working 12 hours a day and I'm so over it and I'm fine with an entry level salary. Just worried this mentality will be tolerable by infosec corporate environments? @rugged delta
@ancient prairie

Gave +1 Rep to @rugged delta

you don't wanna stay in a soc for a stable 9-5 lol

Why? Because of constant shift changes?

well if you do shift work it won't be 9-5 anyway. but even if are doing 9-5 in IR for example, you'll be getting called out loads - idk what the norm is but when i was in the soc we had a call out every night i was doing night shifts

With all these call ins, how many hours on average did you work per week if you don't mind me asking?

i was junior analyst, so i was the one calling the seniors in during the night; but i was working 48 hour weeks (4 x 12 hour shifts)

I think if you're going into a cybersec job you will generally find yourself acquiring more skills and responsibilities and be encouraged to move up the ladder, just because of what you know. The more you know about an organisation, the more they want you to be involved in the team and the more things you'll be able to manage, just from having training in a particular set of tools, reporting etc...

I would say that a SOC position isn't entry level the way a tech support position is. They'll expect you to become proficient with a set of advanced tools for monitoring and reporting and be able to explain the things you're reporting on, such as why a particular pattern of activity in a production environment that appears out of the norm isn't a threat, because a new tool is being tested or a new networking system was malfunctioning, or why it appears it was suspicious activity and required intervention

Yeah I worked in a NOC for several years and had reporting/escalation duties for things and with experience I was given training/authorisation to act immediately to resolve certain things

Thanks for the insight.
The description you laid out sounds interesting to me. I think soc will be a worthwhile pursuit.

Gave +1 Rep to @rugged delta

I've heard some great things about letsdefend.io

Haven't had a chance to look at it yet though

As the resident SOC, what sort of questions would you expect at an interview? A general overview would be really helpful to tailor some of my studies I think.

Well I haven't worked a SOC position, mine was Network Operations. I was a Sr Cybersec Engineer in a different role. I would suggest you read Tribe of Hackers Blue Team by Marcus Carey. It'll give you good insights on the way a blue team operates and what the role is like...
https://www.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414/ref=sr_1_1

Awesome, I will read it ASAP

What are some good certs for someone who wants to pursue is cybersecurity/programming

Do you have any kind of IT background or work experience?

Yeah

Anybody from India who can clue in on the cybersecurity career experience ? I like cybersec very much due to my love of linux , I have worked in a good amount machines on tryhackme and a few on htb (only starting point). But I want to know if I should focus on an MTech in Information security for a job or work on getting a degree (although very expensive) or is my btech with honours in cybersecurity + CTFs good enough for a job. Just generally need someone who can clue me in about the path to work forward on

Depends, what do you want to do in cyber security?

I managed to find this link, hope it helps...

https://github.com/practical-tutorials/project-based-learning

Thanks A lot man It really helps!!

Gave +1 Rep to @civic stirrup

EthicalHacking/programming

Those are areas, not really jobs. Do you have a particular job role you’re interested in?

Yeah software engineer and like a pentester

thanks you my firned , my channel is new, but i try upload content every week

Gave +1 Rep to @undone shore

Uhhhhhhh

Hey guys am new here

Hi new here, I'm Scrubz.

If you're looking for a 9-5 cybersecurity role, look into consulting or auditing. I currently have 6 months work experience total in cybersecurity as a digital forensics consultant and i work 9-5. My brother's fiance works in security auditing and also works 9-5. Some extra hours come in or travel is required, but not as much as the typical SOC analyst.

Security auditing can go from 9-5 to 'hours worked: yes', if it's for an external accreditation for a framework. Evidence gathering and presentation can require out-of-normal-hours to coordinate evidences for an international organization

This

From what I've seen, the only way you're getting "9-5" is if you have enough seniority or if you're in government

Obviously, there are always exceptions to the rule

Has anyone here been in the army for cyber sec?

I am not personally but I know a decent amount. @warm hinge are you a 17?

Yea 17C is the one that interested me the most , what have you heard about it?

Everyone I know that is a 17 are officers

They don't do as much of the hands on

One of them though is moving into kind of a hybrid software dev role down at Fort Gordon

They chose to be officers?

Yes, you have to have a degree for officership though

Ah okay

ROTC is a common pathway

If you have industry experience, direct commissions are also available

I’m currently a freshman college, since I basically gotta do 4years+ in school and need experience to get a job in the industry, I was thinking the army would do all that faster and provide me with training /benefits alongside everything

You need to want to join the military. Joining for benefits will lead to misery

I graduated in 2020 and was able to get a cybersecurity position out of college

Lol I’m not joining for the benefits but I find interest in cybersec and the time I can save is appealing

Oh you finished college then went there?

I also have a clearance though which helped

Yes, I was hired 3 months after graduation for a Cyber Security Engineer position with a government contractor

Oh okay, so you didn’t get the paid training from them?

Who? The army?

I was never in

Oh my bad I misunderstood

Not a problem

So you were in school for like 4 years right?

I know a bit more about the military than your typical person because of where I went to college

Yes, I got my undergrad

Ah good, this individual is considering it

Nice thank you, which MOS were you exactly ?

Oh great , are you still active or can you not answer that

Oh okay lol

How to join: go to a recruiter and navigate the recruitment minefield

Great, I’d prefer that over someone that sounds like they’re a salesperson lol

Sounds good haha

What prior experience or knowledge did you come in with?

Also I thought it was part of their policy to not discuss their activity, guess I read it wrong

Yeah, definitely an undermanned mos

But it always will be

Ima bet manning is cui

It is a stupid classification

Thats interesting, reason im going with 17C is because I found it to be most closely linked with what my interest lies in (pentesting , forensics, etc)

CUI is literally just the gov skirting the "don't over classify things" law

I would also expect a decent amount of the "fun" jobs being manned by contractors

Depends on other circumstances too though

Makes sense

Private industry is probably similar

ah. So it's not as hands on as it would be in say the civilian sector?

Jfc I think i know one of those guys

Lol

No in the picture

Lol

at what age did you enlist?

and did you initially shoot for that MOS ?

We're you an 11?

Lol

One guy I know was 03xx in the Marines and then went Cyber

Too smart for his own good

oh shoot you already had those certs?

i heard you kind of get them in the paid training they provide you

Really? thought you had to get a certain score on ST and GT

Those tests are just making sure you have a brain

Nothing more really

lol. I saw some ASVAB questions and they seemed fairly simple. Are the ST and GTs similar to taht
?

okay good

i mean

im not a nutjob or anything per say

but just wondering if thats somethign to prepare for

Yeah, they were pretty common sense questions

I saw some mechanical questions too

Yeah lol

I saw questions about transmissions on vehicles and shit

okay so im bascically good with no prior knowledge in the field then.

If you want a test that's a real pain in the ass, take the AFOQT

Shark attacks are gone

Lololol

But sarn't

Yeah, when I played pretend through college getting up at 5am to a howitzer was fucking rough

Oh, it was the wake-up cannon

They dragged that shit up to the middle of the dorms

So no previous stuff required but it definitely helps?

okay makes sense

Be physically prepared too

Nothing worse then trying to learn while also being behind physically

i played varsity football for 4 years and im semi active now. Not saying its gonna be cake walk at all but i think im a bit more physically durable than the average people that go there

Take an ACFT, not the new one. Just your basic run, pushup, and situps

oh i got most of that

sweet

okay noted. So whats the timeline like? Is it like 10 week Baasic training and then 20 week AIT or something?

Is basic 10 weeks now?

Or has it always been 10

Ah makes sense

And youre compensated for the entirety youre there right?

do you get to live in barracks the entire time?

You get paid, yes. Last I heard, it was $6k total when you get through basic and 11b AIT

But you're a different AIT so the numbers will change

Based on length of stay not the ait itself

Yeah

My phone be lagging

so whats after basic training and ait?

You also have enlistment bonuses

Critical MOS, quick ship, etc

Spread out over the duration of your entire enlistment though right?

Friends bonus was split into thirds? I think

what is this for?

Test your physical fitness

just for me? or they need it

Ah they carried over the name to the new one

Also, learn how to ruck

Shuffle it out, run the downhills, and walk the uphill

Wtf discord

Right but how miserable were you on that first ruck

you said the job role is not my choice right?

Lol

Yeah, we had ALICE

Because hand me downs

You don't really get to choose ever. It's all a request

what kind of roles are they?

sure

This isn't CUI?

Ah ok

I will say DOD Civilian is another option if you don't want to commit to the military

After youre done with basic and AIT training, should you be able to get a few certs ?

I have sec+

IATII

So 14 months in I can basically get an equivalent cybersec job in the civilian sector?

they dont take the army as "experience"?

i was thinking they treat it like a degree or certification of some sort

And the military can speed the clearance process immensely. Getting a civilian cleared is really, really expensive. Hiring a recent servriceperson with a clearance is immensely cheaper, and provides immediate value to fill contract positions

If you want to be a DoD contractor, find a way to get that clearance before you want to get that kind of role.

ah you mean the army counts as a few entry level jobs?

Yes

DOD Civilian has college hiring pathways

GDIT has clearance pipeline for recent graduates too

Yeah, but you have to know where those tracks are; if you miss one, it's very difficult to backtrack to check those boxes

I skipped over SOC work as well, but that's because of my educational background

I skipped SOC too

https://tenor.com/view/jumping-happy-highfive-celebrate-gif-5890196

SOC would bore me to death. I would have spent all my time automating just to stay sane

wow thats nice. would they prefer someone that went to the army without a degree over someone who just graduated?

That's also true - a lot of people find comfort and satisfaction in SOC work

Sometimes military experience isn't treated like experience either

Which is asinine

Depends on the organization, their contract positions that they need warm bodies for, and how quickly they expect someone to advance out of those roles.

It's really not, Moose. Military experience is hugely varied. I had a SOC analyst that supposedly had 3 years of whatever cybersec in the army does, had no clue about anything. Another SOC analyst only had 18 months in the same type military experience was amazingly competent.

Hm this is putting me in a tough spot. Debating whether it's worth it to drop out now and go to the military.

yea im in CC

for two years

This is just my opinion, and I'm not slamming military experience. Just saying that the quality is a lot more inconsistent than what I would consider similar time spent in industry or college

no its a program for cali students

I should have worded it better juun

No, get the AAS or AS. That has more value long term for you than going in right now

Yeah

Yes, first two years are free. @warm hinge After that , I would need to transfer to a 4 year (to attend for two years) where I dont know how much i iwll be paying yet

Are they Montgomery or Post 9/11 GI? Lol

Dammit I didn't reply

But the biggest value skills you learn in CC are writing for your classes. Easily the most underestimated softskill you will learn in your life, and from what I can see, military writing doesn't really help write reports in the civilian world

well after im done with two years, its an assocaite, then when i transfer i can complete bachelor

so i can be a full time student?

while active?

16 semester hours per year = half-time student at best, usually you need 12 semester hours to qualify as full time

oh i thought it said 16 units that my bad lol

i was thinking it would be much more time consuming to enlist now as i wouldnt wait 4 years to get industry level certs and such. Getting more out of the two years in the army than i would here, plus im getting paid and benefits

ah. feel really discouraged to just becuase past experiences with them have been , rather discouraging

and i know they dont know much about that specific MOS

lol

see , probably wasted you a good bit of time

you were deployed overseas for a computerS MOS

?

well you said it was something with radios right

ah haha

Huh?

Was that ping actually for me lol

Ah

Oh lol

Super Motor pool maintainer

Haha motorpool Monday

Are you only saying this because of the higher pay? I was thinking if i enlist now i would save a ton of time and get more out of the time im in the army than 4 years of school

Yep

It's also a requirement in some cases in the Army

Yep

whats green to gold lol

I'm guessing you got to live in the communications bradley and play with SIGINT all day every day. Maybe set some things on fire (like wire insulation) when someone else messed up

Green to gold, high level warrant, senior enlisted, etc

Not all require degrees but it certainly helps

Gave +1 Rep to @flat sedge

what about being a reserve while being a full time student? i heard theyre usually worse off

kek

I mean 50% of my school was reserve

from what i know, reserves can be activated at any time for any reason

or is that just national guard

Wait fuck they were natty guard

Too many brain injuries

But yeah, it was great for all of them until 10th Mountain went on rotation

I think so

Reserve/guard

They are pretty local to me, I see them doing weekend warrior shit on a pretty regular basis

im confused, national guard and army both have 17C?

They're local to my university as well

do other branches have them to?

whats the difference between the army 17C and that of the national guard?

Yes, MOS ##letter is specific to army though

Marines use #### MOS, Navy uses Rates, and AF does AF things

Slower promotions, don't get to do "cool guy" shit often , etc

national guard doesnt get to do cool guy shit right?

Occasionally, not often

do all military branches have Cyber groups though?

Active gets priority on billets to schools too

Yes they do

but the army's is the most legit one? that does actual "hacking" missions and such

They all do it

Some recruiter will probably try to tell you only army does it but they all do it

Personally, if I were to enlist tomorrow for cyber, I'd probably go Marine Corps

why that one over all the other ones?

from what I have heard, AF is the most current on state-of-the-art for cyber

I've seen a lot more published work from AFA than, say, west point or annapolis

Personal preference. I also personally know guys in cyber with the Marines and I think its a better fit if I were to enlist for cyber

For how small Marine Corps cyber is they put in the work

Also, certs on certs on certs with them

Boo navy boo

The Chiefs eat it to stay young

How do government entities decide which branch does a certain mission or who to give it to?

Military isn't controlled by "government" so to say

Yeah

I'm trying to think about how to quickly get the point across but I can't

Yea i dont know much about the military altogether

I just dont understand why each branch has their cyber group if they all do the same thing

I don't think so

This is like Warfare domain level stuff

Navy

Tldr: each branch has different domain objectives and use cyber in unique ways to meet the mission

Right, but that would be a massive reorg

So which branch as of now is most closely associated with actual foreign/domestic threats and attacks?

Yeah, it really is it's own domain

But if you make it its own branch you could possibly cripple the current branches

Unless cyber is just a bunch of liaisons

I mean we haven't needed it yet

We haven't fought a "peer" fighting force since Saddam

Lol

They tend to be stationed in rolly chairs

Which branch as of now is most closely associated with conducting operations/defending against foreign/domestic threats and attacks?

Yeah, also kind of an odd question

do the cyber guys in each branch undergo the same training though?

No

Different branches have different methodologies and their schools reflect that. Content may be similar but application won't be

So they undergo similar training but actual missions and roles differ?

Legacy stuff will turn up in the craziest places you don't expect, too.

As far as teaching methodology? I think it's a fair cop

nuke systems are probably not that modern

i would be very very surprised if the control systems there were designed any later than the 70s

okay , thank you all so much for the info. i'll wait until I finish CC then and see if I can find a fit somewhere after that

you mentioned the process being extensive righT? so its probably a good idea to get started on that stuff ahead of time>

now or later?

which branch recruiter should i talk to?

okay and why are you saying air force is nice?

whats wrong with the army?

A lot of sterotypes about marines are true - if you decide that route, get ready for the crazy

of all my friends who have served, the marines have the best 'slice of life' stories about their daily.... bored marines lead to lots of stuff getting broken, sometimes themselves, but always your brain

also true

even the marines i know who aren't particularly hoorah still consider themselves marines first

so AF is the way to go for cyber?

oh damn

yea its a good thing isnt it lol

AF will probably be most up to date, technology wise. In terms of learning? Probably similar value from any branch

Nice, and then each branch gets the same types of missions and jobs?

I believe Hymnosi already answered that.

Like an hour ago.

makes sense

no worries, thanks so much for the info man

and thank you for your service

I'm Army Guard and can say I wish I would have gone AF Guard instead. They were on top of Cyber first. I might go Space Force if they open up a reserve component. AF treats their own better. Happiness is largely dependent upon the unit, though, so it's not completely fair to generalize.

Hi Scrubz, how are you today

For those who have passed the CISSP exam, which study materials did you use? I'm looking at buying a study guide book some time in the new future. Was looking at either the official one by Mike Chapple or the one by Eric Conrad

it was a long time ago but the CISSP All In One still seems to be heavily regarded

hi all, I'm currently an undergrad undertaking a comp sci, cybersecurity degree, and I'm looking to get some entry level penetration testing certifications and just cant help but wonder, for those who cleared the eJPT certification, does it help you in getting junior penetration testing jobs easier? and if not, what other certifications would you reccomend?

I've did some research on my own, such as comparing CEH, eJPT, Pentest+. But kinda stuck between the cost fee as well as the difficulty level.
what would be your best advice? Thank you in advance! 🥲

Do you know any articles about assessing a future security department when consider a job? Specifically related to the company. I am hoping to weed out potential red flags.

Sweet tyvm!

https://twitter.com/langnergroup/status/1512312558023323653 😬

The comments section there is interesting

I did notice that ppl are kinda shocked, angry about how truck driver earns

I’m curious why. I mean in my country truck driver is well paid job and still there are not enough of drivers and looking for them

And I wouldn't say those figures are at all common among truck drivers.

That’s right

I’m clearly in the wrong profession then lol

Good for them. Getting a CDL is expensive. And if they own or lease their own truck, that money doesn't go nearly as far as you'd expect

Anyone here know how lenient CISSP domains quals are? I'm active duty military and am curious if I can contest the two domains through my current job in the mil

Union dues too

]

do any one have cyber security engineering job experience ? i need some insights ..

Ask your questions. Plenty of experience in here

i have an interview

actually my first one

I want to discuss the role

Ask the questions you want the answers to in this channel and people will answer

@fresh path rule 1

is there any voice channel

You need to verify

!docs verify

can you join afk

Ask your questions in here

I would not like to be a truck driver
https://youtu.be/phieTCxQRLA

hey, I'd like to take a certification currently. and same as you, im stuck which one that i want to take as beginner. did you just find an answer?

Is there any alternative of oscp which is less expensive and recognised my industry

If you don't have much experience with cybersecurity, a good first-step certificate is the CompTIA Security+. Alternatively the ISC2 SSCP is a good foundational cybersec cert. If you're not too familiar with security, you should probably familiarise yourself with Linux, Windows and Networking at least to a certain extent.

Security certs can be expensive to acquire, as they are usually provided by an educational organisation. The cert is just the thing you get to show that you understand what they teach you. The purpose of the OSCP is to show that you understand the training from the PWK course, which you have to purchase as part of the path to OSCP. OSCP is a widely recognised pentesting cert, and while it is expensive, the journey is worth the price of admission.

The SANS GIAC GPEN is an equivalent certification but it is far more expensive to undertake and also has training requirements in line with the course to prepare you for certification. It is widely recognised in the industry as being a top tier certification provider.

The eLearn Security eCPPT is about the same level as these certs, and while not as widely recognised, is gaining traction as it provides excellent training. The course is a little cheaper but it's recommended you do the precursor cert, the eJPT. The courses for these certifications are provided by INE, the owner of eLearnSecurity. The eJPT training is free but the eCPPT training is part of a training platform that costs approx $700 a year and the exam attempts cost another $200 each.

The other alternative is the PNPT from TCM Security. TCM/The Cyber Mentor, begun this cert in order to make penetration testing certification a little more affordable. You can do this exam for $299 or with training for $399. You can acquire the skills through other means yourself, of course and THM, the community and the other resources people here regularly point to can help but his training is pretty good. While the certification is not as widely recognised as yet, the traininer is widely recognised as a leader in the community.

You can also try Pentest+ from CompTIA. It might be a little cheaper but it does have a lot of relevant content. You'd probably still be encouraged to follow it up with one of the above.

thanks a lot mate, I'll check that out

Gave +1 Rep to @rugged delta

Continue learning and worry about a certification later until you have the budget for it. 🙂

Thank you so much bro
I have few doubts
Can I dm you😅

Gave +1 Rep to @rugged delta

Yeah true
But still

If you plan on being a penetration tester, depending on your experience, these are the best options. There are a lot of books, courses, websites, videos, etc. to learn techniques in ethical hacking. The first thing you should do is to verify your THM profile on Discord.

!docs verify

Thankx i did

Hi folks, I need some career advice.

I guess i should just ask my question? I'm looking for an entry level job where i can possibly move up in a company or something. How do i fund my way to a cert, I'm kind of disabled and i can't do much pysical labor it's why i like this stuff.

Help desk is a very viable way in - you may also qualify for career training programs at a junior college or university. Many jr colleges partner with industry companies to get students certified as part of their normal classload they are required to take for the degree or professional certificates.
As far as funding for a particular cert.... That's going to be up to an employer to decide if they want to invest in employees that way. My understanding is that help desk doesnt' get much budget, if any, to help employees better themselves. That said, a 'good' help desk job is varied enough that it can help ease the transition into other IT positions just due to being in contact with common IT tasks and related business processes.

If i could even get an entry level desk type job, I think i'd be pretty chill.

can't deal with public tho, bleh.

One thing to remember is that even if you aren't dealing with the general public, you will absolutely always have a client or customer you are providing services for.

Yeah heh you right. I'd have to get used to that.

Help desk is alright, any legit sites i should be looking for work, I can't find s*** through google tbh it's all spam.

I know several people here work help desk type jobs, and they all do something different. LinkedIn, Indeed, other jobs sites, and 3rd party recruiters are probably going to be your best bets

I guess i need to fix that profile pic Ahaha~ alrighty, thank you very much.

The other channel I had this in was probably not the right channel for this so I thought I would delete and re post in here.

Hey, So for my semester project in my Computer Crime Investigations class I was given the choice to either do a paper or do something of my choice and I chose to do one of the paths on THM. I was wondering what path you all would suggest for me to complete for my project? I just have to document my progress and show a screenshot of completion at the end.

That doesn't sound like a reasonable end of semester project; I would recommend you just write the paper.

No, the instructor in the class emailed me back about this and said it was a great Idea and that he was going to add it to the list of options for the next set of students.

Trust me lol I already went and got approval making sure it was going to be suitable for the grading scale.

something interesting would be how easy it is to get into, so something basic perhaps?

Hola amigos, need some advice/suggestions for my upcoming career path, what you guys suggest?
Certification in Security+ or Network+ or A+ or Masters. As I'm confused between which way to choose, masters or a certification.

something about how understanding offensive tactics makes tracing cybercrime and understanding digital forensics and incident response concepts easier?

hey folks, looking for some tips/tricks - I am curious on how best to apply the knowledge learned from the learning paths to the non-learning path rooms? Is it cheat sheets, saved links, and/or just trial and error? Do you have a set of items to try out in each room? Looking for the best way forward!

Depends on the room, sometimes I look at the tags and work from there.

notes from the informational rooms.... neat and orderly in a way that works for shadow then use those to try step by step for the ctf:s.... if shadow gets super stuck check the hints.... if that does not help come back later or check a write up

How do I ask a recruiter for feedback when not selected for a job after 3 interviews?

"Gib me feedback "

Lol

a lot of companies these days are in bad habit of little/no feedback on passing up interviewees ... sometimes no response at all 😛 ... recruiters usually don't know much more than the companies they're getting you in touch with, so if the company didn't provide them feedback, they might not have much to add

i would just be straight-up and ask for feedback and what areas you could potentially improve on. On a related note are you located in the US and what are you looking for?

I tried to call and left a voicemail. Would an email be better?

I'm in the US and looking for something security related or GRC

how would you feel about working 2nd/3rd shifts

or 3x12s on the weekend

I'm looking for something more on the m-f 9-5 type shifts. Plus my wife wouldn't want me working opposite as her

Thanks for asking though!

no worries, you ever change your mind let me know - hard to find good folks for those shifts lol

doing what exactly? just curious, i have FTE now, but always spending my free time on computer/tryhackme anyways 😄

SOC analyst

thanks!

Gave +1 Rep to @broken idol

Thanks!

Anything going on the UK 😅🤣

I will pay 2 month tryhackme account if someone teching me how to understand this ZAP OWASP CSP attack web app

🤣 I felt like that with the enite web fundamentals path

oh really???

Not sure what it is but it just doesn't click. Guess bug bounty isn't for me

Community Manager for THM!

I'll give it a go, can't be that hard

:kekw:

well the only room on that path that really hit hard for shadow to try and understand was the introduction to django room... and that room is not even on the path anymores

All the HTML/JS rooms sucked.

Is it more common for tier 1 soc analysts to be salaried or hourly?

How do I ask / make my current employer pay for my certificate exam ?

Just ask if there is any type of reimbursement for passing a cert exam.

Make sure you're able to explain what the cert is and how it would benefit the company for you to get it

I see conflicting answers online so maybe someone with experience will know this- would I be able to land an entry level SOC analyst job after acquiring SEC+ cert? I’m not a CS student, I don’t have IT experience other than learning web development and making a portfolio.

'depends'... I'd look at job listings and see what they are asking for. Generally, cybersecurity is an area open to people from various backgrounds

Thank you. May I ask, have you seen firsthand SOC analysts with no IT background hired in any of your companies? Would it be considered normal or rare?

Gave +1 Rep to @pseudo creek

How much time do you have left in your degree program? Internships aren't required to get a job in industry, but it does help more than I expected in my own student days

I’m not in school. I am Self-taught.

It's possible to make that jump, if your current employer has a security team, asking if you can shadow what they do for a day or week can help as well. If you don't have background knowledge that deals with SOC activities, it's going to be very uphill until you can get that background.

@ancient prairie Do you mind if I dm you?

I see. Thank you for answering!

Gave +1 Rep to @flat sedge

How much would THM,HTB,Letsdefend etc be worth in this respect?

In what respect?

In terms of experience. Would anyone look at these and take that as experience for a SOC position.

Or is it that these show a willingness to learn outside of a job role and help but won't necessarily get you a job

Seems very much like the "you can do it without a degree or certs" opportunities are few and far between and I imagine require an individual to really sell themselves and already have an "in" because a recruiter/HR will not even take the time to read your CV

whats the downside, if you do all paths it'll take like 3 - 6 months for nearly free

None of these learning platforms count as 'experience' when applying for jobs. They show interest, and they can sometimes be used as knowledge source but NOT as actual experience. Accredited certfs, such as CISSP, Sec+, OSCP go much further to demonstrate basic competency but they also do not count as experience.

juun

can I ask a question

sure thing

or anyone

if i have a compsci degree, what are the next steps

I know nothing about certs and career paths apart from I'm more interested in attack than defence

You have a compsci degree, or are working towards?

i'm nearly done

few months away

Get an internship, then a job in a domain that interests you

Internships open doors.

I'm so lost for what I'm meant to be looking for like I'm literally on job search websites typing 'network' or tech keywords

and they all need loads of experience

Go talk to your campus career center, and your instructors. They can help direct you towards partnered internships, or they may know of local companies that are looking. it's pretty late in the year to find a summer internship, but there may still be openings.

i'm probably close to dropping out because of some circumstances so I might/might not get the degree anyway and the job help they have isn't great

is comptia a good starting point?

Finish the degree. You are so close, quitting now loses all the value it would provide.

Is it a 2 year or 4 year degree?

i felt lost too bro on my last year

i had no experience and i thought i was the worst programmer ever

you just have to find an internship

i'm currently resitting my third year for the second time and i'll have to spend a 5th year (resitting 3rd year for the 3rd time) if I continue the degree

i would need to get even more debt

So how do you get experience for say a SOC without working in a SOC?

Either apprenticeship or a NOC role

Entry-level sysadmin for a year or two also helps with the experience to get into a SOC

Familiarity with a SIEM helps a lot as well, especially since several offer free content to learn the basics

Entry level sysadmin seems to want net+ CCNA 🤔

Looks like help desk > jr sysadmin > SOC would be the shortest route unless I some how convinced a company to take a shot

That would be entry level network admin

Can I DM?

sysadmin should be something along the lines of RHCSA, Linux+ or equivalent

Yes sure.

Any opinions on how much info I should include in my CV about my current position? I have quite a lot of responsibilities which can’t really be explained in 2/3 sentences but I don’t really want to write a full page… looking for ideas to improve my CV

Narrow it to greatest hits. 3 bullets +-1. Then in the interview expand

It would probably mean I will have to rewrite my CV for every job I am applying for 🥲 wanted to avoid that but I guess targeting is the way forward

Have a master-tape style CV document, and cut sections out

https://tenor.com/view/genius-dj-khaled-gif-7322173

That's what you're supposed to do. Tailor your resume for each job. Searching for a job is a full time job.

I think i have 60ish different copies of my resume?

What’s a good path to the OSCP?

Should you go from Sec+ -> eJPT -> Pentest+ -> OSCP ?

That's a lot of money on certs

Would you just skip to just studying for OSCP?

You can certainly do the material for eJPT but I wouldn't do the cert

Gotcha

Would you consider the Pentest+?

No because I'm in the UK. It checks the box for US DoD 8570 though.

I wouldn't go out of my way to spend money on certs unless it enhances your current job, someone else is paying for it, or it's a minimum-entry requirement for the job you want

I see

Hey, I just redid my resume and I'm hoping to get some feedback 🙂 I'm aiming for my first role in cybersecurity. Thank you in advance!

^ I would remove your high school; list out what you did your university degree in; add the tools used in your help desk position... also add quantifiable items - eg. I troubleshooted and advised # of people per week, while supporting my peers with their calls.

I would bullet point the job skills; and make it all black text

make it a one liner for the job position: Network Engineer/Information Technology Specialist II , COMPANY, July 2014 - present

Also, I would try to call out if you moved internally in the organization

Thank you 🙂 I was wondering if the text color would be a problem. The quantifiable items are a great idea and I'll definitely be including that now. I did not, however, graduate from college as I left after getting a position in the IT industry. I've never been great in traditional schooling environments and didn't want leave that blank so I just put down "some college". If there is a better way to put it, I'd change it. And I'm making the other changes now!

Gave +1 Rep to @fallen prairie

I would add your college experience in order of relevance - maybe add some relevant courses and the years you attended.

I would find a resume template you like and fill in your experiences... might be easier 🙂

hey guys, can anyone give me advice on how to prepare for an entry level security analyst role, I have an interview on Friday and I just want to make sure its good haha.

thought this was a better place than general to ask

I made most of the changes you mentioned and adjusted the rest to hopefully account for your other suggestions. I think it looks much better and I appreciate your time 🙂

If you could post an image of the resume you'll more than likely get more feedback. Downloading a pdf or clicking a link isn't really something people on here want to do

That's a good point lol

zety i found had soem really nice templates (its paid but like a 3$ trial and rip through a resume. i guess its less a template and more a step by step construction (with a base template) with some really nice features

just double check its cancled X) they dinged me for 4 months (3 $ a month but still) before i realized it was still rolling

Hey everyone

https://tenor.com/view/playful-energy-bouncing-play-with-me-excited-gif-14656461

New to the THM discord 🙂

OMG gif embed faillll

It’s a crazy cat, if anyone is wondering! Anyways, I work for a cyber security company and we are hoping to be able to work with new talent in the THM community. Who should I get in touch with to be able to post on the jobs-board?

@undone shore ^

That would be me :)
Could you drop me an email (muiri@tryhackme.com) from your corporate email address with an example job posting please? :)

is there any good entry level cert for an incident response?

I wouldn’t say entry level but sec + in combination with GCIH or CySA (GCIH is like 900 something for just the test, but you will have to submit something to show your experience in IT I believe)

I would also check out cyberseek.org it will help you find a good path on certification and career path

Anyone know site for remote cyber security job?

What level?

Does anyone know a good resource to study for the CEH?

Are you in India?

no

CEH is pretty meme-y, do you have a job or employer requirement to get it?

No, I'm looking to get into blockchain security but not exactly if I should get certain certifications like the security+ or splunk certified as a start

Is it possible I could get someone to peer review my resume?

CEH is not a good cert outside of India. At best it's on a HR checklist to get the interview. To be frankly honest, if someone has it on their CV or resume, I would question them much more thoroughly on their knowledge and skills than Pentest+ or OSCP candidates.
Blockchain is kind of a dumpster fire in general, I don't know of any reputable certs that would properly prepare anyone to fix the current set of problems.

redact PII and post a PDF here, volunteers will get around to it

there is some other info on there with citys but currently not relevant.

so

thank you all

U stated that you have network setup and installation experience as well as troubleshooting but i dont see anywhere on your resume that reflects that. Also some advice on your “Career objective/About me” section. If i were to ask you tell me about yourself in person? This is what this section should reflect (obviously as closely related to the job in question) no mare than 3-4 sentences quick and to the point. Highlight the things you are really good at such as python etc.

If you dont have relevant enterprise IT experience try your best to incorporate what you have done in your off time. Such as building your own labs or whatever it may be.

Thank you! Could you recommend any training resources for the OSCP?

Gave +1 Rep to @flat sedge

Check out the Offensive Security official stuff first.

Yes, I will send the email now 🙂

I will thanks! Have you heard of infosec institute? If you have would that be a good resource to use to study for the certs?

Gave +1 Rep to @flat sedge

Guys is ejpt worthy?

Try adding some projects

Would knowledge of STIGs be useful if I were to move into an offensive security position?

If you're working in the DOD space then sure. I'm not sure how often STIGs are used outside of the DOD as their main function is to make sure the systems are DOD compliant. Others care to weigh in?

Knowing how to properly apply a STIG and knowing what they are can be very useful. Will it help you day-to-day in a job as a security contractor or blue teamer? Probably not.

I know there are non-CAC offerings on the site you get them from but I just assumed they were for contractors without CACs

But knowing what common STIG controls are WILL help apply less strenuous control requirements

So STIGs are used in regular land?

Sup guys

Not as such - knowing the controls is oging to be useful, there are common controls between them. But applying the entire STIG would never happen unless it's for a DoD contract

Too much time invested

Guys, I wanna get into IT then to cybersecurity. What’s a quick way to get my feet wet

Maybe IT first for experience

But my goal is to join the ranks of cybersecurity

Ok thanks guys @flat sedge @stoic cave

Gave +1 Rep to @flat sedge

Makes sense

Learn some Windows, Linux, Networking and a little bit of bash or Python and build on these as you go. Follow the contents of the THM rooms and paths, consider aiming for certification. CompTIA stuff is good for beginners to IT and even cybersec with Security+ but aim for other certs from the likes of ISC2, ISACA, Offensive Security, eLearnSecurity, etc depending on what you end up wanting to do.

Cybersecurity is a broad profession with a lot of opportunities and an expectation of continuous learning. Getting your feet wet with the THM content would be a good first step

Why do cybersecurity job need experience : /

I have 0 experience 😭😭

try ctf or cert then it might help you ?

i saw CompTIA room on thm. when i complete it will they give me a cert or it just a room for practicing CompTIA knowledge ?

Neither of those really count for work experience though

It's just for practice I guess

Certificate of completion probably, not a certification.

Then what should I do bro
You are omniscient
Please guide

Please don't call me bro

Pretty much every industry has the problem of requiring experience even for entry roles. With security, typically you'll do a year or two in an IT role first.

Oops sorry

Can bug bounty be considered as experience?

Maybe?

Remember, the job listing is a wishlist. You do not have to meet everything to apply.

Mhmm yeah

Thanks

without official job exp, the best thing to do is keep practicing, and document/writeup all the rooms, labs, ctf's, courses, etc ... then you can use your blog/library of writeups in combo with resume to demonstrate knowledge and some exp (although not professional exp)

imo

And make some projects?

ya! anything you're interested in and want to learn more or explore for jobs, do it and document it 😄

I did 2 projects but they didn't considered it as experience : /

That's because it is not experience

ya "professional exp XX years" cannot be replaced by practice projects

Mhmm yeah but still

but it's agood way to demonstrate knowledge for entrylevel positions

Which job portal do you prefer?

LinkedIn?

lots of options these days, whenever im looking for work i try to diversify and explore job listings on multiple platforms, linkedin is ok

i'm in software engineering, not cyber/sec specifically

but should be similar

feel free to DM me anytime if you wanna chat more

i'm in charge of conducting all interviews for my company, so im more familiar with the other side of them these days 😛

Thanks bro : )

Gave +1 Rep to @steady pilot

ok thank you

Gave +1 Rep to @quick forum

Because, like it or not, "cybersecurity" is not considered to be an entry-level industry.
People can (and do) break into it, but traditionally you would be expected to transition into it from other parts of the tech sector

@rugged delta May I add you

Trying to get into an Internship/Apprenticeship is near impossible..

Hey All, does anyone know roughly how much dedicated incident responders make, the like that'll be wheeled in by mandiant or crowd strike post breach?

Hi! Has anyone taken the eJPT certification and perhaps used INE's training as a resource? I have a few questions about the cert.

for compTIA's Sec+ what's "Retirement" ?

"Retirement Usually three years after launch"

New exam rollout

Changes up the structure and brings in up to date questions

You're cert won't be affected and can be renewed though the means on Comptia's site

thank you @stoic cave

Gave +1 Rep to @stoic cave

what do you mean by being renewed?

Once you pass the exam, your cert is only good for 3 years. You have multiple paths for renewal including but not limited to CEUs, take additional exams on the approved list, CertMaster, etc

ok I see

is that specific to compTIA or all certs?

Generally, certs will have renewal requirements

CEUs are common accepted forms of renewal

does it need to be renewed after a new exam rollout?

even before 3 years?

Thinking about just becoming a 1099 It contractor. Found a few contracts paying 225/hr for 4weeks (35-45hrs a week)

Just remember that you'll have to pay quarterly taxes, and it won't be deducted automatically as part of payroll

And that any other benefits, such as 401k and matching contributions, health insurance, HSA, etc are all your reponsibility

Contracts are also somewhat inconsistent, as you may have periods of time between contracts where you aren't being paid

Good rule of thumb for 1099 is to factor 3x of what you would be able to take at W2

So, let's say in order to make ends meet at the minimum you need $60k on W2. 1099 would be $180k for all of the reasons juun mentioned

1099 is a lot of extra work

Well i have medical and 401k benefits through the Military reserves but wow i never knew i needed that much to make ends meet.

Ill think n consider it a lil more

Yeah, it's not just a casual decision

Since you're reserves, you may be able to find a pathway to a nice W2 position specifically for armed forces members or through connections in your unit

Ive been a w2 worker for long enough. I wanted to try my hand on my own

Ah

Yeah, you need to setup a solid plan and execute then

Winging it will end in disaster

What is 1099 ? And w2?

IRS things (US), https://squareup.com/us/en/townsquare/1099-vs-w2-which-do-you-want

this bug in target rfid memory eprom -- overwrite

@novel iron rule 1 if you're who DM'd me

Mhmm sorry : (

Hello everyone

@slim oracle saw you didnt get an answer to your last question but for the most part it is not tied to the actual exams its more a verification that your doing related work so shouldn't need to be before or after specifically lets say you need 10 ceu to recert, writting the exam again is like getting 10 ceus however CEUs can (depending on the cert) come from things like going to conferences writting white papers completing other certs working x hours in a job directly relating ti your cert, some certs are in a chain and refreshing your highest tier cert will qualify you to put in the paperwork to renew the lower level ones in theory if you have the right set up you can upgrade one and chain it out to several but it depends in the cert requirement and the companies policies on what constitutes a ceu

https://www.comptia.org/continuing-education/learn/how-to-renew

https://www.sans.org/blog/ways-to-earn-cpes-to-renew-your-certs/

INE is the owner of eLearnSecurity and you can get the training for the eJPT free through the starter pass. the training is fairly good and I'm going to be doing the exam shortly. It is just the basics of pentesting though and you will be encouraged to go further to the eCPPT and the full INE training catalogue
https://checkout.ine.com/starter-pass

Yeah, i'm currently about 90% finished with the Penetration Testing Student path.. I have not gotten to the blackbox labs yet. But still, i think the course is a bit "easy" ? I have seen that most people say that the course material is more than enough. But still, i have my doubts and i don't know why. Might be because i have completed the Jr.pentesting path at THM also, and that was way more deep dive.

Well the eJPT is not intended to be an intense exam. It's purely based on the content of the course. The exam is not as challenging as the eCPPT, OSCP or PNPT, it's literally just the basics. You have 72 hours from the time you press the start button to complete it

And many of the people I've spoken to have finished it in 8-15 hours

You don't need to do a writeup, you don't need to complete a certain number of the labs. You just need to answer the 20 questions based on what you learn on the course, as part of a penetration test of the exam environment

yeah, that's true. I guess i don't need to overthink it. Should probably just be happy that i feel confident in the material.

Soo.. The exam has 20 questions for you? Is it flags you need to find? Or could you just answer the questions and not touch the lab?

That's the way to be. Everyone I spoke to has said the material is more than enough

I don't know if it's flags or what you need to do but AFAIK you're not allowed to discuss the exam content, so that other people don't just take your answers and cheat

Yeah.. i guess i just have to sign up for the exam to see what it is about. 🙂

You do need to interact with the exam environment to find the answers to the questions, so I guess it is similar to a capture the flag but I haven't yet done it.

Have you set a date for the exam yet?

That's the beautiful thing about the eLearnSecurity exam system. You don't set a date. You just log into the portal any time and click the 'Start Exam' button whenever you feel like it. Your own closed environment gets built and you get a notification to download the VPN key and off you go.

No dealing wth anyone monitoring you, no having to be there at an exact start time, no having to show your exam area on camera. You just have to swear that it's just you doing the exam. It's open book, you're allowed use any tools you like and you can take a break whenever you want.

The only thing is that you need to keep the exam environment browser window open or everything will go offline in about 6 hours...

oh nice! Hopefully i will be able to do the exam in a few days 🙂 I guess it's also more realistic that way. You can't really cheat anyway because you're always searching and understanding stuff on the fly. So a time-based scenario with all resources allowed is better.

Exactly, it's more realistic to not announce your arrival in an environment. You just go in with a time limit, do your work, get your answers and off you go.

The eCPPT is another level entirely of course. You have a 7 day penetration test and then 7 days to produce a full report. That sounds like fun 🙂

yup! I'm more anxious about the report writing more than the pentesting part. I'm so bad at putting technical stuff i do into words. Hopefully they will have a good module on report writing 😉

Well the report also requires you to screenshot your work on the pentest as you go. Getting used to a notetaking application like CherryTree, Notepad++ or similar would be advantageous

yeah, i try to use obsidian as much as possible. At least for notetaking while training.

Should probably start doing it while doing boxes and labs as well.

Yeah as long as it works for you and you're capturing details of your methodology, it should go a long way

Yeah definitely get used to documenting your work in the labs/boxes

Hm, maybe time to set up a blog and do write-ups.

Might be one way to make an impression when you're doing something

yeah it might be private tho 😛

Entirely up to you. Of course, sometimes it looks good on a job application if you have a series of blog posts about something you undertook

I see, it seems smart, thank you

Gave +1 Rep to @topaz crag

and @stone sage blog posts may also count towards continuing education credits for recertification.

What does that mean?

continuing education points for recertification (comptia classify some blog posts as credits towards that)

or continuing education units

Some certifications have an expiry date and require you to recertify but some other certs allow you to maintain your certification by completing relevant training in the field. And some certifications have no extra requirements and are yours for life

huh, i see.. I'm used to recertify, but did not know about the continuing education points.

it depends, not all certs have it

Hello everyone. Kindly I am looking for opportunities to learn while I earn. US and Canada seem to have much of these. Are there any globally remote ones? Thanks in advance.

Yeah that's about right, took me 6 hours. Passed it last thrusday after about a week and half of studying the course material. Helped a lot that I was active on THM

If you have any more questions, feel free to ask

Arc.dev

Can i dm you?

I'll start on the blackboxes today. Maybe i'll have a ton of questions afterwards 😛

@ virus Yes please.

The black boxes are more difficult then the exam, so don't beat yourself too much up

yeah, i heard people say that. was beating myself up over not getting access to a second host after rooting the first. Ended up looking at the solution, and it shows you a metasploit tool not introduced before. That's what i'm a little concerned about for the exam.

Oh you mean autoroute?

yes 😉

Maybe i missed it, but i don't think i've heard about it before

You will need to know how to route

And yeah it was mentioned briefly

Then it's on me.

You can always try to manually add the ip route

But I'll be honest the materials lead you to think wrong about ip routes

Tell me how you'd add an ip route

Maybe i did not try to add the route manually on the kali machine. I thought i did.. But maybe that was not what you ment?

ip route add <IP> via <IP> ?

Well that works for 1 host

Ip route add <IP/CIDR> via <IP>

ah yeah

But what would you use as the via IP

Your own IP?

.1 address of the network i'm trying to reach?

or my own gateway?

ffff.. I need to read up on this

You are right about gateways

But i might need to use the gw of the network i'm pivoting?

Now you are thinking in networking

The idea is you have to go through the networks router to the next network

makes sense now

add route to the new network via the network i have access to

So the syntax would look like ip route add <IP/cidr> via <IP router that leads to the network>

Hope I helped, good luck

You helped me alot! Really appreciate it 🙂

thanks!

Gave +1 Rep to @silver goblet

You should see if you can catch a mod to get the eJPT role added

Im seeing a bunch of ads where they are offering state funded training for cybersecurity. Anyone know if these are legit and where to go directly to look into it?

I don't see too many ads. Can you give some more details or perhaps a screenshot using something like flameshot?

Is there a role for it? I didn't know, don't feel like bothering them, thanks tho 🙂

Gave +1 Rep to @rugged delta

When they're about they might be able to help you. Usually someone in #general

Hi, I am looking to apply for a SOC analyst position. What are the screening criteria? What interests employers? What is the main areas they focus on? What can ruin the interview? Thank you so much for helping 🙂

wanting to "just close a case" is a quick way to ruin the interview.
Ideally you have an investigative nature.

A lot of those questions are workplace specific too. You're going to have to read the job postings in order to get that info.

@stone sage well..
https://ine.com/blog/new-ejpt-coming-soon?utm_source=linkedin&utm_medium=organic&utm_campaign=NeweJPTComingSoon&utm_content=blog

Yeah, I seen that on Linkedin.

Demonstrate the ability to triage, prioritize, and process cases, including being really good at time constraint management. 🙂

meh.. Unless it's coming out within the first few weeks I don't really care. I don't care as much for certs as I do for learning. I just need to get it because I'm required to. I still would have access to the new content on ine 🙂

That was my thinking, since how much can they really change the exam, and we will always have access to the content 🙂

that being said the updated content is said to release in a few weeks, the exam in summer

Looks more like change of format. Also the content is a bit outdated. GUIs, versions and such

So they will probably revamp a bit

the course on wireshark I had to take a double look at the ancient wireshark interface lol