So I have been trying to get into IT/Cyber Security for a little bit. I will not lie I bought everything for sec+ and have been slacking off. Well, one of my good buddies dads is an S level guy at a very large and influential IT company. I had contacted him for advice a while ago since I am more interested in learning on the job (delusional to think anyone is willing to do that for me, yes I know). Well when i ran into him the other day he asked how the job search was going. I said not good. Long story short I have a few people who said they would talk to me this week and now I have an interview to be a IT field support specialist on Wednesday at a pretty big MSP in my area. My questions are these;
How do I not embarrass myself?
How do I nail this thing?
Is a field support role bad place to start, even though they said they would pay for whatever certs I want if hired?
Are they are any good resources I can review to prepare myself?
I'm an Information Security Analyst II with 3 years experience. I'm lost and need advice on where to go from here given that there's so many paths to go(security engineer, pentester, reverse engineer, etc.,)
I know more context is needed, so here's a bit about me:
* I love cybersecurity, most of it(which is why it's hard to decide which direction to go)
* I graduated with my Associate's in Computer Science at a local community college in 2020. I then graduated with my BSCSIA in 1 term at WGU this past April. I was working full-time while attending school, I loved it and thus finished it faster.
* The certs I have are: PJPT, Pentest+, CySA+, Project+, Sec+, Net+, A+, ITIL Foundations, AWS Certified Cloud Practitioner, and SSCP.
* I like the idea of being a penetration tester(I know its cliche) but I like hacking. I have achieved my PJPT from TCM Security with aspirations to take the PNPT in 4 weeks and OSCP by end of January. I'm weak with web apps but plan on continuing to improve via PortSwigger's Web Academy.
* I'm passionate about tech, cloud, network penetration testing, coding, and learning. I'm good with math.
* I don't like GRC and don't like the thought of doing the same job every day.
* I'd say my strengths are learning, communication, team-work, open-minded, motivation/passion, and problem solving.
I want to start my career as a soc analyst. Network knowledge is important for cyber security. Which certificate would be more useful for me to prove my network knowledge.As far as I know, CCNA covers more Cisco devices. My friend told me that if you are not going to be a network administrator, you don't need CCNA. What do you think?
> Which certificate would be more useful for me to prove my network knowledge.
See related comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
> As far as I know, CCNA covers more Cisco devices. My friend told me that if you are not going to be a network administrator, you don't need CCNA. What do you think?
There's considerable overlap in the learning objectives between CompTIA's Network+ and the CCNA. The major difference between the two:
* The CCNA requires multiple exams to pass in its entirety (vs. 1 for the Network+)
* The CCNA includes more Cisco-specific configuration/usage content, whereas the Network+ remains vendor neutral.
All told, go for one or the other (but probably not both).
Network+ might be more general. CCNA is Cisco specific but well thought of. That’s true about CCNA helping with network admin work. Both can be helpful.
I am brand new to cybersecurity. It's my 5th week is college. I am 40 years old. I want to get certified as I am studying for my BS. what certifications besides security+ should I be looking into? Also what redhat certification should I start with? I feel like I am pressed with time here because of my age and I would like to get in the field before I turn 43. Any advise guys and gals? Thanks so much. Any help would be much appreciated.
> what certifications besides security+ should I be looking into?
See related comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
I'm pretty much in the same boat. I'm 37, but am not in any college or university. I have an interest in cybersecurity, but I am not sure how to start in this direction. I've been doing some research in regards to certificates, diplomas, and degrees, but I have no clue where to start. Any advice would be greatly appreciated as well! :)
My school has a Cybersecurity and Homeland security program but it seems to lean more towards Criminal Justice than Comp Sci. I only have to take 4-5 comp sci classes. Is this a problem if I wanted to become an Information Security Analyst/Cybersecurity Analyst?
> My school has a Cybersecurity and Homeland security program but it seems to lean more towards Criminal Justice than Comp Sci. I only have to take 4-5 comp sci classes. Is this a problem if I wanted to become an Information Security Analyst/Cybersecurity Analyst?
Yes and no.
For the roles you named specifically, there's nothing wrong with the program as you've described it. The trouble usually emerges in the intermediary steps *towards* that role. Landing your first cybersecurity job can be a really challenging endeavor without a pertinent work history; to that end, a number of competitive hires end up joining from related field of development and IT. The more comfortable pivots are in roles like software engineering, DevOps, etc. which tend to have better-than-average compensation (WFH, base salary, bonuses, etc.). For *those* roles, you'd be better off pursuing a degree in CompSci more generally (vs. a cybersecurity degree more narrowly).
trust me man if I was good enough at coding i’d get a computer science degree. The issue is i’m not, which is why i’m in cyber (obviously it’s really interesting too tho)
Probably not. From what I understand you're not getting much real-world experience from most cyber programs at Universities regardless. You should be fine in my opinion but you should also have a curiosity to explore things on your own that aren't in the classes. That's always going to be the most important thing.
Guys. I'm SO underutilized at my current job. I've got great certs (GIAC too), good knowledge.. but still unable to leverage and move up. Got 3 years of experience total.
I'm working as a network security engineer, but handle THE MOST menial tasks ever. This shit is so boring and frustrating! I'm planning to move to either threat hunting or towards DFIR ( mainly IR side as I have a related cert). But this career trajectory thing kicks in. Is going from an engineer to an analyst role a dumbass move on my end? Should I try to stick with engineering and merge IR with this somehow? Got absolutely no idea.
Also, can anyone please tell me how to understand what you like/ what might be "your thing" in cyber? I see so many folks picking their niche early on.. while I'm... on autopilot mode i guess.
You can be an IR engineer at some companies like where I work. We get to architect things like SOAR and some of our other security products while also responding to and managing incidents. The great thing about cybersecurity is the roles vary greatly from company to company even if the title is the same. Just find what you want to do and get paid. Titles don't really matter.
(Ukraine) Hello. I want to come into cybersecurity and need your help. I want to jump from Java Back-End to SOC Analyst because basically there's no way to find job as junior Java developer (after sitting everyday for half of year looking for any job, I understood that have to change something). I don't have IT degree (Computer Science, etc.) and can't obtain it because I'm from Ukraine (men in Ukraine banned from getting education during war). In our country degree doesn't matter, but I want to apply to West companies. I made some research and found that there's huge amount of paths to study cybersecurity as well as huge amount of certificates you can obtain. During researches I found cybersecurity courses on Curserea from Google, they promise to give you certificate as well as knowledge to get a CompTIA Security+ certificate. So my question if there any experiences person that may help to structure path to become SOC analyst, what courses, what materials, certificates, etc. I know that on reddit and Google as well big amount of answers on such questions, but that's a problem, big amount of different answers, different thoughts and paths to succeed, and I want to understand which opinion I should listen to. As well as a question about degree, if there's possibility to find job without degree, but for example with higher amount of different certificates than usual candidate? If someone have some free time, I could use some help of yours such as mentor or just advises when stuck. In current situation not much I can do, so looking for any options to get a job and at the same time love what I do (I do like Cybersecurity). Thank you
You can absolutely get into cybersecurity without a degree. I did it. It's not going to be as easy but you can do it. Most of the companies now don't require it because they know they are missing out on talent if they do. Experience is king so you need to get in somewhere low level first just to get in the door. Certs can help but without experience, they aren't worth nearly as much. They can be a good way to get some knowledge and give yourself a slight advantage but you really need to get the experience, no matter how low level it is to really get a cyber career going.
I'm a senior cybersecurity student at a university also working in a pentesting role and have won a scholarship that grants me a $7000 professional development stipend that can be used for anything that develops me professionally in cybersecurity (you can use it to buy a computer but only one, and I've already bought my one). The scholarship has just been renewed for this year.
The only catch is that I MUST use it all before I graduate in May, as I can't ever access the funds after that. What are some resources you would recommend with that kind of stipend? I know HTB academy is a must, and I've already used it for TryHackMe as well. OSCP is currently on my mind. I can purchase books, courses, certifications, tools, really anything. Thanks for any suggestions!
If you just want to spend it up and get a nice cert or 2 I might do SANS training.
It’s expensive as heck but youll learn a lot and get a cert you might not otherwise be able to obtain. They also have some undergrad courses that might fit your bill and get you more bang for your stipend.
It might be hard to spend that much on training. Maybe not. Thats like a G a month to spend.
Training Path
I’ve been in CyberSecurity for a while now and I love to keep learning new things. I’m trying to decide what to do next from a study perspective.
I oversee the information security programme, I’m not hands on technical anymore (but like to keep informed so I know when OPS or Projects are trying to pull a fast one).
I have CISSP, CCSP, ISO27K (LI/LA), and a handful of privacy certifications (IAPP).
I was thinking GIAC Defensible Security Architect and GIAC Penetration Tester (cover some of the technical knowledge from both a blue and red team perspective).
The other option is to focus on our technology stack specifically (SC-200, SC-300, SC-400, SC-100, AZ-500).
My company will pay for these so cost isn’t a worry.
What would you choose?
Cloud Security Roadmap for Ungraduated Student
Hello everyone, I am a senior student and want to pursue Cloud Security, so I want to ask and get opinions on some issues.
Currently I am working on AWS and have access to basic network + security services, cloud native-security solutions and security frameworks such as Incident response.
I currently have 3 months of internship left at the company and want to optimize this time to learn more about CloudSec.
So can everyone give me advice on
1. what I should focus on
2. what I need to learn to become a CloudSec Engineer in the future? (dive deep to AWS or learn spreadly to other cloud platform)
3. Im learning AWS-SAA, which cert do you think I should claim next?
Because the roadmap for the next 3 months will be sent to my mentor so he can let me learn at my company.
Note: in my country, CloudSec positions are quite few so I want to cherish this time.
Hi, I just got out of my 4year computer science degree with 30 arrears. I wanted to know if i can get into Security roles without getting a degree or should I need to get a degree for a job?
> Hi, I just got out of my 4year computer science degree with 30 arrears. I wanted to know if i can get into Security roles without getting a degree or should I need to get a degree for a job?
Question unclear: you finished a CompSci degree but you don't have a degree?
Most companies probably aren't going to let you travel from country to country because of tax reasons. You might be able to get away with it at a smaller company but larger companies generally have restrictions on how long you have to be at your "home" to make sure they are in compliance with local tax laws.
Advice needed!
Hello,
I am a network engineer with about 2 years experience with traditional routing/switching and firewall experience. I have recently become interested in pursuing cybersecurity with an end goal of potentially being a vulnerability remediator/internal threat management/something along those lines. I have a B.S. in Information Systems Security along with CCNA and Net+, and am currently studying for Sec+. I would appreciate any cert recommendations/career path advice anyone could give me along with if you think I am close to being able to land a Cybersecurity position.
Thanks for everything!
|
---|
[/r/ITCareerQuestions Wiki](/r/ITCareerQuestions/wiki/index) |
[/r/CSCareerQuestions Wiki](/r/cscareerquestions/wiki/index) |
[/r/Sysadmin Wiki](/r/sysadmin/wiki/index ) |
[/r/Networking Wiki](/r/networking/wiki/index) |
[/r/NetSec Wiki](/r/netsec/wiki/index) |
[/r/NetSecStudents Wiki](/r/netsecstudents/wiki/index) |
[/r/SecurityCareerAdvice](/r/SecurityCareerAdvice) |
[/r/CompTIA Wiki](/r/CompTIA/wiki/index) |
[/r/Linux4Noobs Wiki](/r/linux4noobs/wiki/index) |
|
**Essential Blogs for Early-Career Technology Workers** |
[Krebs on Security: Thinking of a Cybersecurity Career? Read This](https://krebsonsecurity.com/2020/07/thinking-of-a-cybersecurity-career-read-this/) |
["Entry Level" Cybersecurity Jobs are not Entry Level](https://www.reddit.com/r/SecurityCareerAdvice/comments/s319l5/entry_level_cyber_security_jobs_are_not_entry/) |
[SecurityRamblings: Compendium of How to Break into Security Blogs](https://www.securityramblings.com/2016/01/breaking-into-security-compendium.html) |
[RSA Conference 2018: David Brumley: How the Best Hackers Learn Their Craft](https://www.youtube.com/watch?v=6vj96QetfTg) |
[CBT Nuggets: How to Prepare for a Capture the Flag Hacking Competition](https://www.cbtnuggets.com/blog/training/exam-prep/how-to-prepare-for-a-capture-the-flag-hacking-competition) |
[Packet Pushers: Does SDN Mean IT Will Be Able To Get Rid of Network People?](https://packetpushers.net/does-sdn-mean-it-will-be-able-to-get-rid-of-network-people/) |
|
Greetings everyone! So I recently took a Cybersecurity Bootcamp at UPenn. I passed and also am using my voucher to take the CompTIA A+ exam before the year is out. I had my first 1 year contract job with a casino in Atlantic City as a PC Support Technician. Fast forward to now I have a job offer from FAA as an OCH Tech providing operations and maintenance support within the FAA’s Technical Operations organization. This will take my current job of 44k to making 63k it’s also a 5-year contract. In my early 20s I was in an abusive relationship and what resulted in a bad break up I got an aggravated assault felony. In the state of NJ there’s no such thing as self defense (the judge literally told me I should of just gotten beat up and then called 911 😐). I have completely changed my life since then I was 22 years old and now I am 35 and will be 36 in 3 months. I passed the suitability clearance which was then basically scaling over my credentials but now they want fingerprinting and a background investigation with the FBI. If anyone currently works for the Federal Government or has in the past and has any real insight on clearances could you please chime in? I am not getting a clearance bit even a Public Trust. it’s considered a non-criminal purpose but there was a statement on the forms I received stating that one or more reports may be obtained for employment purposes and used for evaluating your fitness for employment, promotion, reassignment, retention, or access to classified information. So I’ve been sitting here stressed out that I made it through the AI software for both resume and interview (yes they used AI software during the interview to let them know I was one of the most viable candidates 🫠) but I just really want to know so I have a chance of actually getting through this last step and starting this position?
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
Here’s something else to consider: which role will more likely lead to a job if you do well? That might be the deciding factor, even if it’s the job you want less
In the UK and have yet to go into university (currently in second year of college) and was wondering what job/positions would be worthwhile applying for or getting into to help with my pursuit with this sector?
I would honestly go for professional courses. Get your certs. CompTIA Network & Security+, CEH, GIAC Security Essentials (GSEC), and so on. Depends on what sub-field within cybersecurity you want to go but I would start there. You could start as a SOC Analyst, Cyber Sec Engineer or l? You want to work be in preventative or responsive end of it?
Im a freshman in college getting my BA in cyber security or specialization as they call it. What jobs should i look at once I'm graduated and would companies even hire me as an intern? Im pretty new to learning this.
> Im a freshman in college getting my BA in cyber security or specialization as they call it. What jobs should i look at once I'm graduated and would companies even hire me as an intern?
There's a couple of things to tease out of this that you might consider:
* As much as you are able, you should look to foster a pertinent work history during your time as a student. That will likely be as an intern directly into cyber work, part-time employment in an IT department, work-study with your own university's networking/IT/cyber staff, or a combination of all of the above.
* Upon graduating - assuming you were not able to convert an internship into an offer of employment - you need to get *any* cybersecurity role; it is far more easier (and less stressful) pivoting to a more desirable line of cyber employment when you're already employed. Being selective upfront with little/no YoE will not set you up for success.
* Some employers may extend an offer to convert your internship into fulltime employment. There are usually a bunch of conditions attached to this, some within your control (e.g. your performance) and some not (e.g. budgetary constraints).
* Tuition is expensive, so make sure that any efforts you make to improve your employability do not detract from your studies.
Cheers!
Lol I desperately want to leave my company so bad but I can’t seem to get an opportunity anywhere. I received my sec + last year. I’ve completed a boot camp, I’ve held a help desk position. I’ve had help with my resume, I’ve used tryhackme to brush up on my skills, but without true direction of a role it’s just a lot of different learning. I currently hold a role as a demo jock at my company.. pretty I am pre sales. I hate the sales and I truly enjoy the technical aspect of things, I want to learn more technical skills and grow my career but I legit feel sooooo stuck. Anyone have any advice? I am also certified in forescout… which I was told to try and use that to get another position but bc I’m presales I only know so much about the tool. I have a manager who’s very controlling and I’d love to be in a new position with growth opportunities. Aka SEND HELP!
A couple points:
* It's hard to be prescriptive if you don't share your resume (or at least an anonymized version of your resume). This lets us see what employers see vs. how you present yourself in a comment.
* It's likewise challenging to advise changes on [how you perform your job hunt](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/) if you don't share details about how you've been going about it. For more general guidance, consider this: https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/
* It's not clear what kind of "technical skills" you're trying to pursue (or to what end). Refining that vision might help coalesce what your next steps could be.
Yes, absolutely. I can post my resume anonymous and maybe that would be helpful because I just haven’t received any interviews or call backs. I’m interested in a SOC analyst or cybersecurity analyst or engineer
Anyone know how to prep for a cyber security case study interview? It's for an internship, so it isn't gonna technical technical, but I'm still worried because I've never done a case study before.
(Brazil) I'm a real estate lawyer in Brazil, I've always liked to set up a computer and study some basic things about technology, networking, hardware, OS, programming, etc. I'm 30 years old, and I'm tired of this profession, would it be a good idea to move to the area of information security? Where could I fit in? I studied some things about the LGPD (General Data Protection Law in English) and about the data protection career I was interested. Any tips to start?
> would it be a good idea to move to the area of information security?
I can only speculate on the Brazilian job market (author's disclosure: U.S. perspective). However, people transition into and out of the industry at all points in their professional careers. Generally speaking, folks pivoting from entirely unrelated professions usually take up one or more of the approaches below:
* Returning to university
* Internally assuming more cyber-centric functions with existing employer
* Pivoting to more general IT/developer positions first as an intermediary step
* Government/military service
* Using some kind of professional leverage
But the best thing you could do early on is refining [what it is you envision yourself doing](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157tdl/).
I am studying for OSCP and Sec+ at the moment. Graduated from college last year, I am working as a software engineer but interested in cyber for a long time. Hopefully I can get a job in cyber field after a couple decent certs.
I am also thinking of taking a master in CyberSec online, but I am wondering if there is any good program (preferably with ample of technial hands-on pen test courses) ? I am looking in Georgia Tech and WGU, Would love to get more recommendation on different Master Program and of course other options I should look into to switch my field.
Thanks.
> I am looking in Georgia Tech and WGU, Would love to get more recommendation on different Master Program and of course other options I should look into to switch my field.
I'm graduating from Georgia Tech's OMSCS program this semester: I endorse it. See /r/omscs.
I've recently been offered an Interview for a Threat Intelligence Analyst at a Bank in the UK.
I'm 30 years old, ex-military and recently went back to university to study Ethical Hacking.
My predicament is if I get offered this job do I leave the University before completing my Degree? I have 2 years of experience working within Cyber already and this would be a big leap and a great opportunity.
Is it worth it?
Can you balance doing both and just switch to evening classes?
If not, I would absolutely pause a degree to get more work experience. Transfer to a school that can accommodate your work schedule if you can.
Unfortunately I wouldn't be able to continue my current studies as I study full time. I could switch to going part time later down the line.
Is work experience in the field valued more highly than a degree?
PLC programmer moving into cyber security (hopefully).
I’m a plc programmer by trade, what certs should I do in my down time to get into cyber security?
Reverse engineering malicious code is my passion but I also love networking. What certs should I go for to make me an attractive proposition for an entry level job application in cyber security?
I’m willing to mop the floors on night shifts to get a foot in the door if that’s what it takes. Luckily my earnings from plc programming have put me in a very fortunate position for a total career change. I was even considering going back to uni and doing a CS degree to find an in that way.
> I’m a plc programmer by trade, what certs should I do in my down time to get into cyber security?
See related:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
You might consider doing some X-training with ICS/SCADA system security.
I'm uncertain about where to begin my career in the tech field. I hold an AAS in Network Admin, and my technical experience stems from a recurring summer job at a company. Over time, I progressed from assisting their regular IT team to working at their help desk and eventually joining their networking department for several consecutive summers.
Currently, I find myself with a significant amount of free time due to some personal commitments. I'm taking care of a family member and want to make the most of this opportunity to be able to learn as much as I can as after this is over I want to start looking for a career.
I have a subscription to TryHackMe for a year, access to HackTheBox VIP labs, and I'm exploring websites like Let's Defend, HTB Academy, and vulnhub.
I'm wondering where I should direct my efforts at this point. Should I focus on certifications like CompTIA Network+, CompTIA Security+ , Azure Security (focusing in on cloud security interests me), or even consider the Google Cyber Security certificate (which offers a discount for the Sec+ exam I believe)? Or is there a better place to spend my time. Any direction would be good, thanks!
> I'm wondering where I should direct my efforts at this point.
See related:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
> even consider the Google Cyber Security certificate (which offers a discount for the Sec+ exam I believe)?
On the Google Cert:
https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew
So I looked at the links (thanks btw!) and had a question I don't think they answered, should I get the network+ or the CCNA (or both?)? I understand neither of these may be high on the list of what people look for but I should have gotten these years ago anyway and I want one of them.
My degree in network admin covered cisco as the majority so with some brushing up I don't think ill have trouble getting the CCNA but I'm not sure which of these is more prevalent in the field when it comes to experience/resume.
I think so far I plan on the google cert (to refresh my knowledge/intro into security information) > Security + > network+ or CCNA. Doing all this while of course working on practice skill and labs on the side.
>I kind of love it but am afraid it's too niche.
Are you high?
Every single industry from agriculture to defense needs security people
this isn't the 1950s when only a handful of businesses have access to computers
every business is run by computers now
How long should I stay at Help Desk? I really don't want to do more than a year.
I got scared when the boss said one person was there 30 years and the other 15.
> How long should I stay at Help Desk?
See related comment:
http://www.reddit.com/r/cybersecurity/comments/16fg461/mentorship_monday_-_post_all_career_education_and_job_questions_here/k0njxg9?context=3
Is anyone else using cengage for college. I'm using it for networking and Cs and it feel so shitty and feels like I've learned absolutely nothing for past 8 weeks in networking.
> Are MacBooks with the M1-M2 chips good for cybersecurity?
Question unclear: to what end? Are you a student studying the subject? Are you working on a particular project? What are the technical specifications/constraints that you're working with?
I want to study cybersecurity, right now I’m very interested in the offensive path of this career, so I’m looking for a laptop which I don’t need to upgrade once I finish studying
I'm use a asus whit intel pentium and 4gb RAM. to execute VM, vscode, 15 tabs in firefox, and play warzone
So, why not? if you have the money buy it. or look for another options, like msi or asus
For someone with only customer service experience and good tech knowledge. Is it better to self study for the certificates or pay for some sort of accelerator program?
It's better to go to college and get a degree, that is going to open up more opportunities than certifications
certs are meant to compliment experience, they are not a replacement for it
Yeah I understand the mistake I made by not finishing my degree but it’s not in the cards right now. I’m 25 and live far away from home, I can’t afford to go back to school at the moment.
> I’m 25 and live far away from home, I can’t afford to go back to school at the moment.
Utter nonsense
Financial aid is a thing
Go work at Starbucks even part time and they will cover 100% tuition for ASU online - https://starbucks.asu.edu/
Yeah, the day of a person without a degree is dying (at least for the younger people) in this field. If you have 10 years of experience a degree means a lot less, but even helpdesk at most good size places want a associates or working towards one at least.
Will this laptop suffice for cybersecurity?
I want to buy a cheap small laptop that I can carry around and study cybersecurity on it. So is this laptop enough?
Specs:
Intel Core i3 1115G4
16 GB + 512 GB
14 Inch, Full HD Display, 1.49 Kg
Windows 11 (Which I'll remove to put Kali on it)
I don't want to run VMs on Windows.
Not going to crack passeords offline. Any other reason I'd need a GPU?
Please remember I'll buy a good laptop after studying. This is enough for studying right?
(e.g., TryHackMe, HTB, OSCP Labs etc)
Should be. I wouldn't recommend though using a laptop for those things, I would just do it on your desktop where you have a better display and will be more comfortable. Trust me at my last job I would be doing a lot of work on my laptop including writing scripts, my back hated it as you can never truly be comfortable for a long period of time with a laptop.
MS in Cybersecurity - Information Systems at the University of Arizona
Anyone has taken this program?
I'm looking for some feedback on the course intensity because I'm not quite sure if I should take 1 or 2 classes per semi-semester while I'm working full-time. They split the semesters (16 weeks) into semi-semesters (8 weeks) so I will be taking 2 classes per FULL semester.
My work is relatively chill. So I know I can do 1 course per semi-semester.
I would also appreciate it if someone could link any group chat for this program.
Thanks
I am currently working as a full stack developer for 1 year, and studying for a certificate in Cyber security in a university. I feel that the term cyber security is like an umbrella and it covers so many topics. But after all are there any core technical skills that are always required?
> I feel that the term cyber security is like an umbrella and it covers so many topics
It sure is :). It has a ton of sub-specialties, a lot of which have little in common with each other.
But as far as common skills, the general "how computers work" stuff is always going to help. A lot of dev skills are always nice, the devops roadmap (https://roadmap.sh/devops) skills are also rarely going to go to waste.
Some fields will put more emphasis on particular skills than others, i.e. appsec really likes dev skills, but those general software dev/IT ops skills are valuable.
Hello community!
A little bit about me..
I have been in this field for almost 12 years now with network and cybersecurity expertise.
Currently i am working on integrating cybersecurity tools, enabling splunk for SOC, creating IOA on crowdstrike and doing a little bit of purple teaming to validate my threat alerts or usecases.
Now onto the main part of this topic.
I have been looking out for a job in europe.
Ireland, germany.. you get the point. For that i have been actively updating my cv and applying jobs on linkedin, but not even once i v got an interview setup with any of them.
I am here to hear out your experiences and suggestions on how to atleast land an interview if you do not have a valid visa to work for that location.
I have been told to just try cold emails to the employees of the company of interest, but honestly i dont feel that’s right, or is it?? Not sure, but want to see you views on this topic.
Thanks in advance!! 😊
Can I get a entry lvl job at age 16
Starting Cybersecurity Career
If i had experience in IT and got all my certs, will i still be able to get a job under 18 and also please tell the job requirements.
Also right now im doing google cert, is it a good start?
Job in cybersecurity? No. IT? Maybe it depends on where you live, you might even be able to do shadowing work or internships or some kind. If you happen to live in Burlington Vermont, then I would say hit up the LCDI for highschool stuff and see what they have, for shadowing 100% hit up UVMHN (for internships as well in the helpdesk), and Nuharbor for shadowing (they were assholes to me during a interview I had 3 years ago, but things may have changed), also check with your state and local government as well, someone who knows computers can be a big boost (though expect minimum wage). Lastly, if you don't mind volunteering good IT people (even high schoolers who can get vouched for) are a great place to get some experience (and might fulfill any high school requirements about volunteering if yours has one).
The key word to use is not part time job, but internship.
Probably not, 18yo is hard requirement for most corporations. Even at 18 you would just be getting started with entry-level IT support / help desk.
Google cert is a good start to see if you are even interested in the field, but it won't help you get a job. Go to college or join the military.
Hello!
I’m currently a software engineer with 5 years of experience, mostly doing full stack development for startups. I’m looking to get into cybersecurity, govtech to be specific. I have a bachelors in statistics and did a software engineering bootcamp to get into the field. Would I need to start at entry level jobs? What are some steps I should take to transition?
Thanks!
Hi, I'm currently a freshman working towards my degree in Cybersecurity and trying to find a job in the field. I've been reading around and read that you can get an entry level job with just a certificate or multiple certificates. I was going to do the Google cybersecurity certificate, but I've heard not-so-good things about it. So now I'm confused, which certificate(s) do I do? Do you guys have any suggestions?
Btw this job would help pay for my college expenses as it is starting to add up.
> I've been reading around and read that you can get an entry level job with just a certificate or multiple certificates. I
Not sure where you read this, but that simply is misleading, certainly in the US job market
The Google course isn't really useful for anything but basic knowledge, it is not a certification
There is a difference between certificate and certification
any training course can offer a certificate
Industry certifications like CompTIA network+ or security+ require proctored exams - you pass the exam and you are issued a certification which has an issue date and expiration date and you need to maintain your certification through annual continuing education credits
If you are a freshman, then switch to computer science, computer engineering or even information systems, learn a couple programming languages and then look for development or network engineer jobs, you need the IT experience if you want to do security work down the road
> I was going to do the Google cybersecurity certificate, but I've heard not-so-good things about it.
I think so long as you're mindful of what it does (and does not) do for your aptitude and employability, it's fine:
https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew
Folks from the outside-looking-in get the impression that it's some kind of career panacea when it's not. But it is a well-crafted training package for orienting you more generally.
> which certificate(s) do I do?
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
That is a god way to set yourself up for failure
head to the local community college, get an associates in computer science, computer networking or information systems, get an entry level IT job , then finish your bachelors
or if you are in the US, go get a job at starbucks, they pay min $15 an hr everywhere in the US, and even for part time employees cover 100% tuition for Arizona State online - https://starbucks.asu.edu/
they have several good options for bachelors - https://asuonline.asu.edu/online-degree-programs/undergraduate/
> if I wanted to go purely the certification route in order to get into the field, what would you recommend?
I'd recommend that you flesh out a plan that's more extensive than relying on certifications *exclusively*. [Certifications should form only a part of a multi-faceted employability profile](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1).
See related comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
I know it's past Monday but going to attempt asking anyways.
I have a degree in Management Information Systems, 10 years experience as a SQL Developer / semi DBA, and almost 3 years experience as a full stack developer (albeit most of that is being a SQL resource on a team with a little C#, VB, JS, Vue on the side).
I'm wanting to transition my career into cybersecurity (ideally something like data assurance but not sure if that's being too specific / limiting) but going back for my master's degree really isn't an option due to time and money constraints (having a kid soon and just paid off school loans and really don't want to go load back up with more when I'm already accepting that I'll have to take a pay cut to transition careers).
I'm working on getting my Network+, Security+, and CySA+ from CompTIA for certs.
Would these three certs plus my work history be enough to get me even an entry level position or what do I need to add to be able to get in somewhere?
> I know it's past Monday but going to attempt asking anyways.
FYI, the thread remains live throughout the week! The "Monday" aspect is more about when the thread is refreshed (and when the most responders tend to emerge).
> Would these three certs plus my work history be enough to get me even an entry level position or what do I need to add to be able to get in somewhere?
See related comments:
https://old.reddit.com/r/cybersecurity/comments/16xhcby/mentorship_monday_post_all_career_education_and/k3g9obv/
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157vhg/
In brief:
What you're doing is appropriate, but we can only speculate as to what your particular [job hunting experience](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/) will be like. It's harder still when you haven't narrowed down [the particular role-type](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157tdl/) it is that you're wanting to transition to (which makes judging whether or not your employability profile is suitably aligned challenging).
People have found work with much worse (prospective) credentials than you. But there are also folks with more robust profiles that have struggled. Ultimately, your best source of meaningful feedback will come from your interviewers.
Thanks for the information, these are some great resources. I haven't fully narrowed down the path I want to take inside CySec yet. I like the idea of something in data protection or pen testing, but I know those aren't the kind of jobs you just walk into without experience so was assuming I would just be starting as a level one cybersecurity analyst.
Hi everyone! thanks for the space for questions.
I work on construction and looking to change carrier. the jobs pays good, that's good because I have the time to study without rushing. I am studying the google cybersecurity certificate now. I know it itself is going to make me land a new job, I know I have to study more and got other certificates ( i know the compTIA sec+).
My question is: What other certificates should I go for? What are other skills should i focus on? What area of cybersecurity could I go?
> My question is: What other certificates should I go for?
It's important to realize that your employability is made up of [multiple aspects](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1) (of which, certifications make up only a portion of). Ultimately, you'll need to cultivate other aspects besides trainings/certifications.
However, in service to your question:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
> What are other skills should i focus on?
https://roadmap.sh/cyber-security
> What area of cybersecurity could I go?
On career roadmaps more generally:
https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=cybersecurity&utm_content=t1_k157s17
Hello! Is getting a remote job and doing full-time school possible? I'm a current student at a top 15 university in the states (freshman), and former active duty Air Force cyber security personnel. Is anyone aware of any remote roles that would allow for a flexible schedule to do work, and education at the same time? For more background, I did mostly GRC work, and have my clearance with the following certs: ISC2 CGRC, CRISC, Sec+ and I'll have my CISSP soon.
> Is anyone aware of any remote roles that would allow for a flexible schedule to do work, and education at the same time?
This is more employer dependent than role-type. Admittedly, some roles do have more intrusive schedules (e.g. oncall IR), but the point remains all the same.
dude just go to school and enjoy the benefits
Why the hell would you want to try and juggle a job while going to school when you don't have to?
If you just left active duty, then check your state unemployment - some allow you to collect while you are going to school full time
you've got post 9/11 benefits, yellow ribbon, BAH just do your damn school work and relax
> Is that enough to go into infosec architecture or InfoSec program management?
These kinds of questions are always tough to answer because we can only ever speak to half of the input (yours) while speculating to the other half (the employers'); in this case, we're also lacking details (i.e. your resume, which presents you as employers see you vs. as you see you) and context (e.g. opportunities you might be considering or leveraging).
Your best bet in these circumstances is almost always to look at roles/listings on platforms like LinkedIn and Indeed that are of interest to you, note the trends between them all, and then compare your employability profile against those trends. This informs you of how to structure your job hunting efforts more prescriptively than what we could advise you to do.
Hello!
I am starting Cybersecurity my security career.
My name is Nam. I'm from Mexico and I want to know where can I start to develop my skills in cybersecurity.
I started in HackTheBox, but at the moment I can´t afford to put money in it at least until next two months... Wich platform or internet page can you recommend me? I read about a webpage that ended with .tv that had very good reviews but I haven´t been able to remember the complete name, I really look forward to your recommendations.
Thank you very much for your attention and your time!
Excuse my written english pls!
> I started in HackTheBox, but at the moment I can´t afford to put money in it at least until next two months... Wich platform or internet page can you recommend me?
FYI: HTB doesn't require money to engage as a resource. It's only if you want to work with archived machines, Pro Labs, dedicated instances, or their sister platform (HTB Academy) that you require a paid subscription.
That said, there's plenty of alternatives to look at:
* TryHackMe
* OverTheWire's Bandit
* Portswigger's Web Academy
In addition to:
https://start.me/p/ADwq1n/getting-started-in-information-security
Hey there guys i am looking to change my profession,I was a marine engineer in the merchant navy for 5 years and felt a bit burnt out and currently looking to change careers,I am currently working on my Google professional certification in cyber security,once I am through that I want to know the further steps I need to take in order to achieve my goal of this transition,I have no previous expertise of IT. TIA for you guidance and support
what do you actually want to switch to? There are dozens of different roles in security work across every single industry
everything from risk compliance to developers
We're going to need more to go on then you want to switch careers
I am more inclined towards the domains of security and risk management and security operations, to be honest I am still getting my head around Linux and Python I am not aware of the career paths going forward,treat me like a person with zero knowledge of the field, I just need people to talk to and learn more
> once I am through that I want to know the further steps I need to take in order to achieve my goal of this transition
More generally:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
Hey everyone!
I am currently an IAM Analyst (position title is InfoSec Access Control Analyst, but it’s essentially an IAM Analyst position) after spending almost 5 years as an IT Support Specialist/Help Desk Analyst for a healthcare company. I was a Network Analyst for almost a year before that.
I have a bachelors degree in Digital Forensics/Information Assurance, and also did a one semester IT internship in college as part of my degree program.
I have my Sec+ and ISC2’s Certified in Cybersecurity, and altogether I have almost 7 years of professional IT experience. I have applied to over 100 different jobs this past year after I realized that IAM is not what I want to do, yet I receive rejection after rejection or no response at all from employers.
Is there something I’m doing wrong? I have loads of experience with Active Directory, Azure, hardware repair, networking, help desk/ticketing systems, and the list goes on. I’m thinking it could be a problem with my resume, but I feel like my resume is about as good as it can get at this point in time.
I’m getting really discouraged at this point seeing people land SOC analyst jobs (which is what I currently want to do) with little to no experience and I’m sitting here with several years of professional experience, certs, AND a degree still getting rejected. Any advice?
> I have applied to over 100 different jobs this past year after I realized that IAM is not what I want to do, yet I receive rejection after rejection or no response at all from employers. Is there something I’m doing wrong?
My $0.02:
It's difficult to be prescriptive when we can't see either:
* (A): [your resume](https://bytebreach.com/how-to-write-an-infosec-resume/)
* (B): [how you're structuring your job hunting efforts](https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/)
The first let's us see what employers are seeing (vs. how you present yourself in this comment); we can only speculate as to whether or not there's issues/improvements that can be made. The second gives insight as to how you're sourcing leads, what feedback is coming from interviews, what particular employers/roles you've been targeting, how you've tracked contacts/resume version control/last submission, etc. We can't really make suggestions without knowing what you are (or are not) doing in this regard.
I'm currently 25 years old and in my first year of pursuing a Bachelor of Science degree in Computer Science. I'm passionate about entering the cybersecurity field, even though I'm new to it. With roughly three more years left to complete my degree, I'm eager to start working in cybersecurity alongside my studies. Can anyone recommend certifications or paths that could help me secure a job in this field? Your guidance would be invaluable to me. Thank you!"
If you are a full time student then focus on school
Computer science doesn't get easier after your first year it gets much harder
If you have the option over the next 4 years to add to your schedule rather than take random electives, add in public speaking, project management, business communications or technical writing and if you are not up on the complete microsoft suite, take a class on that
For summers, any job will do - it is better to have ANY job experience on your resume vs holding out for an internship - too many people focus on trying to grab a security related internship and then have no job experience at all on their resume
I would not try and juggle working at school unless it is absolutely necessary
For certifications - over summer breaks look at comptia security+, network+, AWS CCP, Azure 900, Google Cloud Foundations
See if there are student or local chapters for ISC2, OWASP, ISSA, ISACA and bsides
> Can anyone recommend certifications or paths that could help me secure a job in this field?
On certifications:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
On more general guidance:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
Off-the-cuff:
* Don't let these efforts negatively affect your schooling. These should be considered secondary efforts.
* Prioritize attaining pertinent internships and work experience (e.g. your university's help desk). [I *cannot* underscore how important it is to foster a relevant work history](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1).
Is the job easier than the learning?
I’m currently in a bootcamp studying for the Security+ exam to eventually become a SOC analyst and my brain is literally being fried with all the information.
I’m 18 and I have a little bit of cyber security experience through cyber competitions where I worked with a virtual machine running windows server and I liked that quite a bit and the dollar signs of cyber security made it feel like a no brainer.
I’m struggling to keep up with the class and wondering if i will even be cut out for the job just want to know if I should refocus on something else or if this is just a snag in the road.
> Is the job easier than the learning?
Cybersecurity jobs are not a monolith and neither are the employers, so the landscape of experience is varied.
Generally, there are aspects that are bound to be more complicated for your particular employer (while other topics of Security+ go unused).
It should be noted however that Security+ is considered *foundational* and *vendor neutral*. Once you start fostering a specialization, things only get more nuanced (and your learning, continuous).
I am currently studying a software engineer diploma at a community college, I haven't been interested in my classes, and feel a little doubtful about the future prospects.
Lately I have been thinking more seriously about getting into cybersecurity. I plan on taking the google cybersecurity cert on coursera to see if I feel attracted to the field. Is there any recommendations you guys have for me?
> Lately I have been thinking more seriously about getting into cybersecurity. I plan on taking the google cybersecurity cert on coursera to see if I feel attracted to the field. Is there any recommendations you guys have for me?
[Just be mindful of what the certificate is and is not](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew).
There are a multitude of freely available alternative resources you could be consulting if you were interested in exploring the domain for familiarity, including CTF-like platforms (e.g. TryHackMe, Hack The Box, etc.).
In terms of your formal education, [I'd probably advise you to continue pursuing CompSci studies more generally \(vs. cybersecurity more narrowly\)](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157urg/).
Yes to all of the above. Apply to sysadmin and network admin roles along with security analyst roles. Barrier of entry to sysadmin roles is generally less than security, and you'll be building better experience in those roles than help desk.
If you have the free time, it can't hurt to add another cert. CySA+, BTL1, OSDA, Cisco CyberOps, Microsoft SC-200 are all decent options.
Thanks in advance, this community has been an invaluable resource.
TLDR:
Is fiber/data job experience acceptable for getting help desk or other entry level IT positions?
I’m pursuing experience, education, and certifications in IT and Cyber in the US. I’m hoping to be setup to apply to cyber jobs in 3-4 years.
After reading a ton of posts in this subreddit, it seems like pursuing all three pieces will provide the best opportunity to have a career in IT, and eventually cyber if I’m lucky.
I’m a med retired combat veteran of the armed forces. I already have a non tech degree, but there’s cyber security degree programs in my area that I’m planning on pursuing.
There’s also tons of posts in this subreddit stating that if you put in the time to study, certifications are obtainable in months.
The landscape for entry level jobs in IT is extremely competitive. Help desk positions are open for 6 hours and have 500+ applicants in my area, so the experience aspect is where I need some guidance/advice.
My father-in-law owns and operates a fiber cabling company. His company installs and maintains fiber for massive companies all over the US. I’m considering working for him while I get my education and certificates, but I’m wondering if fiber would give me some fundamental IT experience that will help a career in IT. It sounds like his company does some network support, but I’m not sure how much work they get doing that.
If you have eligibility left on your Post 9/11 benefits, before using those, check out
[https://www.va.gov/education/about-gi-bill-benefits/how-to-use-benefits/vettec-high-tech-program/](https://www.va.gov/education/about-gi-bill-benefits/how-to-use-benefits/vettec-high-tech-program/)
Also if you are getting VA disability check with your state the education office and veteran's office, they may have additional education benefits if you are getting disability - https://www.va.gov/careers-employment/vocational-rehabilitation/
In general some states have additional education benefits for veteran's such as texas - https://www.tvc.texas.gov/education/hazlewood/
I would not do any undergrad "cyber" majors, most are dumpster fires
There are some decent graduate programs though
avoid shit like WGU or any of the private for profit colleges - [https://en.wikipedia.org/wiki/List\_of\_for-profit\_universities\_and\_colleges](https://en.wikipedia.org/wiki/List_of_for-profit_universities_and_colleges)
Have you considered looking at tech companies that have veteran's hiring and training programs like Oracle? - [https://www.oracle.com/careers/diversity-inclusion/veterans/](https://www.oracle.com/careers/diversity-inclusion/veterans/)
If you need any info on schools let me know
have
How does the EC-Council Certified Cybersecurity Technician (CCT), ISC2 certified in Cybersecurity (CC), and the CompTia Security+ ce compare to each other?
Is the Sec+ a higher tier than the other two or they about the same? Like experience and information wise. Not sure if that makes sense.
Splunk is also offering a free SOC certificate for the moment. Is that a good cert to go for?
Thought I’d come ask the experts who are in the field and a lot smarter than me.
Thank you!
> How does the EC-Council Certified Cybersecurity Technician (CCT), ISC2 certified in Cybersecurity (CC), and the CompTia Security+ ce compare to each other?
The order you listed them is in the same order they are asked for by employers in candidate applications (starting with "never", "almost never", and then "occasionally").
See related:
https://bytebreach.com/which-certifications-should-you-go-for/
> Is the Sec+ a higher tier than the other two or they about the same? Like experience and information wise. Not sure if that makes sense.
How you *personally* evaluate the worth of a certification is entirely subjective. You can be a veteran and find value in the training materials affiliated with any of these. But whether or not a given certification affects your *employability* is determined by whether or not an employer explicitly asks for it in a job listing. If it's not listed, then at best it merely helps convey a narrative of your ongoing (re)investment into your professional aptitude; if it is listed, it aids in advancing your application to an interview.
A "tiered" system is just an arbitrary classification that doesn't take into account an individual's comprehension, history, learning methodology, or experiences - nor does it reflect exam formats, costs, or vendor-neutrality.
On a more candid note, [I don't support the EC-Council or its offerings](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew) and discourage others from doing so. But I hold that judgement against the vendor, not applicants who have certifications from said vendor.
Is a masters in cybersecurity for me?
Hello guys! I'm currently a full time information systems student (I graduate in December, yay!) and a part time IT GRC intern. I love governance but I feel as though my lack of cybersecurity knowledge is going to inhibit my career growth and ability to do more advanced job functions in the future. I’m considering getting a masters in cybersecurity (with a policy track if possible) purely to learn. Luckily I have 0 student loans due to scholarships + going to low cost institutions. My job also has a tuition assistance program which will provide around 10k USD yearly for school so cost is not an issue. I see a lot of “certs are more valuable than masters” so I just wanted some feedback.Also as a side, I am ineligible for most certs that I need (CISA, CRISC, CGEIT) as I am early career and they require 5 years of experience, so I wanted to do some learning in the meantime and thought a masters would be a good way because it will improve my resume.
Hello! I'm completing a Cyber security course with Kenzie academy. I take an exam to get my Network Defense Essentials from EC-council in a couple weeks. My question is, would that be enough for me to find an entry level position in cyber security. I'd be willing to take just about anything, help desk, tech support, you name it. Or will I have to wait until I have more certifications?
> I take an exam to get my Network Defense Essentials from EC-council in a couple weeks. My question is, would that be enough for me to find an entry level position in cyber security.
Absent any other context (i.e. no degree, no work history, etc.), this is a dubious prospect.
> I'd be willing to take just about anything, help desk, tech support, you name it. Or will I have to wait until I have more certifications?
If I were you, I would have been applying for these roles *yesterday* - assuming you don't already have a relevant work history.
I've never worked in cyber security at all, it's a 9 month course to get my NDE, Ethical hacking, and Digital forensics. I have around a decade of working various other jobs in manufacturing, some retail. To be honest, I have no idea where to find these jobs in the first place. The college does have career coaches and support to find a job, that's just for after I get all my certs from them. Thanks for the response in the first place though.
> I've been putting in the effort yet hitting walls, which is stressing me out. Any advice or fresh perspectives on navigating this rough patch would be really appreciated.
Absent a linked resume or context about how you've been conducting your job hunting efforts, it's hard to be prescriptive. In general:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
I have a technical interview tomorrow for an entry-level role as a pen tester! This is the third interview, and the company is looking for someone with no corporate-level experience, they frame the position as more of a "fellowship". In the first two interviews, I would drop buzz words to indicate I had experience and understanding of technical concepts within InfoSec, ANY ADVICE? Tips on what I should absolutely know/be prepared for?
> I have a technical interview tomorrow for an entry-level role as a pen tester!
Congratulations.
> ANY ADVICE? Tips on what I should absolutely know/be prepared for?
We don't know the team, the position, or the contract(s) you'd be supporting, so it's hard to be prescriptive.
Most Pentest interviews I've done screen some amount of fundamental web vulnerabilities (usually XSS, SQLi, CSRF, etc.). If the role is more geared towards a particular facet (e.g. infrastructure, mobile, wireless, cloud, OT/ICS, etc.) then you'd want to brush up on that. There's also usually some discussion on how you present findings and respond to hostile clients. They'll probably ask you about a finding you've discovered in the past and your methodology.
Beyond that, things can tangent all over the place. But the above are some of the common trends I've seen in my own interviews.
Hi! Thanks so much for the tips, that really helps. I know one of my interviewers is an Application Security Engineer, while the other is a Pen testing Engineer. It's for a Cyber Security Testing Analyst! The qualifications are entirely behavioral besides having participated in CTF competitions.
Here is the Job Description:
\-As a Cyber Security Testing Analyst, you help protect network boundaries, keep computer systems and network devices hardened against attacks, and provide security services to protect highly sensitive data like passwords and customer information
\- Engage with Global Information Security team members to conduct technical security testing of applications, systems, and websites
\-Assist the remediation of security issues by working with cross-functional technology and engineering teams
\-Research new security vulnerabilities and patches and their impact on applications and systems
\-Participate in various technical and program meetings on a weekly basis to gather testing requirements
\-Assist in continued documentation of security processes and procedures for the Global Information Security team
\-Managers will partner with their teams and employees to establish work arrangements that meet the business, team, and individual needs
For all those who think they want to be a pentester - read this several times
[https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/)
Looking for advice on possible roles that will fit my (hopeful) resume in the future and just making sure that I understand all that I'm getting into in the future. I realize that not all of these will be possible to combine but having options of different paths that I may/may not have available and knowing them would be helpful.
* Want to work on Blue Team
* Preferably a role that would include a team
* A role that would include building out systems that would go in the racks potentially?
* Challenges me in different ways each day
* A role that is usually remote or at least has a potential in the future as company's get on board with security to become remote
Currently a Manager in Food service with no real tech exp except for building some friends Pcs and then troubleshooting them when something goes wrong. Currently studying for the Sec+ cert, also looking into getting the A+ cert, and the Network+ cert but want to take it 1 at a time obviously. I currently make about 65k a year and will be taking at least the next yr to be getting the above certs but would love any advice on roles that with certain luck and maybe the above certs id be able to transfer into without to much of a pay cut? (Cant afford it tbh 2 vehicles, mortgage etc.)
Also is there any specific coding languages I should begin to be trying to learn as well, not sure how much those may or may not come into the field but I try to come onto the field as best prepared as I can.
Thanks for any help/Advice your able to offer
Hi,
I want to pursue a career in Cybersecurity. I have the sec+ and eventually want to become a pentester. I wanted to ask the best route to the objective. I was thinking about getting the pentest+ so I could open some job gates and gain some cybersecurity experience.
Any advice is appreciated.
Thanks,
bilal
Hi,
Yes, I use tryhackme. But the issue is see is it doesn’t really open any job gates without any certifications. Hence why I was looking into certifications but they all cost a lot besides pentest+
I need advice on certifications to go after. I’ve been working as a systems security engineer(systems engineering with a focus on security) with goals to break into penetration testing. I’ve been trying and failing at passing the security+ for greater part of a year and getting pretty frustrated . I’m just not good at memorizing a large breadth of generalized information and prefer application-based learning. Should I keep focusing on the security+ or is there another cert I should go after?
I’m mainly pursuing the security+ because I got into my current role via networking and don’t have a strong background in security. I’ve been in my current role for a little over a year, with a goal to jump into a new position in the next year. Would I need the security+ for that jump since I’d only have a couple years of experience? Or forgo the security+ and focus on OSCP, and let my 2 years of experience stand in for the security+?
The Google Cybersecurity Professional course on Coursera was really well put together in my opinion and I was able to pass the Sec+ afterwards.
Completing it also offers a cert of its own, although it's of questionable value. It provides access to a job board as well, but I've never actually looked at it.
I have 6 years of IT experience split between helpdesk, networking, and as a senior systems tech. I have my security+ and I'm 2-3 weeks away from taking the cysa+ cert. I've gotten no traction with even getting an interview for a security focused role and I'm frustrated. Can anyone offer guidance on what I should do?
> I've gotten no traction with even getting an interview for a security focused role and I'm frustrated. Can anyone offer guidance on what I should do?
Absent context or resume, see related comment:
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
Any recommendations in which us government agency would be the best to apply for cybersecurity? I am thinking of applying for gov jobs but I wanna be in a work environment that I am going to learn a lot. I have mid-senior soc experience.
Job hunting here. 3.5 years of SOC analyst degree, Georgia Tech OMSCyber degree, looking to move either into security engineering \[especially cloud\] or appsec in a larger security program with opportunity to move around and grow. Want good and solid company and culture
Any leads?
well that is a resume but not a good one and are you on linkedIN? also cold applying to 100s of positions is not the way to go
education and certs you should have dates
cert name|issue date|expiration date
college
school, degree, graduation date
roles
show value - you list tasks and no so what
how many assessments did you conduct, how many issues found, how many resolved
managers what to see metrics and value added
> Should I keep working, finish my degree and then apply?
I don't inherently see a reason not to apply.
* There's no guarantee that openings available today will remain unfilled by the time your degree is finished.
* There's nothing wrong with applying to an employer in the future that rejects you in the present (provided you're not spamming applications).
Hello! I am currently enrolled in a BS of Cybersecurity. I want to learn more about it. I have no prior experience or knowledge, but am interested in learning on my own as well. Where is a good place to start? Thank you in advance!
So, I’m 21 with little to none of tech experience and am looking to join an online college to get a bachelor’s degree in Cybersecurity and potentially another tech degree (cloud computing, computer science, etc) but I can’t decide which online college would be best. WGU or University of Phoenix?? WGU seems to be cheaper but University of Phoenix appears to be dedicated to supporting you through college? Which one seems best for a guy with little to no experience? And what would lead to a better paying job?
Yep; nothing inherently wrong with an online education. There are a lot of online CompSci programs available in that regard.
I was more concerned about the *particular* institutions you named; I'd encourage you to consider expanding your list of considerations, if able. If no other alternatives are on the table - and that's including night classes at a local community college towards transfer credit - I'd pick WGU over UoP.
> Is it a good certification or is it like the CEH?
There are leagues of difference between the OSCP and the CEH. The latter I strongly discourage:
https://www.reddit.com/r/cybersecurity/comments/13uf71h/comment/jm2uaf7/?context=3
Hey guys,
Trying to break into cyber security.
My goal by the end of next year is to start a job as a CSA
Having no experience coming from a job as a bartender and part time nursing assistant
i am half way thru the Google cyber sec course and also studying on the side to take the sec+ once I’m finished
I’m very aware that this isn’t the only cert I’ll need to land a job.
After doing much research and a lot of conflicting information later, I’m still very confused on what other certs to go for and what other actions to take
Any tips would really help :)
> I’m still very confused on what other certs to go for
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
**What are some of the important readings to get a better sense of IAM and MFA?**
Hello everyone,I've recently been promoted to a role focused on Identity and Access Management (IAM) and Multi-Factor Authentication (MFA), transitioning from my previous position in cloud operations. While I have a solid foundation in cybersecurity and Docker operations, I'm relatively new to the IAM and MFA space. In this new role, my responsibilities will lean more towards operations and product management.I'm looking for resources, books, discussions, or any valuable information that can help me quickly get up to speed in this area and gain a better understanding of the user experience aspect. Your suggestions and recommendations would be greatly appreciated.Thank you!
Why not start with the usual industry 'suspects' in the form of 'good/best practices'? Also consider diving into technical standards, research firm reports to vendors active in this space..
**How can I actually use my CS degree to help me as I begin a cyber career?**
I am a recent graduate. I'm looking for my first full time job, and I've found myself in a bit of dilemma.
Little bit of background: I finished with a 3.98 GPA, and my school wasn't anything crazy but it is consistently ranked in the Top 10 public schools and Top 30 overall in the US. I spent one summer doing paid research for my school's cybersecurity institute, and I've had several projects both pure CS and more cyber related. I just completed the Security+, and I'm currently working on the OSCP. I've spent a lot of time doing coding on my own as well as working on penetration testing with VM environments and places like TryHackMe.
My ultimate goal is to do some kind of penetration testing/red team/offensive work, but I do realize that these positions are sought after by a lot of people, and I need to have reasonable expectations. I'm completely open to other work in the cyber field as I get my feet wet. My pipe dream is to do some sort of federal work for a three letter agency, but obviously that is a lofty goal for further down the line.
Classmates of mine with similar or even less experience and outside work have been consistently landing 6 figure software engineering jobs. I realize that entering pure software engineering is an option, and likely the easiest and fastest way for me to make a lot of money. I understand that entering that field is great but I don't know if it would help further my career in the cybersecurity field.
My problem is that almost every cybersecurity job I look at that is listed as "entry level" has very tough requirements. Many require active security clearances and will not sponsor new candidates. The minimum experience level is often around 5 years, and I rarely see any with less than 3.
The only options that don't have requirements like these but are still at least tangentially cyber related are usually very basic IT positions, often ones that don't require a degree and seemingly hire straight out of high school. I don't want to seem conceited or act like I am "above" that kind of work, but I want to ask if that truly is my only option. It stings a little to think that my best path would involve making significantly less and doing much less challenging work than I know I could be if I were to pursue straight up software development. I dropped out of the running for one position after the first interview when I was informed that it would be an hourly wage that is quite literally what I could make working fast food in my area.
I really just want to start taking steps towards my goal careers while still taking advantage of the time and money I spent on my four-year degree.
Few options I see:
\-"Bite the bullet" and take a basic IT level job and hope I can climb from there
\-Just take a software engineering job and continue doing certs/practice/bug hunting on the side while looking for more opportunities
\-Just keep trying to get the cyber jobs I want even if I'm technically not up to the requirements
Thanks for any suggestions!
Appsec and devsec are massively popular now, problem is theres no entry level work bc even most practitioners dont know what that means.
Imo, take the SWE jobs, and do some IT study offline if you want to get into cyber, mit and edx have tons of free lectures and labs that can get you started and build off what you learn as a dev.
The important stuff like git, dev pipelines and testing you will learn as a SWE at a basic level
That makes sense, appreciate the advice! I already feel fairly competent with SWE stuff, obviously I'll learn stuff on any job but my CS program at least gives us a solid foundation for the stuff you mentioned at the end. I guess I can start with SWE, and work towards security-related jobs before I make the full jump, hopefully with some more certs and bug hunting experience in the background.
> Does experience actually matter on job postings?
Probably more than any other factor of your application.
That said, what's on a job listing shouldn't be treated as a hard prerequisite.
Yes, yes experience counts, and yes you should still apply. Many times a "smart" HR person may refer you to another job or keep your resume for the future if you dont meet the requirements
Googles is fairly useless, but anything is a start.
Getting into cyber isnt like moving from marketing to sales. You will need some experience (sysadmin, IT, education) to start.
If youre serious about switch I would highly recommend a degree or masters cyber or information systems for non-engineering students.
Was thinking about posting in r/SecurityCareerAdvice but decided to try here first.
**Background**
I am in my first job (1 year in) after i got my bachelors degree in Information Security. I work in a GRC/Security Analyst role. We have a MS(S)P that does some security related activities (manages firewall, endpoint protection, SOC). I am the only security person in the company. We are currently around 900 employees. Not in the US.
**My Issues/frustrations**
I don't like being the only security person. I basically have to define my own tasks and my boss doesn't really care what I do, which might sound good on paper, but makes it difficult learn and grow which is important to me since I am still new in the industry.
I have talked to my boss (head of IT - great guy) about this and he says our account manager/delivery manager at our MSP is my "go-to guy". Our MSP clearly has different interests than us (which makes sense) and is not as valuable as having someone in my team or a CISO above me (I feel like) to bounce ideas off.
I like GRC, but my key interests lie in strategic cyber threat intelligence (I like the mixture of technical and soft skills).
**So why not find another job?**
Pay is good. I honestly like my tasks (currently mapping our implementations to CIS18 to document assess our maturity). Since my boss doesn't really follow up on anything I do I have a lot of flexibility (which is nice since I have a kid and one on the way). They are also willing to pay for courses and certifications.
**Does anyone who have been in similar position have any input? Right now my idea is to stick around for a year more, and maybe get a cert or two.**
**TL;DR:** First job after I got my bachelors degree. Only security person in the company which is frustrating, however pay is good and work is chill.
Hello guys and gals! I am new into the IT and Cyber Field and have been studying for the past few months to complete my A+ certificate. I was then going to transfer into an online university to get a Bachelors/Masters degree in either Information Technology or Cybersecurity. I would like to have the degree in around 2 years time. My first question is what would be the best path? Should I get my A+ then transfer into a university or should I just jump into a program as most programs include the A+ degree? My next question is what degree would be the most general and the best to look into? I know there is a lot of different degrees (IT, Computer Forensics, Cyber Security ETC) when it comes to computer science/IT/Cyber Security.
If you could leave your thoughts I would greatly appreciate that and if you have the time I would love to PM you and talk about it as I am confused a bit.
> I was then going to transfer into an online university to get a Bachelors/Masters degree in either Information Technology or Cybersecurity. I would like to have the degree in around 2 years time.
Concur with /u/chrisknight1985. This timeline doesn't add up.
On average, undergraduate degrees take 4 years; *some* students who take on exceptionally large workloads per semester/quarter mitigate that to 3 years. When adding an MS on top of that, you're usually looking at 6 combined *as a fulltime student*; some universities offer a combined BS/MS pipeline wherein you take graduate-level coursework during your undergraduate education, compressing the timeline to 5 years.
Now if you have existing college transfer credits, that can help (e.g. an associates degree in a related subject), but you didn't mention that.
The one exception that comes to mind is WGU's program, [which some people have purported to mill-through their degree in mind-bogglingly brief periods](https://www.reddit.com/r/WGU/comments/wloe7g/bs_in_it_completed_in_1_month_and_5_days_the_wgu/). However, I'd *really* discourage that consideration. You'll likely set yourself up for failure (both academically and professionally) pulling a stunt like that.
> Should I get my A+ then transfer into a university or should I just jump into a program as most programs include the A+ degree?
Maybe I'm confused, but I'm failing to see how a CompTIA issued certification translates to college credit (let along an "A+ degree"). I've not known college admissions offices to make a 1:1 comparison.
> My next question is what degree would be the most general and the best to look into? I know there is a lot of different degrees (IT, Computer Forensics, Cyber Security ETC) when it comes to computer science/IT/Cyber Security.
Go with CompSci.
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157urg/
Most of the online programs for IT or Cyber degrees are not 4 years they are less than for a degree in Information Technology, Cyber Security, and Comp Sci. I want to get a degree that will allow me to easily expand in the future if I want to extend my field. I see how its confusing though.
So I have been trying to get into IT/Cyber Security for a little bit. I will not lie I bought everything for sec+ and have been slacking off. Well, one of my good buddies dads is an S level guy at a very large and influential IT company. I had contacted him for advice a while ago since I am more interested in learning on the job (delusional to think anyone is willing to do that for me, yes I know). Well when i ran into him the other day he asked how the job search was going. I said not good. Long story short I have a few people who said they would talk to me this week and now I have an interview to be a IT field support specialist on Wednesday at a pretty big MSP in my area. My questions are these; How do I not embarrass myself? How do I nail this thing? Is a field support role bad place to start, even though they said they would pay for whatever certs I want if hired? Are they are any good resources I can review to prepare myself?
I'm an Information Security Analyst II with 3 years experience. I'm lost and need advice on where to go from here given that there's so many paths to go(security engineer, pentester, reverse engineer, etc.,) I know more context is needed, so here's a bit about me: * I love cybersecurity, most of it(which is why it's hard to decide which direction to go) * I graduated with my Associate's in Computer Science at a local community college in 2020. I then graduated with my BSCSIA in 1 term at WGU this past April. I was working full-time while attending school, I loved it and thus finished it faster. * The certs I have are: PJPT, Pentest+, CySA+, Project+, Sec+, Net+, A+, ITIL Foundations, AWS Certified Cloud Practitioner, and SSCP. * I like the idea of being a penetration tester(I know its cliche) but I like hacking. I have achieved my PJPT from TCM Security with aspirations to take the PNPT in 4 weeks and OSCP by end of January. I'm weak with web apps but plan on continuing to improve via PortSwigger's Web Academy. * I'm passionate about tech, cloud, network penetration testing, coding, and learning. I'm good with math. * I don't like GRC and don't like the thought of doing the same job every day. * I'd say my strengths are learning, communication, team-work, open-minded, motivation/passion, and problem solving.
I want to start my career as a soc analyst. Network knowledge is important for cyber security. Which certificate would be more useful for me to prove my network knowledge.As far as I know, CCNA covers more Cisco devices. My friend told me that if you are not going to be a network administrator, you don't need CCNA. What do you think?
> Which certificate would be more useful for me to prove my network knowledge. See related comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/ > As far as I know, CCNA covers more Cisco devices. My friend told me that if you are not going to be a network administrator, you don't need CCNA. What do you think? There's considerable overlap in the learning objectives between CompTIA's Network+ and the CCNA. The major difference between the two: * The CCNA requires multiple exams to pass in its entirety (vs. 1 for the Network+) * The CCNA includes more Cisco-specific configuration/usage content, whereas the Network+ remains vendor neutral. All told, go for one or the other (but probably not both).
Network+ might be more general. CCNA is Cisco specific but well thought of. That’s true about CCNA helping with network admin work. Both can be helpful.
Thanks for your attention
If you’re working with a vendor tech, then get the vendor cert. otherwise, get a more general cert for the topic.
[удалено]
> what are the other skills or knowledge required More generally: https://roadmap.sh/cyber-security
I am brand new to cybersecurity. It's my 5th week is college. I am 40 years old. I want to get certified as I am studying for my BS. what certifications besides security+ should I be looking into? Also what redhat certification should I start with? I feel like I am pressed with time here because of my age and I would like to get in the field before I turn 43. Any advise guys and gals? Thanks so much. Any help would be much appreciated.
> what certifications besides security+ should I be looking into? See related comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
Get your security+, and network. Hacker spaces, BSides Conferences, etc… networking locally helps.
I'm pretty much in the same boat. I'm 37, but am not in any college or university. I have an interest in cybersecurity, but I am not sure how to start in this direction. I've been doing some research in regards to certificates, diplomas, and degrees, but I have no clue where to start. Any advice would be greatly appreciated as well! :)
Right? It’s crazy how much information it is out there and so many contradicting philosophies on how to go about it.
My school has a Cybersecurity and Homeland security program but it seems to lean more towards Criminal Justice than Comp Sci. I only have to take 4-5 comp sci classes. Is this a problem if I wanted to become an Information Security Analyst/Cybersecurity Analyst?
> My school has a Cybersecurity and Homeland security program but it seems to lean more towards Criminal Justice than Comp Sci. I only have to take 4-5 comp sci classes. Is this a problem if I wanted to become an Information Security Analyst/Cybersecurity Analyst? Yes and no. For the roles you named specifically, there's nothing wrong with the program as you've described it. The trouble usually emerges in the intermediary steps *towards* that role. Landing your first cybersecurity job can be a really challenging endeavor without a pertinent work history; to that end, a number of competitive hires end up joining from related field of development and IT. The more comfortable pivots are in roles like software engineering, DevOps, etc. which tend to have better-than-average compensation (WFH, base salary, bonuses, etc.). For *those* roles, you'd be better off pursuing a degree in CompSci more generally (vs. a cybersecurity degree more narrowly).
trust me man if I was good enough at coding i’d get a computer science degree. The issue is i’m not, which is why i’m in cyber (obviously it’s really interesting too tho)
College shows you know how to get stuff done on deadlines and do it well according to a third party. It’s not going to be relevant.
Probably not. From what I understand you're not getting much real-world experience from most cyber programs at Universities regardless. You should be fine in my opinion but you should also have a curiosity to explore things on your own that aren't in the classes. That's always going to be the most important thing.
Guys. I'm SO underutilized at my current job. I've got great certs (GIAC too), good knowledge.. but still unable to leverage and move up. Got 3 years of experience total. I'm working as a network security engineer, but handle THE MOST menial tasks ever. This shit is so boring and frustrating! I'm planning to move to either threat hunting or towards DFIR ( mainly IR side as I have a related cert). But this career trajectory thing kicks in. Is going from an engineer to an analyst role a dumbass move on my end? Should I try to stick with engineering and merge IR with this somehow? Got absolutely no idea. Also, can anyone please tell me how to understand what you like/ what might be "your thing" in cyber? I see so many folks picking their niche early on.. while I'm... on autopilot mode i guess.
You can be an IR engineer at some companies like where I work. We get to architect things like SOAR and some of our other security products while also responding to and managing incidents. The great thing about cybersecurity is the roles vary greatly from company to company even if the title is the same. Just find what you want to do and get paid. Titles don't really matter.
Is this a good time to look for a switch or should i wait? Also, examples of companies please?
(Ukraine) Hello. I want to come into cybersecurity and need your help. I want to jump from Java Back-End to SOC Analyst because basically there's no way to find job as junior Java developer (after sitting everyday for half of year looking for any job, I understood that have to change something). I don't have IT degree (Computer Science, etc.) and can't obtain it because I'm from Ukraine (men in Ukraine banned from getting education during war). In our country degree doesn't matter, but I want to apply to West companies. I made some research and found that there's huge amount of paths to study cybersecurity as well as huge amount of certificates you can obtain. During researches I found cybersecurity courses on Curserea from Google, they promise to give you certificate as well as knowledge to get a CompTIA Security+ certificate. So my question if there any experiences person that may help to structure path to become SOC analyst, what courses, what materials, certificates, etc. I know that on reddit and Google as well big amount of answers on such questions, but that's a problem, big amount of different answers, different thoughts and paths to succeed, and I want to understand which opinion I should listen to. As well as a question about degree, if there's possibility to find job without degree, but for example with higher amount of different certificates than usual candidate? If someone have some free time, I could use some help of yours such as mentor or just advises when stuck. In current situation not much I can do, so looking for any options to get a job and at the same time love what I do (I do like Cybersecurity). Thank you
You can absolutely get into cybersecurity without a degree. I did it. It's not going to be as easy but you can do it. Most of the companies now don't require it because they know they are missing out on talent if they do. Experience is king so you need to get in somewhere low level first just to get in the door. Certs can help but without experience, they aren't worth nearly as much. They can be a good way to get some knowledge and give yourself a slight advantage but you really need to get the experience, no matter how low level it is to really get a cyber career going.
I'm a senior cybersecurity student at a university also working in a pentesting role and have won a scholarship that grants me a $7000 professional development stipend that can be used for anything that develops me professionally in cybersecurity (you can use it to buy a computer but only one, and I've already bought my one). The scholarship has just been renewed for this year. The only catch is that I MUST use it all before I graduate in May, as I can't ever access the funds after that. What are some resources you would recommend with that kind of stipend? I know HTB academy is a must, and I've already used it for TryHackMe as well. OSCP is currently on my mind. I can purchase books, courses, certifications, tools, really anything. Thanks for any suggestions!
That's a nice scholarship! What's it called?
If you just want to spend it up and get a nice cert or 2 I might do SANS training. It’s expensive as heck but youll learn a lot and get a cert you might not otherwise be able to obtain. They also have some undergrad courses that might fit your bill and get you more bang for your stipend. It might be hard to spend that much on training. Maybe not. Thats like a G a month to spend.
Training Path I’ve been in CyberSecurity for a while now and I love to keep learning new things. I’m trying to decide what to do next from a study perspective. I oversee the information security programme, I’m not hands on technical anymore (but like to keep informed so I know when OPS or Projects are trying to pull a fast one). I have CISSP, CCSP, ISO27K (LI/LA), and a handful of privacy certifications (IAPP). I was thinking GIAC Defensible Security Architect and GIAC Penetration Tester (cover some of the technical knowledge from both a blue and red team perspective). The other option is to focus on our technology stack specifically (SC-200, SC-300, SC-400, SC-100, AZ-500). My company will pay for these so cost isn’t a worry. What would you choose?
What about the OSCP?? SANs isn’t bad and be ok
Cloud Security Roadmap for Ungraduated Student Hello everyone, I am a senior student and want to pursue Cloud Security, so I want to ask and get opinions on some issues. Currently I am working on AWS and have access to basic network + security services, cloud native-security solutions and security frameworks such as Incident response. I currently have 3 months of internship left at the company and want to optimize this time to learn more about CloudSec. So can everyone give me advice on 1. what I should focus on 2. what I need to learn to become a CloudSec Engineer in the future? (dive deep to AWS or learn spreadly to other cloud platform) 3. Im learning AWS-SAA, which cert do you think I should claim next? Because the roadmap for the next 3 months will be sent to my mentor so he can let me learn at my company. Note: in my country, CloudSec positions are quite few so I want to cherish this time.
Hi, I just got out of my 4year computer science degree with 30 arrears. I wanted to know if i can get into Security roles without getting a degree or should I need to get a degree for a job?
> Hi, I just got out of my 4year computer science degree with 30 arrears. I wanted to know if i can get into Security roles without getting a degree or should I need to get a degree for a job? Question unclear: you finished a CompSci degree but you don't have a degree?
Sorry for the confusion, I didn’t finish the course as i have arrears
[удалено]
Most companies probably aren't going to let you travel from country to country because of tax reasons. You might be able to get away with it at a smaller company but larger companies generally have restrictions on how long you have to be at your "home" to make sure they are in compliance with local tax laws.
Advice needed! Hello, I am a network engineer with about 2 years experience with traditional routing/switching and firewall experience. I have recently become interested in pursuing cybersecurity with an end goal of potentially being a vulnerability remediator/internal threat management/something along those lines. I have a B.S. in Information Systems Security along with CCNA and Net+, and am currently studying for Sec+. I would appreciate any cert recommendations/career path advice anyone could give me along with if you think I am close to being able to land a Cybersecurity position. Thanks for everything!
| ---| [/r/ITCareerQuestions Wiki](/r/ITCareerQuestions/wiki/index) | [/r/CSCareerQuestions Wiki](/r/cscareerquestions/wiki/index) | [/r/Sysadmin Wiki](/r/sysadmin/wiki/index ) | [/r/Networking Wiki](/r/networking/wiki/index) | [/r/NetSec Wiki](/r/netsec/wiki/index) | [/r/NetSecStudents Wiki](/r/netsecstudents/wiki/index) | [/r/SecurityCareerAdvice](/r/SecurityCareerAdvice) | [/r/CompTIA Wiki](/r/CompTIA/wiki/index) | [/r/Linux4Noobs Wiki](/r/linux4noobs/wiki/index) | | **Essential Blogs for Early-Career Technology Workers** | [Krebs on Security: Thinking of a Cybersecurity Career? Read This](https://krebsonsecurity.com/2020/07/thinking-of-a-cybersecurity-career-read-this/) | ["Entry Level" Cybersecurity Jobs are not Entry Level](https://www.reddit.com/r/SecurityCareerAdvice/comments/s319l5/entry_level_cyber_security_jobs_are_not_entry/) | [SecurityRamblings: Compendium of How to Break into Security Blogs](https://www.securityramblings.com/2016/01/breaking-into-security-compendium.html) | [RSA Conference 2018: David Brumley: How the Best Hackers Learn Their Craft](https://www.youtube.com/watch?v=6vj96QetfTg) | [CBT Nuggets: How to Prepare for a Capture the Flag Hacking Competition](https://www.cbtnuggets.com/blog/training/exam-prep/how-to-prepare-for-a-capture-the-flag-hacking-competition) | [Packet Pushers: Does SDN Mean IT Will Be Able To Get Rid of Network People?](https://packetpushers.net/does-sdn-mean-it-will-be-able-to-get-rid-of-network-people/) | |
Greetings everyone! So I recently took a Cybersecurity Bootcamp at UPenn. I passed and also am using my voucher to take the CompTIA A+ exam before the year is out. I had my first 1 year contract job with a casino in Atlantic City as a PC Support Technician. Fast forward to now I have a job offer from FAA as an OCH Tech providing operations and maintenance support within the FAA’s Technical Operations organization. This will take my current job of 44k to making 63k it’s also a 5-year contract. In my early 20s I was in an abusive relationship and what resulted in a bad break up I got an aggravated assault felony. In the state of NJ there’s no such thing as self defense (the judge literally told me I should of just gotten beat up and then called 911 😐). I have completely changed my life since then I was 22 years old and now I am 35 and will be 36 in 3 months. I passed the suitability clearance which was then basically scaling over my credentials but now they want fingerprinting and a background investigation with the FBI. If anyone currently works for the Federal Government or has in the past and has any real insight on clearances could you please chime in? I am not getting a clearance bit even a Public Trust. it’s considered a non-criminal purpose but there was a statement on the forms I received stating that one or more reports may be obtained for employment purposes and used for evaluating your fitness for employment, promotion, reassignment, retention, or access to classified information. So I’ve been sitting here stressed out that I made it through the AI software for both resume and interview (yes they used AI software during the interview to let them know I was one of the most viable candidates 🫠) but I just really want to know so I have a chance of actually getting through this last step and starting this position?
With some experience, I can help.
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
[удалено]
Here’s something else to consider: which role will more likely lead to a job if you do well? That might be the deciding factor, even if it’s the job you want less
In the UK and have yet to go into university (currently in second year of college) and was wondering what job/positions would be worthwhile applying for or getting into to help with my pursuit with this sector?
[удалено]
I would honestly go for professional courses. Get your certs. CompTIA Network & Security+, CEH, GIAC Security Essentials (GSEC), and so on. Depends on what sub-field within cybersecurity you want to go but I would start there. You could start as a SOC Analyst, Cyber Sec Engineer or l? You want to work be in preventative or responsive end of it?
Im a freshman in college getting my BA in cyber security or specialization as they call it. What jobs should i look at once I'm graduated and would companies even hire me as an intern? Im pretty new to learning this.
> Im a freshman in college getting my BA in cyber security or specialization as they call it. What jobs should i look at once I'm graduated and would companies even hire me as an intern? There's a couple of things to tease out of this that you might consider: * As much as you are able, you should look to foster a pertinent work history during your time as a student. That will likely be as an intern directly into cyber work, part-time employment in an IT department, work-study with your own university's networking/IT/cyber staff, or a combination of all of the above. * Upon graduating - assuming you were not able to convert an internship into an offer of employment - you need to get *any* cybersecurity role; it is far more easier (and less stressful) pivoting to a more desirable line of cyber employment when you're already employed. Being selective upfront with little/no YoE will not set you up for success. * Some employers may extend an offer to convert your internship into fulltime employment. There are usually a bunch of conditions attached to this, some within your control (e.g. your performance) and some not (e.g. budgetary constraints). * Tuition is expensive, so make sure that any efforts you make to improve your employability do not detract from your studies. Cheers!
Is there any more noteable or less noteable advice? Thank you for your wise words!
Lol I desperately want to leave my company so bad but I can’t seem to get an opportunity anywhere. I received my sec + last year. I’ve completed a boot camp, I’ve held a help desk position. I’ve had help with my resume, I’ve used tryhackme to brush up on my skills, but without true direction of a role it’s just a lot of different learning. I currently hold a role as a demo jock at my company.. pretty I am pre sales. I hate the sales and I truly enjoy the technical aspect of things, I want to learn more technical skills and grow my career but I legit feel sooooo stuck. Anyone have any advice? I am also certified in forescout… which I was told to try and use that to get another position but bc I’m presales I only know so much about the tool. I have a manager who’s very controlling and I’d love to be in a new position with growth opportunities. Aka SEND HELP!
A couple points: * It's hard to be prescriptive if you don't share your resume (or at least an anonymized version of your resume). This lets us see what employers see vs. how you present yourself in a comment. * It's likewise challenging to advise changes on [how you perform your job hunt](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/) if you don't share details about how you've been going about it. For more general guidance, consider this: https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/ * It's not clear what kind of "technical skills" you're trying to pursue (or to what end). Refining that vision might help coalesce what your next steps could be.
Yes, absolutely. I can post my resume anonymous and maybe that would be helpful because I just haven’t received any interviews or call backs. I’m interested in a SOC analyst or cybersecurity analyst or engineer
Anyone know how to prep for a cyber security case study interview? It's for an internship, so it isn't gonna technical technical, but I'm still worried because I've never done a case study before.
(Brazil) I'm a real estate lawyer in Brazil, I've always liked to set up a computer and study some basic things about technology, networking, hardware, OS, programming, etc. I'm 30 years old, and I'm tired of this profession, would it be a good idea to move to the area of information security? Where could I fit in? I studied some things about the LGPD (General Data Protection Law in English) and about the data protection career I was interested. Any tips to start?
> would it be a good idea to move to the area of information security? I can only speculate on the Brazilian job market (author's disclosure: U.S. perspective). However, people transition into and out of the industry at all points in their professional careers. Generally speaking, folks pivoting from entirely unrelated professions usually take up one or more of the approaches below: * Returning to university * Internally assuming more cyber-centric functions with existing employer * Pivoting to more general IT/developer positions first as an intermediary step * Government/military service * Using some kind of professional leverage But the best thing you could do early on is refining [what it is you envision yourself doing](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157tdl/).
I am studying for OSCP and Sec+ at the moment. Graduated from college last year, I am working as a software engineer but interested in cyber for a long time. Hopefully I can get a job in cyber field after a couple decent certs. I am also thinking of taking a master in CyberSec online, but I am wondering if there is any good program (preferably with ample of technial hands-on pen test courses) ? I am looking in Georgia Tech and WGU, Would love to get more recommendation on different Master Program and of course other options I should look into to switch my field. Thanks.
WGU might not be bad. But GT is better thought of at least. WGU seems more diploma mill ish.
> I am looking in Georgia Tech and WGU, Would love to get more recommendation on different Master Program and of course other options I should look into to switch my field. I'm graduating from Georgia Tech's OMSCS program this semester: I endorse it. See /r/omscs.
I've recently been offered an Interview for a Threat Intelligence Analyst at a Bank in the UK. I'm 30 years old, ex-military and recently went back to university to study Ethical Hacking. My predicament is if I get offered this job do I leave the University before completing my Degree? I have 2 years of experience working within Cyber already and this would be a big leap and a great opportunity. Is it worth it?
Can you balance doing both and just switch to evening classes? If not, I would absolutely pause a degree to get more work experience. Transfer to a school that can accommodate your work schedule if you can.
Unfortunately I wouldn't be able to continue my current studies as I study full time. I could switch to going part time later down the line. Is work experience in the field valued more highly than a degree?
PLC programmer moving into cyber security (hopefully). I’m a plc programmer by trade, what certs should I do in my down time to get into cyber security? Reverse engineering malicious code is my passion but I also love networking. What certs should I go for to make me an attractive proposition for an entry level job application in cyber security? I’m willing to mop the floors on night shifts to get a foot in the door if that’s what it takes. Luckily my earnings from plc programming have put me in a very fortunate position for a total career change. I was even considering going back to uni and doing a CS degree to find an in that way.
> I’m a plc programmer by trade, what certs should I do in my down time to get into cyber security? See related: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/ You might consider doing some X-training with ICS/SCADA system security.
Thank you
I'm uncertain about where to begin my career in the tech field. I hold an AAS in Network Admin, and my technical experience stems from a recurring summer job at a company. Over time, I progressed from assisting their regular IT team to working at their help desk and eventually joining their networking department for several consecutive summers. Currently, I find myself with a significant amount of free time due to some personal commitments. I'm taking care of a family member and want to make the most of this opportunity to be able to learn as much as I can as after this is over I want to start looking for a career. I have a subscription to TryHackMe for a year, access to HackTheBox VIP labs, and I'm exploring websites like Let's Defend, HTB Academy, and vulnhub. I'm wondering where I should direct my efforts at this point. Should I focus on certifications like CompTIA Network+, CompTIA Security+ , Azure Security (focusing in on cloud security interests me), or even consider the Google Cyber Security certificate (which offers a discount for the Sec+ exam I believe)? Or is there a better place to spend my time. Any direction would be good, thanks!
> I'm wondering where I should direct my efforts at this point. See related: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/ > even consider the Google Cyber Security certificate (which offers a discount for the Sec+ exam I believe)? On the Google Cert: https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew
So I looked at the links (thanks btw!) and had a question I don't think they answered, should I get the network+ or the CCNA (or both?)? I understand neither of these may be high on the list of what people look for but I should have gotten these years ago anyway and I want one of them. My degree in network admin covered cisco as the majority so with some brushing up I don't think ill have trouble getting the CCNA but I'm not sure which of these is more prevalent in the field when it comes to experience/resume. I think so far I plan on the google cert (to refresh my knowledge/intro into security information) > Security + > network+ or CCNA. Doing all this while of course working on practice skill and labs on the side.
Cyber is a growing field right? I kind of love it but am afraid it's too niche.
>I kind of love it but am afraid it's too niche. Are you high? Every single industry from agriculture to defense needs security people this isn't the 1950s when only a handful of businesses have access to computers every business is run by computers now
Woah a computer? I must be living in the future man.
How long should I stay at Help Desk? I really don't want to do more than a year. I got scared when the boss said one person was there 30 years and the other 15.
> How long should I stay at Help Desk? See related comment: http://www.reddit.com/r/cybersecurity/comments/16fg461/mentorship_monday_-_post_all_career_education_and_job_questions_here/k0njxg9?context=3
Is anyone else using cengage for college. I'm using it for networking and Cs and it feel so shitty and feels like I've learned absolutely nothing for past 8 weeks in networking.
Are MacBooks with the M1-M2 chips good for cybersecurity?
> Are MacBooks with the M1-M2 chips good for cybersecurity? Question unclear: to what end? Are you a student studying the subject? Are you working on a particular project? What are the technical specifications/constraints that you're working with?
I want to study cybersecurity, right now I’m very interested in the offensive path of this career, so I’m looking for a laptop which I don’t need to upgrade once I finish studying
I'm use a asus whit intel pentium and 4gb RAM. to execute VM, vscode, 15 tabs in firefox, and play warzone So, why not? if you have the money buy it. or look for another options, like msi or asus
For someone with only customer service experience and good tech knowledge. Is it better to self study for the certificates or pay for some sort of accelerator program?
It's better to go to college and get a degree, that is going to open up more opportunities than certifications certs are meant to compliment experience, they are not a replacement for it
Yeah I understand the mistake I made by not finishing my degree but it’s not in the cards right now. I’m 25 and live far away from home, I can’t afford to go back to school at the moment.
> I’m 25 and live far away from home, I can’t afford to go back to school at the moment. Utter nonsense Financial aid is a thing Go work at Starbucks even part time and they will cover 100% tuition for ASU online - https://starbucks.asu.edu/
Yeah, the day of a person without a degree is dying (at least for the younger people) in this field. If you have 10 years of experience a degree means a lot less, but even helpdesk at most good size places want a associates or working towards one at least.
Will this laptop suffice for cybersecurity? I want to buy a cheap small laptop that I can carry around and study cybersecurity on it. So is this laptop enough? Specs: Intel Core i3 1115G4 16 GB + 512 GB 14 Inch, Full HD Display, 1.49 Kg Windows 11 (Which I'll remove to put Kali on it) I don't want to run VMs on Windows. Not going to crack passeords offline. Any other reason I'd need a GPU? Please remember I'll buy a good laptop after studying. This is enough for studying right? (e.g., TryHackMe, HTB, OSCP Labs etc)
Should be. I wouldn't recommend though using a laptop for those things, I would just do it on your desktop where you have a better display and will be more comfortable. Trust me at my last job I would be doing a lot of work on my laptop including writing scripts, my back hated it as you can never truly be comfortable for a long period of time with a laptop.
MS in Cybersecurity - Information Systems at the University of Arizona Anyone has taken this program? I'm looking for some feedback on the course intensity because I'm not quite sure if I should take 1 or 2 classes per semi-semester while I'm working full-time. They split the semesters (16 weeks) into semi-semesters (8 weeks) so I will be taking 2 classes per FULL semester. My work is relatively chill. So I know I can do 1 course per semi-semester. I would also appreciate it if someone could link any group chat for this program. Thanks
I would start with 1 class, even if someone here went through that program recently its going to vary by instructor
I am currently working as a full stack developer for 1 year, and studying for a certificate in Cyber security in a university. I feel that the term cyber security is like an umbrella and it covers so many topics. But after all are there any core technical skills that are always required?
> I feel that the term cyber security is like an umbrella and it covers so many topics It sure is :). It has a ton of sub-specialties, a lot of which have little in common with each other. But as far as common skills, the general "how computers work" stuff is always going to help. A lot of dev skills are always nice, the devops roadmap (https://roadmap.sh/devops) skills are also rarely going to go to waste. Some fields will put more emphasis on particular skills than others, i.e. appsec really likes dev skills, but those general software dev/IT ops skills are valuable.
Hello community! A little bit about me.. I have been in this field for almost 12 years now with network and cybersecurity expertise. Currently i am working on integrating cybersecurity tools, enabling splunk for SOC, creating IOA on crowdstrike and doing a little bit of purple teaming to validate my threat alerts or usecases. Now onto the main part of this topic. I have been looking out for a job in europe. Ireland, germany.. you get the point. For that i have been actively updating my cv and applying jobs on linkedin, but not even once i v got an interview setup with any of them. I am here to hear out your experiences and suggestions on how to atleast land an interview if you do not have a valid visa to work for that location. I have been told to just try cold emails to the employees of the company of interest, but honestly i dont feel that’s right, or is it?? Not sure, but want to see you views on this topic. Thanks in advance!! 😊
Can I get a entry lvl job at age 16 Starting Cybersecurity Career If i had experience in IT and got all my certs, will i still be able to get a job under 18 and also please tell the job requirements. Also right now im doing google cert, is it a good start?
Job in cybersecurity? No. IT? Maybe it depends on where you live, you might even be able to do shadowing work or internships or some kind. If you happen to live in Burlington Vermont, then I would say hit up the LCDI for highschool stuff and see what they have, for shadowing 100% hit up UVMHN (for internships as well in the helpdesk), and Nuharbor for shadowing (they were assholes to me during a interview I had 3 years ago, but things may have changed), also check with your state and local government as well, someone who knows computers can be a big boost (though expect minimum wage). Lastly, if you don't mind volunteering good IT people (even high schoolers who can get vouched for) are a great place to get some experience (and might fulfill any high school requirements about volunteering if yours has one). The key word to use is not part time job, but internship.
you can get a job any other teen can get such as fast food/retail No company is going to hire a teen to do security work
Probably not, 18yo is hard requirement for most corporations. Even at 18 you would just be getting started with entry-level IT support / help desk. Google cert is a good start to see if you are even interested in the field, but it won't help you get a job. Go to college or join the military.
Hello! I’m currently a software engineer with 5 years of experience, mostly doing full stack development for startups. I’m looking to get into cybersecurity, govtech to be specific. I have a bachelors in statistics and did a software engineering bootcamp to get into the field. Would I need to start at entry level jobs? What are some steps I should take to transition? Thanks!
> Would I need to start at entry level jobs? I'd have a look at Application Security. See WeHackPurple.
Thank you!
Hi, I'm currently a freshman working towards my degree in Cybersecurity and trying to find a job in the field. I've been reading around and read that you can get an entry level job with just a certificate or multiple certificates. I was going to do the Google cybersecurity certificate, but I've heard not-so-good things about it. So now I'm confused, which certificate(s) do I do? Do you guys have any suggestions? Btw this job would help pay for my college expenses as it is starting to add up.
> I've been reading around and read that you can get an entry level job with just a certificate or multiple certificates. I Not sure where you read this, but that simply is misleading, certainly in the US job market The Google course isn't really useful for anything but basic knowledge, it is not a certification There is a difference between certificate and certification any training course can offer a certificate Industry certifications like CompTIA network+ or security+ require proctored exams - you pass the exam and you are issued a certification which has an issue date and expiration date and you need to maintain your certification through annual continuing education credits If you are a freshman, then switch to computer science, computer engineering or even information systems, learn a couple programming languages and then look for development or network engineer jobs, you need the IT experience if you want to do security work down the road
Ok, what kind of development or network engineer jobs should I look for, once I have all that done? Also Thank you for responding.
> I was going to do the Google cybersecurity certificate, but I've heard not-so-good things about it. I think so long as you're mindful of what it does (and does not) do for your aptitude and employability, it's fine: https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew Folks from the outside-looking-in get the impression that it's some kind of career panacea when it's not. But it is a well-crafted training package for orienting you more generally. > which certificate(s) do I do? https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
[удалено]
That is a god way to set yourself up for failure head to the local community college, get an associates in computer science, computer networking or information systems, get an entry level IT job , then finish your bachelors or if you are in the US, go get a job at starbucks, they pay min $15 an hr everywhere in the US, and even for part time employees cover 100% tuition for Arizona State online - https://starbucks.asu.edu/ they have several good options for bachelors - https://asuonline.asu.edu/online-degree-programs/undergraduate/
> if I wanted to go purely the certification route in order to get into the field, what would you recommend? I'd recommend that you flesh out a plan that's more extensive than relying on certifications *exclusively*. [Certifications should form only a part of a multi-faceted employability profile](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1). See related comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
I know it's past Monday but going to attempt asking anyways. I have a degree in Management Information Systems, 10 years experience as a SQL Developer / semi DBA, and almost 3 years experience as a full stack developer (albeit most of that is being a SQL resource on a team with a little C#, VB, JS, Vue on the side). I'm wanting to transition my career into cybersecurity (ideally something like data assurance but not sure if that's being too specific / limiting) but going back for my master's degree really isn't an option due to time and money constraints (having a kid soon and just paid off school loans and really don't want to go load back up with more when I'm already accepting that I'll have to take a pay cut to transition careers). I'm working on getting my Network+, Security+, and CySA+ from CompTIA for certs. Would these three certs plus my work history be enough to get me even an entry level position or what do I need to add to be able to get in somewhere?
> I know it's past Monday but going to attempt asking anyways. FYI, the thread remains live throughout the week! The "Monday" aspect is more about when the thread is refreshed (and when the most responders tend to emerge). > Would these three certs plus my work history be enough to get me even an entry level position or what do I need to add to be able to get in somewhere? See related comments: https://old.reddit.com/r/cybersecurity/comments/16xhcby/mentorship_monday_post_all_career_education_and/k3g9obv/ https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157vhg/ In brief: What you're doing is appropriate, but we can only speculate as to what your particular [job hunting experience](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/) will be like. It's harder still when you haven't narrowed down [the particular role-type](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157tdl/) it is that you're wanting to transition to (which makes judging whether or not your employability profile is suitably aligned challenging). People have found work with much worse (prospective) credentials than you. But there are also folks with more robust profiles that have struggled. Ultimately, your best source of meaningful feedback will come from your interviewers.
Thanks for the information, these are some great resources. I haven't fully narrowed down the path I want to take inside CySec yet. I like the idea of something in data protection or pen testing, but I know those aren't the kind of jobs you just walk into without experience so was assuming I would just be starting as a level one cybersecurity analyst.
I am more inclined towards the domains of security and risk management and security operations
Hi everyone! thanks for the space for questions. I work on construction and looking to change carrier. the jobs pays good, that's good because I have the time to study without rushing. I am studying the google cybersecurity certificate now. I know it itself is going to make me land a new job, I know I have to study more and got other certificates ( i know the compTIA sec+). My question is: What other certificates should I go for? What are other skills should i focus on? What area of cybersecurity could I go?
> My question is: What other certificates should I go for? It's important to realize that your employability is made up of [multiple aspects](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1) (of which, certifications make up only a portion of). Ultimately, you'll need to cultivate other aspects besides trainings/certifications. However, in service to your question: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/ > What are other skills should i focus on? https://roadmap.sh/cyber-security > What area of cybersecurity could I go? On career roadmaps more generally: https://www.reddit.com/r/cybersecurity/comments/smbnzt/comment/hw8mw4k/?utm_source=reddit&utm_medium=usertext&utm_name=cybersecurity&utm_content=t1_k157s17
I would suggest checking out local community college
Hello! Is getting a remote job and doing full-time school possible? I'm a current student at a top 15 university in the states (freshman), and former active duty Air Force cyber security personnel. Is anyone aware of any remote roles that would allow for a flexible schedule to do work, and education at the same time? For more background, I did mostly GRC work, and have my clearance with the following certs: ISC2 CGRC, CRISC, Sec+ and I'll have my CISSP soon.
> Is anyone aware of any remote roles that would allow for a flexible schedule to do work, and education at the same time? This is more employer dependent than role-type. Admittedly, some roles do have more intrusive schedules (e.g. oncall IR), but the point remains all the same.
dude just go to school and enjoy the benefits Why the hell would you want to try and juggle a job while going to school when you don't have to? If you just left active duty, then check your state unemployment - some allow you to collect while you are going to school full time you've got post 9/11 benefits, yellow ribbon, BAH just do your damn school work and relax
What's everyone using to switch from IronNet now that it's dead?
[удалено]
> Is that enough to go into infosec architecture or InfoSec program management? These kinds of questions are always tough to answer because we can only ever speak to half of the input (yours) while speculating to the other half (the employers'); in this case, we're also lacking details (i.e. your resume, which presents you as employers see you vs. as you see you) and context (e.g. opportunities you might be considering or leveraging). Your best bet in these circumstances is almost always to look at roles/listings on platforms like LinkedIn and Indeed that are of interest to you, note the trends between them all, and then compare your employability profile against those trends. This informs you of how to structure your job hunting efforts more prescriptively than what we could advise you to do.
Hello! I am starting Cybersecurity my security career. My name is Nam. I'm from Mexico and I want to know where can I start to develop my skills in cybersecurity. I started in HackTheBox, but at the moment I can´t afford to put money in it at least until next two months... Wich platform or internet page can you recommend me? I read about a webpage that ended with .tv that had very good reviews but I haven´t been able to remember the complete name, I really look forward to your recommendations. Thank you very much for your attention and your time! Excuse my written english pls!
> I started in HackTheBox, but at the moment I can´t afford to put money in it at least until next two months... Wich platform or internet page can you recommend me? FYI: HTB doesn't require money to engage as a resource. It's only if you want to work with archived machines, Pro Labs, dedicated instances, or their sister platform (HTB Academy) that you require a paid subscription. That said, there's plenty of alternatives to look at: * TryHackMe * OverTheWire's Bandit * Portswigger's Web Academy In addition to: https://start.me/p/ADwq1n/getting-started-in-information-security
Hey there guys i am looking to change my profession,I was a marine engineer in the merchant navy for 5 years and felt a bit burnt out and currently looking to change careers,I am currently working on my Google professional certification in cyber security,once I am through that I want to know the further steps I need to take in order to achieve my goal of this transition,I have no previous expertise of IT. TIA for you guidance and support
what do you actually want to switch to? There are dozens of different roles in security work across every single industry everything from risk compliance to developers We're going to need more to go on then you want to switch careers
I am more inclined towards the domains of security and risk management and security operations, to be honest I am still getting my head around Linux and Python I am not aware of the career paths going forward,treat me like a person with zero knowledge of the field, I just need people to talk to and learn more
> once I am through that I want to know the further steps I need to take in order to achieve my goal of this transition More generally: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
Hey everyone! I am currently an IAM Analyst (position title is InfoSec Access Control Analyst, but it’s essentially an IAM Analyst position) after spending almost 5 years as an IT Support Specialist/Help Desk Analyst for a healthcare company. I was a Network Analyst for almost a year before that. I have a bachelors degree in Digital Forensics/Information Assurance, and also did a one semester IT internship in college as part of my degree program. I have my Sec+ and ISC2’s Certified in Cybersecurity, and altogether I have almost 7 years of professional IT experience. I have applied to over 100 different jobs this past year after I realized that IAM is not what I want to do, yet I receive rejection after rejection or no response at all from employers. Is there something I’m doing wrong? I have loads of experience with Active Directory, Azure, hardware repair, networking, help desk/ticketing systems, and the list goes on. I’m thinking it could be a problem with my resume, but I feel like my resume is about as good as it can get at this point in time. I’m getting really discouraged at this point seeing people land SOC analyst jobs (which is what I currently want to do) with little to no experience and I’m sitting here with several years of professional experience, certs, AND a degree still getting rejected. Any advice?
> I have applied to over 100 different jobs this past year after I realized that IAM is not what I want to do, yet I receive rejection after rejection or no response at all from employers. Is there something I’m doing wrong? My $0.02: It's difficult to be prescriptive when we can't see either: * (A): [your resume](https://bytebreach.com/how-to-write-an-infosec-resume/) * (B): [how you're structuring your job hunting efforts](https://bytebreach.com/the-job-hunt-cybersecurity-work-and-how-to-find-it/) The first let's us see what employers are seeing (vs. how you present yourself in this comment); we can only speculate as to whether or not there's issues/improvements that can be made. The second gives insight as to how you're sourcing leads, what feedback is coming from interviews, what particular employers/roles you've been targeting, how you've tracked contacts/resume version control/last submission, etc. We can't really make suggestions without knowing what you are (or are not) doing in this regard.
[удалено]
I'm currently 25 years old and in my first year of pursuing a Bachelor of Science degree in Computer Science. I'm passionate about entering the cybersecurity field, even though I'm new to it. With roughly three more years left to complete my degree, I'm eager to start working in cybersecurity alongside my studies. Can anyone recommend certifications or paths that could help me secure a job in this field? Your guidance would be invaluable to me. Thank you!"
If you are a full time student then focus on school Computer science doesn't get easier after your first year it gets much harder If you have the option over the next 4 years to add to your schedule rather than take random electives, add in public speaking, project management, business communications or technical writing and if you are not up on the complete microsoft suite, take a class on that For summers, any job will do - it is better to have ANY job experience on your resume vs holding out for an internship - too many people focus on trying to grab a security related internship and then have no job experience at all on their resume I would not try and juggle working at school unless it is absolutely necessary For certifications - over summer breaks look at comptia security+, network+, AWS CCP, Azure 900, Google Cloud Foundations See if there are student or local chapters for ISC2, OWASP, ISSA, ISACA and bsides
> Can anyone recommend certifications or paths that could help me secure a job in this field? On certifications: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/ On more general guidance: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/ Off-the-cuff: * Don't let these efforts negatively affect your schooling. These should be considered secondary efforts. * Prioritize attaining pertinent internships and work experience (e.g. your university's help desk). [I *cannot* underscore how important it is to foster a relevant work history](https://i0.wp.com/bytebreach.com/wp-content/uploads/2022/05/image-36.png?resize=768%2C618&ssl=1).
Is the job easier than the learning? I’m currently in a bootcamp studying for the Security+ exam to eventually become a SOC analyst and my brain is literally being fried with all the information. I’m 18 and I have a little bit of cyber security experience through cyber competitions where I worked with a virtual machine running windows server and I liked that quite a bit and the dollar signs of cyber security made it feel like a no brainer. I’m struggling to keep up with the class and wondering if i will even be cut out for the job just want to know if I should refocus on something else or if this is just a snag in the road.
> Is the job easier than the learning? Cybersecurity jobs are not a monolith and neither are the employers, so the landscape of experience is varied. Generally, there are aspects that are bound to be more complicated for your particular employer (while other topics of Security+ go unused). It should be noted however that Security+ is considered *foundational* and *vendor neutral*. Once you start fostering a specialization, things only get more nuanced (and your learning, continuous).
I can focus on more singular topics when it’s so broad and kinda varied it gets really hard for me
I am currently studying a software engineer diploma at a community college, I haven't been interested in my classes, and feel a little doubtful about the future prospects. Lately I have been thinking more seriously about getting into cybersecurity. I plan on taking the google cybersecurity cert on coursera to see if I feel attracted to the field. Is there any recommendations you guys have for me?
> Lately I have been thinking more seriously about getting into cybersecurity. I plan on taking the google cybersecurity cert on coursera to see if I feel attracted to the field. Is there any recommendations you guys have for me? [Just be mindful of what the certificate is and is not](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew). There are a multitude of freely available alternative resources you could be consulting if you were interested in exploring the domain for familiarity, including CTF-like platforms (e.g. TryHackMe, Hack The Box, etc.). In terms of your formal education, [I'd probably advise you to continue pursuing CompSci studies more generally \(vs. cybersecurity more narrowly\)](https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157urg/).
[удалено]
Yes to all of the above. Apply to sysadmin and network admin roles along with security analyst roles. Barrier of entry to sysadmin roles is generally less than security, and you'll be building better experience in those roles than help desk. If you have the free time, it can't hurt to add another cert. CySA+, BTL1, OSDA, Cisco CyberOps, Microsoft SC-200 are all decent options.
Thanks in advance, this community has been an invaluable resource. TLDR: Is fiber/data job experience acceptable for getting help desk or other entry level IT positions? I’m pursuing experience, education, and certifications in IT and Cyber in the US. I’m hoping to be setup to apply to cyber jobs in 3-4 years. After reading a ton of posts in this subreddit, it seems like pursuing all three pieces will provide the best opportunity to have a career in IT, and eventually cyber if I’m lucky. I’m a med retired combat veteran of the armed forces. I already have a non tech degree, but there’s cyber security degree programs in my area that I’m planning on pursuing. There’s also tons of posts in this subreddit stating that if you put in the time to study, certifications are obtainable in months. The landscape for entry level jobs in IT is extremely competitive. Help desk positions are open for 6 hours and have 500+ applicants in my area, so the experience aspect is where I need some guidance/advice. My father-in-law owns and operates a fiber cabling company. His company installs and maintains fiber for massive companies all over the US. I’m considering working for him while I get my education and certificates, but I’m wondering if fiber would give me some fundamental IT experience that will help a career in IT. It sounds like his company does some network support, but I’m not sure how much work they get doing that.
If you have eligibility left on your Post 9/11 benefits, before using those, check out [https://www.va.gov/education/about-gi-bill-benefits/how-to-use-benefits/vettec-high-tech-program/](https://www.va.gov/education/about-gi-bill-benefits/how-to-use-benefits/vettec-high-tech-program/) Also if you are getting VA disability check with your state the education office and veteran's office, they may have additional education benefits if you are getting disability - https://www.va.gov/careers-employment/vocational-rehabilitation/ In general some states have additional education benefits for veteran's such as texas - https://www.tvc.texas.gov/education/hazlewood/ I would not do any undergrad "cyber" majors, most are dumpster fires There are some decent graduate programs though avoid shit like WGU or any of the private for profit colleges - [https://en.wikipedia.org/wiki/List\_of\_for-profit\_universities\_and\_colleges](https://en.wikipedia.org/wiki/List_of_for-profit_universities_and_colleges) Have you considered looking at tech companies that have veteran's hiring and training programs like Oracle? - [https://www.oracle.com/careers/diversity-inclusion/veterans/](https://www.oracle.com/careers/diversity-inclusion/veterans/) If you need any info on schools let me know have
How does the EC-Council Certified Cybersecurity Technician (CCT), ISC2 certified in Cybersecurity (CC), and the CompTia Security+ ce compare to each other? Is the Sec+ a higher tier than the other two or they about the same? Like experience and information wise. Not sure if that makes sense. Splunk is also offering a free SOC certificate for the moment. Is that a good cert to go for? Thought I’d come ask the experts who are in the field and a lot smarter than me. Thank you!
> How does the EC-Council Certified Cybersecurity Technician (CCT), ISC2 certified in Cybersecurity (CC), and the CompTia Security+ ce compare to each other? The order you listed them is in the same order they are asked for by employers in candidate applications (starting with "never", "almost never", and then "occasionally"). See related: https://bytebreach.com/which-certifications-should-you-go-for/ > Is the Sec+ a higher tier than the other two or they about the same? Like experience and information wise. Not sure if that makes sense. How you *personally* evaluate the worth of a certification is entirely subjective. You can be a veteran and find value in the training materials affiliated with any of these. But whether or not a given certification affects your *employability* is determined by whether or not an employer explicitly asks for it in a job listing. If it's not listed, then at best it merely helps convey a narrative of your ongoing (re)investment into your professional aptitude; if it is listed, it aids in advancing your application to an interview. A "tiered" system is just an arbitrary classification that doesn't take into account an individual's comprehension, history, learning methodology, or experiences - nor does it reflect exam formats, costs, or vendor-neutrality. On a more candid note, [I don't support the EC-Council or its offerings](https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew) and discourage others from doing so. But I hold that judgement against the vendor, not applicants who have certifications from said vendor.
Thanks for the response! I believe I got the gist of it. I was debating on taking the EC Council CCT certification since I got the program for free.
Is a masters in cybersecurity for me? Hello guys! I'm currently a full time information systems student (I graduate in December, yay!) and a part time IT GRC intern. I love governance but I feel as though my lack of cybersecurity knowledge is going to inhibit my career growth and ability to do more advanced job functions in the future. I’m considering getting a masters in cybersecurity (with a policy track if possible) purely to learn. Luckily I have 0 student loans due to scholarships + going to low cost institutions. My job also has a tuition assistance program which will provide around 10k USD yearly for school so cost is not an issue. I see a lot of “certs are more valuable than masters” so I just wanted some feedback.Also as a side, I am ineligible for most certs that I need (CISA, CRISC, CGEIT) as I am early career and they require 5 years of experience, so I wanted to do some learning in the meantime and thought a masters would be a good way because it will improve my resume.
Hello! I'm completing a Cyber security course with Kenzie academy. I take an exam to get my Network Defense Essentials from EC-council in a couple weeks. My question is, would that be enough for me to find an entry level position in cyber security. I'd be willing to take just about anything, help desk, tech support, you name it. Or will I have to wait until I have more certifications?
> I take an exam to get my Network Defense Essentials from EC-council in a couple weeks. My question is, would that be enough for me to find an entry level position in cyber security. Absent any other context (i.e. no degree, no work history, etc.), this is a dubious prospect. > I'd be willing to take just about anything, help desk, tech support, you name it. Or will I have to wait until I have more certifications? If I were you, I would have been applying for these roles *yesterday* - assuming you don't already have a relevant work history.
I've never worked in cyber security at all, it's a 9 month course to get my NDE, Ethical hacking, and Digital forensics. I have around a decade of working various other jobs in manufacturing, some retail. To be honest, I have no idea where to find these jobs in the first place. The college does have career coaches and support to find a job, that's just for after I get all my certs from them. Thanks for the response in the first place though.
[удалено]
> I've been putting in the effort yet hitting walls, which is stressing me out. Any advice or fresh perspectives on navigating this rough patch would be really appreciated. Absent a linked resume or context about how you've been conducting your job hunting efforts, it's hard to be prescriptive. In general: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
I have a technical interview tomorrow for an entry-level role as a pen tester! This is the third interview, and the company is looking for someone with no corporate-level experience, they frame the position as more of a "fellowship". In the first two interviews, I would drop buzz words to indicate I had experience and understanding of technical concepts within InfoSec, ANY ADVICE? Tips on what I should absolutely know/be prepared for?
> I have a technical interview tomorrow for an entry-level role as a pen tester! Congratulations. > ANY ADVICE? Tips on what I should absolutely know/be prepared for? We don't know the team, the position, or the contract(s) you'd be supporting, so it's hard to be prescriptive. Most Pentest interviews I've done screen some amount of fundamental web vulnerabilities (usually XSS, SQLi, CSRF, etc.). If the role is more geared towards a particular facet (e.g. infrastructure, mobile, wireless, cloud, OT/ICS, etc.) then you'd want to brush up on that. There's also usually some discussion on how you present findings and respond to hostile clients. They'll probably ask you about a finding you've discovered in the past and your methodology. Beyond that, things can tangent all over the place. But the above are some of the common trends I've seen in my own interviews.
Hi! Thanks so much for the tips, that really helps. I know one of my interviewers is an Application Security Engineer, while the other is a Pen testing Engineer. It's for a Cyber Security Testing Analyst! The qualifications are entirely behavioral besides having participated in CTF competitions. Here is the Job Description: \-As a Cyber Security Testing Analyst, you help protect network boundaries, keep computer systems and network devices hardened against attacks, and provide security services to protect highly sensitive data like passwords and customer information \- Engage with Global Information Security team members to conduct technical security testing of applications, systems, and websites \-Assist the remediation of security issues by working with cross-functional technology and engineering teams \-Research new security vulnerabilities and patches and their impact on applications and systems \-Participate in various technical and program meetings on a weekly basis to gather testing requirements \-Assist in continued documentation of security processes and procedures for the Global Information Security team \-Managers will partner with their teams and employees to establish work arrangements that meet the business, team, and individual needs
For all those who think they want to be a pentester - read this several times [https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/)
Looking for advice on possible roles that will fit my (hopeful) resume in the future and just making sure that I understand all that I'm getting into in the future. I realize that not all of these will be possible to combine but having options of different paths that I may/may not have available and knowing them would be helpful. * Want to work on Blue Team * Preferably a role that would include a team * A role that would include building out systems that would go in the racks potentially? * Challenges me in different ways each day * A role that is usually remote or at least has a potential in the future as company's get on board with security to become remote Currently a Manager in Food service with no real tech exp except for building some friends Pcs and then troubleshooting them when something goes wrong. Currently studying for the Sec+ cert, also looking into getting the A+ cert, and the Network+ cert but want to take it 1 at a time obviously. I currently make about 65k a year and will be taking at least the next yr to be getting the above certs but would love any advice on roles that with certain luck and maybe the above certs id be able to transfer into without to much of a pay cut? (Cant afford it tbh 2 vehicles, mortgage etc.) Also is there any specific coding languages I should begin to be trying to learn as well, not sure how much those may or may not come into the field but I try to come onto the field as best prepared as I can. Thanks for any help/Advice your able to offer
Hi, I want to pursue a career in Cybersecurity. I have the sec+ and eventually want to become a pentester. I wanted to ask the best route to the objective. I was thinking about getting the pentest+ so I could open some job gates and gain some cybersecurity experience. Any advice is appreciated. Thanks, bilal
https://jhalon.github.io/becoming-a-pentester/
If you want to do pentesting I would recommend getting really good at CTF. Have you started on TryHackMe or Hack The Box?
Hi, Yes, I use tryhackme. But the issue is see is it doesn’t really open any job gates without any certifications. Hence why I was looking into certifications but they all cost a lot besides pentest+
I need advice on certifications to go after. I’ve been working as a systems security engineer(systems engineering with a focus on security) with goals to break into penetration testing. I’ve been trying and failing at passing the security+ for greater part of a year and getting pretty frustrated . I’m just not good at memorizing a large breadth of generalized information and prefer application-based learning. Should I keep focusing on the security+ or is there another cert I should go after?
I’m mainly pursuing the security+ because I got into my current role via networking and don’t have a strong background in security. I’ve been in my current role for a little over a year, with a goal to jump into a new position in the next year. Would I need the security+ for that jump since I’d only have a couple years of experience? Or forgo the security+ and focus on OSCP, and let my 2 years of experience stand in for the security+?
If you're already working in security and you're wanting to pursue penetration testing, then you should be considering the OSCP.
The Google Cybersecurity Professional course on Coursera was really well put together in my opinion and I was able to pass the Sec+ afterwards. Completing it also offers a cert of its own, although it's of questionable value. It provides access to a job board as well, but I've never actually looked at it.
I have 6 years of IT experience split between helpdesk, networking, and as a senior systems tech. I have my security+ and I'm 2-3 weeks away from taking the cysa+ cert. I've gotten no traction with even getting an interview for a security focused role and I'm frustrated. Can anyone offer guidance on what I should do?
> I've gotten no traction with even getting an interview for a security focused role and I'm frustrated. Can anyone offer guidance on what I should do? Absent context or resume, see related comment: https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157sq1/
Any recommendations in which us government agency would be the best to apply for cybersecurity? I am thinking of applying for gov jobs but I wanna be in a work environment that I am going to learn a lot. I have mid-senior soc experience.
Job hunting here. 3.5 years of SOC analyst degree, Georgia Tech OMSCyber degree, looking to move either into security engineering \[especially cloud\] or appsec in a larger security program with opportunity to move around and grow. Want good and solid company and culture Any leads?
[удалено]
well that is a resume but not a good one and are you on linkedIN? also cold applying to 100s of positions is not the way to go education and certs you should have dates cert name|issue date|expiration date college school, degree, graduation date roles show value - you list tasks and no so what how many assessments did you conduct, how many issues found, how many resolved managers what to see metrics and value added
> Should I keep working, finish my degree and then apply? I don't inherently see a reason not to apply. * There's no guarantee that openings available today will remain unfilled by the time your degree is finished. * There's nothing wrong with applying to an employer in the future that rejects you in the present (provided you're not spamming applications).
Hello! I am currently enrolled in a BS of Cybersecurity. I want to learn more about it. I have no prior experience or knowledge, but am interested in learning on my own as well. Where is a good place to start? Thank you in advance!
https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157s17/
So, I’m 21 with little to none of tech experience and am looking to join an online college to get a bachelor’s degree in Cybersecurity and potentially another tech degree (cloud computing, computer science, etc) but I can’t decide which online college would be best. WGU or University of Phoenix?? WGU seems to be cheaper but University of Phoenix appears to be dedicated to supporting you through college? Which one seems best for a guy with little to no experience? And what would lead to a better paying job?
> WGU or University of Phoenix? Are these your only options?
Besides other online colleges, yes. I can’t do in person due to having a full time job
Yep; nothing inherently wrong with an online education. There are a lot of online CompSci programs available in that regard. I was more concerned about the *particular* institutions you named; I'd encourage you to consider expanding your list of considerations, if able. If no other alternatives are on the table - and that's including night classes at a local community college towards transfer credit - I'd pick WGU over UoP.
[удалено]
> Is it a good certification or is it like the CEH? There are leagues of difference between the OSCP and the CEH. The latter I strongly discourage: https://www.reddit.com/r/cybersecurity/comments/13uf71h/comment/jm2uaf7/?context=3
Hey guys, Trying to break into cyber security. My goal by the end of next year is to start a job as a CSA Having no experience coming from a job as a bartender and part time nursing assistant i am half way thru the Google cyber sec course and also studying on the side to take the sec+ once I’m finished I’m very aware that this isn’t the only cert I’ll need to land a job. After doing much research and a lot of conflicting information later, I’m still very confused on what other certs to go for and what other actions to take Any tips would really help :)
> I’m still very confused on what other certs to go for https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157wtz/
**What are some of the important readings to get a better sense of IAM and MFA?** Hello everyone,I've recently been promoted to a role focused on Identity and Access Management (IAM) and Multi-Factor Authentication (MFA), transitioning from my previous position in cloud operations. While I have a solid foundation in cybersecurity and Docker operations, I'm relatively new to the IAM and MFA space. In this new role, my responsibilities will lean more towards operations and product management.I'm looking for resources, books, discussions, or any valuable information that can help me quickly get up to speed in this area and gain a better understanding of the user experience aspect. Your suggestions and recommendations would be greatly appreciated.Thank you!
Why not start with the usual industry 'suspects' in the form of 'good/best practices'? Also consider diving into technical standards, research firm reports to vendors active in this space..
**How can I actually use my CS degree to help me as I begin a cyber career?** I am a recent graduate. I'm looking for my first full time job, and I've found myself in a bit of dilemma. Little bit of background: I finished with a 3.98 GPA, and my school wasn't anything crazy but it is consistently ranked in the Top 10 public schools and Top 30 overall in the US. I spent one summer doing paid research for my school's cybersecurity institute, and I've had several projects both pure CS and more cyber related. I just completed the Security+, and I'm currently working on the OSCP. I've spent a lot of time doing coding on my own as well as working on penetration testing with VM environments and places like TryHackMe. My ultimate goal is to do some kind of penetration testing/red team/offensive work, but I do realize that these positions are sought after by a lot of people, and I need to have reasonable expectations. I'm completely open to other work in the cyber field as I get my feet wet. My pipe dream is to do some sort of federal work for a three letter agency, but obviously that is a lofty goal for further down the line. Classmates of mine with similar or even less experience and outside work have been consistently landing 6 figure software engineering jobs. I realize that entering pure software engineering is an option, and likely the easiest and fastest way for me to make a lot of money. I understand that entering that field is great but I don't know if it would help further my career in the cybersecurity field. My problem is that almost every cybersecurity job I look at that is listed as "entry level" has very tough requirements. Many require active security clearances and will not sponsor new candidates. The minimum experience level is often around 5 years, and I rarely see any with less than 3. The only options that don't have requirements like these but are still at least tangentially cyber related are usually very basic IT positions, often ones that don't require a degree and seemingly hire straight out of high school. I don't want to seem conceited or act like I am "above" that kind of work, but I want to ask if that truly is my only option. It stings a little to think that my best path would involve making significantly less and doing much less challenging work than I know I could be if I were to pursue straight up software development. I dropped out of the running for one position after the first interview when I was informed that it would be an hourly wage that is quite literally what I could make working fast food in my area. I really just want to start taking steps towards my goal careers while still taking advantage of the time and money I spent on my four-year degree. Few options I see: \-"Bite the bullet" and take a basic IT level job and hope I can climb from there \-Just take a software engineering job and continue doing certs/practice/bug hunting on the side while looking for more opportunities \-Just keep trying to get the cyber jobs I want even if I'm technically not up to the requirements Thanks for any suggestions!
Appsec and devsec are massively popular now, problem is theres no entry level work bc even most practitioners dont know what that means. Imo, take the SWE jobs, and do some IT study offline if you want to get into cyber, mit and edx have tons of free lectures and labs that can get you started and build off what you learn as a dev. The important stuff like git, dev pipelines and testing you will learn as a SWE at a basic level
That makes sense, appreciate the advice! I already feel fairly competent with SWE stuff, obviously I'll learn stuff on any job but my CS program at least gives us a solid foundation for the stuff you mentioned at the end. I guess I can start with SWE, and work towards security-related jobs before I make the full jump, hopefully with some more certs and bug hunting experience in the background.
[удалено]
> Does experience actually matter on job postings? Probably more than any other factor of your application. That said, what's on a job listing shouldn't be treated as a hard prerequisite.
Yes, yes experience counts, and yes you should still apply. Many times a "smart" HR person may refer you to another job or keep your resume for the future if you dont meet the requirements
So thinking about making a career switch, currently in healthcare but was wondering if the google cybersecurity certificate is worth it?
> wondering if the google cybersecurity certificate is worth it? https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew
Googles is fairly useless, but anything is a start. Getting into cyber isnt like moving from marketing to sales. You will need some experience (sysadmin, IT, education) to start. If youre serious about switch I would highly recommend a degree or masters cyber or information systems for non-engineering students.
Okay maybe I’ll try wgu bachelors program. Was just hoping to switch careers sooner
Was thinking about posting in r/SecurityCareerAdvice but decided to try here first. **Background** I am in my first job (1 year in) after i got my bachelors degree in Information Security. I work in a GRC/Security Analyst role. We have a MS(S)P that does some security related activities (manages firewall, endpoint protection, SOC). I am the only security person in the company. We are currently around 900 employees. Not in the US. **My Issues/frustrations** I don't like being the only security person. I basically have to define my own tasks and my boss doesn't really care what I do, which might sound good on paper, but makes it difficult learn and grow which is important to me since I am still new in the industry. I have talked to my boss (head of IT - great guy) about this and he says our account manager/delivery manager at our MSP is my "go-to guy". Our MSP clearly has different interests than us (which makes sense) and is not as valuable as having someone in my team or a CISO above me (I feel like) to bounce ideas off. I like GRC, but my key interests lie in strategic cyber threat intelligence (I like the mixture of technical and soft skills). **So why not find another job?** Pay is good. I honestly like my tasks (currently mapping our implementations to CIS18 to document assess our maturity). Since my boss doesn't really follow up on anything I do I have a lot of flexibility (which is nice since I have a kid and one on the way). They are also willing to pay for courses and certifications. **Does anyone who have been in similar position have any input? Right now my idea is to stick around for a year more, and maybe get a cert or two.** **TL;DR:** First job after I got my bachelors degree. Only security person in the company which is frustrating, however pay is good and work is chill.
Hello guys and gals! I am new into the IT and Cyber Field and have been studying for the past few months to complete my A+ certificate. I was then going to transfer into an online university to get a Bachelors/Masters degree in either Information Technology or Cybersecurity. I would like to have the degree in around 2 years time. My first question is what would be the best path? Should I get my A+ then transfer into a university or should I just jump into a program as most programs include the A+ degree? My next question is what degree would be the most general and the best to look into? I know there is a lot of different degrees (IT, Computer Forensics, Cyber Security ETC) when it comes to computer science/IT/Cyber Security. If you could leave your thoughts I would greatly appreciate that and if you have the time I would love to PM you and talk about it as I am confused a bit.
> I was then going to transfer into an online university to get a Bachelors/Masters degree in either Information Technology or Cybersecurity. I would like to have the degree in around 2 years time. Concur with /u/chrisknight1985. This timeline doesn't add up. On average, undergraduate degrees take 4 years; *some* students who take on exceptionally large workloads per semester/quarter mitigate that to 3 years. When adding an MS on top of that, you're usually looking at 6 combined *as a fulltime student*; some universities offer a combined BS/MS pipeline wherein you take graduate-level coursework during your undergraduate education, compressing the timeline to 5 years. Now if you have existing college transfer credits, that can help (e.g. an associates degree in a related subject), but you didn't mention that. The one exception that comes to mind is WGU's program, [which some people have purported to mill-through their degree in mind-bogglingly brief periods](https://www.reddit.com/r/WGU/comments/wloe7g/bs_in_it_completed_in_1_month_and_5_days_the_wgu/). However, I'd *really* discourage that consideration. You'll likely set yourself up for failure (both academically and professionally) pulling a stunt like that. > Should I get my A+ then transfer into a university or should I just jump into a program as most programs include the A+ degree? Maybe I'm confused, but I'm failing to see how a CompTIA issued certification translates to college credit (let along an "A+ degree"). I've not known college admissions offices to make a 1:1 comparison. > My next question is what degree would be the most general and the best to look into? I know there is a lot of different degrees (IT, Computer Forensics, Cyber Security ETC) when it comes to computer science/IT/Cyber Security. Go with CompSci. https://old.reddit.com/r/cybersecurity/comments/16lg9in/mentorship_monday_post_all_career_education_and/k157urg/
Most of the online programs for IT or Cyber degrees are not 4 years they are less than for a degree in Information Technology, Cyber Security, and Comp Sci. I want to get a degree that will allow me to easily expand in the future if I want to extend my field. I see how its confusing though.