#cyber-and-careers

hence the personal projects section rather than commercial websites ive made

should i remove the freelance section?

At best, the way you've described it you are doing freelance webdev, not frontend engineering

Front end engineering would be building the systems that implement page requests to be satisfied from a templating system

Every country from Canada, USA, and because I speak German, Austria and the like

ok so rename to frontend webdev rather than engineering

What you have isn't quite lieing, but it could be more accurately described

funnily enough i got offers for junior frontend development i just didnt take them

how should i reiterate then

were you using VCS? did you have a project manager to herd the cats? how about an issue tracker? what kind of project management strategy do your freelance projects use?

yeah no idea what that means

Then you weren't doing engineering

okay web development then

ill rename it

If i see engineer anything on a resume, those are the questions I ask

i wasnt asked those questions

listen im sensing some hostility im honestly just tryna work it out

and rename it appropriately

im young i dont have much experience

i just came for a hand honestly

I'm not being hostile, I'm telling you what my experiences have been, from both sides of the interview

thats fine, ill rename it to web development

i wasnt aware there was that engineering also meant those things

my bad

And honestly, given your resume, I probably wouldn't ask those questions, because the context of what you're doing is bumping yourself up to look more attractive on the resume. And that's fine, and normal-ish. Everyone formats the things on their resume to be more attractive to prospective employers

pretty much yeah

i dont really know how to do this stuff

do you know what i could do in terms of projects to kind of get a better chance

i dont have commercial experience in helpdesk stuff and all roles require commercial experience which kinda creates that never ending loop

and thought adding personal projects would at least show that hey i know this stuff gimme a chance yk

Alright, then. Here's my advice, for whatever my thoughts are worth: be upfront and honest in your resume and your interviews. When you lack experience but have an interest, admit it. "I am really intrigued by X for reasons Y Z and W. I would love to learn those things at your company, and here's where I see myself fitting in"

Personal projects are great, but they have to be contextual

nah man i really do appreciate your help so your thoughts do mean a lot

The two projects you have listed are basically a weekend's worth of work

Add some linux VMs to your lab, learn how to tie a linux PAM auth into AD using LDAP.
Learn how to tie FreeIPA into AD, learn about GPO and what RBAC is.

That will add actual value to your lab other than 'I spent a weekend messing around with windows servers and managed to build a DC that had AD with a bunch of fake users'

gotcha

ill get that done these comin days

apart from that anything else?

"I don't know" is one of the best things you can say in an interview

how so

Because it shows the interviewer you aren't going to get yourself (or them) in trouble by being dishonest

Trust is the most valuable currency you can have with other humans

should i perhaps reword it to i dont know but ill always do my best to find out and come up with a solution

Usually when I'm not sure on something i'll start out with saying that. then I'll follow up with something along the lines of "I don't know, I haven't done that thing before, but here's where I would start with my approach and here's where I think the hard parts will be"

But you have to understand how a lot of those systems have to be designed to make any kind of sense to answer that way

i see

that makes sense

ill make a note of that answer

Don't make a note, just be honest with your interviewers

so get that project done, restructure the cv with those tips

young people see it as a big deal if they don't know something

anything else i can do to better my chances

that's not the case

so be honest when i genuinely dont know something

and admit it

thats fine

being aware of where the limits of what you know is, is one of the most valuable things you can know

I find that the more I know and the more knowledge I gain, my ignorance becomes deeper and more profound. Because I start to get an idea of how much of the subject I don't know

+1 to all of @flat sedge 's advice 👍 ... as interviewer/hiring mgr i agree 100%, better to be excited and admit anything you not as familar with, and "thinking out loud" during calls/interviews is a good way to show how you think and approach problems (something i look at a great deal)

oh thats good

yeah i heard the thinking out loud one before, i didnt know whether it actually helped

My role in interviews, when I was a priniple engineer, was to get people to say 'i don't know' as quickly as possible so we could get to the interesting parts: which is their honesty, and how they think

I don't know

what type of engineer are you if i may ask?

usually if they made it to the panel i was on, they had passed a preliminary psych interview

Hire me please

damn what did you work as if you had to pass psych interviews 💀

At the time, I was an infosec engineer. Now, I have more of a QA role: less senior, less responsibilities, and more time to do fun stuff.

Everyone takes some form of psych interview

psych interviews are usually round 1 with the recruiter, judging if you have the right attitude and mentality to fit with company culture

Phone screens are really common

ohhhhh

A psych interview doesn't have to be a full poly/lifestyle interview with the FBI

okay thats what i was thinking ahah

I'm sorry, it's not FBI any more. It's OPM.

thanks for the clarification

FBI does poly still

At least for their own stuff

are you the person i talked about the drug thing working for an agency?

Only for special clearances, I thought. OPM has done it for a few TS/SCI that I've heard about

you seem to know a lot about the fbi 👀

I don't remember

For full scope?

A lot of people have terrible ideas about what the SF86 form actually means in context of both continued employment and staying out of jail.... I don't think anyone could keep track of all those conversations

I've heard of OPM doing partials but full scope is usually done by the agency you're going for from what I've seen

Then again I couldn't tell you who did my clearance so

Makes sense - which dept does OPM roll up to? Treasury?

That I do not know

what level clearance you got?

or are you not allowed to tell

Wikipedia says its independent

That's not really something you flat out ask

yeah i thought so

its okay

i get it

just a curious juvenile

well thank you for all the tips juun im gonna go start workin on em

have a good day fellas

good luck

Yes they do. I can attest 😂

And they're not friendly about it. That's putting it nicely

A lot less friendly than my police poly thats for sure👀

They might actually be able to retain and gain good talent if they didn't act the way they do

My process for the feds was not a good experience but thats just me

When it came time to re-do it I basically said hell nah

I got asked if I would take a poly recently and I said I'd have to either really want to do the work or you'd have to provide incentives lol

Its mentally draining

• inadmissible in court

a poly isn't that bad

Full scope?

yeah

I did it many years ago

Not sure if civilian poly tests are the same as when you are not going thru civilian side

From what I have gathered it's pretty bad and the interviewers are straight assholes

no way, I went to some random building in Fairfax? and did it

I did about 4 polys alltogether

interviewer was pretty straight forward

Best experience with police, least experience with the feds

I was already a police officer when doing fed stuff and that was just a shit show😂

Basically feds always have to bring the big d contest

They do it to normies too

trying to get an cyber internship in boston is hard 😔

Your gun hasnt came out that holster since it was issued

cyber internships in general are difficult, I'd try various IT internships... also its a bit late in the year already

Always try to steal great cases that they did 0 work for

true but just looking for a summer internship tbh

our internship hiring period starts in November, our interns start in May

they usually open up in spring

You should have been applying 4 months ago. Most of the cyber internships I know of start to open applications in December or January.

Most IT internships open up then

well i've been applying since then lol

its a challenge. Have you been applying to all sorts of companies or just cyber companies?

also I just saw something from Boston dynamics hiring more cyber folks, not sure if they had interns on that list

been mianly applying for IT internships

while diong a work study at school

Basically we finalize our lists in around March and start racking and stacking skills against assignment so that we are prepped when interns join us in May/June

your best bet now would to be focus on smaller companies who may still be hiring

yeah that or I do another work study

well thats fine too

probs aim for a cert in summer and hopefully try to apply again for next year

do you have any recommendations on building up a resume till then?

well I think you have the right idea, a cert, doing work study and also building up a portfolio wouldn't hurt, github/blog with various projects and what not

networking, goings to cons and being active in the community is another pathway to finding work

I will say, being from Mass, look at the smaller companies in the area. I didn't Interview until March/April for my internship that started in May

Any internship for beginner?

internships vary widely country to country, in the US they are only for college (and some high school) students

If I am aiming for a security position should I go for Sec+ or Network+ first?

Do you have prior experience in the Computer field? A degree?

Yes currently in Senior year of College for IT, going into masters soon for IT and Sec Mgmt and an intern at a public school for the IT dept

Is the masters part of a 5 year degree program?

If not, I would drop it

Given that you're already doing IT activities I would do sec+ over net+ if you had to choose one

If you can do 2, ccna and sec+ would be my choice

The masters is only going to hurt you as it will price you out of entry level positions

Have the company you're working for in 5 to 6 years pay for the masters

if you're applying to entry-level, technical roles with a master's just be prepared to take the same pay as someone with just a high-school diploma and a cert or two

Yeah it doesn't matter what college degree you have, going into any organisation, you'll have to start at the bottom in most cases

With a MSc, you are going to be a less attractive candidate for those entry level roles. You are more likely to leave that role as soon as you can; often well before the business 'break even' point of the cost to hire you

In a lot of cases, yes but in large enterprises, they are generally willing to encourage you with higher level training, bonuses, salary and positions sooner if you're willing to keep pace. In a lot of organisations there is a tendency to shift horizontally in the chain rather than vertically as well, since it gets a bit crowded and the level of compensation to retain talent is on the upswing if you're able to demonstrate it.

this is really good advice however without going into much detail, the Masters is being payed for and I am expected to work for the company afterwards

I am also getting an internship during the masters program

Does that make it worth it? \

Does anyone here ever do resume reviews?

So is the company offering you a security position? It sounds like you have a job or will have a job?

Yes I will have a job

anyfolk here have experience with project based resumes

I would ask a question if you have one. Lots of experience here

https://c.tenor.com/pf7jrJnQnr4AAAAM/i-have-years-of-experience-tlb.gif

@juun what you did that made transition in hacking?i mean i also want this transition to go from beginner to........ Advance

Security is a thing I enjoy, but not my current career focus area. It informs what I do in other domains, but isn't the primary area I work in.

I got the CISSP because it was required for the role I was in at the time, 'hacking' is a fun past time for me.

So can you recommend me something? To get advance in knowledge

Work hard, study hard, feel dumb a lot

Alright thanks for the advice!

Gave +1 Rep to @flat sedge

If you don't feel dumb or un-knowledgable, you aren't pushing your boundaries enough

can we pin this lol

No need, it gets repeated often enough

Thank you for this validation

Gave +1 Rep to @flat sedge

What degrees would I need to get into cyber security

Whatever degree that the company you want to work for is willing to pay for

one career, please.

anyone got any advice on how to land a cybersec internship in Canada? I have some projects on hand and I am a second year comp sci student for context

Actively learning linux and networking and preparing for my A+ but I was hoping to land a job this summer

Applied to a lot of places but only got rejections :/

Is there a certain etiquette to this or do you just post it?

Here is the resume I have been using for about the last two months. I've been building off of this format, adding and taking away stuff for about the last six months. I am mostly using this to apply for help desk / IT positions and sometimes for jr cybersec type of positions (analysts mostly).

Tbh I am not very confident in this resume at all. A friend in tech helped me build the very first version of it and I've just tried adding to it as I move through school.
I've never worked in tech before so I constantly find it difficult to show my strengths and experiences even with my lack of professional experience.

Thanks

I like the look of this format. Something to keep in mind when writing a resume is that the hiring manager who’s reading it (unfortunately) isn’t gonna be very deliberate. For example, you have a lot of things listed in tools/concepts that nothing else on your resume really reflects. Something that would help is adding a few personal projects that accurately reflect what skills you have and how you implemented them.

Just to reiterate, you have “writing a custom program in Python3.” Your accomplishments should include the outcomes. I.e. what did the program do? how did this program make what you were doing more efficient? And so on.

You'll get more feedback if you post an image of the resume, most users don't want to download files

Is there a path for getting into Cyber Threat Intel?

Especially not a docx

https://klrgrz.medium.com/cyber-threat-intelligence-study-plan-c60484d319cb

This is perfect, thanks a lot

Gave +1 Rep to @polar rock

Doing soc analyst job is a worth? Going runbook and performing investigation on same type of use case everytime and running tool.Is there something to learn?

Well depends on the company you are working on, mine even payed for my tryhackme subscription, and besides monitoring different siem platforms, creation of playbooks, seeking automation tools i am also involved in a lot of other security related projects,, and more things to come...

It really depends on the companies SOC architecture and mindset, i got lucky enough to be part of the creation of it and i had and have a lot to learn from it....

Not the place for ads for your own services.

Im just starting on my A+ certification and working towards my associates degree. What will I need in order to become an ethical hacker?

For those of you preparing for or considering the eJPT, there are some changes coming up. The current version of the exam will be retired this summer and a new version will be released. If you currently hold the eJPT, you will continue to hold your certification, it doesn't expire. There are some critical changes to the exam structure and a revamp of the training material is coming down the line 🙂

https://ine.com/blog/new-ejpt-coming-soon

plz be multiple different exam environments

plz be no multiple choice questions

mother - they increased it from 20 to 35!!

Hello, not sure if this is the right channel for this but im wondering how hard the security+ cert exam would be for me if I've completed the complete beginner course? and what the best resources would be to prep for the security+ exam? thanks in advance!

And shortened it from 3 days to 2... Probably because most people do the 20 questions in a relatively short time

There are always multiple resources for preparing for an exam, whether you prefer video lectures, live classes, books or other resources. The book is about 500-600 pages and there is a lot of information covered

If you are able to complete any of the modules in TryHackMe and you maintain the desire to grow and learn, you can learn a lot of the information needed at a pace that you prefer. You'd be well able for it but you should also have some knowledge in Linux, Windows and Networks. THM is a good resource for learning the basics of these too and your desire to learn more and explore will grow as you improve

awesome thanks for the info! ill start on the THM cyber defense course then, and get a study guide for Security+

Gave +1 Rep to @rugged delta

CIA or NSA are my dream jobs

I've aspired to work for those for as long as I remember

Thanks for giving insight 👍

Gave +1 Rep to @peak wind

Been preparing to take this for a month or so, just gonna wait for the v2 now. Hope it’s good!

I’m going to go out on a limb here and say that Crowdstrike probably knows a bit more about Threat Hunting than Baldwontrememberwhotheyare Risk Management. 😂🤣

Those aren't even the same job.

BRP deals with a completely different area

It's an insurance company

It isn't weird at all. Different jobs that just happen to share the same job posting title.

They're also on the Nasdaq it looks like

Also reading those two, I can see how they could be considered similar

Both are proactively looking for threats, crowdstrike likely in the wild and BRP more than likely on their systems and those they insure

reading between the lines, Crowdstrike is looking to flesh out a team against nation states and sophisticated actors. BWP is worried about its business.

Different skillsets, different pay grades.

but, thats what Crowdstrike does.

The BRP pay isn't even posted by them

It's an estimate by LinkedIn

I still think its worthwhile data, like it actually makes sense

Also, ima bet crowdstrike is playing up the role. Could also just be a customer facing threat hunting team. No guarantee you'll be facing APTs

Also true'

but 30+ days means its closed anyway.

BRP is also in Florida. Lower COL and no income tax

oh personage, I was just in FL the other week and Kaspersky has an adopt-a-highway

I thought it was hilarious

I know it says Remote but the estimates take location into account

anyway I dont think going too much further into the weeds about it is helpful

the point is those are different jobs with different expectations, at the least.

I know im not geting that job

I had an interview with crowdstrike

Didn't go well lol

Was for a Malware Intern

did they talk about devsecops at all?

No, that wasn't really all the rage yet I don't think

im just curious, my org is pushing it really hard

If i remember correctly the first question was something along the lines of "do you have any ethical disclosures or unique finds to your name yet"

That is highly specific

I know some of the college peeps in here do but I wasn't expecting that for an intern interview

Its not really that hard to find one. I found an ehtical disclosure on a local pizza place that took online orders and had an input validation error that would accept negative integers in the tip field

Its ethical if you choose to disclose it 😉

You have a contract with them?

Nope, just happened to be buying a pizza.

I sent a screenshot and email to their contact email. They ignored me. But I did the right thing anyway. No idea what they did with the info, but it was cool to experience regardless

I should have specified on the question that was asked. Ethical disclosures and unique finds as in CVE stuff

For real? They expect an intern to have discovered CVEs?

Like, you're credited with finding Log4j or Dirty Cow. That kind of stuff

oh fuck right off with that shit

Yeah, that's why I knew I was screwed two minutes in

my team molds good engineers and analysts. we dont find them

what utter shite that is

There are teams and tools built for CVE hunting. Its tons of theoretical work. Your analyst off the street isn't doing it.

Felt very inadequate replying with "no but I've taken a malware forensics class as well as x86 ASM and reverse engineering courses"

Interviewer didn't really care about college courses from what I could tell

Which you already sound overqualified in my booki

most my folks dont play around in machine code land

I was garbage at that class lol

usually, that's out of scope for what 'contact us' email can handle

Juun I see you

orly

what up

Wtf discord

Hello

Ded

For sure. But its wasn't Dominos. It was like..... "Slightlybiglybustmostlysmallpizzafranchise"

@boreal zephyr I don't know what pizza place that was, but dominos has a 'responsible disclosure' form. I would be surprised if it was a national chain and did not

It was def not a national chain.

online stuff is likely not done in house, and farmed out to a vendor

what's the impact of the negative tip? does it actually reduce the bill or just get zeroed out when order is actually placed?

that all tracks and I agree. They likely had no input on their payment methods. But they for sure owned the website.

if you can show that it actually does reduce the bill, that's a HUGE thing the owner will want to know about

and i would start to bother managers until one of them can get you in contact with the store owner or business rep

I was able to order mozz sauce and zero out the bill with a negative integer tip. I sent one email with two screenshots and moved on

Im assuming you could order anything and do the same thing. I would not bother anyone "until they choose to respond"

man, it's like they are trying to be as bad at support as razer

I personally think, its more like they were trying to keep up with norms and utilizing a 3rd party to provide the service

anyways, this is way off base and off topic

Yeah, but if the vendor is providing a product that impacts their bottom line with having a bad payment system, the business is potentially losing money

fair

#infosec-general if you want to continue, but i'm going to make dinner

There's a new course coming out for the v2 cos there's a few changes. It'll still be free and mostly the same. The main changes are in the link i posted above. For the v2, it's 2 days and 35 questions, not 3 days and 20 questions... I'm thinking most people were completing 20 questions in1-2 days easily enough

Will it be free?

The course is part of the free Starter Pass

The exam is $200

I was planning to rush it too. I'm wondering if it's really worth waiting one more month just to have the updated version🙄 I have heard it's mostly for personal experience than something to bypass HR filter or impress actual professional pentester.

It's reallly just the basics of pentesting. The new version is a bit more refined by the looks of things but it's only a starter cert. The next one up, the eCPPT, is more along the lines of the OSCP. Of course OSCP is more highly rated

Yeeah I heard that OSCP is the gold standard certification. But of course the difficulty is not the same (neither the price tag), so I have to think twice first before trying OSCP. I would likely need to commit much more time than I can afford for now. I'm not foreigner to IT stuff (I'm working as developper and have a computer enginnering degree) but I'm quite noob as far as hacking goes.

Well the OSCP is intended to be challenging but also to start you from a lower level. You'll learn plenty here in THM but OSCP has a thorough and intensive course. The new pricing arrangement gives you a year to get the work done. There is a 90 day option too but scheduling your time is one of the biggest challenges. It does require dedication but that's what they want from you

Well I guess it's to be expected for a professional certification. I would likely need to take a long break from my current job to do it.

Most IT people do find time to certify outside office hours. It's not like a full-time degree. It's manageable. If you took the 1yr option you could easily manage 2-3 hours a night several nights a week

I'll take into consideration the 1y plan. I can spare 2-4 hours/day even on working day indeed (I'm used to do short night). Thanks!

Gave +1 Rep to @rugged delta

The starter pass won't exist anymore

You will need the fundamentals plan now

So 39$ a month

You'll still have access to the old Starter Pass content but yeah it'll be out of date

Interesting, thanks for heads up, I gotta pull some content from thosr slides into my notes

i just wanted to know did grades really matter in life?

Welcome to the most subjective question of academia

Yes, no, kind of, definitely, not really

They 100% matter if you are wanting to go into university but if course there are a bunch of other factors there. They can also matter if you’re looking to go into grad school. Although they don’t matter for life itself they can matter towards getting you to more overarching things. They can also impact things like research opportunities, honor societies (I got a 40,000$ scholarships just for being in an honor society).
It’s a super subjective question but no they don’t really matter but they do at the same time

A very America centric view there smh

Depends entirely on what you're wanting to do with your life.
If you want a degree (or to go into academia) then your grades will probably matter. If you want to do a job that doesn't require a high standard of education then no, they are completely redundant

Grades don't matter when you are 30. Grades matter when you are a student, because they are the only evidence of your ability to follow through on an arbitrary task

^^^ That too

Gawd dammit, I've got 10 more years till grades don't matter

I mean, they will also still matter if you do fuck all for the next ten years and still have nothing to prove your ability with

https://tenor.com/view/doh-homer-simpsons-silly-gif-4837044

If you do nothing for 10 years after graduation, grades won't matter at all, because that is too big of an employment gap to explain

Whether you can get a job is another matter, but the grades are still all you can prove it with 😆

Hi guys, do you think I would be able to get a cybersec job in 2 years? I need to get a job in 2 years to pay for my university. Do you think its possible without any past IT working experince in companies etc..? ty

Are you in university now?

no

Will be

2 years imo is plenty of time but it can be dependent on a lot of factors

I dont have money for certificates btw. My family isnt in the best financial situation yk

Certifications, connections, internships, coops, etc.

Doesn’t matter if you leverage your connections and opportunities, etc.
I haven’t paid for any of my certificates or courses

Not really sure how to do that tbh.. I’ll be 19 at that time and I’ve heard that companies dont like having junior pentesters

I am 18 and have worked for multiple companies. Taken several very expensive courses and I am teaching a course at blackhat. Ageism is definitely a thing but also shouldn’t restrict you

Connections/networking are easily the best way but internships/co-ops from university can also fair very well

No one gets a job as a pentester as their first job unless they are very lucky in their connections and skillset. It's perfectly fine to get a job as a very junior sysadmin.
Community college in the US very affordable, it is definitely possible to work full time and do full time at a junior college with good time and money management (I did).

It sucks though I will admit

Extremely draining

im not from us tho… :/

Altho im going next year in the us for a one year high school as an exchange student

got onto som program and passed

myb i succeed to make skme connections over there..

Also my parents incomings are like really low and mg only chance besides grtting some job is passing through some free community college

Best bet for a career path is to figure out a basic plan. It will definitely change as you go, but figure out a reasonable place to start from and always work towards your next role from your current role

Also i heard that sys admin is not that wanted

anymore

That's not true

And about the college affordability. My parents incomes are very low like under 6k$ a year soo.. :/

Sysadmin is becoming more embedded in dev teams for devops and devsecops, but there are definitely a LOT of places and roles available

Start looking in your area for the requirements for entry level <whatever role> and tthen start talking to recruiters.

sure I will

I really, really hate the idea of building your 'personal brand.' But it's a very important concept to gaining the network and connections needed to be successful. No one succeeds in a vacuum.

I see

I don't know for US but in my country, it's possible to do pentesting as first job if you did it as intern first and get hired by the company after the internship. I kinda regret missing disregarding the opportunity back then

Internships usually have a requirement to be a student to get - rarely high school, almost always university or college.

yes

Ah yes, indeed I had typically computer engineer degree internship in mind

Yeah none going to hire a high school as pentester even in my country unless you have really something big to show

yea…

I dont think in my country there is even that much pentest job offers, very low

Also remember that the most important part of a pentest role is writing reports about findings. If you aren't OK spending as much time writing reports as you are doing technical stuff, it is not a role for you.

I was just looking for some interships in my country. They all need a university degree or to be in a final year of it

Yes. Because that's what internships are for. College and university students.

then looks like Im fucked

i guess

In that regard, being exploit dev/security researcher may be more fun. Probably still paperwork to do but not probably more interesting than just reporting

When and how did you start breaking into the field, if you don't mind me asking? Being that far along, that early on, is definitely interesting.

yes

looking for mentor new to hacking world

Hey guys, I was hoping to get some advice and maybe some insight on an opportunity that's come up. On Thursday I was contacted by a recruiter with a staffing agency who found me on LinkedIn. He said he had a few different IT/help desk positions available, but they were all paying about the same at $20/hr. The one that we talked about the most was with Nike at their campus in Beaverton, Oregon (about 75 miles from me, around 1.5 hours average commute) and it was a hybrid gig; 2 days remote, 3 days in office.

Now, I've been in school for a full year now and learning with THM and I have been tossing my resume out like crazy and this is the first time I've actually had a shot at a position. It feels good that he reached out, but the commute and the pay decrease is pretty hard to deal with. The pay brings me to my first dilemma: I make $26 / hour in a warehouse that's only a 10 minute drive from home. I'm starting to ask myself if it's realistic at all for me to find any entry level position that will match my pay or not, especially considering I have no professional experience in tech. The benefits I think are comparable, except with Nike its a contract to hire (1 year) and with my current job I already have a 401k match that's pretty generous that I've got some money in.

TLDR: should I take this pay cut because it's a good opportunity in the long run or hold out for something closer to home and closer to my current pay?

Also, sort of unrelated, someone suggested I post a screen shot of my resume instead of the .docx file (lol) so here it is. Thank you.

Taking the pay cut and getting some experience in IT under your belt would be the choice I would make, especially if you actually want to work in Cyber. However, being 75 miles away... uh that makes it kinda tough

I don't think we'll be able to give you a simple yes or no tbh. I mean, a 3 hour round trip sounds rough

Stay away from certs that require X year renewal unless it's the one Cert that is invaluable to have

It's really scammy to ask people to renew their Certifications.

It's a big problem in Private Security.

Eh, disagree.

I think for Cloud specifically, having a cert from 5 years ago could literally be meaningless

Then there it is. Let it become meaningless
And get a better one

Ends there

Renewing your certification shows you're up to date with the current technologies and landscape of cloud

If it was a Comptia Security+... then yeah lol. No need to renew it

But there's some that I think are worth it

Thanks. And I’m not really looking for a yes or no. Just some thoughts from people in the field.

Gave +1 Rep to @spare kernel

3 hours round trip is generous too… Portland traffic is horrendous.

I do drive a Honda though 😂

@spare kernel
If you graduated X years ago and have been doing your homework.
You should be up to date.
Especially if you currently work in your field.

Yeah, you should... but an employer or more specifically, HR, doesn't know that. A cert shows that.

Portfolio shows it

You got a Cert. Nice
But what can you actually do?

But sure, recruiters might not know what they are looking at.
And in that case, maybe businesses are doing recruiting wrong

Okay, sure. Just trying to give some advice. Certs get you past HR filters. They aren't always going to take the time to look at a portfolio.

We can all agree on that

But HR only are aware of very specific Certs

My point is there is a difference between someone who has a Cert in x thing and another candidate who can actually show work done with X thing

A. I got a Cert in programming with Python
B. Here are 5 apps I coded with Python.

A sounds like you're using cert to mean certificate of completion, very different.

Remove first person. Don't list certificates you don't have; it's ok to say 'current study areas' and list relevant coursework. I would break Experience and Projects into separate areas, and THM and HTB are neither of those. Projects should be something non-trivial, like a capstone. A project is not writing an essay on cloud storage.

And yeah, expecting them to look through the portfolio is going to leave you disappointed. You might have projects but who says they're any good?

Im using ''cert'' as in Certificate, Diplome, Degree, etc

Don't.

Cert in IT/InfoSec HR terms very specifically means Certification.

I believe that if someone wants to be successful, everything needs to be pushed forward.

• LinkedIn profile
• Contacts
• Online presence
• Social Media
• Portfolio: GitHub, Website, Youtube channel, etc.
• Proof that, with your skillset, you can help make companies become more successful
• Dress code
• Diplomas, Degrees, Certifications, etc.
• JOBS ( prestigious company VS the tiny store at your street corner)

And to me the most important thing is the ability to show a track record of Achievements

Ok, in order.
Linkedin sure, but it's a social media like any other
Contacts - networking is absolutely critical
Online Presence and Social Media - Honestly likely to harm more than benefit
Portfolio - This isn't art, or programming. CVEs or actually meaningful tools with your name on sure, random projects not so much.
Proof whatever - that's what your CV is for
Dress code - what the hell is that meant to mean? You dress appropriately for an interview, that's a given.
Diplomas whatever - yeah this is actually meaningful.
Jobs - Sure there's recognition in names but what you did can be a lot more important than where you did it.

Isn't that covered already by your other points? Job history, education and training

If we take a look at 30 students in a class.
Statistically, only 1-5 are ''great employee'' material.
And those 1-5 students share similar traits.
They keep working on their craft after school/work hours.
It's a lifestyle.

And then we need to get into personalities and if their personality matches with the company and current team in place.
When I see a candidate who has achieved great things in 1 field. This person is always more likely to do it again in a second one or multiple others.

You got anything to back up all those stats?

Not everyone needs to do their work outside their work hours.

I've known classes of 30 where 25 of them are excellent employees, you're welcome to your opinion but generalisations suck.

I can look at my own life and talk about it from experience.
Got 4 degrees, every time it's the same story.
The same dedicated students at the very beginning of the school program and the same ones that end up at the top of the class at the end.
Work ethics, time and efforts surpassing raw talent.

I can do the same, but if you're going to talk about statistics then be able to back it up. Otherwise it's just your opinion.

This is, quite clearly, just your opinion.

It's not. It forces you to remain relevant and up to date

Oh jfc that was a lot of messages that didn't load

Gotta love discord

Whatever James said I probably agree

If you are taking the same certification VS taking a completely new one.
You'll just spend money to get the 10% new added to it.
Instead of adding a Cert that is more relevant and up to date and completely adding content to your current skillset

You don't seem to understand that certs are also for compliance

DoD 8570, UK's CHECK scheme

Let's now hope that the UK is proficient.

Not all cert 'renewals' require the exam be taken again. Most of the time, it's a demonstration of some kind that the holder is expanding skillsets and keeping up to date. Renewals of this type cost a fraction of a new exam.

Wat

I'd love to know what you mean by this, if you would like to elaborate.

I'd recommend to leave out future goals (Security+, OSCP) in your education section, and instead move them to a separate section.

Thanks all for the feedback.

Another question: Would anyone recommend just not looking for a job at all right now? If I'm financially stable and have job security, should I throw job hunting on the back burner until I finish my degree at least? Or is it really worth it to get one of these low level jobs and stay there for a year and then start trying to get a job in cyber sec?

Are you doing IT atm?

Sorry if my questions seem a little redundant

No. I am a warehouse worker.

Job hunting is practically a job in itself, applying for stuff is a lot of work

tell me about it lol

I've been applying for at least a handful of jobs every weekend for the last six months ...

Keep looking for something closer to you. In the mean time just keep up with your education and learning imo.

Considering you’re still getting your degree right now an internship could be a great option to get some experience.

Cyber sec internship?

There's a few companies offering trainee positions too, those are good

How do I find something like that? I have a few filters going on on LinkedIn which is where I apply for the vast majority of jobs.

Not sure tbh

You could try reaching out to local IT companies via email too. Thats how I landed my current job while i'm still in uni

I got referred for mine through a lecturer

Sell yourself.

What exactly do you mean by 'local IT companies'?

Companies that are close to you

not 75 miles away lol

I guess what I mean is what is an IT company? Everything I have applied for has been a corporation (like Nike) with an IT department.

and if I google 'local IT' I just get a bunch of PC repair shops

I guess it'll depend on the area you're living in too

Living in the city vs outside the city will give you different results

I live in a small rural town lol

Yeah that'll be a problem then unfortunately

But I am willing to commute to the next biggest city which is Salem, OR. It's only 25 minutes (not 1.5 hrs to Beaverton lolO

The other Salem

No witch burnings here

Search for them there. Any company that deals in IT / Cybersecurity. Find them, check out their site and what they do. Find an email and just ask them if they're currently looking to bring on any new talent. Give a little bit of info about yourself give them your CV

If they get back to you great - most of them wont

ok

thanks for all of the info everyone really

Only civil war 😄

Same

Anyone have any experience with k-state's cyber security bootcamp, or similar programs?

no
but whatever works for you.

I would rather look for companies that I want to work for.
See what they require (exp, cert, etc.)
Try to get a job there, not necessarily in Cybersecurity

Mentoring > Everything else

You need to look at the course material before making that kind of decision. Do you already have a bachelors? If not, it may be more adventagious to go to a community College and then transfer in to a university to finish out the degree. Not sure what k-state in-state tuition is but you may just be able to stay there for 4 if you're comfortable with the price. Degrees, while not a hard requirement, do allow you to jump into cyber security with less experience. Cyber isn't an entry level field and a lot of the people in Cyber have started somewhere like IT or related computer fields

If you choose not to get a degree, you're going to have to build your professional experience and then move into cyber

For most jobs, University will help you to bypass other candidates that dont have it.
But for ethical hacking, you could ignore it skill wise, but salary wise... it can always be held against you.

Choose wisely...

where I work, most of us didnt go to university.

ANd more often than not, those who go to collge/university dont necessarily end up in Tech Support or Cybersecurity either

True, but also the whole point of bootcamp programs, from what I've been reading, is to spend less than a year only studying field relevant material at a much lower cost rather than spending 4 years and a lot more money taking a lot of bloat classes

In the UK, on job listings, it tends to be (a relevant degree OR 2 years or so of professional relevant experience) AND a cert like OSCP, GPEN, CHECK certification

same here in the US. When I was in trade school though, our instructor also highlighted that some companies are willing to ignore not having a degree depending on what certs you have

Gen Ed isn't bloat, it makes you more of a well rounded human. Boot camps can be really hit or miss and they also don't meet the degree requirements St most employers.

70%+ of Cyber is report writing

You learn how to write well in college

I'm not going to college to be well rounded though, that's what life is for. I'm going to learn about a specific field

Being well rounded makes you more of an asset. I'm not here to change your mind, just providing you with some actionable options and life experiences

how does it make you more of an asset? taking a history class in order to get a computer science degree is the dumbest shit i've ever heard of. It's just an excuse for colleges to make more money

Im personally not familiar with the educational system of Europe, including UK or France.
But I do not how the French system differs from the one we have here in Canada.

Here... people finish high school at approx. 17 years old.

Then they go to CEGEP for 2-3 years (DEC). Alternatives are AEC which is like a condensed DEC without general courses (Philsophy, Literature, etc.). The other is the DEP which is similar but lower barrier of entry and is approx. 2 years long.

Then either they start working in their field or they go to University for 2-4+ years to become Computer Engineers, Software Engineers, IT Managers, etc. The confusing matter is that some DEC, AEC or DEP teach you more than University in some aspects of IT. Or equivalent.

However, the rule of thumb here is... if you can afford to go to University. Do it. You just max out your future opportunities that way.

I strongly disagree with the last part, outside of Canada. Apprenticeships and hands on courses, especially degree apprenticeships over here, are a great way to get started. You might call them internships.

And on top of all that we got international certifications.

"Those that fail to learn from history are doomed to repeat it" - Winston Churchill

@quick forumI get what you are saying. Could agree. The thing is here, if Im correct, they added new laws. And companies have to ask for at least AEC, DEC, etc.

So people do AEC or DEP then get jobs and get trained on the job

The reason why I suggested Community College is because you can get all of the Gen Ed out of the way super cheaply or free. Then you go to another college or University and do the major specific work

If you're correct you'll easily be able to back that up with a news article etc.
Also maybe it's a good idea to ask where they are before Canada specific advice?

only problem is that my local community college is a joke. I tried that already

half the classes were just a "professor" proctoring us taking online classes and not actually doing any teaching themselves.

@flat sedge you went the community College route i believe, care to weigh in?

one of these days I'll probably just say fuck it and enlist in the army as a 17C

@warm hinge can speak to that

Hello, im a Brazilian that have worked with web dev for about 3 years and have been studying cyber security for 7 months now. There arent a lot of Cyber security jobs in my country so i was planing to get a remote one from USA or Canada. My question is, how hard would that be ? im afraid i wouldnt be hired for being a foreigner and with not much exp

Im getting my degree next year good to know, thanks

I did start at a community college. It's a very cost effective way to demonstrate to get a foot in the door and some paper attesting to basic competencies. Calling it at joke might be a bit far fetched, because even in online courses, you get out of the class what are willing to put into it. If someone thinks the course is defective in some way, it's probably worth trying to get a meeting with the dept head or dean to have a conversation about how that course or vector of teaching isn't effective.

@languid stag

The reason I called it a joke is because, for example, my linux class was $300. What they dont mention on the course description is that in order to complete the class, you have to enroll in a $600 online course presented by another institution, and the college's professor is only there to proctor.

There were many other grievences I had with the school, but that one's one of the most bs ones

That sounds like that school is not accredited.

it is

somehow it's top 20 in missouri, but I guess that's not saying much

That's still very, very cheap for any community college.

I think the 3 credit classes I took from 2009-2012 were about $1500.

yeah it's super cheap for a college, but it's cheap for a reason

That's still cheap ngl. I think a 3 credit course for me was $3k

Does anyone here have experience in repairing phones/computers? Specifically, running a repair shop, or working at one. I'm a 16 yo living in a small town in Sweden where IT jobs are scarce and require a lot more experience then I can offer right now, so I am not able to go the helpdesk route right now. So I thought that I might be able to work for myself. I have been interested in and used computers for about 6 years and I'm confident that I have enough knowledge to start helping people with their problems (Resetting computers, installing software, removing viruses, switching parts, repairing some). Is it a good idea, and if so, what are some things that are important to know? I'm planning on running this with a close friend that studies electronics and has a similar knowledge and passion for tech. The market is not very saturated and the people that do offer repairs are doing it with cheap parts and inflated prices (they don't seem very professional or good from what I've heard either).

As much as it is great to learn how to build computers, how to troubleshoot a PC, imcluding how to do Startup Repair, fix BCD or fix Boot Manager with windows commands... The reality is that the IT companies that offer tech support and Help Desk are doing it so well with all the different software available today, it is rare that PCs will need this level of work or troubleshooting. At that point, they may as well buy a new one right away.

That companies that used to be in computer repair are now in the tech support and help desk and cybersecurity services. And remote control.

That is where it is at.

So now the root us Help Desk, opening tickets, talking to clients... solving problems remotely.

And from there you get all the other jobs.

You've never actually worked in industry, have you

10+ years

Not limited to tech support.

Web dev -> QA testing-> Game dev -> Software programming and now Im in Tech Support and Cybersecurity.

And I also have a background in private security.

That's about it

But, some things can't be fixed remotely, and by the look of a lot of facebook groups in my town, there are still a lot of people who need help fixing computers or repairing stuff. I don't see why there wouldn't be a market for this, especially in such a small town with very few competitors.

Yes, but some people simply can't fix problems remotely, or some problems can't be fixed remotely.

If someone had their wifi not working for example, I think they would prefer someone else come look at it, rather than having to take instructions (while they most likely won't be able to follow) through the phone.

I'm a bit confused on what you mean

Ignore them -- they're talking crap smh
It's a good idea, go for it. Just remember that you may need to deal with things like insurance if you go professional with it

Thank you. I've looked in to it already, but we don't have a very big starting budget, so we were thinking of doing some "safer" things like restoring PCs and such to get some money for insurance and such

Gave +1 Rep to @undone shore

I'd definitely suggest doing stuff for friends and family first and just seeing where you go from there 🙂

I'm actually doing some of that now. That's where I got the idea of making a business out of it from

Thanks for the advice

Np 🙂

Which jobs specifically should I aim for when trying to transition from web dev job to cyber sec ? Pentest ? I am working as web dev for 4 years - a lot of experience in debugging and troubleshooting issues on relatively big .NET web app (around 500 tables). I also have CS degree and went to high school for electrical engineering.

I am interested in finding vulnerabilities and exploiting them in ethical way obviously. Pen testing seems like an entry job in cyber sec. My impression is that most pen tester are doing scans with automated tools/scripts and doing testing by guidelines provided by company (not much thinking involved) . Feels like they understand basics and just do the necessary work, write report, end of day, repeat.

That's not true

Pen testing seems like an entry job in cyber sec. this one isn't true, it's typically something you do after a few years in an SoC or similar

Regarding what pentesters do, working through the guidelines is part of it but there's a lot more to testing than that. The guidelines are there as a baseline, you test beyond them.

SoC = Security Operation Center ?

Yea

So it's mostly monitoring and reacting to security threads ?

https://www.prospects.ac.uk/job-profiles/cyber-security-analyst etc

Tester jobs are often known to be underpaid jobs, notably in the video games industry.

It is good to know that Penetration Tester jobs aren't perceived that way.

--
Are Pentester jobs unique to a SOC team or could we have Pentesters also on a NOC team?

I think that's because the word tester doesn't have the same meaning in these contexts. In development when we say "tester" we mean something like "consumer", someone that may not even work in any IT field. So we just expect tester to emulate your average joe who barely a thing about computer. On the other hand penetration testers are supposed to emulate the bad hackers and hence are supposed to outsmart what developpers/system admin or whatever blue team expect.

This isn't completely correct either. Testing occurs at multiple levels as part of development, not just from the user viewpoint. Testing responsibilities are divvied up between devs and dedicated testing engineers or analysts, to develop test code in the project test framework.
And pentesters aren't always emulating bad actors or simulating malicious behavior. The penetration testing objective is determined on a per-engagement basis and can have a pretty huge amount of variability between the dimensions of risk and scope.

Well, yeah, I know that in development, testing responsabilities are not just on the testing teams. Being a developer myself, I usually have to test what I produce at least to some extend. But in my company it's also my job to write test protocols that will be handed to the test team. The test team then just apply test procedure as written by devs such as myself and report bugs/errors they encounter while testing but not really anything beyond that, so really the average joe could do that without much IT background (just some product knowledge mostly).

As for pentesters I stand corrected. I think confused it with red teaming.

That's true for unit tests, and possibly component tests. Integration, System and UA testing is typically the responsibility of the testing team to coordinate. Testing team should also be validating bugs and reproducibility reports for the devs.

If a dev is writing test plans when a dedicated testing team exists, that process is broken

Lol, Go say that to my boss. I would be more than happy to NOT write testing plans but our testing team is already too busy validating.

There are less testers than devs so, devs also have to do some testing.

dont they tell Freshers with no tech skills to do that ?

Some testing is fine. Unit testing, for example, should be the sole province of the devs. But a test plan for the entire product? That's broken if a dev is doing that. If the test team is too busy validating, they need more automation and IT support to be able to automate.

They better not. Testing is one of the processes that absolutely needs an understanding of the whole product, leaving testing up to very junior employees is how really awful bugs get shipped.

No, if you do that people would immediately leave.

One of my seniors who didnt have much programming skills was shifted to testing after 6 months training

you can tell to do that a bit for 1 or 2 weeks not much more

Here after 6 months training, the company tells us to choose a domain to work for

and if dont have any.. then they shift us to testing or worse marketting

Yeah depends. Sometimes devs have to valide the whole test plans to compensate our shortage of testers. Tho a given dev won't validate his own test plan. Automating test is under way and cause me serious headache and also one of the reason I would like resign 🤣

are u working in a startup?

No it's not a startup. It's already quite old for a IT company but it's a small company.

Something like 100-120 employees

Hmm I see well usually small companies and startups tend to have shortage of employees

I advise you to switch companies

Sure thing sir. I'm already looking around. That's why I registered on THM. I wanted to try something else anyway.

Pentesters aren't on either team there. I didn't say that they were. I said you'd usually do a year or two in an SOC before starting a pentest role.

Thought I'd share it with my feed today a Jr Soc Position %100 remote opened up https://lnkd.in/eDVhrSX3

Thank you!

Gave +1 Rep to @shrewd cape

hello all, is anyone knows about Canadian IT colleges which suit for a cyber security diploma?

Here in Canada (Quebec)

It is most recommended to do 3 years in Cegep to get a DEC in Computer Science and then go to University.

And then... you are free to do whatever.

Stay away from private schools that cost $20,000 for an AEC (1.4 years). It is a scam.

If you cant afford it. Or need a faster route. Do a 2 years DEP - IT Tech Support.

There are workplaces around here focused on IT tech support and most new hires come from DEP path.

It really is case by case.

For cybersecurity, what experts around here advise me to do was to get CCNA and the CCNA Security.

is it weird for a final offer to be pending a week after final interviews in the banking industry? I haven't negotiated anything yet but I'm still waiting on an official offer and have been told the salary range.

Banking industry can be quite slow. Not sure about your case, however.

I wish you good luck

thank you!

ccna sec is good however it will benefit you most if you were to become a network security engineer/security engineer rather than soc/pentest

Also..If someone didnt go to University and is coming from DEP. To compensate the candidate would need to get a decent amount of Certifications that are compatible with the needs of the company. But one thing usually is true... to not have University degree will cap salary at lower level, notably if you intend to work as a Teacher or governments.

@static tide
Good to know thx

Gave +1 Rep to @static tide

Thank you for your friendly and detailed answer 🙂 I have a university degree but i want to study and work on IT security. As far as i understand, colleges focus on hands-on experiences and some technical ones very strict about their education like BCIT. Practical and intense education is what i need atm, considering that i had drowned the theory of law for years. I cannot tolerate anymore theory 😄 The path in my mind is 2 year IT diploma from a college + CCNA + CyberOps meanwhile mastering tryhackme

Gave +1 Rep to @proper frigate

so i was offered a position with the company (company A) i interned with last summer and i start there in a month but i recently applied to a sys admin position at company B and i was emailed today from the hiring manager about scheduling a phone call to talk about my background and how i would fit for the role? Any opinions on what i should do? Also, with company A, the role is very broad and covers alot from GRC, ticket queue stuff, and security projects.

What are the significant differences between soc/pentest and network/security engineers?

One is an offer, the other is a phone screen. If you don't have any issues with the company wanting to extend an offer to you, I'd take it. Offers are usually only good for 3 business days, up to 7 if you ask politely generally.

yea i should just stick with the guaranteed job out of school rather than risking not having one right?

Yes

That is, if you have no issues with the organization among other things

Hey guys, I've started cybersecurity learning path with THM and I have few questions for you as I assume that some of you have quite a lot of knowledge and experience in infosec education and career. First of all do you think a certfication like the CEH is enough to start an entry-level job in the business ? I mean without other prerequisite, without a related college degree. Furthermore which education path (certification, education, degree) would you recommend for a guy like me who never worked in the IT but learnt a lot by himself ? I'm not a specialist but I think I have a good basic knowledge in IT related subjects. Thank you for reading me !

Cybersecurity security isn't exactly an entry level area in the computer field. Without a degree or experience it will likely be impossible to find a position. However, you can start somewhere like IT and get that professional experience in order to make a switch. At a minimum with that professional experience security+ will likely be required.

Going to college can also cut some of the red tape.

Thank you for your answers !

Thats true.. They ask why didnt u do CEH if u have OSCP

If u are from India, u shuld try for college degree coz without degree u wont get any jobs here

If u dont have degree or dont want to do that.. Try for certs especially CEH

Its the HRs Favorite here

So I've got a SOC interview next Thursday and was wondering what I can expect from it. The recruiter advised it will consist of a 10-15 minute informal chat and advised there will be some competency based questions there, and then a 30 minute technical assessment. I have done one which had questions about MITRE TTPs, wireshark, and linux command questions but he advised this one will be a bit more advanced. It's with the company i'm currently at but i'm on service desk at the moment and this would be my first cyber security role. I've been told by the recruiter that the manager I would be working with was impressed with the first technical assessment although I thought I didn't do too well on it. But basically, what sort of competency questions can I expect from this, and what could potentially be on the technical assessment if MITRE, Wireshark, and Linux were on the first one?

Good luck

Dont much about it but Good luck pal.

my thing is, i really want to be hands on and idk how much of that ill get with the first option if that makes sense

From the description it sounds like it will have some hands on

Documents is 70%+ of Cyber Security day to day

on a very high level

• soc (defence): reading logs, creating rules, investigating threats
• pentest (offence): finding any/all vulnerabilities
• redteam (offence): adversary simulation
• engineering (configuration): implement and configure security controls

and the reason i mentioned ccna sec would be more advantageous for security engineers is because it covers these concepts rather than how to investigate threats or attack infrastructure

it most likely will but im just assuming that a sys admin job would be more hands-on and techy compared to this role

How did you get into ethical hacking guys?

I have analyst and engineer positions open in product security. Local, fulltime only in OKC, USA. DM if you are interested, interviews and offers are going out regularly.

What is the difference between consultant roles and other roles ?

I think that might vary from place to place. I've had two different jobs that had the word "consultant" in it and they were pretty different in nature.

at my last job I was just on the security team, doing blue team things, but I was a "consultant". Now I'm a pentester/malware analyst doing client-based work but my job title also says "consultant" in it

So is being a consultant harder than simple analyst?

I always thought consultants were external customer facing type jobs... like I've never had a job with consultant in my title but also sometimes titles are crazy in the industry, means 1 thing in 1 company, means something completely different in another

consultant can mean different things for companies

mostly consultants in Europe are "borrowed" people from another company

so they work for CompanyA and giving service to CompanyB

CompanyA can be their own company too

hey guys I am planning to get oscp by September and after that i will be looking for a job, i have no degree and no job experience in cybersec, how much will oscp help? and how difficult will be to get a job in my condition?
thanks

no IT experience, active on htb

You will likely struggle. You're going to need the degree or the experience. Cyber Security isn't an entry level area in the computer field which is why you see the entry level positions require previous experience.

One way you can get professional experience is to work in IT or another area of the computer field and then transition in to a security role. IT is likely the most common route.

where should I start?

Like I said, IT is a common starting place. Since you have no experience you're likely going to be help desk.

Yeah...

That is what Im doing. 🥲

If you want to go places.
Sometimes you need to take the garbage jobs to get your foot in.

Ive seen many people running in circles hoping to get better offers right after graduating

2-5 years later they finally get it and start with the garbage job

Yeah sometimes, but I'd saying knowing when to stop looking is different for every person. If they can afford to keep looking, there's more and more trainee pentest type positions showing up all the time.

I got a pentest job before I graduated, with limited experience doing tech support part time during (translated for NA people) high school and doing THM room dev.

@pine grove
IT is large.

Ive started in the video games industry. Scripting/designing games. Did 3d modeling. Microsoft compliance. Programmer Analyst. And now switching to tech support/cybersecurity.

We are in 2022. I started in 2008.

When I was a consultant, our company had a contract with a client for a set time period to set up, configure and maintain a system or systems. Scope varied, as did length of the engagement.
Consultants show up in all kinds of places and in a variety of types of roles though - ideally, a consultant is as much a trainer as they are contracted staff. The worst engagements I had were the ones where the customer would assign no employees to pair with us as the value-add of the training would be minimal, if it happened at all.

@quick forum
So proud of you. It is rare to see this in younger crowd.

Not that rare. I've personally helped some good friends achieve similar.

Good to hear!

That's a really subjective question. For me yes, consulting is more technically difficult than my blue team job was, but depending on where you work, being an analyst could be hard work too.

I'm interested to know how people assess their overall worth after receiving a degree. In this particular instance, certifications on top of the degree, can this be translated into a monetary increase? Or do they mainly serve to get past HR so to speak. I've figured trying to find different postings would help establish a baseline, but the base salaries can fluctuate pretty heavy. 🙂

My degree allowed me to shortcut somewhere between 5-15 years of junior roles.

I think these are two different things. A degree likely will make someone more marketable. Monetary increase really depends on budget allocation for a job position. If there's only a limited budget allocation for a position, it narrows the impact of having a degree during salary negotiation.

You bring up some strong considerations to keep in mind. I'm not honed in on one specific job posting, rather wanted to get an understanding of the initial salary range I should be hunting for, I know a lot of it is subjective but I figured I'd reach out and see if anyone had any additional resources/tools 🙂

Job sites have a lot of data-driven information that can give you a good start, like ZipRecruiter: https://www.ziprecruiter.com/Salaries

Is this reasonable ask for "junior penetration tester / Read Team Expert (f , m, d)"

Junior security roles are not junior in the same way as the rest of IT

That looks pretty usual for pentest, especially with the words "red team" and "SCADA"/"OT" being in there.

Would OSCP then cover this req. in terms of exp ?

OSCP isn't professional experience, it's listed separately on that listing.

Well how do you get professional exp. ? Training and courses are simulation, but not real world. For example if I wanted to reverse engineer something. I learn it and do it on couple of examples, do maybe some more complex programs etc, but this isn't professional exp.

And there's the fundamental problem behind getting a job as a fresh grad etc

The classic catch 22. Need a job to get exp, need exp to get a job.

It is and it's frustrating. For example developers are in large demand, so you can get job easy. I got my job as web dev many year ago and getting tons of offers daily but I want to switch to cyber sec. But I can't see clear path how to lend a job, it's fun learning and doing this learning path I even want to do some certification but feels pointless.

hey guys I have a interview for a cyber sec. company. Do you guys have any sources about cyber security company interview any video or smth ?

vicious cycle

Chasing your ambitions has never been pointless mate

Every generation have their own struggles. I have been thinking about the meaning of life for about i dont know how many years... I have ADHD and am also detail oriented person. Believe me, i've thought about every possible path, personally. The absolute outcome has only 2 way: 1- Figure out trend,market and take the shape of it. 2- Be yourself, follow your passion and shut the naysayers. Number 1 includes, social acceptance, comfort zone, feeling safe, mediocrity. Number 2 includes, feeling solitary at the beginning, none social approval until you become niche(in fact, even your family members become a part of adversary group). To sum up: Are you want to be a ice mage or a fury warrior? It is that simple 😄

Maybe ret paladin?... 😄

Warlock would be ok also 🧙

⚡ Get your foot in the door

1. Find a company that pays well and has a Cybersecurity team in-house that you could potentially move to later on.
2. Find a Service Desk Analyst role or something similar to get your foot in the door.
3. Try to get an unpaid internship there, so just they can kickstart your training and be like ''Yeah, he will be great. We should hire him/her. No doubt.''
4. Get to know the company, the software they use, their clients, etc.
5. Ask to get trained to become part of the cybersecurity team

Nope. Never take an unpaid internship for IT, unless you have special circumstances (Looking at you @carmine jolt ). Don't reduce your value by not taking a wage. The perception is 'no wage = no value'. Don't let the business monsters undervalue and underappreciate you.

Concur

Am I special circumstances or were you afraid I was going to come in to say otherwise? whaha

You do you. Me, it allowed me to work with Epic Games and Nvidia. And now, with MicroAge.

What gave me my first job in the video games industry was a custom map I made in a contest and I finished in the top 10.
Wasnt paid

Use your time wisely

IIRC you had an unpaid internship - and it's worked out very well for you. Your company has treated you very well. That isn't usually the case

right, gotcha. 100% wont deny companies will try to exploit 🙂

Making a map in a contest is a little bit different than an unpaid internship.

You are focused on people exploiting you
Im focused on hacking life.

🤣

Then why do you work for a games company? They are notorious abusive and shit to work for, especially from the infrastructure side.

I got into the video games industry to learn how to make my own games.

I got paid to learn

It's a mindset.

As an esports athlete, my interest just moved away from Video Games to focus on the real world -> Ethical Hacking for me is the new game

The bigger game

So you have 4 degrees, are a former esports athelete, have 10 years of IT experience? What kinds of roles have you had?

unpaid internships should be illegal IMO

@flat sedge
You can find my LinkedIn profile in one of the channel here, I believe. But I can send you a PM if you want.

You'll see some of the roles and games I worked on. It's no secret

I don't care that much. I just want you to stop saying things that objectively damage peoples careers.

So you believe that taking an Internship is going to hurt someone's career?

Do you realize how many high profile people started that way?
Or by doing free work first to get visibility?

it's still exploitative and manipulative

An unpaid internship? Absolutely.

Pros and cons to everything.
You need to know how much YOU will gain from that

Maybe 1 in 1000 internships for tech that are unpaid will benefit the worker.

If you get a 20 years career thx to a 4-weeks internship.
That's smart

Because that's often a selling point for the next full time position

Same reason why people pay to get Certified

Not if one remains with a salary 20-40% lower because they didn't know the value of their own knowledge and skillset.

Working for visibility is garbage narrative.

The internship doesn't lower your salary. It allows you to get your foot in, connect with all the employees there.
And to possibly convince the boss there that you are the next employee that they need.

Working for visibility is the oldest trick ever

And it works

should still be paid

people die of exposure 😉

lmao

I ll remember that line hahahahaa

If the company is "so competitive" that working for free is the only way into that company at an entry level, that company deserves to fail.

Agree

Working for free is stupid

Even an intern with almost no skills or knowledge can do learning work that benefits the company and benefits the person - since that work has a value to the company, that work deserves to be paid

I got paid $28 an hour as an intern

Company realized how valuable recruiting out of college was

I'd like to get paid that now...

Man, companies hire so many people and interns.
When I told @quick forum that it's rare to see hard working young adults and employees in general, it's true.
Some of you, maybe most of you, don't realize this because you hang out here with the other ones who are driven and motivated.

But if we pause and actually look at the whole market, the reality is...
We just represent 3%

The rest is lazy, not driven, don't do anything after work to get better, etc.

Doesn't mean they shouldn't be paid

It's not true. You don't know what you're talking about, and you are making generalities out of your anecdotal statements.

That's also an over generalization

Im getting trained right now.
And it's been confirmed that so many people came before me, it's very difficult to find good employees.
And by good employees, we are just talking about regular, good working employees.

In my class, half is absent from most courses.
From the other half, half of it actually are driven and participate and would make good employees

Which is most employees. Most employees just want to do their job to an acceptable standard and go home. That doesn't make them bad, and it doesn't mean they deserve to be shit on.

Most people can't even get good at 1 thing (expert level)

That's a reality

And cybersecurity is far, very far, from being a single narrow field.
It builds on top of all the rest

Alright im out

Let me put things in perspective here. There is a natural order of things. And that's nothing new, it's just how things are. If you go on a forum or discord for help, don't expect some help. And if someone does help you, you better put the advice into practice. Because if the next time you show up asking for one more thing, if we didn't see you put advices into practice... People won't bother helping you again.

But if you do understand this principle. You can go very far. And you'll find mentors.
And mentoring is the fastest path to learning anything quickly and at the highest levels.

And there is a ladder of people that you need to climb to learn faster.
The experts don't have time to waste with new comers. You need to grind to climb that ladder and reach higher levels where experts will then bother to help you out and help you catch up with them

I worked my ass off in Taekwon-Do ITF to get good and win medals at tournaments. At some point, former Canadian champions took me under their wing. And I been able to finish 3rd place at a Pan-American Championship in both form and combat.
I graduated in 3D modeling, worked my ass off doing unpaid stuff and months later I was working with the guys from Epic Games on Unreal Tournament 4. And then I was collaborating and communicating with the top 3D artists in scifi in the video games industry.
I played the FPS game LawBreakers like crazy when it came out, took 3 months before I could play with the top players from the 3 best teams from Dreamhack 2017.

In business, this is known as 10x.
Give to the community 10x time more, for free.
And then, when you are going to ask to do business with them, they will be more than happy to help you.
You've given them so much already. They won't care

--
Same principle.

Hang out with the best. Become one of the best.
Ask them advice and it's just a matter of time before they come asking for your help later on.

https://tenor.com/view/knowledge-tai-lopez-lamborghini-gif-19251888

I have a question for employers....does university matters if it is public or private or you guys look at skills and certification for freshman....in particular im talking about Germany

Germany? I assume you don't have a blue card yet or citizenship from one of the countries that belong to the European Union. If you reach the point where a German employer is willing to sponsor you (Well, any EU country), you don't need to worry which university you come from. As long as your degree can be validated (Hague apostille + translation in German) you're good to go.

what do you mean by title 😅

Oh crap. I translated directly from Spanish my bad

Degree

yes the uni is accredited

Take into account also that most employers expect you to speak some degree of German. All those that I found that were willing to sponsor me asked me to have B2 level

i will learn german...i already started tho

a2

Wunderbar. Great! You're on the right track then 💯

(Remember there's also the option of joining a company that is willing to transfer you from India to Germany. Ofc, you need to search around and see which ones have offices in both Germany/India and are willing to transfer you after some time. That could be easier)

thank you...made me feel better...many people told me its private uni is bad @warm hinge

Gave +1 Rep to @twilit arrow

i dont have a degree yet 😂

Naaa. Don't worry about that. This is the IT industry boiii. You should worry more about developing your skillset and being up to date rather than worry about what piece of paper you have. Perhaps for other careers that might hold true but here that is absolutely not the case.

All in due time

One thing to note about Germany, when I was last there could have changed, anyone can attend university and get free tuition. This applied to international as well. They were also allowing people to stay on work visas after graduation in an effort to drive up employment in the country.

This was two or three years ago

Yes that's correct too! (You only need to pay a fee per semester but afaik it should include a pass for public transportation)
@brave gyro You should check with your country's DAAD office to see if they offer any sponsorships or programs. Since cybersecurity is something that's becoming more and more relevant, check if they got anything related to it.

on it...thanks for supporting

hey everyone

i would like to ask about the CREA certificate as my first certification in cyber security

is it worth it

Certificates are not certifications. Certificates don't really mean anything, just that you completed the material. Certifications both verify you completed the material and did it to a standard.

didnt know the diffrence i though thats the same

but it says its a certification

Who is the certifying body?

Infosec institute it looks like

but i would like to know if its worth it or will it benefits me because im more interseted in reversing

It's unlikely to get you many points with HR by the looks of it, but I'm a long way from being a recruiter looking for reverse engineers 🤷‍♂️

if not what do you advice for reverse engineering

Whether it's worth it from a learning perspective, uh

Do you have prior experience?

no im still learning

Reverse engineering isn't exactly entry, it's pretty niche

no field experience yet but i always like to draw my paths

Do you have a degree?

i dont have a degree currently i work as networking engineer

after i got CCNP and CCNA i applied for jobs

Ok, so you have professional experience

yes

but im willing to switch to cyber security field

It may be beneficial to work your way into a network security position

Since you already have the networking experience

And then once your on a security team, start trying to transition to a different position on the team

i went from network engineer to soc analyst which was easy enough; no prior security certs - so that could be a path and then pivot from soc to specialising in reverse engineering?

yeah i could do soc i already can monitors traffic and try to prevent threads for now

@stoic cave so i should try to apply for network security positions as SOC and keep learning reversing on my own untill im good enough to transition to reversing

Doesn't have to be in a SOC but sure

well thanks you !

hello

Vacancies in infosys!!! https://www.infosys.com/careers/

Hi
Anyone played nahamcon ctf 2022?

nah, have you? have not had the time..

looks good though

Yeah i done 10 tasks

I also didnt got time to do it right

Hey

what do you guys think of Information Technology in Web Science

I don't understand the question... that sounds like a weird course name?

they teach cyber security

oh yeah my bad

Certs-Talk

ahh I see, RPI is a well respected university. But I'll say in general, interdisciplinary degrees aren't as valued as traditional degrees

im doing SC-200 Microsoft Security Operational Anaalyst Exam Tomorow, is there other really good blue team certification to prove your skill?

Splunk certs, Cisco certs

EC-Council's forensics cert is respected for digital forensics but that's slightly misaligned

Anyone taken a eLearning exam here before? I just started one, and I'm pretty unsure if i fucked up before even firing up kali.. I don't want to talk about the exam here, and the question is not about any exam related at all. It's about the Dashboard UI and how to answer questions, but i still feel more comfortable asking in a PM

And no rush, 72hrs before i need an answer 😛

Isn't this better to raise with their support?

Probably, i have looked into it and i might do it if it goes that way. I wanted to ask here because of the timelimit. Their support might not pick up my ticket before the exam is completed.

But not doing stupid things is also something to learn, so i can't really complain 🙂

If they are running exam environments and not monitoring or have dedicated support there is a problem

Another tick to the box for my loathe of INE

Please help me with your valuable opinion..
I'm a competitive programmer I've solved around 350 problems on the online judge sites.
I've good knowledge of Linux, network configuration and have CCNA preparation.
But I need to learn Deep Learning or Machine Learning for my academic courses.

Now the point is, I can't relate to or integrate my networking and competitive programming together.
📌 Is there any field of networking where I can use advanced algorithm knowledge?
📌 Should I learn Deep learning or ML as a network engineer?
📌 In which field I can build my career with networking and programming?
.........🙏 Please guide me as you know better than me. ❤️ Thanks in advance❤️

Update on this i passed the SC-200: Microsoft Security Operations Analyst Exam 🎉

your life after college and during will be completely different. You could go on to be a network researcher, researching network optimization. Also SDN is all programming to some extent, maybe not what you are thinking. The lines are blurring between ops and development... hence DevOps

Infrastructure-as-code is definitely blurring the line between admins and devs.

What skills would I need to transfer from a NOC analyst in a data Center to SOC analyst position

having some security knowledge would help... Security+ is a good cert if looking for certs

Wouldn’t say it looks bad, just looks a bit weird. Maybe do hello@yourname.com ?

jobs@yourname.com for applying

I use contact@yourname.com, personally. jobs@ will work as well though.

Whatever you do, make sure that you've got it set up as a reply-from address so you can respond quickly

Do you have a specific job you're shooting for?

It's a bit long winded. you're currently in a IT position?

do you have any formal education or certs?

That definitely should be in there

IT professional with AS in net engineering and # years of experience. Looking to use knowledge gained from _____ for the position of ERC analyst. Then mention something quick about your skills and qualities and how they will help out

No problem, im job searching myself, so I've been nose deep in resume writing for a while 😛

I'd move your statement of your experience to the first sentence, add in your degree. take out your mention of already researching the roll. cut back on the soft skills.

You could add in about your sec+ and the at-home training, but it has to be less than a sentance

actually, leave out sec+ if you haven't gotten it yet, itll take up too much space

"IT professional with # years of experience as a cyber fraud analyst [or whatever you are] looking to leverage my extensive knowledge of [analyst tools or things you know the company is looking for] as an ERC analyst for [company you're trying to work for]."

A lot of it can be cut out.

You start 3 sentences with "I have experience", you'll need to generalize your skills more so you can fit them in less sentences

The objective needs to be the hook, your in depth skills can be moved to other parts of your resume

i'd change the "Experience in:" and use a transition phrase.

getting there

I think you need to cut the last sentence, and move your work experience to earlier in paragraph

The hiring manager will know the career field, so it's not entirely necessary to tell them how experience transfers. Again, all of the important details will be found in the body of the resume, so most of your skills can be taken out

What format is your resume in?

you'll have to resend it i think

Post a picture of your redacted resume

It's a lot easier and you'll get a lot or feedback

Hi, guys. I got an interview call for an intern position. Before the the interview they asked me to fill a google form and one of the questions in it was 'how long can you work with us'. What is the optimal internship experience for companies to consider my resume in future jobs. Can someone answer me, please. Thank you.

Greetings. Is Help Desk an entry level job ?

Yeah

like actual industry-wide entry level not like cloud/security "entry level"

This is Help Desk offer in my country. I know they put that there to filter people but still !

Sounds like just another non-technical or unicorn-seeker who doesn't know what they're hiring for

I like how they just casually throw in "windows server administration" and "general network troubleshooting" like they didn't just take a "helpdesk" position that's actually an "in-house IT" position and escalate it to a sysadmin / net ops job

Yeah you don't have to check all the boxes though, sometimes as much as half of the 'requirements' may be read as wishes

HI

I want to pursue cs career and this (r&w) Institute is offering course/certificate , and this is curriculum of that course.

course fee = 1765$(1.35lakh)

duration = 1.5 year

location = surat(india).

so here is my questions?

1- is it worth it ?

2-will I lend a job after learning this course ?

1 - Computer Foundation

MODULES TO LEARN: Wordpad, Excel, MS Word, Paint, Power Point

2 - Computer Hardware

MODULES TO LEARN IN CompTIA A+ 220-1001, CompTIA A+ 220-1002:

Hardware, Printer & Scanner, Networking, Troubleshooting, Windows Operating System, Other Operating System and Technology, Security, Software Troubleshooting, Operational Procedure

3 - Networking

MODULES TO LEARN IN CompTIA Network+:

Topologies and Infrastructure, Addressing and Routing, Troubleshooting and Management, Installation Network Sites, Security

4 - Switches & Routers Technology

MODULES TO LEARN IN Cisco CCNA:

Network Fundamentals, Network Access, IP Connectivity, IP Services, Security Fundamentals, Automation & Programmability

5

Server -no details provided

6

Cloud Computing - no details provided

7 - Cyber Security & Ethical Hacking

MODULES TO LEARN IN Cisco CCNA:

Introduction to Ethical Hacking, Footprinting & Reconnaissance, Scanning Networks, Enumeration, Vulnerability Analysis, System Hacking, Malware Threats, Sniffing, Social Engineering, Denial-of-Service, Session Hijacking, Evading IDS, Firewalls & Honeypots, Hacking Web Servers, Hacking Web Applications, SQL Injection, Hacking Wireless Networks, Hacking Mobile Platforms, loT and OT Hacking, Cloud Computing, Cryptography

8

Soft Skill Training

Personality

Entrepreneurship.

here are link of their website.

> Paint

lol

7 doesn't seem like CCNA...

idk it looks kind of lame, you don't even get exam vouchers or anything? In 1.5 years you can get all those certs and more by yourself without spending any time or money on ... creating countdown and smoke effects in Powerpoint
also they have an excel module that says it teaches formulas but no vlookups/pivots

If you don't get the exam vouchers then it's a yikes

but parties who are interested in spending money just to attend school online in India may be encouraged by the knowledge that with some additional time and effort, an American or European degree can be had online instead 👍

We don't condone course piracy here at all

Indeed!

I'm being very serious.

Fine, fine, I'll get the tongue out of my cheek aye 😄

Putting what Ben said another way:

!rule 9

Rule 9: No discussion of illegal/unethical topics or actions. If the target device doesn't belong to you and you don't have specific permission to perform an attack from the owner of the target, then you don't do it and we don't talk about it. This also applies to piracy / copyright violations -- illegally obtained materials (including classified or potentially classified materials) should not be posted here.
If in doubt, please ask a moderator before posting your message -- preferably without breaking rule 1. Whether an action is unethical or not is at the sole discretion of the moderation team. Be warned -- a community ban over ethical concerns may also be extended to a ban from the TryHackMe website; we do not teach blackhats.

If we find you sharing copyrighted materials then 🤷‍♂️

you won't :V

So it's probably best not to give us a reason to think you are

And to put it another way, breaks of rule 9 are usually an immediate and permanent ban.

Ben's kinder.

Whew man that's heavy, good thing I don't do any of that stuff

so should i give it go or not

what is exam vouncher?

over how long is that course supposed to last?

oh wait 1.5 years just saw

they say it will last 18 month

is this like a fulltime thing?

no

2 hour a day

hmm i don't see how they're gonna go from teaching paint to learning infrastructure, networking and cyber security within that time frame without either skipping lots or rushing lots

hmm

so what do you suggest

here they say it is one of the best institute

and i really want to learn about cs

where do you live?

india

surat,gujrat.india

i honestly feel all institue here are like scam

hmm i'm not sure then, if you know it's one of the best institutes then it might be worth it. i'm not from india so i only know from what people have been saying but apparently having a degree is near needed in order to get a job

the CEH is also well liked in india supposedly so if you could find a course that goes over CEH it might be well received

they offer 100% job gurrenty

if i were you, i'd do some research to make sure it isn't a scam then

see what people who have taken the course are saying, see where they got jobs after taking the course

i am really confuse about thing they teach in this courses

no offense bro, and I don't know if there's some difference in teaching approach, or maybe just a language barrier, but just from my own perspective, that school and that program sound like a huge waste of time at best, bordering on actively stupid

if you can somehow audit or attend, like, part of it and not pay for the whole thing, maybe it's worth a try if you're getting a different sense of it than I am though

no offense taken, but some one explain that is they teaching are really the thing they teach in cs

they do offer trail and i am gone give it a try

cool

In US it's normal for online universities to provide information about "outcomes" of a particular degree program; you might see the expected learning outcomes (what will you be able to do with what you learned), course pass/graduation rates, employment outcomes after completing the program, etc.
If they provide good data similar to this and not just promises that sound nice but don't risk making any real claims, that could be reassuring too

ohh

i will sure to do inqauriy about that

Hello guys, I am studying industrial and logistic engineering in my university and I am learning cybersecurity at home. I am interested by those two fields (Industrial&Logistics and cybersecurity). Is there any job that I can use them both.

In short, yes.

Can i get some examples pls

I'd start with a google search

I already searched I found "Supply chain security and Industrial Control Systems Cybersecurity" I just asked if there is more jobs or a list to get general idea and choose the paths to work on it

Where can i go, thats reliable, to find cyber security analyst contract jobs

You're going to need to verify to embed images. You can do so by following the instructions below.

!docs verify

What country are you in?

US

Ok, so do you have the backend all setup? 1099 opportunities require a lot more legwork and thought than W2

Taxes, Healthcare, etc aren't taken care of by the company so you need to do them yourself

1099 generally needs to pay out 3x of your absolute minimum wage you would accept for a W2

An Objective isn't a statement of what you've done; pare it down to be the objective you hope to accomplish at the job you are applying to.
The huge amounts of white space in those bullet points is terrible. If possible, format those bullet points in a way that doesn't insert 1-2" of whitespace in those lines.
That's a lot of words for each bullet for each employer. Can those points be boiled down any further?

Hey @eternal estuary you might want to do a custom resume in a word processor if the templates are not working for you.

LibreOffice is what I use. It's got it's quirks but I like the freedom I have

Honestly, those resume templates are not great. Several of us use a LaTeX resume template like awesomeCV. It looks much nicer.

I wouldn't throw out a resume just because you used that resume template, but it doesn't do you any favors.

Template also depends on the type of org you're applying to

I've had a lot of success with boring ass templates w/ contracting companies

I've used the exact same template for 3 very different roles in very different domains. Making it look nice is a good step, but I wouldn't worry about finding the perfect template.

Yes, it's about the content and how well you utilize your space

And I do not recommend doing the custom resume template in a word processor unless you are exceptionally good at using that word processor.

I wouldn't dismiss it completely. There's a bit to learn, but I wouldn't let lack of knowledge bar me from using the app

The resume is usually the first experience a hiring manager or recruiter has with you. Don't let yourself get in the way by insisting on a bad-to-mediocre formatting job in Word. The point of the resume is to illustrate you are a good candidate for the role, a 'meh' first contact sets you back.

A poorly formatted resume tells me that the candidate doesn't know how to format a document for readability.

So true. However, the problem there would be rushing it into the hands of the hiring manager before it's ready. In the end I suppose it's a judgement call. Will you take the time in a processor to make it look nice, or settle for a template and compromise flexibility.

Many templates are extremely flexible. awesomeCV, for one. But that involves learning a bit of latex and using an editor like overleaf or texstudio, so I understand the hesitation.

Many paths

I've always been told that nobody particularly cares about what your "objective" is, but there is (seemingly) recently growing support for the "summary"
I assume though that the summary should be clearly distinct from what should be the contents of a cover letter, and I'm sure it's never entirely necessary

I seem to do OK with just the per-job tailored bullet list of skills with experience tailored also to highlight how each position prepared me for the one I'm applying to, or demonstrates various skills desired for it, plus what few vaguely remarkable quantifiable achievements I can recall out of a decade's worth of a blurred stream of trouble tickets

Probably the greatest improvement can be had by assuming that everybody is going to try to take in your resume in the space of about six seconds, and get probably uncomfortably aggressive with cutting words out of sentences and sentences out of paragraphs
and frontload the bits that speak directly to why you for this job

@eternal estuary Looks a lot cleaner, still funky white space in the middle of your bullet points

There might be some tab characters instead of regular whitespace

Hey there, I am a student who wants to get into infosec and I have been doing the basics from THM. I wanted to do a couple certs, so now I'm torn between doing a COMPTIA Security+ and Pentest+ or if I should go the EC-Council way and do the CEH + CEH Practical for a better shot at a job

Unless you are in India CEH is not in your best interest.

Look at infosec jobs you want in your area, and work towards getting the certs you see on those listings

I currently live in dubai (the infosec opportunities here for freshers is literally super rare 😢 but I've seen a mix for EC-Council and COMTIA). I've wanted to go to canada after I finish my degree so I was thinking COMPTIA might be the way to go

Getting a work VISA in NA is very difficult. Better path would be to get a job for a local vendor that provides services and has offices in NA, or else work for a NA company that has an office in dubai