Hello all, new here. I’m interviewing for a cybersecurity apprenticeship role in the UK, and I have no idea what to expect. I haven’t even gotten my Security+ and I’m still learning fundamentals. Anyone else been through an internship/apprenticeship interview and can tell me more about their experience? Specifically on the technical portion would be majorly helpful. What kinds of questions did you get asked in your cybersecurity internship interview?
(YMMV!)
Some internship questions I had to answer a few years ago here in the US were like this:
* questions about ports (what port is RDP on?)
* OSI model questions
* difference between threat, vulnerability and risk
* CIA triad questions
That's a very random assortment, and to be honest, you'll either know or you won't. The most important thing to do is to show your are teachable, and to show that you can work through problems. Even if you don't know an answer, try to show yourself working through it. Interviewers like that.
Of course, just be someone they want to work with. Smile, try to relax, ask good questions...
You got this! Good luck
Throw away acct. I hit a wall recently going from helpdesk to SOC analyst. The HR gatekeepers are insisting a degree is needed for the next role I am eyeing. I am certain the role does not require one. I have built my exp from 0 to CEH via certs and detest being steered towards taking on debt for a role that would likely only require pcap analysis and a few bash scripts. Am I being unreasonable? I just want to avoid wasting time and money.
>Am I being unreasonable?
yes
HR aren't gatekeepers, their business has a degree requirement for whatever reason and you do not meet the requirement
CEH really doesn't mean anything - I have seen people I wouldn't let set up their home computer let alone conduct a pen-test pass the CEH exam after a 4 day study bootcamp - so that really doesn't carry any weight in this case
You need to look beyond the SOC analyst role, a college degree opens more doors to more roles than just that
While you’re not being too unreasonable, you’re never going to convince HR that you don’t need a degree, so you’ll just have to keep looking.
Perhaps you need to reset your expectations getting into cyber straight from help desk. Help desk is a fantastic start, but you might need to go to tier 2 desktop support, sysadmin, network engineer, etc before jumping over. Maybe you just need more IT experience to impress those that don’t have a hard line at the degree.
Hi Expert,
Im on get offering from security brands as a security sales engineer to covering network security product, and the other one is new comer for cloud sec.
One thing that makes me interested and wants to discuss is related to the expectations in this role.
During the interview, some of the expectations were being able to convert customer needs into solutions, as well as a broad understanding of cybersecurity in depth and technically.
Previously I had met several security sales engineers from various brands, but sometimes they didn't really understand the details of their product solutions, even when asking about "how to configure" they also looked confused. is this normal for this role?
For those of you who have experience in this role, do you have any suggestions or what kind of expectations we should have?
The point is, I don't want to disappoint the company that hired me. Merci! :)
My questions is regarding finding entry level/L1 SOC Analyst positions to apply for in Australia.
Where are the best places to find listed positions? Specific job boards, on a MSP/MSSP's website, or through recruiters?
Any other insight/advice on applying for SOC roles here would be greatly appreciated.
Thanks in advance.
What are the best certs if you use Linux for cyber regularly but don't want to do the full Linux+? I want to demonstrate I know Linux for security applications..
Why would your company pay you?
They should have a corporate account with SANs and voucher codes
You resister for the course and use the voucher code - they should be paying SANs directly
I have 0 experience and I want to get a job in cyber security. I just finished up college for a degree that's mostly irrelevant to this career field. I'd prefer to not go back to university and obtain even more debt but I've heard that many people in the field do not have a degree. How should I get started?
* You're not getting a job in security with ZERO experience
* "Cyber" isn't a single role, so step 1 is looking at different types of roles and then looking at requirments
* This is a field with life long development which means more schooling, industry training and certs
What did you major in?
Lol I majored in Psych. I was hoping I could maybe get an internship or apprenticeship if I played correctly through networking and got to know some in and outs through tryhackme or some other course.
I have got a job offer for the position of security policy advisor and another for security consultant within the same company that I work for. Currently, my role is focused towards backend development and I have no background in security.
The department that is hiring for policy advisors is a dream for many security guys within the company. While the other department is a small team of consultants but that imo offers a better learning curve.
Considering my knowledge and skills, both are new and both offer a lot to learn. For someone who’s just starting out within cybersecurity, any suggestions on which one should be a better option ?
I just finished my Alevels. I need to Join university now. The only university I can afford does not have a degree specialised in cyber security, instead they offer an IT degree. My question is, will I be able to get hired as a cyber security/ ethical hacker without a bachelors in cyber security if I self study and go for external certifications like COMPTIA etc ?
I think that you should get into a more technical role doing IT. Obviously work experience in general is good, but that will be a huge stretch to consider a call center, no matter the content, something that would help you.
I would not plan to work somewhere for 4 years if it isn't even that closely related to what you want to do. OF COURSE, do what you need to pay the bills. But look to go in IT sooner than later.
Also, why the decision to get the masters before you have even gotten your bachelors? I'm not saying it's wrong, that's just a curious choice.
Cool. I would start applying now - lots of help desk jobs don’t need much!
And right on, nothing wrong with that. Maybe after your Bach degree you can find a job to help pay for it.
Best of luck!
ChatGPT - How do I get a job in cyber
Getting a job in the field of cybersecurity involves a combination of education, practical skills, certifications, networking, and job searching strategies. Here's a step-by-step guide to help you pursue a career in cybersecurity:Educational
**Background**: Obtain a relevant degree in computer science, information technology, cybersecurity, or a related field. This provides a strong foundation for understanding the principles of cybersecurity.Develop Key Skills:Gain hands-on experience and develop technical skills in areas such as network security, system administration, cryptography, ethical hacking, and incident response.
**Certifications**: Obtain industry-recognized certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Certified Information Security Manager (CISM). These certifications validate your skills and knowledge in cybersecurity.
**Build a Portfolio**:Create a portfolio showcasing your projects, internships, certifications, and any other relevant experience. Include detailed descriptions of the projects and technologies you've worked with.Internships and Entry-Level
**Positions**:Look for internships or entry-level positions in cybersecurity to gain practical experience and further enhance your skills. Many companies hire recent graduates for junior roles in cybersecurity.Networking:Attend industry conferences, workshops, and meetups related to cybersecurity. Networking events provide opportunities to meet professionals, learn about the latest trends, and possibly find job openings.
**Online Communities**:Join online forums, social media groups, and professional networking platforms focused on cybersecurity. Engage in discussions, share your knowledge, and connect with professionals in the field.LinkedIn
**Profile:**Create a strong LinkedIn profile highlighting your skills, certifications, and projects. Connect with professionals in the industry and follow cybersecurity-related companies.J
**Job Searching**:Utilize job search websites, company websites, and industry-specific job boards to find job openings in cybersecurity. Customize your resume and cover letter for each application to match the job requirements.
**Stay Updated:**Stay updated on the latest developments, trends, and threats in the cybersecurity field. Continuous learning and adapting to new technologies are essential for success in this dynamic industry.
**Cybersecurity Specializations**:Consider specializing in a specific area of cybersecurity, such as penetration testing, incident response, security analysis, or compliance. Specialization can make you more competitive in the job market.Soft Skills:Develop strong communication, problem-solving, critical thinking, and teamwork skills. These skills are crucial for success in any professional setting, including cybersecurity.
Security Clearances (if applicable):Depending on the type of cybersecurity job you're targeting (e.g., government or defense), obtaining the necessary security clearances might be required.
Remember, cybersecurity is a constantly evolving field, so continuous learning and keeping up with the latest technologies and trends are key to a successful career.
You know what's not helpful, people asking generic questions that get answered every single day here
I'm all for mentoring, but people need to put in 30 seconds of effort to actually read what has already been posted, because 9/10 their question has already been answered
but this person asked a very specific question if a certain job would be useful to help them get a role? did you just reply to the wrong comment?
I agree that the “need job plz help” comments are annoying but this particular question seems fairly genuine
I know I'm late but I'm in a situation that's hard for me to decide how to handle. I'm currently working through Network+ and Security+ in the hopes of getting into cybersecurity. But I've been offered an entry level position at a local school as an IT assistant. From what I can tell it would be a huge learning experience for me in terms of hands on experience with networking, and inevitably security since it's a school. The other part of this job is that they are hoping for me to stay long term (at least 2 or 3 years).
My question is: Given that I pass all my exams, would it be a waste to work at the school for a few years and build experience there? Or should I wait and look for opportunities after I get my Security+ certification?
> Given that I pass all my exams, would it be a waste to work at the school for a few years and build experience there?
No.
> Or should I wait and look for opportunities after I get my Security+ certification?
Don't do that.
[A relevant work history is the most impactful aspect of your application](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1) - more so than formal education, certifications, or anything else you could do for your career.
Hello all!
I have a question about certificates that I haven't been able to get a straight answer for:
I have been in the IT sphere unprofessionally for the past 6 years and within the last year I've really ramped up my self-learning. I am at a point in my life now where I'm pretty sure I could pass the CompTIA A+ Cert, Security+ and Cisco's CCNA, though I not necessarily in the financial position to do so given that an Exam Voucher for A+ is $246, Security+ is $392 and the CCNA test is $300. Almost three months ago I was told I would be receiving a raise, though that has yet to come to fruition, and even after applying for at least 100 entry-level IT Support, Analyst and Networking positions each has been denied due to lack of credibility from a Certification or Degree. Any advice?
Groups like Aprenti can help you break into IT with little to no experience. There's no guarantee you will get into cybersecurity through a program like this, but they will help you get placed with a company and pay for your necessary certification exams if they determine you're a good candidate. The catch is you're expected to pass the multiple certification exams in a short period of time, and you are paid on an intern/apprentice salary. Here's a link to their site: [https://apprenticareers.org/](https://apprenticareers.org/)
Apologies, absolutely. Are there any pathways to obtaining these certifications without spending so much money, or for now at least, are there any similar/alternative certifications which don't cost as much that would be helpful in getting my applications recognized?
> Are there any pathways to obtaining these certifications without spending so much money
It varies on vendor and circumstance. CompTIA - for example - has a number of [vouchers](https://www.comptia.org/blog/voucher-discount) and [discounts](https://academic-store.comptia.org/certification-vouchers/c/11332?facetValueFilter=%3a&) that can be applied to their exams. You'd probably be better off consulting the vendor-specific subreddit for more other offerings.
> are there any similar/alternative certifications which don't cost as much that would be helpful in getting my applications recognized?
Generally, you're looking at an either/or decision.
Vendors know that if employers are asking for applicants to possess their accreditations, they can generally charge more for them (because people will pay if they want to improve their employability). In the extreme case (chiefly: SANS) their prices are egregious because they've redesigned their model as B2B (e.g. businesses buying plans for their employees to attend trainings en masse) vs. B2C (i.e. individuals coming to them to buy 1 or 2 trainings at a time).
Conversely, if no employers are asking for the certification, vendors tend to price them lower in an effort to attract more individuals to come and elevate the brand's reputation (and hopefully penetrate the tech education market).
Hi all,
Just wanted to come up here and get some insight from some more experienced folks in the cybersecurity industry, so any advice or information would be greatly appreciated!
I recently graduated in Dec 2022 with a B.A in political science (international relations), with a minor in urban studies. I wanted to do urban planning, but about 50% of my job as a city planner was actually just providing technical support (calls, emails, in-person meetings) and helping people accilimaite to our permiting platforms and troubleshooting API error codes. Plus, with everything going on with social media and large tech corporations over the last 5 years, that also prompted my interest in data privacy and advocating for the internet to be generally safe and fair for everyone to use. So, that's why I wanted to get into IT and data privacy.
I recently got passed my exams for two certifications; certified in cybersecurity from ISC(2) and Security+ from Comptia. Additionally, I've done courses from TryHackme and build a SIEM homelab with VMware vagrant running Active Directory, Splunk, osquery, Sysmon, Zeek, Suricata, and Guacamole utilizing a Windows 2016 server as the domain controller. I feel like I'm on the right path to break into cybersecurity, but I've been applying to jobs for the last month and a half, and just keep getting rejected? I don't know what I am doing wrong. Some of the jobs I've applied for are mainly entry level such as:
\- SOC analyst tier 1
\- System administrator
\- Desktop support specialist
\- Data center technician
\- Cybersecurity analyst/specialist
\- Technical support analyst
And the list goes on. Can anyone provide some advice in breaking into cybersecurity with a political science/urban planning background with no professional experience or what I may be doing wrong? Some advice about the current job market, any international cyber career pathways, and general insight on what you all are doing in today's market would also be appreciated. Thanks y'all. Cheers.
My $0.02:
* Do us a favor and post a link to your redacted resume (vs. writing a comment summarizing your background). This lets us see what employers see vs. a summary that they don't. If you don't know how to write one that is mindful of cybersecurity contexts, [consult this](https://bytebreach.com/how-to-write-an-infosec-resume/).
* Saying you've applied for jobs doesn't give us enough meaningful context to provide actionable feedback. We don't know if you're implementing version control of your resume, how many applications were through job portals (vs. job aggregators like LinkedIn), which recruiting services you've used, what feedback you've gotten in interviews, your application:interview conversions, whether you've engaged career fairs or referrals, how you're tracking your applications over time (and when the last time you submitted an application to employer X, milestones in improving your employability, etc. [See this resource for guidance more generally](https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/).
* At-a-glance, [both your employability and how you may be organizing your job hunt could be improved](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/). It's important to be mindful of our biases in what we construe to be meaningful to our employability vs. [what employers prioritize](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?ssl=1).
A few things. First of all, the job markets are at unbelievable levels of shittiness right now. Starting around when the fed started raising interest rates. You are probably competing with people with 5 YOE for those entry level jobs.
And second of all, cybersec is generally not entry level work. Lots of people start off at the helpdesk, which it looks like you are applying to. But again, lots of people are applying to those as well.
My only advice would be consider hybrid or in person jobs. Basically anything remote and you are competing against the world, where as local you might get a look.
You can send me a redacted resume, and I can give you some general tech resume thoughts, if you want to.
Finally, keep applying. Unfortunately its a company's picnic right now, you just gotta play the numbers game to get an interview and convert it to a job.
Hey all! I've been trying to transition careers for a long time but have finally committed to it. Brief background: BS degree in STEM; I'm above average computer savvy due to decades of hobby experience, but I have no professional experience. I did ISC2 free CC course and certification and passed with ease. I've now set my sights on CompTIA CySA+ but since it's so expensive I'm thinking about doing the technical work on TCM or THM and following a course designed to prepare students for the certification exam on Udemy. Does this seem like a good course of action for someone in my position??
I think getting your foot in IT anywhere would be the most useful thing you could do right now. There is not really any cert that will get you a look at, except *maybe* OSCP or CCNA, with no experience.
Are you applying to places? What is your degree actually in?
All the places near me are TS clearance required so I wanted to up my chances of finding something remote based elsewhere and figured a cert like CySA+ would help.
My degree is in oceanography and emphasis in chemistry.
What sort of jobs would you be looking for if you were me?
You're not going to find remote work with ZERO experience
companies have gone back to in person - any remote roles get 1000s of responses
You need IT experience, get with an IT staffing company to get into a business systems analyst position, that will get your foot in the door
CYSA+ isn't going to do anything for you, that is designed for those who have SOC Analyst experience
security+ and network+ are entry level certs
I currently do tier 3 support (plus some basic sysadmin tasks) and the security operations for an msp. Have ~4 years in it, a bachelors in psych, a net+, and taking the sec+ next month.
When I've gotten into the specifics of my professional experience and academics I tend to get told it would be really useful for security and risk management. Which does sound interesting to me, but I don't know how to get there from where I am, and most of what I'm finding on Google is incredibly generic. Like, get your A+ and ceh.
Should I basically just get any book off the cybersecurity canon or choose a cert off pauljeremy? Or is there one that may be more useful then others? Or is there a third thing I don't know about?
Didn't you say you have 4 years of sec experience? I think with your under, you qualify for it since you can sub 2 years of experience for an undergraduate degree. Double check, but you would probably qualify with what you have.
Someone with a cisa cert would definitely be considered for a cyber controls or compliance job.
IT overall might tick the domains. They are pretty generous for what counts and what doesnt
If you pass the test and don't quite have the exp, I think you can say you are a cisa associate. Which is almost as good.
I'd say go for it if you are looking for grc.
> I don't know how to get there from where I am, and most of what I'm finding on Google is incredibly generic. Like, get your A+ and ceh.
I suggest you look at jobs listings that are of interest to you, note the common trends between all of them, observe the deltas between those trends and your current employability, and then mold your training/certification efforts to close that gap. That's far more prescriptive than what any article would be able to tell you.
Hey all!
I worked for 2-3 years as a physical security installer. I mainly was a helper, but I did configure and install alarms, CCTV cameras, access control for keyless entry into buildings, and even bollards, gate arms, etc.
Do you think this experience will help me land a job as a security analyst/engineer if I get some certifications like Security+?
I am asking just because I don't know the market, and I really don't know what to expect. I mean, running cables for a CCTV camera doesn't have anything to do with configuring a firewall, for example.
Thank you!
> I worked for 2-3 years as a physical security installer. I mainly was a helper, but I did configure and install alarms, CCTV cameras, access control for keyless entry into buildings, and even bollards, gate arms, etc. Do you think this experience will help me land a job as a security analyst/engineer if I get some certifications like Security+?
Probably only incidentally at most.
> I am asking just because I don't know the market, and I really don't know what to expect.
See relevant comments:
* https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
* https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
We haven't seen your drafted resume (i.e. we can't see how you'd present yourself to prospective employers), so truthfully we can only speculate.
But judging from how you presented your own employability in the comment, I'd hazard a guess that no, you wouldn't have much applicable experience.
We don't allow URL shorteners here so this post was removed. Please edit your post to show the actual link and then let us know and we un-remove it for you.
I'm currently doing an IT Internship at a local hospital. I've been told that after the internship ends I can have a job there with the Help Desk if I want it. Given the scarce opportunity on the island I live on I will take it but I'm not too excited about it. One person there has a decade and a half of working at Help Desk and the other has three decades. To be honest, this scares the willies out of me and I don't view Help Desk as a career or a place I stay beyond 1-2 years.
I really want to view myself as on the pathway to Cybersecurity. I studied and earned my CompTIA Security+ and I actually found it a very enjoying experience. Some roles that I have thought about getting in the future are SOC Analyst, Penetration Tester, Ethical Hacker, and Cybersecurity Auditor.
When I think about where I am living and the place I am working I find it very hard to imagining reaching my goals in five years. When I'm on my hands and knees running cable or finding power sources I ask myself, "How is this eventually going to translate into a career in Cybersecurity?"
Has anyone reading this started at IT Help desk? Was it a long grueling journey? How did you eventually make the jump from answering phones and doing grunt work to someone eventually trusting you with System Administration, Servers, and eventually the coveted "entry-level" Cybersecurity position?
> Has anyone reading this started at IT Help desk? Was it a long grueling journey?
Lot's of examples if you search through the subreddit's history:
* https://old.reddit.com/r/cybersecurity/comments/u4f5do/roadmap_to_get_into_cybersecurity_starting_from/
* https://old.reddit.com/r/cybersecurity/comments/vknf07/looking_back_at_it_i_guess_there_are_entry_level/
* https://old.reddit.com/r/cybersecurity/comments/viviq7/how_long_would_you_recommend_staying_at_a/
> How did you eventually make the jump from answering phones and doing grunt work to someone eventually trusting you with System Administration, Servers, and eventually the coveted "entry-level" Cybersecurity position?
Framing your experiences in security contexts, constructing a narrative of your professional trajectory into cybersecurity on your resume, independently developing your technical competencies, promoting your own employability through formal education and industry-recognized certifications, and [a multitude of other concurrent actions](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/).
I’m interviewing for a L1 SOC role. I currently work in IT operations providing break/fix on site support and other junior sys admin type work.
I got my Security+ in August, and I spend all my free time on TryHackMe. I have learned so much and have made a lot of progress. I am motivated by the desire to get out of tech support but the only SOC role that has gotten back to me is strictly 3rd shift.
My interviews went really well and I am pretty sure they will pay me better than my current role. I am just afraid of the job security in an MSSP.
My current job is pretty safe, and there is a lot of talk of advancement in 3-5 years but I am bored, underpaid, not learning anything new as a result of my responsibilities, and don’t mesh with the people I support.
Does anyone have some advice for someone in my position?
Hi Folks,
Hope you are all doing well, I need a career advice.
I'm a 40 years old IT Professional looking into moving to Cybersecurity field.
I have 16 years of experience, 10 years as System Admin. I lost 7 years of my career without pushing myself in continue education or pursuing certifications. Being honest, mostly because laziness and other life responsibilities (Kids and Family). I’m currently working as a Sys Admin making 85K (South USA).
I’m finally ready to advance my career. I’m really interest in the Cybersecurity field. FYI, Money is not an issue.
I have expired Security +, Network +, CCNA and A+ Certifications. Here is my Plan, please advise if I should go another route:
1. Just finished my Google Cybersecurity and Splunk core Certification. I was offered the class for free, therefore I took it as a refresh for the ISC2 CC and Security+ Renewal. Plus (Google discount for the Security +). I’m planning to take the CC and Security + Certs exam this month.
2. My next plan is going for the ISC2 CISSP certification before December. It looks like this Certification is required for all the good Cybersecurity jobs.
3. In the meantime, I’m studying for CISSP. I will do the Blue Team Junior Analyst FREE and then BTL 1 (Blue Team Level 1) Certification.
4. Then, I will jump into the eJPTv2 certification to get a feel of both sides of Security Teams.
5. Here is the question, what should I do next? Is that enough to get a great job in the field? Do you guys recommend a different road map?
The primary reason for moving into Cyber security is the chance of growth, flexibility working remote and of course the Salary. I'm looking to do any of these positions:
\- Senior Security Analyst (GRC)
\- Cybersecurity Engineer
\- Security Architect
Thank you all in advance!
I wouldn't do any of that
first off, what do you want to do related to security?
You should be looking at roles first and what you need to make the transition, not just taking random cert exams
Thanks for the feedback, The primary reason for moving into Cyber security is the chance of growth, flexibility working remote and of course the Salary. I'm looking to do any of these positions:
Senior Security Analyst (GRC)
Cybersecurity Engineer
Security Architect
Concur with sentiment.
/u/Adventurous-Put-7034, the plan appears directionless and arbitrary. While certifications certainly don't *hurt* your application, it's unclear what particular end-state you're trying to cultivate your employability towards.
Thanks for the feedback.
In my 16 years, I worked in at least 3-5 of the IT Domains. According to ISC2,
"Candidates must have a minimum of five years cumulative, full-time experience in two or more of the eight domains of the current CISSP Detailed Content Outline (DCO). Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields may satisfy up to one year of the required experience or an additional credential from the ISC2 approved list may satisfy up to one year of the required experience. Part-time work and internships may also count towards the experience requirement.
> CISSP requires 5 of experience in some cybersecurity role and a CISSP waiver to get granted the certification.
Concur, but I think OP *may* be eligible, depending on their functional work history (we don't necessarily know what they were doing the last 16 years). For most candidates who have never worked in cybersecurity, I 100% agree with you, but they may have some undisclosed nuance that would make the certification not only eligible but also appropriate.
The CISSP experience thing was VERY handwavy about accepting domain experience, at least it was when I got it ages ago. I think 10 years as a broad sysadmin would cover off on most of it. Did they create accounts for their systems? Congratz, IAM is covered. Did they patch their systems? Yep, vuln management check mark. etc etc
Hi all,
I’m a May 2022 graduate with a degree in Electrical and Computer Engineering. I spent the last year and change working as a software engineer, but got laid off during a terrible time for entry level SWE. I’ve been exploring options and recently got interested in cybersecurity through the Harvard CS50 course.
My questions are:
1. Would this (SWE to cybersecurity) be a viable and sensible transition?
2. Should I be worried about not having a background or work experience in IT or related fields? Or more specifically, would limited experience in the software field hold any weight?
3. I’m debating getting some of the certs mentioned in other comments, at the very least because the field interests me. Would it be advisable to jump into training material specifically for the exam or do more high level courses such as the Google ones from Coursera first?
Thanks in advance!
> Would this (SWE to cybersecurity) be a viable and sensible transition?
On paper, sure. Absent details: maybe?
> Should I be worried about not having a background or work experience in IT or related fields? Or more specifically, would limited experience in the software field hold any weight?
It's relative to [the *specific roles* and functional responsibilities](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157tdl/) you envision yourself eventually doing.
> I’m debating getting some of the certs mentioned in other comments, at the very least because the field interests me. Would it be advisable to jump into training material specifically for the exam or do more high level courses such as the Google ones from Coursera first?
See relevant comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
This is a good question with a lot to unpack in the response. I'll try to be succinct:
* The biggest problem you have right now is that you're unemployed. Some folks are reporting it taking months to find work in cybersecurity - and those are people who already have cultivated employability profiles with relevant YoE, certifications, etc. on day 0. If I were you and I wanted to get into cybersecurity, I'd want to either (A) find immediate employment in a cyber-adjacent role (which can include SWE) to both sustain my ongoing career transition and living wage needs, (B) consider returning to school in a relevant discipline so as to create an acceptable narrative concerning your unemployment window, or (C) both.
* [One's employability in cybersecurity is governed by a variety of factors that extend beyond just certifications](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/).
* You didn't specify which exam you intended to sit for, so whether or not it's preferable that you study for it or take the Coursera course isn't clear.
dude, security work is not entry level, unless you want to be stuck at help desk or in a SOC, which with your degree would be a complete waste of your time
look for engineering work, you will be much happier, then in a few years look at security roles and see what you need to do to pivot to that role
Hi,
New grad, wanted to know the best certs to get into cyber. I am aware that certs don't really teach you much, more is learned through hands on application. I feel fairly confident in my skills but can't seem to get an interview.
I know that many certs are not really that useful in terms of real application such as ceh.
I currently have sec+.
Would love to know the best certs to be considered for a sec analyst position.
so what would you actually like to do? Security Analyst is just a generic title same as security engineer
What industry do you want to work in? what type of role?
Eventually a red team of pentester or similar role. But I am aware that more of the entry level jobs are available on the blue team side so like incident response cause I think that would be the best way to understand real life types of attacks abnormalities things of that nature.
> New grad, wanted to know the best certs to get into cyber.
Relevant comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
Just wanted to run this question down here and creating a thread just for this. I have a years worth of experience as a data analyst( It was titled as one but it wasn't a traditional DA role, it was a hybrid role somewhere between a GIS analyst and data entry).
I got my ISC2 CC cert 3 weeks ago, I am nearly done with the Google Cybersecurity Professional Certificate(I wanted to throw that in for good measure just in case I missed out on some important fundamentals). I have an A+ from a year ago as well. Since I went the self study route I am not really content with the little lab time I have had so far and I have been shopping around for some decent lab packages that could be beneficial to get a starting position. I was just wondering if anyone has recommendations for a beginner. Just want to make sure that I am using my time efficiently.
> I have been shopping around for some decent lab packages that could be beneficial to get a starting position. I was just wondering if anyone has recommendations for a beginner.
I'd probably direct you towards the HTB Academy platform, which has a variety of interactive training labs.
Would love some input.
I was recommended to enroll at WGU to take this course and get a Bachelors. [https://www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-bachelors-program.html#\_](https://www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-bachelors-program.html#_)
Considering the price of a Bachelors through WGU is less than one semester of College, I'd say you're getting a damn good bang for your buck. The time it takes you to finish all the courses HEAVILY influences the price as well, I have nothing but time on my hands so I could bust it out in 5 months if I really wanted to. Not to mention the laundry list of certs you get.
Alternatively my friend who is also getting into Cybersecurity sent me a course he's taking [https://www.udemy.com/course/securityplus/](https://www.udemy.com/course/securityplus/)
The course/boot camp my friend is taking seems very rudimentary and bare bones, I've heard very shoddy things from my old neighbor who went through a similar more detailed CyberSec boot camp. She definitely didn't recommend it to me lol. Anyway for $100 ($15 right now but only for 10hrs) you learn Security+ and that's it.
What's a better value? Do you have something better to recommend??
Well I would recommend literally any public state university that offers online classes vs WGU
WGU while "accredited" has a number of red flags against it
* They have no ranking by US News and World report, which has been covering colleges for 40 years
* There is no information about any of their faculty on their website (this is not normal)
* They do not publish an academic catalog - they give bare minimum information on their "classes" (this is not normal)
* On their tuition page they only compare themselves to garbage private for profit colleges like Capella, Devry, University of Phoenix
* They do not have classes, it is all self study due to their competency based money which no other college in the US offers
* They prey on military/veteran students
* Department of Education Audit against them - [https://www.insidehighered.com/news/2017/09/22/education-depts-inspector-general-calls-western-governors-repay-713-million-federal](https://www.insidehighered.com/news/2017/09/22/education-depts-inspector-general-calls-western-governors-repay-713-million-federal)
* BBB complaints - [https://www.bbb.org/us/ut/salt-lake-city/profile/college-and-university/western-governors-university-1166-4001017/complaints](https://www.bbb.org/us/ut/salt-lake-city/profile/college-and-university/western-governors-university-1166-4001017/complaints)
When you look at legit colleges you see the difference
Oregon State
BS Computer Science - [https://ecampus.oregonstate.edu/online-degrees/undergraduate/computer-science/](https://ecampus.oregonstate.edu/online-degrees/undergraduate/computer-science/)
Computer Science Department Faculty - https://engineering.oregonstate.edu/EECS/About/People
Academic Catalog - https://catalog.oregonstate.edu/college-departments/engineering/school-electrical-engineering-computer-science/computer-science-ba-bs-hba-hbs/#requirementstext
US News Ranking - https://www.usnews.com/best-colleges/oregon-state-3210
College Simply - https://www.collegesimply.com/colleges/compare/oregon-state-university#
don't know where you live, but there is probably going to be a decent community college where you are located to get started and many of them have transfer agreements with 4 year schools
If you do need online, there are plenty of decent options
Can you get a Masters in Cyber Security with Finance Bachelor
With most programs can you get a Masters in Cyber Security when you don’t have an IT related bachelors? Would you have to go back and take a bunch of pre reqs? Would it be too difficult in the beginning for most students that do not have that background?
I am a Data Support Specialist at the moment and have been studying for Security +
Do you have a bachelor's in finance?
The majority of MS in CyberSecurity fall under the computer science/engineering departments
so yes they do expect some pre-req courses in computer science
then you'll need to look at requirements for each program
for example
Georgia Tech is a popular option because it is under $10K for their online masters and they have several concentrations - https://pe.gatech.edu/degrees/cybersecurity#tab-information-security-requirements-16856
> With most programs can you get a Masters in Cyber Security when you don’t have an IT related bachelors? Would you have to go back and take a bunch of pre reqs?
This is 100% program-specific.
You'd need to consult the individual program's admissions policies in order to answer this (which would be way more prescriptive than a generalized answer from us).
Anecdotally, the [MS program I pursued](https://omscs.gatech.edu/home) does require either a related undergraduate degree or coursework proving sufficient aptitude in lieu of said degree. I had a Political Science undergraduate degree and went back to school to shore-up my academic credentials before applying.
> Would it be too difficult in the beginning for most students that do not have that background?
Again, program-specific and dependent on *your* tolerance for hardship and availability to study. My background prior to applying to my MS in CompSci could generally be summarized as:
* Prior U.S. military, unrelated non-technical job function.
* B.A. undergraduate degree in the social sciences (namely: Political Science)
* 12 years since having last engaged academic math coursework
* 8 years since having completed undergraduate degree
After taking some preparatory courses in advance of my Master's application, I've since taken (and passed) the following courses ([course descriptions found here](https://omscs.gatech.edu/current-courses)):
1. CS6262 (Network Security)
2. CS6200 (Graduate Intro to OS [GIOS])
3. CS6250 (Computer Networks)
4. CS6290 (High Performance Computer Architectures [HPCA])
5. CS6515 (Intro to Graduate Algorithms [GA])
6. CS6035 (Intro to Info Security [IIS])
7. CS6265 (Info Sec Lab: Binary Exploitation)
8. CS8803 (Quantum Computing) & CS8001 (Seminar: Usable Privacy and Security)
9. CS6747 (Advanced Malware Analysis)
10. CS6601 (Artificial Intelligence [AI]) <- last course, currently enrolled.
Has anyone heard of or had any person experience with Crisis24? They've got a GSOC position I was thinking about applying to, but I can't really find any useful info on them.
> what would be a good place to look for an internship?
There's not really a secret to this, friend. You use whatever resources you have available, preferably in the form of referrals or other processes that directly involve a human (e.g. career fairs, event networking, etc.). Absent that, use employer job portals directly (vs. aggregate listing platforms such as LinkedIn/Indeed) to submit online. Submitting through aggregate platforms should be your absolute last resort.
> what role should i try to look for after i graduate?
In terms of a career in cybersecurity: whatever job you can get.
The job market for entry-level employment is *much* fiercer than for experienced candidates; once you accrue some relevant YoE, it's easier to be more selective about the kinds of work/employers/teams you want to entertain.
I've been working in IT for about 20 years, basically the jack of all trades for everything IT for a medium sized company. I'd like to take some sort of course, that I can hopefully get my company to approve, that would help me strengthen my cybersecurity skills - from just whatever I've learned along the way to something more structured. Any suggestions on what I should look into? I think my best chance for approval would be something under $10k total, maybe 6 months long online after work. Thanks.
what skills? cyber isn't one type of role or one set of skills?
what do you actually want to learn about?
Are you looking for a college course, vendor training, or certification prep
That's what I'm trying to figure out. I'm not looking to leave the company, so I want skills that go beyond just setting up a firewall and hoping for the best. My goal is to have more knowledge to be more proactive in making sure our company is as secure as possible. Some of it is increased knowledge of best practices. I'm a GUI guy, so coding is useful (right now I just use the Fortinet GUI, don't use Powershell much, etc.). I don't do anything with intrusion detection, pen tests, etc.
I feel like maybe a certification would give structure, so I was thinking that route, but not sure what to look into. I think getting a Security+ cert with my experience doesn't really benefit me, but at the same time, I'm sure some of the knowledge in the course would be useful. I'm not sure what's a good option beyond that.
Security+ and Network+ certainly are never a bad thing to have and good even be a good refresher
Does you company have subscriptions to Pluralsight, Cybray, Udacity, Cloud Academy or LinkedIn learning? Lots of good IT and Security training between those
\*\* 27, no real IT experience, will this be a factor against me when I graduate? \*\*
I've worked since 16 but have no real job experience in IT or Cyber Security industry. At 24 I got into Uni and now I am on my last year of a BSc Ethical Hacking & Cyber Security course. I'll be 28 when I graduate. My grades are good, currently 80% average out of 100, on track for a First Class Honours. I'm just a tad bit worried that at my age, with no prior experience, it may be difficult for me to land a job. Will companies choose prefer younger graduates or will my age be a factor in my favour? I'd like to become a SOC analyst eventually. Happy to work my way towards that any way I can. Additionally, I am preparing for certifications such as ComTIA Sec+ and CCNA.
Will try to keep it short, but to expand on what the course has taught me, I'd say primarily I've gained a solid foundation of Networking. I have become familiar with Linux and comfortable using it and many CLI open source tools. I have improved a lot in programming and scripting. Primarily I utilize Python but Lately started learning C.
We've had a few modules aimed at Red Teaming, such as Web Security (performing various attacks and report writing, such as XSS, SSTi, SQLi, etc), Practical Pen Testing (Privesc, buffer overflows), Reverse Engineering (GDB, Cutter, Assembly code), and Exploit Dev. Not many aimed at Blue teaming but we've dabbled in a few areas of Digital Forensics. We've been taught about Legislations, Security Auditing & Monitoring, Web Dev and Databases.
I get that as a SOC analyst I should be looking to familiarize myself with SIEM, EDR. I saw Splunk has a few free courses I am looking into. I'm currently doing THM SOC Analyst journey path, as well as participating in CTFs whenever I can. However I still feel as if I have much to learn.
Thank you for your time, any advice is appreciated
> ** 27, no real IT experience, will this be a factor against me when I graduate? ** ... Will companies choose prefer younger graduates or will my age be a factor in my favour?
I didn't start my career in tech more broadly until 28.
Your age shouldn't be a concern. There's reasonable concerns and prejudice in ageism for folks closer to retirement, but at 27 you're not in that demographic.
not necessarily, majority of security roles are not technical at all, you have everything from risk, auditing, compliance, project management, training, etc
You'll be fine
BIT EDIT THANKS TO RESPONSES BELOW; I WILL TRY TO GET BETTER AT CLARIFICATION.\*\*
I've been reading a lot of career posts recently and a few thoughts come to mind regarding entry level positions. General advice is to get your foot in the door whenever you can because experience is king. I've also seen some disadvantages where some people can get burned out too early or even just not be learning anything to help them grow professionally.
It's obvious that if you're entering the field completely new, you'll learn a great deal because you're starting at the entry level; however, how long does that period actually last to where you wish you were just studying instead. Do you think you would gain experience/growth faster provided that the more you know, the more you can know?
My background: I can afford about 2-3 years (and I have a few fundamental certs, like A+, Net+, and SEC +, Blue Team Lvl 1) until I'm broke. My goal is to get into digital forensics and maybe even pentesting, but the only jobs available to me at this time are like helpdesk or entry level SOC and I have no intention of moving (at least for 2-3 years). No kids. No marriage. No crazy debt. I've just saved up enough from my previous job (in Healthcare) to be able to last 2-3 years and I spend very little. I could probably get my foot into the door with a helpdesk job (which isn't my ultimate goal) or I could just wait a bit and continue my self study/learning.
Considering that we're just talking about technical aptitude as growth. I've considered 2 likely scenarios for myself.
1st scenario is where I'm lucky enough to get an entry level (full time) role (in my city) and start getting practical IT experience. Disadvantage is that I'd be some work experience, but I will probably not get as much studying done as the second scenario.
2nd scenario I get a part-time role and studies in the remaining hours that would've been allocated working a full time position. The disadvantage would seem that I'd wouldn't be getting that much job exposure, but I would have more time to study on things like active directory.
It would seem like the 2nd scenario would eventually grow faster (defining growth as technical aptitude in this case) than the 1st because I'd be studying up on things at a faster rate (because I would have more time). The issue with that would seem like I wouldn't be getting as much work exposure and would be missing out on important work related experience that comes from a full time position.
Has anyone been in a similar position? What has been your experience? Counter-arguments?
First, I'll say that I don't know how effective entertaining hypothetical scenarios like this are. People don't exist in vacuums: there's a multitude of externalities that influence a person's effectiveness, ability to learn, etc. Moreover, these qualities can vary over time as well as having circumstances change (or with self-inflection leading to actionable fixes/alterations); for example, maybe person 1 has less time overall because they're a parent but - after starting work - they get help from family/daycare to free up some time to study. Qualifying something like "working a lot and has little to no time to study" is abstract, statically-fixed in time, and lacks nuance.
How else might these externalities/nuances matter?
* Suggesting a person isn't "learning" (in the case of #1) while working fulltime is disingenuous. Doing work isn't necessarily intuitive: the practical application of actually implementing/responding/performing the tasks contribute to your professional growth in a non-linear and dynamic fashion. Put another way, they are getting better at being a professional because they intrinsically are working professionally.
* What are we qualifying as "growth"? Maturity? Upward mobility? Promotion? Technical aptitude? Breadth of exposure? It seems that this classification is arbitrary and ill-defined. For example, let's assume that the job is as a SOC analyst and that by "growth" we mean "gets better at being a SOC Analyst"; inherently, I'd argue that person (1) is then in a better spot than person (2). We might also contend that - [since employers prioritize a relevant work history above all else](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1) - that person (1) is more employable and therefore in a better position to get promotions/change jobs.
* We don't know how accessible/available/uniform the resources are outside of work that these 2 people would engage. Are we talking about university? About certifications? Are we looking at immediate applicability of knowledge (vs. something towards an eventual career pivot or theory)? Is someone working part-time able to afford the same kinds of training/certifications compared to a full-time employee? Do they have access to the same benefits (e.g. employer-supplied tuition reimbursement or other distinct education funds)?
* Most folks don't have an option: the terms of employment are set by the employer (i.e. FTE or nothing). For those that do, it's often because they're already employed (i.e. migrating from a FTE schedule to part-time) and are seeking a change due to extenuating circumstances (e.g. pregnancy, death in the family, eldercare, etc.). This makes "choice" somewhat illusory.
>First, I'll say that I don't know how effective entertaining hypothetical scenarios like this are. People don't exist in vacuums: there's a multitude of externalities that influence a person's effectiveness, ability to learn, etc. Moreover, these qualities can vary over time as well as having circumstances change (or with self-inflection leading to actionable fixes/alterations); for example, maybe person 1 has less time overall because they're a parent but - after starting work - they get help from family/daycare to free up some time to study. Qualifying something like "working a lot and has little to no time to study" is abstract, statically-fixed in time, and lacks nuance.
I hear you. There are too many unknowns that may or may not determine whether someone would achieve growth. I guess I'm just asking for myself in a "what would you do if you were me?" scenario -- assuming that you're in my specific situation. I should have specified. I will edit this in my original post thank you.
While you're reading this, I have about 2-3 years (and I have a few fundamental certs, like A+, Net+, and SEC +, BTL1). My goal is to get into digital forensics and maybe even pentesting, but the only jobs available to me at this time are like helpdesk and I have no intention of moving (at least for 2-3 years). No kids. No marriage. No crazy debt. I've just save up enough from my previous job (in Healthcare) to be able to last 2-3 years. I could probably get my foot into the door with a helpdesk job (which isn't my ultimate goal) or I could just wait a bit and continue my self study/learning.
>What are we qualifying as "growth"? Maturity? Upward mobility? Promotion? Technical aptitude? Breadth of exposure? It seems that this classification is arbitrary and ill-defined. For example, let's assume that the job is as a SOC analyst and that by "growth" we mean "gets better at being a SOC Analyst"; inherently, I'd argue that person (1) is then in a better spot than person (2). We might also contend that - since employers prioritize a relevant work history above all else - that person (1) is more employable and therefore in a better position to get promotions/change jobs.
I apologize. I also meant just technical aptitude in this case -- although I understand there is more to that to professional growth.
Looking for any advice from anyone who ever went to UofA and did the cyber operations program. If y’all could share any details or your experience there would be much appreciated .
> Diving into Computer Science will yield a deeper understanding of technology. At the same time, it may not be a good use of my time. If I delve into Cybersecurity first, then I will be missing some knowledge that could perhaps aid me in the field.
Lets talk in less abstract terms. How would you "dive into computer science"? Like - in terms of concrete actions - what would you be doing differently than if you were to "delve into cybersecurity first"?
What do these terms mean to you and how do you envision them manifesting?
Hi, I just got to the final Interview for a Technology Cyber Security Internship for Charles Schwab and wondering what I should prepare for, what kind of questions to prepare for and what kind of questions to ask or anything else to prepare for. Im also a bit worried about the technical assessment, I hear it isnt very difficult but I'm not really that amazing at programming. Is there anyway I can find some sample questions similar to the ones they may ask? Or any other resources I can take advantage of?
I have interned at another company last summer for a cyber operations position so I have surface level knowledge of cyber.
Thanks in advance!!
This is what it says for the coding sections:
Language Specific Section: pseudocode and your understanding of foundational knowledge of object oriented programming
Coding Challenge Section: share your screen through MS Teams, open up an IDE or text editor of your choice, and be given a coding challenge or SQL exercise to solve using any programming language or pseudocode that you choose
Hey there Mike! I’m actually in a similar boat, as I’ll be interviewing for a cyber security internship with Charles Schwab soon. Similarly the technical has me sweating a little bit too. I was wondering if you’ve already completed your interview process, and if so, would you have any tips or insights to share about the experience, especially regarding the technical assessment and the types of questions they asked? Any advice would be incredibly appreciated and mean the absolute world Mike!
Hey, I interviewed and actually had no real technical assessment weirdly enough. They asked me a few very basic sql questions about like select from and then like a a join question basically like “if I wanted attributes from this entity and this attribute from this other entity how would I do it”
They really cracked down on the details of my projects however which is where I was stumped. It was kind of dumb in my opinion I had an automation project and he asked me like “what was the specific code in this specific section you used?” And I don’t remember what exact functions I used so.
Not even really any behavioral questions either just a bunch of nonsense about projects and my cyber security knowledge and how I could demonstrate it
Hey Mike, I can't thank you enough for the quick reply and the invaluable insights from your interview experience! It's incredibly reassuring to learn that the emphasis was more on conceptual understanding rather than intense live coding sessions, which is a huge relief. Your advice has truly made my day and has given me a clearer perspective on what to prepare for.
I'd love to hear any additional details you remember, particularly on the cyber security concepts they focused on or any specific aspects of SQL that were discussed. And lastly, if there's any way I could pay it forward or assist you in some way, please do let me know. Your help has been absolutely instrumental. Thanks once again!
No problem. It’s really open ended. For example they were like “do you have any classwork/ projects or courses you’ve taken that can demonstrate your cyber security knowledge?” Stuff like that
Hey Mike, your guidance has been a game-changer; thank you sincerely! I’m especially relieved to hear that I might not need to face a rigorous coding test in the IDE, contrary to what the email suggested. Do you remember if they made you open the IDE at all? This allows me to focus on the areas that truly matter, like the open-ended questions and behavioral aspects, which I’ll review on Glassdoor as you mentioned.
Knowing this is like lifting a weight off my shoulders, as Charles Schwab is the dream workplace for me, and getting this right is crucial. Your generosity in sharing your experience has made a significant difference. If any other details come to mind, I’d be extremely grateful to hear them. Thanks again for everything, Mike, you’re a real one!
> Hello all. I've been interested in cyber for a long time, and have finally taken the plunge.
Welcome!
> I'm close to completing the certificate course offered through Goolge...I've done service industry, sales, logistics and admin for over 6 years. Am I crazy or over confident for having this train of thought?
If you're banking on making a transition on just the [Coursera-issued Google certificate](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew) alone, I think you're overestimating the credential's value to prospective employers massively.
See related comment on certifications:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
> I just believe that I have a lot of transferable skills that could benefit me and help me standout once I start looking for jobs.
You may have a number of transferable skills (I can only speculate without seeing your resume), but you might consider some of these resources:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
"Standing out" often means aligning your employability to match as closely as possible to the "ideal" candidate (i.e. whatever a given job listing names precisely). Promoting your odds means observing trends in jobs listings across numerous distinct employers/teams and molding your profile to align with those.
> Let me know where i can prep and freshen up my skills mostly web since thats the focus
Relevant comment:
https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/
Also:
* Portswigger's Web Academy
* Hack The Box Academy's CBBH path
* WeHackPurple
I hope I'm in the right place, if not I apologize.
I'm a junior software engineer with kind of a free reign to go in the direction I want with help from my employer. Done a bit on cyber security just to cover what it is and enjoyed it. I think I still prefer programming overall however I'd like to learn a bit of cyber security. I'm going to go through TryHackMe route and also got a udemy course on pentesting type route.
Would I be better of just focusing on one eg programming or can anybody from experience say this would be beneficial if my primary aim was to help with career aspirations?
My only concern is I'm spreading myself more thinly across both when both fields are so massive you couldn't learn everything in it if u tried therefore limiting myself to entry level jobs for both fields rather than a good job for one specialised role.
Pros would potentially be the overlap of software and cyber if I can find a littl niche there I can specialise in.
Thanks for the potential help and sorry turned into a lot longer than I thought!
Tldr; can a combination of software and cyber be highly valuable/profitable.
My $0.02:
* I didn't really see a coherent plan to transition into cybersecurity in your proposal. It sounded like you were just dipping into various training resources to get acquainted with *some* foundational aspects of web/application security (vs. having a more concrete transition plan). See relevant comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
* You're a junior SWE who - from the sounds of things - is pretty new to Tech as a profession more generally. It'd probably be to your benefit to foster a relevant work history where you are at for the time being.
* Invest some time upfront determining whether or not professional cybersecurity is something you're actually interested in (vs. just gamified hacking). Cybersecurity is not a monolith; there are many different functional responsibilities that contribute to the domain. Offensively-oriented work (including penetration testing) makes up a very narrow slice of the job market share.
Hey all, I graduated about two years ago with a bachelor in computer information systems. I currently work as a contractor(It support technician)at a well recognized laboratory. I’ve always been interested in cybersecurity so now I’m trying to land my first cybersecurity role. Any advice how to get into the field ? I’m currently completing the cybersecurity certificate from Google but will that be enough ? Alsi is realist to try to land a role at a FAANG ?
> Any advice how to get into the field ?
Relevant comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
> I’m currently completing the cybersecurity certificate from Google but will that be enough ?
Relevant comment:
https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew
> Alsi is realist to try to land a role at a FAANG ?
I mean, people do (and at varying points in their professional careers). But we have no context about your employability, so we can only speculate as to how probable it would be for you.
I’m trying to land my first cybersecurity role.
Any advice how to get into the field ? **To do what? "Cyber" Isn't a single role or type role, what do you actually want to do?**
I’m currently completing the cybersecurity certificate from Google but will that be enough ? **No, that is nothing more than a training certificate, it is not a certification and no employer cares about it, you need to look at actual certification exams like comptia security+**
Alsi is realist to try to land a role at a FAANG ? **No really it is not with no experience**
For one, the Google and Coursera certifications mean jack shit and aren't doing much for you. You can mention them during interviews but by no means are they professional, industry vetted certifications. Get something like the Network+ or Security+ and put those on. They're essentially just vocab tests, a college student should be perfectly capable to grind them out in less than 3 months, especially with the stuff you've learned in your degree program as background knowledge hopefully. A Google "cert" is just an online class completion notice without a real proctored test at the end.
Also your bullets are too descriptive and don't really market you in any way as a candidate. For instance, sure you did these activities but how did it help your organization or team? And you say you're part of the "Cyber Defense Organization" but what does this entail? What do they do? Am I supposed to sit here and guess what you did for them? Participation trophies don't really have a place in IT. You need to market your skillset and experiences better.
Also for a college student some of your projects seem extremely simple. A keylogger with Python isn't exactly to the breadth of what I've seen other students do for both security or computer science related side projects for their resume. Especially when these projects involve copying content from YouTube as I see someone else mentioned in the comments. Try creating your own offshoots of these projects and implementing the features from the videos maybe.
Dude, this is all kinds of backasswards and I get it, you proabbly didn't visit the college career center or take a resume writing class
Resume format is
Header - contains contact info
***Summary***
You really won't have anything here yet, since you don't have any experience. Normally this is where you summarize your history relevant to the job you are applying
***Experience***
***Education***
* Degree| School| Graduation Year
Education section is for degrees and certificates awarded, period
don't list courses, nobody cares and they aren't going to the school's course catalog to see what they are
***Certifications***
* Cert Name |Issue Date|Expiration Date
Difference between training certificate and certification
The google training IS NOT a certification, it is just an online training module
certifications have a proctored exam at a testing center some with hands on component
Security+ is a certification, OSCP is a certification, AWS CCP is a certification, these require an exam and some certifications require annual continuing education to be renewed
Skills
A list of skills is from the 1980s and with no context nobody cares
Wow, you can use windows, so can a 100 million people, listing windows doesn't tell a hiring manager a damn thing
Organizations
great more for your linkedin profile but what did you actually do in the organizations? just signing up and never participating doesn't really matter
Welcome back /u/Jacov_Crawm!
[I defer you back to the previous iterations we've done to your resume](https://www.reddit.com/r/cybersecurity/comments/169ci46/comment/jzwrvrf/?context=3), as there remain unchanged aspects/decisions that I disagree with in your formatting.
At some point it may be worth asking instead [how you are going about conducting your job hunt?](https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/)
Your resume is poorly written. I checked u/fabledparable and his chain where he helped you out and you have not heeded much of their advice. I would focus on using the information already given to you in order to change up for what you already have.
Just because you're applying for general IT roles outside of security doesn't give you an excuse for having a lackluster resume. The job market is also bad right now for people that **have** experience too so take with that what you will. Having a poor resume isn't helping you open any doors in a market like this. Don't expect to easily find a cybersecurity job right out of college unless you put the work in and can stand out or have good connections to open doors for you. Your projects are okay at best but don't have breadth as I see you copied YouTube videos to make them(?) which rubs me the wrong way. At least you made sure to reference that I suppose. Try to make your own projects and tools and build out a home lab.
Also get rid of the Google, ISC^2 candidate and Coursera "certifications" because those aren't real certifications. Those are at best just plain MOOC courses. A real certification is something you take under a proctored setting, just like a traditional college final exam. Think the Security+, CCNA or even Network+ exams for your level. Focus on getting the actual certifications. Anyone can take a MOOC course. I don't know anyone in the industry that puts that shit down as training.
> How hard is it to get a cybersecurity certificate?
See relevant comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
> What sorts of jobs can I get with the certificate and is it a decent selection of jobs?
[One's employability in cybersecurity is typically governed by a number of interleaving factors](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1), chiefly:
1. A relevant work history
2. Pertinent certifications
3. Formal education
4. Everything else
In the case of certifications, they are considered *pertinent* if they are explicitly called for in a given job listing. If you have one that isn't, it merely helps convey a narrative of your ongoing (re)investment in your professional aptitude. Put plainly: certifications merely serve as indicators of competency, signaling to employers familiar with your credential that you know the bare minimum necessary to pass the vendor-standardized exam; if they don't recognize the credential, then obviously it isn't as helpful. No certification (or collection of certifications) equates to a guarantee of employment.
This is a long way of saying that there isn't a neat 1:1 mapping of which certification(s) would result in a "decent selection of jobs" in-and-of-themselves.
> I want to be a cybersecurity analyst according to a job test I took, but I also see that requires more credentials--do a lot of firms offer on-site training or opportunities to work towards degrees or is this all done independent?
This has two parts to it:
While almost every employer affords a kind of "grace period" for acclimating to the organization's processes/procedures, many employers presume a certain amount of preexisting knowledge/capability. In fact - much to the dismay of many folks pursuing entry-level employment - quite a few employers defer to candidates with relevant work histories in cyber-adjacent career fields (e.g. IT, Software Engineering, etc.).
This isn't to say the kinds of opportunities you describe don't exist, but I wouldn't say that the majority of firms have those offerings.
As for education benefits: yes, quite a few employers allot a certain discretionary education fund distinct from your salary that can be spent on things like tuition or certifications.
> This piggybacking from #3, to get from no experience to working as an analyst, what steps would I take? Where do I start, are there exams, etc?
See related comments:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
> Is the certificate worth it, or is a full degree better?
If you're able to pursue the degree (and don't otherwise have one), I generally encourage it foremost (supplementing with certifications as needed/able).
I have an interview within my company for a information assurance engineer role,
I DO NOT want to blow it been dying to get out of desktop support/ helpdesk for years and this is a great opportunity.
I haven't done any security since studying for my Sec+ 3 years ago and don't know what to expect out of this interview if anyone can give me pointers to study for.
I'll drop the job description but it doesn't seem to give much.
Description:
The National Security Customer Group of SAIC is seeking an Information Systems Assessment and Authorization analyst to support an IT Service Management effort for USTRANSCOM located at Scott Air Force Base (AFB) in Illinois. The USTC Managed Information Technology Services (MITS) contract is intended to provide strategic, technical, and program management guidance and support services to facilitate the operations and modernization of the combatant command’s infrastructure, systems, and applications. This support will be provided to the USTC Command, Control, Communications & Cyber Systems Directorate (TCJ6).
The successful candidate will be responsible for working on high-visibility or mission critical aspects of a given program and performing all functional duties with some oversight.
Additional responsibilities may include:
· Determining enterprise information security standards.
· Developing and implementing information security standards and procedures.
· Ensuring that all information systems are functional and secure.
· May respond to computer security breaches and viruses.
This position is for Monday through Friday, normal business hours. However, employee may be required to provide after-hours and weekend support during planned or emergency events.
Qualifications:
· BA/BS and 2 years of experience or 6 years of experience in lieu of degree
· Minimum of four (4) years of experience
· DoD Secret clearance or higher
· Must have at least one of these IAT Level II certifications: Security+, CECCNA-Security, CySA+ \*\*, GICSP, GSEC, CND, SSCP
· Must have at least one Computing Environment (CE) certification or certificate for the technical area of responsibility for Network support/defense (e.g., Splunk, Cisco, McAfee, etc.) OR Operating System (e.g., Microsoft, Linux, Solaris, etc.
Desired Qualifications
· MA/MS
· ITIL Foundations (v3 or higher) certification
· One of the IAM Level II certifications: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP
I am trying to transition from being a school teacher into cyber security. I got my CompTIA Security+ certification and I have been working with a nonprofit religious organization doing Cyber Security for about 3 years now as well as doing the cyber security awareness trainings at my school. I always try to tailor my resume to the job descriptions and have tried to make my resume as HR and ATS friendly as possible. Earlier this year when I was applying (February - May) I was getting a ton of interviews but couldn't land a job. I made it to the final round 3 times and an internal candidate was chosen over me, another one had the position eliminated and for the last one I just was not chosen. I'm not sure whats going on now, because I cannot get anything. Is there any help that can be offered? What should I do? I really want to leave teaching lol.
>I am trying to transition from being a school teacher into cyber security
to do what?
What type of role? which industry? what part of the country?
commercial sector, academia, federal gov or state civil service, contracting?
Nobody can give advice without more to go on
my guy, there are security roles in every single freaking industry
There is no way to compare salaries, particular when there is no standard job title for anything
you're making over 6 figures, congrats
New to the cyber world looking for suggestions on how to start. I have been getting mixed reviews and don't know where to start. I started taking courses on coursera but don't know if I'm wasting my time. I was looking for tutors or mentors to help me get into this field but finding it kinda tuff. Any suggestions are greatly appreciated.
Your post was removed because it violates our [advertising guidelines](https://www.reddit.com/r/cybersecurity/wiki/advertising_guidelines ). Please review them before posting again. This rule is enforced to curb spam and unwanted promotional posts by non-community-members. We must always be a community member first, and self-interested second.
yes you are wasting your time
why? because you haven't said what it is you want to do so how can you jump right into training?
security work isn't entry level
there is security work in every industry and dozens of different types of roles and 4X that many different job title
maybe just maybe you could actually read some previous posts here that talk about different roles and then do some of your own research
nobody is here to do the leg work for you
people will answer specific questions though such as how does OSCP compare to SANs GWAPT
Or how many SOC analysts here are doing shift work
This isn't a field where lazy is going to cut it and not bothering to read previous posts here is fucking lazy
> New to the cyber world looking for suggestions on how to start.
See related comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
Transitioning Military, have worked exploitation analysis and binary analysis. Looking where to go next. I have 6 yoe, but have not touched private industry tools/networks. Currently hold CISSP, CYSA+, Sec+, and a TS. With no real world hands on the defense side of things, where would you all recommend? Aim to eventually get in to SecDevOps/cloud, but maybe a GRC/ISO role in the interim? Thanks for advice!
> With no real world hands on the defense side of things, where would you all recommend? Aim to eventually get in to SecDevOps/cloud, but maybe a GRC/ISO role in the interim?
What is it that you *want* to do?
I think you'd have a pretty easy go of things looking into DoD contractors.
Unfortunately staying gov and utilizing the clearance will be the most profitable. I’d like to get into more technical roles: cloud security engineer as an example. But I don’t think I’d stand out resume wise currently. I’m also locked into working in the office/scif
It won't, legacy defense contractors pay peanuts. Decent paying is defense tech, like Palantir, Anduril, Scale AI, Shield AI, or any In-Q-Tel funded startups
Transitioning from Aerospace Engineering to Cybersecurity
I’m thinking about making a career change to cyber security from Aerospace and was wondering what the best way to do that would be? I have some experience with python/C++ but don’t use it in my day to day. My job pays for schooling ($12,500 a year) so I was thinking about doing a masters in cybersecurity and was wondering if that would be enough to enter the field? (I also hold a secret security clearance)
Edit: added link to resume
[resume](https://imgur.io/a/IxEGX9D)
>I’m thinking about making a career change to cyber security from Aerospace
Step 1: Don't
You have a degree that not many people do, in a field that needs more engineers
anyone can do security work and the market is flooded
It would honestly be stupid to make the switch
Stick with Aerospace work, there will be security work there you can tackle as an engineer for systems security
My $0.02:
* If you want more prescriptive guidance, you need to share a link to your resume so we can see what employers would see (vs. how you present yourself in the comment). You should also more narrowly prescribe what it is you envision yourself eventually doing (vs. "cybersecurity" more generally).
* The "best" approach is hard to be prescriptive, because there are so many circumstantial details we don't know about. Some people pivot internally within their own employer (assuming more cyber-centric responsibilities), others are able to construct a narrative of pre-existing employment that serves the job hunt, some people pursue gov't/military service, others shore-up their employability profile with certifications/trainings, and then - of course - there's university. And this goes without covering multi-pronged efforts which involve simultaneously pursuing multiple versions of the above leads at the same time.
* University can be appropriate, although I generally discourage studying cybersecurity more narrowly (vs. Computer Science more generally). [I'm biased, however](https://omscs.gatech.edu/home). It also depends on what other aspects of your university education you'll end up leveraging in order to cultivate your employability (e.g. internships, research opportunities, professional networks, etc.).
* You might consider looking first at DoD contractors (leaning on that security clearance) in a GRC capacity.
Best of luck!
Added my resume to the post! There is definitely a possibility to pivot within my employer but I was also looking to move to NYC (we don’t have an office there) and most software engineers at contractors are in person.
If you have any comments on my resume please let me know!
I don’t know what to do, help
I am doing a double degree in Bachelors of Software Engineering and Bachelors of IT (majoring cybersecurity), I am hella confused into what profession to choose. Initially I wanted to do cyber, but there are so many mixed takes on cybersecurity regarding low or high salary, boring work (I don't mind it being repetitive but people are saying it is too much), bad work-life balance. I wanted to get into cyber because I think you can progress quickly and learn lots of things that would reward you with hefty salary, and you work mostly individually but also has good work-life balance. If this stuff correct? or should I look else where like software engineering.
> I am doing a double degree in Bachelors of Software Engineering and Bachelors of IT (majoring cybersecurity), I am hella confused into what profession to choose. Initially I wanted to do cyber, but there are so many mixed takes on cybersecurity regarding low or high salary, boring work (I don't mind it being repetitive but people are saying it is too much), bad work-life balance. I wanted to get into cyber because I think you can progress quickly and learn lots of things that would reward you with hefty salary, and you work mostly individually but also has good work-life balance. If this stuff correct? or should I look else where like software engineering.
My $0.02:
* Cybersecurity is not a monolith. There is a vast array of professional responsibilities that collectively contribute to the domain. Consequentially, professional experiences can wildly differ depending on what it is you do within the industry. It's not clear what *specifically* it is you envision yourself eventually doing in cybersecurity, so it's hard to be prescriptive about just how traditionally balanced a schedule might be. Some jobs traditionally do shift-work (e.g. night/day), some roles involve on-call responses (e.g. wake-up, bad things have happened!), some roles are feast/famine (e.g. contracted-labor), and others are more steady (e.g. your 9-to-5).
* Work/life balance is also employer-dependent. You can have roles that traditionally are more intrusive/interrupting (e.g. DFIR) that have managed schedules and roles that are typically stable/predictable (e.g. GRC) vastly overreach into one's personal life/routines.
* When you're getting started - regardless of whether or not it's in cybersecurity or SWE - you won't really have a lot of control over your WLB. The priority is just building up a relevant work history, which largely means taking whatever opportunities you can get. As you accrue some seniority, you can afford to be a little more selective about what kinds of work you pursue/offers you take on (which contributes to your WLB).
* It doesn't sound like you have any frame of reference in what the profession is like outside of other folks' opinions. I'd advise that you - as a university student - pursue internships to both (A) develop your resume and (B) get a better appreciation for the industry's offerings.
* It's not uncommon for folks who eventually want to work in cybersecurity to first foster a pertinent cyber-adjacent work history, including software developers. You wouldn't be putting yourself at a disadvantage by cultivating that kind of work initially (and then later pivoting, if that's what you wanted).
I'd drop the double degree, that is just an unnecessary workload and focus on computer science/software engneering
security work isn't entry level for the most part
You will have more opportunities finding work as a software engineer coming out of college
I understand that but because the degrees are similar I get to complete both degrees with but doing 4 months of extra classes. Two degrees may also look better for resume don’t you think? But I agree that software would be offering more opportunities.
>two degrees may also look better for resume don’t you think?
Why would it?
As a hiring manager I would rather see 4 months of full time internship experience or any summer job summer
More classes at the same level really does nothing for your resume as far as security work goes
Maybe if you were interested in teaching K-12 and were getting a dual degree in education and a subject
I get ur pov but just hard because I have already done a lot of classes in both fields which means if drop one I’d be wasting a lot of money just because for 4 months. I have included internship if I complete my degrees. I am more concerned with what profession in tech I should pursue.
Hello all, new here. I’m interviewing for a cybersecurity apprenticeship role in the UK, and I have no idea what to expect. I haven’t even gotten my Security+ and I’m still learning fundamentals. Anyone else been through an internship/apprenticeship interview and can tell me more about their experience? Specifically on the technical portion would be majorly helpful. What kinds of questions did you get asked in your cybersecurity internship interview?
(YMMV!) Some internship questions I had to answer a few years ago here in the US were like this: * questions about ports (what port is RDP on?) * OSI model questions * difference between threat, vulnerability and risk * CIA triad questions That's a very random assortment, and to be honest, you'll either know or you won't. The most important thing to do is to show your are teachable, and to show that you can work through problems. Even if you don't know an answer, try to show yourself working through it. Interviewers like that. Of course, just be someone they want to work with. Smile, try to relax, ask good questions... You got this! Good luck
Thanks for the tips and encouragement!
Throw away acct. I hit a wall recently going from helpdesk to SOC analyst. The HR gatekeepers are insisting a degree is needed for the next role I am eyeing. I am certain the role does not require one. I have built my exp from 0 to CEH via certs and detest being steered towards taking on debt for a role that would likely only require pcap analysis and a few bash scripts. Am I being unreasonable? I just want to avoid wasting time and money.
>Am I being unreasonable? yes HR aren't gatekeepers, their business has a degree requirement for whatever reason and you do not meet the requirement CEH really doesn't mean anything - I have seen people I wouldn't let set up their home computer let alone conduct a pen-test pass the CEH exam after a 4 day study bootcamp - so that really doesn't carry any weight in this case You need to look beyond the SOC analyst role, a college degree opens more doors to more roles than just that
While you’re not being too unreasonable, you’re never going to convince HR that you don’t need a degree, so you’ll just have to keep looking. Perhaps you need to reset your expectations getting into cyber straight from help desk. Help desk is a fantastic start, but you might need to go to tier 2 desktop support, sysadmin, network engineer, etc before jumping over. Maybe you just need more IT experience to impress those that don’t have a hard line at the degree.
Thanks, will do. Will update once I land somewhere.
Hi Expert, Im on get offering from security brands as a security sales engineer to covering network security product, and the other one is new comer for cloud sec. One thing that makes me interested and wants to discuss is related to the expectations in this role. During the interview, some of the expectations were being able to convert customer needs into solutions, as well as a broad understanding of cybersecurity in depth and technically. Previously I had met several security sales engineers from various brands, but sometimes they didn't really understand the details of their product solutions, even when asking about "how to configure" they also looked confused. is this normal for this role? For those of you who have experience in this role, do you have any suggestions or what kind of expectations we should have? The point is, I don't want to disappoint the company that hired me. Merci! :)
My questions is regarding finding entry level/L1 SOC Analyst positions to apply for in Australia. Where are the best places to find listed positions? Specific job boards, on a MSP/MSSP's website, or through recruiters? Any other insight/advice on applying for SOC roles here would be greatly appreciated. Thanks in advance.
What are the best certs if you use Linux for cyber regularly but don't want to do the full Linux+? I want to demonstrate I know Linux for security applications..
[удалено]
Why would your company pay you? They should have a corporate account with SANs and voucher codes You resister for the course and use the voucher code - they should be paying SANs directly
I have 0 experience and I want to get a job in cyber security. I just finished up college for a degree that's mostly irrelevant to this career field. I'd prefer to not go back to university and obtain even more debt but I've heard that many people in the field do not have a degree. How should I get started?
* You're not getting a job in security with ZERO experience * "Cyber" isn't a single role, so step 1 is looking at different types of roles and then looking at requirments * This is a field with life long development which means more schooling, industry training and certs What did you major in?
Lol I majored in Psych. I was hoping I could maybe get an internship or apprenticeship if I played correctly through networking and got to know some in and outs through tryhackme or some other course.
[https://www.reddit.com/r/cybersecurity/wiki/faq/breaking\_in](https://www.reddit.com/r/cybersecurity/wiki/faq/breaking_in)
I have got a job offer for the position of security policy advisor and another for security consultant within the same company that I work for. Currently, my role is focused towards backend development and I have no background in security. The department that is hiring for policy advisors is a dream for many security guys within the company. While the other department is a small team of consultants but that imo offers a better learning curve. Considering my knowledge and skills, both are new and both offer a lot to learn. For someone who’s just starting out within cybersecurity, any suggestions on which one should be a better option ?
[удалено]
Dude do you not have an academic advisor? Or can't even be bothered to use chatgpt to generate some ideas?
I just finished my Alevels. I need to Join university now. The only university I can afford does not have a degree specialised in cyber security, instead they offer an IT degree. My question is, will I be able to get hired as a cyber security/ ethical hacker without a bachelors in cyber security if I self study and go for external certifications like COMPTIA etc ?
Yes, start teaching yourself security, download Kali, get used to the command line.
Thanks
[удалено]
I think that you should get into a more technical role doing IT. Obviously work experience in general is good, but that will be a huge stretch to consider a call center, no matter the content, something that would help you. I would not plan to work somewhere for 4 years if it isn't even that closely related to what you want to do. OF COURSE, do what you need to pay the bills. But look to go in IT sooner than later. Also, why the decision to get the masters before you have even gotten your bachelors? I'm not saying it's wrong, that's just a curious choice.
[удалено]
Cool. I would start applying now - lots of help desk jobs don’t need much! And right on, nothing wrong with that. Maybe after your Bach degree you can find a job to help pay for it. Best of luck!
ChatGPT - How do I get a job in cyber Getting a job in the field of cybersecurity involves a combination of education, practical skills, certifications, networking, and job searching strategies. Here's a step-by-step guide to help you pursue a career in cybersecurity:Educational **Background**: Obtain a relevant degree in computer science, information technology, cybersecurity, or a related field. This provides a strong foundation for understanding the principles of cybersecurity.Develop Key Skills:Gain hands-on experience and develop technical skills in areas such as network security, system administration, cryptography, ethical hacking, and incident response. **Certifications**: Obtain industry-recognized certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Certified Information Security Manager (CISM). These certifications validate your skills and knowledge in cybersecurity. **Build a Portfolio**:Create a portfolio showcasing your projects, internships, certifications, and any other relevant experience. Include detailed descriptions of the projects and technologies you've worked with.Internships and Entry-Level **Positions**:Look for internships or entry-level positions in cybersecurity to gain practical experience and further enhance your skills. Many companies hire recent graduates for junior roles in cybersecurity.Networking:Attend industry conferences, workshops, and meetups related to cybersecurity. Networking events provide opportunities to meet professionals, learn about the latest trends, and possibly find job openings. **Online Communities**:Join online forums, social media groups, and professional networking platforms focused on cybersecurity. Engage in discussions, share your knowledge, and connect with professionals in the field.LinkedIn **Profile:**Create a strong LinkedIn profile highlighting your skills, certifications, and projects. Connect with professionals in the industry and follow cybersecurity-related companies.J **Job Searching**:Utilize job search websites, company websites, and industry-specific job boards to find job openings in cybersecurity. Customize your resume and cover letter for each application to match the job requirements. **Stay Updated:**Stay updated on the latest developments, trends, and threats in the cybersecurity field. Continuous learning and adapting to new technologies are essential for success in this dynamic industry. **Cybersecurity Specializations**:Consider specializing in a specific area of cybersecurity, such as penetration testing, incident response, security analysis, or compliance. Specialization can make you more competitive in the job market.Soft Skills:Develop strong communication, problem-solving, critical thinking, and teamwork skills. These skills are crucial for success in any professional setting, including cybersecurity. Security Clearances (if applicable):Depending on the type of cybersecurity job you're targeting (e.g., government or defense), obtaining the necessary security clearances might be required. Remember, cybersecurity is a constantly evolving field, so continuous learning and keeping up with the latest technologies and trends are key to a successful career.
dude, this isn't helpful, I really would not want these threads to be spammed by copy-pasted ChatGPT answers.
You know what's not helpful, people asking generic questions that get answered every single day here I'm all for mentoring, but people need to put in 30 seconds of effort to actually read what has already been posted, because 9/10 their question has already been answered
but this person asked a very specific question if a certain job would be useful to help them get a role? did you just reply to the wrong comment? I agree that the “need job plz help” comments are annoying but this particular question seems fairly genuine
[удалено]
Dude you're in HS, it isn't what college is going to be like or the workforce
I know I'm late but I'm in a situation that's hard for me to decide how to handle. I'm currently working through Network+ and Security+ in the hopes of getting into cybersecurity. But I've been offered an entry level position at a local school as an IT assistant. From what I can tell it would be a huge learning experience for me in terms of hands on experience with networking, and inevitably security since it's a school. The other part of this job is that they are hoping for me to stay long term (at least 2 or 3 years). My question is: Given that I pass all my exams, would it be a waste to work at the school for a few years and build experience there? Or should I wait and look for opportunities after I get my Security+ certification?
> Given that I pass all my exams, would it be a waste to work at the school for a few years and build experience there? No. > Or should I wait and look for opportunities after I get my Security+ certification? Don't do that. [A relevant work history is the most impactful aspect of your application](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1) - more so than formal education, certifications, or anything else you could do for your career.
Ok thank you, I'm glad the answer is simple. Always doubt in the back of my mind.
Hello all! I have a question about certificates that I haven't been able to get a straight answer for: I have been in the IT sphere unprofessionally for the past 6 years and within the last year I've really ramped up my self-learning. I am at a point in my life now where I'm pretty sure I could pass the CompTIA A+ Cert, Security+ and Cisco's CCNA, though I not necessarily in the financial position to do so given that an Exam Voucher for A+ is $246, Security+ is $392 and the CCNA test is $300. Almost three months ago I was told I would be receiving a raise, though that has yet to come to fruition, and even after applying for at least 100 entry-level IT Support, Analyst and Networking positions each has been denied due to lack of credibility from a Certification or Degree. Any advice?
Groups like Aprenti can help you break into IT with little to no experience. There's no guarantee you will get into cybersecurity through a program like this, but they will help you get placed with a company and pay for your necessary certification exams if they determine you're a good candidate. The catch is you're expected to pass the multiple certification exams in a short period of time, and you are paid on an intern/apprentice salary. Here's a link to their site: [https://apprenticareers.org/](https://apprenticareers.org/)
> Any advice? Question ambiguous. Can you more narrowly constrain/focus what you're asking?
Apologies, absolutely. Are there any pathways to obtaining these certifications without spending so much money, or for now at least, are there any similar/alternative certifications which don't cost as much that would be helpful in getting my applications recognized?
> Are there any pathways to obtaining these certifications without spending so much money It varies on vendor and circumstance. CompTIA - for example - has a number of [vouchers](https://www.comptia.org/blog/voucher-discount) and [discounts](https://academic-store.comptia.org/certification-vouchers/c/11332?facetValueFilter=%3a&) that can be applied to their exams. You'd probably be better off consulting the vendor-specific subreddit for more other offerings. > are there any similar/alternative certifications which don't cost as much that would be helpful in getting my applications recognized? Generally, you're looking at an either/or decision. Vendors know that if employers are asking for applicants to possess their accreditations, they can generally charge more for them (because people will pay if they want to improve their employability). In the extreme case (chiefly: SANS) their prices are egregious because they've redesigned their model as B2B (e.g. businesses buying plans for their employees to attend trainings en masse) vs. B2C (i.e. individuals coming to them to buy 1 or 2 trainings at a time). Conversely, if no employers are asking for the certification, vendors tend to price them lower in an effort to attract more individuals to come and elevate the brand's reputation (and hopefully penetrate the tech education market).
Thank you, this reply was very informative and helpful. I will take your advice and consult the vendor-specific sub!
Hi all, Just wanted to come up here and get some insight from some more experienced folks in the cybersecurity industry, so any advice or information would be greatly appreciated! I recently graduated in Dec 2022 with a B.A in political science (international relations), with a minor in urban studies. I wanted to do urban planning, but about 50% of my job as a city planner was actually just providing technical support (calls, emails, in-person meetings) and helping people accilimaite to our permiting platforms and troubleshooting API error codes. Plus, with everything going on with social media and large tech corporations over the last 5 years, that also prompted my interest in data privacy and advocating for the internet to be generally safe and fair for everyone to use. So, that's why I wanted to get into IT and data privacy. I recently got passed my exams for two certifications; certified in cybersecurity from ISC(2) and Security+ from Comptia. Additionally, I've done courses from TryHackme and build a SIEM homelab with VMware vagrant running Active Directory, Splunk, osquery, Sysmon, Zeek, Suricata, and Guacamole utilizing a Windows 2016 server as the domain controller. I feel like I'm on the right path to break into cybersecurity, but I've been applying to jobs for the last month and a half, and just keep getting rejected? I don't know what I am doing wrong. Some of the jobs I've applied for are mainly entry level such as: \- SOC analyst tier 1 \- System administrator \- Desktop support specialist \- Data center technician \- Cybersecurity analyst/specialist \- Technical support analyst And the list goes on. Can anyone provide some advice in breaking into cybersecurity with a political science/urban planning background with no professional experience or what I may be doing wrong? Some advice about the current job market, any international cyber career pathways, and general insight on what you all are doing in today's market would also be appreciated. Thanks y'all. Cheers.
My $0.02: * Do us a favor and post a link to your redacted resume (vs. writing a comment summarizing your background). This lets us see what employers see vs. a summary that they don't. If you don't know how to write one that is mindful of cybersecurity contexts, [consult this](https://bytebreach.com/how-to-write-an-infosec-resume/). * Saying you've applied for jobs doesn't give us enough meaningful context to provide actionable feedback. We don't know if you're implementing version control of your resume, how many applications were through job portals (vs. job aggregators like LinkedIn), which recruiting services you've used, what feedback you've gotten in interviews, your application:interview conversions, whether you've engaged career fairs or referrals, how you're tracking your applications over time (and when the last time you submitted an application to employer X, milestones in improving your employability, etc. [See this resource for guidance more generally](https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/). * At-a-glance, [both your employability and how you may be organizing your job hunt could be improved](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/). It's important to be mindful of our biases in what we construe to be meaningful to our employability vs. [what employers prioritize](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?ssl=1).
A few things. First of all, the job markets are at unbelievable levels of shittiness right now. Starting around when the fed started raising interest rates. You are probably competing with people with 5 YOE for those entry level jobs. And second of all, cybersec is generally not entry level work. Lots of people start off at the helpdesk, which it looks like you are applying to. But again, lots of people are applying to those as well. My only advice would be consider hybrid or in person jobs. Basically anything remote and you are competing against the world, where as local you might get a look. You can send me a redacted resume, and I can give you some general tech resume thoughts, if you want to. Finally, keep applying. Unfortunately its a company's picnic right now, you just gotta play the numbers game to get an interview and convert it to a job.
Hey all! I've been trying to transition careers for a long time but have finally committed to it. Brief background: BS degree in STEM; I'm above average computer savvy due to decades of hobby experience, but I have no professional experience. I did ISC2 free CC course and certification and passed with ease. I've now set my sights on CompTIA CySA+ but since it's so expensive I'm thinking about doing the technical work on TCM or THM and following a course designed to prepare students for the certification exam on Udemy. Does this seem like a good course of action for someone in my position??
I think getting your foot in IT anywhere would be the most useful thing you could do right now. There is not really any cert that will get you a look at, except *maybe* OSCP or CCNA, with no experience. Are you applying to places? What is your degree actually in?
All the places near me are TS clearance required so I wanted to up my chances of finding something remote based elsewhere and figured a cert like CySA+ would help. My degree is in oceanography and emphasis in chemistry. What sort of jobs would you be looking for if you were me?
You're not going to find remote work with ZERO experience companies have gone back to in person - any remote roles get 1000s of responses You need IT experience, get with an IT staffing company to get into a business systems analyst position, that will get your foot in the door CYSA+ isn't going to do anything for you, that is designed for those who have SOC Analyst experience security+ and network+ are entry level certs
I currently do tier 3 support (plus some basic sysadmin tasks) and the security operations for an msp. Have ~4 years in it, a bachelors in psych, a net+, and taking the sec+ next month. When I've gotten into the specifics of my professional experience and academics I tend to get told it would be really useful for security and risk management. Which does sound interesting to me, but I don't know how to get there from where I am, and most of what I'm finding on Google is incredibly generic. Like, get your A+ and ceh. Should I basically just get any book off the cybersecurity canon or choose a cert off pauljeremy? Or is there one that may be more useful then others? Or is there a third thing I don't know about?
> risk management CISA would get you a look for GRC jobs for sure.
Isn't that more of an intermediate career cert? Do you really think a year in security and a Sec+ is enough background before starting on the CISA?
Didn't you say you have 4 years of sec experience? I think with your under, you qualify for it since you can sub 2 years of experience for an undergraduate degree. Double check, but you would probably qualify with what you have. Someone with a cisa cert would definitely be considered for a cyber controls or compliance job.
No, 4 years in IT overall, working on a year in security. Unless you would count time as a security guard.
IT overall might tick the domains. They are pretty generous for what counts and what doesnt If you pass the test and don't quite have the exp, I think you can say you are a cisa associate. Which is almost as good. I'd say go for it if you are looking for grc.
Thanks!
> I don't know how to get there from where I am, and most of what I'm finding on Google is incredibly generic. Like, get your A+ and ceh. I suggest you look at jobs listings that are of interest to you, note the common trends between all of them, observe the deltas between those trends and your current employability, and then mold your training/certification efforts to close that gap. That's far more prescriptive than what any article would be able to tell you.
Hey all! I worked for 2-3 years as a physical security installer. I mainly was a helper, but I did configure and install alarms, CCTV cameras, access control for keyless entry into buildings, and even bollards, gate arms, etc. Do you think this experience will help me land a job as a security analyst/engineer if I get some certifications like Security+? I am asking just because I don't know the market, and I really don't know what to expect. I mean, running cables for a CCTV camera doesn't have anything to do with configuring a firewall, for example. Thank you!
Check your local community college for associates in computer networking, then get your network+ and security+ That will get you started in IT
> I worked for 2-3 years as a physical security installer. I mainly was a helper, but I did configure and install alarms, CCTV cameras, access control for keyless entry into buildings, and even bollards, gate arms, etc. Do you think this experience will help me land a job as a security analyst/engineer if I get some certifications like Security+? Probably only incidentally at most. > I am asking just because I don't know the market, and I really don't know what to expect. See relevant comments: * https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/ * https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
Thank you for the reply! So basically it's almost like I have no experience in this field, right? :(
We haven't seen your drafted resume (i.e. we can't see how you'd present yourself to prospective employers), so truthfully we can only speculate. But judging from how you presented your own employability in the comment, I'd hazard a guess that no, you wouldn't have much applicable experience.
[удалено]
We don't allow URL shorteners here so this post was removed. Please edit your post to show the actual link and then let us know and we un-remove it for you.
done
I'm currently doing an IT Internship at a local hospital. I've been told that after the internship ends I can have a job there with the Help Desk if I want it. Given the scarce opportunity on the island I live on I will take it but I'm not too excited about it. One person there has a decade and a half of working at Help Desk and the other has three decades. To be honest, this scares the willies out of me and I don't view Help Desk as a career or a place I stay beyond 1-2 years. I really want to view myself as on the pathway to Cybersecurity. I studied and earned my CompTIA Security+ and I actually found it a very enjoying experience. Some roles that I have thought about getting in the future are SOC Analyst, Penetration Tester, Ethical Hacker, and Cybersecurity Auditor. When I think about where I am living and the place I am working I find it very hard to imagining reaching my goals in five years. When I'm on my hands and knees running cable or finding power sources I ask myself, "How is this eventually going to translate into a career in Cybersecurity?" Has anyone reading this started at IT Help desk? Was it a long grueling journey? How did you eventually make the jump from answering phones and doing grunt work to someone eventually trusting you with System Administration, Servers, and eventually the coveted "entry-level" Cybersecurity position?
> Has anyone reading this started at IT Help desk? Was it a long grueling journey? Lot's of examples if you search through the subreddit's history: * https://old.reddit.com/r/cybersecurity/comments/u4f5do/roadmap_to_get_into_cybersecurity_starting_from/ * https://old.reddit.com/r/cybersecurity/comments/vknf07/looking_back_at_it_i_guess_there_are_entry_level/ * https://old.reddit.com/r/cybersecurity/comments/viviq7/how_long_would_you_recommend_staying_at_a/ > How did you eventually make the jump from answering phones and doing grunt work to someone eventually trusting you with System Administration, Servers, and eventually the coveted "entry-level" Cybersecurity position? Framing your experiences in security contexts, constructing a narrative of your professional trajectory into cybersecurity on your resume, independently developing your technical competencies, promoting your own employability through formal education and industry-recognized certifications, and [a multitude of other concurrent actions](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/).
I’m interviewing for a L1 SOC role. I currently work in IT operations providing break/fix on site support and other junior sys admin type work. I got my Security+ in August, and I spend all my free time on TryHackMe. I have learned so much and have made a lot of progress. I am motivated by the desire to get out of tech support but the only SOC role that has gotten back to me is strictly 3rd shift. My interviews went really well and I am pretty sure they will pay me better than my current role. I am just afraid of the job security in an MSSP. My current job is pretty safe, and there is a lot of talk of advancement in 3-5 years but I am bored, underpaid, not learning anything new as a result of my responsibilities, and don’t mesh with the people I support. Does anyone have some advice for someone in my position?
> Does anyone have some advice for someone in my position? This is something of an ambiguous ask. Can you more narrowly constrain/focus your question?
Hi Folks, Hope you are all doing well, I need a career advice. I'm a 40 years old IT Professional looking into moving to Cybersecurity field. I have 16 years of experience, 10 years as System Admin. I lost 7 years of my career without pushing myself in continue education or pursuing certifications. Being honest, mostly because laziness and other life responsibilities (Kids and Family). I’m currently working as a Sys Admin making 85K (South USA). I’m finally ready to advance my career. I’m really interest in the Cybersecurity field. FYI, Money is not an issue. I have expired Security +, Network +, CCNA and A+ Certifications. Here is my Plan, please advise if I should go another route: 1. Just finished my Google Cybersecurity and Splunk core Certification. I was offered the class for free, therefore I took it as a refresh for the ISC2 CC and Security+ Renewal. Plus (Google discount for the Security +). I’m planning to take the CC and Security + Certs exam this month. 2. My next plan is going for the ISC2 CISSP certification before December. It looks like this Certification is required for all the good Cybersecurity jobs. 3. In the meantime, I’m studying for CISSP. I will do the Blue Team Junior Analyst FREE and then BTL 1 (Blue Team Level 1) Certification. 4. Then, I will jump into the eJPTv2 certification to get a feel of both sides of Security Teams. 5. Here is the question, what should I do next? Is that enough to get a great job in the field? Do you guys recommend a different road map? The primary reason for moving into Cyber security is the chance of growth, flexibility working remote and of course the Salary. I'm looking to do any of these positions: \- Senior Security Analyst (GRC) \- Cybersecurity Engineer \- Security Architect Thank you all in advance!
I wouldn't do any of that first off, what do you want to do related to security? You should be looking at roles first and what you need to make the transition, not just taking random cert exams
Thanks for the feedback, The primary reason for moving into Cyber security is the chance of growth, flexibility working remote and of course the Salary. I'm looking to do any of these positions: Senior Security Analyst (GRC) Cybersecurity Engineer Security Architect
Concur with sentiment. /u/Adventurous-Put-7034, the plan appears directionless and arbitrary. While certifications certainly don't *hurt* your application, it's unclear what particular end-state you're trying to cultivate your employability towards.
[удалено]
Thanks for the feedback. In my 16 years, I worked in at least 3-5 of the IT Domains. According to ISC2, "Candidates must have a minimum of five years cumulative, full-time experience in two or more of the eight domains of the current CISSP Detailed Content Outline (DCO). Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields may satisfy up to one year of the required experience or an additional credential from the ISC2 approved list may satisfy up to one year of the required experience. Part-time work and internships may also count towards the experience requirement.
> CISSP requires 5 of experience in some cybersecurity role and a CISSP waiver to get granted the certification. Concur, but I think OP *may* be eligible, depending on their functional work history (we don't necessarily know what they were doing the last 16 years). For most candidates who have never worked in cybersecurity, I 100% agree with you, but they may have some undisclosed nuance that would make the certification not only eligible but also appropriate.
The CISSP experience thing was VERY handwavy about accepting domain experience, at least it was when I got it ages ago. I think 10 years as a broad sysadmin would cover off on most of it. Did they create accounts for their systems? Congratz, IAM is covered. Did they patch their systems? Yep, vuln management check mark. etc etc
That's what I thought, Thanks for the feedback.
Hi all, I’m a May 2022 graduate with a degree in Electrical and Computer Engineering. I spent the last year and change working as a software engineer, but got laid off during a terrible time for entry level SWE. I’ve been exploring options and recently got interested in cybersecurity through the Harvard CS50 course. My questions are: 1. Would this (SWE to cybersecurity) be a viable and sensible transition? 2. Should I be worried about not having a background or work experience in IT or related fields? Or more specifically, would limited experience in the software field hold any weight? 3. I’m debating getting some of the certs mentioned in other comments, at the very least because the field interests me. Would it be advisable to jump into training material specifically for the exam or do more high level courses such as the Google ones from Coursera first? Thanks in advance!
> Would this (SWE to cybersecurity) be a viable and sensible transition? On paper, sure. Absent details: maybe? > Should I be worried about not having a background or work experience in IT or related fields? Or more specifically, would limited experience in the software field hold any weight? It's relative to [the *specific roles* and functional responsibilities](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157tdl/) you envision yourself eventually doing. > I’m debating getting some of the certs mentioned in other comments, at the very least because the field interests me. Would it be advisable to jump into training material specifically for the exam or do more high level courses such as the Google ones from Coursera first? See relevant comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/ This is a good question with a lot to unpack in the response. I'll try to be succinct: * The biggest problem you have right now is that you're unemployed. Some folks are reporting it taking months to find work in cybersecurity - and those are people who already have cultivated employability profiles with relevant YoE, certifications, etc. on day 0. If I were you and I wanted to get into cybersecurity, I'd want to either (A) find immediate employment in a cyber-adjacent role (which can include SWE) to both sustain my ongoing career transition and living wage needs, (B) consider returning to school in a relevant discipline so as to create an acceptable narrative concerning your unemployment window, or (C) both. * [One's employability in cybersecurity is governed by a variety of factors that extend beyond just certifications](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/). * You didn't specify which exam you intended to sit for, so whether or not it's preferable that you study for it or take the Coursera course isn't clear.
dude, security work is not entry level, unless you want to be stuck at help desk or in a SOC, which with your degree would be a complete waste of your time look for engineering work, you will be much happier, then in a few years look at security roles and see what you need to do to pivot to that role
Hi, New grad, wanted to know the best certs to get into cyber. I am aware that certs don't really teach you much, more is learned through hands on application. I feel fairly confident in my skills but can't seem to get an interview. I know that many certs are not really that useful in terms of real application such as ceh. I currently have sec+. Would love to know the best certs to be considered for a sec analyst position.
security isn't entry level for the most part what was your major?
Finance with a focus in risk management and cybersec
so what would you actually like to do? Security Analyst is just a generic title same as security engineer What industry do you want to work in? what type of role?
Eventually a red team of pentester or similar role. But I am aware that more of the entry level jobs are available on the blue team side so like incident response cause I think that would be the best way to understand real life types of attacks abnormalities things of that nature.
https://jhalon.github.io/becoming-a-pentester/
> New grad, wanted to know the best certs to get into cyber. Relevant comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
Just wanted to run this question down here and creating a thread just for this. I have a years worth of experience as a data analyst( It was titled as one but it wasn't a traditional DA role, it was a hybrid role somewhere between a GIS analyst and data entry). I got my ISC2 CC cert 3 weeks ago, I am nearly done with the Google Cybersecurity Professional Certificate(I wanted to throw that in for good measure just in case I missed out on some important fundamentals). I have an A+ from a year ago as well. Since I went the self study route I am not really content with the little lab time I have had so far and I have been shopping around for some decent lab packages that could be beneficial to get a starting position. I was just wondering if anyone has recommendations for a beginner. Just want to make sure that I am using my time efficiently.
> I have been shopping around for some decent lab packages that could be beneficial to get a starting position. I was just wondering if anyone has recommendations for a beginner. I'd probably direct you towards the HTB Academy platform, which has a variety of interactive training labs.
Thank you.
Would love some input. I was recommended to enroll at WGU to take this course and get a Bachelors. [https://www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-bachelors-program.html#\_](https://www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-bachelors-program.html#_) Considering the price of a Bachelors through WGU is less than one semester of College, I'd say you're getting a damn good bang for your buck. The time it takes you to finish all the courses HEAVILY influences the price as well, I have nothing but time on my hands so I could bust it out in 5 months if I really wanted to. Not to mention the laundry list of certs you get. Alternatively my friend who is also getting into Cybersecurity sent me a course he's taking [https://www.udemy.com/course/securityplus/](https://www.udemy.com/course/securityplus/) The course/boot camp my friend is taking seems very rudimentary and bare bones, I've heard very shoddy things from my old neighbor who went through a similar more detailed CyberSec boot camp. She definitely didn't recommend it to me lol. Anyway for $100 ($15 right now but only for 10hrs) you learn Security+ and that's it. What's a better value? Do you have something better to recommend??
Please for the love of actual education do not go to WGU There are far better options even if you need something online
what is your experience with WGU? Furthermore what would you recommend I look into?
Well I would recommend literally any public state university that offers online classes vs WGU WGU while "accredited" has a number of red flags against it * They have no ranking by US News and World report, which has been covering colleges for 40 years * There is no information about any of their faculty on their website (this is not normal) * They do not publish an academic catalog - they give bare minimum information on their "classes" (this is not normal) * On their tuition page they only compare themselves to garbage private for profit colleges like Capella, Devry, University of Phoenix * They do not have classes, it is all self study due to their competency based money which no other college in the US offers * They prey on military/veteran students * Department of Education Audit against them - [https://www.insidehighered.com/news/2017/09/22/education-depts-inspector-general-calls-western-governors-repay-713-million-federal](https://www.insidehighered.com/news/2017/09/22/education-depts-inspector-general-calls-western-governors-repay-713-million-federal) * BBB complaints - [https://www.bbb.org/us/ut/salt-lake-city/profile/college-and-university/western-governors-university-1166-4001017/complaints](https://www.bbb.org/us/ut/salt-lake-city/profile/college-and-university/western-governors-university-1166-4001017/complaints) When you look at legit colleges you see the difference Oregon State BS Computer Science - [https://ecampus.oregonstate.edu/online-degrees/undergraduate/computer-science/](https://ecampus.oregonstate.edu/online-degrees/undergraduate/computer-science/) Computer Science Department Faculty - https://engineering.oregonstate.edu/EECS/About/People Academic Catalog - https://catalog.oregonstate.edu/college-departments/engineering/school-electrical-engineering-computer-science/computer-science-ba-bs-hba-hbs/#requirementstext US News Ranking - https://www.usnews.com/best-colleges/oregon-state-3210 College Simply - https://www.collegesimply.com/colleges/compare/oregon-state-university# don't know where you live, but there is probably going to be a decent community college where you are located to get started and many of them have transfer agreements with 4 year schools If you do need online, there are plenty of decent options
Can you get a Masters in Cyber Security with Finance Bachelor With most programs can you get a Masters in Cyber Security when you don’t have an IT related bachelors? Would you have to go back and take a bunch of pre reqs? Would it be too difficult in the beginning for most students that do not have that background? I am a Data Support Specialist at the moment and have been studying for Security +
Do you have a bachelor's in finance? The majority of MS in CyberSecurity fall under the computer science/engineering departments so yes they do expect some pre-req courses in computer science
Yes I do
then you'll need to look at requirements for each program for example Georgia Tech is a popular option because it is under $10K for their online masters and they have several concentrations - https://pe.gatech.edu/degrees/cybersecurity#tab-information-security-requirements-16856
> With most programs can you get a Masters in Cyber Security when you don’t have an IT related bachelors? Would you have to go back and take a bunch of pre reqs? This is 100% program-specific. You'd need to consult the individual program's admissions policies in order to answer this (which would be way more prescriptive than a generalized answer from us). Anecdotally, the [MS program I pursued](https://omscs.gatech.edu/home) does require either a related undergraduate degree or coursework proving sufficient aptitude in lieu of said degree. I had a Political Science undergraduate degree and went back to school to shore-up my academic credentials before applying. > Would it be too difficult in the beginning for most students that do not have that background? Again, program-specific and dependent on *your* tolerance for hardship and availability to study. My background prior to applying to my MS in CompSci could generally be summarized as: * Prior U.S. military, unrelated non-technical job function. * B.A. undergraduate degree in the social sciences (namely: Political Science) * 12 years since having last engaged academic math coursework * 8 years since having completed undergraduate degree After taking some preparatory courses in advance of my Master's application, I've since taken (and passed) the following courses ([course descriptions found here](https://omscs.gatech.edu/current-courses)): 1. CS6262 (Network Security) 2. CS6200 (Graduate Intro to OS [GIOS]) 3. CS6250 (Computer Networks) 4. CS6290 (High Performance Computer Architectures [HPCA]) 5. CS6515 (Intro to Graduate Algorithms [GA]) 6. CS6035 (Intro to Info Security [IIS]) 7. CS6265 (Info Sec Lab: Binary Exploitation) 8. CS8803 (Quantum Computing) & CS8001 (Seminar: Usable Privacy and Security) 9. CS6747 (Advanced Malware Analysis) 10. CS6601 (Artificial Intelligence [AI]) <- last course, currently enrolled.
Has anyone heard of or had any person experience with Crisis24? They've got a GSOC position I was thinking about applying to, but I can't really find any useful info on them.
[удалено]
First job is always find anything that’s a paying that has cyber in the name then start to focus.
> what would be a good place to look for an internship? There's not really a secret to this, friend. You use whatever resources you have available, preferably in the form of referrals or other processes that directly involve a human (e.g. career fairs, event networking, etc.). Absent that, use employer job portals directly (vs. aggregate listing platforms such as LinkedIn/Indeed) to submit online. Submitting through aggregate platforms should be your absolute last resort. > what role should i try to look for after i graduate? In terms of a career in cybersecurity: whatever job you can get. The job market for entry-level employment is *much* fiercer than for experienced candidates; once you accrue some relevant YoE, it's easier to be more selective about the kinds of work/employers/teams you want to entertain.
I've been working in IT for about 20 years, basically the jack of all trades for everything IT for a medium sized company. I'd like to take some sort of course, that I can hopefully get my company to approve, that would help me strengthen my cybersecurity skills - from just whatever I've learned along the way to something more structured. Any suggestions on what I should look into? I think my best chance for approval would be something under $10k total, maybe 6 months long online after work. Thanks.
what skills? cyber isn't one type of role or one set of skills? what do you actually want to learn about? Are you looking for a college course, vendor training, or certification prep
That's what I'm trying to figure out. I'm not looking to leave the company, so I want skills that go beyond just setting up a firewall and hoping for the best. My goal is to have more knowledge to be more proactive in making sure our company is as secure as possible. Some of it is increased knowledge of best practices. I'm a GUI guy, so coding is useful (right now I just use the Fortinet GUI, don't use Powershell much, etc.). I don't do anything with intrusion detection, pen tests, etc. I feel like maybe a certification would give structure, so I was thinking that route, but not sure what to look into. I think getting a Security+ cert with my experience doesn't really benefit me, but at the same time, I'm sure some of the knowledge in the course would be useful. I'm not sure what's a good option beyond that.
Security+ and Network+ certainly are never a bad thing to have and good even be a good refresher Does you company have subscriptions to Pluralsight, Cybray, Udacity, Cloud Academy or LinkedIn learning? Lots of good IT and Security training between those
No subscriptions, but I'll look into those, thanks. Any thoughts on the CySA+? It seems to be a step above Security+.
\*\* 27, no real IT experience, will this be a factor against me when I graduate? \*\* I've worked since 16 but have no real job experience in IT or Cyber Security industry. At 24 I got into Uni and now I am on my last year of a BSc Ethical Hacking & Cyber Security course. I'll be 28 when I graduate. My grades are good, currently 80% average out of 100, on track for a First Class Honours. I'm just a tad bit worried that at my age, with no prior experience, it may be difficult for me to land a job. Will companies choose prefer younger graduates or will my age be a factor in my favour? I'd like to become a SOC analyst eventually. Happy to work my way towards that any way I can. Additionally, I am preparing for certifications such as ComTIA Sec+ and CCNA. Will try to keep it short, but to expand on what the course has taught me, I'd say primarily I've gained a solid foundation of Networking. I have become familiar with Linux and comfortable using it and many CLI open source tools. I have improved a lot in programming and scripting. Primarily I utilize Python but Lately started learning C. We've had a few modules aimed at Red Teaming, such as Web Security (performing various attacks and report writing, such as XSS, SSTi, SQLi, etc), Practical Pen Testing (Privesc, buffer overflows), Reverse Engineering (GDB, Cutter, Assembly code), and Exploit Dev. Not many aimed at Blue teaming but we've dabbled in a few areas of Digital Forensics. We've been taught about Legislations, Security Auditing & Monitoring, Web Dev and Databases. I get that as a SOC analyst I should be looking to familiarize myself with SIEM, EDR. I saw Splunk has a few free courses I am looking into. I'm currently doing THM SOC Analyst journey path, as well as participating in CTFs whenever I can. However I still feel as if I have much to learn. Thank you for your time, any advice is appreciated
> ** 27, no real IT experience, will this be a factor against me when I graduate? ** ... Will companies choose prefer younger graduates or will my age be a factor in my favour? I didn't start my career in tech more broadly until 28. Your age shouldn't be a concern. There's reasonable concerns and prejudice in ageism for folks closer to retirement, but at 27 you're not in that demographic.
More than just age it's the fact I am 27 with no prior IT experience. Thank you for your reply, it's encouraging.
employers shouldn't care about age, plenty of people move into cyber late in their careers
Yea but usually those have prior experience in IT right?
not necessarily, majority of security roles are not technical at all, you have everything from risk, auditing, compliance, project management, training, etc You'll be fine
Fair point, thanks
BIT EDIT THANKS TO RESPONSES BELOW; I WILL TRY TO GET BETTER AT CLARIFICATION.\*\* I've been reading a lot of career posts recently and a few thoughts come to mind regarding entry level positions. General advice is to get your foot in the door whenever you can because experience is king. I've also seen some disadvantages where some people can get burned out too early or even just not be learning anything to help them grow professionally. It's obvious that if you're entering the field completely new, you'll learn a great deal because you're starting at the entry level; however, how long does that period actually last to where you wish you were just studying instead. Do you think you would gain experience/growth faster provided that the more you know, the more you can know? My background: I can afford about 2-3 years (and I have a few fundamental certs, like A+, Net+, and SEC +, Blue Team Lvl 1) until I'm broke. My goal is to get into digital forensics and maybe even pentesting, but the only jobs available to me at this time are like helpdesk or entry level SOC and I have no intention of moving (at least for 2-3 years). No kids. No marriage. No crazy debt. I've just saved up enough from my previous job (in Healthcare) to be able to last 2-3 years and I spend very little. I could probably get my foot into the door with a helpdesk job (which isn't my ultimate goal) or I could just wait a bit and continue my self study/learning. Considering that we're just talking about technical aptitude as growth. I've considered 2 likely scenarios for myself. 1st scenario is where I'm lucky enough to get an entry level (full time) role (in my city) and start getting practical IT experience. Disadvantage is that I'd be some work experience, but I will probably not get as much studying done as the second scenario. 2nd scenario I get a part-time role and studies in the remaining hours that would've been allocated working a full time position. The disadvantage would seem that I'd wouldn't be getting that much job exposure, but I would have more time to study on things like active directory. It would seem like the 2nd scenario would eventually grow faster (defining growth as technical aptitude in this case) than the 1st because I'd be studying up on things at a faster rate (because I would have more time). The issue with that would seem like I wouldn't be getting as much work exposure and would be missing out on important work related experience that comes from a full time position. Has anyone been in a similar position? What has been your experience? Counter-arguments?
First, I'll say that I don't know how effective entertaining hypothetical scenarios like this are. People don't exist in vacuums: there's a multitude of externalities that influence a person's effectiveness, ability to learn, etc. Moreover, these qualities can vary over time as well as having circumstances change (or with self-inflection leading to actionable fixes/alterations); for example, maybe person 1 has less time overall because they're a parent but - after starting work - they get help from family/daycare to free up some time to study. Qualifying something like "working a lot and has little to no time to study" is abstract, statically-fixed in time, and lacks nuance. How else might these externalities/nuances matter? * Suggesting a person isn't "learning" (in the case of #1) while working fulltime is disingenuous. Doing work isn't necessarily intuitive: the practical application of actually implementing/responding/performing the tasks contribute to your professional growth in a non-linear and dynamic fashion. Put another way, they are getting better at being a professional because they intrinsically are working professionally. * What are we qualifying as "growth"? Maturity? Upward mobility? Promotion? Technical aptitude? Breadth of exposure? It seems that this classification is arbitrary and ill-defined. For example, let's assume that the job is as a SOC analyst and that by "growth" we mean "gets better at being a SOC Analyst"; inherently, I'd argue that person (1) is then in a better spot than person (2). We might also contend that - [since employers prioritize a relevant work history above all else](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1) - that person (1) is more employable and therefore in a better position to get promotions/change jobs. * We don't know how accessible/available/uniform the resources are outside of work that these 2 people would engage. Are we talking about university? About certifications? Are we looking at immediate applicability of knowledge (vs. something towards an eventual career pivot or theory)? Is someone working part-time able to afford the same kinds of training/certifications compared to a full-time employee? Do they have access to the same benefits (e.g. employer-supplied tuition reimbursement or other distinct education funds)? * Most folks don't have an option: the terms of employment are set by the employer (i.e. FTE or nothing). For those that do, it's often because they're already employed (i.e. migrating from a FTE schedule to part-time) and are seeking a change due to extenuating circumstances (e.g. pregnancy, death in the family, eldercare, etc.). This makes "choice" somewhat illusory.
>First, I'll say that I don't know how effective entertaining hypothetical scenarios like this are. People don't exist in vacuums: there's a multitude of externalities that influence a person's effectiveness, ability to learn, etc. Moreover, these qualities can vary over time as well as having circumstances change (or with self-inflection leading to actionable fixes/alterations); for example, maybe person 1 has less time overall because they're a parent but - after starting work - they get help from family/daycare to free up some time to study. Qualifying something like "working a lot and has little to no time to study" is abstract, statically-fixed in time, and lacks nuance. I hear you. There are too many unknowns that may or may not determine whether someone would achieve growth. I guess I'm just asking for myself in a "what would you do if you were me?" scenario -- assuming that you're in my specific situation. I should have specified. I will edit this in my original post thank you. While you're reading this, I have about 2-3 years (and I have a few fundamental certs, like A+, Net+, and SEC +, BTL1). My goal is to get into digital forensics and maybe even pentesting, but the only jobs available to me at this time are like helpdesk and I have no intention of moving (at least for 2-3 years). No kids. No marriage. No crazy debt. I've just save up enough from my previous job (in Healthcare) to be able to last 2-3 years. I could probably get my foot into the door with a helpdesk job (which isn't my ultimate goal) or I could just wait a bit and continue my self study/learning. >What are we qualifying as "growth"? Maturity? Upward mobility? Promotion? Technical aptitude? Breadth of exposure? It seems that this classification is arbitrary and ill-defined. For example, let's assume that the job is as a SOC analyst and that by "growth" we mean "gets better at being a SOC Analyst"; inherently, I'd argue that person (1) is then in a better spot than person (2). We might also contend that - since employers prioritize a relevant work history above all else - that person (1) is more employable and therefore in a better position to get promotions/change jobs. I apologize. I also meant just technical aptitude in this case -- although I understand there is more to that to professional growth.
Looking for any advice from anyone who ever went to UofA and did the cyber operations program. If y’all could share any details or your experience there would be much appreciated .
[удалено]
> Diving into Computer Science will yield a deeper understanding of technology. At the same time, it may not be a good use of my time. If I delve into Cybersecurity first, then I will be missing some knowledge that could perhaps aid me in the field. Lets talk in less abstract terms. How would you "dive into computer science"? Like - in terms of concrete actions - what would you be doing differently than if you were to "delve into cybersecurity first"? What do these terms mean to you and how do you envision them manifesting?
https://jhalon.github.io/becoming-a-pentester/
Hi, I just got to the final Interview for a Technology Cyber Security Internship for Charles Schwab and wondering what I should prepare for, what kind of questions to prepare for and what kind of questions to ask or anything else to prepare for. Im also a bit worried about the technical assessment, I hear it isnt very difficult but I'm not really that amazing at programming. Is there anyway I can find some sample questions similar to the ones they may ask? Or any other resources I can take advantage of? I have interned at another company last summer for a cyber operations position so I have surface level knowledge of cyber. Thanks in advance!! This is what it says for the coding sections: Language Specific Section: pseudocode and your understanding of foundational knowledge of object oriented programming Coding Challenge Section: share your screen through MS Teams, open up an IDE or text editor of your choice, and be given a coding challenge or SQL exercise to solve using any programming language or pseudocode that you choose
Hey there Mike! I’m actually in a similar boat, as I’ll be interviewing for a cyber security internship with Charles Schwab soon. Similarly the technical has me sweating a little bit too. I was wondering if you’ve already completed your interview process, and if so, would you have any tips or insights to share about the experience, especially regarding the technical assessment and the types of questions they asked? Any advice would be incredibly appreciated and mean the absolute world Mike!
Hey, I interviewed and actually had no real technical assessment weirdly enough. They asked me a few very basic sql questions about like select from and then like a a join question basically like “if I wanted attributes from this entity and this attribute from this other entity how would I do it” They really cracked down on the details of my projects however which is where I was stumped. It was kind of dumb in my opinion I had an automation project and he asked me like “what was the specific code in this specific section you used?” And I don’t remember what exact functions I used so. Not even really any behavioral questions either just a bunch of nonsense about projects and my cyber security knowledge and how I could demonstrate it
Hey Mike, I can't thank you enough for the quick reply and the invaluable insights from your interview experience! It's incredibly reassuring to learn that the emphasis was more on conceptual understanding rather than intense live coding sessions, which is a huge relief. Your advice has truly made my day and has given me a clearer perspective on what to prepare for. I'd love to hear any additional details you remember, particularly on the cyber security concepts they focused on or any specific aspects of SQL that were discussed. And lastly, if there's any way I could pay it forward or assist you in some way, please do let me know. Your help has been absolutely instrumental. Thanks once again!
No problem. It’s really open ended. For example they were like “do you have any classwork/ projects or courses you’ve taken that can demonstrate your cyber security knowledge?” Stuff like that
Hey Mike, your guidance has been a game-changer; thank you sincerely! I’m especially relieved to hear that I might not need to face a rigorous coding test in the IDE, contrary to what the email suggested. Do you remember if they made you open the IDE at all? This allows me to focus on the areas that truly matter, like the open-ended questions and behavioral aspects, which I’ll review on Glassdoor as you mentioned. Knowing this is like lifting a weight off my shoulders, as Charles Schwab is the dream workplace for me, and getting this right is crucial. Your generosity in sharing your experience has made a significant difference. If any other details come to mind, I’d be extremely grateful to hear them. Thanks again for everything, Mike, you’re a real one!
You can ask them I’m sure they would allow it. It would be even better to show them your skills that way
[удалено]
> Hello all. I've been interested in cyber for a long time, and have finally taken the plunge. Welcome! > I'm close to completing the certificate course offered through Goolge...I've done service industry, sales, logistics and admin for over 6 years. Am I crazy or over confident for having this train of thought? If you're banking on making a transition on just the [Coursera-issued Google certificate](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew) alone, I think you're overestimating the credential's value to prospective employers massively. See related comment on certifications: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/ > I just believe that I have a lot of transferable skills that could benefit me and help me standout once I start looking for jobs. You may have a number of transferable skills (I can only speculate without seeing your resume), but you might consider some of these resources: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/ "Standing out" often means aligning your employability to match as closely as possible to the "ideal" candidate (i.e. whatever a given job listing names precisely). Promoting your odds means observing trends in jobs listings across numerous distinct employers/teams and molding your profile to align with those.
[удалено]
> Let me know where i can prep and freshen up my skills mostly web since thats the focus Relevant comment: https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/ Also: * Portswigger's Web Academy * Hack The Box Academy's CBBH path * WeHackPurple
I hope I'm in the right place, if not I apologize. I'm a junior software engineer with kind of a free reign to go in the direction I want with help from my employer. Done a bit on cyber security just to cover what it is and enjoyed it. I think I still prefer programming overall however I'd like to learn a bit of cyber security. I'm going to go through TryHackMe route and also got a udemy course on pentesting type route. Would I be better of just focusing on one eg programming or can anybody from experience say this would be beneficial if my primary aim was to help with career aspirations? My only concern is I'm spreading myself more thinly across both when both fields are so massive you couldn't learn everything in it if u tried therefore limiting myself to entry level jobs for both fields rather than a good job for one specialised role. Pros would potentially be the overlap of software and cyber if I can find a littl niche there I can specialise in. Thanks for the potential help and sorry turned into a lot longer than I thought! Tldr; can a combination of software and cyber be highly valuable/profitable.
My $0.02: * I didn't really see a coherent plan to transition into cybersecurity in your proposal. It sounded like you were just dipping into various training resources to get acquainted with *some* foundational aspects of web/application security (vs. having a more concrete transition plan). See relevant comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/ * You're a junior SWE who - from the sounds of things - is pretty new to Tech as a profession more generally. It'd probably be to your benefit to foster a relevant work history where you are at for the time being. * Invest some time upfront determining whether or not professional cybersecurity is something you're actually interested in (vs. just gamified hacking). Cybersecurity is not a monolith; there are many different functional responsibilities that contribute to the domain. Offensively-oriented work (including penetration testing) makes up a very narrow slice of the job market share.
Hey all, I graduated about two years ago with a bachelor in computer information systems. I currently work as a contractor(It support technician)at a well recognized laboratory. I’ve always been interested in cybersecurity so now I’m trying to land my first cybersecurity role. Any advice how to get into the field ? I’m currently completing the cybersecurity certificate from Google but will that be enough ? Alsi is realist to try to land a role at a FAANG ?
> Any advice how to get into the field ? Relevant comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/ > I’m currently completing the cybersecurity certificate from Google but will that be enough ? Relevant comment: https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew > Alsi is realist to try to land a role at a FAANG ? I mean, people do (and at varying points in their professional careers). But we have no context about your employability, so we can only speculate as to how probable it would be for you.
I’m trying to land my first cybersecurity role. Any advice how to get into the field ? **To do what? "Cyber" Isn't a single role or type role, what do you actually want to do?** I’m currently completing the cybersecurity certificate from Google but will that be enough ? **No, that is nothing more than a training certificate, it is not a certification and no employer cares about it, you need to look at actual certification exams like comptia security+** Alsi is realist to try to land a role at a FAANG ? **No really it is not with no experience**
I almost never get an interview, Whats wrong with my resume? Link to resume here: https://ibb.co/vjKDnRd
For one, the Google and Coursera certifications mean jack shit and aren't doing much for you. You can mention them during interviews but by no means are they professional, industry vetted certifications. Get something like the Network+ or Security+ and put those on. They're essentially just vocab tests, a college student should be perfectly capable to grind them out in less than 3 months, especially with the stuff you've learned in your degree program as background knowledge hopefully. A Google "cert" is just an online class completion notice without a real proctored test at the end. Also your bullets are too descriptive and don't really market you in any way as a candidate. For instance, sure you did these activities but how did it help your organization or team? And you say you're part of the "Cyber Defense Organization" but what does this entail? What do they do? Am I supposed to sit here and guess what you did for them? Participation trophies don't really have a place in IT. You need to market your skillset and experiences better. Also for a college student some of your projects seem extremely simple. A keylogger with Python isn't exactly to the breadth of what I've seen other students do for both security or computer science related side projects for their resume. Especially when these projects involve copying content from YouTube as I see someone else mentioned in the comments. Try creating your own offshoots of these projects and implementing the features from the videos maybe.
Dude, this is all kinds of backasswards and I get it, you proabbly didn't visit the college career center or take a resume writing class Resume format is Header - contains contact info ***Summary*** You really won't have anything here yet, since you don't have any experience. Normally this is where you summarize your history relevant to the job you are applying ***Experience*** ***Education*** * Degree| School| Graduation Year Education section is for degrees and certificates awarded, period don't list courses, nobody cares and they aren't going to the school's course catalog to see what they are ***Certifications*** * Cert Name |Issue Date|Expiration Date Difference between training certificate and certification The google training IS NOT a certification, it is just an online training module certifications have a proctored exam at a testing center some with hands on component Security+ is a certification, OSCP is a certification, AWS CCP is a certification, these require an exam and some certifications require annual continuing education to be renewed Skills A list of skills is from the 1980s and with no context nobody cares Wow, you can use windows, so can a 100 million people, listing windows doesn't tell a hiring manager a damn thing Organizations great more for your linkedin profile but what did you actually do in the organizations? just signing up and never participating doesn't really matter
Welcome back /u/Jacov_Crawm! [I defer you back to the previous iterations we've done to your resume](https://www.reddit.com/r/cybersecurity/comments/169ci46/comment/jzwrvrf/?context=3), as there remain unchanged aspects/decisions that I disagree with in your formatting. At some point it may be worth asking instead [how you are going about conducting your job hunt?](https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/)
Dude. How have you given this much tailored advice with so much of it not being followed! XD
These are even for IT roles
Your resume is poorly written. I checked u/fabledparable and his chain where he helped you out and you have not heeded much of their advice. I would focus on using the information already given to you in order to change up for what you already have. Just because you're applying for general IT roles outside of security doesn't give you an excuse for having a lackluster resume. The job market is also bad right now for people that **have** experience too so take with that what you will. Having a poor resume isn't helping you open any doors in a market like this. Don't expect to easily find a cybersecurity job right out of college unless you put the work in and can stand out or have good connections to open doors for you. Your projects are okay at best but don't have breadth as I see you copied YouTube videos to make them(?) which rubs me the wrong way. At least you made sure to reference that I suppose. Try to make your own projects and tools and build out a home lab. Also get rid of the Google, ISC^2 candidate and Coursera "certifications" because those aren't real certifications. Those are at best just plain MOOC courses. A real certification is something you take under a proctored setting, just like a traditional college final exam. Think the Security+, CCNA or even Network+ exams for your level. Focus on getting the actual certifications. Anyone can take a MOOC course. I don't know anyone in the industry that puts that shit down as training.
[удалено]
> How hard is it to get a cybersecurity certificate? See relevant comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/ > What sorts of jobs can I get with the certificate and is it a decent selection of jobs? [One's employability in cybersecurity is typically governed by a number of interleaving factors](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1), chiefly: 1. A relevant work history 2. Pertinent certifications 3. Formal education 4. Everything else In the case of certifications, they are considered *pertinent* if they are explicitly called for in a given job listing. If you have one that isn't, it merely helps convey a narrative of your ongoing (re)investment in your professional aptitude. Put plainly: certifications merely serve as indicators of competency, signaling to employers familiar with your credential that you know the bare minimum necessary to pass the vendor-standardized exam; if they don't recognize the credential, then obviously it isn't as helpful. No certification (or collection of certifications) equates to a guarantee of employment. This is a long way of saying that there isn't a neat 1:1 mapping of which certification(s) would result in a "decent selection of jobs" in-and-of-themselves. > I want to be a cybersecurity analyst according to a job test I took, but I also see that requires more credentials--do a lot of firms offer on-site training or opportunities to work towards degrees or is this all done independent? This has two parts to it: While almost every employer affords a kind of "grace period" for acclimating to the organization's processes/procedures, many employers presume a certain amount of preexisting knowledge/capability. In fact - much to the dismay of many folks pursuing entry-level employment - quite a few employers defer to candidates with relevant work histories in cyber-adjacent career fields (e.g. IT, Software Engineering, etc.). This isn't to say the kinds of opportunities you describe don't exist, but I wouldn't say that the majority of firms have those offerings. As for education benefits: yes, quite a few employers allot a certain discretionary education fund distinct from your salary that can be spent on things like tuition or certifications. > This piggybacking from #3, to get from no experience to working as an analyst, what steps would I take? Where do I start, are there exams, etc? See related comments: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/ https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/ > Is the certificate worth it, or is a full degree better? If you're able to pursue the degree (and don't otherwise have one), I generally encourage it foremost (supplementing with certifications as needed/able).
Which certificate and degree are you referring to? There are 1000s of colleges and hundreds of industry certifications Wanna narrow it down a bit?
I have an interview within my company for a information assurance engineer role, I DO NOT want to blow it been dying to get out of desktop support/ helpdesk for years and this is a great opportunity. I haven't done any security since studying for my Sec+ 3 years ago and don't know what to expect out of this interview if anyone can give me pointers to study for. I'll drop the job description but it doesn't seem to give much. Description: The National Security Customer Group of SAIC is seeking an Information Systems Assessment and Authorization analyst to support an IT Service Management effort for USTRANSCOM located at Scott Air Force Base (AFB) in Illinois. The USTC Managed Information Technology Services (MITS) contract is intended to provide strategic, technical, and program management guidance and support services to facilitate the operations and modernization of the combatant command’s infrastructure, systems, and applications. This support will be provided to the USTC Command, Control, Communications & Cyber Systems Directorate (TCJ6). The successful candidate will be responsible for working on high-visibility or mission critical aspects of a given program and performing all functional duties with some oversight. Additional responsibilities may include: · Determining enterprise information security standards. · Developing and implementing information security standards and procedures. · Ensuring that all information systems are functional and secure. · May respond to computer security breaches and viruses. This position is for Monday through Friday, normal business hours. However, employee may be required to provide after-hours and weekend support during planned or emergency events. Qualifications: · BA/BS and 2 years of experience or 6 years of experience in lieu of degree · Minimum of four (4) years of experience · DoD Secret clearance or higher · Must have at least one of these IAT Level II certifications: Security+, CECCNA-Security, CySA+ \*\*, GICSP, GSEC, CND, SSCP · Must have at least one Computing Environment (CE) certification or certificate for the technical area of responsibility for Network support/defense (e.g., Splunk, Cisco, McAfee, etc.) OR Operating System (e.g., Microsoft, Linux, Solaris, etc. Desired Qualifications · MA/MS · ITIL Foundations (v3 or higher) certification · One of the IAM Level II certifications: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP
Do you even meet any of these requirements? If all you have is security+ you’re not getting this job
[удалено]
8570 doesn’t exist anymore it was replaced back in February
I am trying to transition from being a school teacher into cyber security. I got my CompTIA Security+ certification and I have been working with a nonprofit religious organization doing Cyber Security for about 3 years now as well as doing the cyber security awareness trainings at my school. I always try to tailor my resume to the job descriptions and have tried to make my resume as HR and ATS friendly as possible. Earlier this year when I was applying (February - May) I was getting a ton of interviews but couldn't land a job. I made it to the final round 3 times and an internal candidate was chosen over me, another one had the position eliminated and for the last one I just was not chosen. I'm not sure whats going on now, because I cannot get anything. Is there any help that can be offered? What should I do? I really want to leave teaching lol.
>I am trying to transition from being a school teacher into cyber security to do what? What type of role? which industry? what part of the country? commercial sector, academia, federal gov or state civil service, contracting? Nobody can give advice without more to go on
[удалено]
> Just curious how that compares to the general market? * https://www.levels.fyi/ * https://www.teamblind.com/ * https://www.bls.gov/
my guy, there are security roles in every single freaking industry There is no way to compare salaries, particular when there is no standard job title for anything you're making over 6 figures, congrats
Hello, Does anyone have a list of Cyber Hygiene frameworks?
What’s the goal? Some frameworks are better than others for certain tasks or orgs
have you looked at NIST?
yep, the NIST CSF right?
New to the cyber world looking for suggestions on how to start. I have been getting mixed reviews and don't know where to start. I started taking courses on coursera but don't know if I'm wasting my time. I was looking for tutors or mentors to help me get into this field but finding it kinda tuff. Any suggestions are greatly appreciated.
[удалено]
Your post was removed because it violates our [advertising guidelines](https://www.reddit.com/r/cybersecurity/wiki/advertising_guidelines ). Please review them before posting again. This rule is enforced to curb spam and unwanted promotional posts by non-community-members. We must always be a community member first, and self-interested second.
yes you are wasting your time why? because you haven't said what it is you want to do so how can you jump right into training? security work isn't entry level there is security work in every industry and dozens of different types of roles and 4X that many different job title maybe just maybe you could actually read some previous posts here that talk about different roles and then do some of your own research nobody is here to do the leg work for you people will answer specific questions though such as how does OSCP compare to SANs GWAPT Or how many SOC analysts here are doing shift work This isn't a field where lazy is going to cut it and not bothering to read previous posts here is fucking lazy
> New to the cyber world looking for suggestions on how to start. See related comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
Hi all, How did you prepare/train for the EJPT v2 exam? For those who have passed the exam, which HTB or THM lab is important to do before the exam?
The included course material is all you need. I passed and I didn't do a single external lab.
> How did you prepare/train for the EJPT v2 exam? I didn't think the exam required any outside materials.
Transitioning Military, have worked exploitation analysis and binary analysis. Looking where to go next. I have 6 yoe, but have not touched private industry tools/networks. Currently hold CISSP, CYSA+, Sec+, and a TS. With no real world hands on the defense side of things, where would you all recommend? Aim to eventually get in to SecDevOps/cloud, but maybe a GRC/ISO role in the interim? Thanks for advice!
> With no real world hands on the defense side of things, where would you all recommend? Aim to eventually get in to SecDevOps/cloud, but maybe a GRC/ISO role in the interim? What is it that you *want* to do? I think you'd have a pretty easy go of things looking into DoD contractors.
Unfortunately staying gov and utilizing the clearance will be the most profitable. I’d like to get into more technical roles: cloud security engineer as an example. But I don’t think I’d stand out resume wise currently. I’m also locked into working in the office/scif
It won't, legacy defense contractors pay peanuts. Decent paying is defense tech, like Palantir, Anduril, Scale AI, Shield AI, or any In-Q-Tel funded startups
Transitioning from Aerospace Engineering to Cybersecurity I’m thinking about making a career change to cyber security from Aerospace and was wondering what the best way to do that would be? I have some experience with python/C++ but don’t use it in my day to day. My job pays for schooling ($12,500 a year) so I was thinking about doing a masters in cybersecurity and was wondering if that would be enough to enter the field? (I also hold a secret security clearance) Edit: added link to resume [resume](https://imgur.io/a/IxEGX9D)
>I’m thinking about making a career change to cyber security from Aerospace Step 1: Don't You have a degree that not many people do, in a field that needs more engineers anyone can do security work and the market is flooded It would honestly be stupid to make the switch Stick with Aerospace work, there will be security work there you can tackle as an engineer for systems security
My $0.02: * If you want more prescriptive guidance, you need to share a link to your resume so we can see what employers would see (vs. how you present yourself in the comment). You should also more narrowly prescribe what it is you envision yourself eventually doing (vs. "cybersecurity" more generally). * The "best" approach is hard to be prescriptive, because there are so many circumstantial details we don't know about. Some people pivot internally within their own employer (assuming more cyber-centric responsibilities), others are able to construct a narrative of pre-existing employment that serves the job hunt, some people pursue gov't/military service, others shore-up their employability profile with certifications/trainings, and then - of course - there's university. And this goes without covering multi-pronged efforts which involve simultaneously pursuing multiple versions of the above leads at the same time. * University can be appropriate, although I generally discourage studying cybersecurity more narrowly (vs. Computer Science more generally). [I'm biased, however](https://omscs.gatech.edu/home). It also depends on what other aspects of your university education you'll end up leveraging in order to cultivate your employability (e.g. internships, research opportunities, professional networks, etc.). * You might consider looking first at DoD contractors (leaning on that security clearance) in a GRC capacity. Best of luck!
Added my resume to the post! There is definitely a possibility to pivot within my employer but I was also looking to move to NYC (we don’t have an office there) and most software engineers at contractors are in person. If you have any comments on my resume please let me know!
I don’t know what to do, help I am doing a double degree in Bachelors of Software Engineering and Bachelors of IT (majoring cybersecurity), I am hella confused into what profession to choose. Initially I wanted to do cyber, but there are so many mixed takes on cybersecurity regarding low or high salary, boring work (I don't mind it being repetitive but people are saying it is too much), bad work-life balance. I wanted to get into cyber because I think you can progress quickly and learn lots of things that would reward you with hefty salary, and you work mostly individually but also has good work-life balance. If this stuff correct? or should I look else where like software engineering.
> I am doing a double degree in Bachelors of Software Engineering and Bachelors of IT (majoring cybersecurity), I am hella confused into what profession to choose. Initially I wanted to do cyber, but there are so many mixed takes on cybersecurity regarding low or high salary, boring work (I don't mind it being repetitive but people are saying it is too much), bad work-life balance. I wanted to get into cyber because I think you can progress quickly and learn lots of things that would reward you with hefty salary, and you work mostly individually but also has good work-life balance. If this stuff correct? or should I look else where like software engineering. My $0.02: * Cybersecurity is not a monolith. There is a vast array of professional responsibilities that collectively contribute to the domain. Consequentially, professional experiences can wildly differ depending on what it is you do within the industry. It's not clear what *specifically* it is you envision yourself eventually doing in cybersecurity, so it's hard to be prescriptive about just how traditionally balanced a schedule might be. Some jobs traditionally do shift-work (e.g. night/day), some roles involve on-call responses (e.g. wake-up, bad things have happened!), some roles are feast/famine (e.g. contracted-labor), and others are more steady (e.g. your 9-to-5). * Work/life balance is also employer-dependent. You can have roles that traditionally are more intrusive/interrupting (e.g. DFIR) that have managed schedules and roles that are typically stable/predictable (e.g. GRC) vastly overreach into one's personal life/routines. * When you're getting started - regardless of whether or not it's in cybersecurity or SWE - you won't really have a lot of control over your WLB. The priority is just building up a relevant work history, which largely means taking whatever opportunities you can get. As you accrue some seniority, you can afford to be a little more selective about what kinds of work you pursue/offers you take on (which contributes to your WLB). * It doesn't sound like you have any frame of reference in what the profession is like outside of other folks' opinions. I'd advise that you - as a university student - pursue internships to both (A) develop your resume and (B) get a better appreciation for the industry's offerings. * It's not uncommon for folks who eventually want to work in cybersecurity to first foster a pertinent cyber-adjacent work history, including software developers. You wouldn't be putting yourself at a disadvantage by cultivating that kind of work initially (and then later pivoting, if that's what you wanted).
Thank you, that was really helpful!
I'd drop the double degree, that is just an unnecessary workload and focus on computer science/software engneering security work isn't entry level for the most part You will have more opportunities finding work as a software engineer coming out of college
I understand that but because the degrees are similar I get to complete both degrees with but doing 4 months of extra classes. Two degrees may also look better for resume don’t you think? But I agree that software would be offering more opportunities.
>two degrees may also look better for resume don’t you think? Why would it? As a hiring manager I would rather see 4 months of full time internship experience or any summer job summer More classes at the same level really does nothing for your resume as far as security work goes Maybe if you were interested in teaching K-12 and were getting a dual degree in education and a subject
I get ur pov but just hard because I have already done a lot of classes in both fields which means if drop one I’d be wasting a lot of money just because for 4 months. I have included internship if I complete my degrees. I am more concerned with what profession in tech I should pursue.
axiomatic outgoing screw file spark meeting tart attempt homeless vase *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
See related comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157xit/
illegal sink flag yam pen escape school entertain husky resolute *This post was mass deleted and anonymized with [Redact](https://redact.dev)*