#cyber-and-careers

what you guys think

There's plenty of security internships available

can you give me a link or something

Depends on the country you're in, as well as when you're applying. Typically internships are during the summer and the closing date for internships this summer has passed in most cases

hmmmm....

Best place to look is honestly just Googling for them

and LinkedIn

will check

thanks

It's equal tbh, hence the question. I've heard that you can transition better from SE to cybersec than the other way around. What do you think?

hi

first I did CS50 which is a programming course, I loved it

on THM I did Pre Security, Jr Pentester, now doing Cyber Defense

I want to program again

what are programming jobs that are related to what I learned on THM ?

There are tools development for cyber, you can also look at DevSecOps jobs

thank you I'll take a look

Gave +1 Rep to @pseudo creek

so you would say that software engineering for tools in cyber would require knowledge in cyber?

if so I'm happy, I put so much time in THM to then find out that I actually just want to go back to programming

time not wasted

yes

What should I do if I want to transition from software dev(2 years of exp) to cyber?

Look for Application Security related roles ^

Discover which parts of "cyber" interests you and work towards the skillset needed, as you are a software dev a application related security role would be "easier" to obtain.

would certs help

certs and bootcamps would help i would imagine.

even though it's costly, it' may be worth the investment to be employed

Certs would help to a certain point yes.

hey guys hope everyone doing well
I am preparing for comptia security+ exam and i have CCNA too already so i was thinking in real life practical jobs stuff what will you do i mean lets say a security analyst, they do have responsibilites but in short what will u have to do, generally speaking

https://businessdegrees.uab.edu/blog/a-day-in-the-life-of-an-information-security-analyst/

Should I be suspicious of copmanies on Linkedin advertising for Penesters WITH no experience ? Something doesn;t feel right ....

damn people complaining that companies want loads of experience now the same for no experience

I'd be skeptical, but it does happen. Many places prefer to grow their own instead of hiring experience.

I am guilty both ways but I atleast expected an educaton level but this seemed too open door ....

I would assume if they are asking for someone with no experience, they plan to pay peanuts

Basic offer and demand mechanics at play as in any other market. If lots of people are fit for the position right from the get go, then don't expect to have a stellar salary.

It seems companies couldn't just find the skills needed so they would rather hire people with no skills and train them. As a matter of fact...I have to have a plan B in case we can't find the infosec analysts we need at the place where I work at (Guess which platform will be part of their training )

IMHO, if that's the thing you REALLY want to do and you don't have experience or certs to attract the attention from recruiters and want to get into it right now, it's a great opportunity. I would milk it as much as I can, get as much exposure as I can to anything related to the job (How scoping, SOW, RoE docs are drafted, how findings are communicated to clients, how tasks are divided between team members, etc) and after 1 year and some months I would move on to something better paid and that represents a bigger challenge.

im having trouble finding a roadmap for devsecop on roadmap.io. any recs?

Makes sense to hire with no experience if you plan to train them yourself, allows you to refine the person to have the skills desired for probably a lot cheaper than outright employing someone with those skills already, just takes more time

hey guys, m looking for an internship 👀

couldn't find any
cuz they either require an undergrad or any cert

any advise?

This is largely country dependent. In the US, internships are primarily for current college students.

true that, m also a college student (first year)

just got into uni

again is largely country dependent... based on you calling it uni, I'd say you aren't in the US... maybe if you state your country, someone can provide advice

India

@pseudo creek Please, oh mighty one. Bless me with employment.

https://tenor.com/view/praying-pray-snoop-dogg-begging-please-gif-12502205

ya gotta do the work

m ready to put my 8 hours a day

Hello everyone. I need a little advice on something.

If i had to choose between joining a big company and a start up for cybersecurity. How should I make my choice?

can anyone suggest me some companies in india for cybersecurity ?

good question . I am also pretty confused

Write both pro’s and cons down and compare I would say

Im presented with this decision this week and im stuck

Thats what i did didnt end up to a conclusion

Is there anyone here who have worked in a small/startup company in cybersecurity?

I have worked for a startup multiple times

How was your experience?

I prefer startups over big companies

Why?

My experience is that big companies are slow, everything takes ages in which startups are the opposite

Startups usually gives you more responsibility because they have less people

Yes you are right on that. Big companies have a very "controlled" environment and work plan

But what about career overall?
Do you think it might affect my resume in any way?
If for example my CV have a big company name there dnt you think it will have more value?

I have learned much more at startups then at the big companies

how to get cybersecurity job in top companies like google , amazon etc

Yes

Being extremely good with a extremely good resume 🙂

I work for a small company (≈10 people) but they're not a startup

Or have the right connections

The choice i've been presented is also not a startup. Its more like a small company with up to 25 people

Don't have to deal with corporate nonsense, big advantage

We can get everyone in one place for beers, which is good

which companies will you suggest to get internship in for freshers

So you mean better mental health in a way

Not exactly

You know all your colleges which is rare at big corp

I feel like there will be lots of competition in a big company and that will affect my ability to learn new things

There are plenty, start doing your own research first we cant answer that question for you

can you suugest any names

I will soon finish my bachelor's degree so you can say this is like a start for my career.. besides doing bug bounty at home when im free

https://www.google.com

same here

although i haven't done bug bounty

Also did an intern in the past

As a blue team

Although my interest lies more in red teaming

What job are each offering you? Often you get more different type of experiences in smaller companies but may have more growth opportunities with larger companies as they may have a lot of different roles. You may also have a larger pool of mentors

For the small company its cybersecurity engineer and the big one is cybersecurity consultant

But for the big one i will have mixed responsibilities: like pentest, some blue team stuffs among others

Its just the job title

For the small one i dnt think i will have anyone to mentor me

Why would you think that?

And what would be your responsibilities as a cybersecurity engineer?

Because they just introduced a new department for cybersecurity. If i join there will be myself and another guy

Pentest, patch system, do vulnerability analysis, report, among others

Hmm

Ensure the system have the required policies for different users

Pretty much the same thing but for the big company will be able to work on different kinds of systems

For both, you will be providing a service for external customers or are they internally facing?

External customers for both

Might get internal stuffs as well

I’d be a bit concerned about the small company, I’d classify it as much higher risk

I’m also pretty risk adverse though

Yeah but apparently they have approximately 100 customers

And again
This is just the start of my career. I will obviously move on to another after a year or so

Is the other person you will be working with very experienced?

I dnt think so

Basically pentesting should be learned under an experienced pentester, you could easily crash and burn

But worst case, you move onto another company

I dnt want to have like just a few months in a company then move on to the next (except if the workplace is toxic or something)

Aiming for a mimimum a year

Having 2 juniors doing pentesting for external customers sounds like a recipe for disaster to me

I second this. My initial experience with pentest was being a handed a seat for MSP and being told 'don't tip anything over'

Im strongly leanint towards the big company here because i.will get to explore different types of system/project

It was not nearly as good as it could have been

Pentest is easy to say than done in a company

Just wait til you take a customers critical system down by accident

That would be horrible

honestly, we expect every junior person to make 1 big mistake within the first couple years... thats why you have supervision/more senior members there to help correct asap

I took down an entire site down once... was quickly corrected though

Question regarding pay. I'm currently making ~65k in my current job, not related to IT or Cyber. I'm in the final interview stages with a company for a cyber consultancy/auditing position, but am unsure how much of a paycut I'd be willing to endure. Does getting a foot in the industry matter then those first few months/years of pay in the industry?

Consulting is a different beast. You are a paid expert for 3rd party contracting, expect to be paid reasonably well. I personally would not take a pay cut from your current position, unless the only role offered is very junior.
If you do not have other IT experience or a comp sci background, expect that to happen.
Another consideration is that the ideal consultant from a business perspective has a very narrow knowledge area and expertise.

That's both why I see this role as a pro and a con. I have a degree in cybersec but this would be my first cyber/IT role so I'd expect a 'junior' level of pay. I'm aware that the art of negotiating requires me to have leverage, but I'm not sure how I could argue for more pay if they offer less than what I'm currently getting. Is cyber consulting/auditing career suicide then if I'd like to end up in blue/red teaming?

Auditing, from either side, seems to be a common stepping stone to more aggressive security positions; one of the most hated aspects of pentesting from the business side is that many pentesters just want to break all the things, without understanding scope or risk; I have heard a couple of hiring and training managers from a fairly large auditing firm complain about it.

If you have a cybersec degree, my understanding is that you are more pigeonholed in what domains your degree applies to with respect to being a SME than a similar comp sci degree.

I tried to stress that in my interviews tbh, that while it's fun to break things I get more joy in learning the "whys" and preventative measures that can be taken to not have theses vulns in the future. I don't mind using this job as a stepping stone (or a long time gig if I enjoy it), I just want to avoid getting pigeon-holed into an industry where if I don't enjoy it, it would be considered irrelevant (ie. auditing /=/ sysadmin) per se

The incident response team is hiring at Visa! We are currently hybrid so applicants should be located near Ashburn, VA or willing to relocate. We can also sponsor work Visas.

Our team follows the sun so you don't have to worry about graveyard if you apply for Tier 1.

Tier 1 Analyst (Shift Work)
https://smrtr.io/8VzB9

Tier 2 Analyst (Not On Shifts)
https://smrtr.io/8Q3Fd

10% 401k match, and annual cash bonus and raise is standard. 20 days minimum PTO plus federal holidays, floating holiday, time off for kids school, voting, and more

Feel free to DM me with any questions, I can refer applicants who reach out to me.

Hey! If you are a recruiter, please vet your position with @tacit bobcat , and we have a special channel specifically for posting job reqs too. #jobs-board

Send me a mail from your professional email and I can get that set up (hydra@tryhackme.com)

@molten heart ^

Is that a legit domain?

ICANN has no information and neither does Google

first link goes to https://jobs.smartrecruiters.com/Visa/743999822561161-cybersecurity-analyst

second to https://jobs.smartrecruiters.com/Visa/743999821031537-senior-cybersecurity-analyst

looks like it may be that smartrecruiters thing shortener

Gotcha

seems to be running an nginx anyways 😛

is probably legit

what are the jobs that are the most full remote?

For a while now I've been mucking about trying to figure out what kind of security specialization I wanted to go down, but something's recently caught my eye. I'm exploring a little into cloud related stuff for AWS and Google Cloud Services, but I noticed there were job types that go along the lines of the role "Cloud Security Expert" or something buzzy like that.

Anyone have experience concerning cloud security operations and what it entails. Curious what y'all think of it. I'm not entirely sold on it all, but it's itching the part of my mind that is magnetizing me to it, currently.

If I'm really going to jump into Cloud related stuff, I figure I should probably pick up CompTIA's Cloud+, Server+, Linux+, Security+, AWS Cloud Practitioner, AWS Security Specialty, ISC2 CCSP, and then ISC2 CISSP? Probably some google certs to consider for cloud as well? Spitballing what kind of information I should be picking up for certs that would improve my value concerning this route should I decide to waddle down it.

Most tech jobs now...

maybe in the US yeah

lucky b-words

No... Many many countries.
If you want advice specific to your country, ask for advice specific to your country.

hey guys what are the jobs that are the most full remote in France ? thx

good luck, France is still a bit backwards w/r to remote work

Idk if you need all those. I’ve seen people get into cloud with just an AWS Solutions Architect cert. You’re most likely not going to land a cloudsec job with only certs, no matter how many you get. You’re gonna need cloud experience

Yeah, that's true. I suppose what I really need to work on is breaking into it as entry level cloud solutions to begin with and slowly work into cloud security. I should probably just look for the basic cloud certs to start with, though that may even be out of reach for me as I have no industry experience at all. I should probably start trying to look into getting help desk or PC repair experience to start with, maybe?

Basically cert collecting isn't really the way to go... not sure there is much value in Cloud+, Server+ or Linux+. Even the AWS Security Specialty isn't something I recommend unless you are aiming to work for a small company and hope to implement AWS specific security services. Personally, I recommend AWS Solutions Architect Associate. You can get a cloud job without cloud experience but IT experience will help

CCSP is also really just a generic cert, not extremely valuable for entry level positions

I'd definitely agree with this, the certs are really only of value if you're working in a specific role but it would be expected you'd have other certs and experience prior to getting into a security role. The CompTIA certs like A+,Net+ are very entry level, Cloud+, Server+ I wouldn't see of benefit unless you're also working/certified in Windows/Linux and AWS Security is only really of use if you also hold other AWS certs. AWS certs are widely recognised and the salary for holding several of them can be some of the highest paying roles in the industry but hanging on one AWS cert is not getting you very far.

SSCP, CCSP are fine if you're pursuing the ISC2 track but they're really at the same level as CompTIA Sec+ as far as recognition goes. CISSP is still one of the most in demand cybersec certs even though it's intended for people with many years of experience. Overall though it's your experience and abilities that matter

Hi

I need to start
please guide

Do you have a specific question?

@pseudo creek @rugged delta Thanks for the insights.

I imagine then focusing on AWS cloud certs and then seeing if I can spin cloud security into it as I go? Are the google cloud certs worth it to get or are they kind of niche and situational depending on the company? I don't really hear much about google cloud services and enterprise solutions. Another thing out there is Microsoft Azure certifications that seem somewhat useful but I don't know to what degree.

Essentially, what I want to do is go down the AWS certification path for cloud stuff, and maybe start poking at Security+ and the ISC2 certs as I go?

Gave +1 Rep to @pseudo creek

following on from all the cert talk, i'm planning on taking the CompTIA Security+ pretty soon, but it sounds like even if i go through with getting certs i won't really be able to get anywhere? My degree is in game design, and i've spent the last couple years teaching game design/esports in a college, so would it be worth following the Security+ with an MSc in Cyber Security or would i realistically be able to eventually land an entry job with certs + dedication 😂 (UK, but would rather move to EU - if that changes anything)

A masters is more of a hindrance than a plus early career. It prices you out of entry level positions. I'd wait until you have a need for it, ie a company wants you to get it for promotion/management, and then have them pay for it

That's a really good point that i hadn't considered, thanks a lot! Will stick to dedicating myself to learning and picking up relevant certs and eventually try to get an entry level role 🙂

Gave +1 Rep to @stoic cave

I'm not sure you have enough relevant professional experience so you may want to apply to some IT positions to build out the resume. Don't let that stop you from applying to security positions, but also don't feel down if you don't hear back from places.

makes a lot of sense tbh, will look to try get a straight entry in the beginning but if it ends up not being reasonable i'll pursue some more IT exp as an entry to the entry positions

Yes, I think security+ and AWS Solution Arch Asc will set you up nicely. Google cloud just isn't as popular

Gotcha. I'll hit up the materials for Cloud Practitioner to dip my toe in and if it seems to sing to me, then I'll make sure I take the exam for that cert and work on the higher ones.

Anyone looking for a team to do Google CTF with? 🙂 Also looking for members to join! Good to gain practical experience, release writeups etc

@red coral just sent you a message

No worries, I'm okay with it.

Hi, mind if I message you? I'm interested in joining for Google CTF :)

AWS is the biggest cloud platform in terms of the size of their cloud deployment worldwide, number of data centres, number of services offered, volume of client usage and experience in cloud management. AWS is the oldest of the large cloud platforms and salary for holding AWS certs is one of the highest paying globally. holding multiple AWS certs can net you a salary on par with high tier cybersec roles in some parts of the world.

Azure is the 2nd largest of the big three in terms of deployment size, usage and services offered. Their certs are not as widespread as AWS but MS have been pushing into a lot of organisations. Google Cloud is not as large as the other two but still has significant deployment and use, though not as many services on offer. Their certs are recognised in the cloud community but most cloud workers tend to certify in AWS, as although many of the services across the big three are similar, there are a few subtle differences.

As @pseudo creek says, AWS Solution Architect Associate is a good first step, since you need a good foundation in Cloud knowledge. I use A Cloud Guru for Cloud and Linux training but AWS has there own training solutions and there are others in the market

Is AWS Cloud Practitioner worth getting at all? Or should I side-step it and aim directly for Solutions Architect? What caught my eye initially was SysOps Administrator but looking around on even Glass Door, there's pretty much nothing in association to that cert aside from a generic SysOps listing. Would it be then the play to go Solutions Architect Associate, then work on pushing into Solutions Architect Professional?

It's worth reading the Cloud Practitioner material but that exam is mainly aimed at managers and sales people who need a good overview of the platform to interact with techs, clients and other people in the organisation. The Solutions Architect, SysOps Admin and Developer Associate are aimed at entry level cloud technicians and engineers and cover all the basics you need

Ah, okay. So it's good information to know, but not necessarily something useful to certify for a resume. I think I'll work on Solutions Architect then, grab up the other two if I can, push into the professional version of Solutions Architect, and then grab Cloud Security on the side and start working towards Cyber Security related certs focusing as much as I can on Cloud related stuff. Thank you for your insight!

Gave +1 Rep to @rugged delta

I guess it's worth pointing out that if you re aiming at the security side AWS - then Pentester Academy has some pretty solid labs which will complement your AWS certs.

Interesting. I'll keep that one in mind, as well. I feel like the more wide-spread and commonplace usage cloud type infrastructure is used, the more relevant security focus on cloud services will become which might be a good "long play" to make. We'll see what goes down in funky town. Many thanks!

Spot on! I will also recommend adding Python to your tool kit as I have seen a wide variety Cloudsec AWS jobs listing Python in their requirements

Python, ay? Alright interesting. Will do. Thank you muchly!

Gave +1 Rep to @peak hazel

Here's a job currentyl being advertised: https://www.genomicsengland.co.uk/careers/open-positions/platform-engineer-security-aws

there are a ton of jobs that require AWS knowledge

I've been working in Cloud security for 6 years?

Is there anything else that seems to be in heavy demand similar to AWS? I see AI occasionally. IoT used to be buzzing for a straight minute and then I hear nothing about it. One I do see often is stuff to do with scrums and agile.

Security on industrial control systems and other tech that isn't immediately conventional IT

Interesting. So unconventional and sort of niche things are also in demand that require dedicated security. Didn't think about that angle.

Please clarify

ICS security is lagging... Hard

It's getting better though

That's one field I'm interested in

hi, I am applying for a security automation engineer position. I am updating my cv now. can somebody help me with it? I can send my CV

Redact your CV of PII and post an image of it here

How does it look? sorry I deleted personal information so it looks a bit off.

If looking for internship - this might be useful: https://www.cybersecurityeducationguides.org/guide-to-cybersecurity-internships/

Hi is anyone from CANADA, dm me please need some help
general q's about starting a carear and moving to canada expenses and stuff

ty

As I said, it's always best to ask the question(s) directly

If moiz keeps doing it, any chance this will be marked as spam?

“Don’t ask just to ask” - smart person I know

So you proclaim yourself to be selftaught but you've been in a professional role for 3 years. (99% of cyber people have never had formal education in Cyber). I would update your professional summary including what you are hoping to do.

I looked at your writeups, they aren't very write-upy? Basically you show screenshots of what you did but its not a writeup, more personal notes than anything.

You are also trying to showcase a web interface you wrote but your README is poor, doesn't describe what it is, the purpose, etc.

Also the skills certification and your certification being on the side makes it harder to read and easier to ignore.

Basically, your resume is bland, your github is bland.

Top to bottom:

Profesional Summary - don't need it, write a cover letter if you want one.

Employment history - put it below education as you don't have a lot.

Education - bring education up and mention nay courses that are relevant to computer skills in a relevant courses subsection.

Extracurricular - fine where it is.

Skills - put below education and make certifications and languages subsections. Look at AwesomeCV to make it look better.

The black lines don't look good

If I had 200 writeups 1 website 2 mobile apps on google play, I learnt by myself from end of 2017 til now. Which was count as experience?

Do you currently have a visa allocated to you?

They were directed here, and this is really minimodding I'll be honest. If you think there's a problem, ping a mod.

most cover letters won't be read, I think a professional summary is fine but it should be max 2-3 sentences and should have a purpose

I mean the same could be said for resumes but

I understand. That's a question I am curious. Not trying to violate #rules

It's definitely not spam because it wasn't repeated and has value in this channel

Just my personal opinion on the executive summary

Especially once you get a thicker resume

mostly because I've reviewed so many resumes and it is just so weird to see a resume and then look at the job they are applying to and both don't speak the same language... I do not have a summary on my resume because my experience aligns with positions I apply to

HR doesn't even send us cover letters if they are included, only if I get access to the system do I see the cover letters

That kinda seems like a problem with HR

true true but they also know managers won't even read them

sometimes we get a dump of 100 resumes... so its like 'go sift through these'

Yeah, idk, I kinda owe my current position to a cover letter. So I may see them as more valuable than most

Take the top half and put them in the shredder. You don't need unlucky people in the company...

basically I see the professional summary as something that links your resume to the job you are applying to. I just personally like to see them otherwise I assume you are just doing a resume blast and you aren't really looking for our specific position. Exception being if your experience is in line perfectly with the position (like I said, my resume does not have a professional summary)

Have to agree with the HTB writeups. Just looked at them and they aren't very presentable. You have to click through folder structures, which is annoying already, and these aren't what I would describe as walkthroughs. These straight up look like personal notes.

What if I look at the JD and research the tech stack they use, without experience but I know I can do it. Should I apply for? Any chances, it can bypass the experience requirement?

Depends on how much experience they are asking for. Self-learning is a lot different than the knowledge you pick up on the job

sure, I've gone into many jobs without specific knowledge or experience in the certain areas

But you've had professional experience previously

I think they are talking about having zero Profesional experience

well my first full time job was a WAN admin, I had a part time IT job at my college... but no professional experience

it also depends, are they asking for 10 years experience or 1-2 years?

That was going to be my follow up

As I learn cybersec myself and more subjects about human psychology, the professional experience may comes from 1. understanding the situation/ the tools/ the protocols 2. The mindset to think to solve problems

yeah no

No, professional experience is pretty specific

professional experience really involves working on a team, taking direction from management/leads and working in a professional environment

I agree 👍 100%

but that's what I don't have currently

so is the job asking for 1-2 years experience or 10 years?

2 to 4 years

so your chances are slim to none but you could apply, wouldn't hurt

I know my path will be rough. So frustrating

keep at it and you'll get it!

Sebastián Ramírez, creator of FastAPI (a web framework for creating APIs based on Python) reported a similar case on Twitter a couple of days ago:

“I saw a job offer the other day. It required more than 4 years of experience developing with FastAPI. I couldn’t apply because I was only using it for 1.5 years … since I created it.”

“Maybe the time has come to re-evaluate that ‘years of experience = skill level’.”
https://samagame.com/blog/en/when-a-job-offer-asks-you-for-more-years-of-experience-in-a-software-than-it-has-been-since-it-was-created/

I agree in specific technologies, usually years of experience is for professional experience in general... a recent topic came up in another discord the other day, person had no IT experience but had done lots of freelance work/bug bounty AND had previous experience in another industry (construction). I was like, I'd totally interview them because they have had to work on a team, under direction

It force people without experience to do other freelance jobs. Or think again before reading again

well that becomes tricky because no one wants to be your first job

If a person has some skills earned on other positions, definitely worth considering because they'll probably be eager to learn and stick around if you're supporting their growth and education

that is why IT help desk is often recommended

That causes another problem about spending time

its a huge risk to hire someone if they have never had to work for a paycheck

so why would they choose you over the 50-100 other applicants?

something else you could do is develop a unique skillset

https://tenor.com/view/liam-taken-point-gif-18698093

@quick forum I did some changing up

now the one thing, and i dont know how valuable it is, is having a place for notable projects outside of school/work

I personally think thats important but maybe not?

yeah, I just don't really have any projects on mind that I can put there

cause all my projects are ongoing non finished ones

ah i see

for mine I have my home lab/ unraid server, and ill add that ive set up elastic in a cloud VM when i revise i think

my contributions for making CTF challenges as well

Descriptions much better

thx

Gave +1 Rep to @quick forum

Just looking to see if anyone has any advice for improvements I could make to these sections of my CV

This might help you as well too: https://www.qwikresume.com/resume-samples/automation-engineer/

Cheers, I'm changing up the style a bit anyway, so there's some colour in there haha

No worries! Also here https://www.indeed.com/career-advice/resumes-cover-letters/resume-for-automation-engineer

Yeah, am just going for a job at a local shop for over the summer holidays 😄

Summer holidays nice 🙂 I have interview tomorrow but it's distracting from Cyber studies sooo I might decline and take rest of the month to just get it done. Good Luck Burr.

Cheers 😄 Gl yourself!

Changed the font from Arial to Calibri Light, changed some of the colour to the blue style that word has for text and we've got this

Looks a little less plain, idk about the colour though, might turn it black again icl

I'd put your name as the title and left align

Fair enough will do, remove curriculum vitae entirely yeah?

Up to you, could do Burr Burrson - Curriculum Vitae but I know you just want to flex your latin GCSE

Nah, I remember nothing from it, it was just how the sixth form had us do it when we did it then

Reckon the colour's a bit much?

I would suggest using a nice looking template instead of a roll-your-own in MS Word

Yeah, I looked at the ones word comes with and icl, I thought mine was better but I've not looked else where

As I say, it's not got to be beautiful because it's a summer job, my biggest focus is definitely the wording

First impression you get with an employer is your resume. A 'meh' resume doesn't do you any favors.

Of course not but I think the wording is also important, I don't want too much time putting into the look, I want it to look worth reading but not like the focus was aesthetic

You really need both! If if looks poor - you appear unprofessional too.

It's a balance imo, if it looks unprofessional it'll get put aside but if it looks like you care more about how pretty it looks it'll get put aside also

True! I remembered trying to send a video CV I once saw on Youtube for an IT Role. .... and when I got to interview stage - they wanted to what I was thinking 🤣

Latex

I wouldn't use anything else

Not necessarily. A well-formatted and laid out resume that is mediocre content wise is easer to read that a bad looking but well-written resume. Which one do you think HR is going to forward to the technical hiring manager?

Machine readable, looks nice, etc

Your first approach on the resume is 'how do i get past the HR filters'

This is what I've got atm, it's not a template but I've changed the style a bit more, a lot of the templates I'm seeing have a sidebar which I don't think is ideal where I don't have much to fill it with

Also I don't mind people knowing my name so dw about it not being redacted

So resumes differ throughout the world but I highly dislike the bubbles trying to show knowledge. Basically if you put 4 bubbles, I assume you have multiple years of experience in that one area and would be a SME... if you have 5, I'd assume you basically are one of the people in the world with top knowledge in that area. It is really meaningless for most people and hard to judge.

You don't need to list Office as something on a resume, it is mostly assumed in tech. When you say Windows, do you mean Windows desktop? or Windows server?

Your contact info seems to be taking a lot of space

If you do a side panel none of the things in that area should go beyond one line but your Hobbies do

The title is actually the same colour, it's just in the header bar

I removed the bold from the information under the name

Do you have to list your grades? I never have. I said have XYZ, Passed ABC certs but maybe things are different in other countries.

It depends on how much you've got and where you are career path wise

DOB? is that normal to put on a resume where you are? Your contact info is taking a lot of space and you aren't using your right side of your resume. Your personal summary should not have "I" in it and also you should get rid of fluff/subjective items. This should also be fairly concise, 2-3 sentences max

Why do you include your grades? It isn't a transcript.

Why is your work experience near the bottom?

Interests should be on the bottom but should also be concise.

I've not got certifications and even if I did, I don't think my local shop knows or cares what they are but seeing my english language grade is probably important to them

I put work experience near the bottom as I've got very little, only having worked one job prior, I was told to include grades when in 6th form and when I got my first job in it I had them in so I guess I just kept them in.

I'll remove D.O.B that's non-important and I'll see if I can jumble around that top section a bit and remove the Is etc.

ok this must be something UK specific, I mean I'm speaking from a US perspective but this resume wouldn't get very far

I don't know, I've just been updating my CV from the one I used when I was last working

How would you make the bubbles into words if I might ask?

could be that it isn't worth listing all my GCSEs now that I've been to 6th form but idrk

Could I list it as Telephone: Landline / Mobile on one line?

drop the bubbles is one way... another way is to make a descriptive skills section... things like
"Experience in automation utilizing Python"

Yeah definitely no DoB

I would only list 1 phone number

For schooling, you usually put your grades. It matters until you've got experience

but they do?

even if experience is a few years old

Enough relevant experience

I've removed telephone in favour of mobile instead

Got it down to address, mobile and email

It's a single entry for experience, education will be more important here.

Not sure I'd go as far as GCSE but eh

Should I put mobile and email on one line and use some of the right side or keep them on separate lines?

I have all my contact etc on one line at the top, below my name

what about something like "confident x amount of years"?

Cheers

If it's not professional experience in it, I wouldn't

Extracurricular at best. There's a huge difference between performing an activity as a hobbyist and doing it professionally.

with my resume, I put I am a self learner and do list things that I have self taught

Also @proven crag I really really highly recommend talking to your uni careers people. My uni has a CV help thing where they'll talk you through improving it

I'd have to put address on a separate line to mobile and email unfortunately as their isn't enough space when I try and put them all on one line

Address is not relevant

It's 2022

Not 1960

Self taufght - does that include onlince courses?

Would you not say for somewhere local that it might be important?

Not really

self taught to me is project based, things I've actually done

How you get to work is your own problem ¯_(ツ)_/¯

sitting in front of a coursera video, answering a few questions is not it

But my Coursera could is teaching to build stuff - mini projects ect??

True I guess, it's only one line though that's why I'd debate it

like when I went for my current job, I followed a udemy course where I created a pipeline which included packer and terraform, and did some other related projects, I did put on my resume that I was in the process of learning deployment pipelines using packer/terraform

lots of people go through coursera not doing any projects thoug

I also had a github that included those projects

Thank you @pseudo creek Great idea. I might need to follow Burr's idea and post my CV geared at cyber jobs when ready 🙂

Gave +1 Rep to @pseudo creek

Also would it be better to email and sort references to include in the CV or leave it as available on request and give them if requested

Available on Request is on mine

As I have none for certain yet but can speak to any of my uni and sixth form tutors as well as my previous employer assuming they haven't left the company

Remeber you can use academic references too 🙂

wdym?

as in uni and sixth form tutors?

Yes as professional referemces if you have no others: https://www.snagajob.com/blog/post/who-can-i-use-as-a-reference

oh yeah

Obviosly get their permission first and dont surpsie them lool

I've removed the subjective part of my personal summary but see no feasible way of writing a personal summary without I or being in 3rd person

Yeah, I'm going to email ofc

Imma put all my programming skills in a section for itself instead of under skills as I am self taught in all my programming

Because we all don't want to be Pentesters: https://cybersecurityventures.com/50-cybersecurity-titles-that-every-job-seeker-should-know-about/

How would you go about asking if someone is okay with being a possibly reference for you?

hey bro i’m applying for a job can i stick you down as a reference

just because I'm not sure how to word it really and I may not need them as a reference if the email I have for my previous employer still works

I just feel that would be too informal, especially when it's my sixth form tutors

ahh

I remember at sixth form with emails we were expected to be very formal

thought it was personal references

Nah

Hey <whoever>,

I’m applying for a job as a <whatever> and I was wondering if you would mind me putting you down as a reference?

Kind regards,

I'm emailing my tutors and past employers to ask if they would be ok with being my references if they ask for references but just in case I want to email my sixth form tutors because I know my past employers were having a lot of job shuffling so if they aren't there still I'd like to still be able to list a couple for references

Thanks, I appreciate it 😄

Gave +1 Rep to @static tide

Would you recommend that I send my CV off with the email or no?

Just because I've seen some places recommending that you do send it off to them (I've sent out my emails, but not included the CV just because I've stated what sort of jobs I'm applying for and being pretty generic I didn't think it worth sending a CV which needs to have slight changes per job application)

sending your CV with to your references? no

your references should either be:

1. professional (i.e. line managers)
2. character references
3. academic (which can also go into character)

they should have no need for your CV

Cheers, I've got them sent off anyway now 🙂

Didn't send the CV anyway

the whole point of references is that they want to know how others perceive you / how you perform

not what you suggest them to tell via things like CVs(:

Yeah, I didn't really see the point in giving them my CV, I let them know I was applying to local shops for work over summer but that was about it in regards to other details

Just so they have an idea what questions they could be asked etc.

yup, pretty much all you need to tell your references. If you're applying for places that do DV, then they'll also be interviewed (quite in-depth) about your character, so it's polite to forewarn them

perfect. Let them know you're using them as a reference, saying where you're applying is polite for when they get the call/email they know who & why they're asking exactly

Yeah, when they all respond, I'll thank them all and let them know if I end up using them as a reference (am not using all)

I've a couple of places I'll be applying to so I'll let them know when I respond

It's good practice & plote to let your potential references know that you're going to be using them as a reference before you apply

My reasoning being that I've emailed my sixth form tutors in case the my previous employer's contact details are outdated etc.

not only is it polite, but it also helps make sure that your reference is actually contactable. If where your applying can't reach the reference, it slows down your application a hella lot

I've asked them all if they'd be ok with it and haven't put them on my CV anyway

cool(:

sounds like you got it figured 👍

I thought, I'll email them all and leave the CV as available on request because then I can apply while I wait back for the responses

On your CV I would put something like "References available on request"

I'm not sending my CV in yet anyway

imho

but that's how I've got it atm

perfect

"References available on request" is much better than "I'm not telling you if I have references whether or not I have them at all"

I do doubt they'll care about references but it does no harm to have a couple if I can

Nah

References are v good

any decent employer will ask for a character reference

Yeah, I mean as I say, it's only work at a couple of local shops so I don't know how much they'll care but it's a good idea to get some ready

true say

I can ask if someone's ok being a reference and if they don't end up being contacted, nothing's been lost

Depends on the stores too. if we're talking retail, I interviewed for a retail store job in my 1st year of uni, despite 2 years work experience in IT, they asked about character references because retail is not IT

Although, once they've given me the green flag, do I let them know that they've been chosen as a reference after the interview (where I presume they would ask for references if they wanted them)

The last job I worked already had contact with my sixth form so I didn't end up needing any references

If you expect to use them as a reference, let them know that you're considering them as a reference before you apply

Oh yeah of course, but would they ask for references at an interview usually?

no, they should've considered/asked for them them already by that stage

Right, cheers

at least in my experiences of interviews

I mean I can't imagine it matters too much as long as you keep your reference up-to-date with what's going on

I imagine that's the biggest thing

pretty much aye (:

it's just about your reference being contactable and recent

i.e. no real point using a reference who hasn't seen you in 6 years or w/e & theres a chance their phone number no longer works/ is theirs

Yeah, that's why my ideal references would be my previous employer and my academic advisor

for some professions your references have to be within <x time (:

yup perfect references

My previous employer last saw me in 2020 (I was still in sixth form then but I see an advantage to having a professional reference in addition to an academic reference)

so getting my academic advisor instead of sixth form would be better because it's more recent, plus she's able to see my overall grades, attendance and taught my ethical hacking module so she's seen me in class and talked to me before

your advisor yes, they'd be a good character and academic reference. I assume you'd have a more 1:1 basis with them than somthing like a tutor in 6th form where the tutor groups (not classes mind you) are like 10+ people

Yeah, it does depend a bit though because my computer science class had about 6 people total

and my sixth form tutor taught me through from year 8 to 13

6th form tutors are very often subject teachers, so they will be teaching 2/3 groups of timetabled classes in 6th, let alone the lower years

Yeah for sure, I can see advantages of both

ultimately it's whoever you feel can give you the most accurate representation -- they are speaking about you

Honestly, they both have their pros and cons but given how well first year's gone for me personally, I'm probably going to list my academic advisor

Only module I didn't get >70% was databases at 68% and my attendance has been good so I reckon it'd be a good choice to go with my academic advisor honestly

does sound like it (:

well sounds liek you got it figured so gl

(:

cheers 😄 thanks again for the advice

I've had interviews in all sorts of roles: education, IT, (physical kind) security, NHS, retail, bar/hospitality and cybersec (I'm only 22 but I've been paying taxes since I was 16 lmao)

And I still hate them

np big man

Changed it up a bit with the skills

and removed the bubbles

hey
question regarding CV
how should i add the tools and capabilities i have
?
i think about either
listing subjects like
Network Monitoring: tool 1, tool 2 .etc

or i can add the tools as part of a line

Analyzing network traffic using Wireshark, Network Miner for example

yes, as part of a line is how I like to do it

With a little description?

Basically the purpose and how you used it

like to add it as part of sentence

• Detecting Incidents and IOCs using SIEM (Splunk), IDS/IPS (Snort)

so i add the tools and capabilities in one line

I still think saying "experienced" "competent" "proficient" are very subjective. Like someone who lists "experienced", I'd expect them to have years of professional experience

you have to start somewhere . . .

the exprience i have is from the course i took
and it is obvious in the CV
xD if they assume by the word experienced that i have years of experienced then well good luck for them

why would you be doing that?

-ban 923413421075075105 -ddays 1 Asking to hack wifi for free wifi.

🔨 Banned StrumGewehr#4116 indefinitely

Sea Lion, not helping

oopsy

is that agains the rules?

my bad i tought it is a joke

nah, they also DM'd me to say they were up to no good

lol
not smart i must say

dummies lol

Hey Folks,I'm Apoorv Gupta 3rd year Engineering student from India.
I am interested in cybersecurity (ethical hacking) from class 9th.
I have experience in linux,C/C++,Python,have good knowledge in DSA.
Don't know the guide or any path how to learn about cybersecurity in less time.

Hi everyone, does anyone here work in IT/IS Consulting? Curious about your day to day, career progression and pay scales. I've been offered a position at an IS consulting company but I've never even considered consulting until this came my way

Hi All, After some advice on the eJPT exam for the UK. Is this worth doing as an entry into Cyber? I have been learning on INE through their free eJPT sessions but noticed its all in dollars so wanted to make sure it will be recognised in the UK. Anyone have any experience with eJPT?

eJPT is good as a "I'm trying to get into cyber" cert, but the OSCP and eCPPT are more valuable if your dollars are strapped. Go on linkedin/indeed and look for local jobs and use certs as your keyword search, see what employers want around you

Thank you, that has helped a lot 🙂

Gave +1 Rep to @narrow iron

https://pauljerimy.com/security-certification-roadmap/
This is also helpful

Oh wow now thats a lot of certs

lol you're not supposed to get them all 😄 Just to show the framework of different industries, and that pentesting is but a small portion of cyber as an industry

Yeah, i appreciate the help! Ive been doing THM since the advent event and loving it, so fancy a career change but no idea where to start haha

Please someone answer to my question also @narrow iron @sterile crane

Start learning now instead of asking other people how to learn

I doubt there is any shortcut to learning Cyber, Like i say im fairly new myself. Ive been doing since Nov 19 and would still class myself as a beginner. Just jump on THM and follow the paths.

And don't be impatient like this.

I ain't asking for the shortcut, but thanks for some suggestion, I will look on THM and follow the path from there.

Gave +1 Rep to @sterile crane

holy mother of computers

what do want to do exactly bhai

I have coding experience, just want to know the basic rules. Ex: when you start playing chess, you ask for some rules.That's what I'm asking.

Well, hacking and cybersec is not coding or programming

So that experience won't help as much as you might think

Just get started on THM

ok

Id go, Complete beginner, then to the Jr Pentesting paths on THM. Both are extremely good at getting you to grips with some of the tools used.

ok

@narrow zinc This channel is aimed at careers in cyber security, please try #infosec-general

Hey there, so I 've been trying to land an entry-level cyber security job without any experience or degree. I am getting no luck and not even a single call back. I've added to my resume that I am top 2% on TryHackMe platform as one of my insights and projects i've achieved. I'm wondering If I add a couple certifications on my resume, will that get me a better chance of being hired or at least getting an interview?. Thank you in advance

You mind posting a redacted resume?

Preferably an embeded image here

I'm about to go to the store but I'll review it for you

Absolutely!

I've cropped and marked out a few personal info but here goes. Don't mind if you are stern in your feedback!

Professional Summary needs to be tailored to the role you are applying to, having a generic summary of very-much not professional experiences doesn't do you any favors.
2% on THM doesn't mean anything, I would not include it.
Skills shouldn't take up that much room. 1 or 2 lines at most.
You have more than 10 years of work experience, don't list items that don't contribute to your skillset relevant to this position. But don't leave a gap longer than 2 months, regardless.
The only things that count as Education are accredited programs. If it's not accredited, it doesn't usually have any value in the US.
Certifications should only be listed if you have them. If you don't hold the cert, don't list it. It may be OK to say that you are currently studying for one cert, but not more than that.
Hobbies should show outside interests and a diversity of interests not "I play security games on these platforms"

Yikes! I have a lot of make up to do. I will apply this towards my new resume though, It will be a bit hard adding any work experience that is related to cyber sec since i don't have any besides the basic security implementations I learned at Geek Squad for android, iOS, mac, and Windows systems, maybe i can add this?

Here is another resume i build as well, just has two jobs

I will implement what you told me on this last one and try to condense it more.

Find an entry level role you like; look at the job requirements and look at similar job reqs. Only pay for a cert if it's on a LOT of job reqs, as that will help open the door for you.
Don't get a cert without a plan for why you need it, and only pay for it yourself if it gets you the job.

The About Me is a wall of text. It should be easy to read, and you don't need to use first person. It's assumed to be about you, no need to specify "I"

Multilingual is only a professional skill if the job requires both English and Spanish (unlikely).

Career Oriented isn't a skill, don't list things that aren't actual skills. Being Tech "Savy" isn't a skill either.

You also left a 2 year gap since your last job, it's more important to show consistent employment.

I've noted all your point outs! I will fix my resume and remove words like "Tech Savy" and replace them with actual skills and words that pertain to something I can do

Appreciate your feedback!

I haven't read juun's critique, but I more than likely agree with whatever his suggestions were

Also sorry, the store took longer than expected

Hey absolute no worries 🙂 I completely agree with you as well.
I started to search what the most prevalent CERTS on Indeed were and saw that Security+, CySA+, CEH and CISSP were the most sought out.

This with either a Bachelors degree OR an equivalent combination of experience and training

Sounds about right

That posting requires military by the way

This one was only requiring diploma and some certs but also an active military

yep 🙂

So if i was an active member and had my Sec + and CySA+ i probably would of gotten that job. And relocated

North Carolina is actually pretty competitive

Fort Bragg is right there

And that's where JSOC is/does their cyber stuff

I've heard about them. Don't they have a cyber security team and training they do?

Who? JSOC?

They pull their cyber talent from all the branches

Nevermind im thinking something else

That's really interesting actually

Joint Special Operations Command

Man, that sounds elite

It is

That would be goals right there.

It's hard finding an entry level job at that

with no experience and degree. I think I should just go for my degree and score on an internship

I've already got like 4 credits than i dropped out, so now I have to pay out of pocket for 2 terms to be able to obtain financial aid again

My appeal was denied 😦

Maybe look at a different college? Idk

I was thinking that

Doing this online college

acreddited too

But than i'm also told on YouTube and other influencers on twitter that i follow that you don't need a degree

Degree can't hurt but I'm not sure how it works for later in life. @flat sedge is probably the better person to ask questions if you have any about that

all you need is a cert and some tryhackme experience

Thanks, i appreciated your feedback nonetheless

Calling bullshit on that lol

They're lying trying to sell you a course

I mean i understand. There is more than just having THM experience and some certs lol

Is it possible to get an internship without any college?

That's a really great question

I'm going to attempt this next.

In the US, it varies but I’ve seen people whose career has been held back by lack of degree

But where you get your degree matters less when you have experience

How would you go about gaining experience without having a degree?

What are your thoughts on cyber security bootcamps?

This one specifically https://bootcamp.uoregon.edu/cybersecurity/landing/?s=Google-Unbranded_RFull&pkw=%2Bcyber %2Bsecurity&pcrid=512902667736&pmt=b&utm_source=google&utm_medium=cpc&utm_campaign=GGL|UNIVERSITY-OF-Oregon|SEM|CYBER|-|OFL|_RFull_|ALL|NBD-G|BMM|Core|General&utm_term=%2Bcyber %2Bsecurity&s=google&k=%2Bcyber %2Bsecurity&utm_adgroupid=113190942433&utm_locationphysicalms=9032964&utm_matchtype=b&utm_network=g&utm_device=c&utm_content=512902667736&utm_placement=&gclid=Cj0KCQjwwJuVBhCAARIsAOPwGASp5VIMF3vMSPdSuxksMC5KQRA4ST4_zjyGt50pDJFAsDZ2JEVxDAEaAufBEALw_wcB&gclsrc=aw.ds

Scams…

Or should say money grabs

Not to insult you but what makes them scams?

besides all the money they want up front lol

I mean, do they teach you stuff you can learn on youtube and other places much cheaper?

Every single cyber boot camp I’ve seen basically tells you what certs to get and provides some support to get those certs, which you can do for a fraction of the cost

Yooooo, this is so true lmaoooo

That's what the rep was basically telling me

Like that one focuses on Comptia, look up professor messer and get network+ and security+

Also having 5 certs isn’t better than 2 when you have limited experience

Yes ! I told the rep I was already pretty much done with Security+ and Network + just haven't taken the exams, and she no longer knew what else to suggest me lol

If you have no job experience at all, id focus on IT help desk and SOC analyst

This is what i'm trying to aim for. What I do at Geek Squad really isn't really cyber security related. SOC analyst jobs is what I've been looking at

This one is remote and it doesn't require a degree or cert!

Nevermind they also do require degree. Anyway seems like I need to redo my resume apply for my Sec+ and CySA+ since that's what i;ve been seeing predominantly for SOC analyst jobs and hopes that i get somewhere. Thanks peeps

Also realize you will be competing against people that do have degrees but don’t let a degree requirement deter you from applying

I'm just gonna do all three even if i have to pay outta pocket for my 2 terms to get my financial aid again

I just want to do my dream job to be honest, which is to become a pentester

What do you think about agency that write wrong techs or require too much in the JD?

How do you guys modify or polish your resume? Im thinking about have freelancer helping me. Idk if it's gonna work or not

Not all that improbable, although degrees do help you get your foot in. Cyber security is not a beginner field to work in, so any experience (especially IT-related) will be great

part-time (especially entry) cybersecurity roles are hard to come by - but they do exist. Be careful trying to balance your studies, performance at work and life - it is very tough. I'm doing the same right now, and I can tell you, I'd rather stick to one or the other.

Gave +1 Rep to @quasi stream

Been trying to figure out role names when it comes to Cloud IT related stuff, especially for security, and it looks like the typical role name for security is Cloud Security Engineer, and it's role superior is Cloud Security Architect?

For anyone that might want to know the naming.

Internships, on the US, are generally reserved for those in higher education or high school.

Post a redacted copy here. Don't pay anyone.

Besides the eJPT, are the other INE certs worth pursuing?

Now that they're changing their pricing structure, I'd steer clear of eJPT too

Would you recommend just studying for OSCP then?

Yes, it's the entry level pentest cert

Practicals is gud

Yes, it does feel like INE are in it for the money. Dont believe me and fancy a laugh:https://community.ine.com/ - check out their forums and complaints about their servise is a contant. There are definitely more affordable and better optionss like PNPT, Security + HTB Dante labs and not forgetting OSCP.

There is also virtualhacking labs which is decent and affordable.

Yeah, I'm currently taking the eJPT because it was something to do between PenTest+ and getting money for my OSCP, and the training is pretty useless.

Bunch of labs just disappeared from the training as well.

I think they're trying to update the curriculum or something, but it's rolling out in the sloppiest way imaginable.

Newbie here ... I have some questions I'm hoping to get cleared up

I'm in the midst of a university cybersecurity degree program, in which many of the classes end in real-world certs ... I've been getting tripped up on PenTest+, because I don't know the coding that well for different types of attacks (injections, directory traversal, etc.) ... does anyone know where I can go to get this figured out?

#programming would a good place to start and all THM have osme courses too.

I'm this close to passing it because I get the conceptual stuff just fine, but trying to read the single lines of code and tell which does what is slicing and dicing me

I'm looking thru the THM stuff ... any clue as to which rooms I should go to? I've been looking in the PenTest+ room, but so far, it hasn't helped much ... perhaps I just need to do more

@high jasper Is it the Linux stuff specifically that's tripping you up?

@nimble crow no, it's the coding in Ruby/Python/Bash/PowerShell ... in one scenario on the exam, they'll give you about a dozen individual lines of code, and you have to match up with what exploit the line of code is for, as well as the remediation ... yet absolutely none of the materials that I have read through contain any of this information.

Yeah, I remember the one.

The materials tell you about the exploit, but they don't give you an actual example of the code for that exploit

The thing is, it's not really teaching you to code or expecting you to know what the code does, it's just seeing if you recognize certain conventions for each of those different languages as a basis on where to look further to actually understand them.

Like knowing a Toyota from a Chevy on sight so you know what parts to look for.

So it's sorta hard to teach, and it'd be overkill to learn each of those just for the exam (although they are all generally useful).

but the scenario doesn't ask what language it's in ... it asks what the code does ... but since it all looks similarly unfamiliar to me, I have no idea

Yeah, no, I get it. One sec.

thing is, I have a software background, just not in scripting languages ...

I had a chart somewhere that had the same basic block of code in each of the four different languages to show the little things to look for in differentiating them.

so this stuff being what's tripping me up is extra frustrating

Lol, then we're speaking the same language. I just graduated with my BS in CS, and found cybersec in my senior year.

Java? C++? No problem. Bash? wtf is that?

Lol.

kind of, yeah

give me 10,000 lines of COBOL and I'll find the missing period that's causing the program to fail

But it's basically asking you for something similar to that. Like if you had hello world in Java, C++, and say python, could you identify which is which?

give me one line of a script and I'm like "huh?"

Damn, that's old school then.

lol

I mean, honestly? I just got through because I knew anything super foreign to me was powershell, stuff that looked like actual code was ruby, python just always looks like python, and bash I was loosely familiar with.

unfortunately, I'm not all that familiar with any of them

But like maybe tackling the intro course on each through CodeAcademy to get a feel for them.

"CodeAcademy"? is that a site?

Yeah, one of a handful that have information on various coding langauges.

interesting

codeacademy, w3schools

uh

Shoot, there's one more I'm forgetting.

LinkedIn Learning if you're on there.

I'll look for those ... thanks

freecodecamp is decent as well if you want something, you know, free

free is good

You can usually get the idea of an exploit even if you don't know the language

a lot of them look incredibly similar, so it is difficult for me to tell the difference

That's good, because it rarely matters

What James said is largely correct. In your case, you're not going to be able to learn all of those languages at once, so choose one to focus on. Preferably one with common constructs, like C++. Also, look up pseudo code exercises to get you thinking on the right track.

Assuming it's coded in a reasonably sane manner

Hey, secondary student here(uk/ Irish highschool) I am about to do not so well in my overall exams and might not be able to make it into general entry computer science in college

However there’s an alternative degree called computer science infastructure that seems to focus more on networks then theory, the course has listed that It’d be good for going down the software engineer/ it security route which is ideal for me.

Would I be at a massive disadvantage to general entry comp sci in doing this degree?

I have an alternative route where I can do a two year course and go straight into year two of computer science from there, but I’m not sure what my best options are

@molten geyser Kinda depends if you wanna go into development or IT. As someone who just graduated with a degree in comp sci, it is a notably different skillset to IT.

Not entirely certain which way I’d like to go with it I’m afraid

Thanks for the insight

And what is the difference between CS and IT or Informatics lets say?

Ok, so I can only actually speak from the academic CS position, but basically with CS you're gonna learn a shitload of math and theory. Lots of algorithmic stuff, lots of exposure to programming languages, and being able to demonstrate understanding of various data structures. Stuff to make a program run smoothly, but shockingly little about what environment that thing you built is going to have to interact with in the real world.

Remarkably little scripting, extremely little beyond theory on how to secure a system, and very little that's platform specific.

This might help to https://cs.stackexchange.com/questions/81408/whats-the-difference-between-computer-science-and-informatics

Υeah, look like the same to me. In fact my BSc is named 'Informatics' and we do what you describe. Also the rankings include even electrical engineering in Computer Science.

Guys I am thinking to go for OSCE3, I have mostly experience on cloud and DevOps and pen-testing. What you think about this decision, how should I prepare for this and which path should I choose for this?

Hello. If I want to take Azure, Comptia, Network and OSCP certifications, how to pick a specific one and how to determine if I need to follow a training?

I am not sure how to guide .... Hower conside Networkring and OSCP as your basics. Why because any Cloud environ (AWS, AZure or GCP) is hosted on network envornment. So while getting your OSCP - add Azure 900: Azure Fundamentals to your list. This way you have the Networking side covered (OSCP) and your Azure (AZ-900) covered. You can decide which pathway best suits you.

Hello, I’m looking for some advice on a career change into cyber. Bit of a background, BSc Software, MSc Security, PhD Software, I think acceptable understanding of computer architecture, OS, networks (to CCNA Level), and a bit of programming. Got exposed to basics of hacking during my MSc, but eventually ended up as a software consultant (Manager Level) in the top 10 tax firm, based in London UK. Pay is very good, but I hate my current job. Been thinking about switching to actual tech job, but I’m a noob in every aspect, success in the labs doesn’t mean I know my way around in the real world.
Is there anyone who walked this path and could help me find a way to switch without taking a huge hit to my salary? With a kid and a mortgage, so can’t compromise much on that end unfortunately.

Hey guys, i wanna ask something but sorry if my english is bad.. Currently i’m preparing for cybersecurity role internship. What kind of projects should i do to make my portfolio standout? Is there any advice?

make a youtube channel and create content on cybersecurity and participate in bug bounty programs idk

Are you in school? What kind of program?

Yes, i’m currently pursuing bachelor degree in cs

*computer science

For internships, the general expectation is that you have an understanding of the basics, ie material from Security+. Having coursework you can relate to the topic is also great. A Homelab is another way that you can show your interest and learn a bit too. I also wouldn't pigeonhole yourself either to just cybersecurity internships. The internship I got was in IT and I still was able to get a job in security after school.

Are you looking for Summer Interships: https://gb.bebee.com/job/20220612-78d0207c9cca818ec79de69a26335fc3?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

Thank you for the advice 😊

Gave +1 Rep to @stoic cave

Any tips for jobs outside of highschool?

Most applications are either refused, or ignored after viewed

Do you have some more information? What are you applying for, previous professional experience, etc

Yeah that's the issue. I don't have any previous employment experience, and since the area where I live is very rural, I don't really have any applicable skills

It very much depends on the country, I would suggest looking for organisations that get people in/right after hs in the high-tech world.

Ok, what are you applying for?

Useful advice from Reddit to college student: https://www.reddit.com/r/AskNetsec/comments/vat2j1/professional_advice_needed/

Quick question how would i go about getting into a cyber security job?? Are there any entry level jobs or are internships a good place to start?? And is it okay to not know certain things and to jump into one of those roles??

There are entry level jobs, trainee programs, and internships.
Cyber tends not to be an entry level field, you often need some IT experience first.
There are definitely jobs out there for going straight into cyber, my first full time job is pentest and I'm straight out of university

What did you study?

CompSci and then a Cybersecurity Master degree?

Where is a good app or webiste to find these jobs or trainee programs? I have been looking on indeed and linked in by am not seeing any “beginner” slots to fit into per say . They seem to say remote or in a different state. I am willing to relocate, but i would want to know all about it before i make any big decisions

Cyber Security Batchelors. I got the job before I graduated

Im studying cyber security and computer science bachelors

Honestly, comp sci will do a much better job of preparing you for a wide variety of careers. Most cyber programs are still very new and don't do a very good job of preparing undergrads for the huge variety of cyber roles. CS does have a lot of theory, and that theory is applicable to the entirety of the IT space.

Unless you have a very definite career path that you are on and workign towards progressing, CompSci will be much better 'value' than cybersec.

James is a rarity, don't take his career path to be the 'standard' way to go about getting into a cybersecurity role.

That's what I heard... I have already chosen my studies (I just finished high-school) but I was asking out of pure curiosity.

I think i got "lucky" too

There's more and more trainee and genuine entry roles though

Like Tux posted a trainee scheme, I got in as a trainee technically, I know several others

Is pentesting an entry job for cybersecurity?

It sounds like they're stateside though, so the advice on degree is probably very applicable

If so what are the roles that require more experience?

Typically no.

There are still very few out there - the number is growing, but that's primarily because the workfoce doesn't have a ready supply of qualified candidates for the traditional roles.
It's not a bad thing, just a thing that needs to be taken into consideration when exploring career options

Compliance, pentest, vuln management & assessment, security tool configuration, security architecture off the top of my head. I'm sure there are more

Vulnerability Research is a cool one

Thank you! I have no clue about what some of these roles are, imma duckduckgo it

@grand trellis Here's the interview questions.
Sorry, I got sidetracked with food

Thanks!

hello!

Shoot! Sorry about bananaisu I found my answer to my question

This is extremely valueable and so glad i stumbled upon it. thank you for this

Hey, can anyone comment on the average Jr. Penetration Tester yearly salary in their country? The websites usually have outdated or incorrect info and I prefer to hear it from someone that says they're in the industry already.

I'm a Unity Dev with a salary of $60k/yr and I hope to transition to a red team jr by the end of next year. I don't know if it's realistic to expect to at least keep my salary

Croatia, but I might give US jobs a shot (even if they do seem hesitant to hire overseas)

There are many layers in trying to work for a US company. These include work sponsorships, how your taxes are going to be handled, etc. Your country may also have rules on working for US companies as well, such as requiring an office to be in the country.

Heya! Is there a role in cyber security that can have night shifts?

Ooor very flexy time?

SOC work is generally done in shifts

do you think I could easily find a help desk job if I move to Toronto ?

yea it's a random question but I want to move out of my country so bad

Previous message I've posted before: Do you have a sponsor/visa? I'm not from Canada but they have a pretty rigorous immigration process. For instance, in order to immigrate, you need to have someone financially sponsor for your first 7 years in the country. Meaning if you stop paying things, they are responsible for you.

You need to go talk to the Canadian Consulate wherever you are

are you sure about that

I’ve lived in Canada for a year and I’m french, I was never sponsored

anyway I want to know if it’s hard to find a job in Toronto, specifically for an entry job in IT such as help desk, without a degree but with experience as a help desk

A lot of office jobs have relatively flexible hours, from my searching

What's up guys. So recently I got into the cyber security stuff and I come from a programming background. I have seen websites for learning cyber security like hackthebox and tryhackme. Could anyone tell me what I should be doing or what courses I should be following on THM? Penetration testing seems most interesting to me so far, and I would like to land a job related to it relatively soon.

I've heard that I should be doing certificates like eJPT, but is that enough to get me a job or internship or should I do something else too?

The advice varies a little bit country to country, but certifications can be helpful in getting you an interview.
The problem is that security doesn't tend to he entry level in terms of entry to the workplace, and pentesting doesn't tend to be entry level in term of entry to security. That's not to say neither are possible, just that it can be really difficult. There's a good amount of trainee and internship programs, the industry is really really hurting for talent at the moment

Hmm ok, well what do you think I should start to look at learning now? Pen testing is just what I'm thinking to lean towards but, what do you think would be a good way to get into the industry as a beginner?

I'd certainly focus on the fundamentals to start, get your IT and networking knowledge solid. Good pentesters build on those skills. For me, hacking is all about understanding how something works and using that understanding to exploit the difference between how it should work and how it actually does

If you're looking to do web application pentesting, I'd recommend learning some web development so you can better understand how everything fits together.

Sounds like a plan. What paths would you say are the best for this on THM? I'm currently doing the complete beginner one and don't know what I should start doing afterwards

Complete beginner is deprecated, I'd recommend starting with pre security

Ok

The thing is that I don't want to miss on some things. Does pre security cover pretty much everything that complete beginner does?

kind of but you can do it all if you want

i do jr pentester after pre security

You do need to support THM with independent reading IMO.
If you like background noise while you're doing other stuff, I used to watch Defcon talks while doing homework etc back along. Even if you don't understand, I found it really cool to hear more about the topic

THM was really good for me converting my standard IT knowledge into pentest knowledge. It's got a lot better at that standard IT knowledge but I'd say you definitely need to supplement it.

Where do you find things to read about this btw?

Do you go on YouTube or just find articles on Google?

There's so much content out there on the internet, the main issue is filtering good from bad

Learning to google effectively is absolutely the best skill you can get for this industry

Yeah that's true lol

But I'm just curious what you look for

Cuz tbh I'm at this point that I don't know what there is and I have no clue what I should look for lol

Use THM at a starting point, and work on a topic until you're comfortable (or come back to it later to get more comfortable with it)

Say you hit the OSI Model room, work through it and then learn a little more. Watch some YouTube on it or something

Hmm that's actually a good idea

Channels on YouTube like Computerphile, LiveOverflow, John Hammond, and more have really good educational content

LiveOverflow has a really nice Minecraft hacking series running at the moment, it's super interesting to see the process and logic even if you don't understand the technical side yet

Damn ok I'll look more into this

Cheers a lot bro

Please don't call me bro, but you're welcome

Oh sorry

Thanks a lot nevertheless

+1

@cursive tree start with pre-security

And start making notes of rooma

You can carry on through complete beginner, there's some good content on there. The issue is that some of it doesn't work as well as it should

It will help u brainstorm topics u learnt

Alright I'll maybe make the switch. From what I've seen they are pretty much the same but complete beginner is just longer

Does LFI still prevalent today?

Yes

I don't see how that's particularly relevant to the discussion though.

I just wanted to ask

Well Pre security really helps u develop your base skills

#infosec-general would be the best place for questions that aren't careers related

I see sorry

No, I'm not. As I said I don't live there, but it's what I was told by someone trying to gain citizenship. When you were there, were you there as a student or just visiting? Countries generally require different levels of visas for each.

Personally, I don't see this happening due to you not living in Canada currently.

Thank you @stoic cave @quick forum

Gave +1 Rep to @stoic cave

I was a student and then I worked, I could even apply for permanent residency but it was in 2020 so with the pandemic the situation was uncertain I preferred to go back home

lol that has nothing to do with my question I’m not asking if you could see me living in Canada I’m asking if it would be easy to find a job as a help desk if I lived there

I’m sure you can use your imagination to picture that I live in Toronto, now tell me if you think I could find a job as a help desk

I live in TO. Help desk has a ton of jobs available, but it’s competitive to get in, even with the “Comptia trifecta” as a baseline.

You’d have better luck applying to smaller companies in the GTA, as the heart of Toronto is extremely competitive, esp with UofT grads getting co op positions at most of the good spots downtown

I see thank you. I didn’t expect uoft grads to work as help desks lol

Gave +1 Rep to @narrow iron

My friend, infosec/IT is so scuffed in Canada lol

What is UOFT?

University of Toronto

One of Canada’s more prestigious universities

@slim oracle I will say though you may have a tough time starting out due to immigration racism. When I was in school alot of my program were international students, and a lot of them were turned away from jobs while the naturalized Canadians had no issues getting coops

May have just been a run of bad luck, but I didn’t like the look of it

thank you @narrow iron that helps me in my decisions

Gave +1 Rep to @narrow iron

you see I didn’t even know that IT was scuffed in Canada

I obv don’t know your personal situation, but I’d try to get work in the US if it’s an option for you. While there is good money to be made in Canada, breaking past that initial experience hurdle is much more difficult here

Also a majority of the companies here that people want to work at are American companies 😂 so why not skip the middle man

I also don’t want to sound like the sky is falling though. If you have a degree and some certs, you will get hired somewhere and then you’d need to build from there

yeah of course I would rather work directly in the US but it's more complicated for a European unfortunately

thanks for your input @narrow iron

Gave +1 Rep to @narrow iron

There's Waterloo next door as well

Thankfully/unthankfully my only two friends that were in Waterloo comp sci went straight to apple after graduating in the states

Fair enough

I was at Waterloo in ECE so...

I like McMaster

Hey everyone would it be ok to post my resume here for some feedback?

I'm sure it will, just redact all personal stuff and someone will get to it eventually.

Thanks @broken idol Would appreciate feedback from anyone

Gave +1 Rep to @broken idol

It's a bit on the incomplete side at the moment as the Skills section needs to be fleshed out im just having a hard time crystalizing what I would consider safe to mention at a job. I am not sure how much i can use from say homelabbing or personal tinkering

I have put that sort of stuff as a hobby in mine. It's not really things I've been taught by anyone, more what I do on my own time.

I don't know if anyone will agree with me, or they do the opposite.

It's something that i feel worried about but I think i'll take the chance and include it

I just worry if they see a big discrepancy between the job desc and skills it might make them thinki m lying

I'm no authority on the topic, but my rule of thumb for the skills is whether or not I can speak to my experience on it for a reasonable amount of time. For example, I can speak to experience with Microsoft Azure because I set up a whole CTF environment using it for a local event, so I include it along with mention of that project on my resume.
On the other hand, while I can read and change a Powershell script from knowing programming fundamentals, I can't really speak to any significant experience with it, nor am I fully comfortable with using the syntax on my own (meaning I frequently have to look up how to do what I want in the language), so I don't have it listed as a skill for myself.

Gotta strike that middle ground between overselling and underselling yourself

As @merry matrix said, if you aren't willing to spend at least 20 minutes talking off the cuff about a topic in an interview, don't put it on your resume. Few things are as awkward as "Well, we like what you've said so far, tell us about what you like about X topic from your resume" and end up having to go with "I don't know anything, I'm just interested in it"

That's pretty unacceptable as far as interview answers go, given how free information is

what if you don't have experience in tech besides self learning and come from a different line of work?

Are you up for the Challenge: https://www.mitnicksecurity.com/join-the-team

There's nothing stopping you from working on a few personal projects to showcase your technical ability. I think one of the most frequent things I see in these infosec servers from new people is that they just say "I do TryHackMe, HTB, and The Cyber Mentor courses" and they just expect to have it just with that.

Those things are cool, but definitely not the end all be all, especially as these platforms grow.

Find applicable skills in your earlier jobs or career. While I don't list them any more, some of the foundational security skills I learned from working for a commercial general contractor, a steel erector, as a call center CSR, and as a pizza delivery driver.
Work planning, customer service, and task prioritization are all extremely relevant skills I learned from that those environments.

It appears my workplace is willing to cover any MS cert for 100% of the fees. Are there any that immediately stand out for me to take?

I saw this posted elsewhere: Pester Intern @ Bishop: https://cybersecjobs.io/jobs/penetration-test-intern-direct-supply

If you're looking to hire, I suggest going through @tacit bobcat as they can give you the recruiter role.

Hey @wooden tiger please don’t post jobs with sketchy URLs unless you have the recruiter roles

Oh, sorry.

How do I follow up to see if I got the job or not? I had my final interview 2 weeks ago and have an offer from another company. I would like to compare and pick the best one. But fear time is not on my side

I'm not entirely sure, but I wish you luck and all the best!

If you applied for the role via a 3rd party like a recruitment agency 0 you should be able chase them up any time. However if directly you could always drop them a friendly email thanking them for the interview and expressing your interest in the role but drop in that you got another offer - but they are preffered choice. I have done this twice and they appriecate the heads-up . All the Best!

https://www.indeed.com/viewjob?t=cyber+security+curriculum+engineer&jk=027f9ae7a67e6e7f&_ga=2.16108598.1824116211.1655835353-1029001450.1647652923

This looks interesting! Thank you Gek,

Gave +1 Rep to @worn spire

Thanks for the advice!

Gave +1 Rep to @peak hazel

confirmed the role, should be alright now 🙂

Alright, let's try that again 🙂

use the #jobs-board, it'll get more visibility for longer

@flat sedge Thanks for the advice. I do feel comfortable talking about those topics even if I haven't had work experience. I'll add those going on out

Gave +1 Rep to @flat sedge

generally speaking, why is CEH so hated on?

1. by all accounts, the content is old, outdated, and occasionally outright incorrect
2. it's a ridiculous price for what it gives you
3. EC-Council are a morally bankrupt organisation

From memory the exam itself is a meme as well, but don't quote me on that one.

It's multiple choice unless you buy CEH Practical

Well, there we go then

Plus the deep discounts they offer for some orgs basically invalidate their pricing

I could get it down to like £100-200

With training materials

$1200 non-discounted for crap training materials and a multiple-choice exam, which doesn't have any HR benefits outside of India or a few backwards US orgs.

Certs can have training benefits, and/or HR benefits. CEH has neither.

My interviewer said the exact same thing and asked me to skip this and head straight for OSCP

you would hope

anyone have any example resumes for working in IT? I've noticed that the "colorful resume" creators are actually not helping me in getting a job

So, I got an internship offer but the company is about an hour away from my house. What's the best way to say "id like to work with you but i would like to wait for other offers"?

Or could I ask for a grace period?

When are you expecting these new offers? In the next few days or a bit later?

If it's going to be a while before you receive a new offer, I'd just take the job now and quit when a better one shows up.

Also, it's an internship, so it's probably under 6 months. You can take that time to look for jr. positions in closer locations

Judging by the number of applicants, probably a lot longer than a few days.

Also, you can quit an on-going internship? Won't that taint me in some way?

Lot of juniors positions expecting at least 1 or 2 years so that's a bummer for me 😦

anyone here work in cybersec field in aus?

Depends on your contract. Most likely you have to work up to 5 days once you give notice.

Now, about being tainted.. I don't think anyone really cares. You're bound to get that question on interviews here and there, but you should be fine.

If I was in your shoes, I'd take the job straightaway. If a better one comes along, then you worry about quitting or holding your current job

Check profiles on LinkedIn. People sometimes have their resumes on there

Sounds good thanks. It being a bit far is a turn off though. Hopefully I can persuade them into letting me go remote or hybrid.

Gave +1 Rep to @glass zinc

I am planning to go for CEH but confused that whether i should go for CEH theory or Practical?

and i am also planning to go for eJPT so which CEH cert would be better ?

Where do you live?

India

I've seen on here that the CEH Theory is a multiple exam. Practical sounds more hands on.

If you search on this server for CEH you'll get hundreds of answers on this.

i just want a CEH certification which can compliment eJPT.

From my understanding though, CEH isn't as good as it was.

Till date , i don't think i have ever heard a positive thing about CEH

I know but here in India most of the companies set CEH as a prerequisite for Jobs.

that's the min. requirement to get shortlisted

I've done CEHv11 theory because my ex-company paid for it. It was my official introduction to "hacking". It was not too hard, but I have to say it feels like such a scam. The exam site and everything around it is so bad and buggy. The materials lack depth and are copy&pasted web content. I plan to do the practical to be able to call myself "CEH master" and because it is so cheap if you already have the theory. I would not do it if it wasn't that cheap.

The mail they send you after you pass the theroy. Reads like a phish 😄

Yeah the CEH these days has certainly been shown to be less thanpractical when it comes to being an ethical hacker. Depending where you're based, it has limited utility these days. OSCP is certainly the better option or the SANS GPEN (if you can find someone to fund it)

In the US, 3-7 days is the typical time frame for a response to an offer. An hour commute isn't that bad either.

You probably wouldn't be able to put it on your resume. I wouldn't quit unless there was an extremely good reason, ie they're abusive or family emergency.

True, it's just that I have 2-3 companies that I'm interested in getting a response from.

I'd figure.

There's interest in getting an offer and actually getting an offer

One is tangible

Is OSED worth it carreerwise?

I tried asking in the offsec server but got ignored

The recruited contacted my friend who is a Pentester with 3 years experience FOR .... A junior Pentester role where the candidate must atleast 5 years experience OSCP, OSEP and LPT. How is all that's good is that a junior role ?🤣

If you're going to be doing exploit development or other related jobs, that's what it's geared towards

Don't get me started.

It's bad enough that recruiters are asking for CISSP for entry level positions but if a person has an OSCP, they're going to be able to start a junior pentester role and be learning intensively. If the have the OSEP they're pretty advanced and have probably proven their capabilities in a team already and are looking for more responsibility and money. I don't know anyone who has the LPT but there are plenty of other advanced certs a Junior Penetration Tester wouldn't be able to pass.

If the salary's less than $150k they're only taking the piss and even at that, they're taking the piss

Welp ED is interesting imo but I've always wanted a software development job

Pretty soon all jobs will be software development jobs 🙂

Until the Butlerian Jihad, anyway.

What do you mean? Do you think everyone will be using (secure) frameworks in the future?

Probably more along the lines that all work is ultimately gonna run on code at some point in the future.

it has a pretty narrow scope in the cyber world, but so do most OffSec certs. OSCP can carry weight beyond pentesting, the others, not really

in the uk at least, i've only ever seen OSCP required, never any of the other ones - i don't know if i've ever seen the others tbh (only oswe and osep like once or twice)

so here they're obviously very good for knowledge, but past a certain point (oscp), it's crest/cyberscheme that get you the careers, not offsec

Very true! My friend's based in Dublin so I don't know much things are diffrent there.

Dublin is the European HQ for MS, Google, Bookface, Red Hat, Fireeye, Tenable, IBM and loads of other IT and cybersec-dependent companies and financial institutions. According to a friend of mine in the business there's currently about 90 OSCP holders in Dublin

A lot of people here are cybersec BSc or HDip graduates but there are hundreds of cybersec people here with all levels of skills from all over the world

Just got the good news I’ll be starting my first cybersecurity job either July 18 or August 1 as a Security Analyst on my current company’s SOC team! I’ve been here for ~5 years on the claims side (huge old US insurance company) as a claims adjuster and FINALLY all the pushing and poking paid off! No degree or work history in IT but it took close to 3 years of essentially non stop learning and asking “what can I do to get on this team….ok what next” 😂 THM gets like 90% of the credit cuz sharing every room directly to LinkedIn even had the CISO impressed. Thank you for a great tool 🙏🏾

If anyone have any remote cyber -security red team intership role available , Please let me know .

Time period : 1-2 months preferred.
I can pass my LinkedIn profile or resume if anyone want to take a look at it .

I am ok if the intership would be unpaid but paid one would be better :D

Did you miss this: https://www.upskillcyber.co.uk/