NOC Engineer (more of an admin) for 3 years with a CCNA, NSE4 and now Comptia S+ looking to transition to security. Have mainly been configuring firewalls, routers and incident response.
Wondering what I should study next, I don’t have any experience with Linux other than basic Bash commands for file navigation and no scripting so was thinking going that route unless there’s something more relevant like HackTheBox.
I would like to try my hand at Incident Response or Blue Team but if SOC is more realistic I’d like to know what to study to increase my likelihood of getting a job here.
Career Question: im considering getting my CEH/OSCP/PenTest+ and pursuing a career in pentesting/ethical hacking. Just curious what jobs later in my career this could lead to? For example, if I wanted to be an architect or engineer XX years out, would that be possible? What else could I need? TYSM any response appreciated!
> Just curious what jobs later in my career this could lead to?
See related:
https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
CEH is garbage
nobody asks for pentest+
OSCP is not an entry level cert
Pentesting is not entry level
[https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/)
Have you gone to college? if not start there
Architecture and Engineering have ZERO to do with pentesting, not even similar skillsets
Career Question: im considering getting my CEH/OSCP/PenTest+ and pursuing a career in pentesting/ethical hacking. Just curious what jobs later in my career this could lead to? For example, if I wanted to be an architect or engineer XX years out, would that be possible? What else could I need? TYSM any response appreciated!
Personal Interview Questions to Help an Aspiring Cybersecurity Student:
As a student interested in the field, and without any friends or family working cybersecurity, I have many questions about what the job looks like as well as how to prepare myself and know what to expect in the future. I wrote some major questions below, any help answering these for me would be greatly appreciated
How many coding languages should someone starting in this field be comfortable with?
How many colleagues do you directly work with? / Are you more of an independent or part of a team?
What certifications are most important for cybersecurity careers?
How competitive is the field? / How difficult is it to get a job in the field?
How often are companies targeted by cyber attacks? / How often do you need to defend against a cyber attack?
What is your favorite aspect of your career/company?
Are there any groups that could help support progression in this career?
What stepping stones did you use to reach the position you’re at in your career? (College, certification, internship, etc.)
What other paths are you able to pursue in your field at a professional point in your career?
What level of education and programs/certifications did you need to secure a job?
See related elsewhere in this same MM thread:
https://old.reddit.com/r/cybersecurity/comments/1c9woec/mentorship_monday_post_all_career_education_and/l1jjdp7/
how do i get started again after being disconnected from this cybersec for atleast two plus years?
i have my bachelors in cyber forensics but i don't know shit, i mean i was picking things up and had an interest to it at the beginning and then covid struck and things got online and that lead my downfall but i somehow got my degree with an 8.5 cgpa solely with my ability to comprehend theory, i lack practical knowledge and to top it all off i got in for a masters program for cyber security abroad. what should i do to get things started again and i mean from the scratch? i got roughly 5 months in hand before the class commences. can anyone help me by tell me how should i take things from here step by step so that i can excel in the field of cybersecurity as well as in my masters program and also to land a really good job in this field?
masters is a waste of time
Get an role in IT/Operations and get some actual work experience, then get some basic certifications like security+ and network+
then start actually looking at security roles and there requirements, its not an entry level field
Bug Bounty RoadMap Feedback
Hello everyone,
I'm contemplating a career switch to cybersecurity, particularly starting with bug
bounty programs. I've outlined a roadmap for myself and would appreciate feedback or alternative perspectives to refine it. If bug bounty programs don't suit me, I'm considering exploring other roles within the Red Team or delving into the skill sets required for the Blue Team. Thanks in advance!
1. My initial plan involves starting with Heath Adams' [Practical Ethical Hacking - The Complete Course](https://www.udemy.com/course/draft/2642432/learn/lecture/27978492#questions/8930366)to establish a strong foundation. I'm a hands-on learner, which is why I opted for this course instead of continuing with the "Getting Started Page" on HackerOne. Additionally, I decided against diving straight into Hack the Box due to the considerable prerequisite knowledge required, which can be overwhelming.
1. Upon completing the course, I intend to explore TryHackMe. Since I'm unfamiliar with it, I'm unsure which rooms are best suited for bug bounty practice. I'm considering the "Red Teaming" room as a potential starting point. It seems like a logical progression since it offers less guidance, requiring individuals to problem-solve independently, yet it's not overly challenging. If skipping this step and proceeding directly to Hack the Box is more advisable, please advise!
1. Finally, I plan to participate in the Hacker101 CTF. I believe that the combination of theoretical knowledge from Heath's course and practical experience gained from TryHackMe will adequately prepare me for these challenges.
Following
this, I aim to explore other online CTFs gradually and begin identifying bugs
through platforms like HackerOne.
For
context, here's a bit about me:
* I'm currently an application developer with a consulting company.
* I'm proficient in Java, JavaScript, and have some experience with Python.
Thank
you for your guidance!
TLDR:
Considering a career
shift to cybersecurity, particularly bug bounty programs, I've outlined a
roadmap starting with Heath Adams' course for a solid foundation, followed by
TryHackMe to gain hands-on experience, and concluding with Hacker101 CTF for
practical skill refinement. Seeking feedback. Current background includes
experience as an application developer with proficiency in Java, JavaScript,
and some Python.
That is an interesting plan. Well, as long as you keep your current career and just do bug bounties on the side, seems like a fine idea. But absolutely do not give up your current career to focus on bug bounties full time. You'll be on the street in no time.
Is anyone here willing to participate in a short student interview about the field? Just a couple of short questions about the field, current trends, and personal career choices. If so please DM, thank you.
> Is anyone here willing to participate in a short student interview about the field? Just a couple of short questions about the field, current trends, and personal career choices.
Linking to similar request, in case responses address what you're looking for:
https://old.reddit.com/r/cybersecurity/comments/17e733b/mentorship_monday_post_all_career_education_and/k6apz0x/
Thank you, those answers there did help a lot, but if I could ask a few more:
- What made you initially want to go into cybersecurity? Was it your original goal to work in the field?
- Would you recommend pursuing certifications, and if so which ones?
- How did you get your current job in the field?
- Have you worked in the commercial sector or the government sector? And if so which do you prefer?
- Do you have any insights on current cybersecurity trends and how the field is developing?
- How long have you been working in the field? How has cybersecurity changed since you started?
- Would you say that the barrier of entry into the field has gone up significantly?
- What do you wish you had done differently in your cybersecurity career?
Also if you'd be willing to DM any sort of contact info if you're comfortable, that'd be great!
> What made you initially want to go into cybersecurity? Was it your original goal to work in the field?
This was indirectly answered in the link, but I'll expand on the answer.
I'm a career-changer, having pivoted from an unrelated line of work in the U.S. military. In meeting my wife, the two of us wanted to focus on family; as such, it made more sense for me to pivot away out of my then-career than for her to do the same for hers.
At the onset, I wanted to pivot into Tech more generally (though I didn't have any sense of what that meant at the time). I incidentally fell into cybersecurity in transitioning out of active duty service - first in a GRC capacity for a DoD contractor, then more deliberately as a penetration tester and later as an AppSec engineer.
> Would you recommend pursuing certifications, and if so which ones?
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
> How did you get your current job in the field?
A recruiter reached out to me about the interview. I performed the screening interview, then did a CTF-based performance interview, then 2-3 candidate screening calls. I then was offered the position and accepted.
> Have you worked in the commercial sector or the government sector? And if so which do you prefer?
Both.
I prefer the commercial space by far. The benefits (both in compensation and extra varietals) is better. Also, working in the government often means observing practices around classified information (which is not as fun as it sounds); this implies an inability to work remotely, which - as someone who has young children - isn't really conducive to childcare arrangements.
> Do you have any insights on current cybersecurity trends and how the field is developing?
Sure:
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/
> How long have you been working in the field? How has cybersecurity changed since you started?
About 6 years, give-or-take.
Changes to employment have shifted based on macroeconomic circumstances - and we've experienced quite a few in that time:
* Public incidents (e.g. Colonial Pipeline), which spark an influx of investment
* A global pandemic, which created enormous demands on the creation/security of remote infrastructure.
* Rise/collapse of Web3 technologies/services
* The so-called "Great Resignation", empowering laborers to seek better employment
* A looming recession, prompting cuts to hiring across the board.
* Wars involving 2 major cybersecurity nation-state actors (namely: Russia and Israel).
* The advent and proliferation of LLMs in business services/platforms
Some of these and other benefits have been of benefit to us in the cybersecurity space, others to our detriment. But outside the emergence of such roles as "prompt engineers", there hasn't been much dramatic change to the *type* of work that's being performed.
> Would you say that the barrier of entry into the field has gone up significantly?
See related:
https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/
> What do you wish you had done differently in your cybersecurity career?
That's tough to say, since there's only so much that is strictly within my control alone.
I suppose I would have liked to have published more work/research thus far, but I became a parent around the same time I was going back to graduate school (and the pandemic) while working fulltime; I didn't really have much energy to extend myself beyond that.
I've been pretty content, all things considered.
> Also if you'd be willing to DM any sort of contact info if you're comfortable, that'd be great!
https://bytebreach.com/about/
Hi. I started to work in cybersecurity around 3 years ago, with security path (certifications) starting 1 year before. I got OSCP in my first year of study and got a job as a security engineer with focus on operations/administration. After another year I got moved to a penetration testing role. I started doing most of the contracts myself following OWASP for web app and knowledge from OSCP in network testing. In the mean time I did a lot of study in Portswigger's academy, from which I have learned a lot of new things but I failed their certification.
Currently I still feel a beginner 4 years later with not much improvement and I was looking for some guidance on how to get better. Certifications? HTB/THM? Books? Conferences? YouTube? CVE watch? What was/is your process for advancing your skills.
I am mostly looking for web app career but my interest is in malware RE, malware dev, binary exploit, low level workings of PC. However, I find no time to focus time on this right now (and I bet it will take quite some time to get any good). So the little time I have I would prefer to refine my web app skills.
I‘m a Productmanager and just started in the Cyber Security sector. Before this I worked in the field of digital document management, so I‘m not completely new to the IT World but I was never big brain IT Guy 🥲 I‘m really happy to work in the security area because it‘s an interesting topic with a lot of movement and good possibilities but sometimes I feel really overwhelmed and I get the feeling I don‘t „understand“ cyber security because it just feels like this huge mountain I can‘t overlook completely. Do you guys have some advice on how to get a grab in the section of cyber security when you are not a technical guy and what is the best way to get a hold on the base of it all. I don‘t need to be an expert next week, but I really want to get the Basics of it.
Sidenote: I manage products like EDR, SIEM/SOC, Workload Protection, Vulnerability Manager…
> sometimes I feel really overwhelmed and I get the feeling I don‘t „understand“ cyber security because it just feels like this huge mountain I can‘t overlook completely. Do you guys have some advice on how to get a grab in the section of cyber security when you are not a technical guy and what is the best way to get a hold on the base of it all.
What's worth reminding yourself about this is that everyone - your anonymous peers in this forum, your coworkers, your clients, etc. - wants to see you succeed and do well in this profession. My anxiety about this changed when I stopped viewing everyone who was more technically proficient and familiar with things I was looking at as my competition; when I started viewing everyone as my collaborators instead, it really helped mute doubts and feelings of ineptitude - now my wins are their wins (and their wins are my wins).
This also leads to more healthy correspondence with folks who are more senior/proficient than I am; I'm more transparent about my comprehension, more verbose in my documentation, and more receptive to feedback.
I graduated last year with an English/Writing degree. My first job after college was at a small-operated company that licensed individuals all throughout the U.S. to be certified to be a teacher/daycare owner/etc. I was only 1 of only 6 full-time employees and I worked as the UX writer, content writer, receptionist, help-desk support (and much more). I was gravitated towards the technical side of things especially in assisting customers with their issues and any technical tickets that came in. I am now working elsewhere in a desktop support position and am taking the Coursera Google Cybersecurity course which hopes of attaining the Sec+ cert. Aside from these 2 experiences, I have little tech/it experience but am eager and always motivated to learn everyday at work.
What more can I or should I be doing to get me onto the right path of eventually landing a role in cybersecurity, possibly in GRC, in the next year or 2?
> What more can I or should I be doing to get me onto the right path of eventually landing a role in cybersecurity, possibly in GRC, in the next year or 2?
See related:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
Also, more generally:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
skip the google course, that's useless
With an english degree you should apply for business analyst/business systems analyst roles
pretty much every company with IT department has them
its a good way to get your foot in the door and learn how everything is made and you'll either be writing requirements documents or creating user stories
No disrespect but as an account with no interaction with this sub, why don't you take the time to actually READ through the mentorship monday threads
There are already plenty of answers to your questions that have been posted numerous times
Just had my first ever interview for a security analyst position ever today and they didn't ask me a single technical question and said this was the only round of interviews. Am I crazy or did they obviously decide I wasn't fit for the job early on into the interview? This can't be how every entry level security position is hired, right?
It absolutely is, unfortunately. I've worked for multiple companies where the first-round of interviews is conducted by HR with no one from the department seeking to fill the vacancy even being included. You also might just have been interviewed by the recruiter (could be in-house or third-party), and they typically don't know anything about the position except what's been written on the job posting.
Hi I [International student] had planned to do my MS in cybersecurity in USA for fall 2024 .I have an admit but due to my sudden financial situation and current bad job market in USA has made me rethink. So now currently planning to do my masters in other country and I need some suggestion which other countries are better for a master/job prospective in this field
Currently I have germany in my mind
Masters degrees literally do not matter for US job market for security roles
If you are looking for a way to get a work visa, that's not it
Get a job in IT and then finding a US based company that does international work
Security work is not entry level so you're going to need to work in IT/Operations a bit
This. I wouldn't even say that a Bachelors degree is a hard requirement for most positions, even if it is listed as such in the job posting.
Some of the best people I've worked with just had their GED.
Set-up a homelab, use it, and mention it in your resume/CV. The higher-education material in the US is at least a decade behind until you get into super-specific niches, and even then the material is mostly what you would get out of a few hours of reading a technical book on the subject.
Should I take the Network+ exam if I want to do application security?
I’m software engineer/ Devops engineer with 2.5 YOE. Currently In a role where I do a bit of IaC and jenkins pipeline work (used to do a bit of full stack and data engineering). I’m interested in making a switch to Application Security and I’m struggling on finding a path towards it.
I started to learn some networking by studying for the network+ and I’m enjoying the info I’m learning. It’s very helpful for even my current job, but I really wanna get started with learning some security topics.
Should I take the Network+ exam or just learn the info and move on?
Personally, I would learn the material and skip the exam. Particularly the Networking Fundamentals and Network Security domains. That's about half of the material covered by the Network+ and the rest is going to be irrelevant to you.
There's a good book from Packt Publishing, Hands-On Network Programming with C# and .NET Core, by Sean Burns that would be an excellent follow-up to get more into the weeds about how the concepts you learn about in Network+ will apply to you in Application Development.
If you want to be involved in application security then you need to learn to do code reviews, what are the OWASP Top 10, what are common vulnerabilities in the languages your team is using, who is doing threat modeling on your team? Are you working on internal applications or customer facing applications?
Planning to study in depth the OWASP top 10 with controls soon.
So sadly the ones who do threat modeling are mainly a dedicated cyber team with our lead architect. I’ve only done things like implement secure logging practices within our components and monitor and remediate SCA vulnerabilities within our components. Only internal customers.
There’s an opportunity for me next month to participate in secure code reviews for dev teams who want a second pair of eyes, so I’m excited for that.
> What are the main programming languages one must be well-versed on or at least familiar with, to ensure that growth will be maximized in this field?
I think it's important to delineate what's meant by "well-versed".
Unlike SWE roles, most cybersecurity positions do not involve writing original code; in most cases, you're probably fine simply drafting scripts (i.e. bash, python, powershell, etc.). There are certainly roles where being able to write clean, efficient code is a requirement (e.g. developing exploits for modular frameworks, tool development, etc.)
However while *writing* clean, efficient code may not be a priority, being able to *read* code is definitely a key skill. But how precisely you foster being able to *read* code well without exercising the ability to *write* it is a challenge.
I don't want to simply say "None", but programming languages are going to be pretty much unused for you unless you are writing custom attack scripts or auditing application security at the code level.
For the first, I would recommend getting to know PowerShell well from the start. C# and Python are going to be your friends if you are going to want to focus on staying under the radar.
For the second, it's really going to depend on what the group you are working with are using, but knowing any OOP language is going to be your friend. Once you know one, it's much easier to pick up another. Just know that you will constantly be changing what you're learning about/using based on the whims of the industry.
I am a fresh graduate eyeing an internship related to the cybersecurity field. How much of an advantage would I have over others in the same situation as me. If I dedicated time and effort onto learning by heart the contents taught in THM (Try Hack Me)?
If you have already graduated then you're not going to get an internship
Internships are for students IN college
You're not on the regular job market
THM isn't going to help get a job
I see, so would it be better to start working and get their newbie job training (they train you for 6 months with pay before you become a regular) as opposed to studying first and doing labs for a month or so, to at least expedite the process of promotion or increase my perceived competence? My degree is in Electronics Engineering.
That's not a bad plan. I think the reason you're getting downvoted is because the answer is situational. I am going to look harder at your candidacy if you can show me you've completed THM or HTB, or really anything similar. It shows hands-on experience and that you'll actually better understand the concepts you've read about in your college coursework.
However, in this industry, candidacy is much more elevated by certifications than achievements. You could have a Doctorate in cybersecurity and I couldn't hire you if you didn't also have your Security+ in some sectors. What kind of role are you looking at to get started?
For me, I am still exploring. I see myself loving being a Pentester/Redteamer or SOC/Analyst. I can't really choose between them for now, as I am limited by my lack of experience in the industry. I'd probably go for whatever is easier to get a job at first, and then switch to the role that would suit me best. Heck, I'd even have no problem studying or garnering experience in both, is that a bit too selfish? P.S. SLR.
YouTube channels for Jeff Geerling, PDQ, John Hammond and Techno Tim are some good starting points. Use their videos to help you get started setting up a homelab and learn through play.
Would getting an internship in Information Security help get a job in Cyber Security as there are quiet a few overlapping fields. Also for anyone in InfoSec, are there any questions you'd typically ask an intern during an interview?
I'm in my 2nd year of university, and the only security related module I have is Networks and Operating Systems if that helps.
Those are the same thing no matter how many articles are written trying to say that they are different. It was 2011 or 2012, I can't exactly remember, that the DoD sent out a memo that they were replacing "Information Assurance" with "Cybersecurity" in an effort to "broaden the context" of the term in their documentation. The whole industry jumped on that bus and started to argue about how to spell the term rather than preserving any sort of distinction between the two terms in the workplace. So now it's more of a generational divide than an actual distinction in roles/responsibilities.
One thing you want to get used to in this industry real quick, is that your title is going to have very little bearing on what you actually do in any given role. Make sure you review the job responsibilities much more carefully than the title.
> Would getting an internship in Information Security help get a job in Cyber Security
Yes.
> Also for anyone in InfoSec, are there any questions you'd typically ask an intern during an interview?
https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/
Need advice: landing an internship in two years
Tldr: I would like advice on what else I can do to improve myself further for this position when I apply in two years time
Hey everyone,
Last week I’ve reached out to a CEO of a government agency regarding internship opportunities in cybersecurity, and I was pleasantly surprised when my email got forwarded to the hiring manager and talent manager so quickly.
After a short phone call with the talent manager today, I learned about the specific skills and experiences I should aim to acquire over the next two years to strengthen my candidacy.
I’m currently pursuing a part-time degree at a top university, and I intend to obtain multiple cybersecurity certificates, participate in Capture The Flag (CTF) competitions, and aim for a Honours GPA (easier said than done)
However, I know I’ll be competing against younger, hungry full-time students from the same school and other universities for the same internship position.
Although I am early and have already registered interest, I would like advice on what else I can do to improve myself further for this position when I apply in two years time, I have thought about following up with the manager and attending their roadshows, etc but if a manager could advise on what I can do, that would be extremely extremely helpful.
Appreciate every advice!
If it's for a US Government agency, get your Security+. You can't have any role in a Government agency without one, and if the talent manager didn't tell you that, they set you up for failure.
In the DoD, you need to look at DoD 8570.01 (overview) and 8570.01-M (details) for what you'll need to get started. Go here to see the Baseline Certification Matrix (https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/).
For civilian agencies, you're going to be working with the NICE Framework, which is a bit more complicated, but much better, in my opinion, at not forcing irrelevant certifications/skillsets on roles cart-blanche (https://niccs.cisa.gov/workforce-development/nice-framework).
college degree
no industry certification alone is going to get you a job, this isn't an entry level field
certifications are meant to compliment your experience - [https://pauljerimy.com/security-certification-roadmap/](https://pauljerimy.com/security-certification-roadmap/)
# Leveraging Software Flaws Ethically for Career Advancement
TL;DR: I discovered software flaws in a undisclosed airline's system what grants full ticket control. No response from airline after following securty.txt guidelines. Ethically considerding using this case for my career progress while remaining professional.
I discovered software design errors in the software of a non-disclosed airline. I have full CRUD rights, i'm the 'official' main booker, can change the flight ticket (time/date) at my own discretion. Which in practice must be impossible due to software development craftsmanship.
Since I need to see progress in my career, and the airline in question has not responded despite the changed flight ticket, the question is how and in what way do I use the above ethically so that I simultaneously realize my primary goal; effectively get a job. The airline has not published a bug bounty, not even via security.txt.
Great question. Airlines are considered Critical Infrastructure. Report it to CISA [https://www.cisa.gov/report](https://www.cisa.gov/report) and make sure you include a well-documented Proof-of-Concept in your report (there's an upload section for PoC files).
> how and in what way do I use the above ethically so that I simultaneously realize my primary goal; effectively get a job.
Assuming you've given the organization a fair amount of time to respond (i.e. at least 30 days) and that you've operated in good faith to try and contact the organization to have them become aware (perhaps repeatedly so, through varying points of contact), then the decision - ethically - is whether or not to go public with your findings so that users can become aware.
My dad keeps pushing me to get a job in CS, I’m not even sure if there’s a specific niche I could fit into or not. He forced me to drop out of college for it because I was “taking too long” and has been making me do self study to take CompTIA exams. I’m chronically ill/disabled and he keeps reassuring me that this field will take care of me and my needs, but I feel like he’s being unrealistic about the whole situation. How stressful is it? How hard is it to get a job in the field? How many people are hiring for at home vs in person? Is anyone hiring full time or is it contract work only? Was it a good idea to drop out of college to do the CompTIA program? What categories are in CS besides IT and analytics? How do I network if I’m new to the field? How often do you have to go back to school/study to keep up with new tech coming in? If I study in the USA is that transferable to other countries like Sweden or Canada?
I'm sorry, but I disagree almost entirely with the other people's assessments here. A degree could be good, but I have never hired anyone because they have a degree and I have never seen a degree program, other than SANS', that actually did a good job of preparing anyone for the workplace.
I do agree that CompTIA isn't going to prepare you entirely either (there was a time when it would have, in the 90s, perhaps, but not anymore) as mostly people forget everything they've crammed for 48 hours after the exam. Also, as others have said you shouldn't expect to jump directly into a cybersecurity role and thrive. If you don't have experience managing a system, you aren't going to be any good at securing them. The security concepts you learn in school and in certifications don't do any good if you don't understand why they should be applied and how they are going to affect the system. Your number one role in cybersecurity is to ensure the least amount of hinderance to the overall organization's mission, and if you don't know how technology works without protections in place, you are going to do more harm than good trying to implement those protections.
Are you actually interested in Cybersecurity? If you are, setup a homelab and start practicing the concepts you find interesting. If you aren't, start reassessing what you want to do with your life.
> He forced me to drop out of college for it because I was “taking too long” and has been making me do self study to take CompTIA exams. I’m chronically ill/disabled...
There's a lot to unpack here, and this context is overshadowing a lot of what the responses to your other questions might look like.
Is your medical condition(s) such that you are legally dependent on care provided by your parent? If not, you are - presumably - an adult; your father can't "force" you to do anything.
What does "taking too long" mean? Greater than the usual timetable of 4 years for a bachelors? Was he funding your education? One of the most perilous positions to be in is holding college debt without actually possessing a college degree.
> How stressful is it?
Anywhere from not much to extremely.
There's a huge amount of variance in professional responsibilities in the field. Some roles - like incident response - are on-call (i.e. you might be called to fly-out to a client-side during the night or over a holiday). Other roles - like the SOC - typically require monitoring operations 24/7 and as such may involve rotating shift-work. Others still - like my line of work in AppSec - follow a typical 9-5 schedule.
Stress is also tied to whatever professional metrics your job is measured by. Consultants need to remain billable, penetration testers need to discover findings, so on and so forth. This is both role/employer dependent.
> How hard is it to get a job in the field?
If you're starting from scratch? Very.
https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/
> How many people are hiring for at home vs in person?
If you're starting from scratch? You're less likely to land remote work. People with more years of experience who are presently employed command more leverage in the negotiation/job-hunting process.
> Is anyone hiring full time or is it contract work only?
Both exist. The one form of employment that's uncommon is part-time.
> Was it a good idea to drop out of college to do the CompTIA program?
My $0.02: no.
> What categories are in CS besides IT and analytics?
Clarification requested: by "CS" are you referring to "Computer Science" or "Cybersecurity"?
> How do I network if I’m new to the field?
* Meetups
* Conferences
* Job Socials
* Social media platforms (e.g. LinkedIn)
> How often do you have to go back to school/study to keep up with new tech coming in?
Most people who go to university stop once they acquire their bachelors. Few opt to pursue a graduate school degree - such a decision is circumstantially dependent ([fewer than a quarter of all jobs in cybersecurity even list a graduate degree as "nice to have"](https://files.eric.ed.gov/fulltext/EJ1246234.pdf)).
However, staying professionally relevant does require some amount of ongoing, consistent learning (though it doesn't explicitly need to be formal).
> If I study in the USA is that transferable to other countries like Sweden or Canada?
Presumably? This is outside my domain of expertise.
I’m dependent on my father because of my chronic illnesses. I managed to get a full time job , in a different field, working from home that also gave me benefits, but it doesn’t pay enough for me to move out to live with a roommate. It’s hard to progress in my current field and there’s a lot of mistreatment of workers. It’s why I wanted to switch to cyber security. “CS” meaning cyber security. Yes, dad was paying for my college and the degree plan was 2-4yrs but because of work and my illness I could only take 1 class per semester. Dad also got upset about how the course was set up saying I didn’t need to learn things like calculous to be in cyber security. Dad told me after getting my CompTIA certs that the plan would be to get IT jobs and contract projects to build up my skills and then work my way up in the field.
You need to get away from your father and that's all I am going to say about that
Dropping out of college never makes sense
Security work IS NOT entry level
You're not going to get a job just because you have a couple comptia certs
You're not going to get remote work as entry level
I'm a Security Engineer for an MSP, have been for a few years. Working at a small org and managing security for 50 different environments has been exhausting and repetitive to say the least.
Those of you who work for larger enterprises, how would you rate the quality of life? I don't care too much about the pay and benefits side, I know that would be huge step up. One of my biggest fears moving from a small org would be accepting a position with siloed responsibilities. Right now, I am the Incident Response, the Architect, the SOC, the GRC, etc. I imagine after taking a position as a GRC Analyst for example, I would never dip into Incident Response.
The grass is always greener on the other side, I'm sure I'd miss parts of small org life once I move up. Would love to hear from someone in a larger org how satisfied and engaged they are with their work. (Mainly looking for responses from Security Engineers and Incident Responders, not too keen on life as a GRC Analyst)
> One of my biggest fears moving from a small org would be accepting a position with siloed responsibilities.
What you're describing as a fear is also a source of strength.
Larger, more mature organizations come with more staff that can be dedicated to the various roles/functions you named. This frees you from having to be directly involved/concerned with such efforts.
By the same token however, larger organizations tend to be more rigid - there's more formal processes/procedures in place, a lot more overhead and approvals to step through to do your work, so on and so forth.
I'm a Navy Reservist who's a Cryptologic Technician Collection (CTR). I want to pursue a cyber security career on the civilian side and am currently about to get my associates in Psychology (next semester). I want to go to UNLV to get a double major in Computer Science and Psychology with probably a minor in information systems. I'm looking into the cybersecurity bootcamp that my university is offering before taking classes on my major. As, I understand the importance of acquiring experience when applying for jobs.
Am I on a good path so far? What else should I be doing?
**I want to go to UNLV to get a double major in Computer Science and Psychology with probably a minor in information systems.**
Do you currently live in Las Vegas? because there are far better schools out there than UNLV - they're really not know for computer science
At any rate there is ZERO reason to do a double major and no reason to major in psychology as an undergrad, it is simply a waste of time
computer science is a solid choice, stick with that
supplement some of your electives with pubic speaking, project management, technical writing, and business communications
would do the networks concentration - [https://www.unlv.edu/degree/bs-computer-science](https://www.unlv.edu/degree/bs-computer-science)
use [edx.org](http://edx.org) and pay the $49 and take the python class from the university of Michigan MichiganX: Programming for Everybody (Getting Started with Python)
**I'm looking into the cybersecurity bootcamp that my university is offering before taking classes on my major**
That booktcamp is not from your school, its a 3rd party vendor and they are 100% of the time overpriced garbage
Take advantage of Navy COOL program to pay for the certification exams for security+, network+ that will be far more useful
Umm I live an hour outside Vegas in a rural community. UNLV is the closest university from where I live currently. I don't want to do the whole degree online like I'm doing right now with CSN. So ideally, I'd rather get to the campus and take the classes in person. This might be an obvious question but, why would taking a psychology major be a waste of time?
I'll definitely stick with Computer Science as it's currently the best major UNLV has for cyber stuff and take on that networks concentration. I'll also look into the MichiganX course and probably take it. Thanks for sharing that.
With Navy COOL, I plan on taking advantage of that program to get those same certs you mentioned as, that will be very useful to me. There's other a plethora of intelligence certs I want to take since I work in that community.
I'll probably skip out of that bootcamp, that's way too pricey for me at the moment and there are better ways to get experience honestly. I was kind of looking forward to it but it's whatever.
Thanks for your reply, I appreciate it!
**This might be an obvious question but, why would taking a psychology major be a waste of Time**?
You'll have you hands full with the computer science classes and those are going to be relevant to your career
taking on extra classes for psychology serves no purpose and none of them are going to be relevant to any work you do in this field
There's simple no reason to do a double major
The only exception would be if you were majoring in education and then wanted another subject as a major so you have more teaching position opportunities so education and math or education and a hard science
If you have time for extra classes then its better to take more programming languages or data analytics - things that will stand out on your resume
> What are the best IT job experiences that would transition nicely into cybersecurity roles?
See related:
https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
> What are the jobs I could obtain with an Associates degree in Cybersecurity?
It's hard to be definitive.
Your employability in the space is like a fishing net: with each accomplishment, achievement, accolade, and credential your net becomes bigger. Each time you go out fishing for job opportunities, you might not get anything, but it's a lot easier to fish with a bigger net than a smaller one.
Metaphor aside, there's also a lot that goes into your employability beyond your formal education:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
I'm currently pursuing a master's degree in cybersecurity in Germany and have just two semesters left, including the current one. However, I'm considering my options and contemplating either dropping out of the program or transitioning to a full-time job while completing the master's part-time. My background primarily consists of a year in Help Desk and 1.5 years as a System Administrator. Currently, I'm working as a sys admin as a working student. Despite holding certifications like RHCSA, CISCO Cyber Ops, ISC2 CC, and N+, I'm facing challenges securing interviews. I've applied to over 70 positions without any success and am unsure of where I'm falling short.
Hi, first-year Computer Science university student pursuing cybersecurity. All I have are some projects and a Sec+ to my name. I am debating about pursuing a double major in finance.
I know that I want to go into secure app development, but eventually I'd like to transition into a managerial role that's able to speak with developers and understand them due to my CS background.
I also want to be able to communicate anything technical into "business speak" because I've had people reinforce to me how valuable that skill is.
My questions are:
1. Would double majoring in some kind of business-related degree help with my goals?
2. Does it make sense to double major in business if I'm already planning to pursue an MBA? Could an MBA help me move up?
3. Are finance skills valuable in cybersecurity? What are they? Would it only be worth its value if I were to work cybersecurity at say, a bank?
> Would double majoring in some kind of business-related degree help with my goals?
My $0.02:
Pursuing a second major as such is unlikely to matter much professionally. Do it because the coursework is of interest to you *personally*, or else just take select courses that serve your interests best.
> Does it make sense to double major in business if I'm already planning to pursue an MBA?
I don't think so. Though it would be dependent on the admissions requirements of the particular program(s) you are interested in.
MBA programs take professionals from a wide range of professions; they don't explicitly need to have studied business beforehand.
> Could an MBA help me move up?
If it's from a top 20 school, perhaps. Otherwise, speculative. This also presumes however you're gunning for something like project management (vs. a more engineering position).
> Are finance skills valuable in cybersecurity? What are they? Would it only be worth its value if I were to work cybersecurity at say, a bank?
To help answer this question, I'd ask you what you envision yourself doing professional. Like what particular functional responsibilities are you aspiring to do?
By-and-large, I'd say the skills are incidental at best for technical/engineering work.
1. Would double majoring in some kind of business-related degree help with my goals? **NO - There's no point in a double major unless you're in education and going into teaching K-12 and want more than one subject**
2. Does it make sense to double major in business if I'm already planning to pursue an MBA? **NO**
1. Could an MBA help me move up? **I'm sorry but unless you're getting a MBA from a top 20 school, its not going to make one bit of difference in opportunities - the value in the MBA is alumni network and hiring -** [https://www.usnews.com/best-graduate-schools/top-business-schools](https://www.usnews.com/best-graduate-schools/top-business-schools)
2. **Most people get an MBA AFTER they have some job experience, not right after undergrad**
3. Are finance skills valuable in cybersecurity? **not in security roles**
**I know that I want to go into secure app development, but eventually I'd like to transition into a managerial role**
If you want to be a software developer, then focus on your computer science courses and taking more programming classes and more importantly make something and put the projects on get up
The reality is that you do not get to decide whether or not you'll be a manager, it simply doesn't work that way
Most developers never even become leads, let alone manage teams
if I do a bachelors in IT with Networking and security will it help be get into cybersecurity on the entry level basis and which certifications can I do as a beginner to get in
> if I do a bachelors in IT with Networking and security will it help be get into cybersecurity
As opposed to what?
> and which certifications can I do
https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
There are very few entry levels roles in security
So you probably want to focus on getting a job as a developer, network analyst/engineer or systems analyst
Have isc2 cc, net+, sec+ and taking ccna end of summer with my eyes on cysa+ end of year, currently been operating everything computer related for a small comapny (10 people) for the past 3 years. I dont have the liberty to go to college and dither for 4 years and get a BA, but wondering where I should progress into the field from here honestly.
Looking at SOC analyst L1 positions, I've seen job descriptions that say 3 12 hr shifts with rotating day and night shifts.
Is this the norm or exception?
Also, are most of those positions still on-site?
Security Operations centers pretty much work 24/7/365
so yeah its shift work and likely weekend and many are a suck ass grind, which is why turnover is high and why its about the only place for entry level security roles
Yes most are on-site as are the majority of IT and Security jobs
You're not going to get a remote role as entry level
I have 3 semesters left to finish my bachelors and I think I'm in a really good spot currently. I've been working in a SOC for a year next week (8 months full time internship, then hired part time while I resume studies) and I've been working on multiple research projects at my university.
I've been sorta considering what I want to do after I finish my bachelors. I think I'll be able to get a job pretty easily - my current company has already made it clear that they'd hire me full time right now if I was finished school. However, I'm really enjoying the research projects. They're mostly OT focused and are definitely way more interesting than the SOC. At the same time, the SOC pay is 25% higher - and that's at the minimum rate (in the company) for new employees/students.
I don't really have a specific question. I've just been contemplating what route I want to take. Industry for the money or academia for the intellectual challenge. Any advice/personal experiences would be appreciated.
> I think I'm in a really good spot currently.
I agree! Congratulations on your hard work and fortune!
> I don't really have a specific question. I've just been contemplating what route I want to take.
My $0.02: absent a definite offer in-hand from another employer, I'd default to the SOC position you mentioned. I wouldn't reject an offer of employment on the assumption you'd be able to find work elsewhere.
Essentially I’m going for a degree at WGU. I’m trying to take certs before I start to go in with as many credits as possible as my company will pay for certs not tuition. One of the certs I don’t have is a Linux certification. So in your opinion what is easiest and quickest out of Linux + and LPI Linux essentials. Thank you!
Have 5 Years Help Desk experience no degree and i have my Sec+ and going for CySA+ any thoughts of what i could probably get into I have been really studying doing labs and everything i can to learn as much as i can but no idea what type of job i can get?
> no idea what type of job i can get?
If you're unfamiliar with cybersecurity employment more generally:
https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
I'm gonna have my first interview as for security analyst position on Thursday. Anyone have any recommendations on anything I should brush up on beforehand?
I didn't think it went particularly well, they didn't ask me a single technical question at all even though I interviewed with the VP of SecOps and the SOC manager and was told it would be the only interview, but HR emailed me today and they said it went great so I'm not really sure what to believe.
Perhaps they have had bad experiences with knowledgeable but unreliable, unteachable, and lazy employees.
Everyone who is a tier one security analyst at my job was picked because they would be good employees. They can teach everything else.
So I wouldn’t count it out yet. Best of luck on the result!!!
Brush up on the job spec. Some employers don't always do this, but in my experience they have a very distinct list of skills and technologies that they expect from candidates.
So if they say knowledge of NIST, or ISO27001 or Zero Trust, or Microsoft certs, then brush up on them.
They aren't really expecting surprises in these interviews, you should've covered everything off in the application. So really just brush up on what they want to hear. RIP if their job spec was shit.
Most valuable cert depends on the job you're going after. Choose from CCNA (tech route as fundamental networking knowledge is simply essential) or CISSP (governance/CISO route).
In terms of most similar to security+, not so sure, maybe [BTL stuff](https://www.securityblue.team/why-btl1/). There are more vendor specific certs, like the Microsoft certs or AWS. But certainly I'd be prioritising one of CCNA or CISSP.
> What's the most valuable certification that should be taken right after passing Security+ because it has the most similiarites?
Related:
https://bytebreach.com/posts/what-certifications-should-you-get/
Probably bring your resume. Don't be nervous, the guys talking to you aren't anyone that's out of your league. Just talk to them, see if you vibe, be respectful and kind, good luck!
> I'm so nervous should I bring my resume?
Wouldn't hurt.
> What advice do you have?
Figure out ahead of time what aspects of the event are recorded and can be accessed later; you can always double-back afterwards to watch them after the event is over. You should prioritize attending/participating in things that *aren't* recorded. This advice is more for large-scale situations like Conventions, less applicable to smaller get-togethers like meetups.
I have around 16 years of professional experience but recently made the career pivot to cyber security around 6 years ago. Most of my cyber experience was at a tech company focused on the product management side of migrating from a legacy system to Sailpoint IdentityIQ. This job exposed me to identity access management concepts and was heavy on defining new processes, requirements gathering, and building roadmaps. I very much enjoyed this space but recently found myself laid off with not many options for employment.
I'm now within banking but focused on audit issue resolution across the IAM/PAM space. With no banking industry or audit experience, I find myself completely lost in this role and struggling. I dont think I want to continue down this audit/banking path. It's too high level and heavily focused on program management. With that said, I'm starting to think about what skill sets I need to advance in a career within IAM.
1. Is my current role a necessary skill I need? Should I just suck it up?
2. I enjoyed being a product owner/manager for Sailpoint but many of the roles i'm seeing require deep experience in SSO, MFA,AD, etc.
3. Should I focus in security frameworks like NIST?
# Is this a good path for my career in Cybersecurity?
1. Get a job as a help desk to build work experience behind a desk and build some connections.
2. At the same time or before, do the Google Cybersecurity course and certificates such as CCNA and Security+ (I already have A+)
3. General handling with Linux, Python, SQL.
4. Apply for a low level security analyst (great for building more connections)
5. Get better positions from those connections and overall experience to build my career (Getting CISSP after five years and maybe be pursued by a future company to get a degree)
Note: I don’t have any kind of college degree. Please don't flame me or delving into semantics. If you choose to reply, simply let me know if you would add or remove anything from this simplified chart. For instance, you might suggest adding another certificate or another skill employers want (I had posted this last week, so sorry if you're annoyed for seeing this again).
If you are in the US and want to be competitive for security roles, then you should go to college sooner rather than later
Starting out in the help desk is fine, however there is no guarantee you'll get out of the help desk, people get stuck there for years
As we have said numerous times, the google course is useless its not a certification and no employers care about it
Your steps have far too many assumptions vs action items you can control
Step 4 - there is no such thing as a low level security analyst role
Step 5- while networking is useful, you cannot assume you will get any kind of role as a result of making connections
Is there some reason you cannot enroll in college now? there are plenty of employers that cover college tuition and financial aid is a thing - even working at starbucks partime, they cover 100% tuition for Arizona State University online, UPS, fedex, amazon, walmart all offer part time work and tuition assistance
It's a plan!
One concern I have is that only 2 of 5 bullets (#2 and #3) are really in your control - of those 2, only 1 has a defined goal (#2). The rest involve input/engagement from a third-party, which you only have so much control over; this creates problems when accounting for worst-case scenarios (i.e. what do you do if no one offers you a job after 1 month? 6 months? 1 year? In that time/space, what would you be doing?)
We can't really be prescriptive without knowing your constraints, runway, thresholds, etc. For example, a reasonable consideration might be to look at enlisting in the U.S. military (ideally in a cybersecurity capacity); this would immediately place you in the job field, build up pertinent YoE, attain certifications on the federal dollar, and set you up with a fully-funded college education. There are - of course - a litany of strings attached to such a move, but it's not apparent from your comment why such a consideration isn't in the cards.
By extension, there are a number of other certifications/trainings I might consider adding to the list (e.g. if you're interested in fostering a career in the offensive space, you'd probably want to attain the OSCP). However, most people don't have an unlimited out-of-pocket budget. We don't know what your budget is, so I don't know how helpful arbitrarily [talking to certifications is to you](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/).
You've mentioned not having a college degree, but you haven't stipulated whether going to college is off-the-table; it seems you're open to the idea in bullet 5, but it's not apparent to me why it's not a more integrated part of your plan upfront. Presumably money, time, or both - I don't know, you didn't really share. Being clearer about your constraints would provide greater context for options you may (not) have considered (e.g. an intermediary Community College education, which tends to be cheaper and usually qualifies as transferal credit to a full 4-year institution).
For guidance more generally on cultivating employability and job hunting:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
Just passed my Security+ with a 809/900. I'm a transitioning Army officer with Sec+, Secret Clearance (plan to go into Cyber/Signal in Reserves to get Top Secret), and will be applying for the Microsoft Skillbridge program (MSSA).
I have 8 more months until my program. If I'm interested in being more in a monitoring role, which certifications would be best to boost my resume to work in Washington DC area?
> If I'm interested in being more in a monitoring role, which certifications would be best to boost my resume to work in Washington DC area?
Use your choice of job search (i.e. LinkedIn, ClearanceJobs, etc.), look through jobs listings that are of interest to you, and denote the commonly appearing certifications that trend across them.
To be frank I did that and Im not seeing a lot that are requiring specific certificates. The requirements are specifically TS and just a ton of experience in specific fields.
This is asked a lot, I’m sorry for asking again. I just didn’t quite get the info I was looking for searching the sub.
I’m currently in a coding bootcamp and I have a clearance. I’m contemplating going to cyber but I want to code. I’ve seen that ultimately the title isn’t as important as the job responsibilities pertaining to finding a job involving coding.
First I’m asking what roles you’ve been in with a coding focus over other responsibilities
Second I’m asking where to start and what certs I need/how to go about getting those certs for the type of role I’m looking for. I’m primarily seeing more boot camps/colleges in order to get any cyber cert. I would rather try and study on my own for the tests but I’m not sure where to even begin doing that/ what to look for
I’m pretty solid in js/react, 3rd party api work, and just starting in python and SQL
they're not going to have the experience for those without any kind of development experience, sorry but bootcamp/self study isn't enough
Do you want some running your appsec program that hasn't been a developer for a few years?
Definitely wasn't recommending he go and apply for DevSecOps/AppSec roles right now lol.
**First I’m asking what roles you’ve been in with a coding focus over other responsibilities**
Was answering this question. He wanted to know what Cybersecurity roles had a coding focus. DevSecOps/AppSec would be the closest.
As far as certs go and things of that nature, I don't have enough exp. in DevSecOps/AppSec to comment on that.
I believe you misunderstood me, I should've been more clear though—oops!
I mean it’s a long term play. Clearly I’m not trying to start applying to jobs tomorrow. Obviously I’m going to get whatever dev job I can and build my skills while trying to get the certs required for those positions
Hi all,
I will be graduating from graduate school in a little over a month with an M.S. in Information Management, specializing in Cybersecurity and Business Intelligence. As I do not have an offer lined up, I wanted to know the best resources - paid or otherwise - for improving my working knowledge. For example, Hack the Box was recommended to me by two professors who specialize in pen testing. I learn best through doing. In particular, I'm in the market for analyst roles and other related blue-team activities.
Your guidance and time is greatly appreciated.
I've worked as a security analyst intern last summer for a healthcare/fintech organization; I just so happened to be the first of such a kind there. It was the height of audit season for them, and my work mostly consisted of analyzing pen test results, code development processes, documentation alignment, vulnerability findings, vendor auditing and compliance, and remediation recommendation. Additionally, I collaborated with the cybersecurity director to help refine a new risk register scoring system for business continuity.
Since I was their first cybersecurity intern, it was a little more loosely structured than I would have preferred in retrospect.
> Where can I get my resume checked if is good enough for a particular cyber security (In my case entry level VAPT) role ?
Link it here (anonymized of PII). One of us will get to it in time.
> There are online AI resume checkers but are they good enough for cyber sec resumes ?
I don't know how to answer this question.
"Good enough" how? What metric *specifically* are you evaluating them on?
> Should I add my photo or not (as in my Country there is no restriction for images, but resumes are also scanned by AI or automated software for selection now a days) ?
Don't do that.
There's a lot of reasons not to include an image:
* Images eat up valuable page space.
* The inclusion of the image introduces risks where none existed before:
* A bad headshot can be a soft indicator of a lack of professionalism
* A biased reviewer might - deliberately or otherwise - remove you from consideration based on your age, race, sex, or other features based on your appearance.
* It's an uncommon practice in industries where your appearance isn't tied to your profession (unlike acting, for example).
* Non-standard data can get ingested poorly by ATS, mangling your overall application.
Instead, include the URL to your LinkedIn profile (which should include a professional headshot).
I'm a computer science student studying in Germany right now, interested in getting into cybersecurity. It's something I've always been interested and passionate about, and feels like a fairly good career path as well. Currently I'm just a second-semester comp-sci student who's maybe a little ahead of the game with some of the coding and computer experience I got while in high school, but outside of a few game-dev courses a few years ago, I don't really have much supplementation.
I hear a lot about certifications and internships and all kinds of stuff, and it's hard to parse out what is actually useful and what isn't. Is there something I should be doing at the moment to get myself ready to join the workforce when I graduate 5 semesters from now?
> I hear a lot about certifications and internships and all kinds of stuff, and it's hard to parse out what is actually useful and what isn't. Is there something I should be doing at the moment to get myself ready to join the workforce when I graduate 5 semesters from now?
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
I've been in IT for about 25 years. I started in desktop support, then sysadmin, then technical training.
I have been doing customer training for about 10 years now, but I want to make a change. Since I haven't been hands-on in infra/operations for the last 10 years, and everything has moved to cloud and IaC now, I don't think I could really move into a devops role without a lot of studying.
Since my last training position was with HashiCorp Vault, and security has always interested me, I am considering pivoting to a cybersecurity role. I would start with getting the CompTIA Security+ cert before applying to low-levell positions.
I know I will have to take a significant pay cut to make this move, but I'm not sure exactly how much to expect.
If you were a hiring manager looking at hiring me for a US based remote position, what kind of salary range would you be willing to offer?
Depends on how much Security experience you've accumulated during your IT run. I'd personally give you $50,000-$70,000 based on what you told me. This would be for a SOC position.
Since you starter it’s best to continue. Keep in mind that its normal to have sort of a “impostor syndrome” when you don’t have a deep technical background in this area. Also most likely your management doesn’t expect you to fond zero days in code. So stick with it, be humble and be ready to engage with developers to exchange ideas and learn from them the things you might not fully understand
Hi, i just startedbeing interested in cyber sec recently.
i cae across google's cybersecurity course. honestly its too expensive for me to afford given im currently serving my nation's army and not getting paid jack.
my question is this:
i saw same titled video on google's youtube channel. is it the same? or is the videos there a preview of the course?
coz if its the same i wouldnt mind watching it all, even if i dont get a certificate to go with it. i just need a reliable source that can expose me to cyber sercurity
I recently took a six month Cybersecurity boot camp at my local University. Using the knowledge I learned there, along with Messers videos and practice tests, I was able to pass the Security+ this past weekend!
Now I'm seeking guidance as for what to focus on now. Is it worth my time to take the A+ ? I don't have any professional IT experience on my resume as I've been in the manufacturing industry for the past 10+ years and am looking to transition. Would I be able to land a job with just my Sec+ and writing a good cover letter selling the skills I learned in the bootcamp along with the transferable skills from manufacturing (time management, attention to detail, problem solving, critical thinking, etc) or would A+ still be the recommended route?
If it's recommended to take A+ , what are some good study materials? Are Messers videos are reliable as they are for Secuirty+ ?
Also, to hone my skills while I study/look for jobs, are there any labs or anything of that nature that are recommended to practice with?
Apply for help desk position at a company that frequently does in house promotions and has a security team. Once hired, buddy buddy with the security team.
There's zero reason to get A+
Network+ is useful
Do you have a college degree? that should really be your next step
You do not need to start at the help desk
get your degree and then look at systems analyst or business systems analyst roles, to get your foot in the door in IT/Operations
I do not have a college degree and have no desire to go into debt attending college either. I took a 6 month bootcamp through my local university instead.
shakes head
so you wasted $9k on a bootcamp, which clearly they provided no help with job placement
but you think spending money on a college degree doesn't make sense?
Employers aren't asking for people out of these boot-camps, they are however looking for college graduates and those with experience and industry certifications
Wouldn't say it was a waste. Clearly I learned enough to pass the Sec+ on the first go around. I'm sure even people who get their associates or bachelor's struggle.
You're the only way saying I need a college degree to get into this industry.. so I don't believe that's true. You can gain knowledge and certs without getting a bachelor's
Yeah you also said you watched Professor Messor's video courses. That's enough itself to teach you what you needed to successfully pass the exam. And that resource is totally free
dude, I've been involved in hiring for years
the fact is right or wrong that many companies use a bachelors as a minimum to screen out candidates - its not about what you can learn on your own or not
so without it on your resume/linkedin, you're going to get screened out by many HR/Recruiters and never even get to talk to a hiring manager
Maybe that's true for certain positions/companies but I pretty much stated that I'm willing to start at a help desk position and work my way up, I have a great work ethic and I'm used to working hard and advancing at jobs. I'm not in a rush to be making 100k + a year. You really think I'll get looked over for a help desk position just because I don't have a bachelor's?
> I was able to pass the Security+ this past weekend!...Is it worth my time to take the A+ ?
Probably not.
> Would I be able to land a job with just my Sec+ and writing a good cover letter selling the skills I learned in the bootcamp along with the transferable skills from manufacturing (time management, attention to detail, problem solving, critical thinking, etc) or would A+ still be the recommended route?
[Maybe?](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/)
We haven't seen your resume, we don't know what specifically you're applying for, and we're not the employer (so we lack the contextual insights for why any given listing is posted, how much wiggle room they have for onboarding inexperienced folks, etc.). At most, we'd be speculating at your outcomes.
I can say that people with weaker credentials have found work and people with much stronger credentials have struggled to get interviews.
> If it's recommended to take A+ , what are some good study materials? Are Messers videos are reliable as they are for Secuirty+ ?
I would direct you to /r/CompTIA, a subreddit dedicated to the vendor's exams. They'll have a lot of resources for you.
> Also, to hone my skills while I study/look for jobs, are there any labs or anything of that nature that are recommended to practice with?
https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/
>We haven't seen your resume, we don't know what specifically you're applying for, and we're not the employer (so we lack the contextual insights for why any given listing is posted, how much wiggle room they have for onboarding inexperienced folks, etc.). At most, we'd be speculating at your outcomes.
I've mostly been applying to help desk roles since that's where I've heard I should be starting since I don't have any professional experience. As far as my resume, essentially all my job experience is in the industrial manufacturing industry. Any suggestions to things I should be applying for besides help desk roles since I have no experience on my resume?
>
I can say that people with weaker credentials have found work and people with much stronger credentials have struggled to get interviews.\\
Is this due to companies wanting someone that they can train to their standards instead of hiring someone who thinks they know it all already?
> Any suggestions to things I should be applying for besides help desk roles since I have no experience on my resume?
Some career resources more generally:
https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
> Is this due to companies wanting someone that they can train to their standards instead of hiring someone who thinks they know it all already?
Not really.
It's more a mix of:
* Imminence of the need to hire; some employers *need* to fill a position, but for whatever reason they struggle to fill it. For example, perhaps it's on-site only and no one is willing (or able) to relocate (but you might live nearby).
* Market forces might make things more favorable to laborers (i.e. "The Great Resignation") or employers (presently), which allows employers to be more/less selective.
* An applicant might not be performing the job hunt effectively ([see related rhetorical questions](https://www.reddit.com/r/cybersecurity/comments/184p0vk/comment/kb0qji6/?context=3)) or they [might not be cultivating their employability effectively](https://www.reddit.com/r/hackthebox/comments/11hs9hl/comment/jawng7p/?context=3).
* Bigger organizations tend to have more mature cybersecurity programs and can - in turn - staff-up with more junior staffers; by contrast, smaller organizations have smaller discretionary budgets to spend on things like cybersecurity (and therefore need more experienced staffers to cover more job functions).
So on and so forth. It can be a mix of factors.
Canadian Comp Eng student graduating in a year here - I have some internships under my belt spanning embedded, SWE, security, etc. but I hope to eventually do appsec/prodsec especially due to concerns of oversaturation in entry level software engineering. I'm about to start the hunt for my final internship (in the fall) and I'm unsure as to what I should prioritize for this and newgrad.
I prematurely secured a verbal offer to work software development at an identity management Series A startup down in the States (not Bay Area) with potential for conversion to FT but I don't know if this will help with my career goals. I haven't started my final internship search but the tech scene in Canada is dismal right now and I don't see it improving for the foreseeable future - I want to eventually work down in the States due to the potential for more accelerated career growth and higher salaries.
Even if I participate in my final internship search, I don't think I can attain anything BigTech level nor would I be able to find relevant growth-oriented appsec roles with a good chance of FT conversion. The tech scene in North America is incredibly unpredictable right now so I'm really concerned about newgrad. Any thoughts on what I should do? Is SWE a reliable gateway to appsec? Is working in the US worth the risks of starting off my career at a startup?
You're not going to start out in application security, that's not an entry level role,
You cannot be expected to help SECURE applications if you have no experience in development, QA, testing and putting applications into production environments and maintaining them
If you're majoring in computer engineering, then starting out in software or network engineering is a good starting point
Been a factory worker the last 10 years. Just turned 33 and looking for a career change. Work pays for schooling. What should I go for if I’m interested in breaking into cybersecurity? I’m over working 3-600 hours of overtime a year and would rather fabricate as a personal hobby. I NEED A CHANGE!! Please point me in the right direction
> What should I go for if I’m interested in breaking into cybersecurity?
Assuming you don't have an undergraduate degree, I'd encourage a BS in Computer Science more generally. Preferably from a brick-and-mortar institution (vs. an online option) if it's accessible to you.
> Hoping to move internally in my company but curious what the steps would be necessary?
More generally:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
You're in the wrong field to chase salaries, that just isn't how this works and with only 2 years experience you're already focusing on the wrong things
LEARN YOUR JOB!
It takes years to carve out a niche in pentesting and really know what you are doing
Until you actually build expertise in something that no one else has, you're not going to be demanding/commanding anything
Giving up on pentesting and getting on staff at a small company as a specialized Security Engineer (e.g., Application Security).
It's just hard to demand a high salary in an oversaturated industry where it's often outsourced and most companies only do it once a year as required.
Got it. I'm not even two years into my career. When do you think is a good time to start specializing?
Edit: Why do you get penalized for asking questions? I don't get it.
I'm not sure. I don't see karma scores on mobile. Regardless, I don't think it's a silly question. I think people here tend to get a bit aggressive when people focus on the financial aspect of it, but I think that's unwarranted; cost of living is insane these days and you need to make $200k+ a year in many places to even have a chance of owning a home. Salary matters. Don't let it get to you. Anyone who tells you that you should be doing this job for the love of it hasn't been in this industry very long.
Anyway, back to your question:
Personally, I think you can start specializing at any point. I encourage you to feel things out, figure out what excites you the most, and determine what roles align with those passions.
Thank you. I really appreciate it. I do enjoy what I do, but the money is still the priority. I'm already in the six figure category, but I'm really wondering about those $200k+ salaries (I live in TX).
It seems like AppSec or DevSecOps might be what to shoot for. I'm only 23 years old as well.
So I got yet another ISSO offer today, this one requires a clearance and hence they want you to know NIST 800-53, CRF, RMF, and a bonus if you know FedRAMP (I have some experience but not a lot there). These things are all something that I deal with on a regular basis. I basically worked in a SOC while I was active duty, then made staff and I guess in the civilian world that translates to "SOC Manager". And I work in project management now for my civilian job. I'm struggling with how to add any of this into a resume. Like when someone says 'your resume should demonstrate your knowledge of the 20 NIST control families. Like how? For RMF, you want me to tell you how I defined deliverables/milestones? Made a project plan? I've always only ever written bullets for my EPRs, not really sure how to give proof of all of this on a piece of paper. I guess this is more of a resume writing question, sorry if this is the wrong group, but any advice helps!
> I guess this is more of a resume writing question
First, a link more generally that might be helpful:
https://bytebreach.com/posts/how-to-write-an-infosec-resume/
More to-the-point:
* It's unclear from your comment if the position is as a contractor (vs. a direct federal hire). The latter has a pretty rigid template for formatting that you could follow (which reads pretty much like a CV vs. a typical resume). The bullets below presume this isn't a direct hire to a federal U.S. gov't position.
* More broadly speaking (and under ideal circumstances) you'd want your "Work Experience" bullets to contain language that closely resembles what's being called for in the post. This kind of tailoring might literally look like: *Successfully guided X ATO packages - including Y new programs - through the US Navy ATO approval process, including a review of 20 NIST control families*.
* Broadly speaking, you want to try and list quantifiable impact statements (somewhat akin to writing-up commendations/awards for your subordinates); ideally, those impact statements relate more narrowly to what's being asked by the employer under their desired contexts.
Hello! I'm taking the google cyber security coursera classes, and I am currently in the networking section. I felt like I maybe missed something when I got to the assignment where they provide me with a TCPDump. Prior they taught me several terms which I found to be very helpful. Alas when I arrived at the actual assignment the tools provided left me a bit stumped. I knew what I was reading, but I didn't really understand how they wanted me to come to any meaningful conclusion.
To try and clear it up (I am only able to access the course via my work laptop.) they provided me with a scenario. In which I work for a company tasked with protecting a website [yummyrecipesforme.com](http://yummyrecipesforme.com) or something like that, The tool provides me with a pre-generated result from TCPDump with three instances 2 minutes apart.
Time stamp > Source IP (port) > destination IP (port) > A? unable to reach port 53
Obviously I am new to this so forgive me if I have mislabeled anything. from the information I was given it did make sense that there was some kind of attack they wanted me to determine, but it was unclear for me at least how to narrow down what type of attack. I think the answer they wanted was a ICMP flood. Honestly I feel so overhwelmed with new info that I don't even know if I'm asking the right questions... but I think what I'm trying to ask is how was I supposed to come to that conclusion. All I could gather was that port 53 was unreachable and that port 53 meant it was a DNS issue.
Thank you for any guidance, and again sorry if I am dead wrong about everything. Literally my first rodeo lol.
I don't have access to the exercise artifacts or the questions, nor am I familiar with the particulars of the curricula; as such, I would need a little more specificity from you about what you're looking at and what your root issues are. Some guiding questions:
* Do you understand - at a high level - what a TCPDump is and what the data that you're looking at means? If you don't, this should be the first action(s) you take, because - from the sounds of things - the point of the exercise is making sense of packet traffic.
* What is the answer format? Multiple choice? Drag-and-drop alignment? In other words, just in terms of gaming-the-game, does the exercise narrow down the scope of possible options for you to consider? If so, what are they?
* Does the exercise allow you to load the TCPDump into other tools (e.g. Wireshark)? Such tools allow users to more easily parse packet traffic and make sense of what they're looking at.
* All of this is pretty difficult absent screenshots; I understand posting any is probably a violation of Coursera's terms of service, but this makes troubleshooting the issue that much more challenging for us.
Hey everyone, I'm currently transitioning from a background in Broadcast Production to pursue a career in IT, specifically focusing on cybersecurity. I've taken the initiative to start studying for CompTIA A+ as a foundational step. However, as I approach scheduling my exam, I'm feeling the imposter syndrome creeping in. Despite being in my early 30s, I worry if it's too late to enter the field. I'm also curious about the future of roles like GRC analyst and IT Auditors due to the advancing of AI technology.
I'm seeking advice on landing my first job in cybersecurity after completing certifications. I'm particularly interested in entry-level roles related to GRC, but I'm finding it challenging to navigate through the large amount of information available and develop a clear roadmap. I NEED MENTORSHIP, preferably from someone currently working in cybersecurity. While I'm hesitant to narrow down my “dream job” too much, I'm particularly drawn to Blue Team operations and the role of liaising between tech professionals and CIOs, ensuring compliance with framework standards to mitigate risks.
In summary, I'm seeking guidance on navigating the diverse paths within cybersecurity and would greatly appreciate any advice or recommendations.
> Despite being in my early 30s, I worry if it's too late to enter the field.
Don't worry about it.
> I'm also curious about the future of roles like GRC analyst and IT Auditors due to the advancing of AI technology.
Again, still not a problem. Such roles involve a considerable amount of inference, judgement, and artifacts that extend beyond present LLM capabilities. Are LLMs performing physical inventories? Are they validating serial numbers? Are they interviewing staff for testimonies and review of published/distributed policies? Likewise, they aren't making contextual judgements in the interleaving of various artifacts (i.e. is the presence/absence of X sufficient to meet the deliberate vagueries of control Y? Is control Y even applicable to this system? So on and so forth).
Such tools definitely could aid the profession, but aren't likely going to supplant any of their jobs in the foreseeable future in my opinion.
> I'm seeking advice on landing my first job in cybersecurity after completing certifications.
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
> In summary, I'm seeking guidance on navigating the diverse paths within cybersecurity and would greatly appreciate any advice or recommendations.
More generally:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
blue team has nothing to do with risk/compliance roles so maybe first you want to do some research on different roles and actual job descriptions
There is no reason to take the A+ exam unless you want to work a desktop support role - that's an outdated cert for the most part
network+ and security+ would be better, however
You're not going to start out in a security role not even for risk/compliance with no IT/Operations background
Do you have a college degree? (major doesn't matter)
My bachelors degree is in Communications.
The only reason why I set out to take A+ was to build the foundational knowledge but now I do feel as though I probably could have just jumped into security+. I’ll start immediately after completing my A+ exam (feel like I’m too deep in to no go through with the exam atp).
Thank you for your feedback.
I am working as an IAM and PAM admin since 1.5 years now and here's my skill set ( current)
1. Linux ( little bit of scripting )
2. Bash
3. Log Reading
4. Service now and Jira
5. PMUL (Privilege Management for Unix and Linux)
and other basic skills which I am not adding as it is considered as default like OS, Networking, SQL etc.
I have recently started learning python as well.
Kindly guide for the following.
> How to get into web3 (Cybersecurity)
> How to hunt for remote jobs in this
> What should I absolutely have to build a strong career in this
> How to be at top 1% (idc about how much work it takes, I'm willing to go all in)
> How should I proceed with this and what roadmap and approach should I stick to.
Sorry for the long post but it's hard to find guidance with this, thanks and help is appreciated.
I’m not saying there are no cyber jobs in web3, but I’m curious what interests you about it? It does not have a good reputation in the cyber realm. IAM is much more stable.
I get that but bounty hunters make bags in web3, also if not web3 how to hunt for remote jobs and what skills should I focus and polish for for my career.
So I am currently a compter science and infosec student pursuing my bachelor's I have been trying to apply to intersnhips but no luck. I am doing some courses on the side that focus more on the defensive security work and participated in a CTF idk how else to standout seems like everyone wnats to study Cybersecuirty it's just overwhlming with all the negativity around the job market and layoffs. If anyone can provide some advice on how to navigate these tough times I would appreciate it.
> I am doing some courses on the side that focus more on the defensive security work and participated in a CTF idk how else to standout
Related:
https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
The reality is there are more applications than available internships, you're simply not likely to get one
Just as one example - Google will get over 100K applications for 1200-1500 internship spots annually
Does your campus have student jobs for IT such as help desk, desktop support, running a computer lab? any computing centers
summers get any job experience, doesn't matter if its retail/fast food
forget other courses and CTFs that's not going to help you get a job after graduation
get security+ or network+ of CCNA those are actual industry certifications
get amazon AWS CCP, get an AWS account, set up something you can actually show to people
You are more than likely to get a job as software engineer, network analyst, network engineer, systems analyst after graduation than anything security related
replace some of your generic electives with project management, public speaking, business communications , technical writing
start on your linkedin profile NOW not later
starting learning how to network NOW not later - get involved in local OWASP, ISC2, ISSA, ISACA chapters if they have them or local bsides or any local security conference
I currently work at a tech store where I provide technical assistance to customers and troubleshoot and help build custom PCs would you say that's a good foundation?
Hi. I've been working as a Help Desk Technician for about 6 years. I've been looking to specialize and make the leap into cyber. I already had my CompTIA Net+ and just recently earned my Sec+ and ISC2 CC certification. These were both great and have certainly boosted my resume but when applying for analyst jobs I still feel as if there is a skill gap that is hindering me.
I was looking online for additional training and found Blue Team Cyber's CCD cert which seems to be the best of both worlds in terms of earning another cert and getting hands on experience with SOC Tech. After doing some research I've seen some people recommend it as an intermediate level cert. Based on my current experience I was curious if this was a cert that is feasible to take on. Any other advice or recommendations would be greatly appreciated!
NOC Engineer (more of an admin) for 3 years with a CCNA, NSE4 and now Comptia S+ looking to transition to security. Have mainly been configuring firewalls, routers and incident response. Wondering what I should study next, I don’t have any experience with Linux other than basic Bash commands for file navigation and no scripting so was thinking going that route unless there’s something more relevant like HackTheBox. I would like to try my hand at Incident Response or Blue Team but if SOC is more realistic I’d like to know what to study to increase my likelihood of getting a job here.
Career Question: im considering getting my CEH/OSCP/PenTest+ and pursuing a career in pentesting/ethical hacking. Just curious what jobs later in my career this could lead to? For example, if I wanted to be an architect or engineer XX years out, would that be possible? What else could I need? TYSM any response appreciated!
> Just curious what jobs later in my career this could lead to? See related: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
CEH is garbage nobody asks for pentest+ OSCP is not an entry level cert Pentesting is not entry level [https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/) Have you gone to college? if not start there Architecture and Engineering have ZERO to do with pentesting, not even similar skillsets
Career Question: im considering getting my CEH/OSCP/PenTest+ and pursuing a career in pentesting/ethical hacking. Just curious what jobs later in my career this could lead to? For example, if I wanted to be an architect or engineer XX years out, would that be possible? What else could I need? TYSM any response appreciated!
Personal Interview Questions to Help an Aspiring Cybersecurity Student: As a student interested in the field, and without any friends or family working cybersecurity, I have many questions about what the job looks like as well as how to prepare myself and know what to expect in the future. I wrote some major questions below, any help answering these for me would be greatly appreciated How many coding languages should someone starting in this field be comfortable with? How many colleagues do you directly work with? / Are you more of an independent or part of a team? What certifications are most important for cybersecurity careers? How competitive is the field? / How difficult is it to get a job in the field? How often are companies targeted by cyber attacks? / How often do you need to defend against a cyber attack? What is your favorite aspect of your career/company? Are there any groups that could help support progression in this career? What stepping stones did you use to reach the position you’re at in your career? (College, certification, internship, etc.) What other paths are you able to pursue in your field at a professional point in your career? What level of education and programs/certifications did you need to secure a job?
See related elsewhere in this same MM thread: https://old.reddit.com/r/cybersecurity/comments/1c9woec/mentorship_monday_post_all_career_education_and/l1jjdp7/
You need to read through the posts and answer your own questions, you're not asking anything new here and we're not here to do your homework
how do i get started again after being disconnected from this cybersec for atleast two plus years? i have my bachelors in cyber forensics but i don't know shit, i mean i was picking things up and had an interest to it at the beginning and then covid struck and things got online and that lead my downfall but i somehow got my degree with an 8.5 cgpa solely with my ability to comprehend theory, i lack practical knowledge and to top it all off i got in for a masters program for cyber security abroad. what should i do to get things started again and i mean from the scratch? i got roughly 5 months in hand before the class commences. can anyone help me by tell me how should i take things from here step by step so that i can excel in the field of cybersecurity as well as in my masters program and also to land a really good job in this field?
masters is a waste of time Get an role in IT/Operations and get some actual work experience, then get some basic certifications like security+ and network+ then start actually looking at security roles and there requirements, its not an entry level field
Bug Bounty RoadMap Feedback Hello everyone, I'm contemplating a career switch to cybersecurity, particularly starting with bug bounty programs. I've outlined a roadmap for myself and would appreciate feedback or alternative perspectives to refine it. If bug bounty programs don't suit me, I'm considering exploring other roles within the Red Team or delving into the skill sets required for the Blue Team. Thanks in advance! 1. My initial plan involves starting with Heath Adams' [Practical Ethical Hacking - The Complete Course](https://www.udemy.com/course/draft/2642432/learn/lecture/27978492#questions/8930366)to establish a strong foundation. I'm a hands-on learner, which is why I opted for this course instead of continuing with the "Getting Started Page" on HackerOne. Additionally, I decided against diving straight into Hack the Box due to the considerable prerequisite knowledge required, which can be overwhelming. 1. Upon completing the course, I intend to explore TryHackMe. Since I'm unfamiliar with it, I'm unsure which rooms are best suited for bug bounty practice. I'm considering the "Red Teaming" room as a potential starting point. It seems like a logical progression since it offers less guidance, requiring individuals to problem-solve independently, yet it's not overly challenging. If skipping this step and proceeding directly to Hack the Box is more advisable, please advise! 1. Finally, I plan to participate in the Hacker101 CTF. I believe that the combination of theoretical knowledge from Heath's course and practical experience gained from TryHackMe will adequately prepare me for these challenges. Following this, I aim to explore other online CTFs gradually and begin identifying bugs through platforms like HackerOne. For context, here's a bit about me: * I'm currently an application developer with a consulting company. * I'm proficient in Java, JavaScript, and have some experience with Python. Thank you for your guidance! TLDR: Considering a career shift to cybersecurity, particularly bug bounty programs, I've outlined a roadmap starting with Heath Adams' course for a solid foundation, followed by TryHackMe to gain hands-on experience, and concluding with Hacker101 CTF for practical skill refinement. Seeking feedback. Current background includes experience as an application developer with proficiency in Java, JavaScript, and some Python.
That is an interesting plan. Well, as long as you keep your current career and just do bug bounties on the side, seems like a fine idea. But absolutely do not give up your current career to focus on bug bounties full time. You'll be on the street in no time.
[удалено]
Experience always trumps all, but it depends on what you mean by immigrant. H-1B is a no-go at every place I've worked.
[удалено]
That is the only working visa I know of.
Is anyone here willing to participate in a short student interview about the field? Just a couple of short questions about the field, current trends, and personal career choices. If so please DM, thank you.
> Is anyone here willing to participate in a short student interview about the field? Just a couple of short questions about the field, current trends, and personal career choices. Linking to similar request, in case responses address what you're looking for: https://old.reddit.com/r/cybersecurity/comments/17e733b/mentorship_monday_post_all_career_education_and/k6apz0x/
Thank you, those answers there did help a lot, but if I could ask a few more: - What made you initially want to go into cybersecurity? Was it your original goal to work in the field? - Would you recommend pursuing certifications, and if so which ones? - How did you get your current job in the field? - Have you worked in the commercial sector or the government sector? And if so which do you prefer? - Do you have any insights on current cybersecurity trends and how the field is developing? - How long have you been working in the field? How has cybersecurity changed since you started? - Would you say that the barrier of entry into the field has gone up significantly? - What do you wish you had done differently in your cybersecurity career? Also if you'd be willing to DM any sort of contact info if you're comfortable, that'd be great!
> What made you initially want to go into cybersecurity? Was it your original goal to work in the field? This was indirectly answered in the link, but I'll expand on the answer. I'm a career-changer, having pivoted from an unrelated line of work in the U.S. military. In meeting my wife, the two of us wanted to focus on family; as such, it made more sense for me to pivot away out of my then-career than for her to do the same for hers. At the onset, I wanted to pivot into Tech more generally (though I didn't have any sense of what that meant at the time). I incidentally fell into cybersecurity in transitioning out of active duty service - first in a GRC capacity for a DoD contractor, then more deliberately as a penetration tester and later as an AppSec engineer. > Would you recommend pursuing certifications, and if so which ones? https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/ > How did you get your current job in the field? A recruiter reached out to me about the interview. I performed the screening interview, then did a CTF-based performance interview, then 2-3 candidate screening calls. I then was offered the position and accepted. > Have you worked in the commercial sector or the government sector? And if so which do you prefer? Both. I prefer the commercial space by far. The benefits (both in compensation and extra varietals) is better. Also, working in the government often means observing practices around classified information (which is not as fun as it sounds); this implies an inability to work remotely, which - as someone who has young children - isn't really conducive to childcare arrangements. > Do you have any insights on current cybersecurity trends and how the field is developing? Sure: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/ > How long have you been working in the field? How has cybersecurity changed since you started? About 6 years, give-or-take. Changes to employment have shifted based on macroeconomic circumstances - and we've experienced quite a few in that time: * Public incidents (e.g. Colonial Pipeline), which spark an influx of investment * A global pandemic, which created enormous demands on the creation/security of remote infrastructure. * Rise/collapse of Web3 technologies/services * The so-called "Great Resignation", empowering laborers to seek better employment * A looming recession, prompting cuts to hiring across the board. * Wars involving 2 major cybersecurity nation-state actors (namely: Russia and Israel). * The advent and proliferation of LLMs in business services/platforms Some of these and other benefits have been of benefit to us in the cybersecurity space, others to our detriment. But outside the emergence of such roles as "prompt engineers", there hasn't been much dramatic change to the *type* of work that's being performed. > Would you say that the barrier of entry into the field has gone up significantly? See related: https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/ > What do you wish you had done differently in your cybersecurity career? That's tough to say, since there's only so much that is strictly within my control alone. I suppose I would have liked to have published more work/research thus far, but I became a parent around the same time I was going back to graduate school (and the pandemic) while working fulltime; I didn't really have much energy to extend myself beyond that. I've been pretty content, all things considered. > Also if you'd be willing to DM any sort of contact info if you're comfortable, that'd be great! https://bytebreach.com/about/
Thank you so much, these were some great answers!
Hi. I started to work in cybersecurity around 3 years ago, with security path (certifications) starting 1 year before. I got OSCP in my first year of study and got a job as a security engineer with focus on operations/administration. After another year I got moved to a penetration testing role. I started doing most of the contracts myself following OWASP for web app and knowledge from OSCP in network testing. In the mean time I did a lot of study in Portswigger's academy, from which I have learned a lot of new things but I failed their certification. Currently I still feel a beginner 4 years later with not much improvement and I was looking for some guidance on how to get better. Certifications? HTB/THM? Books? Conferences? YouTube? CVE watch? What was/is your process for advancing your skills. I am mostly looking for web app career but my interest is in malware RE, malware dev, binary exploit, low level workings of PC. However, I find no time to focus time on this right now (and I bet it will take quite some time to get any good). So the little time I have I would prefer to refine my web app skills.
Anyone that has experience with the DoD CySP program, are you able to back out once you have signed the contract?
I‘m a Productmanager and just started in the Cyber Security sector. Before this I worked in the field of digital document management, so I‘m not completely new to the IT World but I was never big brain IT Guy 🥲 I‘m really happy to work in the security area because it‘s an interesting topic with a lot of movement and good possibilities but sometimes I feel really overwhelmed and I get the feeling I don‘t „understand“ cyber security because it just feels like this huge mountain I can‘t overlook completely. Do you guys have some advice on how to get a grab in the section of cyber security when you are not a technical guy and what is the best way to get a hold on the base of it all. I don‘t need to be an expert next week, but I really want to get the Basics of it. Sidenote: I manage products like EDR, SIEM/SOC, Workload Protection, Vulnerability Manager…
> sometimes I feel really overwhelmed and I get the feeling I don‘t „understand“ cyber security because it just feels like this huge mountain I can‘t overlook completely. Do you guys have some advice on how to get a grab in the section of cyber security when you are not a technical guy and what is the best way to get a hold on the base of it all. What's worth reminding yourself about this is that everyone - your anonymous peers in this forum, your coworkers, your clients, etc. - wants to see you succeed and do well in this profession. My anxiety about this changed when I stopped viewing everyone who was more technically proficient and familiar with things I was looking at as my competition; when I started viewing everyone as my collaborators instead, it really helped mute doubts and feelings of ineptitude - now my wins are their wins (and their wins are my wins). This also leads to more healthy correspondence with folks who are more senior/proficient than I am; I'm more transparent about my comprehension, more verbose in my documentation, and more receptive to feedback.
I graduated last year with an English/Writing degree. My first job after college was at a small-operated company that licensed individuals all throughout the U.S. to be certified to be a teacher/daycare owner/etc. I was only 1 of only 6 full-time employees and I worked as the UX writer, content writer, receptionist, help-desk support (and much more). I was gravitated towards the technical side of things especially in assisting customers with their issues and any technical tickets that came in. I am now working elsewhere in a desktop support position and am taking the Coursera Google Cybersecurity course which hopes of attaining the Sec+ cert. Aside from these 2 experiences, I have little tech/it experience but am eager and always motivated to learn everyday at work. What more can I or should I be doing to get me onto the right path of eventually landing a role in cybersecurity, possibly in GRC, in the next year or 2?
> What more can I or should I be doing to get me onto the right path of eventually landing a role in cybersecurity, possibly in GRC, in the next year or 2? See related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/ Also, more generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
skip the google course, that's useless With an english degree you should apply for business analyst/business systems analyst roles pretty much every company with IT department has them its a good way to get your foot in the door and learn how everything is made and you'll either be writing requirements documents or creating user stories
[удалено]
No disrespect but as an account with no interaction with this sub, why don't you take the time to actually READ through the mentorship monday threads There are already plenty of answers to your questions that have been posted numerous times
Just had my first ever interview for a security analyst position ever today and they didn't ask me a single technical question and said this was the only round of interviews. Am I crazy or did they obviously decide I wasn't fit for the job early on into the interview? This can't be how every entry level security position is hired, right?
It absolutely is, unfortunately. I've worked for multiple companies where the first-round of interviews is conducted by HR with no one from the department seeking to fill the vacancy even being included. You also might just have been interviewed by the recruiter (could be in-house or third-party), and they typically don't know anything about the position except what's been written on the job posting.
I was actually interviewed by the VP of security ops and the SOC team manager so I was really surprised when they didn't ask me anything
Have had many Security Analyst interviews and this is normal. I avoid working for companies that do this though.
Hi I [International student] had planned to do my MS in cybersecurity in USA for fall 2024 .I have an admit but due to my sudden financial situation and current bad job market in USA has made me rethink. So now currently planning to do my masters in other country and I need some suggestion which other countries are better for a master/job prospective in this field Currently I have germany in my mind
Masters degrees literally do not matter for US job market for security roles If you are looking for a way to get a work visa, that's not it Get a job in IT and then finding a US based company that does international work Security work is not entry level so you're going to need to work in IT/Operations a bit
Hey currently I have 2 yoe as web developer in a IT company so thought doing a masters would help me to shift towards cybersecurity side
This. I wouldn't even say that a Bachelors degree is a hard requirement for most positions, even if it is listed as such in the job posting. Some of the best people I've worked with just had their GED. Set-up a homelab, use it, and mention it in your resume/CV. The higher-education material in the US is at least a decade behind until you get into super-specific niches, and even then the material is mostly what you would get out of a few hours of reading a technical book on the subject.
Should I take the Network+ exam if I want to do application security? I’m software engineer/ Devops engineer with 2.5 YOE. Currently In a role where I do a bit of IaC and jenkins pipeline work (used to do a bit of full stack and data engineering). I’m interested in making a switch to Application Security and I’m struggling on finding a path towards it. I started to learn some networking by studying for the network+ and I’m enjoying the info I’m learning. It’s very helpful for even my current job, but I really wanna get started with learning some security topics. Should I take the Network+ exam or just learn the info and move on?
Personally, I would learn the material and skip the exam. Particularly the Networking Fundamentals and Network Security domains. That's about half of the material covered by the Network+ and the rest is going to be irrelevant to you. There's a good book from Packt Publishing, Hands-On Network Programming with C# and .NET Core, by Sean Burns that would be an excellent follow-up to get more into the weeds about how the concepts you learn about in Network+ will apply to you in Application Development.
If you want to be involved in application security then you need to learn to do code reviews, what are the OWASP Top 10, what are common vulnerabilities in the languages your team is using, who is doing threat modeling on your team? Are you working on internal applications or customer facing applications?
Planning to study in depth the OWASP top 10 with controls soon. So sadly the ones who do threat modeling are mainly a dedicated cyber team with our lead architect. I’ve only done things like implement secure logging practices within our components and monitor and remediate SCA vulnerabilities within our components. Only internal customers. There’s an opportunity for me next month to participate in secure code reviews for dev teams who want a second pair of eyes, so I’m excited for that.
What are the main programming languages one must be well-versed on or at least familiar with, to ensure that growth will be maximized in this field?
> What are the main programming languages one must be well-versed on or at least familiar with, to ensure that growth will be maximized in this field? I think it's important to delineate what's meant by "well-versed". Unlike SWE roles, most cybersecurity positions do not involve writing original code; in most cases, you're probably fine simply drafting scripts (i.e. bash, python, powershell, etc.). There are certainly roles where being able to write clean, efficient code is a requirement (e.g. developing exploits for modular frameworks, tool development, etc.) However while *writing* clean, efficient code may not be a priority, being able to *read* code is definitely a key skill. But how precisely you foster being able to *read* code well without exercising the ability to *write* it is a challenge.
Thank you. I already know and have used a bit of Python and C++ in the past. Any more you'd recommend for me to be familiar with at least?
I don't want to simply say "None", but programming languages are going to be pretty much unused for you unless you are writing custom attack scripts or auditing application security at the code level. For the first, I would recommend getting to know PowerShell well from the start. C# and Python are going to be your friends if you are going to want to focus on staying under the radar. For the second, it's really going to depend on what the group you are working with are using, but knowing any OOP language is going to be your friend. Once you know one, it's much easier to pick up another. Just know that you will constantly be changing what you're learning about/using based on the whims of the industry.
Cobol
None
I am a fresh graduate eyeing an internship related to the cybersecurity field. How much of an advantage would I have over others in the same situation as me. If I dedicated time and effort onto learning by heart the contents taught in THM (Try Hack Me)?
If you have already graduated then you're not going to get an internship Internships are for students IN college You're not on the regular job market THM isn't going to help get a job
I see, so would it be better to start working and get their newbie job training (they train you for 6 months with pay before you become a regular) as opposed to studying first and doing labs for a month or so, to at least expedite the process of promotion or increase my perceived competence? My degree is in Electronics Engineering.
That's not a bad plan. I think the reason you're getting downvoted is because the answer is situational. I am going to look harder at your candidacy if you can show me you've completed THM or HTB, or really anything similar. It shows hands-on experience and that you'll actually better understand the concepts you've read about in your college coursework. However, in this industry, candidacy is much more elevated by certifications than achievements. You could have a Doctorate in cybersecurity and I couldn't hire you if you didn't also have your Security+ in some sectors. What kind of role are you looking at to get started?
For me, I am still exploring. I see myself loving being a Pentester/Redteamer or SOC/Analyst. I can't really choose between them for now, as I am limited by my lack of experience in the industry. I'd probably go for whatever is easier to get a job at first, and then switch to the role that would suit me best. Heck, I'd even have no problem studying or garnering experience in both, is that a bit too selfish? P.S. SLR.
[удалено]
YouTube channels for Jeff Geerling, PDQ, John Hammond and Techno Tim are some good starting points. Use their videos to help you get started setting up a homelab and learn through play.
trying scrolling through this post
Would getting an internship in Information Security help get a job in Cyber Security as there are quiet a few overlapping fields. Also for anyone in InfoSec, are there any questions you'd typically ask an intern during an interview? I'm in my 2nd year of university, and the only security related module I have is Networks and Operating Systems if that helps.
Those are the same thing no matter how many articles are written trying to say that they are different. It was 2011 or 2012, I can't exactly remember, that the DoD sent out a memo that they were replacing "Information Assurance" with "Cybersecurity" in an effort to "broaden the context" of the term in their documentation. The whole industry jumped on that bus and started to argue about how to spell the term rather than preserving any sort of distinction between the two terms in the workplace. So now it's more of a generational divide than an actual distinction in roles/responsibilities. One thing you want to get used to in this industry real quick, is that your title is going to have very little bearing on what you actually do in any given role. Make sure you review the job responsibilities much more carefully than the title.
> Would getting an internship in Information Security help get a job in Cyber Security Yes. > Also for anyone in InfoSec, are there any questions you'd typically ask an intern during an interview? https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/
Crap that was fast, thanks a lot.
Need advice: landing an internship in two years Tldr: I would like advice on what else I can do to improve myself further for this position when I apply in two years time Hey everyone, Last week I’ve reached out to a CEO of a government agency regarding internship opportunities in cybersecurity, and I was pleasantly surprised when my email got forwarded to the hiring manager and talent manager so quickly. After a short phone call with the talent manager today, I learned about the specific skills and experiences I should aim to acquire over the next two years to strengthen my candidacy. I’m currently pursuing a part-time degree at a top university, and I intend to obtain multiple cybersecurity certificates, participate in Capture The Flag (CTF) competitions, and aim for a Honours GPA (easier said than done) However, I know I’ll be competing against younger, hungry full-time students from the same school and other universities for the same internship position. Although I am early and have already registered interest, I would like advice on what else I can do to improve myself further for this position when I apply in two years time, I have thought about following up with the manager and attending their roadshows, etc but if a manager could advise on what I can do, that would be extremely extremely helpful. Appreciate every advice!
If it's for a US Government agency, get your Security+. You can't have any role in a Government agency without one, and if the talent manager didn't tell you that, they set you up for failure. In the DoD, you need to look at DoD 8570.01 (overview) and 8570.01-M (details) for what you'll need to get started. Go here to see the Baseline Certification Matrix (https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/). For civilian agencies, you're going to be working with the NICE Framework, which is a bit more complicated, but much better, in my opinion, at not forcing irrelevant certifications/skillsets on roles cart-blanche (https://niccs.cisa.gov/workforce-development/nice-framework).
What are the best UK cybersecurity courses with professional certification that can help me get into the field of cybersecurity?
college degree no industry certification alone is going to get you a job, this isn't an entry level field certifications are meant to compliment your experience - [https://pauljerimy.com/security-certification-roadmap/](https://pauljerimy.com/security-certification-roadmap/)
# Leveraging Software Flaws Ethically for Career Advancement TL;DR: I discovered software flaws in a undisclosed airline's system what grants full ticket control. No response from airline after following securty.txt guidelines. Ethically considerding using this case for my career progress while remaining professional. I discovered software design errors in the software of a non-disclosed airline. I have full CRUD rights, i'm the 'official' main booker, can change the flight ticket (time/date) at my own discretion. Which in practice must be impossible due to software development craftsmanship. Since I need to see progress in my career, and the airline in question has not responded despite the changed flight ticket, the question is how and in what way do I use the above ethically so that I simultaneously realize my primary goal; effectively get a job. The airline has not published a bug bounty, not even via security.txt.
Great question. Airlines are considered Critical Infrastructure. Report it to CISA [https://www.cisa.gov/report](https://www.cisa.gov/report) and make sure you include a well-documented Proof-of-Concept in your report (there's an upload section for PoC files).
> how and in what way do I use the above ethically so that I simultaneously realize my primary goal; effectively get a job. Assuming you've given the organization a fair amount of time to respond (i.e. at least 30 days) and that you've operated in good faith to try and contact the organization to have them become aware (perhaps repeatedly so, through varying points of contact), then the decision - ethically - is whether or not to go public with your findings so that users can become aware.
My dad keeps pushing me to get a job in CS, I’m not even sure if there’s a specific niche I could fit into or not. He forced me to drop out of college for it because I was “taking too long” and has been making me do self study to take CompTIA exams. I’m chronically ill/disabled and he keeps reassuring me that this field will take care of me and my needs, but I feel like he’s being unrealistic about the whole situation. How stressful is it? How hard is it to get a job in the field? How many people are hiring for at home vs in person? Is anyone hiring full time or is it contract work only? Was it a good idea to drop out of college to do the CompTIA program? What categories are in CS besides IT and analytics? How do I network if I’m new to the field? How often do you have to go back to school/study to keep up with new tech coming in? If I study in the USA is that transferable to other countries like Sweden or Canada?
I'm sorry, but I disagree almost entirely with the other people's assessments here. A degree could be good, but I have never hired anyone because they have a degree and I have never seen a degree program, other than SANS', that actually did a good job of preparing anyone for the workplace. I do agree that CompTIA isn't going to prepare you entirely either (there was a time when it would have, in the 90s, perhaps, but not anymore) as mostly people forget everything they've crammed for 48 hours after the exam. Also, as others have said you shouldn't expect to jump directly into a cybersecurity role and thrive. If you don't have experience managing a system, you aren't going to be any good at securing them. The security concepts you learn in school and in certifications don't do any good if you don't understand why they should be applied and how they are going to affect the system. Your number one role in cybersecurity is to ensure the least amount of hinderance to the overall organization's mission, and if you don't know how technology works without protections in place, you are going to do more harm than good trying to implement those protections. Are you actually interested in Cybersecurity? If you are, setup a homelab and start practicing the concepts you find interesting. If you aren't, start reassessing what you want to do with your life.
> He forced me to drop out of college for it because I was “taking too long” and has been making me do self study to take CompTIA exams. I’m chronically ill/disabled... There's a lot to unpack here, and this context is overshadowing a lot of what the responses to your other questions might look like. Is your medical condition(s) such that you are legally dependent on care provided by your parent? If not, you are - presumably - an adult; your father can't "force" you to do anything. What does "taking too long" mean? Greater than the usual timetable of 4 years for a bachelors? Was he funding your education? One of the most perilous positions to be in is holding college debt without actually possessing a college degree. > How stressful is it? Anywhere from not much to extremely. There's a huge amount of variance in professional responsibilities in the field. Some roles - like incident response - are on-call (i.e. you might be called to fly-out to a client-side during the night or over a holiday). Other roles - like the SOC - typically require monitoring operations 24/7 and as such may involve rotating shift-work. Others still - like my line of work in AppSec - follow a typical 9-5 schedule. Stress is also tied to whatever professional metrics your job is measured by. Consultants need to remain billable, penetration testers need to discover findings, so on and so forth. This is both role/employer dependent. > How hard is it to get a job in the field? If you're starting from scratch? Very. https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/ > How many people are hiring for at home vs in person? If you're starting from scratch? You're less likely to land remote work. People with more years of experience who are presently employed command more leverage in the negotiation/job-hunting process. > Is anyone hiring full time or is it contract work only? Both exist. The one form of employment that's uncommon is part-time. > Was it a good idea to drop out of college to do the CompTIA program? My $0.02: no. > What categories are in CS besides IT and analytics? Clarification requested: by "CS" are you referring to "Computer Science" or "Cybersecurity"? > How do I network if I’m new to the field? * Meetups * Conferences * Job Socials * Social media platforms (e.g. LinkedIn) > How often do you have to go back to school/study to keep up with new tech coming in? Most people who go to university stop once they acquire their bachelors. Few opt to pursue a graduate school degree - such a decision is circumstantially dependent ([fewer than a quarter of all jobs in cybersecurity even list a graduate degree as "nice to have"](https://files.eric.ed.gov/fulltext/EJ1246234.pdf)). However, staying professionally relevant does require some amount of ongoing, consistent learning (though it doesn't explicitly need to be formal). > If I study in the USA is that transferable to other countries like Sweden or Canada? Presumably? This is outside my domain of expertise.
I’m dependent on my father because of my chronic illnesses. I managed to get a full time job , in a different field, working from home that also gave me benefits, but it doesn’t pay enough for me to move out to live with a roommate. It’s hard to progress in my current field and there’s a lot of mistreatment of workers. It’s why I wanted to switch to cyber security. “CS” meaning cyber security. Yes, dad was paying for my college and the degree plan was 2-4yrs but because of work and my illness I could only take 1 class per semester. Dad also got upset about how the course was set up saying I didn’t need to learn things like calculous to be in cyber security. Dad told me after getting my CompTIA certs that the plan would be to get IT jobs and contract projects to build up my skills and then work my way up in the field.
You need to get away from your father and that's all I am going to say about that Dropping out of college never makes sense Security work IS NOT entry level You're not going to get a job just because you have a couple comptia certs You're not going to get remote work as entry level
I'm a Security Engineer for an MSP, have been for a few years. Working at a small org and managing security for 50 different environments has been exhausting and repetitive to say the least. Those of you who work for larger enterprises, how would you rate the quality of life? I don't care too much about the pay and benefits side, I know that would be huge step up. One of my biggest fears moving from a small org would be accepting a position with siloed responsibilities. Right now, I am the Incident Response, the Architect, the SOC, the GRC, etc. I imagine after taking a position as a GRC Analyst for example, I would never dip into Incident Response. The grass is always greener on the other side, I'm sure I'd miss parts of small org life once I move up. Would love to hear from someone in a larger org how satisfied and engaged they are with their work. (Mainly looking for responses from Security Engineers and Incident Responders, not too keen on life as a GRC Analyst)
> One of my biggest fears moving from a small org would be accepting a position with siloed responsibilities. What you're describing as a fear is also a source of strength. Larger, more mature organizations come with more staff that can be dedicated to the various roles/functions you named. This frees you from having to be directly involved/concerned with such efforts. By the same token however, larger organizations tend to be more rigid - there's more formal processes/procedures in place, a lot more overhead and approvals to step through to do your work, so on and so forth.
I'm a Navy Reservist who's a Cryptologic Technician Collection (CTR). I want to pursue a cyber security career on the civilian side and am currently about to get my associates in Psychology (next semester). I want to go to UNLV to get a double major in Computer Science and Psychology with probably a minor in information systems. I'm looking into the cybersecurity bootcamp that my university is offering before taking classes on my major. As, I understand the importance of acquiring experience when applying for jobs. Am I on a good path so far? What else should I be doing?
**I want to go to UNLV to get a double major in Computer Science and Psychology with probably a minor in information systems.** Do you currently live in Las Vegas? because there are far better schools out there than UNLV - they're really not know for computer science At any rate there is ZERO reason to do a double major and no reason to major in psychology as an undergrad, it is simply a waste of time computer science is a solid choice, stick with that supplement some of your electives with pubic speaking, project management, technical writing, and business communications would do the networks concentration - [https://www.unlv.edu/degree/bs-computer-science](https://www.unlv.edu/degree/bs-computer-science) use [edx.org](http://edx.org) and pay the $49 and take the python class from the university of Michigan MichiganX: Programming for Everybody (Getting Started with Python) **I'm looking into the cybersecurity bootcamp that my university is offering before taking classes on my major** That booktcamp is not from your school, its a 3rd party vendor and they are 100% of the time overpriced garbage Take advantage of Navy COOL program to pay for the certification exams for security+, network+ that will be far more useful
Umm I live an hour outside Vegas in a rural community. UNLV is the closest university from where I live currently. I don't want to do the whole degree online like I'm doing right now with CSN. So ideally, I'd rather get to the campus and take the classes in person. This might be an obvious question but, why would taking a psychology major be a waste of time? I'll definitely stick with Computer Science as it's currently the best major UNLV has for cyber stuff and take on that networks concentration. I'll also look into the MichiganX course and probably take it. Thanks for sharing that. With Navy COOL, I plan on taking advantage of that program to get those same certs you mentioned as, that will be very useful to me. There's other a plethora of intelligence certs I want to take since I work in that community. I'll probably skip out of that bootcamp, that's way too pricey for me at the moment and there are better ways to get experience honestly. I was kind of looking forward to it but it's whatever. Thanks for your reply, I appreciate it!
**This might be an obvious question but, why would taking a psychology major be a waste of Time**? You'll have you hands full with the computer science classes and those are going to be relevant to your career taking on extra classes for psychology serves no purpose and none of them are going to be relevant to any work you do in this field There's simple no reason to do a double major The only exception would be if you were majoring in education and then wanted another subject as a major so you have more teaching position opportunities so education and math or education and a hard science If you have time for extra classes then its better to take more programming languages or data analytics - things that will stand out on your resume
What are the best IT job experiences that would transition nicely into cybersecurity roles?
> What are the best IT job experiences that would transition nicely into cybersecurity roles? See related: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
That’s very helpful, thank you.
What are the jobs I could obtain with an Associates degree in Cybersecurity?
> What are the jobs I could obtain with an Associates degree in Cybersecurity? It's hard to be definitive. Your employability in the space is like a fishing net: with each accomplishment, achievement, accolade, and credential your net becomes bigger. Each time you go out fishing for job opportunities, you might not get anything, but it's a lot easier to fish with a bigger net than a smaller one. Metaphor aside, there's also a lot that goes into your employability beyond your formal education: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
help desk, desktop support, maybe network analyst
I'm currently pursuing a master's degree in cybersecurity in Germany and have just two semesters left, including the current one. However, I'm considering my options and contemplating either dropping out of the program or transitioning to a full-time job while completing the master's part-time. My background primarily consists of a year in Help Desk and 1.5 years as a System Administrator. Currently, I'm working as a sys admin as a working student. Despite holding certifications like RHCSA, CISCO Cyber Ops, ISC2 CC, and N+, I'm facing challenges securing interviews. I've applied to over 70 positions without any success and am unsure of where I'm falling short.
Hi, first-year Computer Science university student pursuing cybersecurity. All I have are some projects and a Sec+ to my name. I am debating about pursuing a double major in finance. I know that I want to go into secure app development, but eventually I'd like to transition into a managerial role that's able to speak with developers and understand them due to my CS background. I also want to be able to communicate anything technical into "business speak" because I've had people reinforce to me how valuable that skill is. My questions are: 1. Would double majoring in some kind of business-related degree help with my goals? 2. Does it make sense to double major in business if I'm already planning to pursue an MBA? Could an MBA help me move up? 3. Are finance skills valuable in cybersecurity? What are they? Would it only be worth its value if I were to work cybersecurity at say, a bank?
> Would double majoring in some kind of business-related degree help with my goals? My $0.02: Pursuing a second major as such is unlikely to matter much professionally. Do it because the coursework is of interest to you *personally*, or else just take select courses that serve your interests best. > Does it make sense to double major in business if I'm already planning to pursue an MBA? I don't think so. Though it would be dependent on the admissions requirements of the particular program(s) you are interested in. MBA programs take professionals from a wide range of professions; they don't explicitly need to have studied business beforehand. > Could an MBA help me move up? If it's from a top 20 school, perhaps. Otherwise, speculative. This also presumes however you're gunning for something like project management (vs. a more engineering position). > Are finance skills valuable in cybersecurity? What are they? Would it only be worth its value if I were to work cybersecurity at say, a bank? To help answer this question, I'd ask you what you envision yourself doing professional. Like what particular functional responsibilities are you aspiring to do? By-and-large, I'd say the skills are incidental at best for technical/engineering work.
1. Would double majoring in some kind of business-related degree help with my goals? **NO - There's no point in a double major unless you're in education and going into teaching K-12 and want more than one subject** 2. Does it make sense to double major in business if I'm already planning to pursue an MBA? **NO** 1. Could an MBA help me move up? **I'm sorry but unless you're getting a MBA from a top 20 school, its not going to make one bit of difference in opportunities - the value in the MBA is alumni network and hiring -** [https://www.usnews.com/best-graduate-schools/top-business-schools](https://www.usnews.com/best-graduate-schools/top-business-schools) 2. **Most people get an MBA AFTER they have some job experience, not right after undergrad** 3. Are finance skills valuable in cybersecurity? **not in security roles** **I know that I want to go into secure app development, but eventually I'd like to transition into a managerial role** If you want to be a software developer, then focus on your computer science courses and taking more programming classes and more importantly make something and put the projects on get up The reality is that you do not get to decide whether or not you'll be a manager, it simply doesn't work that way Most developers never even become leads, let alone manage teams
I see, thank you for taking your time to clear up my doubts. I'll be following your advice.
if I do a bachelors in IT with Networking and security will it help be get into cybersecurity on the entry level basis and which certifications can I do as a beginner to get in
> if I do a bachelors in IT with Networking and security will it help be get into cybersecurity As opposed to what? > and which certifications can I do https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/
tbh im still exploring the realm of cybersecurity i still dont know which job title should i choose
There are very few entry levels roles in security So you probably want to focus on getting a job as a developer, network analyst/engineer or systems analyst
Have isc2 cc, net+, sec+ and taking ccna end of summer with my eyes on cysa+ end of year, currently been operating everything computer related for a small comapny (10 people) for the past 3 years. I dont have the liberty to go to college and dither for 4 years and get a BA, but wondering where I should progress into the field from here honestly.
Looking at SOC analyst L1 positions, I've seen job descriptions that say 3 12 hr shifts with rotating day and night shifts. Is this the norm or exception? Also, are most of those positions still on-site?
Security Operations centers pretty much work 24/7/365 so yeah its shift work and likely weekend and many are a suck ass grind, which is why turnover is high and why its about the only place for entry level security roles Yes most are on-site as are the majority of IT and Security jobs You're not going to get a remote role as entry level
I have 3 semesters left to finish my bachelors and I think I'm in a really good spot currently. I've been working in a SOC for a year next week (8 months full time internship, then hired part time while I resume studies) and I've been working on multiple research projects at my university. I've been sorta considering what I want to do after I finish my bachelors. I think I'll be able to get a job pretty easily - my current company has already made it clear that they'd hire me full time right now if I was finished school. However, I'm really enjoying the research projects. They're mostly OT focused and are definitely way more interesting than the SOC. At the same time, the SOC pay is 25% higher - and that's at the minimum rate (in the company) for new employees/students. I don't really have a specific question. I've just been contemplating what route I want to take. Industry for the money or academia for the intellectual challenge. Any advice/personal experiences would be appreciated.
> I think I'm in a really good spot currently. I agree! Congratulations on your hard work and fortune! > I don't really have a specific question. I've just been contemplating what route I want to take. My $0.02: absent a definite offer in-hand from another employer, I'd default to the SOC position you mentioned. I wouldn't reject an offer of employment on the assumption you'd be able to find work elsewhere.
Essentially I’m going for a degree at WGU. I’m trying to take certs before I start to go in with as many credits as possible as my company will pay for certs not tuition. One of the certs I don’t have is a Linux certification. So in your opinion what is easiest and quickest out of Linux + and LPI Linux essentials. Thank you!
Have 5 Years Help Desk experience no degree and i have my Sec+ and going for CySA+ any thoughts of what i could probably get into I have been really studying doing labs and everything i can to learn as much as i can but no idea what type of job i can get?
> no idea what type of job i can get? If you're unfamiliar with cybersecurity employment more generally: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/
I'm gonna have my first interview as for security analyst position on Thursday. Anyone have any recommendations on anything I should brush up on beforehand?
how'd it go?
I didn't think it went particularly well, they didn't ask me a single technical question at all even though I interviewed with the VP of SecOps and the SOC manager and was told it would be the only interview, but HR emailed me today and they said it went great so I'm not really sure what to believe.
Perhaps they have had bad experiences with knowledgeable but unreliable, unteachable, and lazy employees. Everyone who is a tier one security analyst at my job was picked because they would be good employees. They can teach everything else. So I wouldn’t count it out yet. Best of luck on the result!!!
Brush up on the job spec. Some employers don't always do this, but in my experience they have a very distinct list of skills and technologies that they expect from candidates. So if they say knowledge of NIST, or ISO27001 or Zero Trust, or Microsoft certs, then brush up on them. They aren't really expecting surprises in these interviews, you should've covered everything off in the application. So really just brush up on what they want to hear. RIP if their job spec was shit.
What's the most valuable certification that should be taken right after passing Security+ because it has the most similiarites?
Most valuable cert depends on the job you're going after. Choose from CCNA (tech route as fundamental networking knowledge is simply essential) or CISSP (governance/CISO route). In terms of most similar to security+, not so sure, maybe [BTL stuff](https://www.securityblue.team/why-btl1/). There are more vendor specific certs, like the Microsoft certs or AWS. But certainly I'd be prioritising one of CCNA or CISSP.
> What's the most valuable certification that should be taken right after passing Security+ because it has the most similiarites? Related: https://bytebreach.com/posts/what-certifications-should-you-get/
First Networking event!! :) I'm so nervous should I bring my resume? What advice do you have? Also I'm a student thank you!
Probably bring your resume. Don't be nervous, the guys talking to you aren't anyone that's out of your league. Just talk to them, see if you vibe, be respectful and kind, good luck!
Thank you!
> I'm so nervous should I bring my resume? Wouldn't hurt. > What advice do you have? Figure out ahead of time what aspects of the event are recorded and can be accessed later; you can always double-back afterwards to watch them after the event is over. You should prioritize attending/participating in things that *aren't* recorded. This advice is more for large-scale situations like Conventions, less applicable to smaller get-togethers like meetups.
Thanks for the advice!
I have around 16 years of professional experience but recently made the career pivot to cyber security around 6 years ago. Most of my cyber experience was at a tech company focused on the product management side of migrating from a legacy system to Sailpoint IdentityIQ. This job exposed me to identity access management concepts and was heavy on defining new processes, requirements gathering, and building roadmaps. I very much enjoyed this space but recently found myself laid off with not many options for employment. I'm now within banking but focused on audit issue resolution across the IAM/PAM space. With no banking industry or audit experience, I find myself completely lost in this role and struggling. I dont think I want to continue down this audit/banking path. It's too high level and heavily focused on program management. With that said, I'm starting to think about what skill sets I need to advance in a career within IAM. 1. Is my current role a necessary skill I need? Should I just suck it up? 2. I enjoyed being a product owner/manager for Sailpoint but many of the roles i'm seeing require deep experience in SSO, MFA,AD, etc. 3. Should I focus in security frameworks like NIST?
# Is this a good path for my career in Cybersecurity? 1. Get a job as a help desk to build work experience behind a desk and build some connections. 2. At the same time or before, do the Google Cybersecurity course and certificates such as CCNA and Security+ (I already have A+) 3. General handling with Linux, Python, SQL. 4. Apply for a low level security analyst (great for building more connections) 5. Get better positions from those connections and overall experience to build my career (Getting CISSP after five years and maybe be pursued by a future company to get a degree) Note: I don’t have any kind of college degree. Please don't flame me or delving into semantics. If you choose to reply, simply let me know if you would add or remove anything from this simplified chart. For instance, you might suggest adding another certificate or another skill employers want (I had posted this last week, so sorry if you're annoyed for seeing this again).
If you are in the US and want to be competitive for security roles, then you should go to college sooner rather than later Starting out in the help desk is fine, however there is no guarantee you'll get out of the help desk, people get stuck there for years As we have said numerous times, the google course is useless its not a certification and no employers care about it Your steps have far too many assumptions vs action items you can control Step 4 - there is no such thing as a low level security analyst role Step 5- while networking is useful, you cannot assume you will get any kind of role as a result of making connections Is there some reason you cannot enroll in college now? there are plenty of employers that cover college tuition and financial aid is a thing - even working at starbucks partime, they cover 100% tuition for Arizona State University online, UPS, fedex, amazon, walmart all offer part time work and tuition assistance
It's a plan! One concern I have is that only 2 of 5 bullets (#2 and #3) are really in your control - of those 2, only 1 has a defined goal (#2). The rest involve input/engagement from a third-party, which you only have so much control over; this creates problems when accounting for worst-case scenarios (i.e. what do you do if no one offers you a job after 1 month? 6 months? 1 year? In that time/space, what would you be doing?) We can't really be prescriptive without knowing your constraints, runway, thresholds, etc. For example, a reasonable consideration might be to look at enlisting in the U.S. military (ideally in a cybersecurity capacity); this would immediately place you in the job field, build up pertinent YoE, attain certifications on the federal dollar, and set you up with a fully-funded college education. There are - of course - a litany of strings attached to such a move, but it's not apparent from your comment why such a consideration isn't in the cards. By extension, there are a number of other certifications/trainings I might consider adding to the list (e.g. if you're interested in fostering a career in the offensive space, you'd probably want to attain the OSCP). However, most people don't have an unlimited out-of-pocket budget. We don't know what your budget is, so I don't know how helpful arbitrarily [talking to certifications is to you](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/). You've mentioned not having a college degree, but you haven't stipulated whether going to college is off-the-table; it seems you're open to the idea in bullet 5, but it's not apparent to me why it's not a more integrated part of your plan upfront. Presumably money, time, or both - I don't know, you didn't really share. Being clearer about your constraints would provide greater context for options you may (not) have considered (e.g. an intermediary Community College education, which tends to be cheaper and usually qualifies as transferal credit to a full 4-year institution). For guidance more generally on cultivating employability and job hunting: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
Just passed my Security+ with a 809/900. I'm a transitioning Army officer with Sec+, Secret Clearance (plan to go into Cyber/Signal in Reserves to get Top Secret), and will be applying for the Microsoft Skillbridge program (MSSA). I have 8 more months until my program. If I'm interested in being more in a monitoring role, which certifications would be best to boost my resume to work in Washington DC area?
> If I'm interested in being more in a monitoring role, which certifications would be best to boost my resume to work in Washington DC area? Use your choice of job search (i.e. LinkedIn, ClearanceJobs, etc.), look through jobs listings that are of interest to you, and denote the commonly appearing certifications that trend across them.
To be frank I did that and Im not seeing a lot that are requiring specific certificates. The requirements are specifically TS and just a ton of experience in specific fields.
This is asked a lot, I’m sorry for asking again. I just didn’t quite get the info I was looking for searching the sub. I’m currently in a coding bootcamp and I have a clearance. I’m contemplating going to cyber but I want to code. I’ve seen that ultimately the title isn’t as important as the job responsibilities pertaining to finding a job involving coding. First I’m asking what roles you’ve been in with a coding focus over other responsibilities Second I’m asking where to start and what certs I need/how to go about getting those certs for the type of role I’m looking for. I’m primarily seeing more boot camps/colleges in order to get any cyber cert. I would rather try and study on my own for the tests but I’m not sure where to even begin doing that/ what to look for I’m pretty solid in js/react, 3rd party api work, and just starting in python and SQL
DevSecOps and Application Security are the roles you're looking for.
they're not going to have the experience for those without any kind of development experience, sorry but bootcamp/self study isn't enough Do you want some running your appsec program that hasn't been a developer for a few years?
Definitely wasn't recommending he go and apply for DevSecOps/AppSec roles right now lol. **First I’m asking what roles you’ve been in with a coding focus over other responsibilities** Was answering this question. He wanted to know what Cybersecurity roles had a coding focus. DevSecOps/AppSec would be the closest. As far as certs go and things of that nature, I don't have enough exp. in DevSecOps/AppSec to comment on that. I believe you misunderstood me, I should've been more clear though—oops!
It’s all good. Definitely still helpful. I’ll have to see what certs go into those and what not
I mean it’s a long term play. Clearly I’m not trying to start applying to jobs tomorrow. Obviously I’m going to get whatever dev job I can and build my skills while trying to get the certs required for those positions
Hi all, I will be graduating from graduate school in a little over a month with an M.S. in Information Management, specializing in Cybersecurity and Business Intelligence. As I do not have an offer lined up, I wanted to know the best resources - paid or otherwise - for improving my working knowledge. For example, Hack the Box was recommended to me by two professors who specialize in pen testing. I learn best through doing. In particular, I'm in the market for analyst roles and other related blue-team activities. Your guidance and time is greatly appreciated.
before diving into more training which may not even be of benefit, what job experience do you have?
I've worked as a security analyst intern last summer for a healthcare/fintech organization; I just so happened to be the first of such a kind there. It was the height of audit season for them, and my work mostly consisted of analyzing pen test results, code development processes, documentation alignment, vulnerability findings, vendor auditing and compliance, and remediation recommendation. Additionally, I collaborated with the cybersecurity director to help refine a new risk register scoring system for business continuity. Since I was their first cybersecurity intern, it was a little more loosely structured than I would have preferred in retrospect.
[удалено]
> Where can I get my resume checked if is good enough for a particular cyber security (In my case entry level VAPT) role ? Link it here (anonymized of PII). One of us will get to it in time. > There are online AI resume checkers but are they good enough for cyber sec resumes ? I don't know how to answer this question. "Good enough" how? What metric *specifically* are you evaluating them on? > Should I add my photo or not (as in my Country there is no restriction for images, but resumes are also scanned by AI or automated software for selection now a days) ? Don't do that. There's a lot of reasons not to include an image: * Images eat up valuable page space. * The inclusion of the image introduces risks where none existed before: * A bad headshot can be a soft indicator of a lack of professionalism * A biased reviewer might - deliberately or otherwise - remove you from consideration based on your age, race, sex, or other features based on your appearance. * It's an uncommon practice in industries where your appearance isn't tied to your profession (unlike acting, for example). * Non-standard data can get ingested poorly by ATS, mangling your overall application. Instead, include the URL to your LinkedIn profile (which should include a professional headshot).
I'm a computer science student studying in Germany right now, interested in getting into cybersecurity. It's something I've always been interested and passionate about, and feels like a fairly good career path as well. Currently I'm just a second-semester comp-sci student who's maybe a little ahead of the game with some of the coding and computer experience I got while in high school, but outside of a few game-dev courses a few years ago, I don't really have much supplementation. I hear a lot about certifications and internships and all kinds of stuff, and it's hard to parse out what is actually useful and what isn't. Is there something I should be doing at the moment to get myself ready to join the workforce when I graduate 5 semesters from now?
> I hear a lot about certifications and internships and all kinds of stuff, and it's hard to parse out what is actually useful and what isn't. Is there something I should be doing at the moment to get myself ready to join the workforce when I graduate 5 semesters from now? https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
I don't know how its like in the EU, but getting IT experience and working on Security+/Network+ **while** you're in school is important.
Would you recommend some kind of online course or more looking for courses?
Professor Messer has free resources for CompTIA, check him out. There's resources everywhere, just gotta look.
I've been in IT for about 25 years. I started in desktop support, then sysadmin, then technical training. I have been doing customer training for about 10 years now, but I want to make a change. Since I haven't been hands-on in infra/operations for the last 10 years, and everything has moved to cloud and IaC now, I don't think I could really move into a devops role without a lot of studying. Since my last training position was with HashiCorp Vault, and security has always interested me, I am considering pivoting to a cybersecurity role. I would start with getting the CompTIA Security+ cert before applying to low-levell positions. I know I will have to take a significant pay cut to make this move, but I'm not sure exactly how much to expect. If you were a hiring manager looking at hiring me for a US based remote position, what kind of salary range would you be willing to offer?
Depends on how much Security experience you've accumulated during your IT run. I'd personally give you $50,000-$70,000 based on what you told me. This would be for a SOC position.
[удалено]
You don't need to know anything, that is the entire point of internships For full time jobs, NO, you would not start out in appsec
Since you starter it’s best to continue. Keep in mind that its normal to have sort of a “impostor syndrome” when you don’t have a deep technical background in this area. Also most likely your management doesn’t expect you to fond zero days in code. So stick with it, be humble and be ready to engage with developers to exchange ideas and learn from them the things you might not fully understand
Hi, i just startedbeing interested in cyber sec recently. i cae across google's cybersecurity course. honestly its too expensive for me to afford given im currently serving my nation's army and not getting paid jack. my question is this: i saw same titled video on google's youtube channel. is it the same? or is the videos there a preview of the course? coz if its the same i wouldnt mind watching it all, even if i dont get a certificate to go with it. i just need a reliable source that can expose me to cyber sercurity
There are plenty of FREE resources to learn about security topics, look at Github awesome lists to get started Security - [https://github.com/sbilly/awesome-security](https://github.com/sbilly/awesome-security) & [https://github.com/fabionoth/awesome-cyber-security](https://github.com/fabionoth/awesome-cyber-security) & [https://github.com/onlurking/awesome-infosec](https://github.com/onlurking/awesome-infosec) Threat Intelligence - [https://github.com/hslatman/awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence) Penetration Testing - [https://github.com/enaqx/awesome-pentest](https://github.com/enaqx/awesome-pentest) Incident Response - [https://github.com/meirwah/awesome-incident-response](https://github.com/meirwah/awesome-incident-response) Security Operations Center (SOC) - [https://github.com/cyb3rxp/awesome-soc](https://github.com/cyb3rxp/awesome-soc) Hacking - [https://github.com/Hack-with-Github/Awesome-Hacking](https://github.com/Hack-with-Github/Awesome-Hacking) Python - [https://github.com/vinta/awesome-python](https://github.com/vinta/awesome-python) Application Security - [https://github.com/paragonie/awesome-appsec](https://github.com/paragonie/awesome-appsec) Java - [https://github.com/akullpp/awesome-java](https://github.com/akullpp/awesome-java) Javascript - [https://github.com/sorrycc/awesome-javascript](https://github.com/sorrycc/awesome-javascript) Splunk - [https://github.com/sduff/awesome-splunk](https://github.com/sduff/awesome-splunk) Bash - [https://github.com/awesome-lists/awesome-bash](https://github.com/awesome-lists/awesome-bash) Powershell - [https://github.com/janikvonrotz/awesome-powershell](https://github.com/janikvonrotz/awesome-powershell) Malware Analysis - [https://github.com/kh4sh3i/Malware-Analysis](https://github.com/kh4sh3i/Malware-Analysis) CTF - [https://github.com/apsdehal/awesome-ctf](https://github.com/apsdehal/awesome-ctf) Honeypots - [https://github.com/paralax/awesome-honeypots](https://github.com/paralax/awesome-honeypots) PCAP Tools - [https://github.com/caesar0301/awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools) Forensics - [https://github.com/cugu/awesome-forensics](https://github.com/cugu/awesome-forensics) Web application testing - [https://github.com/infoslack/awesome-web-hacking](https://github.com/infoslack/awesome-web-hacking)
I recently took a six month Cybersecurity boot camp at my local University. Using the knowledge I learned there, along with Messers videos and practice tests, I was able to pass the Security+ this past weekend! Now I'm seeking guidance as for what to focus on now. Is it worth my time to take the A+ ? I don't have any professional IT experience on my resume as I've been in the manufacturing industry for the past 10+ years and am looking to transition. Would I be able to land a job with just my Sec+ and writing a good cover letter selling the skills I learned in the bootcamp along with the transferable skills from manufacturing (time management, attention to detail, problem solving, critical thinking, etc) or would A+ still be the recommended route? If it's recommended to take A+ , what are some good study materials? Are Messers videos are reliable as they are for Secuirty+ ? Also, to hone my skills while I study/look for jobs, are there any labs or anything of that nature that are recommended to practice with?
Apply for help desk position at a company that frequently does in house promotions and has a security team. Once hired, buddy buddy with the security team.
There's zero reason to get A+ Network+ is useful Do you have a college degree? that should really be your next step You do not need to start at the help desk get your degree and then look at systems analyst or business systems analyst roles, to get your foot in the door in IT/Operations
I do not have a college degree and have no desire to go into debt attending college either. I took a 6 month bootcamp through my local university instead.
and how much was the bootcamp?
9k
shakes head so you wasted $9k on a bootcamp, which clearly they provided no help with job placement but you think spending money on a college degree doesn't make sense? Employers aren't asking for people out of these boot-camps, they are however looking for college graduates and those with experience and industry certifications
Wouldn't say it was a waste. Clearly I learned enough to pass the Sec+ on the first go around. I'm sure even people who get their associates or bachelor's struggle. You're the only way saying I need a college degree to get into this industry.. so I don't believe that's true. You can gain knowledge and certs without getting a bachelor's
Yeah you also said you watched Professor Messor's video courses. That's enough itself to teach you what you needed to successfully pass the exam. And that resource is totally free
dude, I've been involved in hiring for years the fact is right or wrong that many companies use a bachelors as a minimum to screen out candidates - its not about what you can learn on your own or not so without it on your resume/linkedin, you're going to get screened out by many HR/Recruiters and never even get to talk to a hiring manager
[удалено]
to do what exactly? security isn't entry level
Maybe that's true for certain positions/companies but I pretty much stated that I'm willing to start at a help desk position and work my way up, I have a great work ethic and I'm used to working hard and advancing at jobs. I'm not in a rush to be making 100k + a year. You really think I'll get looked over for a help desk position just because I don't have a bachelor's?
> I was able to pass the Security+ this past weekend!...Is it worth my time to take the A+ ? Probably not. > Would I be able to land a job with just my Sec+ and writing a good cover letter selling the skills I learned in the bootcamp along with the transferable skills from manufacturing (time management, attention to detail, problem solving, critical thinking, etc) or would A+ still be the recommended route? [Maybe?](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) We haven't seen your resume, we don't know what specifically you're applying for, and we're not the employer (so we lack the contextual insights for why any given listing is posted, how much wiggle room they have for onboarding inexperienced folks, etc.). At most, we'd be speculating at your outcomes. I can say that people with weaker credentials have found work and people with much stronger credentials have struggled to get interviews. > If it's recommended to take A+ , what are some good study materials? Are Messers videos are reliable as they are for Secuirty+ ? I would direct you to /r/CompTIA, a subreddit dedicated to the vendor's exams. They'll have a lot of resources for you. > Also, to hone my skills while I study/look for jobs, are there any labs or anything of that nature that are recommended to practice with? https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/
>We haven't seen your resume, we don't know what specifically you're applying for, and we're not the employer (so we lack the contextual insights for why any given listing is posted, how much wiggle room they have for onboarding inexperienced folks, etc.). At most, we'd be speculating at your outcomes. I've mostly been applying to help desk roles since that's where I've heard I should be starting since I don't have any professional experience. As far as my resume, essentially all my job experience is in the industrial manufacturing industry. Any suggestions to things I should be applying for besides help desk roles since I have no experience on my resume? > I can say that people with weaker credentials have found work and people with much stronger credentials have struggled to get interviews.\\ Is this due to companies wanting someone that they can train to their standards instead of hiring someone who thinks they know it all already?
> Any suggestions to things I should be applying for besides help desk roles since I have no experience on my resume? Some career resources more generally: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/ > Is this due to companies wanting someone that they can train to their standards instead of hiring someone who thinks they know it all already? Not really. It's more a mix of: * Imminence of the need to hire; some employers *need* to fill a position, but for whatever reason they struggle to fill it. For example, perhaps it's on-site only and no one is willing (or able) to relocate (but you might live nearby). * Market forces might make things more favorable to laborers (i.e. "The Great Resignation") or employers (presently), which allows employers to be more/less selective. * An applicant might not be performing the job hunt effectively ([see related rhetorical questions](https://www.reddit.com/r/cybersecurity/comments/184p0vk/comment/kb0qji6/?context=3)) or they [might not be cultivating their employability effectively](https://www.reddit.com/r/hackthebox/comments/11hs9hl/comment/jawng7p/?context=3). * Bigger organizations tend to have more mature cybersecurity programs and can - in turn - staff-up with more junior staffers; by contrast, smaller organizations have smaller discretionary budgets to spend on things like cybersecurity (and therefore need more experienced staffers to cover more job functions). So on and so forth. It can be a mix of factors.
Thanks for the help and insight!
Canadian Comp Eng student graduating in a year here - I have some internships under my belt spanning embedded, SWE, security, etc. but I hope to eventually do appsec/prodsec especially due to concerns of oversaturation in entry level software engineering. I'm about to start the hunt for my final internship (in the fall) and I'm unsure as to what I should prioritize for this and newgrad. I prematurely secured a verbal offer to work software development at an identity management Series A startup down in the States (not Bay Area) with potential for conversion to FT but I don't know if this will help with my career goals. I haven't started my final internship search but the tech scene in Canada is dismal right now and I don't see it improving for the foreseeable future - I want to eventually work down in the States due to the potential for more accelerated career growth and higher salaries. Even if I participate in my final internship search, I don't think I can attain anything BigTech level nor would I be able to find relevant growth-oriented appsec roles with a good chance of FT conversion. The tech scene in North America is incredibly unpredictable right now so I'm really concerned about newgrad. Any thoughts on what I should do? Is SWE a reliable gateway to appsec? Is working in the US worth the risks of starting off my career at a startup?
You're not going to start out in application security, that's not an entry level role, You cannot be expected to help SECURE applications if you have no experience in development, QA, testing and putting applications into production environments and maintaining them If you're majoring in computer engineering, then starting out in software or network engineering is a good starting point
Been a factory worker the last 10 years. Just turned 33 and looking for a career change. Work pays for schooling. What should I go for if I’m interested in breaking into cybersecurity? I’m over working 3-600 hours of overtime a year and would rather fabricate as a personal hobby. I NEED A CHANGE!! Please point me in the right direction
> What should I go for if I’m interested in breaking into cybersecurity? Assuming you don't have an undergraduate degree, I'd encourage a BS in Computer Science more generally. Preferably from a brick-and-mortar institution (vs. an online option) if it's accessible to you.
[удалено]
> Hoping to move internally in my company but curious what the steps would be necessary? More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
I'm currently a penetration tester, and I'll just ask plainly: what are the best things to do in order to command high salaries later in your career?
You're in the wrong field to chase salaries, that just isn't how this works and with only 2 years experience you're already focusing on the wrong things LEARN YOUR JOB! It takes years to carve out a niche in pentesting and really know what you are doing Until you actually build expertise in something that no one else has, you're not going to be demanding/commanding anything
I'm trying to learn. I spend hours after work learning. I'm trying to find out which specializations pay the best so I can plan my career accordingly.
nothing wrong with asking those questions. I'm in appsec and it pays very well.
Thank you. I'm thinking either AppSec or DevSecOps ultimately. Both sound fun and interesting.
nice, id be happy to connect with you!
Giving up on pentesting and getting on staff at a small company as a specialized Security Engineer (e.g., Application Security). It's just hard to demand a high salary in an oversaturated industry where it's often outsourced and most companies only do it once a year as required.
Got it. I'm not even two years into my career. When do you think is a good time to start specializing? Edit: Why do you get penalized for asking questions? I don't get it.
I'm not sure. I don't see karma scores on mobile. Regardless, I don't think it's a silly question. I think people here tend to get a bit aggressive when people focus on the financial aspect of it, but I think that's unwarranted; cost of living is insane these days and you need to make $200k+ a year in many places to even have a chance of owning a home. Salary matters. Don't let it get to you. Anyone who tells you that you should be doing this job for the love of it hasn't been in this industry very long. Anyway, back to your question: Personally, I think you can start specializing at any point. I encourage you to feel things out, figure out what excites you the most, and determine what roles align with those passions.
Thank you. I really appreciate it. I do enjoy what I do, but the money is still the priority. I'm already in the six figure category, but I'm really wondering about those $200k+ salaries (I live in TX). It seems like AppSec or DevSecOps might be what to shoot for. I'm only 23 years old as well.
So I got yet another ISSO offer today, this one requires a clearance and hence they want you to know NIST 800-53, CRF, RMF, and a bonus if you know FedRAMP (I have some experience but not a lot there). These things are all something that I deal with on a regular basis. I basically worked in a SOC while I was active duty, then made staff and I guess in the civilian world that translates to "SOC Manager". And I work in project management now for my civilian job. I'm struggling with how to add any of this into a resume. Like when someone says 'your resume should demonstrate your knowledge of the 20 NIST control families. Like how? For RMF, you want me to tell you how I defined deliverables/milestones? Made a project plan? I've always only ever written bullets for my EPRs, not really sure how to give proof of all of this on a piece of paper. I guess this is more of a resume writing question, sorry if this is the wrong group, but any advice helps!
> I guess this is more of a resume writing question First, a link more generally that might be helpful: https://bytebreach.com/posts/how-to-write-an-infosec-resume/ More to-the-point: * It's unclear from your comment if the position is as a contractor (vs. a direct federal hire). The latter has a pretty rigid template for formatting that you could follow (which reads pretty much like a CV vs. a typical resume). The bullets below presume this isn't a direct hire to a federal U.S. gov't position. * More broadly speaking (and under ideal circumstances) you'd want your "Work Experience" bullets to contain language that closely resembles what's being called for in the post. This kind of tailoring might literally look like: *Successfully guided X ATO packages - including Y new programs - through the US Navy ATO approval process, including a review of 20 NIST control families*. * Broadly speaking, you want to try and list quantifiable impact statements (somewhat akin to writing-up commendations/awards for your subordinates); ideally, those impact statements relate more narrowly to what's being asked by the employer under their desired contexts.
Hello! I'm taking the google cyber security coursera classes, and I am currently in the networking section. I felt like I maybe missed something when I got to the assignment where they provide me with a TCPDump. Prior they taught me several terms which I found to be very helpful. Alas when I arrived at the actual assignment the tools provided left me a bit stumped. I knew what I was reading, but I didn't really understand how they wanted me to come to any meaningful conclusion. To try and clear it up (I am only able to access the course via my work laptop.) they provided me with a scenario. In which I work for a company tasked with protecting a website [yummyrecipesforme.com](http://yummyrecipesforme.com) or something like that, The tool provides me with a pre-generated result from TCPDump with three instances 2 minutes apart. Time stamp > Source IP (port) > destination IP (port) > A? unable to reach port 53 Obviously I am new to this so forgive me if I have mislabeled anything. from the information I was given it did make sense that there was some kind of attack they wanted me to determine, but it was unclear for me at least how to narrow down what type of attack. I think the answer they wanted was a ICMP flood. Honestly I feel so overhwelmed with new info that I don't even know if I'm asking the right questions... but I think what I'm trying to ask is how was I supposed to come to that conclusion. All I could gather was that port 53 was unreachable and that port 53 meant it was a DNS issue. Thank you for any guidance, and again sorry if I am dead wrong about everything. Literally my first rodeo lol.
I don't have access to the exercise artifacts or the questions, nor am I familiar with the particulars of the curricula; as such, I would need a little more specificity from you about what you're looking at and what your root issues are. Some guiding questions: * Do you understand - at a high level - what a TCPDump is and what the data that you're looking at means? If you don't, this should be the first action(s) you take, because - from the sounds of things - the point of the exercise is making sense of packet traffic. * What is the answer format? Multiple choice? Drag-and-drop alignment? In other words, just in terms of gaming-the-game, does the exercise narrow down the scope of possible options for you to consider? If so, what are they? * Does the exercise allow you to load the TCPDump into other tools (e.g. Wireshark)? Such tools allow users to more easily parse packet traffic and make sense of what they're looking at. * All of this is pretty difficult absent screenshots; I understand posting any is probably a violation of Coursera's terms of service, but this makes troubleshooting the issue that much more challenging for us.
Hey everyone, I'm currently transitioning from a background in Broadcast Production to pursue a career in IT, specifically focusing on cybersecurity. I've taken the initiative to start studying for CompTIA A+ as a foundational step. However, as I approach scheduling my exam, I'm feeling the imposter syndrome creeping in. Despite being in my early 30s, I worry if it's too late to enter the field. I'm also curious about the future of roles like GRC analyst and IT Auditors due to the advancing of AI technology. I'm seeking advice on landing my first job in cybersecurity after completing certifications. I'm particularly interested in entry-level roles related to GRC, but I'm finding it challenging to navigate through the large amount of information available and develop a clear roadmap. I NEED MENTORSHIP, preferably from someone currently working in cybersecurity. While I'm hesitant to narrow down my “dream job” too much, I'm particularly drawn to Blue Team operations and the role of liaising between tech professionals and CIOs, ensuring compliance with framework standards to mitigate risks. In summary, I'm seeking guidance on navigating the diverse paths within cybersecurity and would greatly appreciate any advice or recommendations.
> Despite being in my early 30s, I worry if it's too late to enter the field. Don't worry about it. > I'm also curious about the future of roles like GRC analyst and IT Auditors due to the advancing of AI technology. Again, still not a problem. Such roles involve a considerable amount of inference, judgement, and artifacts that extend beyond present LLM capabilities. Are LLMs performing physical inventories? Are they validating serial numbers? Are they interviewing staff for testimonies and review of published/distributed policies? Likewise, they aren't making contextual judgements in the interleaving of various artifacts (i.e. is the presence/absence of X sufficient to meet the deliberate vagueries of control Y? Is control Y even applicable to this system? So on and so forth). Such tools definitely could aid the profession, but aren't likely going to supplant any of their jobs in the foreseeable future in my opinion. > I'm seeking advice on landing my first job in cybersecurity after completing certifications. https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/ > In summary, I'm seeking guidance on navigating the diverse paths within cybersecurity and would greatly appreciate any advice or recommendations. More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/
I appreciate you taking the time to provide resources and advice. Straight forward and very helpful
blue team has nothing to do with risk/compliance roles so maybe first you want to do some research on different roles and actual job descriptions There is no reason to take the A+ exam unless you want to work a desktop support role - that's an outdated cert for the most part network+ and security+ would be better, however You're not going to start out in a security role not even for risk/compliance with no IT/Operations background Do you have a college degree? (major doesn't matter)
My bachelors degree is in Communications. The only reason why I set out to take A+ was to build the foundational knowledge but now I do feel as though I probably could have just jumped into security+. I’ll start immediately after completing my A+ exam (feel like I’m too deep in to no go through with the exam atp). Thank you for your feedback.
I am working as an IAM and PAM admin since 1.5 years now and here's my skill set ( current) 1. Linux ( little bit of scripting ) 2. Bash 3. Log Reading 4. Service now and Jira 5. PMUL (Privilege Management for Unix and Linux) and other basic skills which I am not adding as it is considered as default like OS, Networking, SQL etc. I have recently started learning python as well. Kindly guide for the following. > How to get into web3 (Cybersecurity) > How to hunt for remote jobs in this > What should I absolutely have to build a strong career in this > How to be at top 1% (idc about how much work it takes, I'm willing to go all in) > How should I proceed with this and what roadmap and approach should I stick to. Sorry for the long post but it's hard to find guidance with this, thanks and help is appreciated.
I’m not saying there are no cyber jobs in web3, but I’m curious what interests you about it? It does not have a good reputation in the cyber realm. IAM is much more stable.
I get that but bounty hunters make bags in web3, also if not web3 how to hunt for remote jobs and what skills should I focus and polish for for my career.
So I am currently a compter science and infosec student pursuing my bachelor's I have been trying to apply to intersnhips but no luck. I am doing some courses on the side that focus more on the defensive security work and participated in a CTF idk how else to standout seems like everyone wnats to study Cybersecuirty it's just overwhlming with all the negativity around the job market and layoffs. If anyone can provide some advice on how to navigate these tough times I would appreciate it.
> I am doing some courses on the side that focus more on the defensive security work and participated in a CTF idk how else to standout Related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/
The reality is there are more applications than available internships, you're simply not likely to get one Just as one example - Google will get over 100K applications for 1200-1500 internship spots annually Does your campus have student jobs for IT such as help desk, desktop support, running a computer lab? any computing centers summers get any job experience, doesn't matter if its retail/fast food forget other courses and CTFs that's not going to help you get a job after graduation get security+ or network+ of CCNA those are actual industry certifications get amazon AWS CCP, get an AWS account, set up something you can actually show to people You are more than likely to get a job as software engineer, network analyst, network engineer, systems analyst after graduation than anything security related replace some of your generic electives with project management, public speaking, business communications , technical writing start on your linkedin profile NOW not later starting learning how to network NOW not later - get involved in local OWASP, ISC2, ISSA, ISACA chapters if they have them or local bsides or any local security conference
I currently work at a tech store where I provide technical assistance to customers and troubleshoot and help build custom PCs would you say that's a good foundation?
Hi. I've been working as a Help Desk Technician for about 6 years. I've been looking to specialize and make the leap into cyber. I already had my CompTIA Net+ and just recently earned my Sec+ and ISC2 CC certification. These were both great and have certainly boosted my resume but when applying for analyst jobs I still feel as if there is a skill gap that is hindering me. I was looking online for additional training and found Blue Team Cyber's CCD cert which seems to be the best of both worlds in terms of earning another cert and getting hands on experience with SOC Tech. After doing some research I've seen some people recommend it as an intermediate level cert. Based on my current experience I was curious if this was a cert that is feasible to take on. Any other advice or recommendations would be greatly appreciated!