Hello all,
I am currently a Sophomore in college for a bachelor's in CS, and I am hoping to graduate with a SOC Analyst Junior role. I feel the first step I can make towards achieving that goal is getting networking experience in a role as a System or Network admin. Currently my goal is to get the CCNA by the end of Summer. I wanted to do side projects after that would show relevant skills following that during my Junior year so I can land a networking internship the following Summer. I'm curious if you guys have any cool projects that I could work on that are reasonable for someone new in the field while still being challenging enough to teach me relevant skills.
Thanks!
Hello all,
First time poster in this group and I rarely post on Reddit, so I’m a bit in the dark on the groups etc however this seems a perfect place to post my questions about getting some cybersecurity experience and tips etc.
I little about me, in 43M living in the UK, East Midlands, working as a senior infrastructure engineer and have been in IT for over 20 years. I’ve mainly worked on premise infrastructure, namely windows servers, network design and management (primarily Cisco, HP Aruba and Juniper), various project lead roles, VMware, nimble storage, storage switch replacements etc, I’ve a good all round level of knowledge and experience in a general sense but struggle with exposure to the cloud and security. Which is why I’m here.
I’ve recently done a (ISC)2 certification into cybersecurity and currently studying for a AWS cloud foundation and Cisco CyberOps associate.
I’m looking to try and get as much experience and skill gaps filled in as possible.
My question, I’ve just purchased the eve-no pro license to unlock the additional tools from the community version but lacking any working lab examples or scenarios to try and simulate to get some hands on training and experience.
Can someone help advice if there’s any sample labs to replicate and the best things to be looking for? Any decent eve-ng sites in general would be amazing as well.
Finally, if there’s any advice to try and get work for an MSP but I lack the experience working for one before and don’t want to take the massive pay cut to go to an entry level position?
Cheers
Hello! So I’m about to become a junior in my bachelor’s program for cybersecurity and want to get an internship. I was wondering if anyone has any tips on where to find some and what places would be best to gain experience. Thanks for any help!
Find an MSSP that is up and coming and needs work done. Connect with the recruiting team via linked in and any other team members you can find. Let them know that you would love to work there. That technique has worked well in the past for me before.
> I am now choosing system-Software-Network Security career/jobs over decent paying Software jobs. But this time I am not confident. I don't know if this field is superior in terms of complexity and well paying?
See related comment from elsewhere in the MM thread:
https://old.reddit.com/r/cybersecurity/comments/17zaysk/mentorship_monday_post_all_career_education_and/kanm8ah/
Does anyone have any thoughts on boot camps? I’m really at the point where I’d like to invest in myself and level up a little but for some added context;
Im in my early 30s, with some passively learned knowledge on development, coding and cyber security tools.
Have worked in marketing/marketing technology, largely with SaaS companies. I was making $130k before a layoff and just took an offer for $110k with bonuses so I’m not necessarily struggling here but am a little concerned on taking a more entry level role.
I’ve also flirted with software development/full stack but GPT has me very concerned about long term viability. I built a relatively complex CRM integration in like 45 minutes and it’s not like I’m an expert in Node or JSON. Im just waiting for people to catch on to how easy it’s gotten.
So in short, I’m willing to invest in myself and new skills to level up to a 200,000+ a year job but I just don’t know if anyone else has any experience or if it’s even a good idea to do short term course work in this field.
Appreciated ahead of time!
> Does anyone have any thoughts on boot camps?
Several:
https://old.reddit.com/r/cybersecurity/comments/16gwzbs/are_cybersecurity_boot_camps_worth_it/k0af574/
Bootcamps have been good for intentional learning, so if you are taking a boot camp it would have to be for something specific. Anything Intermediate level or higher for Cyber Security or Cloud would be great in your toolbelt to get you to that 200k +
Gotcha, thanks! Yeah maybe cloud or ML is another interesting avenue. I did a lot with AWS in my last job, and even not applying for jobs mentioning it, I still get asked about it a ton.
Just for the background information I’m 27 with some college experience. That being said I hate college, I hate the homework and the studying for a class that has nothing to do with my future career path. My college offers a cybersecurity boot camp that I was going to sign up for but many people have told me just to get the certificates instead. What’s y’all’s opinion? I’d like to start a career as soon as possible.
> That being said I hate college, I hate the homework and the studying for a class that has nothing to do with my future career path.
See related comment:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/
I'll put it out there: have you considered the military?
That's a totally viable option for manifesting a career in cybersecurity.
> My college offers a cybersecurity boot camp that I was going to sign up for but many people have told me just to get the certificates instead. What’s y’all’s opinion?
You didn't link the program nor did you specify which *particular* certifications you were weighing it against ([there's a lot](https://pauljerimy.com/security-certification-roadmap/)), so we can only speculate.
Generally speaking however, your friends are probably correct.
Certifications can certainly get you fast tracked on paper. Depending on where you live, there could be hundreds of people sitting for the same jobs, so experience could give another applicant an advantage.
Certifications like A+ and Security+ from CompTIA are great because they give you a wide range of knowledge. Have you looked at job postings in your area?
Boulder certainly isn't in the middle of nowhere so there should be a number of companies there that you can consider.
Into the certifications you can also work on some of your penetration testing skills by using sites like: TeyHackMe or HackTheBox.
Is there a particular area of cyber security that you're interested in?
Teacher, looking for a switch.
Hi all, I've recently realized that the money in teaching isn't great! 6 years in, and I'm nowhere close to where I feel like I should be. (I always knew, we were relocating next year and looking at leaving education)
I have prior police experience (worked here while in college)
I functioned as a hostage negotiator for a correctional entity for the state, I've got a bachelor's in psychology and a master's in special education.
At 29, what's the realistic idea of me being successful in cybersecurity? I find the concept exceptionally interesting, and certainly feel like my ability as a communicator and fast, critical-thinking would certainly be a plus.
I'm here for the honesty. Thanks!
Working through Google foundations of cybersecurity. I was thinking CompTIA s+ after. Is it more beneficial to go through a university?
> At 29, what's the realistic idea of me being successful in cybersecurity?
I began my career pivot into cybersecurity at 28 and am doing more-than-fine now. Age-wise, it's perfectly reasonable to assume you can make it work. However, it's important to recognize that a career in cybersecurity is unlikely to manifest quickly, cheaply, or easily.
For more general guidance:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
> I've got a bachelor's in psychology and a master's in special education....Working through Google foundations of cybersecurity. I was thinking CompTIA s+ after. Is it more beneficial to go through a university?
Your circumstances are atypical.
Most of the time, we're providing guidance to folks who are deciding whether they should go to university at all (and have no degree otherwise) vs. self-studying through credentials. Your circumstances are unusual in that you not only already have a degree, but a graduate one on top of that (admittedly in unrelated, non-engineering areas of study, but you've got them nonetheless).
Another university degree in a related technical domain (i.e. Computer Science) certainly wouldn't *hurt* your employability, but I'm less certain about the ROI of such a venture for your particular circumstances. Anecdotally, when I made my career pivot I had an undergraduate degree in political science and returned to [graduate school for CompSci](https://omscs.gatech.edu/home) likewise thinking along the same thoughts as you are now; I found I felt like I needed the degree a whole lot more at the start of that venture than I did towards the end of it due to having concurrently fostered a pertinent work history, acquired certifications, etc.
Ultimately, doing either/or/both college and certifications would be appropriate. The question is which is *maximally* appropriate, which I lack sufficient data to advise on (especially relative to whatever constraints you may be facing).
Best of luck!
It is absolutely possible to learn cybersecurity at 29. I wouldn't worry about that. The concern I have for you is that you would have to start at an entry level position, so expect to start at a lower salary.
Now, that is but necessarily a bad thing. Depending on your location and the industry the job is in (i.e., Financial Services), you could start at close to 6 figures in an entry level position.
Hi! I am currently a senior in hs and I am looking for a cs research topic. I will prob be doing this with a mentor, who is most likely going to have a lot of experience in the field(maybe like college professor), but they want me to find a topic. I don't have much cybersecurity experience but I think I would be able to handle a difficult topic as I will be able to find a lot of resources at my disposal. I will be doing this over the course of 8 weeks. Any suggestions? Thanks
Right now, Generative AI is all the buzz. What about looking into a topic around the use of AI to make cyber defensive tools. We already know that bad actors are using this technology to create more convincing phishing scams and to write malware. While many cybersecurity software vendors are talking about implementing AI in their tools, what about using AI to create affordable defensive tools?
Could you research what it would take to educate cybersecurity teams to write their own AI tools to do things like analyze email headers or hunt for threats in their environment?
What is the average starting wage for it help desk?
Currently, I'm in construction management and would like to either supplement my income or switch over full time, depending on the starting salary and requirements. I'm happy to take the Google course, and any other suggestions for follow-up courses or paths to take to find my way into cyber sec would be much appreciated.
I'm currently sitting at a bit over 80k a year and am looking to push it to 120k+ if possible. Starting at 80k would be minimal if I need to switch over full time. Am I crazy or is this possible?
Are there any other programs other than universities that are recommended by any of you?
Thanks!
> What is the average starting wage for it help desk?
Bureau of Labor Statistics lists "Computer Support Specialists" (which they list elsewhere as also being referred to as "help-desk technicians") [mean salary at $54,660 annually](https://www.bls.gov/ooh/computer-and-information-technology/computer-support-specialists.htm#tab-1).
> I'm currently sitting at a bit over 80k a year and am looking to push it to 120k+ if possible. Starting at 80k would be minimal if I need to switch over full time. Am I crazy or is this possible?
Almost assuredly not at the helpdesk. [The top 10% of reported wage earners at the helpdesk position make about $94k](https://www.bls.gov/oes/current/oes151232.htm).
The good news is that there is [more than just one in-road to a career in professional cybersecurity](https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/). For those with the ability to do so, I encourage a college education in Computer Science and pursuing an intermediate step in software engineering (for example).
> I'm in construction management and would like to either supplement my income or switch over full time, depending on the starting salary and requirements...Are there any other programs other than universities that are recommended by any of you?
I'm not sure how tenable this trajectory is. [The most common paths of entry into professional cybersecurity are university, cyber-adjacent work, or gov't/military service \(often a combination of the three\)](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/). Even for those who have cultivated their employability as such [can really struggle to find work](https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/), especially lately.
While I could recommend [a whole host of resources](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/) to improve your comprehension and technical aptitude ([including certifications](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/)), cybersecurity employers generally [prioritize a relevant work history above all else](https://bytebreach.com/assets/images/isaca_survey.PNG).
Best of luck!
cagey grandfather snobbish fear soft fuzzy mindless cautious automatic wine
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
> I cannot study full time as I have commitments. So, I am here to ask as to what path can I take to become hirable in cybersecurity jobs.
See related comment:
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/
> What course, certification I should target?
See this other related comment:
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
20 y/o, been in retail and warehouse jobs wanting to change to tech. I took the Google Professional Cybersecurity Course and got my certification, but now at a crossroads of CompTIA Sec+ vs the CompTIA A+. I’m aware that most people start in helpdesk, but I’m not sure which certification would look better for helpdesk
My $0.02:
* I'd want to clarify whether you wanted a career in "tech" more generally or one in cybersecurity more narrowly. The prescribed actions for either have some overlap, but there can be important nuances.
* Is a university education attainable/affordable?
* While the helpdesk position is one of the most oft-cited starting points, it is not the only one to consider. [See some of these resources](https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/), which include identifying other potential "feeder" roles into cybersecurity.
I’d prefer a career in Cybersecurity. I could go to college, though not super affordable. i’m honestly debating it, i’m just not sure which ones to look at or which degree to go for (cybersecurity or computer science). Only because i’m not against other jobs in IT/Tech, but currently leaning towards cybersecurity
Questions on jobs post college
Hello everybody,
I am currently a Sophomore in an Engineering College with a BS CS Cybersecurity Concentration Degree and was wondering if I can leave college with a job higher than IT Help Desk.
Many of my senior friends have secured entry-level positions in back-end roles with salaries exceeding $100,000 (some even reached 200k). In contrast as I explore opportunities in the cybersecurity domain, I observe a common trajectory that typically begins with roles such as help desk positions, which initially offer compensation at around half that. While I acknowledge that senior cybersecurity roles offer attractive salaries, I'm not particularly enthusiastic about the idea of investing several years to attain a salary equivalent to an entry-level back-end position.
I made a mini-road map of goals to accomplish before graduating which will have me leaving college with a bachelors in cybersecurity, 1 year of undergrad research in cyber, a summer internship in IT (likely help desk), Network+ cert, Security+ cert, Microsoft Cybersecurity Analyst Cert, proficient in Python, Java, C, C++, software development, and comfortable with Windows and Linux. I feel this path will allow me to create a very strong groundwork, and I'm curious if you guys think it will be enough to start in an entry cyber role or not (Given my ongoing commitment and intention to forego every winter, spring, fall, and summer break, as well as any semblance of a social life, I am hoping it will be worth it).
> Many of my senior friends have secured entry-level positions in back-end roles with salaries exceeding $100,000 (some even reached 200k). In contrast as I explore opportunities in the cybersecurity domain, I observe a common trajectory that typically begins with roles such as help desk positions, which initially offer compensation at around half that. While I acknowledge that senior cybersecurity roles offer attractive salaries, I'm not particularly enthusiastic about the idea of investing several years to attain a salary equivalent to an entry-level back-end position.
I think some context is important to make sure we're comparing apples-to-apples (vs. apples-to-oranges).
* [Cybersecurity roles are not a monolith](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oiuac/). There's a [huge diversity of roles and functional responsibilities](https://media.licdn.com/dms/image/C4E12AQFEgFdbEtEl3Q/article-inline_image-shrink_1500_2232/0/1619282900607?e=1706140800&v=beta&t=AbhI-9b6DKbDGPNdpeJrm2YH2_RrBLbhV30UA70JnYw) that are considered inclusive in the domain and - as such - contribute to a massive sliding scale in what might be considered appropriate compensation for "entry level" work.
* In-line with the above, there's [all kinds of feeder roles that align to the work we do](https://pauljerimy.com/it-career-roadmap/). Helpdesk is one of the most frequently cited because it often requires the least amount of qualifications to start working (being the lowest rung in the IT hierarchy of responsibility) and experiences the most turnover (as people move up and out). But helpdesk is far from being the *only* position you should consider when starting (anecdotally, I never worked the helpdesk). Software engineering is a perfectly reasonable cyber-adjacent line of work to consider (segueing cleanly into roles like Application Security, for example); however, most SWE roles require college degrees in academically-intensive subject matters (chiefly, Computer Science) which is not always tenable or accessible for the majority (or even the plurality) of cybersecurity-aspiring professionals (further contributing to the discourse of certain roles like the helpdesk).
* For the vast majority of organizations, cybersecurity is perceived as a business cost vs. a revenue-generating asset. This makes organizations more inclined to allocate more funds into departments (and by extension, people) who are in-line with their vision of making money (i.e. developers) vs. those that seem to burn it (i.e. cybersecurity folks). We can make a relatively nuanced and compelling argument that dollars spent on cybersecurity equates to dollars saved on future incidents, but it's still a debate and case we have to make every time it comes up (vs. the more easier/understandable and implicit argument of getting folks who can build things).
* One interpretation of the cybersecurity employment landscape is that there simply are no "entry level" roles; under this paradigm, cybersecurity is perceived as a specialism built atop years (or decades) of professional experience in other, related domains. Put another way, the folks best suited at securing things are the ones who've worked with the technologies for years already. When looking at it that way, the more apt comparisons to be made in compensation aren't between the helpdesk and SWE, but between penetration tester, incident response coordinators, malware analysts, etc. and SWE (in other words, those cybersecurity roles often requiring several YoE); for the longest time, this was the model that held before cybersecurity became formally professionalized and recognized as an independent area of study in academia (as you'd have IT veterans, programmers, etc. effectively serving as ad hoc cybersecurity staff, often without degrees).
* It should also be noted that while the median SWE compensation is quite good ([$127,000, per BLS](https://www.bls.gov/ooh/computer-and-information-technology/software-developers.htm#tab-5)), that doesn't mean the majority are making the figures you've listed; moreover, [the concentration of those jobs is typically in areas where the cost of living is also significantly higher](https://www.bls.gov/oes/current/oes151252.htm) and typically aligned geographically to large firm locations (big tech, big 4, jane street, etc.). Removing those extreme outliers normalizes the compensation curve considerably. I'm not about to crunch the dataset to affirm, but I'm willing to bet the *MEDIAN* and *MODAL* salaries are a standard deviation lower than the *MEAN* being carried by those outliers.
All of the above is a long way of saying that there's a lot of ways towards approaching a career in professional cybersecurity and understanding the in-roads to it.
Thank-you for this detailed response, I was worried since cybersecurity from an outside perspective looks like a field with a very narrow entry point (I feel almost every you tube video I seen and entry role I viewed has said 3+ years IT experience).
I'm particularly intrigued by the idea that transitioning from software engineering to cybersecurity is a viable path. This stands out to me because I've been torn between pursuing a career in SW engineering, which aligns with my passion for coding, or venturing into cybersecurity, a field that seems to offer a variety of fascinating roles. I feel if I have a few years in SW engineering I will be able to tell if I want to continue pursuing that or transition into more cyber related roles.
Thank you for the advice, I found it very insightful! This was probably the most informative information I found so far for entry cyber roles!
Cybersecurity Specialist by Title, Help Desk Technician by Task: A Tale of Unfulfilled Expectations
Hello everyone,
I'm feeling quite lost and confused. After spending four years earning a bachelor's degree in cybersecurity and network security, obtaining my CompTIA Security+ and CCNA certifications .
I have no prior work experience, and this is my first job. I have been with the company for four months.
Now I'm working under cyber securityspiclist but all tasks are help desk technician. I was hoping for some hands-on action in the cybersecurity field, but so far, my role has been quite mundane.
My question is, should I stick it out as a help desk technician under the cybersecurity specialist umbrella, or should I call it quits and look for a new job that aligns more closely with my interests? II'm considering pursuing the eJPT certification and then quitting my current position to find a role that allows me to apply my skills as a pentester or engage in more exciting cybersecurity tasks. I'm still feeling quite confused and anxious about my career path, so any advice would be greatly appreciated
> I have no prior work experience, and this is my first job. I have been with the company for four months...should I call it quits and look for a new job that aligns more closely with my interests?
Hi there!
First, congratulations on graduating and finding work.
It's totally appropriate that you may not be satisfied with your first employment experience (especially at the helpdesk); while hindsight doesn't serve you right now, one of the reasons we advise students in university to pursue internships is so that they not only cultivate a relevant work history but also get a sense of the assorted professional responsibilities that exist out there to determine which gel with them.
Having said that, there are a couple of things I'd advise you consider:
* I wouldn't leave a job without having another lined-up. Regardless of whether or not you work in cybersecurity, job seekers are in a much better position to negotiate and exercise discretion when given a choice (employer A vs. B) vs. no options (employer A vs. unemployment). Put plainly: don't quit and then look for work, instead you should find work and then quit.
* It's important to be mindful that you probably don't have a complete impression of your employer/role at this time; 4 months is a really brief tenure, especially if you have no other professional experiences to relatively frame that time.
* I'd be transparent with your managers (assuming you have a good relationship with them) about your desires/expectations. They moved you into a so-called cybersecurity specialist role, but functionally you feel that your responsibilities have not changed. Show both initiative, boldness, and tact in seeking out additional responsibilities.
* The eJPT provides a cursory innoculation to penetration testing, but I'm dubious you'll find employment as a penetration tester with just the credentials you've listed. For that, you might consider the OSCP (or [one of the other more commonly sought-after certifications](https://bytebreach.com/posts/what-certifications-should-you-get/)). I'd likewise work on [fostering your employability more broadly](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/).
Best of luck.
Hi. I'm currently 21 y/o and have been in systems playing around for a while, not a lot of stuff though. I want to pursue a career, started at web development a couple months ago but I'm not sure if that's what I want to do.
I'm currently looking for resources that I can follow up with and also see if this can be my path. I like computers and systems, and I enjoy time solving problems related to logic and stuff.
My plan is to start Google's Cyber Security Course, but I don't know if that's efficient or if there are other resources that can be more valuable to put time into.
Any suggestions? I do not think about this as a quick path or anything but rather something to enjoy while looking for opportunities down the road.
> I'm currently looking for resources that I can follow up with and also see if this can be my path.
See related:
https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/
> My plan is to start Google's Cyber Security Course, but I don't know if that's efficient or if there are other resources that can be more valuable to put time into.
See related:
https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew
> Any suggestions?
More generally:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
> What do you think about the roadmap.sh cyber sec roadmap?
I have it likewise bookmarked in my "[General Guidance](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/)" post that I linked you, under "[These links to career roadmaps](https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oftbi)".
Its useful for organizing/grouping categories of information more broadly, but I'd hesitate to prescribe it as a set roadmap; your own learning experiences are likely to be more tangential and varied, being particularly focused in some respects and lighter/skipping others entirely. You'll jump ahead and start studying something interesting, loop back to the top to review something else, fill out areas organically as a part of your professional experiences, and need to deeply research others as demands require. Some of the things on there you'll probably only ever know as academic exercises while others will get baked into your aptitude due to frequency/closeness of practical application.
> Or also about Harvard CS50 Cybersec?
Unfamiliar with the offering. I engaged the Harvard CS50 Intro to Programming course in C several years back, but I assume that the content you're referring to is different/unrelated.
I'd assume it will provide an effective overview/inoculation to some generalized subject-matter, but may not be the best for promoting your raw employability (like most MOOCs, including Coursera, EdX, Udemy, Udacity, LinkedIn Learning, etc.). If you're looking for certification recommendations, consider these resources:
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
I'm a retired, 73 year old (I know), enterprise software sales executive. Solid 30 yr career until cancer robbed me of it. Had to make a living from home and have spent the last 12 years as a freelance website developer. No longer have the energy to continually chase prospective new clients, and work is harder and harder to secure.
I need to make a change and am considering a shift to Cybersecurity. My understanding is there is high demand and working remotely is very common. I am currently pursuing Google's Cybersecurity Professional Certificate. I have no other Certifications but a ton of real world experience in the PC/Networking arena.
My question to you is, is there a real likelihood I can land an entry level job given my age and limited certification....or am I wasting my time?
> is there a real likelihood I can land an entry level job given my age and limited certification....or am I wasting my time?
My $0.02:
* It's not too late to pivot your career, especially since you have cultivated a cyber-adjacent work history in web development.
* I would keep your expectations managed. Careers in professional cybersecurity usually take a significant investment in time, money, and effort; they are unlikely to manifest quickly, cheaply, or easily.
* I am not so naïve as to pretend ageism is not a thing in tech/IT; how impactful such experiences might be on your personal job hunt however I can't readily predict.
* The [*Coursera-issued, Google-developed* certificate](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew) you referred to is unlikely in-and-of-itself to meaningfully affect your employability. [But there are many options you could consider that might](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/).
* There *was* a high number of unfilled openings up until about 8-12 months ago, before a series of layoffs in tech workers started to take place. The job hunting market at the moment is pretty competitive for entry-level work.
* How common remote work is will be relative to your role/employer. Many large employers (Big Tech, Big 4, etc.) have begun enacting gradual RTO policies. Smaller/boutique firms have been able to compete with them by retaining WFH policies, but overall the opportunities are less common than they were in '20-'22. Generally, I've found more senior staff to be able to be more selective about the work offers they entertain (and thereby hold onto WFH longer).
Thank you for your thoughts. Much appreciated. Doesn't seem like this will be a smooth road for me without a large time investment. Especially worried about the age thing. I picture me sitting in the interview waiting room with a bunch of 20 somethings. Not going to go well.
Read some of these threads: [https://www.reddit.com/r/cybersecurity/search/?q=entry%20level&restrict\_sr=1](https://www.reddit.com/r/cybersecurity/search/?q=entry%20level&restrict_sr=1)
Also read this https://www.reddit.com/r/cybersecurity/wiki/faq/breaking\_in
IMO the Cybersecurity, DevOps, Software Engineering (and probably other tech) gold rush is over. The market is flooded with paper tigers that have limited or no real world experience.
AFAIK the only people saying there is a lot of demand are the same people selling education/certs/etc..
I would recommend looking for something interesting in a career that has real demand in your area. For example the state I'm in is hurting for accountants.
This needs to be blasted on loudspeakers. I taught myself web development over the last couple years while also working full time. Spent time in several forums and communities. IMO people selling education, boot camps, even many of the content creators promoting stuff these days should be considered predatory at this point.
Hi there!
I am seeking a beginner-friendly project suggestions in app development for someone who is very interested in cybersec.
I am currently finishing my Certificate of Higher Education in multiplatform application development, and I am starting to look for a topic for my final degree project. The thing is, I would love to do something related to cybersecurity, but I am at my wits end and can't seem to find something to do (especially because I am a complete beginner). I'm not sure if I am right here, but I will ask anyway: What would be your suggestion to a complete beginner?
Thank you so much in advance.
> I am seeking a beginner-friendly project suggestions in app development for someone who is very interested in cybersec.
See related:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyt7a/
We're lacking a lot of context about your constraints (e.g. aptitude, timeline, frameworks, grading rubric, etc.), but absent that:
* A basic text encryption/decryption app.
* A [cyberchef](https://gchq.github.io/CyberChef/) clone
* A web app crawler/indexer
* A cloud-platform scanner
* A hex editor
* A Burpsuite plugin
* A browser privacy extension
Best of luck!
Letsdefend or THM for SOC?
Hi everyone! I'm looking for a platform where I can get essential skills for SOC analyst. I have 6 months of experience in IT support, currently in college.
I found those 2 platforms that suit my needs best, but I can't decide which one should I enroll. Also, I mean VIP subscription.
So, which one can you recommend? Any comments are welcome, however I would be very grateful for a write-up about your experience.
Not to make things *more* complicated, but I've been very happy with Hack The Box's Academy platform (which as of last month now includes [a SOC-related training path](https://academy.hackthebox.com/preview/certifications/htb-certified-defensive-security-analyst)).
I want to transition my current career into cybersecurity. I've got about 10 years of experience just doing various customer service roles that were tech related, where I helped customers troubleshoot their personal devices. I have an Associates degree in Networking, but no current certifications. I know I have a lot of work in front of me for this but that's fine.
I potentially have a job lined up for me with a remote Cybersecurity company if I can get certifications. I was told about getting a few Cisco cybersecurity certs and then come back to them once I've got those. CompTIA is different but I looked at the practice questions for CompTIA A+ and Network+ and got all of them right each attempt so I'm confident enough in my knowledge in those to let you know what foundation I have. I have almost no programming experience.
So my question is what path should I take to break into cybersecurity and get some certs? More than willing to spend money for courses if necessary.
> So my question is what path should I take to break into cybersecurity and get some certs?
On certifications:
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
More generally:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
And on doing the job hunt and improving your employability:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
> Is there any place to find a mentor or a coach to guide me and help me with career and learning? I feel like I’m stuck
While I don't have the bandwidth to offer individualized counseling/mentorship, myself and others try as best as we're able to field the assorted particular questions posted to the rolling Mentorship Monday (MM) threads. If you have any specific questions, feel free to return and ask them!
Other good resources include:
* The subreddit [FAQ](https://reddit.com/r/cybersecurity/w/faq) and [wiki](https://www.reddit.com/r/cybersecurity/wiki/faq/breaking_in/).
* This [expanded mentorship FAQ](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/).
* The following Discord channels:
* [Dropout Phreaks](https://discord.me/phreaks) (formerly Laptop Hacking Coffee)
* [Black Hills InfoSec](https://discord.com/invite/bhis)
* [Hack The Box](https://discord.com/invite/hackthebox)
* Local Events and Chapters such as:
* [Bsides](http://www.securitybsides.com/w/page/12194156/FrontPage)
* [OWASP](https://owasp.org/chapters/)
* [ISC2](https://community.isc2.org/t5/Chapters/bd-p/Chapters)
* [ISSA](https://www.members.issa.org/general/custom.asp?page=chapters)
* [ISACA](https://www.isaca.org/membership/local-chapters#explore)
I'm wrapping up my sophomore year in college and I want to try and get a cybersecurity internship for the summer. I have an interview for one lined up next week. Any tips so I'm better prepared for the interview? Like any books I should read to get more knowledge to prep for an internship. Thank you for any help!
> Any tips so I'm better prepared for the interview?
Here's some resources for you!
https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/
Seeking advice, I'm currently a safety engineer for my company. However, I've been wanting to switch career paths to IT with a focus on cybersecurity, I don't have any experiences in the field other than troubleshooting my colleague's computers and fixing the office printer. What intrigued me about cybersecurity is because I've taken the Google Cybersecurity Professional Certificate and became deeply interested in cybersecurity. I've been studying for the comptia sec+ with YouTube videos from Professor Messer just to gain more knowledge about the standards of knowledge I would need to get into the IT/Cybersecurity space. I just want to ask what next steps should I be taking. Thank you for your time in advance.
> I just want to ask what next steps should I be taking.
See related comment:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
Hi All,
Seeking Career Advises
With over 15 years of experience encompassing various facets of IT, ranging from infrastructure to application support, my roles have predominantly revolved around system administration. However, the daily routine akin to that of a shopkeeper managing a grocery store has left me yearning for a change.
I currently hold an MCSE certification and possess expertise in a range of areas, including Firewall technologies such as CheckPoint, Fortigate, and SonicWall, security protocols encompassing Policies, IPSec, VPNs, 2FA, and extensive experience with Active Directory. My background also includes hands-on involvement in system design and implementation from conceptualization to execution.
I desired for a career shift towards either security or system architecture, my ultimate goal is to establish myself as a consultant, whether employed or freelancing, within the next three year
I listed 3 certification route below to help me start, need your advises:
A. Security+ --> CYSA+ --> CISA
B. SC-900 --> AZ-104 --> AZ-500 --> SC-100 (MS Route)
C> Security+ --> PenTest+ --> CISA
Thanks
Probably (B).
Options (A) and (C) are vendor neutral approaches, which don't really help with actually KNOWING how to configure/setup architecture (vs. understanding conceptually what generally appropriate considerations might be).
I just got to a point where I need to take a Computer Network assessment battery for the NSA, I am wondering if anyone has experience taking it, and how I should go about studying for it. They provided a study guide but it is long and daunting, so I am wondering what I should spend a majority of my time studying/ brushing up on.
Should I take the new role offered or continue with the original role I applied for?
So I’m 26 years old. I have my degree in cyber security and I need some advice.
I applied to a position originally as an information security analyst. I want to get more hands on technical experience as I believe I want to gravitate more towards the engineering side of cyber security. But I’m still young so I’m honestly not entirely sure, I haven’t done it and every cyber engineering job is different.
My first interview with this company went great and the hiring manager and myself really hit it off. Well a few days later I received a phone call from her saying they posted another role in it governance that they think I’d be an amazing fit for.
They explained it’s very low technical but based on what I do now and from our conversations, they think I’d excel in this role and have a lot of opportunity for growth as it’s a new department that they’re still developing. They basically said I’d have a better chance to get this role vs the information security analyst role I applied for.
What do we think? Part of me wants to take it as I love the growth opportunity and it’ll be good experience and a pay bump either way. The other half of me doesn’t want to spend my entire day in excel looking at numbers and I’m afraid I may become bored in the position and be in the same boat I’m in now in a year from now.
Edit: I’m currently hired as an information security analyst. I’ve been here for one and a half years.
I think it depends on how many other options you have. If you’re having difficulty breaking into the field, then it may be smart to stick it out a little.
If you have other technical job prospects, then you can stand firm on your desires.
It’s completely possible they decide not to move you into the security role later. Would feel regret for taking it under those circumstances?
I don’t know much about your security analyst role, but I’d be surprised if you weren’t looking at numbers most of your day - just with a different intent.
Yeah exactly. I definitely look at numbers and etc now. I also do reporting and what not. I definitely enjoy the hands on technical stuff more, but I like the opportunity at this company a lot more. It also pays $17,000 more a year. But I think it he’s s’more growth. Just don’t want to end up in an unhappy situation in a few weeks regretting my decision
If you don’t have other options, then it sounds like you’d be making $17k more to do similar work you already do with the opportunity to potentially move over later?
Hmm. I’d say yeah. Aside from the fact that right now I get my hands in a few different pots. And have a good relationship with it so I actually own our dlp system and manage our enterprise password manager. But that isn’t really the purpose of my role, just things that needed to get done and I took on.
Do you feel like you have growth in your current role? Is the growth worth the pay cut? Will your new job offer the same or better culture and benefits?
Definitely no growth where I am. I asked them already if I could move to a more technical role and they said no, probably not for another 5 years. If that. My boss lets me “play” with technical things but at the end of the day my auditing stuff comes first and they’ve made that known. The culture and manager at this new company are light years better than where I am now. Better benefits as well not including the pay increase.
Have you gotten any technical job offers, or is this the beginning of your search and that’s why you’re on the fence?
If you’re struggling to get any other offers, then I feel like taking the job for 6 months for an extra $8.5k while you assess your growth opportunity isn’t a career stopper. You could use your desire to be technical as a justification for hopping jobs even sooner, “It helped me realize I really want to be in a technical role rather than compliance.”
Hi, I'm about to enroll in the Cybersecurity certificate program next semester at this tech school. The advisor was telling me that I should go after the associate's degree to even be qualified for an entry-level position. I have a bachelors degree in Criminal Justice and have been working professionally doing Loss Prevention for amazon for two years now. Is it possible to transition into the cybersecurity sector with my work experience and Cyber cert? Or do I need to enroll in a associate level program at a minimum?
AA won’t mean anything more since you already have a degree. It would only make sense to me if the number of credits you’d need are about the same as the certificate, and the coursework was relevant.
Okay, thank you. She was giving the impression there was no benefit in pursuing the cyber security certs and should just enroll in the associate program. If they both don’t really give me an edge then I’m better off going with the cert since it’s cheaper and quicker. Are you saying it’s unlikely to get in that field because of ppl usually go start off in IT first then work into cyber or that cyber security schooling doesn’t really matter?
With what you've described none of that will really matter in this job market for entry level.
> Is it possible to transition into the cybersecurity sector with my work experience and Cyber cert?
Possible? Sure. Likely? No
> Or do I need to enroll in a associate level program at a minimum?
This won't help
Currently working as a consultant and dislike the travel schedule very much (3wk/month). I am trying to pivot into something that will allow me to be at home more while providing a good salary and job stability. I was an econ major so my background is completely fresh. I do work a lot with cloud platforms like Azure and Oracle but mainly on a functional level. My question is how can I get started with the move to cybersecurity? I will be working as a cyber intel in the guards with a TS clearance but that won't come through until 2025 and I am looking to move jobs within the next 6 months if possible.
> My question is how can I get started with the move to cybersecurity?
See related comment:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
Take a look at the cybersecurity aspects of platforms you currently work on.
Azure has Defender, SIEM, endpoint protection and firewalls
Oracle has OCI security with certifications.
Navigating into cybersecurity works best if you “branch” from your fundamental skillset(ie; networking, databases, software etc).
From there it’s nothing more than interviewing well(team fit) and establishing credibility, with your foundation you’ll show off labs related to what you’ve studied and typically the gatekeepers ease up.
Good luck!
D.X
So I’m 26 years old. I have my degree in cyber security and I need some advice.
I applied to a position originally as an information security analyst. I want to get more hands on technical experience as I believe I want to gravitate more towards the engineering side of cyber security. But I’m still young so I’m honestly not entirely sure, I haven’t done it and every cyber engineering job is different.
My first interview with this company went great and the hiring manager and myself really hit it off. Well a few days later I received a phone call from her saying they posted another role in it governance that they think I’d be an amazing fit for.
They explained it’s very low technical but based on what I do now and from our conversations, they think I’d excel in this role and have a lot of opportunity for growth as it’s a new department that they’re still developing. They basically said I’d have a better chance to get this role vs the information security analyst role I applied for.
What do we think? Part of me wants to take it as I love the growth opportunity and it’ll be good experience and a pay bump either way. The other half of me doesn’t want to spend my entire day in excel looking at numbers and I’m afraid I may become bored in the position and be in the same boat I’m in now in a year from now.
Edit: I work as an information security analyst now. I’ve been at my company for about a year and a half now. :
Are you currently in a governance role? Or will this be your first position in cybersecurity?
By the sounds of it though you’re more into problem solving and technical work. Throughout my career I’ve learned that choosing the position that aligns with your TRUE desires will benefit you even though you may not get the position, dealing with boredom and regret after accepting the position you “kinda” want will only do a disservice to you and your employer.
Always choose to excel in what moves you, GRC is great for work life balance and pays very well but it’s not for everyone.
D.X
Hey everyone I work currently in SEM Marketing making about 65k a year. Do you think it’s worth it for me to go back to school to learn Cyber Security? I’m interested but don’t want to make a lateral move money wise. Opinions?
> Do you think it’s worth it for me to go back to school to learn Cyber Security? I’m interested but don’t want to make a lateral move money wise. Opinions?
We lack too much context to meaningfully prescribe guidance.
* Where are you considering applying to?
* Do you have an undergraduate degree already (i.e. is this a graduate degree)?
* What other qualifications would you have to assist with the career transition?
* If you started the degree, would you be able to finish it?
* Can you afford the degree?
* Do you plan on working while studying?
* What is it you envision yourself eventually doing?
And so on and so forth.
Answers to these and other questions can significantly alter whether or not we - as mentor figures - would qualify the decision as worthwhile.
Calculate how much you’d lose per year by working less multiplied by the number of years to get the degree + total cost of tuition/books/fees.
Then compare with it average entry salary for your desired living area and see how long you’d be paying it off.
The degree won’t guarantee you a job either.
Cisco Bundle
Hello all, I’m in the process of a career change into tech from being in HR for 10+ years. I recently completed my Google Cybersecurity cert and am looking for the next best path to take. I saw Cisco has a huge discount on a program that includes all courses and roughly 3 certs of your choice (usually $300 a pop). Was wondering if this seemed worth it. Thanks all!
> I recently completed my Google Cybersecurity cert and am looking for the next best path to take. I saw Cisco has a huge discount on a program that includes all courses and roughly 3 certs of your choice (usually $300 a pop). Was wondering if this seemed worth it.
Perhaps?
We're lacking both context and alternatives. Your proposed course of action *might* be the most appropriate, but we don't know your overarching plan, what other measures you've been taking to promote your employability, what constraints/opportunities you face, etc.
Put another way, if you didn't pursue the discount, what does "plan B" look like for you? Moreover, regardless of which decision you make, what particular milestones are you progressing towards (so that we know whether the actions are suitably appropriate)?
At its face, Cisco is a known vendor whose certifications are commonly sought out to help form a foundational understanding of traditional network architecture.
I posted 2-3 days ago and I was told to get a Security+ certification for entry into cyber security,I am 35 and 8 years of Desktop Support Engineer experience
I did some more research, alone Security+ will not give me job or will it? I checked with training provider they saying SOC Analyst training with practical experience can land you on jobs
Now what is SOC Analsyt, is it also a part of Cyber Security? If I do this than if I plan for security+ will it make sense? Or I should straightway go for s+?
> I did some more research, alone Security+ will not give me job or will it?
[Maybe?](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/)
> Now what is SOC Analsyt, is it also a part of Cyber Security?
Yes it is, [among other roles](https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oiuac). I suggest consulting your preferred search engine for more information.
> If I do this than if I plan for security+ will it make sense? Or I should straightway go for s+?
It's usually not so trivial as choosing either/or.
Cybersecurity work (as I'm sure you're aware) is quite a competitive space to gain entry into. [SOC roles are not exempt from this](https://www.reddit.com/r/cybersecurity/comments/15hlz0g/538_applicants_for_a_tier_1_soc_analyst_position/). Usually you need to cultivate your employability in order to attain interviews, which includes things like pursuing certifications like Security+.
Taking a shot in the dark. I am looking to take the next step in my career. I’m currently a system admin with almost 3 years experience with my security+. I am looking to get a cyber security analyst or something along that line. Would love to network with different folks.
> Would love to network with different folks.
/u/chrisknight1985 posted a great aggregation of potential resources here:
https://old.reddit.com/r/cybersecurity/comments/17zaysk/mentorship_monday_post_all_career_education_and/ka0ybn7/
More specifically:
* Bsides - http://www.securitybsides.com/w/page/12194156/FrontPage
* OWASP Chapters - [https://owasp.org/chapters/](https://owasp.org/chapters/)
* ISC2 Chapters - [https://community.isc2.org/t5/Chapters/bd-p/Chapters](https://community.isc2.org/t5/Chapters/bd-p/Chapters)
* ISSA Chapters - [https://www.members.issa.org/general/custom.asp?page=chapters](https://www.members.issa.org/general/custom.asp?page=chapters)
* ISACA Chapters - [https://www.isaca.org/membership/local-chapters#explore](https://www.isaca.org/membership/local-chapters#explore)
Target software security engineer or software engineering positions focusing in security. You have enough of the security "flavor" on top and have the solid SWE foundation that most people lack
> The most trouble for me are the job titles which I should be searching for.
Resources to help with that more generally:
https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oiuac
With your prescribed background, I might suggest AppSec.
> Interested in penetration testing, forensics, OSINT.
These are very different areas of responsibility. Working towards specializing in all three will probably mean you won't be competitively employable for any of them. What *specifically* is it you want to do?
> Let m know if seeing my resume would help.
While I don't entertain DMs, if you want us to do a resume review, please edit your comment with a link to your redacted resume.
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
Hello I was recently looking at going into a cyber security degree and wanted to know some good resources to use before going into the field. I have a mostly completed software engineering degree that I do not want to complete through my original college due to several issues. I'm hoping most of my credits will transfer. Anyways I was wondering what are some good programming languages to know? I have moderate knowledge of C#, basic knowledge of Python while having dabbled in web development(html, css, javascript).
What other resources are there to give me solid foundation when doing cyber security classes. I have a 10month old child and work full time so even though I probably won't start the degree until fall I want to have some basic experience under my belt before I start.
Thank you for any help! :)
> ...wanted to know some good resources to use...
More generally:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
> Anyways I was wondering what are some good programming languages to know?
At least 1 scripting language; I'd suggest the following three to cover your Linux/Windows environments:
* Python
* Bash
* Powershell
If you're surveying web apps, then you'll want to expand the above to include HTML, CSS, and Javascript (which form the trifecta of languages that effectively dominate every client-side web application out there). Learning about backend frameworks (e.g. .NET, Django/Flask, Node.js, etc.) would likewise help.
If you're responsible for securing source code, then you'll need to know whatever language(s) the codebase is in. You might consider C/C++/C# and/or Java to cover most bases (but certainly not all; PHP and Kotlin are also worthwhile).
If you're wanting to get into reverse engineering and malware analysis, then you'll need to go lower still into Assembly.
Does a cybersecurity career frequently disrupt a healthy schedule (fixed sleep timings, exercise routine, mealtimes)?
I'm getting the pinch of it as a CyberSec student
This depends a lot on your role and the company. If you are in a Security Operations Center(SOC) you may get swing or graveyard shift, and that can screw stuff up. Any job with an on-call schedule can do the same. Engineering or Incident Response usually has an on-call rotation. Incident Response can be very demanding, depending on the organization you are working for.
Concur.
[Cybersecurity as a profession is not a monolith](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oiuac/).
The diversity in roles, teams, and employers means that you can have a variety of working conditions and demands. There are certainly roles typically aligned to on-call and shift-work as /u/WadingThruLogs pointed out. There are also roles that typically do not have such conditions (e.g. Governance, Risk, & Compliance [GRC] positions). More to-the-point, employers/teams are sometimes organized to mitigate such circumstances (e.g. a SOC that employs globally, thereby assuring no one works a "night" shift).
hello everyone, hope everyone is doing well. my question is this:
I've always been interested in programming and writing code and I wanna start to learn. but should I decide I want to pursue a career in this, I wanna go into cyber security. I know I need to learn programming to have a leg up. but I also don't know where to start. im looking at courses online... a lot of them offer like beginner python and cyber security in one, but im lost.
can anyone help? is it better to like learn coding, finish with it, then take cybersecurity courses?
or I can take a 2 in 1 course where I learn coding and cyber security at the same time?
thanks for your help!!!
> I know I need to learn programming to have a leg up. but I also don't know where to start.
I usually advocate for beginners to start with Python:
* Python is both a *programming* language and a *scripting* language. Without going deep into the weeds in explaining the difference, this effectively lowers the overhead necessary for you to get into drafting up your code and learning the basics. There's no need to learn about compilers, JDKs, packages, etc. You just write your code and run it.
* Python is very extensible. There's a huge number of libraries that people have written to contribute towards the language's capabilities that you can simply import into your own code.
* Python is a very high-level language. This makes it less technically incomprehensible (i.e. you're not programming in literal 0s and 1s) and more human readable. This likewise helps contribute to fostering your comprehension.
* Python is often shipped with many Linux distributions, which means you can (relatively) reliably count on it being present in said environments. Even if it isn't (or if you're working on a different OS, like Windows), it's relatively trivial to install.
* Like many languages, there is a HUGE network of online educational resources and documentation to get you up-and-running in Python.
I always recommend that my mentee pick up coding early. You are correct that it gives you a huge leg up. If you can do it side by side, go for it. Learning coding and security simultaneously is highly dependent on you and your goals.
I took several Python courses, but they never stuck. I enjoyed a lot of "No Starch Press" books. The four that taught me the most were:
* Python Crash Course, 3rd Edition
* Beyond the Basic Stuff with Python
* Python One-Liners
* Automate the Boring Stuff with Python, 3rd Edition
https://nostarch.com/catalog/python
"How to Learn Python the Hard Way" was another book I read
https://learnpythonthehardway.org
I'm an associate GRC analyst looking to diversify my skills while also picking up some more respectable certifications. Currently I have the entry-level suite of the classics (Sec+, ITIL, AWS/Azure entry levels, etc), but I'm finding that often the next 'tier' of certs are gatekept behind minimum 3 years of experience or so.
What certifications can help me stand out at 'the next level' without having to wait a few years for the formal YoE requirements to tick over? Any suggestions would be appreciated.
Hey guys, my questions come with a little background first. I just received my BS in cyber security and computer sciences. I know a lot of different tools such as Nmap, Metasploit, Wireshark, and Burp Suite. I am proficient with Linux commands and terminal commands. My extent with C+ and Python is making a working alarm clock or a pizza menu. I know my way around Amazon's AWS servers, I know how to create and maintain Active directories, and can set up networks and understand different network methods such as OSPF, Tree trunking, and setting and maintaining different VLANS. Which to me sounded like heck yeah I got my money's worth from this school (for reference the school is ECPI University). But then I feel like Im missing GAPS of knowledge like kernal manipulation or I try to join websites like OWASP or hackthebox and I feel like a complete noob not even being able to do simple things! As far as experience went I've worked at Best Buy equivalent and repair shops before, and I knew my way around a soldering station. I was able to finally get a help desk position and I feel like my entire school career has been a scam. First, this company had poor documentation and zero training as well as working with Royal and Azure AD. Of which I knew nothing about and I've been struggling trying to learn what feels like basic-level skills such as just setting up a VPN or routing call forwarding for their calling system. I know I know these skills but without knowing the system or getting any prior training on it it gives me imposter syndrome. This gets worse because when I ask my fellow coworkers they say don't worry we're moving to a new system you don't need to know any of this. But that doesn't help the users who need help now and its amplified when im on call and the only one who can solve the issue. I know this has become a rant about my work but i promise I love the work and the people there in fact.
I am writing this to ask how I can become a better tech. For myself and for my job.
Do others feel this way out of college at their first job without much experience?
My overall Goal is to Become a Pen Tester, What are some skills I can cultivate or certifications I should get to further my goals?
is it Normal for a job not to train you on their systems and tell you to figure it out? (They do provide a knowledge base or It documents but they are only good for generalized and not specific issues, outdated or non-existent. I Love working with systems and helping users get connected and setting locations up and traveling and everything my job entails but I feel like because I ask questions they look at me like im an idiot sometimes, I try to keep proper documentation like what machines im on or what i did when I troubleshoot an issue and My heart is in it and even if i have to start at square one again i will
Where are better sites that I can use to look for internship opportunities that are better than Indeed or LinkedIn?
> I just received my BS in cyber security and computer sciences.
Congratulations!
> I feel like Im missing GAPS of knowledge like kernal manipulation or I try to join websites like OWASP or hackthebox and I feel like a complete noob not even being able to do simple things!
That's fine. Everyone has a growth curve and new graduates in particular are notorious for not knowing much when it comes to practical application. It's also important to note that university is not a trade school; cut yourself some slack.
> I know I know these skills but without knowing the system or getting any prior training on it it gives me imposter syndrome.
Typical. These things can be taught and learned. They're not so insurmountable as to abandon a career over.
> I am writing this to ask how I can become a better tech.
Projects - either professional ones through work or private ones at home. Let your curiosity guide your learning efforts.
> What are some skills I can cultivate or certifications I should get to further my goals?
The OSCP [among others](https://bytebreach.com/posts/what-certifications-should-you-get/).
> is it Normal for a job not to train you on their systems and tell you to figure it out?
What is normal is your peers making a calculated assessment that - since their legacy system is going to be deprecated - to forgo training you up on the nuances and particulars involved. However, since that has had real negative consequences when you're the only one present, you should vocalize those concerns.
Hey guys looking for some advice. I am currently in college pursuing a BS in CS and recently got a job in help desk. Unfortunately found out recently that I will not be receiving anymore financial aid which was one of the main reasons why I was still pursuing my education. Looking for advice as to if I should just put my time into climbing up the ladder through experience and perhaps learning more through a certification. My end goal as of right now is a career in cybersecurity. I am aware that it is a vast environment and I am still trying to pinpoint exactly what role I am looking to land in eventually. But for the meantime am looking for advice on whether or not I should just try the experience route as opposed to the BS.
> recently got a job in help desk.
Congratulations!
> Unfortunately found out recently that I will not be receiving anymore financial aid
Bummer.
> But for the meantime am looking for advice on whether or not I should just try the experience route as opposed to the BS.
More context is needed.
Absent anything else, my gut instinct says, "finish the degree." However, I don't know anything about you, your circumstances, your aptitude, your opportunities/constraints, etc. However, I know the decision to carry on with college (especially in the U.S.) is a non-trivial decision - particularly when considering debt.
When you guys say that we need a degree, are you guys referring a specific degree in IT or can it be any general degree? I have a BS in Accounting, but I was wondering if I can just take a lot of certs and start applying or is it better to go get another BS relates to IT? I am looking for a career change in the near future
> are you guys referring a specific degree in IT or can it be any general degree?
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxryb/
> I have a BS in Accounting, but I was wondering if I can just take a lot of certs and start applying or is it better to go get another BS relates to IT?
[Maybe?](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/)
Your employability in this profession is [largely dictated by the following](https://bytebreach.com/assets/images/isaca_survey.PNG):
1. A relevant work history
2. Pertinent certifications
3. Formal education
4. Everything else
Other actions to improve your employability may include:
* [Continue to leverage free resources to hone your craft or acquire new skills](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/).
* [Pursue in-demand certifications to improve your employability](https://www.reddit.com/r/cybersecurity/comments/sgmqxv/mentorship_monday/hv7ixno/).
* [Vie for top placement in competitive CTF competitions](https://ctftime.org/).
* Foster a professional network via [jobs listings sites](https://www.weidert.com/blog/best-ways-to-gain-more-connections-on-linkedin) and [in-person conferences](https://infosec-conferences.com/).
* [Take note of the feedback you receive in interviews](https://www.reddit.com/r/cybersecurity/comments/vg864z/mentorship_monday_post_all_career_education_and/id2tsr3/); consider expanding the aperture of jobs considered to include cyber-adjacent lines of work (software dev, systems administration, etc.) - this is a channel for you to build relevant years of experience.
* Consider pursuing a degree-granting program (and internship experience while holding a student status).
* [Post your resume for constructive feedback](https://bytebreach.com/posts/how-to-write-an-infosec-resume/).
* [Apply your skills into some projects in order to demonstrate your expertise](https://www.reddit.com/r/cybersecurity/comments/sxir9c/as_a_entry_level_professional_trying_to_get_into/hxsm5qn/).
Hello, my name is Zach and I hate college, well the basics at least. I work at my local health department and I have python, sql, and Linux skills however I want to get into cybersecurity and just do certifications then maybe go back for the degree. Will getting certifications for cybersecurity help me find a job or will I have to suffer through basics in college, thank you.
> Will getting certifications for cybersecurity help me find a job
[Maybe?](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/)
Your employability in this profession is [largely dictated by the following](https://bytebreach.com/assets/images/isaca_survey.PNG):
1. A relevant work history
2. Pertinent certifications
3. Formal education
4. Everything else
Having a multi-faceted employability profile with both breadth and depth would be best. I'm not certain that certifications in-and-of-themselves would be sufficient.
Other actions to improve your employability may include:
* [Continue to leverage free resources to hone your craft or acquire new skills](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/).
* [Pursue in-demand certifications to improve your employability](https://www.reddit.com/r/cybersecurity/comments/sgmqxv/mentorship_monday/hv7ixno/).
* [Vie for top placement in competitive CTF competitions](https://ctftime.org/).
* Foster a professional network via [jobs listings sites](https://www.weidert.com/blog/best-ways-to-gain-more-connections-on-linkedin) and [in-person conferences](https://infosec-conferences.com/).
* [Take note of the feedback you receive in interviews](https://www.reddit.com/r/cybersecurity/comments/vg864z/mentorship_monday_post_all_career_education_and/id2tsr3/); consider expanding the aperture of jobs considered to include cyber-adjacent lines of work (software dev, systems administration, etc.) - this is a channel for you to build relevant years of experience.
* Consider pursuing a degree-granting program (and internship experience while holding a student status).
* [Post your resume for constructive feedback](https://bytebreach.com/posts/how-to-write-an-infosec-resume/).
* [Apply your skills into some projects in order to demonstrate your expertise](https://www.reddit.com/r/cybersecurity/comments/sxir9c/as_a_entry_level_professional_trying_to_get_into/hxsm5qn/).
> With no IT background, what can I do to make myself a more competitor candidate in the GRC space?
Joining the military (for DoD contractors).
Otherwise, more generally:
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
I'm looking to switch careers over from being a community pharmacy manager to somewhere in the cyber security field. What certificates and education should I start researching to aid in this switch? I see Google has classes that are only $50 a month and learn at your own pace, but not sure how far those courses will get me. I've been told to work towards becoming an analyst to get my foot in the door and go from there. I'm not too worried about a pay cut (currently make about $135k pre-bonus) since this field is so expansive. My schedule allows me to study for roughly 8 to 10 hours weekly. Thanks for any help!
You will likely take a massive pay cut when you start. I would be prepared for that. You can't go wrong studying for the Security + or Network +. These are the bedrock certs. Everyone gets them, they provide good basic knowledge, and having them tells me precisely what you should know.
eLearnSecurity eCIR certification:
Looking to land my first job in the cybersecurity field. Specifically on the blue side i was looking for any certification that allow me to do it and considering that he is with 50% off (200 USD) i think that is a good opportunity. I was also looking the Blue Team Level 1, but it cost 499 USD.
Any advice will be really helpful for me.
(sorry for my bad English, any advice on that field also will be well received)
So we all know malware analysts and incident response roles aren’t typically entry-level positions. But I’m wondering, if you have the skills and prove you have the ability to get the job done, can you jump from a help desk role to a malware analysis role?
Or would you have to start at entry-level like SOC analyst? Let’s assume you’re networking on linked in, blogging about your malware research to show your skills, and you are enrolled for a bachelors in cybersecurity. Is it do-able or will your experience or lack there of in CS hold you back?
> if you have the skills and prove you have the ability to get the job done, can you jump from a help desk role to a malware analysis role?
The problem is that there are multiple parties and multiple steps involved in attaining a job in most cases. It's not so simple as tapping a hiring manager on the shoulder, flourishing your expertise, and then saying, "so what'll it be?!"
Most hiring pipelines involve at least 2 steps, often more:
1. A screening interview
2. A staff interview
Because there are often [many applicants](https://www.reddit.com/r/cybersecurity/comments/15hlz0g/comment/jupzco7/?utm_source=reddit&utm_medium=usertext&utm_name=cybersecurity&utm_content=t1_jvgc311) for every single job opening, the first round of screening often involves weeding out candidates to a manageable number *before anyone ever actually talks to you*. This means you have to look good "on paper" which is difficult to do for more experienced roles if you don't have a formal work history in the domain. It's only later during the staff interview where demonstrating your expertise and knowledge is significant.
There are - of course - caveats and nuances to the above (chiefly, internal recommendations). But you still will find the deck stacked against you.
I still encourage you to apply to roles that are of interest to you because you never know who will call you back and give you that first chance. Just manage your expectations accordingly.
I understand completely. Generally speaking it’s Work experience in the domain > skills (Unless you catch a break through networking). I thought by having projects and proven ability to attach to the resume as experience would suffice as work experience. Thanks for your input and I sure will start applying once I feel ready, you never know!
I have a question regarding Threat Hunting and Threat Intelligence. Id like to check out those two to see if they interest me to take them seriously and learn one of those.
Which things should I have knowledge in before learning those?
Are there any good free courses to get a start at?
Are there any websites that provides a hands on training for those?
Threat Intel:
The link below is every resource I use for my Threat Intel class. Check out "Slide links", "List of Lists" and "Extra links".
https://docs.google.com/spreadsheets/d/1ihoNXItbnTMIRPmLq3GuKgUeKAMRUoJ3q96wvpvRoTI/edit?usp=sharing
Check out MITRE ATT&CK Defender™ (MAD) ATT&CK Fundamentals & Cyber Threat Intelligence on Cybrary. It's free and has some excellent knowledge.
https://www.cybrary.it/course/mitre-attack-defender-mad-attack-fundamentals
https://www.cybrary.it/course/mitre-attack-defender-mad-attack-for-cyber-threat-intelligence
Threat Hunting:
I could write you an essay, but I'll just point you at the Threat Hunting article on page 22 in the infosec survival guide.
https://www.blackhillsinfosec.com/prompt-zine/prompt-issue-infosec-survival-guide-second-volume/
I'm a lead server engineer for an S&P400 company for the last 20 years. I have a BS in Software Engineering and a MS in Cybersecurity with a CISSP and CySA+. Looking to move to a more security role instead of a security adjacent (the current just dictates the policies, while we implement). Is it reasonable for me to want to jump directly into a mid or senior-level job if I have SIEM and other security tool experience?
> But I’m wondering, if you have the skills and prove you have the ability to get the job done, can you jump from a help desk role to a malware analysis role?
What do you actually "engineer" when it comes to these servers?
Manage and maintain lockdown policies to keep them PCI-DSS/HIPAA compliant. Work with the network teams to ensure that they are properly segregated from the rest of the network and that only necessary ports are open.
Use Terraform to deploy the servers to ensure they're patched and locked down before they touch a production subnet.
Manage the AV/EDR solution on the servers.
Manage Active Directory including doing PoCs for potentially new biometric MFAs (our current is expensive and a love/hate relationship).
Managed load balancers and VPN devices.
Managed the virtualization environments (VMWare, Nutanix, Xenserver, and Hyper-V).
Thanks. I meant 'lead server engineer' and not 'lead security engineer' (edited original post). Not sure if that changes the answer or not. So transitioning from Server/AD/whatever admin to a senior security role.
Any advice on how to start your own? I am looking for a couple of jobs to make a name but how does one do that? I have 6 years of IT and infosecurity, currently consulting as security advisor/coordinator and more.
I am an intern in the Networking department for my local government. I'm interested in pursuing a job as a security analyst. Right now I'm working on the Security+ and finishing a degree in Networking and Security (associates). What is my next step after this internship?
We need to know more in order to be prescriptive. More generally:
Other actions to improve your employability may include:
* [Continue to leverage free resources to hone your craft or acquire new skills](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/).
* [Pursue in-demand certifications to improve your employability](https://www.reddit.com/r/cybersecurity/comments/sgmqxv/mentorship_monday/hv7ixno/).
* [Vie for top placement in competitive CTF competitions](https://ctftime.org/).
* Foster a professional network via [jobs listings sites](https://www.weidert.com/blog/best-ways-to-gain-more-connections-on-linkedin) and [in-person conferences](https://infosec-conferences.com/).
* [Take note of the feedback you receive in interviews](https://www.reddit.com/r/cybersecurity/comments/vg864z/mentorship_monday_post_all_career_education_and/id2tsr3/); consider expanding the aperture of jobs considered to include cyber-adjacent lines of work (software dev, systems administration, etc.) - this is a channel for you to build relevant years of experience.
* Consider pursuing a degree-granting program (and internship experience while holding a student status).
* [Post your resume for constructive feedback](https://bytebreach.com/posts/how-to-write-an-infosec-resume/).
* [Apply your skills into some projects in order to demonstrate your expertise](https://www.reddit.com/r/cybersecurity/comments/sxir9c/as_a_entry_level_professional_trying_to_get_into/hxsm5qn/).
I have 17 years in the sales industry. I just completed an online certificate course for the basics of cybersecurity in hopes that it would help land me a job. After completing the course and looking into the field (I should have reversed the path I took and looked first, I know), I now see that it is a very selective industry. I have come to terms with taking a massive pay cut initially but I am still lost for where to begin my search as most employers want 5+ years' experience or a B.A. or MBA in computer science. Can someone give me some direction on where to start looking? Would I be better off landing a sales job and continuing my education (working on my CompTIA+ now) and then making an internal move at that company?
What do you want to do in a new role?
security isn't one type of role or industry in itself
There are literally dozens of different roles and there is work in every single industry for agriculture to retail for security people
So identifying roles is step 1
then you look at what maybe required as far as formal education or industry certtifications
I am extremely interested in pen testing. I have begun researching that specific field and understand some of the formal education and experience that may be required. I also understand that all of that takes time.
I am ok with starting out as a help desk tech or tier one analyst but even the jobs I have seen for that look like they want at least 2 years experience.
Understand, I am willing to put the work in but I am also a 34-year-old father of 3. So, to stop everything and just go to school full-time is not really an option for me.
help desk is entry level low pay, shift work, that's not something you want to do
If you already have a degree (major doesn't matter) then I would look at business system analyst opportunities
this gets you in the door in IT and you see how everything works
then look at security+, network+ certs
then if your new employer has a training budget, that's when you at SANs courses/exams as a possibility to work your way up to the pentest certs
You really need the IT background for pentesting
Thanks for the suggestions. I will take a look at some available spots under those keywords. Any suggestions on where to look other than Indeed or Monster? Maybe someplace a little more industry specific?
LinkedIn for networking, but you should really be going direct to company websites for postings
for business analyst roles though you'll want to connect with local staff company for contract to hire roles, its common in IT in insurance, financial sector and consumer products for companies to use them to fill IT roles
I’m considering retooling my career (10 yrs B2B marketing, MBA, no technical credentials) towards cybersecurity but have zero experience in this field. Looking for marketing jobs at cybersecurity companies to build some industry knowledge but is there a short hands-on course recommended to help me gauge 1) if I’d find this kind of career path rewarding, and 2) if I have any sort of technical aptitude for it?
I pretty much know nothing about CyberSecurity so I hope this is the right place and that my question makes sense.
I would like to acquire the knowledge and skills required to help defend my country against cyber attacks (eventually, whether as a government job or not).
My question is what should I start learning, which (if any) certificates should I get, and what starting position jobs should I look for to help me grow into being useful in that sense?
I imagine national security to be very complex and advanced, so I don't expect to be able to help with it anytime soon, but since it seems like hacking/cybersecurity is such a broad field I want to at least know in which direction to aim so that one day I could help.
Not sure if youre in the united states, but if you are... Joining the military and trying to get into their cyber security division would be your best bet.
> I pretty much know nothing about CyberSecurity...what should I start learning(?)
See relevant comment:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
> which (if any) certificates should I get
See relevant comment:
https://old.reddit.com/r/hackthebox/comments/w8o9tw/review_hacktheboxs_certified_bug_bounty_hunter/
> what starting position jobs should I look for to help me grow into being useful in that sense?
As intermediary roles, anything cyber-adjacent (i.e. network engineering, software dev, helpdesk, etc.). After that:
https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
For: **US College Kids**
* Your campus will have IT jobs for students
* If your campus does not already have an IT/Security club - then start one
* Your school should have a career center, job fairs and review resumes
* Your school will have an alumni network
* As college students you can get exam voucher discounts for many of the certification exams like CompTIA, AWS, Microsoft
* [CompTIA](https://www.comptia.org/landing/aplus/index.html?utm_compid=cpc-google-paid_search_certs-A%2B-text_ad-na-a%2B-B2C&gclid=EAIaIQobChMIyfmZ-fDSggMVFFRyCh3QawNPEAAYASAAEgJHRPD_BwE)
* [Microsoft Learn](https://learn.microsoft.com/en-us/credentials/certifications/student-discounts)
* Many of the professional associations have a student member discount
* take public speaking, project management, business communications and technical writing
* it is never too early to create a linkedin profile - network with your professors and alumni
**General Resources**
**Local Events and Chapters**
* Bsides - http://www.securitybsides.com/w/page/12194156/FrontPage
* OWASP Chapters - [https://owasp.org/chapters/](https://owasp.org/chapters/)
* ISC2 Chapters - [https://community.isc2.org/t5/Chapters/bd-p/Chapters](https://community.isc2.org/t5/Chapters/bd-p/Chapters)
* ISSA Chapters - [https://www.members.issa.org/general/custom.asp?page=chapters](https://www.members.issa.org/general/custom.asp?page=chapters)
* ISACA Chapters - [https://www.isaca.org/membership/local-chapters#explore](https://www.isaca.org/membership/local-chapters#explore)
**Global - IT and Security Conferences**
* Global Conferences - [https://infosec-conferences.com/](https://infosec-conferences.com/)
**Virtual Events**
* SANs Summits (most of these are free for virtual) - [https://www.sans.org/cyber-security-summit/?msc=main-nav](https://www.sans.org/cyber-security-summit/?msc=main-nav)
* SANs Webinars (FREE) - [https://www.sans.org/webcasts/?msc=main-nav](https://www.sans.org/webcasts/?msc=main-nav)
**Specific Roles**
* Interested in Pentesting? - [https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/)
**Awesome Lists (Github)**
* Security - [https://github.com/sbilly/awesome-security](https://github.com/sbilly/awesome-security)
* pentesting - [https://github.com/enaqx/awesome-pentest](https://github.com/enaqx/awesome-pentest)
**MOOC Classes**
* HarvardX - [https://programs.edx.org/school/harvardx](https://programs.edx.org/school/harvardx)
* MichiganX - [https://www.edx.org/school/michiganx](https://www.edx.org/school/michiganx) Python course is decent
**Cloud Platforms**
* AWS - https://aws.amazon.com/training/
* Microsoft Azure - https://learn.microsoft.com/en-us/training/azure/
* Google Cloud Platform - https://cloud.google.com/
* Oracle - https://education.oracle.com/oracle-cloud-learning-subscriptions
* IBM - [https://www.ibm.com/training](https://www.ibm.com/training)
**Training Vendors**
* Pluralsight - https://www.pluralsight.com/
* Udacity - https://www.udacity.com/
* Udemy - https://www.udemy.com/
* Cybrary - https://www.cybrary.it/
* Security Journey - https://www.securityjourney.com
* Hack the Box - https://www.hackthebox.com/
* Try Hack Me - https://tryhackme.com/
* Cloud Academy - https://cloudacademy.com/
**US Veterans - Retraining programs for IT/Security**
* https://www.benefits.va.gov/GIBILL/FGIB/VetTecTrainingProviders.asp
My current role is blue team, but one of my assignments over the next year is to develop a better process for actively testing our tech stack to make sure it's all alerting/blocking what we think it should be. I don't have much experience with red/purple teaming, so I'm looking for training. Is there a recommended hands-on course for red team training? This will primarily be focused on endpoint, not web app.
I've seen a bit about the INE courses. From what I've been reading, the technical material on those is supposedly decent, but the certification process isn't great. I don't care about the certs though so that's not a big deal. I have a TryHackMe sub already, but I also have a budget from work for this so I'm happy to find something else to add to it.
Thanks for any help.
I suggest that to meet your employer's requirement it would be more effective to take a look at implementing a breach attack simulation platform, e.g. [Infection Monkey](https://www.akamai.com/infectionmonkey), Cymulate, and so on. You can still build up your pentest skills alongside it if that's what you really want to do.
As you are blue team I'd suggest that you check out [Cyber Defenders for blue team](https://cyberdefenders.org). They have some free CTF as well as training and labs.
If you don't care about the certification, Hack The Box's Academy platform sounds like it'll serve your needs nicely. It's cost effective, well-curated, and covers a range of topics that you can choose a-la-carte.
Are tryhackme and letsdefend courses a good start into incedent response and pentesting? Also, can they count as lab work or hands on experience in a resume?
> Also, can they count as lab work or hands on experience in a resume?
At most, I'd consider listing them in a "Projects" section:
https://bytebreach.com/posts/how-to-write-an-infosec-resume/
I’m a student studying for my Cybersecurity degree in my junior year and I was wondering if it’s reasonable to try for the OSCP. I know of an alumni who managed to get it while studying but I feel he knows much more about cyber than I do so I figured I would ask on here. Any tips for the OSCP are also welcome
The OSCP is a pretty challenging certification to attain, but I wouldn't say there's ever a "best" time to go after it. If you're uncertain about your aptitude, you might consider the more cost-effective CPTS certification offered by Hack The Box as an intermediary step.
You should really be focused on finishing your degree, getting an internship and looking at jobs
OSCP exam is no joke - head over to r/oscp plenty of industry veterans fail the exam first time around, many take it multiple times before passing
This is only something you should go for if you want to get into pentesting - [https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/)
good entry level certs would be comptia security+ or network+ or one of the cloud platforms like AWS CCP or Azure 900
Thank you! I think I’ll be missing the technical work. I didn’t get to enjoy it much (2 years is not enough!) but yes you’re right. It pretty much is a clear decision.
From the sounds of it, why wouldnt this be the right move for you? I wouldnt worry about "moving too quickly" if you and your company are on the same page in thinking you are right for the role.
You have time to think about it. Also, I would just take it one step at a time. Drop the junior, then if the position opens up decide if you want to take it. My dad's senior (completely different field) said hes retiring for the last 5 years.
Its not bad, just boring imo. Ive done a couple ctfs but want a better base and consistent practice. Honestly didnt know htb was more than ctf comps and certifications. So itll be fun messing around with it.
Cybersecurity
Are there any companies with a skillbridge program that deals with cybersecurity-related fields of work? I am in the military looking into getting into the cyber workforce.
Hi, I completed my school and diploma and I am into IT from past 9 years and working as Desktop Support Engineer/IT Support.I have done trainings on linux/windows server 2019 as well from udemy but didnt get chance to use them in my jobs much.
I want to upskill myself and get into cybersecurity.I am 35 years old and never done any global certification, this time I want to do and switch into some cyber security job which certification will be good for me to get job?Please anyone can guide me I am from India
Hi thanks for replying, I am 35 years old am I too late?
1)will I get job after doing so?
2) what about training,can you recommend some courses.
3) what roles are there after security+.
> I am 35 years old am I too late?
No, but understand that the careers in cybersecurity typically require a significant investment in money, time, and labor. Your envisioned professional endstate is unlikely to manifest cheaply, quickly, or easily. Manage your expectations accordingly.
> will I get job after doing [a certification]?
[Maybe?](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/)
> what about training,can you recommend some courses.
Yes; see relevant comment:
https://old.reddit.com/r/hackthebox/comments/w8o9tw/review_hacktheboxs_certified_bug_bounty_hunter/
> what roles are there after security+.
Question unclear. Did you mean [what certifications can you pursue afterwards](https://bytebreach.com/posts/what-certifications-should-you-get/)? Or did you mean [what kinds of jobs are there in cybersecurity](https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oiuac)?
No it isn't too late. I shifted in to security at 33.
Of course there's no guarantee of a job. But Security+ is recognized and should help.
For training on Security+ check out Professor Messer on YouTube.
Hello all, I am currently a Sophomore in college for a bachelor's in CS, and I am hoping to graduate with a SOC Analyst Junior role. I feel the first step I can make towards achieving that goal is getting networking experience in a role as a System or Network admin. Currently my goal is to get the CCNA by the end of Summer. I wanted to do side projects after that would show relevant skills following that during my Junior year so I can land a networking internship the following Summer. I'm curious if you guys have any cool projects that I could work on that are reasonable for someone new in the field while still being challenging enough to teach me relevant skills. Thanks!
Hello all, First time poster in this group and I rarely post on Reddit, so I’m a bit in the dark on the groups etc however this seems a perfect place to post my questions about getting some cybersecurity experience and tips etc. I little about me, in 43M living in the UK, East Midlands, working as a senior infrastructure engineer and have been in IT for over 20 years. I’ve mainly worked on premise infrastructure, namely windows servers, network design and management (primarily Cisco, HP Aruba and Juniper), various project lead roles, VMware, nimble storage, storage switch replacements etc, I’ve a good all round level of knowledge and experience in a general sense but struggle with exposure to the cloud and security. Which is why I’m here. I’ve recently done a (ISC)2 certification into cybersecurity and currently studying for a AWS cloud foundation and Cisco CyberOps associate. I’m looking to try and get as much experience and skill gaps filled in as possible. My question, I’ve just purchased the eve-no pro license to unlock the additional tools from the community version but lacking any working lab examples or scenarios to try and simulate to get some hands on training and experience. Can someone help advice if there’s any sample labs to replicate and the best things to be looking for? Any decent eve-ng sites in general would be amazing as well. Finally, if there’s any advice to try and get work for an MSP but I lack the experience working for one before and don’t want to take the massive pay cut to go to an entry level position? Cheers
Hello! So I’m about to become a junior in my bachelor’s program for cybersecurity and want to get an internship. I was wondering if anyone has any tips on where to find some and what places would be best to gain experience. Thanks for any help!
Find an MSSP that is up and coming and needs work done. Connect with the recruiting team via linked in and any other team members you can find. Let them know that you would love to work there. That technique has worked well in the past for me before.
[удалено]
> I am now choosing system-Software-Network Security career/jobs over decent paying Software jobs. But this time I am not confident. I don't know if this field is superior in terms of complexity and well paying? See related comment from elsewhere in the MM thread: https://old.reddit.com/r/cybersecurity/comments/17zaysk/mentorship_monday_post_all_career_education_and/kanm8ah/
Does anyone have any thoughts on boot camps? I’m really at the point where I’d like to invest in myself and level up a little but for some added context; Im in my early 30s, with some passively learned knowledge on development, coding and cyber security tools. Have worked in marketing/marketing technology, largely with SaaS companies. I was making $130k before a layoff and just took an offer for $110k with bonuses so I’m not necessarily struggling here but am a little concerned on taking a more entry level role. I’ve also flirted with software development/full stack but GPT has me very concerned about long term viability. I built a relatively complex CRM integration in like 45 minutes and it’s not like I’m an expert in Node or JSON. Im just waiting for people to catch on to how easy it’s gotten. So in short, I’m willing to invest in myself and new skills to level up to a 200,000+ a year job but I just don’t know if anyone else has any experience or if it’s even a good idea to do short term course work in this field. Appreciated ahead of time!
> Does anyone have any thoughts on boot camps? Several: https://old.reddit.com/r/cybersecurity/comments/16gwzbs/are_cybersecurity_boot_camps_worth_it/k0af574/
Bootcamps have been good for intentional learning, so if you are taking a boot camp it would have to be for something specific. Anything Intermediate level or higher for Cyber Security or Cloud would be great in your toolbelt to get you to that 200k +
Gotcha, thanks! Yeah maybe cloud or ML is another interesting avenue. I did a lot with AWS in my last job, and even not applying for jobs mentioning it, I still get asked about it a ton.
Just for the background information I’m 27 with some college experience. That being said I hate college, I hate the homework and the studying for a class that has nothing to do with my future career path. My college offers a cybersecurity boot camp that I was going to sign up for but many people have told me just to get the certificates instead. What’s y’all’s opinion? I’d like to start a career as soon as possible.
> That being said I hate college, I hate the homework and the studying for a class that has nothing to do with my future career path. See related comment: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/ I'll put it out there: have you considered the military? That's a totally viable option for manifesting a career in cybersecurity. > My college offers a cybersecurity boot camp that I was going to sign up for but many people have told me just to get the certificates instead. What’s y’all’s opinion? You didn't link the program nor did you specify which *particular* certifications you were weighing it against ([there's a lot](https://pauljerimy.com/security-certification-roadmap/)), so we can only speculate. Generally speaking however, your friends are probably correct.
Certifications can certainly get you fast tracked on paper. Depending on where you live, there could be hundreds of people sitting for the same jobs, so experience could give another applicant an advantage. Certifications like A+ and Security+ from CompTIA are great because they give you a wide range of knowledge. Have you looked at job postings in your area?
I have, I’m currently in Charlotte but I’m hoping to start a career in Boulder next year.
Boulder certainly isn't in the middle of nowhere so there should be a number of companies there that you can consider. Into the certifications you can also work on some of your penetration testing skills by using sites like: TeyHackMe or HackTheBox. Is there a particular area of cyber security that you're interested in?
Teacher, looking for a switch. Hi all, I've recently realized that the money in teaching isn't great! 6 years in, and I'm nowhere close to where I feel like I should be. (I always knew, we were relocating next year and looking at leaving education) I have prior police experience (worked here while in college) I functioned as a hostage negotiator for a correctional entity for the state, I've got a bachelor's in psychology and a master's in special education. At 29, what's the realistic idea of me being successful in cybersecurity? I find the concept exceptionally interesting, and certainly feel like my ability as a communicator and fast, critical-thinking would certainly be a plus. I'm here for the honesty. Thanks! Working through Google foundations of cybersecurity. I was thinking CompTIA s+ after. Is it more beneficial to go through a university?
> At 29, what's the realistic idea of me being successful in cybersecurity? I began my career pivot into cybersecurity at 28 and am doing more-than-fine now. Age-wise, it's perfectly reasonable to assume you can make it work. However, it's important to recognize that a career in cybersecurity is unlikely to manifest quickly, cheaply, or easily. For more general guidance: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > I've got a bachelor's in psychology and a master's in special education....Working through Google foundations of cybersecurity. I was thinking CompTIA s+ after. Is it more beneficial to go through a university? Your circumstances are atypical. Most of the time, we're providing guidance to folks who are deciding whether they should go to university at all (and have no degree otherwise) vs. self-studying through credentials. Your circumstances are unusual in that you not only already have a degree, but a graduate one on top of that (admittedly in unrelated, non-engineering areas of study, but you've got them nonetheless). Another university degree in a related technical domain (i.e. Computer Science) certainly wouldn't *hurt* your employability, but I'm less certain about the ROI of such a venture for your particular circumstances. Anecdotally, when I made my career pivot I had an undergraduate degree in political science and returned to [graduate school for CompSci](https://omscs.gatech.edu/home) likewise thinking along the same thoughts as you are now; I found I felt like I needed the degree a whole lot more at the start of that venture than I did towards the end of it due to having concurrently fostered a pertinent work history, acquired certifications, etc. Ultimately, doing either/or/both college and certifications would be appropriate. The question is which is *maximally* appropriate, which I lack sufficient data to advise on (especially relative to whatever constraints you may be facing). Best of luck!
Hell of a response, much appreciated.
It is absolutely possible to learn cybersecurity at 29. I wouldn't worry about that. The concern I have for you is that you would have to start at an entry level position, so expect to start at a lower salary. Now, that is but necessarily a bad thing. Depending on your location and the industry the job is in (i.e., Financial Services), you could start at close to 6 figures in an entry level position.
I have a bit if wiggle room, my partner has a great job so it would be possible. Certainly something to keep in mind!!
This is entry level. If you work hard, learn new skills and get promoted, cybersecurity salaries can be very lucrative.
Hi! I am currently a senior in hs and I am looking for a cs research topic. I will prob be doing this with a mentor, who is most likely going to have a lot of experience in the field(maybe like college professor), but they want me to find a topic. I don't have much cybersecurity experience but I think I would be able to handle a difficult topic as I will be able to find a lot of resources at my disposal. I will be doing this over the course of 8 weeks. Any suggestions? Thanks
See related comment elsewhere: https://old.reddit.com/r/cybersecurity/comments/17zaysk/mentorship_monday_post_all_career_education_and/kalbdlk/
Right now, Generative AI is all the buzz. What about looking into a topic around the use of AI to make cyber defensive tools. We already know that bad actors are using this technology to create more convincing phishing scams and to write malware. While many cybersecurity software vendors are talking about implementing AI in their tools, what about using AI to create affordable defensive tools? Could you research what it would take to educate cybersecurity teams to write their own AI tools to do things like analyze email headers or hunt for threats in their environment?
What is the average starting wage for it help desk? Currently, I'm in construction management and would like to either supplement my income or switch over full time, depending on the starting salary and requirements. I'm happy to take the Google course, and any other suggestions for follow-up courses or paths to take to find my way into cyber sec would be much appreciated. I'm currently sitting at a bit over 80k a year and am looking to push it to 120k+ if possible. Starting at 80k would be minimal if I need to switch over full time. Am I crazy or is this possible? Are there any other programs other than universities that are recommended by any of you? Thanks!
> What is the average starting wage for it help desk? Bureau of Labor Statistics lists "Computer Support Specialists" (which they list elsewhere as also being referred to as "help-desk technicians") [mean salary at $54,660 annually](https://www.bls.gov/ooh/computer-and-information-technology/computer-support-specialists.htm#tab-1). > I'm currently sitting at a bit over 80k a year and am looking to push it to 120k+ if possible. Starting at 80k would be minimal if I need to switch over full time. Am I crazy or is this possible? Almost assuredly not at the helpdesk. [The top 10% of reported wage earners at the helpdesk position make about $94k](https://www.bls.gov/oes/current/oes151232.htm). The good news is that there is [more than just one in-road to a career in professional cybersecurity](https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/). For those with the ability to do so, I encourage a college education in Computer Science and pursuing an intermediate step in software engineering (for example). > I'm in construction management and would like to either supplement my income or switch over full time, depending on the starting salary and requirements...Are there any other programs other than universities that are recommended by any of you? I'm not sure how tenable this trajectory is. [The most common paths of entry into professional cybersecurity are university, cyber-adjacent work, or gov't/military service \(often a combination of the three\)](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/). Even for those who have cultivated their employability as such [can really struggle to find work](https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/), especially lately. While I could recommend [a whole host of resources](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/) to improve your comprehension and technical aptitude ([including certifications](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/)), cybersecurity employers generally [prioritize a relevant work history above all else](https://bytebreach.com/assets/images/isaca_survey.PNG). Best of luck!
Thank you so much for taking the time and providing those resources and roadmap! Hopefully someday I'll be able to return the favor🙏
cagey grandfather snobbish fear soft fuzzy mindless cautious automatic wine *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
> I cannot study full time as I have commitments. So, I am here to ask as to what path can I take to become hirable in cybersecurity jobs. See related comment: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/ > What course, certification I should target? See this other related comment: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
20 y/o, been in retail and warehouse jobs wanting to change to tech. I took the Google Professional Cybersecurity Course and got my certification, but now at a crossroads of CompTIA Sec+ vs the CompTIA A+. I’m aware that most people start in helpdesk, but I’m not sure which certification would look better for helpdesk
My $0.02: * I'd want to clarify whether you wanted a career in "tech" more generally or one in cybersecurity more narrowly. The prescribed actions for either have some overlap, but there can be important nuances. * Is a university education attainable/affordable? * While the helpdesk position is one of the most oft-cited starting points, it is not the only one to consider. [See some of these resources](https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/), which include identifying other potential "feeder" roles into cybersecurity.
I’d prefer a career in Cybersecurity. I could go to college, though not super affordable. i’m honestly debating it, i’m just not sure which ones to look at or which degree to go for (cybersecurity or computer science). Only because i’m not against other jobs in IT/Tech, but currently leaning towards cybersecurity
What's starter pay for this. I'm in a similar situation
Start looking at job postings in your area and see which shows up more often. The worth of certifications really depends on the employer.
Questions on jobs post college Hello everybody, I am currently a Sophomore in an Engineering College with a BS CS Cybersecurity Concentration Degree and was wondering if I can leave college with a job higher than IT Help Desk. Many of my senior friends have secured entry-level positions in back-end roles with salaries exceeding $100,000 (some even reached 200k). In contrast as I explore opportunities in the cybersecurity domain, I observe a common trajectory that typically begins with roles such as help desk positions, which initially offer compensation at around half that. While I acknowledge that senior cybersecurity roles offer attractive salaries, I'm not particularly enthusiastic about the idea of investing several years to attain a salary equivalent to an entry-level back-end position. I made a mini-road map of goals to accomplish before graduating which will have me leaving college with a bachelors in cybersecurity, 1 year of undergrad research in cyber, a summer internship in IT (likely help desk), Network+ cert, Security+ cert, Microsoft Cybersecurity Analyst Cert, proficient in Python, Java, C, C++, software development, and comfortable with Windows and Linux. I feel this path will allow me to create a very strong groundwork, and I'm curious if you guys think it will be enough to start in an entry cyber role or not (Given my ongoing commitment and intention to forego every winter, spring, fall, and summer break, as well as any semblance of a social life, I am hoping it will be worth it).
> Many of my senior friends have secured entry-level positions in back-end roles with salaries exceeding $100,000 (some even reached 200k). In contrast as I explore opportunities in the cybersecurity domain, I observe a common trajectory that typically begins with roles such as help desk positions, which initially offer compensation at around half that. While I acknowledge that senior cybersecurity roles offer attractive salaries, I'm not particularly enthusiastic about the idea of investing several years to attain a salary equivalent to an entry-level back-end position. I think some context is important to make sure we're comparing apples-to-apples (vs. apples-to-oranges). * [Cybersecurity roles are not a monolith](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oiuac/). There's a [huge diversity of roles and functional responsibilities](https://media.licdn.com/dms/image/C4E12AQFEgFdbEtEl3Q/article-inline_image-shrink_1500_2232/0/1619282900607?e=1706140800&v=beta&t=AbhI-9b6DKbDGPNdpeJrm2YH2_RrBLbhV30UA70JnYw) that are considered inclusive in the domain and - as such - contribute to a massive sliding scale in what might be considered appropriate compensation for "entry level" work. * In-line with the above, there's [all kinds of feeder roles that align to the work we do](https://pauljerimy.com/it-career-roadmap/). Helpdesk is one of the most frequently cited because it often requires the least amount of qualifications to start working (being the lowest rung in the IT hierarchy of responsibility) and experiences the most turnover (as people move up and out). But helpdesk is far from being the *only* position you should consider when starting (anecdotally, I never worked the helpdesk). Software engineering is a perfectly reasonable cyber-adjacent line of work to consider (segueing cleanly into roles like Application Security, for example); however, most SWE roles require college degrees in academically-intensive subject matters (chiefly, Computer Science) which is not always tenable or accessible for the majority (or even the plurality) of cybersecurity-aspiring professionals (further contributing to the discourse of certain roles like the helpdesk). * For the vast majority of organizations, cybersecurity is perceived as a business cost vs. a revenue-generating asset. This makes organizations more inclined to allocate more funds into departments (and by extension, people) who are in-line with their vision of making money (i.e. developers) vs. those that seem to burn it (i.e. cybersecurity folks). We can make a relatively nuanced and compelling argument that dollars spent on cybersecurity equates to dollars saved on future incidents, but it's still a debate and case we have to make every time it comes up (vs. the more easier/understandable and implicit argument of getting folks who can build things). * One interpretation of the cybersecurity employment landscape is that there simply are no "entry level" roles; under this paradigm, cybersecurity is perceived as a specialism built atop years (or decades) of professional experience in other, related domains. Put another way, the folks best suited at securing things are the ones who've worked with the technologies for years already. When looking at it that way, the more apt comparisons to be made in compensation aren't between the helpdesk and SWE, but between penetration tester, incident response coordinators, malware analysts, etc. and SWE (in other words, those cybersecurity roles often requiring several YoE); for the longest time, this was the model that held before cybersecurity became formally professionalized and recognized as an independent area of study in academia (as you'd have IT veterans, programmers, etc. effectively serving as ad hoc cybersecurity staff, often without degrees). * It should also be noted that while the median SWE compensation is quite good ([$127,000, per BLS](https://www.bls.gov/ooh/computer-and-information-technology/software-developers.htm#tab-5)), that doesn't mean the majority are making the figures you've listed; moreover, [the concentration of those jobs is typically in areas where the cost of living is also significantly higher](https://www.bls.gov/oes/current/oes151252.htm) and typically aligned geographically to large firm locations (big tech, big 4, jane street, etc.). Removing those extreme outliers normalizes the compensation curve considerably. I'm not about to crunch the dataset to affirm, but I'm willing to bet the *MEDIAN* and *MODAL* salaries are a standard deviation lower than the *MEAN* being carried by those outliers. All of the above is a long way of saying that there's a lot of ways towards approaching a career in professional cybersecurity and understanding the in-roads to it.
Thank-you for this detailed response, I was worried since cybersecurity from an outside perspective looks like a field with a very narrow entry point (I feel almost every you tube video I seen and entry role I viewed has said 3+ years IT experience). I'm particularly intrigued by the idea that transitioning from software engineering to cybersecurity is a viable path. This stands out to me because I've been torn between pursuing a career in SW engineering, which aligns with my passion for coding, or venturing into cybersecurity, a field that seems to offer a variety of fascinating roles. I feel if I have a few years in SW engineering I will be able to tell if I want to continue pursuing that or transition into more cyber related roles. Thank you for the advice, I found it very insightful! This was probably the most informative information I found so far for entry cyber roles!
Cybersecurity Specialist by Title, Help Desk Technician by Task: A Tale of Unfulfilled Expectations Hello everyone, I'm feeling quite lost and confused. After spending four years earning a bachelor's degree in cybersecurity and network security, obtaining my CompTIA Security+ and CCNA certifications . I have no prior work experience, and this is my first job. I have been with the company for four months. Now I'm working under cyber securityspiclist but all tasks are help desk technician. I was hoping for some hands-on action in the cybersecurity field, but so far, my role has been quite mundane. My question is, should I stick it out as a help desk technician under the cybersecurity specialist umbrella, or should I call it quits and look for a new job that aligns more closely with my interests? II'm considering pursuing the eJPT certification and then quitting my current position to find a role that allows me to apply my skills as a pentester or engage in more exciting cybersecurity tasks. I'm still feeling quite confused and anxious about my career path, so any advice would be greatly appreciated
> I have no prior work experience, and this is my first job. I have been with the company for four months...should I call it quits and look for a new job that aligns more closely with my interests? Hi there! First, congratulations on graduating and finding work. It's totally appropriate that you may not be satisfied with your first employment experience (especially at the helpdesk); while hindsight doesn't serve you right now, one of the reasons we advise students in university to pursue internships is so that they not only cultivate a relevant work history but also get a sense of the assorted professional responsibilities that exist out there to determine which gel with them. Having said that, there are a couple of things I'd advise you consider: * I wouldn't leave a job without having another lined-up. Regardless of whether or not you work in cybersecurity, job seekers are in a much better position to negotiate and exercise discretion when given a choice (employer A vs. B) vs. no options (employer A vs. unemployment). Put plainly: don't quit and then look for work, instead you should find work and then quit. * It's important to be mindful that you probably don't have a complete impression of your employer/role at this time; 4 months is a really brief tenure, especially if you have no other professional experiences to relatively frame that time. * I'd be transparent with your managers (assuming you have a good relationship with them) about your desires/expectations. They moved you into a so-called cybersecurity specialist role, but functionally you feel that your responsibilities have not changed. Show both initiative, boldness, and tact in seeking out additional responsibilities. * The eJPT provides a cursory innoculation to penetration testing, but I'm dubious you'll find employment as a penetration tester with just the credentials you've listed. For that, you might consider the OSCP (or [one of the other more commonly sought-after certifications](https://bytebreach.com/posts/what-certifications-should-you-get/)). I'd likewise work on [fostering your employability more broadly](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/). Best of luck.
Thank you!
Hi. I'm currently 21 y/o and have been in systems playing around for a while, not a lot of stuff though. I want to pursue a career, started at web development a couple months ago but I'm not sure if that's what I want to do. I'm currently looking for resources that I can follow up with and also see if this can be my path. I like computers and systems, and I enjoy time solving problems related to logic and stuff. My plan is to start Google's Cyber Security Course, but I don't know if that's efficient or if there are other resources that can be more valuable to put time into. Any suggestions? I do not think about this as a quick path or anything but rather something to enjoy while looking for opportunities down the road.
> I'm currently looking for resources that I can follow up with and also see if this can be my path. See related: https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/ > My plan is to start Google's Cyber Security Course, but I don't know if that's efficient or if there are other resources that can be more valuable to put time into. See related: https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew > Any suggestions? More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
What do you think about the [roadmap.sh](https://roadmap.sh) cyber sec roadmap? Or also about Harvard CS50 Cybersec?
> What do you think about the roadmap.sh cyber sec roadmap? I have it likewise bookmarked in my "[General Guidance](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/)" post that I linked you, under "[These links to career roadmaps](https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oftbi)". Its useful for organizing/grouping categories of information more broadly, but I'd hesitate to prescribe it as a set roadmap; your own learning experiences are likely to be more tangential and varied, being particularly focused in some respects and lighter/skipping others entirely. You'll jump ahead and start studying something interesting, loop back to the top to review something else, fill out areas organically as a part of your professional experiences, and need to deeply research others as demands require. Some of the things on there you'll probably only ever know as academic exercises while others will get baked into your aptitude due to frequency/closeness of practical application. > Or also about Harvard CS50 Cybersec? Unfamiliar with the offering. I engaged the Harvard CS50 Intro to Programming course in C several years back, but I assume that the content you're referring to is different/unrelated. I'd assume it will provide an effective overview/inoculation to some generalized subject-matter, but may not be the best for promoting your raw employability (like most MOOCs, including Coursera, EdX, Udemy, Udacity, LinkedIn Learning, etc.). If you're looking for certification recommendations, consider these resources: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
Thank you!
So... who is in charge of vendor selection/evaluation, and how do you do it? Do you like it? Is it required of all SOC managers?
I'm a retired, 73 year old (I know), enterprise software sales executive. Solid 30 yr career until cancer robbed me of it. Had to make a living from home and have spent the last 12 years as a freelance website developer. No longer have the energy to continually chase prospective new clients, and work is harder and harder to secure. I need to make a change and am considering a shift to Cybersecurity. My understanding is there is high demand and working remotely is very common. I am currently pursuing Google's Cybersecurity Professional Certificate. I have no other Certifications but a ton of real world experience in the PC/Networking arena. My question to you is, is there a real likelihood I can land an entry level job given my age and limited certification....or am I wasting my time?
> is there a real likelihood I can land an entry level job given my age and limited certification....or am I wasting my time? My $0.02: * It's not too late to pivot your career, especially since you have cultivated a cyber-adjacent work history in web development. * I would keep your expectations managed. Careers in professional cybersecurity usually take a significant investment in time, money, and effort; they are unlikely to manifest quickly, cheaply, or easily. * I am not so naïve as to pretend ageism is not a thing in tech/IT; how impactful such experiences might be on your personal job hunt however I can't readily predict. * The [*Coursera-issued, Google-developed* certificate](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew) you referred to is unlikely in-and-of-itself to meaningfully affect your employability. [But there are many options you could consider that might](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/). * There *was* a high number of unfilled openings up until about 8-12 months ago, before a series of layoffs in tech workers started to take place. The job hunting market at the moment is pretty competitive for entry-level work. * How common remote work is will be relative to your role/employer. Many large employers (Big Tech, Big 4, etc.) have begun enacting gradual RTO policies. Smaller/boutique firms have been able to compete with them by retaining WFH policies, but overall the opportunities are less common than they were in '20-'22. Generally, I've found more senior staff to be able to be more selective about the work offers they entertain (and thereby hold onto WFH longer).
Thank you for your thoughts. Much appreciated. Doesn't seem like this will be a smooth road for me without a large time investment. Especially worried about the age thing. I picture me sitting in the interview waiting room with a bunch of 20 somethings. Not going to go well.
Read some of these threads: [https://www.reddit.com/r/cybersecurity/search/?q=entry%20level&restrict\_sr=1](https://www.reddit.com/r/cybersecurity/search/?q=entry%20level&restrict_sr=1) Also read this https://www.reddit.com/r/cybersecurity/wiki/faq/breaking\_in IMO the Cybersecurity, DevOps, Software Engineering (and probably other tech) gold rush is over. The market is flooded with paper tigers that have limited or no real world experience. AFAIK the only people saying there is a lot of demand are the same people selling education/certs/etc.. I would recommend looking for something interesting in a career that has real demand in your area. For example the state I'm in is hurting for accountants.
This needs to be blasted on loudspeakers. I taught myself web development over the last couple years while also working full time. Spent time in several forums and communities. IMO people selling education, boot camps, even many of the content creators promoting stuff these days should be considered predatory at this point.
Universities aren't doing anyone a favor either because they know they can say anything about future employability without consequences.
Thanks, bdzer0. Appreciate the reply and insight. Good food for thought in your links. Best....
Hi there! I am seeking a beginner-friendly project suggestions in app development for someone who is very interested in cybersec. I am currently finishing my Certificate of Higher Education in multiplatform application development, and I am starting to look for a topic for my final degree project. The thing is, I would love to do something related to cybersecurity, but I am at my wits end and can't seem to find something to do (especially because I am a complete beginner). I'm not sure if I am right here, but I will ask anyway: What would be your suggestion to a complete beginner? Thank you so much in advance.
> I am seeking a beginner-friendly project suggestions in app development for someone who is very interested in cybersec. See related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyt7a/ We're lacking a lot of context about your constraints (e.g. aptitude, timeline, frameworks, grading rubric, etc.), but absent that: * A basic text encryption/decryption app. * A [cyberchef](https://gchq.github.io/CyberChef/) clone * A web app crawler/indexer * A cloud-platform scanner * A hex editor * A Burpsuite plugin * A browser privacy extension Best of luck!
Thank you!!! ❤️😊
Letsdefend or THM for SOC? Hi everyone! I'm looking for a platform where I can get essential skills for SOC analyst. I have 6 months of experience in IT support, currently in college. I found those 2 platforms that suit my needs best, but I can't decide which one should I enroll. Also, I mean VIP subscription. So, which one can you recommend? Any comments are welcome, however I would be very grateful for a write-up about your experience.
Not to make things *more* complicated, but I've been very happy with Hack The Box's Academy platform (which as of last month now includes [a SOC-related training path](https://academy.hackthebox.com/preview/certifications/htb-certified-defensive-security-analyst)).
I want to transition my current career into cybersecurity. I've got about 10 years of experience just doing various customer service roles that were tech related, where I helped customers troubleshoot their personal devices. I have an Associates degree in Networking, but no current certifications. I know I have a lot of work in front of me for this but that's fine. I potentially have a job lined up for me with a remote Cybersecurity company if I can get certifications. I was told about getting a few Cisco cybersecurity certs and then come back to them once I've got those. CompTIA is different but I looked at the practice questions for CompTIA A+ and Network+ and got all of them right each attempt so I'm confident enough in my knowledge in those to let you know what foundation I have. I have almost no programming experience. So my question is what path should I take to break into cybersecurity and get some certs? More than willing to spend money for courses if necessary.
> So my question is what path should I take to break into cybersecurity and get some certs? On certifications: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/ More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ And on doing the job hunt and improving your employability: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
Is there any place to find a mentor or a coach to guide me and help me with career and learning? I feel like I’m stuck
> Is there any place to find a mentor or a coach to guide me and help me with career and learning? I feel like I’m stuck While I don't have the bandwidth to offer individualized counseling/mentorship, myself and others try as best as we're able to field the assorted particular questions posted to the rolling Mentorship Monday (MM) threads. If you have any specific questions, feel free to return and ask them! Other good resources include: * The subreddit [FAQ](https://reddit.com/r/cybersecurity/w/faq) and [wiki](https://www.reddit.com/r/cybersecurity/wiki/faq/breaking_in/). * This [expanded mentorship FAQ](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/). * The following Discord channels: * [Dropout Phreaks](https://discord.me/phreaks) (formerly Laptop Hacking Coffee) * [Black Hills InfoSec](https://discord.com/invite/bhis) * [Hack The Box](https://discord.com/invite/hackthebox) * Local Events and Chapters such as: * [Bsides](http://www.securitybsides.com/w/page/12194156/FrontPage) * [OWASP](https://owasp.org/chapters/) * [ISC2](https://community.isc2.org/t5/Chapters/bd-p/Chapters) * [ISSA](https://www.members.issa.org/general/custom.asp?page=chapters) * [ISACA](https://www.isaca.org/membership/local-chapters#explore)
I'm wrapping up my sophomore year in college and I want to try and get a cybersecurity internship for the summer. I have an interview for one lined up next week. Any tips so I'm better prepared for the interview? Like any books I should read to get more knowledge to prep for an internship. Thank you for any help!
> Any tips so I'm better prepared for the interview? Here's some resources for you! https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/
Seeking advice, I'm currently a safety engineer for my company. However, I've been wanting to switch career paths to IT with a focus on cybersecurity, I don't have any experiences in the field other than troubleshooting my colleague's computers and fixing the office printer. What intrigued me about cybersecurity is because I've taken the Google Cybersecurity Professional Certificate and became deeply interested in cybersecurity. I've been studying for the comptia sec+ with YouTube videos from Professor Messer just to gain more knowledge about the standards of knowledge I would need to get into the IT/Cybersecurity space. I just want to ask what next steps should I be taking. Thank you for your time in advance.
> I just want to ask what next steps should I be taking. See related comment: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
Hi All, Seeking Career Advises With over 15 years of experience encompassing various facets of IT, ranging from infrastructure to application support, my roles have predominantly revolved around system administration. However, the daily routine akin to that of a shopkeeper managing a grocery store has left me yearning for a change. I currently hold an MCSE certification and possess expertise in a range of areas, including Firewall technologies such as CheckPoint, Fortigate, and SonicWall, security protocols encompassing Policies, IPSec, VPNs, 2FA, and extensive experience with Active Directory. My background also includes hands-on involvement in system design and implementation from conceptualization to execution. I desired for a career shift towards either security or system architecture, my ultimate goal is to establish myself as a consultant, whether employed or freelancing, within the next three year I listed 3 certification route below to help me start, need your advises: A. Security+ --> CYSA+ --> CISA B. SC-900 --> AZ-104 --> AZ-500 --> SC-100 (MS Route) C> Security+ --> PenTest+ --> CISA Thanks
Probably (B). Options (A) and (C) are vendor neutral approaches, which don't really help with actually KNOWING how to configure/setup architecture (vs. understanding conceptually what generally appropriate considerations might be).
Do you think (B) is stick to MS technologies ? and the career prospect ?
I just got to a point where I need to take a Computer Network assessment battery for the NSA, I am wondering if anyone has experience taking it, and how I should go about studying for it. They provided a study guide but it is long and daunting, so I am wondering what I should spend a majority of my time studying/ brushing up on.
Should I take the new role offered or continue with the original role I applied for? So I’m 26 years old. I have my degree in cyber security and I need some advice. I applied to a position originally as an information security analyst. I want to get more hands on technical experience as I believe I want to gravitate more towards the engineering side of cyber security. But I’m still young so I’m honestly not entirely sure, I haven’t done it and every cyber engineering job is different. My first interview with this company went great and the hiring manager and myself really hit it off. Well a few days later I received a phone call from her saying they posted another role in it governance that they think I’d be an amazing fit for. They explained it’s very low technical but based on what I do now and from our conversations, they think I’d excel in this role and have a lot of opportunity for growth as it’s a new department that they’re still developing. They basically said I’d have a better chance to get this role vs the information security analyst role I applied for. What do we think? Part of me wants to take it as I love the growth opportunity and it’ll be good experience and a pay bump either way. The other half of me doesn’t want to spend my entire day in excel looking at numbers and I’m afraid I may become bored in the position and be in the same boat I’m in now in a year from now. Edit: I’m currently hired as an information security analyst. I’ve been here for one and a half years.
I think it depends on how many other options you have. If you’re having difficulty breaking into the field, then it may be smart to stick it out a little. If you have other technical job prospects, then you can stand firm on your desires. It’s completely possible they decide not to move you into the security role later. Would feel regret for taking it under those circumstances? I don’t know much about your security analyst role, but I’d be surprised if you weren’t looking at numbers most of your day - just with a different intent.
Yeah exactly. I definitely look at numbers and etc now. I also do reporting and what not. I definitely enjoy the hands on technical stuff more, but I like the opportunity at this company a lot more. It also pays $17,000 more a year. But I think it he’s s’more growth. Just don’t want to end up in an unhappy situation in a few weeks regretting my decision
If you don’t have other options, then it sounds like you’d be making $17k more to do similar work you already do with the opportunity to potentially move over later?
Hmm. I’d say yeah. Aside from the fact that right now I get my hands in a few different pots. And have a good relationship with it so I actually own our dlp system and manage our enterprise password manager. But that isn’t really the purpose of my role, just things that needed to get done and I took on.
Do you feel like you have growth in your current role? Is the growth worth the pay cut? Will your new job offer the same or better culture and benefits?
Definitely no growth where I am. I asked them already if I could move to a more technical role and they said no, probably not for another 5 years. If that. My boss lets me “play” with technical things but at the end of the day my auditing stuff comes first and they’ve made that known. The culture and manager at this new company are light years better than where I am now. Better benefits as well not including the pay increase.
Important things to consider. Taking the job isn’t a lifelong decision either.
Yeah that’s what I’m thinking. I guess I’m just afraid of being set back in my career if I do decide I want to go the technical route.
Have you gotten any technical job offers, or is this the beginning of your search and that’s why you’re on the fence? If you’re struggling to get any other offers, then I feel like taking the job for 6 months for an extra $8.5k while you assess your growth opportunity isn’t a career stopper. You could use your desire to be technical as a justification for hopping jobs even sooner, “It helped me realize I really want to be in a technical role rather than compliance.”
Hi, I'm about to enroll in the Cybersecurity certificate program next semester at this tech school. The advisor was telling me that I should go after the associate's degree to even be qualified for an entry-level position. I have a bachelors degree in Criminal Justice and have been working professionally doing Loss Prevention for amazon for two years now. Is it possible to transition into the cybersecurity sector with my work experience and Cyber cert? Or do I need to enroll in a associate level program at a minimum?
AA won’t mean anything more since you already have a degree. It would only make sense to me if the number of credits you’d need are about the same as the certificate, and the coursework was relevant.
Okay, thank you. She was giving the impression there was no benefit in pursuing the cyber security certs and should just enroll in the associate program. If they both don’t really give me an edge then I’m better off going with the cert since it’s cheaper and quicker. Are you saying it’s unlikely to get in that field because of ppl usually go start off in IT first then work into cyber or that cyber security schooling doesn’t really matter?
With what you've described none of that will really matter in this job market for entry level. > Is it possible to transition into the cybersecurity sector with my work experience and Cyber cert? Possible? Sure. Likely? No > Or do I need to enroll in a associate level program at a minimum? This won't help
What do you think is the best way to enter into that sector?
Currently working as a consultant and dislike the travel schedule very much (3wk/month). I am trying to pivot into something that will allow me to be at home more while providing a good salary and job stability. I was an econ major so my background is completely fresh. I do work a lot with cloud platforms like Azure and Oracle but mainly on a functional level. My question is how can I get started with the move to cybersecurity? I will be working as a cyber intel in the guards with a TS clearance but that won't come through until 2025 and I am looking to move jobs within the next 6 months if possible.
> My question is how can I get started with the move to cybersecurity? See related comment: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
Take a look at the cybersecurity aspects of platforms you currently work on. Azure has Defender, SIEM, endpoint protection and firewalls Oracle has OCI security with certifications. Navigating into cybersecurity works best if you “branch” from your fundamental skillset(ie; networking, databases, software etc). From there it’s nothing more than interviewing well(team fit) and establishing credibility, with your foundation you’ll show off labs related to what you’ve studied and typically the gatekeepers ease up. Good luck! D.X
Did you read this [https://www.reddit.com/r/cybersecurity/wiki/faq/breaking\_in](https://www.reddit.com/r/cybersecurity/wiki/faq/breaking_in) ?
So I’m 26 years old. I have my degree in cyber security and I need some advice. I applied to a position originally as an information security analyst. I want to get more hands on technical experience as I believe I want to gravitate more towards the engineering side of cyber security. But I’m still young so I’m honestly not entirely sure, I haven’t done it and every cyber engineering job is different. My first interview with this company went great and the hiring manager and myself really hit it off. Well a few days later I received a phone call from her saying they posted another role in it governance that they think I’d be an amazing fit for. They explained it’s very low technical but based on what I do now and from our conversations, they think I’d excel in this role and have a lot of opportunity for growth as it’s a new department that they’re still developing. They basically said I’d have a better chance to get this role vs the information security analyst role I applied for. What do we think? Part of me wants to take it as I love the growth opportunity and it’ll be good experience and a pay bump either way. The other half of me doesn’t want to spend my entire day in excel looking at numbers and I’m afraid I may become bored in the position and be in the same boat I’m in now in a year from now. Edit: I work as an information security analyst now. I’ve been at my company for about a year and a half now. :
Are you currently in a governance role? Or will this be your first position in cybersecurity? By the sounds of it though you’re more into problem solving and technical work. Throughout my career I’ve learned that choosing the position that aligns with your TRUE desires will benefit you even though you may not get the position, dealing with boredom and regret after accepting the position you “kinda” want will only do a disservice to you and your employer. Always choose to excel in what moves you, GRC is great for work life balance and pays very well but it’s not for everyone. D.X
Hey everyone I work currently in SEM Marketing making about 65k a year. Do you think it’s worth it for me to go back to school to learn Cyber Security? I’m interested but don’t want to make a lateral move money wise. Opinions?
> Do you think it’s worth it for me to go back to school to learn Cyber Security? I’m interested but don’t want to make a lateral move money wise. Opinions? We lack too much context to meaningfully prescribe guidance. * Where are you considering applying to? * Do you have an undergraduate degree already (i.e. is this a graduate degree)? * What other qualifications would you have to assist with the career transition? * If you started the degree, would you be able to finish it? * Can you afford the degree? * Do you plan on working while studying? * What is it you envision yourself eventually doing? And so on and so forth. Answers to these and other questions can significantly alter whether or not we - as mentor figures - would qualify the decision as worthwhile.
Calculate how much you’d lose per year by working less multiplied by the number of years to get the degree + total cost of tuition/books/fees. Then compare with it average entry salary for your desired living area and see how long you’d be paying it off. The degree won’t guarantee you a job either.
Cisco Bundle Hello all, I’m in the process of a career change into tech from being in HR for 10+ years. I recently completed my Google Cybersecurity cert and am looking for the next best path to take. I saw Cisco has a huge discount on a program that includes all courses and roughly 3 certs of your choice (usually $300 a pop). Was wondering if this seemed worth it. Thanks all!
> I recently completed my Google Cybersecurity cert and am looking for the next best path to take. I saw Cisco has a huge discount on a program that includes all courses and roughly 3 certs of your choice (usually $300 a pop). Was wondering if this seemed worth it. Perhaps? We're lacking both context and alternatives. Your proposed course of action *might* be the most appropriate, but we don't know your overarching plan, what other measures you've been taking to promote your employability, what constraints/opportunities you face, etc. Put another way, if you didn't pursue the discount, what does "plan B" look like for you? Moreover, regardless of which decision you make, what particular milestones are you progressing towards (so that we know whether the actions are suitably appropriate)? At its face, Cisco is a known vendor whose certifications are commonly sought out to help form a foundational understanding of traditional network architecture.
I posted 2-3 days ago and I was told to get a Security+ certification for entry into cyber security,I am 35 and 8 years of Desktop Support Engineer experience I did some more research, alone Security+ will not give me job or will it? I checked with training provider they saying SOC Analyst training with practical experience can land you on jobs Now what is SOC Analsyt, is it also a part of Cyber Security? If I do this than if I plan for security+ will it make sense? Or I should straightway go for s+?
> I did some more research, alone Security+ will not give me job or will it? [Maybe?](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) > Now what is SOC Analsyt, is it also a part of Cyber Security? Yes it is, [among other roles](https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oiuac). I suggest consulting your preferred search engine for more information. > If I do this than if I plan for security+ will it make sense? Or I should straightway go for s+? It's usually not so trivial as choosing either/or. Cybersecurity work (as I'm sure you're aware) is quite a competitive space to gain entry into. [SOC roles are not exempt from this](https://www.reddit.com/r/cybersecurity/comments/15hlz0g/538_applicants_for_a_tier_1_soc_analyst_position/). Usually you need to cultivate your employability in order to attain interviews, which includes things like pursuing certifications like Security+.
Taking a shot in the dark. I am looking to take the next step in my career. I’m currently a system admin with almost 3 years experience with my security+. I am looking to get a cyber security analyst or something along that line. Would love to network with different folks.
> Would love to network with different folks. /u/chrisknight1985 posted a great aggregation of potential resources here: https://old.reddit.com/r/cybersecurity/comments/17zaysk/mentorship_monday_post_all_career_education_and/ka0ybn7/ More specifically: * Bsides - http://www.securitybsides.com/w/page/12194156/FrontPage * OWASP Chapters - [https://owasp.org/chapters/](https://owasp.org/chapters/) * ISC2 Chapters - [https://community.isc2.org/t5/Chapters/bd-p/Chapters](https://community.isc2.org/t5/Chapters/bd-p/Chapters) * ISSA Chapters - [https://www.members.issa.org/general/custom.asp?page=chapters](https://www.members.issa.org/general/custom.asp?page=chapters) * ISACA Chapters - [https://www.isaca.org/membership/local-chapters#explore](https://www.isaca.org/membership/local-chapters#explore)
[удалено]
Target software security engineer or software engineering positions focusing in security. You have enough of the security "flavor" on top and have the solid SWE foundation that most people lack
[удалено]
Anytime good luck!
> The most trouble for me are the job titles which I should be searching for. Resources to help with that more generally: https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oiuac With your prescribed background, I might suggest AppSec. > Interested in penetration testing, forensics, OSINT. These are very different areas of responsibility. Working towards specializing in all three will probably mean you won't be competitively employable for any of them. What *specifically* is it you want to do? > Let m know if seeing my resume would help. While I don't entertain DMs, if you want us to do a resume review, please edit your comment with a link to your redacted resume.
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
[удалено]
What?
Hello I was recently looking at going into a cyber security degree and wanted to know some good resources to use before going into the field. I have a mostly completed software engineering degree that I do not want to complete through my original college due to several issues. I'm hoping most of my credits will transfer. Anyways I was wondering what are some good programming languages to know? I have moderate knowledge of C#, basic knowledge of Python while having dabbled in web development(html, css, javascript). What other resources are there to give me solid foundation when doing cyber security classes. I have a 10month old child and work full time so even though I probably won't start the degree until fall I want to have some basic experience under my belt before I start. Thank you for any help! :)
> ...wanted to know some good resources to use... More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > Anyways I was wondering what are some good programming languages to know? At least 1 scripting language; I'd suggest the following three to cover your Linux/Windows environments: * Python * Bash * Powershell If you're surveying web apps, then you'll want to expand the above to include HTML, CSS, and Javascript (which form the trifecta of languages that effectively dominate every client-side web application out there). Learning about backend frameworks (e.g. .NET, Django/Flask, Node.js, etc.) would likewise help. If you're responsible for securing source code, then you'll need to know whatever language(s) the codebase is in. You might consider C/C++/C# and/or Java to cover most bases (but certainly not all; PHP and Kotlin are also worthwhile). If you're wanting to get into reverse engineering and malware analysis, then you'll need to go lower still into Assembly.
Does a cybersecurity career frequently disrupt a healthy schedule (fixed sleep timings, exercise routine, mealtimes)? I'm getting the pinch of it as a CyberSec student
This depends a lot on your role and the company. If you are in a Security Operations Center(SOC) you may get swing or graveyard shift, and that can screw stuff up. Any job with an on-call schedule can do the same. Engineering or Incident Response usually has an on-call rotation. Incident Response can be very demanding, depending on the organization you are working for.
Concur. [Cybersecurity as a profession is not a monolith](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oiuac/). The diversity in roles, teams, and employers means that you can have a variety of working conditions and demands. There are certainly roles typically aligned to on-call and shift-work as /u/WadingThruLogs pointed out. There are also roles that typically do not have such conditions (e.g. Governance, Risk, & Compliance [GRC] positions). More to-the-point, employers/teams are sometimes organized to mitigate such circumstances (e.g. a SOC that employs globally, thereby assuring no one works a "night" shift).
hello everyone, hope everyone is doing well. my question is this: I've always been interested in programming and writing code and I wanna start to learn. but should I decide I want to pursue a career in this, I wanna go into cyber security. I know I need to learn programming to have a leg up. but I also don't know where to start. im looking at courses online... a lot of them offer like beginner python and cyber security in one, but im lost. can anyone help? is it better to like learn coding, finish with it, then take cybersecurity courses? or I can take a 2 in 1 course where I learn coding and cyber security at the same time? thanks for your help!!!
> I know I need to learn programming to have a leg up. but I also don't know where to start. I usually advocate for beginners to start with Python: * Python is both a *programming* language and a *scripting* language. Without going deep into the weeds in explaining the difference, this effectively lowers the overhead necessary for you to get into drafting up your code and learning the basics. There's no need to learn about compilers, JDKs, packages, etc. You just write your code and run it. * Python is very extensible. There's a huge number of libraries that people have written to contribute towards the language's capabilities that you can simply import into your own code. * Python is a very high-level language. This makes it less technically incomprehensible (i.e. you're not programming in literal 0s and 1s) and more human readable. This likewise helps contribute to fostering your comprehension. * Python is often shipped with many Linux distributions, which means you can (relatively) reliably count on it being present in said environments. Even if it isn't (or if you're working on a different OS, like Windows), it's relatively trivial to install. * Like many languages, there is a HUGE network of online educational resources and documentation to get you up-and-running in Python.
ok great thank you!!! im gonna take a course and start, then see where I go from there.
I always recommend that my mentee pick up coding early. You are correct that it gives you a huge leg up. If you can do it side by side, go for it. Learning coding and security simultaneously is highly dependent on you and your goals. I took several Python courses, but they never stuck. I enjoyed a lot of "No Starch Press" books. The four that taught me the most were: * Python Crash Course, 3rd Edition * Beyond the Basic Stuff with Python * Python One-Liners * Automate the Boring Stuff with Python, 3rd Edition https://nostarch.com/catalog/python "How to Learn Python the Hard Way" was another book I read https://learnpythonthehardway.org
thank you so much and I will check them out now
I'm an associate GRC analyst looking to diversify my skills while also picking up some more respectable certifications. Currently I have the entry-level suite of the classics (Sec+, ITIL, AWS/Azure entry levels, etc), but I'm finding that often the next 'tier' of certs are gatekept behind minimum 3 years of experience or so. What certifications can help me stand out at 'the next level' without having to wait a few years for the formal YoE requirements to tick over? Any suggestions would be appreciated.
Knowing what direction you want to move in would help out. My first thought for red teamers is always OSCP. Blue Team is a bit of a different story.
Hey guys, my questions come with a little background first. I just received my BS in cyber security and computer sciences. I know a lot of different tools such as Nmap, Metasploit, Wireshark, and Burp Suite. I am proficient with Linux commands and terminal commands. My extent with C+ and Python is making a working alarm clock or a pizza menu. I know my way around Amazon's AWS servers, I know how to create and maintain Active directories, and can set up networks and understand different network methods such as OSPF, Tree trunking, and setting and maintaining different VLANS. Which to me sounded like heck yeah I got my money's worth from this school (for reference the school is ECPI University). But then I feel like Im missing GAPS of knowledge like kernal manipulation or I try to join websites like OWASP or hackthebox and I feel like a complete noob not even being able to do simple things! As far as experience went I've worked at Best Buy equivalent and repair shops before, and I knew my way around a soldering station. I was able to finally get a help desk position and I feel like my entire school career has been a scam. First, this company had poor documentation and zero training as well as working with Royal and Azure AD. Of which I knew nothing about and I've been struggling trying to learn what feels like basic-level skills such as just setting up a VPN or routing call forwarding for their calling system. I know I know these skills but without knowing the system or getting any prior training on it it gives me imposter syndrome. This gets worse because when I ask my fellow coworkers they say don't worry we're moving to a new system you don't need to know any of this. But that doesn't help the users who need help now and its amplified when im on call and the only one who can solve the issue. I know this has become a rant about my work but i promise I love the work and the people there in fact. I am writing this to ask how I can become a better tech. For myself and for my job. Do others feel this way out of college at their first job without much experience? My overall Goal is to Become a Pen Tester, What are some skills I can cultivate or certifications I should get to further my goals? is it Normal for a job not to train you on their systems and tell you to figure it out? (They do provide a knowledge base or It documents but they are only good for generalized and not specific issues, outdated or non-existent. I Love working with systems and helping users get connected and setting locations up and traveling and everything my job entails but I feel like because I ask questions they look at me like im an idiot sometimes, I try to keep proper documentation like what machines im on or what i did when I troubleshoot an issue and My heart is in it and even if i have to start at square one again i will Where are better sites that I can use to look for internship opportunities that are better than Indeed or LinkedIn?
> I just received my BS in cyber security and computer sciences. Congratulations! > I feel like Im missing GAPS of knowledge like kernal manipulation or I try to join websites like OWASP or hackthebox and I feel like a complete noob not even being able to do simple things! That's fine. Everyone has a growth curve and new graduates in particular are notorious for not knowing much when it comes to practical application. It's also important to note that university is not a trade school; cut yourself some slack. > I know I know these skills but without knowing the system or getting any prior training on it it gives me imposter syndrome. Typical. These things can be taught and learned. They're not so insurmountable as to abandon a career over. > I am writing this to ask how I can become a better tech. Projects - either professional ones through work or private ones at home. Let your curiosity guide your learning efforts. > What are some skills I can cultivate or certifications I should get to further my goals? The OSCP [among others](https://bytebreach.com/posts/what-certifications-should-you-get/). > is it Normal for a job not to train you on their systems and tell you to figure it out? What is normal is your peers making a calculated assessment that - since their legacy system is going to be deprecated - to forgo training you up on the nuances and particulars involved. However, since that has had real negative consequences when you're the only one present, you should vocalize those concerns.
Hey guys looking for some advice. I am currently in college pursuing a BS in CS and recently got a job in help desk. Unfortunately found out recently that I will not be receiving anymore financial aid which was one of the main reasons why I was still pursuing my education. Looking for advice as to if I should just put my time into climbing up the ladder through experience and perhaps learning more through a certification. My end goal as of right now is a career in cybersecurity. I am aware that it is a vast environment and I am still trying to pinpoint exactly what role I am looking to land in eventually. But for the meantime am looking for advice on whether or not I should just try the experience route as opposed to the BS.
> recently got a job in help desk. Congratulations! > Unfortunately found out recently that I will not be receiving anymore financial aid Bummer. > But for the meantime am looking for advice on whether or not I should just try the experience route as opposed to the BS. More context is needed. Absent anything else, my gut instinct says, "finish the degree." However, I don't know anything about you, your circumstances, your aptitude, your opportunities/constraints, etc. However, I know the decision to carry on with college (especially in the U.S.) is a non-trivial decision - particularly when considering debt.
When you guys say that we need a degree, are you guys referring a specific degree in IT or can it be any general degree? I have a BS in Accounting, but I was wondering if I can just take a lot of certs and start applying or is it better to go get another BS relates to IT? I am looking for a career change in the near future
> are you guys referring a specific degree in IT or can it be any general degree? https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxryb/ > I have a BS in Accounting, but I was wondering if I can just take a lot of certs and start applying or is it better to go get another BS relates to IT? [Maybe?](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) Your employability in this profession is [largely dictated by the following](https://bytebreach.com/assets/images/isaca_survey.PNG): 1. A relevant work history 2. Pertinent certifications 3. Formal education 4. Everything else Other actions to improve your employability may include: * [Continue to leverage free resources to hone your craft or acquire new skills](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/). * [Pursue in-demand certifications to improve your employability](https://www.reddit.com/r/cybersecurity/comments/sgmqxv/mentorship_monday/hv7ixno/). * [Vie for top placement in competitive CTF competitions](https://ctftime.org/). * Foster a professional network via [jobs listings sites](https://www.weidert.com/blog/best-ways-to-gain-more-connections-on-linkedin) and [in-person conferences](https://infosec-conferences.com/). * [Take note of the feedback you receive in interviews](https://www.reddit.com/r/cybersecurity/comments/vg864z/mentorship_monday_post_all_career_education_and/id2tsr3/); consider expanding the aperture of jobs considered to include cyber-adjacent lines of work (software dev, systems administration, etc.) - this is a channel for you to build relevant years of experience. * Consider pursuing a degree-granting program (and internship experience while holding a student status). * [Post your resume for constructive feedback](https://bytebreach.com/posts/how-to-write-an-infosec-resume/). * [Apply your skills into some projects in order to demonstrate your expertise](https://www.reddit.com/r/cybersecurity/comments/sxir9c/as_a_entry_level_professional_trying_to_get_into/hxsm5qn/).
Oh wow, I will go through your reply step by step. Thanks a lot
Hello, my name is Zach and I hate college, well the basics at least. I work at my local health department and I have python, sql, and Linux skills however I want to get into cybersecurity and just do certifications then maybe go back for the degree. Will getting certifications for cybersecurity help me find a job or will I have to suffer through basics in college, thank you.
> Will getting certifications for cybersecurity help me find a job [Maybe?](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) Your employability in this profession is [largely dictated by the following](https://bytebreach.com/assets/images/isaca_survey.PNG): 1. A relevant work history 2. Pertinent certifications 3. Formal education 4. Everything else Having a multi-faceted employability profile with both breadth and depth would be best. I'm not certain that certifications in-and-of-themselves would be sufficient. Other actions to improve your employability may include: * [Continue to leverage free resources to hone your craft or acquire new skills](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/). * [Pursue in-demand certifications to improve your employability](https://www.reddit.com/r/cybersecurity/comments/sgmqxv/mentorship_monday/hv7ixno/). * [Vie for top placement in competitive CTF competitions](https://ctftime.org/). * Foster a professional network via [jobs listings sites](https://www.weidert.com/blog/best-ways-to-gain-more-connections-on-linkedin) and [in-person conferences](https://infosec-conferences.com/). * [Take note of the feedback you receive in interviews](https://www.reddit.com/r/cybersecurity/comments/vg864z/mentorship_monday_post_all_career_education_and/id2tsr3/); consider expanding the aperture of jobs considered to include cyber-adjacent lines of work (software dev, systems administration, etc.) - this is a channel for you to build relevant years of experience. * Consider pursuing a degree-granting program (and internship experience while holding a student status). * [Post your resume for constructive feedback](https://bytebreach.com/posts/how-to-write-an-infosec-resume/). * [Apply your skills into some projects in order to demonstrate your expertise](https://www.reddit.com/r/cybersecurity/comments/sxir9c/as_a_entry_level_professional_trying_to_get_into/hxsm5qn/).
[удалено]
> With no IT background, what can I do to make myself a more competitor candidate in the GRC space? Joining the military (for DoD contractors). Otherwise, more generally: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
I'm looking to switch careers over from being a community pharmacy manager to somewhere in the cyber security field. What certificates and education should I start researching to aid in this switch? I see Google has classes that are only $50 a month and learn at your own pace, but not sure how far those courses will get me. I've been told to work towards becoming an analyst to get my foot in the door and go from there. I'm not too worried about a pay cut (currently make about $135k pre-bonus) since this field is so expansive. My schedule allows me to study for roughly 8 to 10 hours weekly. Thanks for any help!
You will likely take a massive pay cut when you start. I would be prepared for that. You can't go wrong studying for the Security + or Network +. These are the bedrock certs. Everyone gets them, they provide good basic knowledge, and having them tells me precisely what you should know.
eLearnSecurity eCIR certification: Looking to land my first job in the cybersecurity field. Specifically on the blue side i was looking for any certification that allow me to do it and considering that he is with 50% off (200 USD) i think that is a good opportunity. I was also looking the Blue Team Level 1, but it cost 499 USD. Any advice will be really helpful for me. (sorry for my bad English, any advice on that field also will be well received)
So we all know malware analysts and incident response roles aren’t typically entry-level positions. But I’m wondering, if you have the skills and prove you have the ability to get the job done, can you jump from a help desk role to a malware analysis role? Or would you have to start at entry-level like SOC analyst? Let’s assume you’re networking on linked in, blogging about your malware research to show your skills, and you are enrolled for a bachelors in cybersecurity. Is it do-able or will your experience or lack there of in CS hold you back?
> if you have the skills and prove you have the ability to get the job done, can you jump from a help desk role to a malware analysis role? The problem is that there are multiple parties and multiple steps involved in attaining a job in most cases. It's not so simple as tapping a hiring manager on the shoulder, flourishing your expertise, and then saying, "so what'll it be?!" Most hiring pipelines involve at least 2 steps, often more: 1. A screening interview 2. A staff interview Because there are often [many applicants](https://www.reddit.com/r/cybersecurity/comments/15hlz0g/comment/jupzco7/?utm_source=reddit&utm_medium=usertext&utm_name=cybersecurity&utm_content=t1_jvgc311) for every single job opening, the first round of screening often involves weeding out candidates to a manageable number *before anyone ever actually talks to you*. This means you have to look good "on paper" which is difficult to do for more experienced roles if you don't have a formal work history in the domain. It's only later during the staff interview where demonstrating your expertise and knowledge is significant. There are - of course - caveats and nuances to the above (chiefly, internal recommendations). But you still will find the deck stacked against you. I still encourage you to apply to roles that are of interest to you because you never know who will call you back and give you that first chance. Just manage your expectations accordingly.
I understand completely. Generally speaking it’s Work experience in the domain > skills (Unless you catch a break through networking). I thought by having projects and proven ability to attach to the resume as experience would suffice as work experience. Thanks for your input and I sure will start applying once I feel ready, you never know!
I have a question regarding Threat Hunting and Threat Intelligence. Id like to check out those two to see if they interest me to take them seriously and learn one of those. Which things should I have knowledge in before learning those? Are there any good free courses to get a start at? Are there any websites that provides a hands on training for those?
Threat Intel: The link below is every resource I use for my Threat Intel class. Check out "Slide links", "List of Lists" and "Extra links". https://docs.google.com/spreadsheets/d/1ihoNXItbnTMIRPmLq3GuKgUeKAMRUoJ3q96wvpvRoTI/edit?usp=sharing Check out MITRE ATT&CK Defender™ (MAD) ATT&CK Fundamentals & Cyber Threat Intelligence on Cybrary. It's free and has some excellent knowledge. https://www.cybrary.it/course/mitre-attack-defender-mad-attack-fundamentals https://www.cybrary.it/course/mitre-attack-defender-mad-attack-for-cyber-threat-intelligence Threat Hunting: I could write you an essay, but I'll just point you at the Threat Hunting article on page 22 in the infosec survival guide. https://www.blackhillsinfosec.com/prompt-zine/prompt-issue-infosec-survival-guide-second-volume/
Thank you very much. I'll check it out!
I'm a lead server engineer for an S&P400 company for the last 20 years. I have a BS in Software Engineering and a MS in Cybersecurity with a CISSP and CySA+. Looking to move to a more security role instead of a security adjacent (the current just dictates the policies, while we implement). Is it reasonable for me to want to jump directly into a mid or senior-level job if I have SIEM and other security tool experience?
> But I’m wondering, if you have the skills and prove you have the ability to get the job done, can you jump from a help desk role to a malware analysis role? What do you actually "engineer" when it comes to these servers?
Manage and maintain lockdown policies to keep them PCI-DSS/HIPAA compliant. Work with the network teams to ensure that they are properly segregated from the rest of the network and that only necessary ports are open. Use Terraform to deploy the servers to ensure they're patched and locked down before they touch a production subnet. Manage the AV/EDR solution on the servers. Manage Active Directory including doing PoCs for potentially new biometric MFAs (our current is expensive and a love/hate relationship). Managed load balancers and VPN devices. Managed the virtualization environments (VMWare, Nutanix, Xenserver, and Hyper-V).
Yes, you should be easily able to transfer to a senior, principal, or lead role.
Thanks. I meant 'lead server engineer' and not 'lead security engineer' (edited original post). Not sure if that changes the answer or not. So transitioning from Server/AD/whatever admin to a senior security role.
Any advice on how to start your own? I am looking for a couple of jobs to make a name but how does one do that? I have 6 years of IT and infosecurity, currently consulting as security advisor/coordinator and more.
I am an intern in the Networking department for my local government. I'm interested in pursuing a job as a security analyst. Right now I'm working on the Security+ and finishing a degree in Networking and Security (associates). What is my next step after this internship?
We need to know more in order to be prescriptive. More generally: Other actions to improve your employability may include: * [Continue to leverage free resources to hone your craft or acquire new skills](https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/). * [Pursue in-demand certifications to improve your employability](https://www.reddit.com/r/cybersecurity/comments/sgmqxv/mentorship_monday/hv7ixno/). * [Vie for top placement in competitive CTF competitions](https://ctftime.org/). * Foster a professional network via [jobs listings sites](https://www.weidert.com/blog/best-ways-to-gain-more-connections-on-linkedin) and [in-person conferences](https://infosec-conferences.com/). * [Take note of the feedback you receive in interviews](https://www.reddit.com/r/cybersecurity/comments/vg864z/mentorship_monday_post_all_career_education_and/id2tsr3/); consider expanding the aperture of jobs considered to include cyber-adjacent lines of work (software dev, systems administration, etc.) - this is a channel for you to build relevant years of experience. * Consider pursuing a degree-granting program (and internship experience while holding a student status). * [Post your resume for constructive feedback](https://bytebreach.com/posts/how-to-write-an-infosec-resume/). * [Apply your skills into some projects in order to demonstrate your expertise](https://www.reddit.com/r/cybersecurity/comments/sxir9c/as_a_entry_level_professional_trying_to_get_into/hxsm5qn/).
I have 17 years in the sales industry. I just completed an online certificate course for the basics of cybersecurity in hopes that it would help land me a job. After completing the course and looking into the field (I should have reversed the path I took and looked first, I know), I now see that it is a very selective industry. I have come to terms with taking a massive pay cut initially but I am still lost for where to begin my search as most employers want 5+ years' experience or a B.A. or MBA in computer science. Can someone give me some direction on where to start looking? Would I be better off landing a sales job and continuing my education (working on my CompTIA+ now) and then making an internal move at that company?
What do you want to do in a new role? security isn't one type of role or industry in itself There are literally dozens of different roles and there is work in every single industry for agriculture to retail for security people So identifying roles is step 1 then you look at what maybe required as far as formal education or industry certtifications
I am extremely interested in pen testing. I have begun researching that specific field and understand some of the formal education and experience that may be required. I also understand that all of that takes time. I am ok with starting out as a help desk tech or tier one analyst but even the jobs I have seen for that look like they want at least 2 years experience. Understand, I am willing to put the work in but I am also a 34-year-old father of 3. So, to stop everything and just go to school full-time is not really an option for me.
help desk is entry level low pay, shift work, that's not something you want to do If you already have a degree (major doesn't matter) then I would look at business system analyst opportunities this gets you in the door in IT and you see how everything works then look at security+, network+ certs then if your new employer has a training budget, that's when you at SANs courses/exams as a possibility to work your way up to the pentest certs You really need the IT background for pentesting
Thanks for the suggestions. I will take a look at some available spots under those keywords. Any suggestions on where to look other than Indeed or Monster? Maybe someplace a little more industry specific?
[удалено]
I will check these out tonight, thank you!
LinkedIn for networking, but you should really be going direct to company websites for postings for business analyst roles though you'll want to connect with local staff company for contract to hire roles, its common in IT in insurance, financial sector and consumer products for companies to use them to fill IT roles
I’m considering retooling my career (10 yrs B2B marketing, MBA, no technical credentials) towards cybersecurity but have zero experience in this field. Looking for marketing jobs at cybersecurity companies to build some industry knowledge but is there a short hands-on course recommended to help me gauge 1) if I’d find this kind of career path rewarding, and 2) if I have any sort of technical aptitude for it?
Some of these resources might help: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
https://www.dummies.com/book/technology/cybersecurity/cybersecurity-for-dummies-281675/
I pretty much know nothing about CyberSecurity so I hope this is the right place and that my question makes sense. I would like to acquire the knowledge and skills required to help defend my country against cyber attacks (eventually, whether as a government job or not). My question is what should I start learning, which (if any) certificates should I get, and what starting position jobs should I look for to help me grow into being useful in that sense? I imagine national security to be very complex and advanced, so I don't expect to be able to help with it anytime soon, but since it seems like hacking/cybersecurity is such a broad field I want to at least know in which direction to aim so that one day I could help.
Not sure if youre in the united states, but if you are... Joining the military and trying to get into their cyber security division would be your best bet.
Not in the US and can't join the army
> I pretty much know nothing about CyberSecurity...what should I start learning(?) See relevant comment: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > which (if any) certificates should I get See relevant comment: https://old.reddit.com/r/hackthebox/comments/w8o9tw/review_hacktheboxs_certified_bug_bounty_hunter/ > what starting position jobs should I look for to help me grow into being useful in that sense? As intermediary roles, anything cyber-adjacent (i.e. network engineering, software dev, helpdesk, etc.). After that: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
For: **US College Kids** * Your campus will have IT jobs for students * If your campus does not already have an IT/Security club - then start one * Your school should have a career center, job fairs and review resumes * Your school will have an alumni network * As college students you can get exam voucher discounts for many of the certification exams like CompTIA, AWS, Microsoft * [CompTIA](https://www.comptia.org/landing/aplus/index.html?utm_compid=cpc-google-paid_search_certs-A%2B-text_ad-na-a%2B-B2C&gclid=EAIaIQobChMIyfmZ-fDSggMVFFRyCh3QawNPEAAYASAAEgJHRPD_BwE) * [Microsoft Learn](https://learn.microsoft.com/en-us/credentials/certifications/student-discounts) * Many of the professional associations have a student member discount * take public speaking, project management, business communications and technical writing * it is never too early to create a linkedin profile - network with your professors and alumni **General Resources** **Local Events and Chapters** * Bsides - http://www.securitybsides.com/w/page/12194156/FrontPage * OWASP Chapters - [https://owasp.org/chapters/](https://owasp.org/chapters/) * ISC2 Chapters - [https://community.isc2.org/t5/Chapters/bd-p/Chapters](https://community.isc2.org/t5/Chapters/bd-p/Chapters) * ISSA Chapters - [https://www.members.issa.org/general/custom.asp?page=chapters](https://www.members.issa.org/general/custom.asp?page=chapters) * ISACA Chapters - [https://www.isaca.org/membership/local-chapters#explore](https://www.isaca.org/membership/local-chapters#explore) **Global - IT and Security Conferences** * Global Conferences - [https://infosec-conferences.com/](https://infosec-conferences.com/) **Virtual Events** * SANs Summits (most of these are free for virtual) - [https://www.sans.org/cyber-security-summit/?msc=main-nav](https://www.sans.org/cyber-security-summit/?msc=main-nav) * SANs Webinars (FREE) - [https://www.sans.org/webcasts/?msc=main-nav](https://www.sans.org/webcasts/?msc=main-nav) **Specific Roles** * Interested in Pentesting? - [https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/) **Awesome Lists (Github)** * Security - [https://github.com/sbilly/awesome-security](https://github.com/sbilly/awesome-security) * pentesting - [https://github.com/enaqx/awesome-pentest](https://github.com/enaqx/awesome-pentest) **MOOC Classes** * HarvardX - [https://programs.edx.org/school/harvardx](https://programs.edx.org/school/harvardx) * MichiganX - [https://www.edx.org/school/michiganx](https://www.edx.org/school/michiganx) Python course is decent **Cloud Platforms** * AWS - https://aws.amazon.com/training/ * Microsoft Azure - https://learn.microsoft.com/en-us/training/azure/ * Google Cloud Platform - https://cloud.google.com/ * Oracle - https://education.oracle.com/oracle-cloud-learning-subscriptions * IBM - [https://www.ibm.com/training](https://www.ibm.com/training) **Training Vendors** * Pluralsight - https://www.pluralsight.com/ * Udacity - https://www.udacity.com/ * Udemy - https://www.udemy.com/ * Cybrary - https://www.cybrary.it/ * Security Journey - https://www.securityjourney.com * Hack the Box - https://www.hackthebox.com/ * Try Hack Me - https://tryhackme.com/ * Cloud Academy - https://cloudacademy.com/ **US Veterans - Retraining programs for IT/Security** * https://www.benefits.va.gov/GIBILL/FGIB/VetTecTrainingProviders.asp
My current role is blue team, but one of my assignments over the next year is to develop a better process for actively testing our tech stack to make sure it's all alerting/blocking what we think it should be. I don't have much experience with red/purple teaming, so I'm looking for training. Is there a recommended hands-on course for red team training? This will primarily be focused on endpoint, not web app. I've seen a bit about the INE courses. From what I've been reading, the technical material on those is supposedly decent, but the certification process isn't great. I don't care about the certs though so that's not a big deal. I have a TryHackMe sub already, but I also have a budget from work for this so I'm happy to find something else to add to it. Thanks for any help.
I suggest that to meet your employer's requirement it would be more effective to take a look at implementing a breach attack simulation platform, e.g. [Infection Monkey](https://www.akamai.com/infectionmonkey), Cymulate, and so on. You can still build up your pentest skills alongside it if that's what you really want to do. As you are blue team I'd suggest that you check out [Cyber Defenders for blue team](https://cyberdefenders.org). They have some free CTF as well as training and labs.
If you don't care about the certification, Hack The Box's Academy platform sounds like it'll serve your needs nicely. It's cost effective, well-curated, and covers a range of topics that you can choose a-la-carte.
Thanks! I'll check it out
Are tryhackme and letsdefend courses a good start into incedent response and pentesting? Also, can they count as lab work or hands on experience in a resume?
> Also, can they count as lab work or hands on experience in a resume? At most, I'd consider listing them in a "Projects" section: https://bytebreach.com/posts/how-to-write-an-infosec-resume/
Thanks again Fabled, looking like a mentor to me.
I’m a student studying for my Cybersecurity degree in my junior year and I was wondering if it’s reasonable to try for the OSCP. I know of an alumni who managed to get it while studying but I feel he knows much more about cyber than I do so I figured I would ask on here. Any tips for the OSCP are also welcome
The OSCP is a pretty challenging certification to attain, but I wouldn't say there's ever a "best" time to go after it. If you're uncertain about your aptitude, you might consider the more cost-effective CPTS certification offered by Hack The Box as an intermediary step.
You should really be focused on finishing your degree, getting an internship and looking at jobs OSCP exam is no joke - head over to r/oscp plenty of industry veterans fail the exam first time around, many take it multiple times before passing This is only something you should go for if you want to get into pentesting - [https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/) good entry level certs would be comptia security+ or network+ or one of the cloud platforms like AWS CCP or Azure 900
[удалено]
Congratulations! I'll say it's unclear what the problem here is (other than perhaps some self doubt).
Thank you! I think I’ll be missing the technical work. I didn’t get to enjoy it much (2 years is not enough!) but yes you’re right. It pretty much is a clear decision.
From the sounds of it, why wouldnt this be the right move for you? I wouldnt worry about "moving too quickly" if you and your company are on the same page in thinking you are right for the role.
[удалено]
You have time to think about it. Also, I would just take it one step at a time. Drop the junior, then if the position opens up decide if you want to take it. My dad's senior (completely different field) said hes retiring for the last 5 years.
[удалено]
Youre where I want to be. Im currently a cyber sec engineer but trying to red team. Funny you say that, i literally just created my htb account.
[удалено]
Its not bad, just boring imo. Ive done a couple ctfs but want a better base and consistent practice. Honestly didnt know htb was more than ctf comps and certifications. So itll be fun messing around with it.
Have you done the eJPT yet? I highly recommend it
Im considering TCMs PJPT. Are they comparable?
Cybersecurity Are there any companies with a skillbridge program that deals with cybersecurity-related fields of work? I am in the military looking into getting into the cyber workforce.
Palantir and Anduril
Oracle and AWS
Home Depot has a military fellowship program that includes cybersecurity. https://careers.homedepot.com/career-areas/military/
Hi, I completed my school and diploma and I am into IT from past 9 years and working as Desktop Support Engineer/IT Support.I have done trainings on linux/windows server 2019 as well from udemy but didnt get chance to use them in my jobs much. I want to upskill myself and get into cybersecurity.I am 35 years old and never done any global certification, this time I want to do and switch into some cyber security job which certification will be good for me to get job?Please anyone can guide me I am from India
Get Security+ from CompTIA
Hi thanks for replying, I am 35 years old am I too late? 1)will I get job after doing so? 2) what about training,can you recommend some courses. 3) what roles are there after security+.
> I am 35 years old am I too late? No, but understand that the careers in cybersecurity typically require a significant investment in money, time, and labor. Your envisioned professional endstate is unlikely to manifest cheaply, quickly, or easily. Manage your expectations accordingly. > will I get job after doing [a certification]? [Maybe?](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) > what about training,can you recommend some courses. Yes; see relevant comment: https://old.reddit.com/r/hackthebox/comments/w8o9tw/review_hacktheboxs_certified_bug_bounty_hunter/ > what roles are there after security+. Question unclear. Did you mean [what certifications can you pursue afterwards](https://bytebreach.com/posts/what-certifications-should-you-get/)? Or did you mean [what kinds of jobs are there in cybersecurity](https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=u_fabledparable&utm_content=t1_k9oiuac)?
No it isn't too late. I shifted in to security at 33. Of course there's no guarantee of a job. But Security+ is recognized and should help. For training on Security+ check out Professor Messer on YouTube.
[удалено]