#cyber-and-careers

Guys, I'm having a dilemma,
I have 2 courses to select between,

1. Cyber Physical Systems ( Mostly forward feedback-loop modeling )
2. Wireless Security ( Attacks on WPA2 and all the protocols )

Which one will be more useful in the future? I don't have any specific plans on entering IoT security or SCADA security but I'd like to have an option open. Also how are the jobs when it comes to Cyber Physical Security? ( Regards to opportunities for freshers, payscale, etc.)

Would really appreciate any help. Thanks

I know there is a lot of work going on in Smart Grids and Blockchain altogether but I would like to know about the opportunities.

Just focus on one and understand the way things work on web. As long as you know how things work behind a web-app, it will take no time to understand any piece of code in any other language. Although JavaScript is really nice to have in your arsenal.

I've done a lot of academia on smart grids, and blockchain is still just a buzzword and really not relavant

Operational technlogy security is a cool niche, lot of focus and hiring on that area atm.

I'll look into it. Thanks a lot @quick forum

Gave +1 Rep to @quick forum

I would go for Wireless security (depends on how advanced we’re talking), because it gives a good understanding of a lot of different attacks and concepts that can be applied to cyber security as a whole.

@pseudo creek Just had a random thought about clearance - you are definitely closer to that world than I am and hope you can give a better answer than my thoughts. If someone were going through a clearance process and changed companies, would the clearance have to start over with a new sponsor, or would it complete under the old sponsor and be available to transfer if applicable?

Toaster helped

His advice was the same as someone I asked in person so we're good now

Basically, if I'm moving to another cleared position I'm good. I just need to make sure that I let the FSO at the new company knows so the former company can't retract my clearance.

but I'm pretty sure the new company will have to submit your clearance separately, it just means it should be quicker

They can pick up an active investigation i guess

Toaster said that and the person I know irl

ahh ok good, I also don't know how its changed in the past couple years, I used to be pretty close to the org that did clearances, not so much these days

Yeah, I'm just trying not to get screwed if I decide to leave

nah you won't, reason why companies love to pick up cleared people

Right, it was if it got put in limbo while leaving. That's what I was worried about

Then if that happens it kinda goes off into the ether and you're left with nothing is my understanding

*was my understanding

Where are you thinking? Raytheon?

ask your question

what type's of question would typically be asked for a service desk analyst junior position from a service desk manager in a interview

Do you have the list of responsibilities from the job posting? While companies may use the same titles, they may not represent the same work. Service desk is fairly standard though.

• Ability to work efficiently, independently and as part of a team
  Read: They want to know...

• You can use multiple resources to find answers for yourself instead of just asking the TL every time something new happens, while being cognizant of the fact that you work in a team, that the team is a resource (just not the first one), and that it harms the team and does not make you look tenacious to continue drilling when you should have escalated the issue an hour ago

• You're coachable -- they want you to welcome criticism as a good thing that helps you improve, not an attack on your abilities.

• Your focus is not on getting the credit or being the king of a hill, but rather on what "we" can accomplish. There shouldn't be any sign of being afraid to admit you don't know something, or anxiety to pretend that you never get stuck.

You don't need to study questions, you'll have all the right answers to their questions if you go in with the correct attitude

If/when they present a hypothetical issue and ask you to troubleshoot it, they're looking for methodical technique: Change one thing at a time and don't forget to re-test the original issue at each step. Form a clear and complete path -- work your way from the bottom to the top of the OSI layers; or from one host through each NIC, switchport, and router interface along the path all the way to the other. Zoom in and repeat step-through diags when it's revealed the fault is in a smaller area than you started off looking at. Ask questions about the hypothetical situation, also ask for advice, reminders, etc. that you would freely ask from your team.

If you get stuck on trivia quizzes, you can offer related info that shows you still have the foundation they want. Ex:

• What does NTFS stand for?
  Not sure, but I know it's the newer Win filesystem after FAT, it has encryption, larger max file size, etc.
• What port is SMTP?
  Couldn't tell you off the top of my head, that's outgoing mail though right? etc.

thank you i really apprecaite it, helps alot

Gave +1 Rep to @static heron

I’m not sure yet

The big government contract holders generally have a security clearance pipeline available for college students. GDIT comes to mind. You'll need a clearance as a lot of the work requires a secret at minimum @mighty surge

although not all job at gov contractors requires a clearance

I currently work for GDIT if you need any help

True, at least where I am at though, everyone needs a secret at minimum. Not just the company I work for but also at surrounding companies

Nice. I am currently employed but obey was looking to get into the government space. When I was looking a couple of years ago I remember GDIT had a program for recent college grads looking to get clearances. If I remember correctly, if you were selected, they would bring you on and while your clearance was being adjudicated they would place you in different teams to get a feel for what you liked.

yeah not where we are at, we have hundreds of cyber people without any clearance but we also have a large IT org that serves the company vs serving customers

It depends on your expectations. As i've learnt from my law degree smaller firms have variety in cases. In big firms, you got the name in your CV as a prestige(according to me it means nothing in 2022). In smaller firms you got the experience to tell in interview. I think IT sector is similar. So, again it depends on your perspective; if you want to learn the details and postpone gratitude chose small firms which you would get more responsibilities about different topics and more chances to get in depth info. On the other hand, if you want a "show off" (again, according to me this is traditional for, atm) and expertise in a topic that only useful for top tech companies, chose them. World eagers more complex point of views and ideas. I would choose best possible company which give me the most in depth info, so i can prove my worth of versatility in any possible real world situation 🙂

• in a spesific topic, line 5

How do you all feel about sharing THM badges on LinkedIn? Not having earned anything higher than sec+, I want to show the progress I am making, while studying for CySA+/PenTest+. It seems kind of tacky, and i'm not sure anyone will understand what they're looking at.

Do you have better qualifications to share?

Not at the moment

Proud of it then 🙂 I am #35240 and i am proud of it, cuz 2 months ago i was somewhere 250k.

If it seems tacky, share it and try to beat it as soon as possible

fair point

CySA+ has a ton of Sec+ in it, so shouldn't take that long. not sure what PenTest+ will look like

Just dream about that : - You shared your tryhackme rank and progress. When you got an job interview, they asked you "Isn't it a bit lame JACK? I meean, tryhackme provides hands-on exp. but your rank is...." and you say, "Yea, at the time i was .... but i am now top 500..."

low expectations, high achievements....

true 🤔

I think I'll do it

It's only about your perspective man

Plus, it's something to put in my feed other than leaving it blank.

Any thoughts on this resume format?

Watermark along the bottom lets it down

Maybe add a resume objective statement? move education up with certification so it's seen sooner.

I am 28 years old "hopefully will get a law degree at the and of june..." . fucking hate law. For years i procrastinate to learn about hacking and coding just because that IT is a huge ocean and law is too. So, i'd been saying myself this "If you start to research and learn about IT, you cannot get your law degree. So, i push myself really hard to study on law. SO, i am 28 and not have a law diploma yet... I've been doing tryhackme for 2 months, i feel really different. Its like getting some antidepressants 😄 If you doing what you love, never be ashamed about your progress. Because you will be in a better place when they read your "post"

This is just a sample from clearancejobs.com, I think the assumption is that if anyone actually put real information in the template they would not include it

Definitely!!

IDK, I probably wouldn't go by a sample without heavy customisation

Especially if you're applying to jobs through clearancejobs or whatever

this is the kind of feedback I was looking for

glad I could help

resumes that are 2 pages long are acceptable right

my uni drilled the idea into my head that it can only be 1 page so im actually not sure anymore

Dissuaded but acceptable

how much experience if you have, if you have 15+ experience or have been in academia, it can be ok

but basically you would not expect someone to read beyond the first page

oh just a general question LMAO

still havent updated anything lol

well thats the answer...

I've heard it said that recruiters and/or HR people might only see like the first 30 words (or something like that) of a resume so they might never make it past the top blurb

something like this?

oh wow

Better, but keep Education and certs together. So either move certs up, or education down. Same with Skills and work experience. keep them together. The Leadership field is pretty daunting unless you're already in a supervisory or management position, so maybe exchange that for an Accomplishments section. That way you can brag about yourself in a broader sense. You could kick interests off the resume unless you really have a huge number of job related interests. and yeah, hiring managers are pretty quick to judge a resume which is why I suggested you add an objective statement, so make that part juicy.

you can safely have a second page though, if you have enough material to fill it. Just keep in mind that page will not be looked at when the hiring manger is sorting applications

You could kick interests off the resume unless you really have a huge number of job related interests
Interesting advice that. I've found the opposite -- they're more interested in interests than academia

I use a 2-pager (well, 1.5) personally, but stick the interests and extracurricular activities on the second page. Has worked out very well so far

It could go either way depending on the job you're applying to. Government or contracting won't care much for it, but could score you points elsewhere. I had interests for a while, but took it off and just used it as interview conversation.

Yeah -- interviews are where it's come up for me. Literally all of them have spent a good ten minutes discussing the interests I stuck on the CV though

No government granted, and I didn't apply for my contracting (THM) 🤷‍♂️

+1 on that

Oh, actually, that's not true. I have had one government interview and it was exactly the same 😆

Could go either way 🤷‍♂️

Most my resumes are in the federal format, so they thiccc. Not trying to add more if I can help it

Ah, America...

ah, other countries

all in all, it depends, in the Corporate world, conciseness matter, your resume is also not your life story, its a summary. A one page resume that is concise, hits the highlights, looks better than a 2 page resume. I have 20+ years of experience so a 1 page resume would be impossible but I don't expect anyone to read the second page

I'm annoyed by how much space my education block takes up I have two bachelors that are relevant one associates that's relevant and one associates that may or may not be relevant

honestly, if you have a bachelors, I wouldn't list the assosciates

if its relevant, it should be listed

I disagree

I'm leaning towards not listing the associates so that way I can fill up the resume with more impactful information

I also wouldn't list degrees up towards the top if you have work experience

Why would you make yourself look less qualified, by leaving out something as simple as education

because assosciates wouldn't mean you are more qualified if you have bachlors

basically, associates are lower level classes, which would be great to show if you have no bachelors but will be ignored otherwise, again summary, not life story

If they're related perhaps, but if they're not in the same pipeline you're shorting yourself

I'm just saying, when we do resume reviews, we don't even consider them

And you're not substituting one degree for the other dependent on AS or BS, they compound and the hiring manager should see that

if you say so

and limiting yourself to one page is also bad advice

if you say so

Are you familiar with the ccaf?

I already stated why you should keep it to one page, I don't need to reiterate

what "looks better" is subjective and dependent on the hiring manager

depends, what's it stand for

I'm just basing it on my experience of being on hiring committees for multiple managers and doing resume reviews for hundreds if not somewhere in the thousands

doesn't change that it's subjective

you will be lucky if a hiring manager gets to the second half of your first page

And if they do, you could lose an opportunity by rigidly adhering to 1 page

This is basically what it looks like on my end at the moment

but there are certain situations where 2+ pages make sense, 15+ years of experience, or academia (which can go into multiple pages)

I'd like to provide the overall best picture rather than the most complete

in that case, you can leave off the AS, because it's related to your BS

Well then it really depends on who you're targeting with your resume

what type of job are you looking for ? approx how many years of experience you have?

you can't just use years of experience as the metric for resume length

its an estimate

good point, for now I'm more just kind of adding to my stockpile instead of actively seeking work

I don't care if someone follows my advice or thinks I'm wrong, I'm just stating based on experience, I've seen a lot of bad resumes in my lifetime and know what discussions go on during resume reviews

All of this is nullified then, you should be drafting a master resume.

good idea, keep your resume updated, or else it becomes a pain

page length is arbitrary, and once you identify a job to apply for, build your resume for the position that is a tailored view of your experience

It helps because there are sometimes interesting opportunities that pop up and they want some kind of resume

for example I got selected for a trip based on what I put down even though it was very rough, mostly because I fit the niche they were looking for

I need to update mine since my current job but keep putting it off

but things like Fellowships etc pop up that I'd like to apply for once the timing lines up

I have a shadow of a master resume I guess. I'm still like 4 or 5 years out from when I can utilize it for something like https://skillbridge.osd.mil/, but I like to keep a list of 5-10 opportunities and draft up something that I would submit if I were ready to pull the trigger. weird, I know

you're still in?

yeah, still plugging away towards that first retirement. I'm a late bloomer

ahh, we hire a ton of the skillbridge peeps

nbd, have you gone to your base's Resource Center? most AF bases have resume classes

In IT, I've been doing my thing since 2016

usually get a huge dump of resumes of people just exiting

if we are still around when you get out... let me know, I can look to see what we have.

It's been a few years since I've gone, so yeah I should probably do that. There's actually a Career Fair coming up that I was thinking about attending to see what it's like out there

hello im about to start looking for a new job but im stumped on what i should be looking for

i just got my security + and i dont have any real experience in IT

would i start out at something like help desk or some support job tho i want a job like systems admin or security admin or should i just apply for anything and everything?

It'd be better for you to think about what sort of future you'd like to have and pick entry level positions that will promote into it, or give you the skills that will translate

I think i just dont understand what different jobs are out there for each field

like i like bits of red team and blue team but i cant tell you many jobs in either of the fields

So generally speaking, you want something in cybersecurity?

are there any links or is this just something im gonna have to do my own research on

yeah

Generally, yeah, doing your own research to see what appeals most to you is the best path ahead. entry-level cybersecurity is usually as a Security Analyst, and all of it's variations.

i heard that most jobs in IT now will teach you to some degree idk how reliable that is

It's true for the most part, I went into cybersecurity as a network administrator. It's all information technology so theres still some level of overlap

ok cool its been a bit hectic getting my security + and EJPT now trying to find the path i want to take lmao

Yeah it can be very intimidating to break into the field. I didn't really know what I wanted until I took my first position, then moved into that position when I was qualified and ready

but i definitely will look into security analyst

TRUE

BIG intimidating

Different orgs will include different responsibilities in that job title, so be sure to read up on what they expect from you.

sec analyst for one org might differ slightly from another

the requirements are usually what kill me lol

Gm

https://pauljerimy.com/it-career-roadmap/

https://pauljerimy.com/security-certification-roadmap/

https://thugcrowd.com/notes/20180605.html

That second link isn't really a security certification roadmap as much as a security certification vomit, I'd take it with a grain of salt and ask people in the industry what certs they would recommend. Also that pay structure item is way low for the US.

Borrowed means external, so harder requirements?

yes, at least at companies i contracted with

consultants ship the knowledge and experience together

Which internals don't?

yes

i recently been thinking about moving my resume portfolio to my ownwebsite so i can display them online but i was wondering if an alias i use online as the domain wouldn’t look appropriate to recruits if they were to click on my website? should i just use my name? any thoughts.

loads of people use aliases online, it’s borderline expected lol - it will be fine

you can even put something like “Redacted Resume” with all the pii removed

Hello all! Currently, I am a Quality Assurance Engineer at my current company and I've been studying a lot of Offensive Security over the last 7 months and I have ultimately decided I want to do Penetration tester/Red Team as a Career. With this decision I have also started to study for the Comptia Security+, however, after talking with the Director of Security at my work, he instructed me to switch focus from the Comptia and put all my study time into CISSP. My plan was to get Sec+, CRTO, CEH, and OSCP and make the move to Pen Tester/Red Team somewhere after Sec+, but with this advice it kind of flipped my plan on its head. The DoS's reason for telling me to go for the CISSP was when hiring, if he sees Comptia anything he immediately thinks Beginner and he would like to see me strive for a more mid level position. On top of this, he told me we will begin to look for some junior level positions in the coming months and I would love to go for it. In reality, I would love to have the CISSP, it was one of the Certs I really wanted, but I was worried I wouldn't be able to comprehend it. I know this is a lot of info, but I don't really have a lot of Security friends in my life to get advice from. I was hoping someone here could give me some outside perspective please. Thank you all!

CISSP material is not particularly difficult; the most challenging part is thinking from the BU perspective instead of technical.

If your Director of Security is pushing you to go for CISSP, can they or someone else validate your certification/experience? It's intended for people with 5+ years experience in the industry. You can get a CISSP Associate grade for passing the exam but without validation by a CISSP or being able to validate your experience/qualifications through ISC2 you won't have your CISSP cert. Also, is your employer going to reimburse/pay for your exam or whatever training method you use? CISSP would be more valuable than Sec+. ISC2 have other lower level certs like the SSCP (on par with Sec+) or CCSP (The Cloud equivalent of SSCP) that don't have the time/experience requirements.

Also if you want to pursue Pentesting/Red Teaming as a career, CISSP/Sec+ knowledge is still useful. You would generally be fine skipping CEH unless it's a erquirement by a particular future employer but these days OSCP is widely recognised and CRTO is recognised by a growing number of orgs while CEH and EC Council have lost a lot of credibility due to their actions in the recent past.

CISSP/OSCP/CRTO is a worthwhile path and you should pursue the things that drive you.

@flat sedge @rugged delta Thank you for the advice and info. It helps clear up my plan. I think I'm going to stay the Course of Sec+/CRTO/OSCP and maybe add CISSP later when I can validate my Experience in the field. Again, Thank you for the direction. It makes me happy to be a part of a community that actually supports each other!

Gave +1 Rep to @flat sedge

Don't be scared off from getting CISSP instead of Sec+. Associate of ISC is the same exam as the CISSP exam, and all you need to transition up is a current CISSP holder to vouch for you on a web form.

In all honesty, unless HR tells you that Sec+ is required, you are being offered a huge opportunity to get the CISSP checked off early.

If you have a 4 year degree in an IT related field, that knocks 1 year off the time requirement for the full CISSP as well.

I would still encourage you to go the CISSP route. A CISSP Associate is someone who has passed the CISSP exam. The CISSP is a credential that requires you to continuously validate your ongoing learning, in order to show that you are still developing and aiming to maintain the high standard you deserve to be at. And being a CISSP Associate is a higher credential than Sec+, which, even though it's widely recognised, will only ever be an associate level certification that you have to renew in order to maintain.

So basically do CISSP once and continue learning other complementary things and stay a CISSP or do Sec+ and then repeat Sec+ a few years later to maintain an entry level certification.

thanks jake!!

Gave +1 Rep to @static tide

Actually i am interested in web hacking, so which course can give me the best knowledge of webs and web hacking???

Offensive Security OSWA/OSWE, eLearn Security eWPT/eWPTX, SANS GIAC GWAPT. You'll learn loads of these techniques in THM

Hey i am looking for an internship as penetration tester
I just wanna gain some industrial experience

😅😅

Port swigger lab : )

I very highly recommend learning how they work by learning to make them, as well as learning how to hack them

Thanks @quick forum @novel iron @rugged delta

Gave +1 Rep to @quick forum

Cyber sec Summer camp at university for high school students?

What about it?

Is this a local offering?

Hello all, after considering many paths, I decided to try and work in the red team side for my internship first. I got an intern at a local security company, and I'll see how it goes.

Q: What is the best Entry Level certification for offesec which land me a job in Cybersecurity?

One the things I struggle with is deciding which certification to pick as I don't have the financial resources to apply for 2-3 certs. But if I could have one cert and get a job. I could atleast reinvest some money into my career.

Like say eJPT is great for beginners but they don't have a lot of Job postings (specially In India from where I am). Can't go OSCP as it not an entry level cert. Are Pentest+, Security+ and CEH good enough to land a job?

If you provide any insights that would be a great help.

CEH has value in India and only really on India.

My question is "Are they good enough to land a job" because whatever investment I will need some returns. So that I reinvest...

Would u give us any advice then? I was thinking about taking the CEH (I'm from europe). which cert then will help me to land a nice entry level job?

check out what other people have already said by using the search function: #general message

It genuinely does depend on your country

eJPT and AZ-900 would look good

Anyone have any insight into switching from networking to SQL/DBA? From what I see, much lower barrier to entry for DBA simply because it isn't glamorous.

why do you want to switch? What are your overall goals?

I tried networking and studied the CCNA for 6mo, now I am kinda getting bored of it. Want to expand my skillset while getting paid for it.

My overall goal is just to find a niche I can enjoy for the rest of my career.

The problem with that ideal is that technology is fast moving and almost all aspects of IT have changed substantially in the last 5-10 years; foundationally, networking will serve as a good place to start from. My advice is to pass the CCNA, then expand your skillset and knowledge out.

If you move domains too early, you're not getting any benefit from the depth of knowledge. Many concepts will apply laterally so the deeper you go in one domain, the easier some domains are to pick up.

Took my CCNA last week, got a ~65% on it

Not the best...

You're pretty close to passing, and CCNA is a good cert to have. It's very applicable to sysadmin work, or even developer roles beyond that. And with the way DevOps and DevSecOps is going, having knowledge of multiple domains is more crucial than ever.

Yeah, I think that one is next for me

That or AZ-900 + AWS

Something else people should take a look at are the pinned posts #cyber-and-careers message

Interview question: How long should variations on 'tell me about you' or 'tell me about what you have overcome' be?

I could write a novel with what I have experienced so it is difficult to nail down a bite-sized story of me.

What is the general intent of that questioning in an interview?

IMO it’s mostly about making sure you fit to the other people / the vibe.

Atleast in smaller / young companies

Is that something that you can feel out in an interview, or is it up to chance?

I've never had a question about 'what you have overcome'...
Basically, about yourself should be a casual snippet of your background. You shouldn't go on ten minutes, 2-3 minutes at most.

and about the 'what you have overcome'... what I'd do is think of this in a business manner... was there a situation where you were tasked with something that you didn't know how to do and you had to figure it out?

If you think the overcome is a personal question, I'd still think business-wise and think, how did you get the skills you have now? Did you spend late nights/early mornings/weekends studying? Did you go to college while working?

That is a really common interview question from what I've seen. You are correct in thinking about it in a business manner. Basically just asking about something you've had difficulty with and how you solved it.

I was asked it in every internship interview, those didn't have to be work related, and then I was asked in my job interviews.

A lot of that gets presented as 'what challenges have you had, what was difficult about them, what you did'

ahh yes, our version is something like "tell us about a time where you were tasked with a difficult task and how you dealt with it" or "tell us about a time you dealt with a difficult person"

I'm competetive programmer, I have CCNA exam prepartion, I know Linux of intermediate level and some uses hacking tools in Kali. {student of IT(at final year)}
📌 But I'm confused which one should I choose and focus to build a good career?
Like network administrating, cloud , blockchain developer, deep learning or AI,ML, cyber security.
How can I integrate my prgraming knowledge and Networking knowledge?

you were answered previously... It sounds like you are looking for a DevOps job. Full stack engineer is a possible job title.

thanks dear

Gave +1 Rep to @pseudo creek

do not call someone dear unless you are like their grandmother

Haaa...haaa okkaay

Hi friends, I am beginner and sorry on stupid questions.
Thing is that I want to ask what do I need to learn to become Ethical Hacker ?
For example I would love to specialize in web and mobile security so my second question is: Do I need to know to program websites and mobile application before I enter in cyber security or I don't need to know ? I know that I at least need to know to program in Python to create my own scripts but what else do I need to know ?
Please if can someone answer on my question and explain me process of becoming Ethical Hacker ?
Thank you upfront

No you don’t have to be a programmer but knowing how both are built are useful. You might want to Google application security as that sounds like what you want vs ethical hacking..
For ethical hacking, the cyber mentor has a lot of videos on how to be an ethical hacker https://m.youtube.com/watch?v=lhz0-qAQlBM

You can also specialise in Web and Mobile penetration testing

you can practice on tryhackme.com or hackthebox.com, picoctf.org

What is important to know to work in the PKI / Infrastructure area?

PKI and infrastructure are usually included in different domains. Can you be more specific?

hi I'm viraj dilshan from srilanka in in final year in my cyber security and networking degree I like to be SOC analyst or a cyber security Eng. can any one suggest me which is best for me

and best path or a site like tryhackme etc

develop my skils

Depends on experience, cyber definitely isn't an entry role in IT but you may be able to secure a SOC analyst position with just a degree and/or certifications

There are entry level roles in cyber

I agree with this take. Entry level doesn't mean ground floor. It's why a lot of entry level cyber positions require x years of experience. In order to cut that red tape, you're likely going to need a degree or professional experience in another area of the computer field. Such as IT.

More than likely you're going to need a combination of all 3, that being a degree, certification like Sec+, and then professional experience like an internship or a full time job. If you haven't had a full time job, a Homelab and prior technical coursework duch as a capstone helps round out the resume. Without a degree you're going to need to bring in professional experience, typically 4-6 years from job postings I've seen.

Certifications can be replaced with security clearances if you have one in some cases. Will at least get you in the door but DOD 8570 makes it kind of difficult

Maybe it helps to see Security as a specialized role that grew out of Networking Engineer/Sysadmin/SQA roles/etc., so the foundation and skill required can be quite broad. The entry to a specialized role like Security is likely going to be a larger leap, as it has broader foundational requirements.

Well said and more concise Tim

Somewhat agree. I just don't like the whole "there are no entry level roles in cybersecurity" stuff.... when there are. I think it's very disheartening for people to see and believe that -- Now while it is much harder to land an entry level role in cyber and having experience in other areas of IT will benefit you tremendously, I think we should move away from the "you have to work helpdesk or work in some depressing area of IT for the experience on your resume". I think there are more and more entry level roles popping up where employers are willing to provide training and guidance.

Speaking from personal experience here -- no job experience to a security position while still at University

Of course an employer isn't going to hire someone who knows literally nothing about security and just thinks it's a cool job but if you show them that you have the foundational knowledge from self-study, you're going to find employers who are willing to take that chance on you and train you. THM, HTB, ImmersiveLabs, studying for certs all provide a base of knowledge that you can show to an employer. Sell yourself

hy'

```i am asking for cyber sec species l've heard we had two kind of cyber sec people```

I'm starting out with A+, Net+ and Sec+ and then going to add on a CCNA and CEH. Following a certification path is good to stay on a particular track and the certifications t themselves do look excellent on a resume. I agree that it is and should be more so about what the individual is able to do rather than certs on a piece of paper.

I would skip A+ unless you need it or feel like you're lacking the foundational skills needed. Just jump straight to Sec+. Net+ would be irrelevant once you have CCNA. So only do Net+ if you need the knowledge base for the CCNA.

Are you from India btw?

Do you have an understanding how computers operate? Hard drives, RAM, CPU, etc? If so you may not need to take A+. Id review some of the material before committing. Outside of India, CEH isn't respected. I would honestly go straight for OSCP as it's the entry level pentesting certification.

i mean there is two kind of cyber sec specialty

i don't remember

but some people they tolk about what kind of cyber sec they are

red/blue?

there are dozens of cyber security specialties

like ?>

Vulnerability management, threat hunting, threat modeling, risk assessment, pentest and exploitation, system hardening, firewall policy, compliance, source code analysis, DLP, FIM

that's just off the top of my head

POS recruiter put me in for an interview telling me it was entry-level SQL. Spent 40 minutes getting embarrassed because it was mid/expert level.

Fk recruiters.

Did you tell the interviewers?

Also, bashing recruiters/other job related things isn't exactly a good look on a public forum

You'll find that IT and specifically cyber is rather small and everyone knows someone

Spent a week studying and getting hyped by the recruiter as 'you likely have this job'. Only to spend 40 minutes looking like an idiot.

Did you let the interviewers know though? That's important

Yes, I told them my experience.

Didn't think to mention that they were likely getting scammed by the recruiter.

Recruiters don't get paid until the position is filled with their candidate

The recruiter isn't scamming them by putting you up, you were the best candidate that the recruiter found

Then what is the deal with the recruiter putting me up knowing my skill level?

It wasted both my time and the employer.

It could also be that they knew your experience and were intentionally asking you questions beyond your skill and knowledge to see how you respond to being clueless

It did not waste anyone's time, you know have a much larger bank of SQL related questions to learn about

Seeing how someone answers a question they don't know is one of the most important things you can learn about someone's psychology in an interview

I tried to put on a good front and maintain a positive attitude.

Best strategy is to admit to not knowing in a direct way and ask if you can try to reason your way through it with them.
This shows a willingness to be wrong, a willingness to be mentored, and demonstrates your ability to think critically about the problem

That is actually a good idea.

Skills can be taught, attitude cannot.

Just difficult when you are under water financially and need a job soon.

Totally get that. Before landing my first industry job, I was a private compsci tutor. Very hit or miss, I think my best year trying to tutor full time was less than half of what I would have made working at macdonalds.

haha oof

Getting a job only makes it less difficult

Don't be so harsh on urself

It'll help you prepare better for the next one

anyone working in cyber sec Canada?

Plenty of experience here. If you ask your question you will likely receive a good answer.

yes how is the industry there, I am currently in asia, thinking about studying cyber sec course in Canada so need help

Do you have a sponsor/visa? I'm not from Canada but they have a pretty rigorous immigration process. For instance, in order to immigrate, you need to have someone financially sponsor for your first 7 years in the country. Meaning if you stop paying things, they are responsible for you.

It's not as simple as as saying "I want to study in x country". Lots of factors and logistics that need to be figured out.

Personal example: I, as a high school student in the US, was looking at possibly going to college internationally. Specifically looking at Germany and Switzerland as I A) spoke a decent amount of German at the time, B) met the entrance requirements for each country and schools, and C) their schools had good programs in the professional areas I was looking at. However, logistically it was going to be a nightmare to try and make it work, which is why I stayed in the US and did study abroad trips instead.

Even if the market is good, Moose is saying that non-Canadians might have trouble getting a job due to visa requirements

I'm not Canadian

You don't need randos in a discord, you need proper immigration law advice

What was the original message? It's gone

@remote sedge rule 1. You can't DM someone asking if you can DM them

I would like to keep the conversation in here as it benefits the community

okay

I have seen people go for study for masters 2 years and then get 3 years work visa for Canada it can enable people to work in their respective field of study right?

There's more to it than that. You need to have permission to be in the country before you can even do your masters. As James said you need to talk to someone like an immigration lawyer. If you have a Canadian consulate near you, they can probably answer all of your questions.

yes I am aware of the visa procedures, immigration and all, what I wanted to ask is that after 2 years of masters program of cyber security , will it give me a good chance to land a job in cyber security abroad?

Do you have any prior experience in the professional space? If you go get a masters, and you're looking for entry level work, you've likely priced yourself out of many of the positions as you're now over qualified.

I have done 3 month internship, yes I am worried about that thing that is why I need opinion of people who have worked in the NA because I am from Asia and I am not aware about the recruitment process in the NA etc.

While Canada is different than the US, I'd say only having an internship means that you'd be going for your masters too early.

Masters are generally reserved for those going into management or the like

Okay , are you currently employed in the cyber sec ? I just want to know.

Yes, I am currently a Cyber Security Engineer

Okay , for how long?

This is really solid advice, and applies beyond just America

Didn't want to assume, but figured.

They seem to be doubting your advice because they don't like the answer, thought it best to make it clear how much it applies

That's how I'm reading it

I agree with it man totally but I also want to know about others journey too and what they do.

I've been an engineer for almost two years. Prior to that I was in my university program where I was working on my B.S. in Computer Security and Information Assurance. During that time I also had an IT internship, worked in the schools enterprise IT Club, and a couple of other things.

Great man , look I respect you guys , but I am at a point that where I only get one chance to study abroad as of now so that is why I am asking in detail , It is also very costly to study abroad,man.

can somebody help me to get a flag on web based challenge please?
out of 5 i got 2 flags

#room-hints #room-help

Only if it's THM...

I figured it was - Even so, wrong channel lol

Just curious, do you think it's possible to do but bounty and use this to pay for the certificates on your journey into cyber security

For example use bug bounty to pay for your Comptia a + and CCNA

I wouldn't do A+ if you're familiar with computer basics

Well I am not really familiar I get by lol every day it's easier

It's possible of course. Will you do it tho? It's not easy

Bug bounty may not be the best source of income then 😄

Yeah Bug bounties are an extracurricular and shouldn't be relied upon for income

Hey all, I'm a cyber security recruiter covering the US and Canada... I just started up a Twitter aswell as recently got my feet wet with TryHackMe, if any of y'all want to connect or have questions, feel free to connect with me on either platform! I'm trying to better understand the technology my candidates work with daily to better advocate for their skillets during interview processes and salary negotiations!

I welcome all info, resources and connections! Looking forward to meeting some of y'all.

Twitter: @T8CyberUSA
TryHackMe: T8CyberUSA (top 19%).

@green pike If there are job reqs you are trying to fill, you can verify your recruiter stuff with @undone shore and get access to post in the #jobs-board .

I'll shoot @undone shore a message and get myself verified

Drop me an email (muiri@tryhackme.com) from your corporate email with an example job posting, if you would 🙂

For sure, expect it tomorrow from an @hays.com address

bloody beethoven!

Hello

There are lots of ISO's which one should I start with?

Like ISO standards, or like disk images?

oh nono standards

ISO 1007 and such

I'd start with 27001 in cyber security, that's information security management framework

so it is better to not purchase a course on Udemy for it unless required, or is it good to study it anyway ?

I'd personally avoid udemy like the plague

any other sites?

cheap

for ISO spefically and other Cyber sec courses generally ?

I don't know of any, I went the expensive option and studied it at university

ooh I am in uni

hehe

but idk when will I take that if I have one

what was the name of the course when u took it?o

or what is it generally called in uni? based on your experience

Getting access to the standards documents usually requires a paid license. If you are getting the standards documents for free, that is pirating intellectual property.

It was my Security Management class

wait they aren't public for everyone!

I would recommend starting with NIST SP 800-53 and the NIST CF documents. Start going through the requirements and see what controls you can create for your homelab that meet those requirements, as much as you can.

Note: these are North American

ohh

I think my company recently paid something like $15000 for everyone in the company to be able to access one particular ISO standard for industrial controls.

Can confirm, reading standards is pain, your university might pay for access though - Chev's does

Yeah, but they are also used as a common framework worldwide as well; and understanding one framework well usually translates into other, similar control frameworks

I think we were taught both ISO and NIST

NIST SP 800-52 and NIST CF (just a note for me lol)

what about ISO 27001, what is it exactly ?

Makes sense. I have had to do assessments against ISO 27k1, 27k2, NIST 800-53, CIS Benchmarks, SOC2 type 2, PCI DSS 3.1 and 3.2, FedRAMP. There were more frameworks at play in that environment, but those were the ones I had worked on during our audit processes.

~juun 27001 is in there twice~~

27k1 and 27k2 are similar to 800-53. They are technical requirements for a security baseline.

thanks, it was typo. stupid fingers

Gave +1 Rep to @quick forum

Ah I remember what 27002 is now

is there something like cyber security standards compliance for beginners

"GRC" might be the abbreviation you're looking for, governance risk compliance

There's probably some commas or an and in there

I see it typically written as Governance, Risk Management, Compliance but every place has a different set of preferences

hmm,

lemme see one sec

so Udemy is not a good place ?

found CRM

and ORM

nvm found one that says grc

Udemy is very hit or miss.

Usually miss.

a handful of Udemy instructors are good, but most are not

Seriously, if you want to understand compliance, start mapping out requirements to controls you can implement; and if a requirement cannot be met by a control, write a compensating control to protect the system as a whole from that gap.

That's something like 30% of the job that a compliance analyst does

and where can I see these requirments?

I found this

https://www.udemy.com/course/fundamentals-pci-dss/

starting with PCI-DSS as the first compliance assessment is not a bad idea?

Start with 800-53

Thank you @flat sedge
all clear now!

Gave +1 Rep to @flat sedge

CIS Top 20 is great to get started with too although not necessarily an accredited and certified list of security controls

Gerald Auger has a GRC analyst course and the guy teaches really well. So far he's the only one I found teaching something like that.

I tried using terminal and its commands and its more fun to me than writing codes in vs i tried learning python tbh it was kinda boring on the other hand linux terminal was like next level fun,Finding ip getting location from phone number if i am learning for a future path/job what path should i take or what other coding languages should i try that can help me in my carrier?(and what is the right way to learn programming/cyber security)

@pine pike can I dm you? I saw your previous Oracle Job posting. I am wondering if there is any openings for this year's grad with experience in pentesting. I have a few certs and corporate experience.

Thanks, noted.

Gave +1 Rep to @twilit arrow

Sure

Stalking people isn't a good start in cyber security.
You may notice it's called Ethical Hacking, ethical is a really important part of it. Stalking people is creepy.

I did it to my own phone as a way to learn, i wont do it on people

Hi THM community I'm not sure is this the correct section for me to ask this, currently I'm a fresh graduate looking for a job as a pentester in Singapore location. May I know is there any available position in Singapore?

I may have something for you. Send me a DM if you're interested :)

that's wonderful! I'll dm you now.

Hello everyone ! I want to focus bug bounty, but as a person without background, I started with basic cyber security. As a beginner, your suggestions will be very valuable to me. I would be very happy if you share your suggestions with me.

I would look at Portswigger academy, there is also #bug-bounty

Oh thank you so much I am looking at it rn 🙃 I already asked and thanks to they suggest me to start with pre-sec and web fund. I just wanted asked more idea 🙃

Gave +1 Rep to @pseudo creek

that is a good path, pre-sec and web fundamnetals

Thank you so much 😊😊

Gave +1 Rep to @pseudo creek

What certs for Penetration Testing/Offensive Security are generally well-known by companies nowadays?

OSCP still seems to hold the lead

depends on location

us - oscp
uk - crest/cyberscheme
india - ceh

It's good to note there are different levels of certification too. OSCP is a good one to get and is the highest one, but I believe it's a 24 hour test and you're given a target to hack. Your goal is to write a report on what you find and suggestions on how to fix them. It's an experienced test.
The entry level certifications are CEH and Pentest+. Pentest+ is relatively new but it's gaining some traction. CEH is a great beginner certification to start off with. You're put on a team that simulates a penetration test. You don't have to do everything as you're on a team, but you are expected to know junior level techniques and have a core understanding.
OSSTMM has a certification that's well respected, but requires lots of studying. I would avoid it though unless it is a requirement for a certain job. Normally department of defense and contractors for DOD doesn't view it as relevant. They have their own list of certifications they want you to take.

Avoid CEH

They've been caught plagiarising content, posting deeply misogynistic content, and then blaming it on the intern

Eck, right wouldn't want to support that. Any information on it?

Plenty easily found

Pentest+ ticks the same DOD 8570 box

Wowza, wonder what they mean by that. Thanks for letting me know about that

What they mean by what?

Hi

pls help me wanna start with python with cyber ethics and ethical hacking and all that stuff-\

It's important to remember that programming and hacking are very different things
You don't need python to get started with cybersec, and you don't need to become a good developer

(I mean that only)

I just wanna include all things a once 😅

So send help

Sign up on tryhackme.com and get started

k

Their quoted statement, the release could have been overlooked by less competent workers, but directed differently by the top. Mishaps/mistrusts happen and causes issues like these. I'll look into it deeper once I get home. Regardless not the greatest move if they didn't change out management or their tools if they were faulty

Now IMO, if it was just one or the other it'd be a little more excusable but it's consistent issues with them around ethics and discrimination

Also the knowledge on the cert is kinda crap for the cost IMO, we might actually laugh someone out the office if they came in and were proud of their CEH

People are at different levels, if they're proud of the accomplishment I don't see issue with celebration. To think you know everything though is a bit different

I do not see it as quality content

There's a number of areas where I've seen it's outdated or poor quality, and you pay absolutely through the nose for it

It also, IMO, shows a lack of understanding of the careers market over here. It has little to no respect from HR, so why would you get it?

Yeah I agree the quality is outdated. Maybe not accepted much through HR but if you set a goal and you accomplish that goal go ahead and be proud. Coming from 0 within a year or two it's not a bad place to get a foundation. Quality definitely needs to be updated though

I really really do think it's a bad place to get a foundation, with so many better options on the market

Options where you're not supporting an org with a history of misogyny and plagiarism, options with more up to date content, more respected by HR, and that cost less.

Thats fair, I see what you mean

You can set goals and work to them without all of that

Myself, and the company I'm trying to hire other pentesters for atm to expand, value skills and projects over certs but especially over CEH lol

Thats a rational reasoning for it too lol

Maybe I'm just a tad bit late in the game 😉

Quick question, where would you go to be associated with hackathon teams on tryhackme?

There aren't any so nowhere

What kind of projects to you guys check for? And how do you test the skills when you hire?

Respectively: Something interesting, show you have passion for this kinda stuff. Either through projects or whatever else
And like with most companies, a technical assessment (CTF)

OK, good to know, thanks

Gave +1 Rep to @quick forum

If you signed up with your company email, check out: https://tryhackme.com/workspace

Thanks!

Gave +1 Rep to @distant pier

I was wondering how can someone become Cyber Lawyer ?
Does he need to know Cyber security stuff in depth or know laws in depth?
Or are there different types that depends?

I remember James was once talking about contract lawyers

Contract law is its own field in itself

patent lawyers are often mix of tech and law

Given the pervasiveness of technology and cyber, every discipline will likely touch cyber at some point. That being said, lawyers need to lawyer first. Knowledge of the law trumps specific technical knowledge in a broad amount of cases. Having some amount of knowledge is important to try and tie your case together. If a lawyer needs a deep amount of technical knowledge, an expert witness will likely be called to the stand.

As mentioned before, it is dependent on the field of law they are in. Lawyers for the EFF are likely going to have a deeper knowledge of computing but will still need to call upon expert witnesses in some cases. @civic thunder

Hey can I get some feedback on my new resume here?

Go ahead and post an image of your redacted resume. Preferably no links or downloads required.

whoops I realized there's some more to redact

Alright top to bottom:

Primary objective - not needed. If you want to write something like that, a cover letter fills the role.

Education - goes on top. Bullet points not paragraphs.

Experience - you should put this even if the jobs have nothing to do with cyber.

Future goals - should go at the bottom if you're including it. Personally, I don't see a need for this section as, again in my opinion, should be for past actions.

Achievements - should be broken into different sections as it's ambiguous. If it was something you did on your own, extracurricular section. If it was for a school project, projects section.

Tools and concepts - goes in a skills section as a sub topic.

Proven deliverables - not needed. Professional experience or put it into projects if it was for school.

Soft skills - not really a resume item, more of a cover letter item.

As much as the case is stylisation, I'd use proper capitalisation just because it might not be a techie reading it

Try to limit the bullets to 3 per section or subsection generally

Hey guys I have a question that I have been sitting on and I just can't figure out what to do.
So I got two job offers, one is to be a SOC analyst an one as a cloud engineer. I think both are very interesting but I find it hard to choose the one that will get me the most knowledge that I can use to get better at Cybersec. I feel like SOC analyst is a good way to get a foot in the door in the cybersecurity world. But on the other hand, working as a cloud engineer will give me ALOT of knowledge regarding how things work and are set up. I feel like that's the kind of knowledge I need in the first place before becoming a SOC analyst. as for you can't protect what you can't understand.
What's your guys take on this? Am I overthinking it and would SOC analyst be a good start either way, or maybe accumulate even more knowledge and go into security after?

Which do you want more? Which job fits your needs? Lots of questions that only you can answer.

@quick forum

James incoming

thank you 🙂

Gave +1 Rep to @stoic cave

They both really fit my needs, pay and extra stuff are almost equal, I just can't decide haha that's the problem obv. Just wanted to see of some extra views might change something

Yeah, it's definitely a personal question. You're going to be the one working there for at least a year or more

Hey, I just got my network+ and I am going to be getting my Security+ within the next 3 months, but I am unsure of what to do after that. My end goal is to get into penetration testing but I was wondering if I should start with one of the more simple ones like Pentest+ or eJPT or if I just go right into OSCP.

OSCP is the entry level Pentest cert. If you're in the US and need to meet DOD 8570, pentest+ fits the requirement

eJPT doesn't have the HR exposure yet and pentest+, if i remember correctly, doesn't have a true practical.

Yeah I did know that about pentest+ and eJPT I was just wondering if it would be too difficult for me to jump right into OSCP with my only experience being basic Comptia certs and messing around on tryhackme. But I guess as long as I spend enough time on it OSCP would certainly be doable and is going to be the most helpful in getting me a job

Do you have prior professional experience in the computer space?

You have to keep in mind that pentesting is a specialized field within the field of cyber security.

Yeah, I dont currently have any experience, but I am looking for an IT job

Personally, I would hold off after sec+ and try to get a job in IT or maybe even Cybersecurity to gain that experience.

Then have the company pay for your future certs

That's not a bad idea I guess

Not trying to be a wet towel but experience is needed

A degree can cut red tape but even then it's still hard to break in

mhm, fair point

#HiroNewf I would suggest getting a NOC entry level and build up from there.

What would I need to do in order to get an internship as cybersecurity engineer?

Ps: I'm a first year undergrad

Search for them and apply to them. It's very hard to get an internship in security as a first year. You're going to be competing with second and third year students. Make sure your CV is put together nicely.

They aren't going to expect you to really have much (if any) experience so just make sure you fill it with stuff that you've learnt in uni, your skillset, how you're learning outside of uni, what you're proficient in etc.

They want to see that you're actually interested and passionate in this field. They're not going to give an internship to someone who has done nothing to further their knowledge and skillset outside of uni.

You'll have to do some kind of technical challenge as part of the application process or in the interview process. In most cases, from what i've personally experienced, this will be a CTF of some kind.

Or I know when I applied to CrowdStrike, they had a website with 7 or so different categories with different subjects and you had to do tasks in a certain amount of time. They looked at your accuracy, completion rate and points gained. The categories were Linux, Powershell, Registry Persistence, Log Analysis, Splunk Analysis, Malware Analysis & Methodology.

If you're in your first year as an undergrad, focus on being an undergrad. You're primary goal is to graduate school and not focusing on your courses the first year is a huge mistake. Internships are generally reserved for those going into their senior year as they have already completed a majority of the courses and have a wider knowledge base. When you are entering in to your junior year, maybe look at your local area and see what kind of IT internships are available. This will help you immensely.

You're not going to be behind if you don't get an internship in your first or second year of college

Yes sir, I understand that well enough. The degree I'm pursuing is Bachelor's in Computer Science Engineering without any specializations. I am slef-taught and will start my second year after 2-3 months. I've already got Net+ but I feel like that's not enough.

Disagree with the reserved for senior year. I would say that most internships don't have a year requirement, just that someone be a student in a related discipline.

I've cracked 10+ boxes and 3+ rooms at HTB and THM

Yes

None of that matters for internships, except as a talking point during the interview

But I guess what he meant was that first year students are not really their preference when it comes to internships or something like that.

I wouldn't worry about it. Internships aren't usually a place where a company makes money. If an intern is doing business critical work, that org is deeply broken.

Also it's true that I'm yet an amateur but I will try my best to Stat giving interviews just for the knowledge and experience

That makes sense, but you can't determine what's it gonna be unless you get into an org

Glassdoor usually has a both the best and worst of an organization.

Another thing I would say, is that as a junior role don't focus on what you currently know. Focus on what you want to learn, and how that jr role or internship will help get you there.

Well, tbh my goal is to get 10+ years experience as cybersecurity engineer before I go for the CISO role

I would note that it'd be very unlikely that you'll be able to jump straight into a Security Engineer right out of uni, just a heads up. Not impossible but don't get your hopes up too much

Yeah that's why I'm working my ass off, thanks alot man.

Working on it, hard to find jobs like that though because I am kinda in the country, about an hour away from any major city.

You should read CISO Compass by Todd Fitzgerald. He's a former CISO and trains people looking to take up that role. He's also contributed to formulating the CISSP CBK for ISC2. It's estimated that you'd have closer to 20 years experience in various roles in the industry and managerial experience at various levels.

https://www.amazon.com/CISO-COMPASS-Navigating-Cybersecurity-Leadership/dp/0367486024/ref=sr_1_1

anyone have the ejpt cert?

im stuck between doing that and the pentest+

If you're in the US, pentest+ is good for dod 8570

Save $200 and just take PTS course.

Whats that

The free course by INE

Hello! I'm curious on what is the best path to get into cybersecurity and penetration testing. Is it enough to get certificates online? What certificates would I need to get? Or would it be better to get a 4 year college degree?

Hello. Certificates won't do much for you I'm afraid. Certificates don't actually verify that you know the information. Their purpose is to state that you completed x, and that's it. Certifications on the other hand both verify that you know the material and also certify that you meet a standard. I'm going to assume that you meant certifications for this response. It's also important to note that pentesting is a specialized field within the cybersecurity industry. Cybersecurity itself isn't necessarily an entry level field and generally requires professional experience within a computer domain, like IT, prior to entrance. Pentesting requires even more experience on top of that. A college degree would cut some of the red tape, but I can't say that it would cut all of it. If you're looking for certifications to get, I would recommend starting with the CCNA and Security+. They're a good combo and then after you get hired you can look at having the company pay for more certifications, such as OSCP.

Profesional experience is really key here. Can't stress that enough. I would really recommend that you get yourself into an IT shop, or similar, somewhere and start building your skills.

@stoic cave Thank you so much!

Gave +1 Rep to @stoic cave

Damn thank you so much @gleaming basin

Gave +1 Rep to @gleaming basin

question ,can I get a cerfications signed by INE of that for free, or is itproviding the learning material for free and the certification for a price

You need to pay to take the exam

The exam is what awatds you the cert

the ejpt cert right ?

Yes, the training material for ejpt is free but the exam and hence the cert is not

thanks @quick forum , I think ill stick with THM certs for now as I am short on money rn

Gave +1 Rep to @quick forum

They are changing that this summer with the new version of the eJPT. They will be replacing the starter pass with the Fundamentals Plan and that will include the option of a pass for the new eJPT or ICCA (their cloud associate exam)

The current eJPT is 20 questions over 72 hours but the new one is 35 questions over 48 hours

Ok?

Does that change the pricing?

They haven't announced the pricing of the new training plan but you can still do the new exam for $200

Just the free starter pass is now going to be a pricey pass

So yes it changes the pricing

there'll be an option for a $39 monthly plan training and a $200 exam fee or a $299 annual plan that works out cheaper and exam fee is covered

Is it for ejpt only or these 299/year will include some other courses too?

It includes the CCNA path, Getting started in Networking, ICCA (INE Certified Cloud Associate), Azure Fundamentals, Data Science in Python intro and the Pentester Student v2 (<-PTS is the eJPT course name). The $299 includes either the ICCA or eJPT exam voucher

How can INE do CCNA?

Ah, unofficial training...

Thanks!

Gave +1 Rep to @rugged delta

how to become bounty hunter?

-warn @torpid sapphire Do not spam the same question over multiple channels

⚠ Warned Koalemos#3084

-undelete -a

Up to 10 last deleted messages (last hour or 12 hours for premium):

5 minutes ago (Sun May 22 18:18:31 2022) Koalemos#3084 (ID 867609952407126016): Fuck off

Charming.

Hello everyone, I don't know if it's the right place to ask but I couldn't place my question anywhere else, so basically I got an interview for an internship to complete my masters in cybersecurity and the recruiter told me that it was going to be questions about EDR and Microsoc, which are 2 things I never heard about, so could someone help me prepare correctly for the interview and give me a few hints regarding those things and maybe tell me where to get more information about it ? Or even think about some questions I could get regarding those topics so that I could do the proper researching ? Thanks in advance !

EDIT : After a bit of research, I've seen that MicroSOC is the commercial denomination for the product that the company is selling so I guess I won't find any more information than what's on their website, but I'm still really interested for more on EDR.

Any recommendations for uni in Germany for masters in CyberSec for foreign students?
Keeping in mind the cost of program and living.

That's a lot of legwork and something you're going to need to do yourself. Germany does have a fairly relaxed University acceptance and tuition is generally free if you go to a state university. However, you still need a visa and other paperwork. Do your research and then contact the university you want to go to. They should be able to guide you through if it's possible for you to attend.

Thanks for the info, much appreciated!
I would still like to know any personal recommendations for universities to apply for? CyberSec ofc

Gave +1 Rep to @stoic cave

Not cyber but I've got my first IT interview tomorrow for 1st line support job.

First step on my way into this awesome world. Does anyone have any tips to ace this interview 😅 it's quite possibly the 2nd ever interview I've had (despite working for at least 16 years now )

yeah bombard them with knowledge until they say
Ok stop talking you are hired.

Port 22 SSH
Port 23 telnet
Port 80 http
Port 110 POP3
Port 443 https

7 layers of the OSI model

nc -lvnp

ipconfig -all
ifconfig

tracert/ traceroute

They'll be super impressed 😂

Customer service is something I actually have tonnes of experience in so that's good and working in a team and leading a team

I know someone who studied IT at UNI Paderborn and made promovation at Universität des Saarlandes and has now his own business in CyberSecurity. So its seems it wasnt so bad lol

I see. Thanks for the insight

Gave +1 Rep to @woeful sable

studying is usually free. regarding cost of living, you might want to stay away from munich, stuttgart, berlin. besides ridiculous housing prices, living there is just hella expensive.
there's also not really a "best" university where everyone thinks you're something special because you went there like "ooh, look at my boy, he went to harvard". just look at different unis, if their curriculum meets your interests and most importantly, if some bigger tech-company (siemens, bosch, etc.) is in the area, because those companies offer a lot of working student jobs or positions especially for masters students and pay very very well

I'd disagree that Berlin is hella expensive. The last time I was there, the COL was extremely low.

Can EJPT get us a job?

Nothing will get you a job. It will help you possibly get past HR filters and will definitely improve your knowledge

Then how do we get a job in this field

A job doing what? There's a lot of different jobs in Cybersecurity

Any

Just so we break into the field

You must be working in Cyber Security

I do work in security yea. It's hard to break into cyber. Most people will spend some time doing regular IT jobs or HelpDesk

Cybersecurity isn't exactly an entry level field within the computer space. In order to "break in" you'll likely need experience in another area, such as IT. Pentesting is a specialized field within Cybersecurity and as such it requires even more experience.

Or you can get lucky and land an entry level position in cyber like I did

Degrees help cut red tape but it's not a guarantee

^

Same with certs

Yup

What certs did you start with

?

I had none

Same

I had no certs but I had knowledge and sold myself to the employer. They liked me and were willing to train and mentor me

Degree and a security clearance. With IT internship and Enterprise IT "Club" at university for multiple years

There isn't a real "path" in cybersecurity. It's different for everyone.

Homelabs are a great way to show interest and to grow your skills

You can put that in an extracurricular or projects section on your resume

Interesting

It's not professional experience though and is very different than real world

Lost data but to finish, homelabs are great and will help you learn more about different technologies. Real world will expand that knowledge to professional proficiency.

Hey anyone here with experience in building a SOC I would like to know if there is a specific and known shift planning software that is recommended for a SOC. Thanks in advance.

Thanks for the info
I looked into some universities but didn't find a good curriculum for cyber security programs. The only one I liked is from SRH Berlin but it's very expensive.
Not sure if cyber security is a famous among famous subjects there

Gave +1 Rep to @vocal heart

yep, in regards to digitisation it's a 3rd world country

Germany and Switzerland have very good computer programs at their universities

But i couldn't find proper cyber sec master programs TBH

Technische Universität München and Berlin are supposed to be good

TUM seems good but couldn't find curriculum and fees for cybsec master program

How much professional experience do you have if you don't mind me asking?

Because a masters may not be the best choice for you currently

What exactly do you mean by professional experience?

Do you mean work experience or education?

Work experience

Precisely none

Because without work experience, a masters is going to be next to useless

Still in my bachelors

It prices you out of entry level positions

Masters are meant for people going into management or cresting 4-6ish years of professional experience. You get companies to pay for them.

O.O

So gaining experience and then masters 👀

Thanks for the note

Thinking ahead here,
What's the exit strategy after help desk for 1-2 years? What's the usual stepping stone in to blue/red team ?

Are you currently employed at the help desk? If so, for how long? Don't start immediately planning to leave as soon as you start. Leads to poor performance and such

That's a counting your chickens before they hatch kinda deal

Disagree, five year plan and all

Should at least know where you want to be

Disagree. Start working on your next role the second you start one.

Not actively planning to leave imo

"What's my promotion path look like" is the very first question you should ask

Well I feel vindicated 😂 haven't even secured the job but I want to know my path way. Hard to work towards a goal without a clear pathway imo

I'm 30+ and don't have time to mess about (not saying I want to rush but more optimise my time)

If you don't want to traverse the levels of helpdesk, I'd start thinking about what fields you'd like to end up in and work backwards if needed

Let me clarify a bit. 'What's my promotion path' should be brought up in a quarterly review, or during a 1:1 manager meeting, once you start to feel like you have 70-80% of your current job understood

It's never too early to get the promotion requirements, assuming your manager is open

Ultimately I'm leaning towards cyber security researcher but everything I learn has been absolutely fascinating and super enjoyable so 🤷😅

I guess I wasn't clear? Actively planning to leave when you just start is a bad look. Asking about promotion I think is acceptable.

I was trying to clarify what I meant, dw

Yeah, I was agreeing with your clarification

It's not that I don't want to traverse the help desk, I don't want to get stuck at level 1 or waste time. I want to nail this job, gain much needed experience and then leverage it for more experience somewhere else

If you do too well in the interview, that may be a negative for that position. Because you'll outgrow it faster than they expect someone to be in that role, and they will have to replace it ahead of schedule

Never feel bad about leaving an organization or advancing out of a role faster than anticipated. Unless you have a contract stating otherwise.

I'm feeling super lost at the minute with it all. I know I need experience and I know I can't earn what I currently earn without experience (it's taken me 14 years to get to this point) BUT it's one hell of a financial strain to burden my family with .

Thinking I'll give it a miss for now and really try to nail down some qualifications to either get a higher starting salary or for leverage later when money will be tight etc

That and save like crazy and try to reduce out goings (which is always a good plan)

that's not necessarily good either; skipping over the entry level roles is not feasible without a degree or work history in related fields. Honestly, just go into the interview and be honest about where you're at.
Worst case, they don't make an offer and don't say why. Best case, they think you are overqualified and make an offer for a more advanced role.

Hi. I just wanted to say that I finally got my first job interview as a 16 year old. The job consists sort of "technical support" for elderly and people who don't know tech. The pay is great and it's my first real job, and I'm really excited that it's something to do with tech, since that's what I want to work with in the future as well.

I would appreciate any small tips for my interview. I think I have a good chance of landing the job since there wasn't many people that applied.

Congrats on landing the interview. As far as advice, dress well, look them in the eyes when you're talking to them & actually engage with the interviewer

You don't need to wear a full suit but if you want to you can. A nice shirt that isn't creased, good pair of pants and smart shoes / boots

Thank you for the advice. I will take that in to account for the interview.

Gave +1 Rep to @spare kernel

Hi guys… I need your help for choosing a topic for my final project. I’ve thought of blockchain security

But which part would be more interesting?!

Sorry but we don't assist with school work

Never mind

Thank you

It’s my Bachelor degree final project

You're not alone with this. Also facing leaving a very highly paid (but unfulfilling) career to move into infosec. Will take years to get back to current earnings.

It's a really weird position to be in.

Not sure if this would help but Mike went from being a pool cleaner to being a pentester making over $100k on his first tech job https://www.accesscyber.org/from-pool-cleaner-to-penetration-tester

That's a great success story. Problem is I'm already at 100k+ and just am tired of what I do. Need something more intellectually stimulating before I go insane.

It's just intimidating to go to that level of income and build back up over years. Not that I have a whole lot of material needs.

Well it depends how much over $100k on how much of a pay cut you’d take. But I completely understand

Looking like anything entry level will be in the 40-60k a year range

I know one of his concerns is he couldn’t afford to take a pay cut and made over $100k as a pool cleaner but he ended up having 2 job offers to be over $100k in cyber

The point of it seemed to be that anyone curious and dedicated can get into the field. Which is a great way to see it.

Well also getting your first job after a total career switch and making 6 figures right off the bat is amazing

Now not to say everyone can do it, he was very dedicated

Yes. Looks like it took some luck and personal connection. But if you start networking when you start learning, it's entirely possible.

Yup

I'd be perfectly happy landing a first IT/Infosec job north of 50k, Keep expenses low and have plenty of savings.

You can do that easily, I mean we hire new grads from college with no experience at $80k

A few certs, networking, dedication

I have (very outdated) A+, Linux+, Sec+. Really interested in security and aiming for OSCP in around a year

I work 60-80hr weeks currently so can be hard to find the time to study and practice.

Question: for cyber careers, what’s the proper certificate path? What’s after we’ve obtained the OCSP?

Depends on what path you want to take, if you want to specialize. If you want to keep going with netpen, OSEP is a good follow-up. There are certs on web pen, red teaming, etc.

Do you have prior experience? Any certs already?

I wish. I have IT experience and worked as a specialist for community colleges, but the duties were mainly troubleshooting related.

Right, so that's professional experience

Are you currently in IT?

Big difference in perception between part-time support work as a student with a work-study program and being a part- or full-time employee doing the same duties

That was going to be my follow up

But it's all about what you leverage out of that position, you'll want to push your self to learn and outgrow that as soon as possible

I would start with Sec+ honestly

CCNA would also be a good one

And learn how to manage the language that surrounds what you do, as well. "I helped users set up their email" has a very different reading than "Assisted users with troubleshooting problems across multiple domains"

Get a job somewhere in cyber leveraging your previous IT experience

If it was in fact experience

Definitely appreciate the advice, guys! I’ll look those up while I’m taking the junior pen test path. I’m also familiar with a plethora of programming languages already and am currently a data analyst.

Hi everyone! This post goes out for all of you who are based in Sofia, Bulgaria!
The company I'm working for Amatas (https://amatas.com/) is hosting an event called "Cyber Security Talks Bulgaria". The goal is to give young cybersec professionals important advice regarding their career and professional development. You can register free (https://www.eventbrite.com/e/cyber-security-talks-bulgaria-second-meetup-tickets-341327729427) and meet us at InterExpo Center, Sofia on Tue, Jun 14, 2022 at 7:00 PM. I hope to see you all there!
We may consider streaming online the next event, so everyone else will be able to join us virtually. 🙂

Anyone got any decent recommendations for blue team oriented certifications? I’m less interested in developing my ethical hacking skills and more so about detecting intrusion and responding

Offsec and INE have blue team courses

I've yet to find a blue team course/cert I really felt was worth pursuing - besides SANS. It's tricky because some of the tools you'd be using day-to-day as a professional are impossible to license as a private individual or just too cost-prohibitive.

Best advice I can offer is if you are just interested in gaining skills and not a piece of paper, then you need to lab a bunch of stuff, a basic scenario could be; stand up an AD domain, send logs to Splunk, simulate an attack with atomic tests and then go thru a full triage of affected hosts.

Personally what I did to get ready for a blue team job was just steered my career all over the place so I had exposure to lots of things. I did help desk, desktop support, windows server admin, network admin, and then finally security. Took longer than any course would, but in the long run was better.

Thank you for the recommendation! I thought a certification would just give be a starting point and an official demonstration of skills. And then i could just go head in first and learn as much as i can

Gave +1 Rep to @ancient prairie

Ive been working in AWS as a cloud architect for some time now but feel as if the services provided are dumbing me down? And it’s becoming more boring and less personally rewarding as its very business oriented.

Do you recommend possibly one over the other?

I only took eLearn's malware analysis course, I don't know anything about the quality of their other blue team courses or offsec's blue team courses

hi guys i am beginner in cyber security nd wanted to excel in this field. Also learning through tryhackme moreover can anyone help me after completing this wht more things can i explore .

I have recently cleared ejpt certificate, what type of jobs in cyber security I am eligible now, I am already working in IT support for more than 3 years

Go on LinkedIn and search by ejpt. You'll get a list of jobs that have it in their descriptions. Do you have Sec+?

You may not be able to jump straight into pentesting with it being a niche field within the Cybersecurity domain. However, apply and see what happens. Don't let it stop you

Thanks

Gave +1 Rep to @stoic cave

Hey guys I was learning python for couple months and now I am learning pentesting,how will I have to start before find a job in cybersec?

Do you have prior experience in the computer space? A degree? Any certifications?

Only HS diploma as Application technician

You're likely going to need to get professional experience in a technical area, like IT, before transitioning to cybersecurity

Not saying don't apply but cybersecurity isn't exactly an entry level technical field. Pentesting even more so because it's a niche occupation within Cybersecurity

What jobs I can get?Should I try to become sysadmin first?

This is where you have to do a little leg work. Search on Google for starting a career in IT and make a plan. Execute on that plan and make course corrections as needed in order to reach your goal of landing a job in cybersecurity

Hi I'm new to this stuff but I'm quite interested in this field i would like to know if i should start learning about cybersecurity from scratch or should I learn 2-3 programming languages first

Well I got offered the job but at £19,500 I'm pretty sure I can't make it work financially 👎

Feels good to know that I can leverage my current experience to get an offer but I'm probably going to work on some certifications and save as much money as I can 🤔

Programming and hacking/cyber security are very different disciplines

Hey, probaby a good idea to start cybersecurity from scratch and then pick up the languages you need later and learn them then

Any seasoned professionals available?

Need some career advice, What are my best options to set up a resilient security infrastructure in a SaaS based environment?

my company and I turning my current technical support role in the direction of Security Engineering but the problem is that as of now, we do not have a dedicated security team and I've no previous experience of managing security of platforms so even though I can suggest different types of tools for scanning and check the continuously check the app for OWASP Top 10, I think I lack the experience (and knowledge) to set up a new/maintain the existing security infrastructure.

well that is a lot to ask of someone with no experience in the area but it really depends on the SaaS... is it a small niche one? Large well established? Is it more PaaS than SaaS?

One thing you can start looking at are CIS Benchmarks https://www.cisecurity.org/cis-benchmarks/

Do you have a policy and compliance team or are you it? The policy and compliance team should also be able to help in determining what requirements you have to maintain to meet your industry/customer needs.

Also one thing to consider is that basically any SaaS can be configured securely or configured very insecurely, they really do try to manage what they can but they also leave things up to you. The first question we always ask first is "Does the maximum security of this SaaS meet our minimum security requirements?" and if not, we don't use it

also often SaaS have tiers, like cheap tier is very insecure and later tiers add on extra security features.

We're somewhat established in sense of security as we used to have a team who set up some good infrastructure but it was a while ago and currently out IT n infrastructure heads are taking care of security and now that you say it, I'd categorize it as PaaS.

Also, I'm not expected to handle all of the security right now but as I'm willing to move in to that role by the start of next year, I'm trying to get some good advice on how that job is handled as I will not have a senior in the same dedicated role

The good news is that we're already meeting the requirements however, it is to take the security a step further as there are holes every now then that, I believe, can be secured or checked early on

A lot of pitfalls we had in our early days of SaaS are things that are sometimes unexpected things like although the SaaS was compliant to regulatory requirements, a certain feature would make it non-compliant and we only discovered it after looking at Splunk logs provided by the SaaS.

hi if i want to get into cyber security wht pre requirements to get into as i am now learning bit through tryhack me bt if i want a job is required experience in any industry or i can jump into industry only by courses?

This varies greatly by country, a good thing to do is look for entry level cyber security jobs and see what they are asking for in terms of requirements. Often they will want IT experience previously

yes bt i dont have that im currently working in an mnc company after graduation bt not interested in this work so wanted to shift my career in this

so wht more can i do regardless to learnuing tryhackme

as i wanted to make a career in cybersecurity

depends on what job listings are asking for, usually certifications are the way to do it but which certifications can vary greatly by country

amm.. thnx wht r u doing nd done previously ?

Hey!

I'm planning to learn Cybersecurity, and I heard that my country is offering free SANS Training. I just want to check if its good and should I join it?

I was gonna start with eJPT Pentester Junior, however I just saw the SANS Training.

SANS is well known and produces quality material. You're going to want to check to see if they are well known by your countries HR managers though

Or whoever is writing the job posting/conducting interviews

CEH for instance, is wanted in India, but has fallen out of favor in other countries

Cyber range was reccomended to me by a senior exa at a cybersecurity company in my area. It counts for hands on experience as it lets you use real world, applicable tools. Good way to add to your cv and say you have hands on with in demand day to day software

It may count as continuing learning/extracurricular but its not something you should put on your resume as 'experience'

That particular individual at the cybersecurity consultancy mentioned something about cyber range giving badges that are meant to be equal to a cert. He did mention they treat them the same as long as you show it, it could be inserted. Tho my apologies if it isnt applicable everywhere

I don't know about cyber range but just stating nothing is really equivalent to work experience except work experience

They're definitely not equivalent, that's someone being dodgy

I wonder if they were selling the cyber range

Thank you both for covering everything I was going to say

Cyber range is an educational program run at the state and federal level, privately too I think.

At most I'd say you'd receive a certificate

It's also just a term for a playground to test your skills

Like a shooting range but with hax instead of guns

Right

This is the state of Virginia's offering: https://www.virginiacyberrange.org/

I had gotten in touch with him on Linkdin to ask for his take on how best to prepare for moving into the field and he said for the blue side of things cyber range is the way to go because it gives substance to my CV

everyone has an opinion...

It's still extracurricular, not experience

I guess it doesnt seem like wholly valid one from the responses

We're not saying that it can't go on the resume, just that it's not experience and it's not a certification

Certainly an excellent thing to talk about in an interview, especially if you did it on your own and not part of a company or school or whatever

Huh

Things like cyber range I think count as a form of practical experience, in the sense that it's some added familiarity with tools. I don't think anyone should place them into their "work experience" section of a resume or LinkedIn because it's not a professional work setting, and yes actual work experience is very different. But to me it's experience that beefs up a resume if put in the right category

I use github webpages, free hosting, free domain name if you're fine with using the URL they assign you

You can use your own domain if you own one

Yeah, it's all just markdown

Yeah

I would avoid using the word experience. It implies that you have professional experience in that area. Extracurricular sections on resumes would be where something like cyber range goes. It could also go under a projects section if you did it for school work.

That's why I said it should not go in an experience section of a resume. I agree with you there. But you can still say you have a hands-on experience with certain tools. The benefit of setting up a home lab is to gain some hands-on experience. I never list it as professional work experience, but in conversation I explain that I have some experience with 'A', 'B,' or 'C.'

shadow wonders how many people in here:s CV:s would work in sweden where we basicly only use a single A4 page for cv:s and build a lot on how you match up as a person for the company in the interviews hence lots of more personal questions

I'm new to cybersecurity(just did some paths in THM) and I saw this https://pauljerimy.com/security-certification-roadmap/ and it's kinda daunting, certification-wise do I have to start from CSCU then proceed to OPSE maybe, then again Security+ and then CEH that I think it's intermediate for my first certifications assuming that I wanna focus on blue team? Friend of mine said that's probably easier than red since I don't have a programming background

oh lawd that roadmap again

ok so that roadmap is not really a roadmap and its not something you should try to follow as a guideline. Best way to look at it is if you have a cert you are interested in, see where a group of people think it fits

never even heard of OPSE or CSCU certs, the only certs that really matter are what are on job listings

Security+ is a solid first cert for anyone looking to get into cybersecurity

and if you are in India, then CEH seems to be valued there, it isn't valued outside of India

Ye I saw security+ in job listings but OPSE and CSCU, but I thought that CSCU would give me a solid point to start if like the job/field or not

No i'm in Italy 😄

Job listings have like 5/6 certification, don't know where to start since many of em are expensive

someone basically took all certs remotely related to cybersecurity and threw them on that chart, whether those certs are useful/valued or not

security+ is a good start

Starting with 0 informatics bg?

do you have any IT knowledge at all? People with 0 knowledge often start with A+ then Network+

Personally, I wouldn't do A+ if you've been doing it as a hobby etc.

I mean never interacted with a terminal till 4 days ago, I know software and app and hardware things

then network+ may be a good start

Need to check this A+ to see if it's something that I already know

A+ -> network+ -> security+? something like that?

Certs you should think about or focus on are going to be both domain and region- dependent. IMO, if you aren't going to be a sysadmin or desktop support, there isn't much value in it.
However, if you are struggling with background assumptions in CCNA or Net+, then it may benefit you to go back and do A+.

I'm not coming with a job in mind since I got no bg (no IT university), I got the tryhack month to see if the field intrigues me and I'm loving it (especially the forensics thing ). As I said I was told that in Italy at least we're in need of blue teamers so I thought to start from the certification in the blue part of the roadmap ( although its not accurate). CSCU seemed like a very entry and kinda cheap certification to start with but If you advise to start from security+ I'll skip that 😄 Network+ and A+ are in another department so are those really relevant to get before security+?

Pardon the WoT

While it is possible to jump straight to Sec+, you may find yourself not understanding some of it; it makes assumptions about having both A+ and Net+.

Gotcha thanks guys 🙂

Try comptia security+ app, can you answer most of the questions right?

No I cannot, i tried answering the IT Fundamentals one and I got most of em correct so either I start with that or the next one that should be A+

Dunno if this is related to this room, but I just completed Complete Beginner and looking into the next path. Pre Security was done before this. Is there any specific recommendation from THM on how to take next learning paths? Or is this how my pure intuition?

Personally I did not took IT fundamentals, I thinks it's a waste of time in my opinion. But, when I was in service desk back in the day I took both A+ exams myself, which helped me A LOT, to get HR hunting me all over the place. I am planning to take N+ and S+, and then I would love to have Pentest+. But, I need some more exp. Because, having certificates without any good background will waste your time and money. Think strategically. Just my thoughts. Also, I used this material https://www.professormesser.com/

I’ll probably start with the ec council certification CSCU because I feel more “safe” starting from that(hoping that I’ll get a good rundown of the basics/a good bg) than jumping straight away to A+, after that i’ll do A+ for sure and then Network+ or Security+. Thanks for the link, seems super helpful!

Gave +1 Rep to @fading spade

Gave +1 Rep to @fading spade

Are you in India?

Italy

EC-Council is losing favor rapidly outside of there

You're better off going with something like the basic Comptia certifications as previously mentioned

CCNA is also a good one

is comptia a+ considered basic? because I can see "Recommended Experience 9 to 12 months hands-on experience in the lab or field "

But if I remember correctly, you said you had zero experience which means starting with something like the A+ would be beneficial

Yea like 0, just did some module from THM

Then yes, A+ and look for a job on a help desk somewhere

Help desk will develop your troubleshooting and interaction skills as well as gain professional experience

I already have a not IT related job atm and I thought that maybe getting just a first certification and then maybe another one would be a good start

Got 0 IT experience on my CV so don't know if I can get even an help desk job 😄 would love to get a certificate and do an it job thou

You're going to need professional experience. Certifications are the backup to the experience.

Help desk is the starting point for many in the computer world

Help desk level 1 is the starting point

But you do need something like SQL. knowing networks and stuff as I can see for italian job listings

No, entry help desk is where you learn

They may list it but I doubt it's a hard requirement

Then I'll apply right away lol I always thought that a junior help desk technician would need some sort of university degree

Based on what I see on indeed/linkedin

Nope

For help desk? nah, a little knowledge is nice, but a degree is not required at all

At least here in the US, help desk is the starting point for everyone*

What do u do in help desk? backup? lol

Solve tickets

Ticket will come in, you see if it falls within your responsibilities, if it's something more technical you send it to the next level

Oh okay, I thought maybe installing new hardware

But probably every country is different

Thanks for the advices btw 🙂

Is CTI freelanceable?

Do you have prior experience?

Doing it rn

I'm not familiar with that side of the house but you'd probably, this is a guess, have to make a consultancy or something like that

Gotcha

Id look at some other areas of the cyber domain and see how they navigated it

Consultancy/S-Corp and make a business out of it

You'd need to leverage former coworkers and industry contacts to get off the ground

It would be a ton of work

Or if you don't want to be a salaried employee, you can look for 1099 (US designation) opportunities. These are positions companies are hiring as contractors but you have to again to a ton of work to make it happen

Thanks a lot Moose

Really appreciate the advice

Not a problem. Just a reminder to not follow this seriously, use it as a pathway for research and to find people who have done these things.

@tribal flicker spammer going around channels and posting random emoji

ty <3

Gave +1 Rep to @serene gull

hey i was wondering when you guys study for certs do you prefer a digital version or physical book and why? i was wondering which one to get

digital all the way, I do write notes though, copious, copious notes

So true!!! in Malaysia too

@pseudo creek thanks for the input !! C:

Gave +1 Rep to @pseudo creek

@little stone, see if you can find a volunteer role in some sort of IT position. That's what I did before really landing in IT, and I think it helped.

We don't really recommend free labor. It more often than not is to your detriment than beneficial

I'm not sure how things are structured in Italy but if you're in school, look for an internship. If not, look for apprenticeships or entry level positions. All of those should be for pay.

It’s not that bad for IT I think but for my previous role (post production) I had to work for free. We got entry level jobs for IT with low pay but that’s fine since they requires almost no experience

I much prefer digital because I can purchase and get it immediately and can read it at night or on the go without worrying about walking around with a bulky book. One downside with digital is some have DRM and limits how much you can copy and paste from the digital copy

Has anyone ever come across elastic stack before? This company I work with uses it and I’m trying to get into SOC there but until my application I’d never have heard of it

Yes, elastic stack is the company behind the ELK Stack. Lots of reading in your future

Or elastic now

Is it in general similar to Splunk? On a learning plan as a result of the interview to potentially get the role in 6 months time but I can’t find a lot of material on it

There is a ton of material on it

Google ELK Stack

Elastisearch, Logstash, and Kibana

Right okay, thanks, I was just going off what one of the analysts I was talking to about it, they were telling me there’s not too much learning material out there other than a couple of videos made by the company

Yeah, sorry but they are mistaken

The docs are your friend

They may be running it in some custom way which won't be reflected in the docs, but otherwise the docs can get you there

Ha, just noticed your name as well, relevant

Thanks for your help @stoic cave

Gave +1 Rep to @stoic cave

@rugged sable hi i saw your post in jobs-board and was wondering if your company take international students for a remote internship during this summer

Yo I am going to give interview for an appsec kinda role what should I prep for? I am thinking to go for OWASP and remediations of other attacks as well.

How doomed am I to work helpdesk if I've got no professional IT exp, but I've got up to security+ in certs?

a lot of it is country dependent... Do you have a degree? Do you have other work experience? without those, it will be much tougher

USA, I've got office experience and reception exp at my current job (4 years), bachelor's in an unrelated field (economics)

I think you can work it then, you may still need to work on a portfolio, but I'd aim for SOC analyst, you could also try sys admin if you have windows/linux admin knowledge or network admin if you have network admin knowledge

Any advice on how I'd get a portfolio going?

Or what kind of stuff I'd put in it

generally people do a blog and/or gitlab, show off scripts they make, gitlab has the ability to make a website with gitpages, show off writeups you've done and what not

you could also look for GRC analyst positions, those are really good entry points for people switching fields to cyber

So I should go back and do writeups of the challenges I've done, and look more into writing scripts and stuff... got it.

Thanks so much for the advice

You've given me hope again

yeah don't despair

Hey everyone, passively studying for CISSP while focusing more on 'lower-level' certs. For the domain requirements, how stringent are they on the domains? I used to work in MIL and while my role wasn't strictly IT, I had to handle certain parts of it during my career such as data integrity, sharing, storage, etc. My biggest concern is I'll do the test and they'll disagree with my justification, and be given the Associate of ISC qual instead.