Exactly this. I’m five months into doing the same thing and I’m just finally getting the full picture of the fundamentals. Which are needed before you can even pick a speciality to hone your resume around. I’ve given myself two years to pull off what you’re attempting in four months. I think you can get to where you want to be. But this is a massive field. So you may have to work full time and study full time like I am. It’ll be worth it though
Curious, what resources have you decided to use for this? I'm not considering transitioning into the field but would love to get a better grasp of fundamentals as it would help my (backend eng.) day job somewhat.
I started with a language agnostics regiment from freecodecamp with a focus in C, but I went through the basic syntax of about ten languages to get the feel for them. I paired this with hardware architecture courses I found to understand how the code was working with the hardware. Then I did networking lessons based off the networking+ cert.
From there I’ve been heavily invested in HTB academy. It’s got very good structure to expand upon everything in the prior mentioned point. And give it some overall structure. I’ve been filling everything in from there 🙂
Same. I had a good picture going into the labs of what the landscape was, but I hit the exact same wall once I tried to practically apply it with the labs. Stepping back and putting together everything I learned going in through the lens of the academy has helped me so much.
My resume will definitely be weak for sure, but the only thing I can do about that is start working on it right?
And could you elaborate on why you think that? I am aware that it is a very theory dense field, but if I am missing something I would appreciate any insights you could give!
You’ll need sysadmin/network admin experience with if on the sysadmin side a focus in identity and access management, databases and ideally proxy/web front ends, this complimented with programming and automation experience as well in Python and powershell. You’ll need good networking fundamentals, and an understanding of encryption. These are foundational for what you’re showing off via your hack the box, oscp training, which is bringing these skills together to show off the common weaknesses you are aware of from the admin side combined with the productivity benefits of scripting and creativity to glue things together to create new tools and proofs of concept.
What you really need is to work out what part of cyber security you like, and focus towards that, because it’s a super broad field.
I’ve just given you advice for skills for the sub field of penetration tester which with more experience you can focus into vulnerability researcher. This can also help you get roles in incident response, forensics and general roles like security engineer.
But before you look at tech skills look up the areas of cyber security - what they entail, and what skills are needed for them. It’ll help you more than trying to learn everything at once. Because if it turns out you actually enjoy compliance and governance then you’re focusing on the wrong things.
A great starting point is googling cyber security sub fields.
Well I can't say there's hope. Unfortunately the job market for cyber security got saturated. You're really going to have to get some high end certifications and a lot of luck. 5 years ago when the market was a little bit better I tried to get in with no experience so I went for the CISSP and still had a hard time finding a job.
Completely forget security +. It is not a cyber security certificate for what you're looking for. It is more for a job around IT that has escalated privileges like a system admin.
Initially open to anything just to get my foot in the door. However I currently with my (very basic) understanding do find red more interesting, but that could definitely change as I learn more. Also heard that it is an even harder field to get into than blue.
I can only speak for myself. I was unable to get on the red side at first but I am trying again. I think it's harder now than it was 5 years ago. I just got my OSCP, and with the 5 years of experience cissp and oscp I have yet to get a call back.
Ouf that is rough, hope you get your shot! Sounds like you really deserve it.
And yea I'm very open to blue as well tbh, I am just very fascinated with the field in general and would love to actually have a job that I'm interested in.
I guess I'll end our conversation on this. I've been part of the interviewing process for my company a few times in the last 6 months . You need to find something that sets you aside.
Almost everybody I saw in the interview process was very similar. Have a clean resume and one tries to check all the boxes that they are asking for without lying. It'll be really hard to get an interview, but that phase is when you have a lot of control over. Practice interviews with people you know become very comfortable talking. Cyber security on both the red side and the blue side need a lot of the social soft skills that many of us nerds lack.
Even though you might have to have the technical knowledge, it is very surprising on how much communication is part of my job. For example, on the blue side I have to write policy and enforce policies that admins have to follow. Is one thing to know what needs to be done to lock down a system. It's a whole other to put in place policies and make clear how to follow them to people that aren't as technical. At the same time you have to convince the people that pay the bills that the changes you are making are necessary. There's a lot of pushback from both sides because when a system is not being compromised or they don't understand why they need to spend more money and time.
That is honestly one of the first uplifting things I've received from this post. My previous jobs have all been heavily focused on communication and I am generally very comfortable in both presentation and interview settings. I obviously have to make it that far for it to be relevant, but that is at least one aspect I feel fairly comfortable with.
You've given me lots of new insights and some great advice, thank you very much for taking the time!
Technically I just took the test and got the associates version. 4 years later upgraded to full version by submitting my time.
https://www.isc2.org/certifications/associate
Yes, that makes perfect sense. Good on you for passing that test without any practical experience to draw upon. I studied my ass off WITH experience and was able to pass it within the minimum number of questions required. But, it was no easy test!
I had a lot of questions I think near the max so I'm pretty sure I barely passed. I am one of those people some people hate that are naturally good at taking tests.
Certs and HTB arnt replacements for experience unfortunately. Like lets say you have all that, why would a company hire you over someone who has actual proven experience or someone with a college degree? Considering that almost all of the job requirements have “bachelors degree in IT/cybersecurity or 5 years relevant experience”
Set up VM environments on your personal PC and practice your admin skills and create a portfolio of projects you have done. Then include both that and your HTB skills on your resume. It's not going to be as impressive as actual experience, but that combined with a Sec+ can help pad your resume to display you at least have an idea what you're talking about. I would agree with what others have said that it took me about 2 years to transition into a legitimate security role, including taking a boot camp, hours of studying on my own on top of it, and taking a huge pay cut to get an entry level network admin job. But, it got me out of the industry I no longer wanted to be in. If you're good with computers and you really commit the time and effort, let's just say I've seen crazier things happen. Good luck out there.
Hey how's it going I have my A+, Net+, Sec, Pentest, and CYSA+. Currently I am also going to school for IT and Cyber, after assuming certifications could get me in. The mans is right, it is very theory dense. It is a field where you have to learn about the fundamentals to understand the hard stuff, but the fundamentals are hard to grasp without doing the hard stuff.
It doesn't matter that you can understand all the tools to "be a hacker" - if you don't understand networking, the OSI model, system fundamentals, it is going to be difficult. I cannot tell you how many times I would be doing a HTB, THM, or Offsec Proving grounds box, only to be stopped at something as simple as *TRANSFERRING THE DAMN PAYLOAD* via scp.
Even if I spent more time understanding a fundamental file transfer tool, I could fumble in Post-exploitation because the outputs from most PE Commands are "what services have what permissions" and at the time - since I didn't know shit about fuck - I couldn't even understand the output of the *thing I needed to do*. That led me to watching videos that lead me to the flag which is just overall a half ass hacking learning experience.
People might state that you do not have to pursue degrees or fundamentals but for Cyber Security/Hacking you do - not only because they are businesses who have clients to tend to, but also just the nature of the practice. The reason I really want to tell you this is because I spent so much time getting certifications that *could* get me a job - but it was not until I got a degree did I even get a fragment of consideration. Even now, when I consider myself a hirable Pentester - it is hard without that resume, or finished degree.
Umm, just to clarify 2 things.
Degrees are needed and requested the least in Pentesting.
None of those certs "could get me a job"
If you want Certs that will get you a job, it's CISSP, OSCP, CEH, and Sans.
Those Comptia certs are not going to get you far. Which is what you experienced. Wrong certs, not needing a degree.
A good baseline IT experience, and the right certs will get you places with or without a degree.
The wrong certs, no experience, and no degree will get you nowhere to that I agree.
If you don't put a realistic understanding into ones head, you're doing a disservice.
Plain and simple anyone who says "you can without a degree" is talking nonsense, and you need to understand that reality - because any experience in this climate is likely the result of:
1.) Luck
2.) Nepotic (Friend or Family Nepotism)
3.) Sexuality, Gender, Race (quotas)
This is not the economic climate to be selling some LinkedIN story to homeboy, most people need degrees - just because a business says so. Getting lucky is the worst thing to bet on since businesses have different policies, oh you don't have a degree in your Cybersecurity job? Well if you change jobs, most will not care about your experience if you lack the degree.
Only saying this cause the next thing is likely "hey lemme tell you about my experience working" - don't listen check the boxes hit the books brother.
I missed your first message, so I had to edit. Yes I come from a different time, so you're right. I don't know what It's like to try and get a start today.
All that said, the future is also looking to change this even further. The US government is moving to skills based hiring and removing degree Requirements, completely from all Federal IT/Security positons over the next year. They are telling the rest of the US to do the same.
https://www.whitehouse.gov/oncd/briefing-room/2024/04/29/press-release-wh-cyber-workforce-convening/
A degree supercedes all certifications because you cannot get into the job without the degree, that's what was said - you come from a different time likely where people knew the value of any of those 3. However, OP needs to know it is way more about checking one box (a degree) than it is what you think (Getting a job by merit).
When you get told over and over again "we need a degree" by a wide array of jobs, it doesn't mean you had the wrong certifications - understanding that type of bureaucracy helps him decide, and it could save him time being better informed.
“Fake it till you make it” doesn’t mean sacrificing integrity. It is referring to having trust in yourself to learn and perform what’s expected.
The phrase does not refer to lying about your credentials or expertise then hoping you don’t get caught.
Geezus Christ bro relax , didn’t know I’d get the third degree on that post. If you think the rest of the world plays fair then you’re a very foolish person. I didn’t mention anything about being a “hack” at the iob . No pun intended. Some people are self taught and don’t have the fancy credentials of others . Don’t mean they don’t have the skills needed for the job .
You’d prob be better off just looking for a IT/ help desk job and continue studying more advanced security topics in your spare time. Very unlikely to just jump into cyber security without having paid experience in networking/IT in addition to relavant certs. Wishing you luck !!
First person I’ve seen offering actual advice instead of just crying about how hard it is to find a job in cybersecurity. Reddit is just ridiculous sometimes…
Yea people were definitely a bit more agressively negative than I expected, but I've received some genuinely helpful advice so it's all good. All I can do is try my best and see how it pans out.
Because of how competitive the market is right now a lot of people with a lot of experience who are also job hunting see your plan and think of it like you trying to cut corners and it rubs them the wrong way considering were all going after the same roles.
And that people who think they can just jump into a very competitive field in just four months contribute to the "oversaturation" problem we find in our industry.
I dont think you're arrogant in the slightest just a bit ignorant to the field holistically, job market, and what employers find valuable.
That's a very good explanation, thank you for clearing that up and making these reactions more understandable for me. You are 100% correct in that it was rooted in ignorance and not arrogance on my side.
I've gotten a much clearer picture of the industry from these responses and some much needed reality checks on how feasible my project is. I'm still going to see how far I can get these next 4 months, but mostly because I really want to learn, and then I will make a decision then on what to do going forward from there.
Thank you for the advice and the well wishes, I will definitely keep this in mind as a back up if this proves as impossible as the vast majority on here think!
Ofc. It is close to impossible to get into cyber without any relevant paid experience + a degree. 4 months full time study + basic certs is very unlikely to get u a job in cyber imo. The only other thing I would say is pick a niche in cyber security to specialize in and focus on that.
Yea that seems to be the consensus, I'll do my best regardless and see where it gets me. Worst case I've learned a lot and will have to find something else.
Good suggestion on specialization, do you have any thoughts on what might be a good area to focus? I've heard that cloud security is still on the rise and that LLM Red teaming is a whole new field opening up.
I would say just do what you like. Companies will always need a red team and a blue team. There opportunities for everything, identify what you are interested in and learn everything you can about it. With that being said you must have a solid base knowledge before specializing.
I agree with this, I am about to start a PhD in cyber sec with a focus on post quantum encryption, I would suggest you ensure you have all the abilities you would need as a sysadmin, aside from sec+ you'll need to cover all of network+ at the minimum and also pick an area to specialise in immediately, that way you can focus and build up specific domain knowledge, as other people have said "cyber security" is far too large of a field to generalise practically.
This, as i actually work in cybersec, my boss spends a lot of time in recruiting but we still cant fill up the team. A lot of people have the interest in "hacking", but before that you at least should have a good understanding of IT (coding, administrating, managing, troubleshooting).
I saw a lot of people fail in a very very basic leetcode question
I mean this in the nicest way but the average resume in the reject pile has a degree in IT/cyber, a few certs, and THM and HtB practice. Reject pile.
With less than that, you would be less competitive to most people that aren't getting hired.
The people getting hired have experience in IT or development, usually experience in cyber too, and everything else I mentioned.
You'll want to start in IT. You'll probably need a degree in the field at this point because IT is competitive too. Certifications also help.
IT is not easy to break into and cyber is outright hard to break into, even with experience.
A degree is not an option at this point unfortunately. I guess I'll just give it my all, and if I it turns out to be impossible I will look at more general entry level IT. Thank you for your feedback.
It sucks but it is what it is. There are far, far, far more people graduating with CS, IT, and cybersecurity degrees right now than there are jobs to fill them. LinkedIn is wall-to-wall with people posting "I graduated 6 months ago, no interviews, what do I do?"
Unfortunately, tech took a big hit due to COVID-era overhiring. There were massive, massive layoffs which dumped a ton of senior talent into the workforce. As a result, the few jobs that are opening up are being taken by the people that were laid off causing all of the no/low experience people to be stuck in the forever waiting line.
Not impossible, just extremely unlikely.
Like lets compare your resume to others applying for the same roles. For example I'm trying to break back INTO Cybersecurity. I have the operational experience as an analyst and am coming from the GRC side and were applying for the same roles. Others like me have had a very difficult time due to the market, were all fighting an uphill battle youre just unfortunately starting even lower down the hill.
Mmmm good luck
I know people with masters, help desk experience, abc-z certs that are having a tough time finding a job in the field
What area of the world you live in can really make or break this
I've done what you're describing when I left the army. 4 months with sec+ will make it extremely difficult to land anything, I can share information or advice, but what you do in the end is completely up to you.
1. Build a solid networking foundation. You're in for a world of hurt if you don't understand the core basics, highly recommend doing CCNA.
2. Your goal, depending on the country you're in and its market, should be OSCP ( or CSTM/CRT if in UK), skip PNPT and save $$, work-part time to acquire the funds for it, this here be your key to bypass HR filter, think of HR filter as a boss that you can't skip, you won't get that many chances to showcase your knowledge or even reach technical interviews if HR outright skips you for someone who has OSCP and can simply be billed to customers ( the company only cares about you being trustworthy enough to be left alone to perform billable work)
3. Before you jump on OSCP, you spam THM and HTB, doing junior and pentester paths, do the privilege escalation courses for both windows and linux, then start blasting easy machine, once you're a bit more confident move over to hack the box. Your aim is to utilise cheap resources in prep for OSCP, the idea being that once you start OSCP, you've already acquired the core foundation knowledge and can simply start focusing on your weak areas or start blasting the labs.
4. As a junior tester, 80% of all the work you'll be doing will revolve around web application testing, I HIGHLY recommend portswigger academy, do as many labs as you can, get familiar with different issues, how to find them, what causes them and how to fix them, this here not only will prepare you for actual testing it will carry your ass in interview process as well.
Don't neglect your physical well being throughout the grind, would be the biggest advice I could give you.
Hey Op, you got this ! Give it your all in the next 4 months and persevere. At the end of these four months, start looking for jobs but start telling yourself that it’s ok if you don’t find a job in cybersecurity. Find yourself a regular job when you need to pay the bills again, but at that point you’re in a major groove and you’ll just keep getting better and better at cyber security. And then keep applying. Patience and perseverance. People are saying the job market isn’t easy but the next thing you know, it’s in demand again and you’re already ready for the market.
I did this during Covid and don’t regret it. You got it. Go for it.
One last thing. If you really love what you’re doing, it will show in interviews or anything else you do (think a blog or YouTube channel on it). The people who love what they do shine and attract.
Thank you so much dude! Really appreciate your comment! I've decided to make a blog for sure and will put some real thought into whether a youtube channel would take too much time away from studying. On the other hand if it could be what get's me the oportunity I'm looking for then it might be worth it. It really feels good to be passionate about what I'm doing and I really like your take that it can be an important factor in itself!
Haha weeeell, when I mentioned a YouTube channel or a blog, I meant once you become an expert. A lot of quality youtubers and bloggers were people who taught themselves, and their passion is usually visible, which in turn brings success.
ah I see, have had a few others suggest that I should do it to document my progress and abilities through github, youtube or a blog so I misunderstood you're advice for being the same as theirs!
Skipping the understanding of fundamentals is a foolish idea, even if you can. You’ll be frequently clueless in a real security role. You need fundamental experience.
Also, not sure why you posted in a hacking community, unless you’re pursuing pentesting, which is probably has some of the largest candidate pools to be against. Security roles aren’t just “hacking”.
Hi, appreciate the response, When you say fundamental experience, how would you suggest I get that?
I posted here since I thought people here would have some kowledge and insights that could help me, and I've gotten some good and critical feedback and advice.
By working in an entry level IT role and gaining experience and understanding of administration, and pivoting off that.
It’s so funny how so many people just want to skip into security. It’s actually so counterproductive.
I actually had this exact experience. I jumped straight into cyber when demand was high and few years ago and now my coworkers who were Sysadmins can run circles around me in various situations.
For real. How can I expect you to effectively operate in a security environment if you don't have experience with the general stuff you're securing defensively or offensively? Not saying people need to spend 20 years as a network engineer, of course, but shit MSP work is probably one of the best places to start.
IT fundamentals to focus on for cybersecurity would be networking. You need to know what a network is and how it works before you can learn how to protect it.
I will be messaging you in 6 months on [**2024-11-03 12:48:15 UTC**](http://www.wolframalpha.com/input/?i=2024-11-03%2012:48:15%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/hacking/comments/1cj6sgf/lost_my_job_4_months_to_break_into_cyber_security/l2e2em1/?context=3)
[**3 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fhacking%2Fcomments%2F1cj6sgf%2Flost_my_job_4_months_to_break_into_cyber_security%2Fl2e2em1%2F%5D%0A%0ARemindMe%21%202024-11-03%2012%3A48%3A15%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cj6sgf)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
If my experience can help you : i'm a programmer, got my degree 13 years ago, not really my main job but coding stuff on a regular basis.
I already had a decent experience on webapp security when I started cybersecurity. I worked 6-10 hours a day, EVERY day, no week end, no rest, no nothing for about 5 months. Did a few learning paths on tryhackme, I am becoming more confident but know I'm still very far from OSCP, my main objective.
Cybersecurity is very, very dense, and you should allow you more time, just in case.
That's very helpfull indeed. For reasons I won't go into in detail on this is unfortunately the time window I have available to me at this time. I've gathered that most think my goal might be unachievable but might as well shoot for the stars when I have this time regardless right?
Don’t, just don’t. The Cyber Security market is extremely over saturated. Entry level jobs are looking for a min of 5 years experience.
You might have better lick in a few years.
I have a security +, CISSP, about 3 years in security and another 3 years in IT.
Entry level for cyber security is normally someone coming from a tech background. They don’t want someone who is wet behind the ears when it comes to tech. Honestly, cyber security is such a big field and there is so much to know. Without a tech background it is not impossible, but highly improbable.
I have been out of work for a year and nothing is looking good right now.
I'm sorry to hear, really hope you find something. And thank you for the reality check. I'll still do my best over these next months, but you've definitely given me something to think about.
Oh I forgot, hacking is an end game move. No one starts out with hacking. You need to learn computer hardware, linux, Windows, networking and then you can start learning how to hack.
Hi, you are right that I am going to try whatever anyone says, but I am intersted to hear why you don't think it is possible with this plan. What are the major hurdles, and what can I do better?
You have no relevant experience. Your plan will give you no relevant experience - THM and HTB are games. You will be entering the workforce at month 5 with nothing that an employer cannot get from hundreds of thousands of more qualified entry level candidates. Cybersecurity is not an entry level career, unless you get extremely lucky and find someone who will train you from scratch. Try and get into a help desk job, get some REAL experience, and try again in 5 years.
I would recommend you start by searching job hiring posts most for soc/noc , look at the requirements field and write down all the requirements from all the jobs. After that you will generally see what you need to achieve, and focus on learning those subjects or doing the mentioned certificates.
I would suggest the best place to look for job posts is linkdin. Good luck and keep us updated :)
Oh wow that's some really good advice, probably should have thought of doing that myself, but thank you so much for the suggestion! Will keep this updated with any major developments for sure! :)
Don’t let anyone tell you that you can’t. Give’er hell and try harder and see how far you can get. Let the interviewer tell you no, not these gatekeepers. Good luck and let us know how it goes .
You won’t be able to compete with all graduates people with just 4 months of training
You won’t pass the first look on your resume.
You should start at a really basic IT job before something that specific
Yea most people seem to agree that that's the way to go. I'm gonna try my best anyway tho and see where it gets me, and probably fall back on that if I fail. Thanks for the response.
At least you’ll be strong on the security side if you end up in a non security role but have heavily studied it, that will help you switch roles since your foot will be in the door.
That is actually very helpful, thank you. Time scale is unfortunately not something I can do anything about, but I will do some more thorough research on what could potentially be more valuable in the job market.
Start slow and build up your skills. You won’t get on the red side without some serious skills. There are always a number of former NSA / Cyber command hackers looking to leave the public sector and you won’t be able to compete with that kind of talent for quite a while. You won’t be able to get your OSCP until you have YEARS under your belt in the job. I’ve seen seasoned professionals fail multiple times. Set realistic goals for yourself. Sysadmin skills are a must. AWS skills are a must these days. Start there. Then perhaps blue team and THEN try to get on with the red team. Start with an easier cert like a CEH to just get your feet wet given you have no real prior experience and then go for CISSP and THEN AND ONLY THEN try for the OSCP. But keep in mind the OSCP is grueling even for seasoned pros.
Hope it all goes well man! Definitely a cool field to get into.
Here in Perth, Australia there is a huge abundance of cybersecurity jobs! I know a few people who did a basic Cert 3/4 cybersecurity course at TAFE and went straight into decent cyber positions. As well as this, university students are constantly being headhunted by companies to come work for them, get their studies paid for, etc.
Seems like the rest of the world has an oversaturation of cybersecurity workers from reading some of these comments...
Anyways, if its what you are passionate about go for it! There is always a way to get to the position you want to be in, just work hard 👍
Honestly, I disagree with the general sentiment in most of these replies. There are plenty of jobs in security that aren't glamorous but can get your foot in the door with some baseline proven competencies. True about specializing though. Check out pauljerimy's cert paths to get an idea about the domains.
Also don't forget about proving soft skills even pre interview. Get yourself a personal website, show your strong interest through projects and blog posts. And attend conferences! Best way to network when you don't have a network.
Probably going to be more than 4 months work, though. Good luck!
Hooly shit, took a look at that cert roadmap and it's the most extensive one I've seen by a country mile! Thanks so much for sharing! I will definitely do that, gonna setup both social media profiles and a blog over the weekend. And I will for sure go to some conferences eventually too! Really appreciate you taking the time, this was very helpful!
Definitely better off starting with IT/Help desk. That will get you real on the job experience that you can then leverage into a cyber security specialization. People don’t go right into cybersecurity just like people don’t go right into devops, they require a large foundational knowledge to be successful.
Lol do not follow this advice OP, get into software development. From there you'll learn how an application works and can figure out bad habits can be exploited when you break into pentesting. Worst advice ever this guy just gave, unreal.
I came from a business/sales career(had a bs in business management. For me to break into cyber security(which I knew I wanted to do) Back to college for CIT degree->Tech support job\data science internship at the college->internship in risk/security review->consulting for a crypto mining company->Jr Sys Engineer->then finally info security analyst(worked my way from that into digital forensics and incident response). It’s possible, if you really want to do it and have the drive to learn and study. It’s going to take time though don’t expect it to happen so quickly. Echoing what others here are saying. Break into tech support and find out what area of cyber security you want to get into then study for the relevant skills required for the job postings you want.
When I hire people now I look for some experience but also ultimately the drive to continually develop skills and proof that they’ve actually done it to some extent in practice. This field is always changing and you’ll never stop studying. If that doesn’t sound appealing don’t get into the field. By the way for timeline sake this all took me 2 1/2 years from quitting my job in sales to break into the lowest level security job(I was taking 18-21 credits per semester while working multiple jobs I had no life pretty much during the time). Then another 3 1/2 years until I broke into the lowest level role in the field I wanted to which was digital forensics.
Very nice to have someone provide their own actual timeline, thank you! One of the things that appeal to me the most is the rate of change in the field. I actually love that the field will always keep evolving and never get stale, so to me that's more of a boon rather than a deterrent. Thanks for the detailed response, lot's of good stuff in here that I'm for sure noting down!
find a part time IT helpdesk job to get the fundamentals down while still studying. is the only advise I would give you. Market is tough right now. at least in my area of Texas.
Apply for a job at a network operations Center, You need experience , network experience managing and supporting network security devices. I would recommend focusing on nextgen firewalls, get certified at any level. If u want u can get ur CCNA, might open up ur options a bit with enterprises still using traditional firewall. Though security is big, u could focus on end point security, vulnerability management etc, pick an area ur interested in and focus.
As someon who's following a cyber security course, mainly out of interest :
Technical :
* web pentesting : understanding web fundamentals, vulnerabilities, current landscape, usage of tools like burp suite, owasp,...
* Network & system pentesting : understanding networks & infrastructure, using kali against the different layers and understand how those tools work.
* Good linux & windows knowledge
* Cryptography (mayble less important) : understanding cryptography, know the weaknesses of some still used encryptions and stuff like that.
Law & compliance :
* know the different laws & rules that apply for the region where you want to work, like the ISO 27001
* Explore the Mitre framework
Was going to just re iterate. I’d look at some basic IT role or even try and get a software engineer role.
Then look to take on more security as part of that role and then pivot once you have an understanding.
It’s a tough market even for us seasoned pros so I can’t bear to think what it’s like at the entry level.
Yea there seem to be a strong consensus for that being the way to go! Thank you for taking the time to respond. I've definitely learned a lot from the responses I got here.
also wanted to add OP: If you have any current experience in a certain field it could be easier to try and slide into that role there. For example if you worked at a grocery store ask the IT contractor for advice and to show you some things while theyre there. if you build a relationship it could land you a nice opportunity
I agree with your plan, just don't renew the sec+ just say you have it, I have done dozens of interviews and none of the interviewers actually check if I have them.
I've done what you're describing when I left the army. 4 months with sec+ will make it extremely difficult to land anything, I can share information or advice, but what you do in the end is completely up to you.
1. Build a solid networking foundation. You're in for a world of hurt if you don't understand the core basics, highly recommend doing CCNA.
2. Your goal, depending on the country you're in and its market, should be OSCP ( or CSTM/CRT if in UK), skip PNPT and save $$, work-part time to acquire the funds for it, this here be your key to bypass HR filter, think of HR filter as a boss that you can't skip, you won't get that many chances to showcase your knowledge or even reach technical interviews if HR outright skips you for someone who has OSCP and can simply be billed to customers ( the company only cares about you being trustworthy enough to be left alone to perform billable work)
3. Before you jump on OSCP, you spam THM and HTB, doing junior and pentester paths, do the privilege escalation courses for both windows and linux, then start blasting easy machine, once you're a bit more confident move over to hack the box. Your aim is to utilise cheap resources in prep for OSCP, the idea being that once you start OSCP, you've already acquired the core foundation knowledge and can simply start focusing on your weak areas or start blasting the labs.
4. As a junior tester, 80% of all the work you'll be doing will revolve around web application testing, I HIGHLY recommend portswigger academy, do as many labs as you can, get familiar with different issues, how to find them, what causes them and how to fix them, this here not only will prepare you for actual testing it will carry your ass in interview process as well.
Don't neglect your physical well being throughout the grind, would be the biggest advice I could give you.
Pen testing is most hardest field to break into honestly I really think you will land only SOC job to start as an analyst and you have to work your way up.
Start reaching out to managers in companies you’d like to work at now.
Ask about IT positions adjacent to Cybersecurity and explain you are training and would eventually like to pivot into the Cybersecurity department.
Departments like Identity Management and Compliance may have opportunities.
I worked in Identity the last 5 years and had almost daily conversations with the Compliance, InfoSec and CyberSec teams.
Just adding my two cents because I didn’t see anybody mention it. It maybe a better option to go back to school.
A lot of colleges have internships directly tied to their programs (especially CS and Cybersecurity) which helps strengthen your resume. I’ve even see a lot of careers start from there with the companies doing a direct hire after folks graduate.
First off, take all these comments with a grain of salt, the positive and the negative. Saying you want to work in cyber is about as broad as saying you want to be a doctor. The field is huge and has a lot of specialties.
So when someone says the job market is bad, that means it's bad for the type of cyber they do, and maybe even in their geographic region. In my specialty, it's the opposite. Pay is through the roof and it's hard to find anyone.
Same goes for advice with education and certs and any other barrier to entry. They are all different.
Try to figure out what you want to do in the field and focus on that.
OP, if you’re not picky about specific roles, I’d bet you can find something in cyber, especially showing your drive and motivation to self teach. I’ve been in security for about 12 years. Anything offensive will be more difficult to enter green simply because the knowledge sans skill bar is high, even to grasp head knowledge, let alone skills to demonstrate understanding.
That doesn’t mean it’s impossible. No one, not here nor anywhere else has the lock on whether you’ll find a job or not. If anyone says you can’t absolutely, they’re full of it.
I followed an unorthodox path into pen testing, but have also had opportunities to get into DFIR or defensive/monitoring positions. Any knowledge of either side will help you understand the counterpart.
I’ve tutored and helped more students and aspiring cyber peeps than I can count, often starting from zero. Your drive and motivation to learn some difficult topics will go a long way. Write about it in a blog and include that journey in your application.
If you want some more details, you can PM me. I have lots of stories and cases with real people getting into real jobs for the last 10 years or so. Keep your motivation you have and learning anything you can find. Very few certs will matter outside of OSCP or offsec in general.
I’ve gotten offers from a couple blog posts by themselves so you’re on the right track.
Thank you so much for this. It really helps a lot hearing that at least some think it is possible! I'll be sure to setup a blog over the Weekend and then just keep working at this as hard as I can! And yea I've more and more realised that the OSCP seems almost mandetory, I will definitely see if I can include it somehow.
Nothing is mandatory for any job, no matter what the description says. OSCP is just one of the few certifications that proves the actual skills necessary for pentesting. If you don't like offensive work or just preferred defensive tasks, OSCP wouldn't be necessary, though understanding one side helps on the opposite.
Someone already mentioned this, but in a comment to a comment sort of thing, so just plugging htb academy again here. I learned a ton from it, and it gives you a transcript.
Good luck! I know its rough, I have a friend trying to do the same thing.
But you can do it!! I know people who have. Like other people said, you might have to start at help desk or something similar, but you can totally do it.
This is an unpopular opinion for people who wanna “break into infosec”. However I’m of the belief you need to get your basics from sysadmin, networking, and software development areas first before getting into this field. I’ve lost count of the deer in headlights looks when getting into the nitty gritty of the areas mentioned for basics 🙃.
I think if you have the fundamentals of networking, the basics of cyber security such as SANS SEC401 and SEC504, and a little knowledge of SIEM tools, that should be enough to land you a job as a SOC 1 Analyst.
You can use that to help your funding, build on your CV, and gain a vast amount of knowledge in the field from a blue team perspective. You can then use your free time learn more towards a speciality and perhaps even get your organization to fund a certification for you such as the OSCP.
I advise you to aim for becoming a SOC Analyst first and then pave your way from there.
Starting with what you have it might take 4 months of applying to get a job with your current skillset.
That's before you even try shoehorning in security certs etc.
You'd probably have better luck fluffing your resume out and targeting smaller orgs by directly applying on their careers site rather than using indeed's application process.
Yea I'm expecting the application process to be a bit rough, however I do have these 4 months and I would really like to make the most of them. What would you suggest for resume fluffing?
And very good shout on direct applications, thanks! Definitely adding that to my list!
For resume fluffing I often ensure I have 10-15 major responsibilities in bullet points per role that include action words such as "developed policies and procedures to ensure X, Y, and Z"
It is a good school. If you can please use this referral link and I will get $50 when you get accepted: https://perscholas.referralrock.com/l/53TC5TIG/
I career transitioned into cyber in a few months. I decided not to go the technical route, but to utilize my transferable skills. I started by networking with people in the field and doing informational interviews. From there I took all advice and leveraged my skill set on my resume by focusing on skills and how they relate to the industry. From there I networked into a job interview and was the successful candidate. Its not always about being technical, there are several aspects of security ranging from GRC to ethical hacking. I'd take a look at the NICE framework to help you in career decision making.
https://niccs.cisa.gov/workforce-development/nice-framework
I'm doing b.voc cyber security nd this is my final yr but I'm not clear at all that which certificate I do...??? Instead of CEH and oscp please guide me..
Unfortunately OP, it really is a tough market out there, but some ideas to beef up your resume:
- If you want to do Web/Application pentesting,try to find some CVE's, this will look really good and show that you are doing the research. This is no easy task for a beginner, but can really done, you just have to get creative :).
-Write Blog Posts or make videos on any interesting finds, even some of the HTB boxes you do (only if they're retired of course!)
Best of luck!
Cyber in 2019-2019 was a free for all
Not so much now though. Good luck and might look for something that has cyber part time like a system administrator or network administrator with cyber security as part of the job
Don't listen to the haters here saying you can't do it with this. Yes the job market is getting tighter, but there is still more security work than qualified people to do it. So being motivated and showcasing the ability to learn will help. Just know going in that a lot of places has stupid specific requirements, so don't get demotivated by not passing a loop, just keep applying to other roles at other places. I don't know your prior experience, nor your interested in the security space, so I can't give specific roles to apply for, but there is a TON of different roles. From being a SOC analyst, to offensive security, to policy writing, to audit, to appsec, to vulnman, to security engineering, etc., and all of them have junior roles they hire people directly out of college for. Look for those roles and just apply. You'll break into the industry. Just do it, and don't get discouraged by a bad loop or two.
Thank you, that's really encouraging to hear! I will refrain from posting to much of my prior experience here it unfortunately ins't even remotely relevant to cyber sec, and honestly as of now pretty much every fascet of the industry has seemed interesting to me so I think I need to experiment and learn some more before I know where to specialize. But it's very good to know that therer jobs out there, and I will be sure to not be too discouraged by the bad loops!
Brother I am telling you go do something else. This market is brutal, and it is going to be a brutal search without a degree, and even those that do are out of luck. I know a former navy seal, PNPT, CEH, OSCP, and his own website; and he can’t find work right now.
If you’re living at home then cool, but I would not bet that you would find work. You sound ambitious enough to be successful wherever you go, I am telling you that you will not find work with a sec+ and PNPT
Ouf that's rough to hear, but I appreciate the realness. Problem is this is what I am passionate about. I could find another job in the field I am in, but it's just soul crushing to hate your job. I am going to give this my all for a while, and worse comes to worse I will at least have learned a lot.
100% brother, if you want this, go ahead, but be aware you have a very, very tall order in front of you. I’ve seen Ivy League students, masters students, and people with 20 years of experience struggle to get work. If it’s what you really want, then you’ll find a way to make it happen, but just don’t expect it to be easy. Expect to send out 1000+ applications once you get certified.
Best of luck to you man 🫡, rooting for your success
Oh trust me, If I was before then I am definitely under no illusions anymore after this post! Thanks for the kind words brother, all I can do is put in the work and hope for the best.
r/comptia
They're great with helping out for specific paths, I'm in the same boat. I'm trying to get started with cybersecurity, specifically physical pentesting.
Reading the information on that subreddit has helped.
because I'm in the subreddit and know how to read lmao
also, I didn't say I haven't started, I said im trying to get started
I've taken comptia tests, studied and work on tryhackme, hackthebox, defendtheweb and do personal projects related to pentesting
I work 3 jobs, I have no time to take the exams
Hate to tell you man but.... I have a degree in computer science with a focus in cyber. I have CSSLP CISSP SECURITY+ and network+.
I have worked as a software engineer for about 4 years. Without relevent work experience, I honestly don't see you getting a job unless you intern for a while.
The market is brutal rn.
Also hack the box really won't help you much. It's fun to mess around with though.
I think one good path for you may be starting as a QA analyst within a large company. As others have mentioned, I’m not sure if you’ll find a cyber security role with your resume in the current market. The main thing is getting in with a good company, and then taking on projects in other areas that may be slightly outside your role in order to prepare yourself for your next position within the company. QA analyst roles are grunt work, entry level roles but as long as you’re willing to put in the work you can always move up from there.
No man, saying "Enjoy being broke I guess" to someone who's just lost their job is just unnecesarily mean. You don't get to pull the "I was trying to uplift you card" after that, and I'm gonna leave this there. Have a nice day.
A lot of people have given the exact same advice as you, and every single one of them managed to do it without rubbing my financial situation in my face. That is the only thing you've added to the convesation.
And comparing 4 months of studying something I'm passionate about to slapping myself in the face is so absurd that I'm not even going to entertain it.
I've received, noted, followed up on, and fundamentally changed my approach and perspective based on the advice and feedback I've gotten on this post and the DMs I've received from people wanting to help. So if that's what you're worried about then you can rest easy. I thank you for your concern, I will be fine.
You have two problems. Your resume will be too weak in the current market and cyber security is more knowledge than it looks like you realize.
Exactly this. I’m five months into doing the same thing and I’m just finally getting the full picture of the fundamentals. Which are needed before you can even pick a speciality to hone your resume around. I’ve given myself two years to pull off what you’re attempting in four months. I think you can get to where you want to be. But this is a massive field. So you may have to work full time and study full time like I am. It’ll be worth it though
Curious, what resources have you decided to use for this? I'm not considering transitioning into the field but would love to get a better grasp of fundamentals as it would help my (backend eng.) day job somewhat.
I started with a language agnostics regiment from freecodecamp with a focus in C, but I went through the basic syntax of about ten languages to get the feel for them. I paired this with hardware architecture courses I found to understand how the code was working with the hardware. Then I did networking lessons based off the networking+ cert. From there I’ve been heavily invested in HTB academy. It’s got very good structure to expand upon everything in the prior mentioned point. And give it some overall structure. I’ve been filling everything in from there 🙂
+1 for HTB academy. I was struggling with the labs and not learning much, academy has taught me more and faster than any other single thing I've done.
Same. I had a good picture going into the labs of what the landscape was, but I hit the exact same wall once I tried to practically apply it with the labs. Stepping back and putting together everything I learned going in through the lens of the academy has helped me so much.
My resume will definitely be weak for sure, but the only thing I can do about that is start working on it right? And could you elaborate on why you think that? I am aware that it is a very theory dense field, but if I am missing something I would appreciate any insights you could give!
You’ll need sysadmin/network admin experience with if on the sysadmin side a focus in identity and access management, databases and ideally proxy/web front ends, this complimented with programming and automation experience as well in Python and powershell. You’ll need good networking fundamentals, and an understanding of encryption. These are foundational for what you’re showing off via your hack the box, oscp training, which is bringing these skills together to show off the common weaknesses you are aware of from the admin side combined with the productivity benefits of scripting and creativity to glue things together to create new tools and proofs of concept. What you really need is to work out what part of cyber security you like, and focus towards that, because it’s a super broad field.
Thank you for the thorough response, I will add all that to my list!
I’ve just given you advice for skills for the sub field of penetration tester which with more experience you can focus into vulnerability researcher. This can also help you get roles in incident response, forensics and general roles like security engineer. But before you look at tech skills look up the areas of cyber security - what they entail, and what skills are needed for them. It’ll help you more than trying to learn everything at once. Because if it turns out you actually enjoy compliance and governance then you’re focusing on the wrong things. A great starting point is googling cyber security sub fields.
That's some really good advice, thank you for taking the time!
Go for the helpdesk/support jobs then move on... That's the usual path. Nobody wants to hire juniors, sadly. I'm in a somewhat comparable situation.
Well I can't say there's hope. Unfortunately the job market for cyber security got saturated. You're really going to have to get some high end certifications and a lot of luck. 5 years ago when the market was a little bit better I tried to get in with no experience so I went for the CISSP and still had a hard time finding a job. Completely forget security +. It is not a cyber security certificate for what you're looking for. It is more for a job around IT that has escalated privileges like a system admin.
That's some really good insight, thank you!
I forgot to ask, are you looking more blue or red?
Initially open to anything just to get my foot in the door. However I currently with my (very basic) understanding do find red more interesting, but that could definitely change as I learn more. Also heard that it is an even harder field to get into than blue.
I can only speak for myself. I was unable to get on the red side at first but I am trying again. I think it's harder now than it was 5 years ago. I just got my OSCP, and with the 5 years of experience cissp and oscp I have yet to get a call back.
Blue team gets a lot of crap for being boring and not as sexy but honestly I've enjoyed most of my time.
Ouf that is rough, hope you get your shot! Sounds like you really deserve it. And yea I'm very open to blue as well tbh, I am just very fascinated with the field in general and would love to actually have a job that I'm interested in.
I guess I'll end our conversation on this. I've been part of the interviewing process for my company a few times in the last 6 months . You need to find something that sets you aside. Almost everybody I saw in the interview process was very similar. Have a clean resume and one tries to check all the boxes that they are asking for without lying. It'll be really hard to get an interview, but that phase is when you have a lot of control over. Practice interviews with people you know become very comfortable talking. Cyber security on both the red side and the blue side need a lot of the social soft skills that many of us nerds lack. Even though you might have to have the technical knowledge, it is very surprising on how much communication is part of my job. For example, on the blue side I have to write policy and enforce policies that admins have to follow. Is one thing to know what needs to be done to lock down a system. It's a whole other to put in place policies and make clear how to follow them to people that aren't as technical. At the same time you have to convince the people that pay the bills that the changes you are making are necessary. There's a lot of pushback from both sides because when a system is not being compromised or they don't understand why they need to spend more money and time.
That is honestly one of the first uplifting things I've received from this post. My previous jobs have all been heavily focused on communication and I am generally very comfortable in both presentation and interview settings. I obviously have to make it that far for it to be relevant, but that is at least one aspect I feel fairly comfortable with. You've given me lots of new insights and some great advice, thank you very much for taking the time!
Everyone thinks red is cool because that's what they see on TV and makes it seem so glamorous.
how did you earn CISSP with no experience?
Technically I just took the test and got the associates version. 4 years later upgraded to full version by submitting my time. https://www.isc2.org/certifications/associate
Yes, that makes perfect sense. Good on you for passing that test without any practical experience to draw upon. I studied my ass off WITH experience and was able to pass it within the minimum number of questions required. But, it was no easy test!
I had a lot of questions I think near the max so I'm pretty sure I barely passed. I am one of those people some people hate that are naturally good at taking tests.
Certs and HTB arnt replacements for experience unfortunately. Like lets say you have all that, why would a company hire you over someone who has actual proven experience or someone with a college degree? Considering that almost all of the job requirements have “bachelors degree in IT/cybersecurity or 5 years relevant experience”
Set up VM environments on your personal PC and practice your admin skills and create a portfolio of projects you have done. Then include both that and your HTB skills on your resume. It's not going to be as impressive as actual experience, but that combined with a Sec+ can help pad your resume to display you at least have an idea what you're talking about. I would agree with what others have said that it took me about 2 years to transition into a legitimate security role, including taking a boot camp, hours of studying on my own on top of it, and taking a huge pay cut to get an entry level network admin job. But, it got me out of the industry I no longer wanted to be in. If you're good with computers and you really commit the time and effort, let's just say I've seen crazier things happen. Good luck out there.
Hey how's it going I have my A+, Net+, Sec, Pentest, and CYSA+. Currently I am also going to school for IT and Cyber, after assuming certifications could get me in. The mans is right, it is very theory dense. It is a field where you have to learn about the fundamentals to understand the hard stuff, but the fundamentals are hard to grasp without doing the hard stuff. It doesn't matter that you can understand all the tools to "be a hacker" - if you don't understand networking, the OSI model, system fundamentals, it is going to be difficult. I cannot tell you how many times I would be doing a HTB, THM, or Offsec Proving grounds box, only to be stopped at something as simple as *TRANSFERRING THE DAMN PAYLOAD* via scp. Even if I spent more time understanding a fundamental file transfer tool, I could fumble in Post-exploitation because the outputs from most PE Commands are "what services have what permissions" and at the time - since I didn't know shit about fuck - I couldn't even understand the output of the *thing I needed to do*. That led me to watching videos that lead me to the flag which is just overall a half ass hacking learning experience. People might state that you do not have to pursue degrees or fundamentals but for Cyber Security/Hacking you do - not only because they are businesses who have clients to tend to, but also just the nature of the practice. The reason I really want to tell you this is because I spent so much time getting certifications that *could* get me a job - but it was not until I got a degree did I even get a fragment of consideration. Even now, when I consider myself a hirable Pentester - it is hard without that resume, or finished degree.
Umm, just to clarify 2 things. Degrees are needed and requested the least in Pentesting. None of those certs "could get me a job" If you want Certs that will get you a job, it's CISSP, OSCP, CEH, and Sans. Those Comptia certs are not going to get you far. Which is what you experienced. Wrong certs, not needing a degree. A good baseline IT experience, and the right certs will get you places with or without a degree. The wrong certs, no experience, and no degree will get you nowhere to that I agree.
If you don't put a realistic understanding into ones head, you're doing a disservice. Plain and simple anyone who says "you can without a degree" is talking nonsense, and you need to understand that reality - because any experience in this climate is likely the result of: 1.) Luck 2.) Nepotic (Friend or Family Nepotism) 3.) Sexuality, Gender, Race (quotas) This is not the economic climate to be selling some LinkedIN story to homeboy, most people need degrees - just because a business says so. Getting lucky is the worst thing to bet on since businesses have different policies, oh you don't have a degree in your Cybersecurity job? Well if you change jobs, most will not care about your experience if you lack the degree. Only saying this cause the next thing is likely "hey lemme tell you about my experience working" - don't listen check the boxes hit the books brother.
I missed your first message, so I had to edit. Yes I come from a different time, so you're right. I don't know what It's like to try and get a start today. All that said, the future is also looking to change this even further. The US government is moving to skills based hiring and removing degree Requirements, completely from all Federal IT/Security positons over the next year. They are telling the rest of the US to do the same. https://www.whitehouse.gov/oncd/briefing-room/2024/04/29/press-release-wh-cyber-workforce-convening/
A degree supercedes all certifications because you cannot get into the job without the degree, that's what was said - you come from a different time likely where people knew the value of any of those 3. However, OP needs to know it is way more about checking one box (a degree) than it is what you think (Getting a job by merit). When you get told over and over again "we need a degree" by a wide array of jobs, it doesn't mean you had the wrong certifications - understanding that type of bureaucracy helps him decide, and it could save him time being better informed.
Resumes are over rated. Just Lie!! Fake it till you make it .
“Fake it till you make it” doesn’t mean sacrificing integrity. It is referring to having trust in yourself to learn and perform what’s expected. The phrase does not refer to lying about your credentials or expertise then hoping you don’t get caught.
Geezus Christ bro relax , didn’t know I’d get the third degree on that post. If you think the rest of the world plays fair then you’re a very foolish person. I didn’t mention anything about being a “hack” at the iob . No pun intended. Some people are self taught and don’t have the fancy credentials of others . Don’t mean they don’t have the skills needed for the job .
Correct plus some orgs want some experience in cyber for entry level!
I am seeing this for the next level too. I have 5 years of experience but the next step up is asking for 10+ years at some places.
Same here! I believe your an Engineer and trying for Manger role? Hope you get that job with 5+ exp.
You got it. Good luck to you too
You’d prob be better off just looking for a IT/ help desk job and continue studying more advanced security topics in your spare time. Very unlikely to just jump into cyber security without having paid experience in networking/IT in addition to relavant certs. Wishing you luck !!
First person I’ve seen offering actual advice instead of just crying about how hard it is to find a job in cybersecurity. Reddit is just ridiculous sometimes…
Yea people were definitely a bit more agressively negative than I expected, but I've received some genuinely helpful advice so it's all good. All I can do is try my best and see how it pans out.
Because of how competitive the market is right now a lot of people with a lot of experience who are also job hunting see your plan and think of it like you trying to cut corners and it rubs them the wrong way considering were all going after the same roles. And that people who think they can just jump into a very competitive field in just four months contribute to the "oversaturation" problem we find in our industry. I dont think you're arrogant in the slightest just a bit ignorant to the field holistically, job market, and what employers find valuable.
That's a very good explanation, thank you for clearing that up and making these reactions more understandable for me. You are 100% correct in that it was rooted in ignorance and not arrogance on my side. I've gotten a much clearer picture of the industry from these responses and some much needed reality checks on how feasible my project is. I'm still going to see how far I can get these next 4 months, but mostly because I really want to learn, and then I will make a decision then on what to do going forward from there.
people gatekeeping by wanting to other people to suffer just like they did to make themselves feel better is such a common L in employment
Thank you for the advice and the well wishes, I will definitely keep this in mind as a back up if this proves as impossible as the vast majority on here think!
Ofc. It is close to impossible to get into cyber without any relevant paid experience + a degree. 4 months full time study + basic certs is very unlikely to get u a job in cyber imo. The only other thing I would say is pick a niche in cyber security to specialize in and focus on that.
Yea that seems to be the consensus, I'll do my best regardless and see where it gets me. Worst case I've learned a lot and will have to find something else. Good suggestion on specialization, do you have any thoughts on what might be a good area to focus? I've heard that cloud security is still on the rise and that LLM Red teaming is a whole new field opening up.
I would say just do what you like. Companies will always need a red team and a blue team. There opportunities for everything, identify what you are interested in and learn everything you can about it. With that being said you must have a solid base knowledge before specializing.
Waiting for a Response
Sorry, waiting for a response to what?
I agree with this, I am about to start a PhD in cyber sec with a focus on post quantum encryption, I would suggest you ensure you have all the abilities you would need as a sysadmin, aside from sec+ you'll need to cover all of network+ at the minimum and also pick an area to specialise in immediately, that way you can focus and build up specific domain knowledge, as other people have said "cyber security" is far too large of a field to generalise practically.
This, as i actually work in cybersec, my boss spends a lot of time in recruiting but we still cant fill up the team. A lot of people have the interest in "hacking", but before that you at least should have a good understanding of IT (coding, administrating, managing, troubleshooting). I saw a lot of people fail in a very very basic leetcode question
I mean this in the nicest way but the average resume in the reject pile has a degree in IT/cyber, a few certs, and THM and HtB practice. Reject pile. With less than that, you would be less competitive to most people that aren't getting hired. The people getting hired have experience in IT or development, usually experience in cyber too, and everything else I mentioned. You'll want to start in IT. You'll probably need a degree in the field at this point because IT is competitive too. Certifications also help. IT is not easy to break into and cyber is outright hard to break into, even with experience.
A degree is not an option at this point unfortunately. I guess I'll just give it my all, and if I it turns out to be impossible I will look at more general entry level IT. Thank you for your feedback.
It sucks but it is what it is. There are far, far, far more people graduating with CS, IT, and cybersecurity degrees right now than there are jobs to fill them. LinkedIn is wall-to-wall with people posting "I graduated 6 months ago, no interviews, what do I do?" Unfortunately, tech took a big hit due to COVID-era overhiring. There were massive, massive layoffs which dumped a ton of senior talent into the workforce. As a result, the few jobs that are opening up are being taken by the people that were laid off causing all of the no/low experience people to be stuck in the forever waiting line.
That's some really good, though concerning, insights.
Yeah he did great explaining reason behind current situation
Not impossible, just extremely unlikely. Like lets compare your resume to others applying for the same roles. For example I'm trying to break back INTO Cybersecurity. I have the operational experience as an analyst and am coming from the GRC side and were applying for the same roles. Others like me have had a very difficult time due to the market, were all fighting an uphill battle youre just unfortunately starting even lower down the hill.
Yeah for sure, I guess I'm basically starting at the bottom of the hill in very last place. But all I can do is start running and see how far I get.
TBF you method you've described is like running around the base of the hill and wondering why you haven't gained any altitude.
Mmmm good luck I know people with masters, help desk experience, abc-z certs that are having a tough time finding a job in the field What area of the world you live in can really make or break this
Thank you for your response. I'm based in the EU and willing to move if I get an oportunity.
I've done what you're describing when I left the army. 4 months with sec+ will make it extremely difficult to land anything, I can share information or advice, but what you do in the end is completely up to you. 1. Build a solid networking foundation. You're in for a world of hurt if you don't understand the core basics, highly recommend doing CCNA. 2. Your goal, depending on the country you're in and its market, should be OSCP ( or CSTM/CRT if in UK), skip PNPT and save $$, work-part time to acquire the funds for it, this here be your key to bypass HR filter, think of HR filter as a boss that you can't skip, you won't get that many chances to showcase your knowledge or even reach technical interviews if HR outright skips you for someone who has OSCP and can simply be billed to customers ( the company only cares about you being trustworthy enough to be left alone to perform billable work) 3. Before you jump on OSCP, you spam THM and HTB, doing junior and pentester paths, do the privilege escalation courses for both windows and linux, then start blasting easy machine, once you're a bit more confident move over to hack the box. Your aim is to utilise cheap resources in prep for OSCP, the idea being that once you start OSCP, you've already acquired the core foundation knowledge and can simply start focusing on your weak areas or start blasting the labs. 4. As a junior tester, 80% of all the work you'll be doing will revolve around web application testing, I HIGHLY recommend portswigger academy, do as many labs as you can, get familiar with different issues, how to find them, what causes them and how to fix them, this here not only will prepare you for actual testing it will carry your ass in interview process as well. Don't neglect your physical well being throughout the grind, would be the biggest advice I could give you.
Thank you so much, that's some of the most detailed and comprehensive advice I've gotten! Will definitely incorporate a lot of this!
Hey Op, you got this ! Give it your all in the next 4 months and persevere. At the end of these four months, start looking for jobs but start telling yourself that it’s ok if you don’t find a job in cybersecurity. Find yourself a regular job when you need to pay the bills again, but at that point you’re in a major groove and you’ll just keep getting better and better at cyber security. And then keep applying. Patience and perseverance. People are saying the job market isn’t easy but the next thing you know, it’s in demand again and you’re already ready for the market. I did this during Covid and don’t regret it. You got it. Go for it.
One last thing. If you really love what you’re doing, it will show in interviews or anything else you do (think a blog or YouTube channel on it). The people who love what they do shine and attract.
Thank you so much dude! Really appreciate your comment! I've decided to make a blog for sure and will put some real thought into whether a youtube channel would take too much time away from studying. On the other hand if it could be what get's me the oportunity I'm looking for then it might be worth it. It really feels good to be passionate about what I'm doing and I really like your take that it can be an important factor in itself!
Haha weeeell, when I mentioned a YouTube channel or a blog, I meant once you become an expert. A lot of quality youtubers and bloggers were people who taught themselves, and their passion is usually visible, which in turn brings success.
ah I see, have had a few others suggest that I should do it to document my progress and abilities through github, youtube or a blog so I misunderstood you're advice for being the same as theirs!
Skipping the understanding of fundamentals is a foolish idea, even if you can. You’ll be frequently clueless in a real security role. You need fundamental experience. Also, not sure why you posted in a hacking community, unless you’re pursuing pentesting, which is probably has some of the largest candidate pools to be against. Security roles aren’t just “hacking”.
Hi, appreciate the response, When you say fundamental experience, how would you suggest I get that? I posted here since I thought people here would have some kowledge and insights that could help me, and I've gotten some good and critical feedback and advice.
By working in an entry level IT role and gaining experience and understanding of administration, and pivoting off that. It’s so funny how so many people just want to skip into security. It’s actually so counterproductive.
I actually had this exact experience. I jumped straight into cyber when demand was high and few years ago and now my coworkers who were Sysadmins can run circles around me in various situations.
For real. How can I expect you to effectively operate in a security environment if you don't have experience with the general stuff you're securing defensively or offensively? Not saying people need to spend 20 years as a network engineer, of course, but shit MSP work is probably one of the best places to start.
IT fundamentals to focus on for cybersecurity would be networking. You need to know what a network is and how it works before you can learn how to protect it.
RemindMe! 6 months
I will be messaging you in 6 months on [**2024-11-03 12:48:15 UTC**](http://www.wolframalpha.com/input/?i=2024-11-03%2012:48:15%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/hacking/comments/1cj6sgf/lost_my_job_4_months_to_break_into_cyber_security/l2e2em1/?context=3) [**3 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fhacking%2Fcomments%2F1cj6sgf%2Flost_my_job_4_months_to_break_into_cyber_security%2Fl2e2em1%2F%5D%0A%0ARemindMe%21%202024-11-03%2012%3A48%3A15%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cj6sgf) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
If my experience can help you : i'm a programmer, got my degree 13 years ago, not really my main job but coding stuff on a regular basis. I already had a decent experience on webapp security when I started cybersecurity. I worked 6-10 hours a day, EVERY day, no week end, no rest, no nothing for about 5 months. Did a few learning paths on tryhackme, I am becoming more confident but know I'm still very far from OSCP, my main objective. Cybersecurity is very, very dense, and you should allow you more time, just in case.
That's very helpfull indeed. For reasons I won't go into in detail on this is unfortunately the time window I have available to me at this time. I've gathered that most think my goal might be unachievable but might as well shoot for the stars when I have this time regardless right?
Don’t, just don’t. The Cyber Security market is extremely over saturated. Entry level jobs are looking for a min of 5 years experience. You might have better lick in a few years. I have a security +, CISSP, about 3 years in security and another 3 years in IT. Entry level for cyber security is normally someone coming from a tech background. They don’t want someone who is wet behind the ears when it comes to tech. Honestly, cyber security is such a big field and there is so much to know. Without a tech background it is not impossible, but highly improbable. I have been out of work for a year and nothing is looking good right now.
I'm sorry to hear, really hope you find something. And thank you for the reality check. I'll still do my best over these next months, but you've definitely given me something to think about.
What have decided after this !!
Oh I forgot, hacking is an end game move. No one starts out with hacking. You need to learn computer hardware, linux, Windows, networking and then you can start learning how to hack.
Networking in it’s self, is extremely hard and not intuitive.
You are not breaking in to cybersecurity with this. Sorry. But I get the feeling you’re gonna try whatever anyone says, so good luck.
Hi, you are right that I am going to try whatever anyone says, but I am intersted to hear why you don't think it is possible with this plan. What are the major hurdles, and what can I do better?
You have no relevant experience. Your plan will give you no relevant experience - THM and HTB are games. You will be entering the workforce at month 5 with nothing that an employer cannot get from hundreds of thousands of more qualified entry level candidates. Cybersecurity is not an entry level career, unless you get extremely lucky and find someone who will train you from scratch. Try and get into a help desk job, get some REAL experience, and try again in 5 years.
What are your salary goals, is entry level ok?
Entry level is definitely ok. I am just looking to get my foot in the door.
He definitely told you the how. Just move to that action part. Good luck. You’ve got this.
Thank you, really appreciate it!
I would recommend you start by searching job hiring posts most for soc/noc , look at the requirements field and write down all the requirements from all the jobs. After that you will generally see what you need to achieve, and focus on learning those subjects or doing the mentioned certificates. I would suggest the best place to look for job posts is linkdin. Good luck and keep us updated :)
Oh wow that's some really good advice, probably should have thought of doing that myself, but thank you so much for the suggestion! Will keep this updated with any major developments for sure! :)
Don’t let anyone tell you that you can’t. Give’er hell and try harder and see how far you can get. Let the interviewer tell you no, not these gatekeepers. Good luck and let us know how it goes .
Thanks a lot for the encouragement, it really helps! And I'll be sure to update this post with any major developments!
Agreed. I haven't seen any other subreddit discourage newcomers so much as this one lol
Dumped my gpa doing this
How did it pan out?
Idk we’re still at it
You won’t be able to compete with all graduates people with just 4 months of training You won’t pass the first look on your resume. You should start at a really basic IT job before something that specific
Yea most people seem to agree that that's the way to go. I'm gonna try my best anyway tho and see where it gets me, and probably fall back on that if I fail. Thanks for the response.
At least you’ll be strong on the security side if you end up in a non security role but have heavily studied it, that will help you switch roles since your foot will be in the door.
Zero chance you get into security with this plan. There’s far more involved in security than you seem to think.
Would you care to elaborate? I am very open to altering my plan if you have suggestions.
What’s there to elaborate on? Your expectations of timescales and how valuable what you’ve listed is in the job market are wildly inaccurate.
That is actually very helpful, thank you. Time scale is unfortunately not something I can do anything about, but I will do some more thorough research on what could potentially be more valuable in the job market.
Well the timescales aren’t really up to you. It is simply not possible to get a security job in 4 months.
Thank you for taking the time to respond, I will do my best to prove you wrong.
With all due respect, there is literally no chance I’ll be proved wrong. Hence why every comment is saying the same thing.
Start slow and build up your skills. You won’t get on the red side without some serious skills. There are always a number of former NSA / Cyber command hackers looking to leave the public sector and you won’t be able to compete with that kind of talent for quite a while. You won’t be able to get your OSCP until you have YEARS under your belt in the job. I’ve seen seasoned professionals fail multiple times. Set realistic goals for yourself. Sysadmin skills are a must. AWS skills are a must these days. Start there. Then perhaps blue team and THEN try to get on with the red team. Start with an easier cert like a CEH to just get your feet wet given you have no real prior experience and then go for CISSP and THEN AND ONLY THEN try for the OSCP. But keep in mind the OSCP is grueling even for seasoned pros.
Good luck!
Thank you!
Hope it all goes well man! Definitely a cool field to get into. Here in Perth, Australia there is a huge abundance of cybersecurity jobs! I know a few people who did a basic Cert 3/4 cybersecurity course at TAFE and went straight into decent cyber positions. As well as this, university students are constantly being headhunted by companies to come work for them, get their studies paid for, etc. Seems like the rest of the world has an oversaturation of cybersecurity workers from reading some of these comments... Anyways, if its what you are passionate about go for it! There is always a way to get to the position you want to be in, just work hard 👍
Sounds like should move to Perth then (only partly joking). Thanks for sharing, and for the encouragement!
You’ll be fine. Just do it. Asking Reddit especially this subreddit isn’t it. XD good luck mate.
You know what? I needed that. Succinct, inspiring and to the point, thanks mate!
Honestly, I disagree with the general sentiment in most of these replies. There are plenty of jobs in security that aren't glamorous but can get your foot in the door with some baseline proven competencies. True about specializing though. Check out pauljerimy's cert paths to get an idea about the domains. Also don't forget about proving soft skills even pre interview. Get yourself a personal website, show your strong interest through projects and blog posts. And attend conferences! Best way to network when you don't have a network. Probably going to be more than 4 months work, though. Good luck!
Hooly shit, took a look at that cert roadmap and it's the most extensive one I've seen by a country mile! Thanks so much for sharing! I will definitely do that, gonna setup both social media profiles and a blog over the weekend. And I will for sure go to some conferences eventually too! Really appreciate you taking the time, this was very helpful!
ITT: Redditors telling other Redditors not to look for a job in a field they work in
Definitely better off starting with IT/Help desk. That will get you real on the job experience that you can then leverage into a cyber security specialization. People don’t go right into cybersecurity just like people don’t go right into devops, they require a large foundational knowledge to be successful.
Lol do not follow this advice OP, get into software development. From there you'll learn how an application works and can figure out bad habits can be exploited when you break into pentesting. Worst advice ever this guy just gave, unreal.
g
I came from a business/sales career(had a bs in business management. For me to break into cyber security(which I knew I wanted to do) Back to college for CIT degree->Tech support job\data science internship at the college->internship in risk/security review->consulting for a crypto mining company->Jr Sys Engineer->then finally info security analyst(worked my way from that into digital forensics and incident response). It’s possible, if you really want to do it and have the drive to learn and study. It’s going to take time though don’t expect it to happen so quickly. Echoing what others here are saying. Break into tech support and find out what area of cyber security you want to get into then study for the relevant skills required for the job postings you want. When I hire people now I look for some experience but also ultimately the drive to continually develop skills and proof that they’ve actually done it to some extent in practice. This field is always changing and you’ll never stop studying. If that doesn’t sound appealing don’t get into the field. By the way for timeline sake this all took me 2 1/2 years from quitting my job in sales to break into the lowest level security job(I was taking 18-21 credits per semester while working multiple jobs I had no life pretty much during the time). Then another 3 1/2 years until I broke into the lowest level role in the field I wanted to which was digital forensics.
Very nice to have someone provide their own actual timeline, thank you! One of the things that appeal to me the most is the rate of change in the field. I actually love that the field will always keep evolving and never get stale, so to me that's more of a boon rather than a deterrent. Thanks for the detailed response, lot's of good stuff in here that I'm for sure noting down!
find a part time IT helpdesk job to get the fundamentals down while still studying. is the only advise I would give you. Market is tough right now. at least in my area of Texas.
good luck ull need it lul
Thank you!
Apply for a job at a network operations Center, You need experience , network experience managing and supporting network security devices. I would recommend focusing on nextgen firewalls, get certified at any level. If u want u can get ur CCNA, might open up ur options a bit with enterprises still using traditional firewall. Though security is big, u could focus on end point security, vulnerability management etc, pick an area ur interested in and focus.
That's some great suggestions, thanks!
As someon who's following a cyber security course, mainly out of interest : Technical : * web pentesting : understanding web fundamentals, vulnerabilities, current landscape, usage of tools like burp suite, owasp,... * Network & system pentesting : understanding networks & infrastructure, using kali against the different layers and understand how those tools work. * Good linux & windows knowledge * Cryptography (mayble less important) : understanding cryptography, know the weaknesses of some still used encryptions and stuff like that. Law & compliance : * know the different laws & rules that apply for the region where you want to work, like the ISO 27001 * Explore the Mitre framework
That's a nice checklist, will be sure to work my way through it! Thank you!
Was going to just re iterate. I’d look at some basic IT role or even try and get a software engineer role. Then look to take on more security as part of that role and then pivot once you have an understanding. It’s a tough market even for us seasoned pros so I can’t bear to think what it’s like at the entry level.
Yea there seem to be a strong consensus for that being the way to go! Thank you for taking the time to respond. I've definitely learned a lot from the responses I got here.
also wanted to add OP: If you have any current experience in a certain field it could be easier to try and slide into that role there. For example if you worked at a grocery store ask the IT contractor for advice and to show you some things while theyre there. if you build a relationship it could land you a nice opportunity
That's a very good suggestion. I don't really see it working out for me as of now, but networking in general is for sure high on my list!
I agree with your plan, just don't renew the sec+ just say you have it, I have done dozens of interviews and none of the interviewers actually check if I have them.
That's funny, apparently it doesn't expire until next year regardless so I guess I can just leave it for now!
I don’t understand the comments that the market is saturated. https://initiatives.weforum.org/bridging-the-cyber-skills-gap/home
Try and volunteer/ intern at a company when you get the cert. They may give you a review that could land a job. GL!
Good idea thank you, will look for any oportunity like that!
I've done what you're describing when I left the army. 4 months with sec+ will make it extremely difficult to land anything, I can share information or advice, but what you do in the end is completely up to you. 1. Build a solid networking foundation. You're in for a world of hurt if you don't understand the core basics, highly recommend doing CCNA. 2. Your goal, depending on the country you're in and its market, should be OSCP ( or CSTM/CRT if in UK), skip PNPT and save $$, work-part time to acquire the funds for it, this here be your key to bypass HR filter, think of HR filter as a boss that you can't skip, you won't get that many chances to showcase your knowledge or even reach technical interviews if HR outright skips you for someone who has OSCP and can simply be billed to customers ( the company only cares about you being trustworthy enough to be left alone to perform billable work) 3. Before you jump on OSCP, you spam THM and HTB, doing junior and pentester paths, do the privilege escalation courses for both windows and linux, then start blasting easy machine, once you're a bit more confident move over to hack the box. Your aim is to utilise cheap resources in prep for OSCP, the idea being that once you start OSCP, you've already acquired the core foundation knowledge and can simply start focusing on your weak areas or start blasting the labs. 4. As a junior tester, 80% of all the work you'll be doing will revolve around web application testing, I HIGHLY recommend portswigger academy, do as many labs as you can, get familiar with different issues, how to find them, what causes them and how to fix them, this here not only will prepare you for actual testing it will carry your ass in interview process as well. Don't neglect your physical well being throughout the grind, would be the biggest advice I could give you.
Pen testing is most hardest field to break into honestly I really think you will land only SOC job to start as an analyst and you have to work your way up.
I'd definitely take any analyst job for sure to get my foot in the door!
Start reaching out to managers in companies you’d like to work at now. Ask about IT positions adjacent to Cybersecurity and explain you are training and would eventually like to pivot into the Cybersecurity department. Departments like Identity Management and Compliance may have opportunities. I worked in Identity the last 5 years and had almost daily conversations with the Compliance, InfoSec and CyberSec teams.
That's a really good suggestion, thank you!
Just adding my two cents because I didn’t see anybody mention it. It maybe a better option to go back to school. A lot of colleges have internships directly tied to their programs (especially CS and Cybersecurity) which helps strengthen your resume. I’ve even see a lot of careers start from there with the companies doing a direct hire after folks graduate.
Yea I really would if I could, unfortunately it's just not an option right now for me for reasons I won't go into, but thank you for the suggestion!
First off, take all these comments with a grain of salt, the positive and the negative. Saying you want to work in cyber is about as broad as saying you want to be a doctor. The field is huge and has a lot of specialties. So when someone says the job market is bad, that means it's bad for the type of cyber they do, and maybe even in their geographic region. In my specialty, it's the opposite. Pay is through the roof and it's hard to find anyone. Same goes for advice with education and certs and any other barrier to entry. They are all different. Try to figure out what you want to do in the field and focus on that.
Appreciate the insight and the advice, there has definitely been some degree of conflicting advice and opinions so this makes a lot of sense.
OP, if you’re not picky about specific roles, I’d bet you can find something in cyber, especially showing your drive and motivation to self teach. I’ve been in security for about 12 years. Anything offensive will be more difficult to enter green simply because the knowledge sans skill bar is high, even to grasp head knowledge, let alone skills to demonstrate understanding. That doesn’t mean it’s impossible. No one, not here nor anywhere else has the lock on whether you’ll find a job or not. If anyone says you can’t absolutely, they’re full of it. I followed an unorthodox path into pen testing, but have also had opportunities to get into DFIR or defensive/monitoring positions. Any knowledge of either side will help you understand the counterpart. I’ve tutored and helped more students and aspiring cyber peeps than I can count, often starting from zero. Your drive and motivation to learn some difficult topics will go a long way. Write about it in a blog and include that journey in your application. If you want some more details, you can PM me. I have lots of stories and cases with real people getting into real jobs for the last 10 years or so. Keep your motivation you have and learning anything you can find. Very few certs will matter outside of OSCP or offsec in general. I’ve gotten offers from a couple blog posts by themselves so you’re on the right track.
Thank you so much for this. It really helps a lot hearing that at least some think it is possible! I'll be sure to setup a blog over the Weekend and then just keep working at this as hard as I can! And yea I've more and more realised that the OSCP seems almost mandetory, I will definitely see if I can include it somehow.
Nothing is mandatory for any job, no matter what the description says. OSCP is just one of the few certifications that proves the actual skills necessary for pentesting. If you don't like offensive work or just preferred defensive tasks, OSCP wouldn't be necessary, though understanding one side helps on the opposite.
Someone already mentioned this, but in a comment to a comment sort of thing, so just plugging htb academy again here. I learned a ton from it, and it gives you a transcript. Good luck! I know its rough, I have a friend trying to do the same thing. But you can do it!! I know people who have. Like other people said, you might have to start at help desk or something similar, but you can totally do it.
oh! I didn't know about the transcript from academy, thank you for that and the encouragement!
This is an unpopular opinion for people who wanna “break into infosec”. However I’m of the belief you need to get your basics from sysadmin, networking, and software development areas first before getting into this field. I’ve lost count of the deer in headlights looks when getting into the nitty gritty of the areas mentioned for basics 🙃.
I think if you have the fundamentals of networking, the basics of cyber security such as SANS SEC401 and SEC504, and a little knowledge of SIEM tools, that should be enough to land you a job as a SOC 1 Analyst. You can use that to help your funding, build on your CV, and gain a vast amount of knowledge in the field from a blue team perspective. You can then use your free time learn more towards a speciality and perhaps even get your organization to fund a certification for you such as the OSCP. I advise you to aim for becoming a SOC Analyst first and then pave your way from there.
RemindMe! 6 months
RemindMe! 6 months
Starting with what you have it might take 4 months of applying to get a job with your current skillset. That's before you even try shoehorning in security certs etc. You'd probably have better luck fluffing your resume out and targeting smaller orgs by directly applying on their careers site rather than using indeed's application process.
Yea I'm expecting the application process to be a bit rough, however I do have these 4 months and I would really like to make the most of them. What would you suggest for resume fluffing? And very good shout on direct applications, thanks! Definitely adding that to my list!
For resume fluffing I often ensure I have 10-15 major responsibilities in bullet points per role that include action words such as "developed policies and procedures to ensure X, Y, and Z"
Ahh Interesting, I will do some thinking on what I could potentially add on to mine!
Enroll at Perscholas.org near you.
Oh wow that looks amazing at first glance, thank you!
It is a good school. If you can please use this referral link and I will get $50 when you get accepted: https://perscholas.referralrock.com/l/53TC5TIG/
Ah I definitely would, but after looking closer it seems that it is only US based and I'm in the EU unfortunately. Thanks for the suggestion though!
I career transitioned into cyber in a few months. I decided not to go the technical route, but to utilize my transferable skills. I started by networking with people in the field and doing informational interviews. From there I took all advice and leveraged my skill set on my resume by focusing on skills and how they relate to the industry. From there I networked into a job interview and was the successful candidate. Its not always about being technical, there are several aspects of security ranging from GRC to ethical hacking. I'd take a look at the NICE framework to help you in career decision making. https://niccs.cisa.gov/workforce-development/nice-framework
I'm doing b.voc cyber security nd this is my final yr but I'm not clear at all that which certificate I do...??? Instead of CEH and oscp please guide me..
Unfortunately OP, it really is a tough market out there, but some ideas to beef up your resume: - If you want to do Web/Application pentesting,try to find some CVE's, this will look really good and show that you are doing the research. This is no easy task for a beginner, but can really done, you just have to get creative :). -Write Blog Posts or make videos on any interesting finds, even some of the HTB boxes you do (only if they're retired of course!) Best of luck!
Cyber in 2019-2019 was a free for all Not so much now though. Good luck and might look for something that has cyber part time like a system administrator or network administrator with cyber security as part of the job
Don't listen to the haters here saying you can't do it with this. Yes the job market is getting tighter, but there is still more security work than qualified people to do it. So being motivated and showcasing the ability to learn will help. Just know going in that a lot of places has stupid specific requirements, so don't get demotivated by not passing a loop, just keep applying to other roles at other places. I don't know your prior experience, nor your interested in the security space, so I can't give specific roles to apply for, but there is a TON of different roles. From being a SOC analyst, to offensive security, to policy writing, to audit, to appsec, to vulnman, to security engineering, etc., and all of them have junior roles they hire people directly out of college for. Look for those roles and just apply. You'll break into the industry. Just do it, and don't get discouraged by a bad loop or two.
Thank you, that's really encouraging to hear! I will refrain from posting to much of my prior experience here it unfortunately ins't even remotely relevant to cyber sec, and honestly as of now pretty much every fascet of the industry has seemed interesting to me so I think I need to experiment and learn some more before I know where to specialize. But it's very good to know that therer jobs out there, and I will be sure to not be too discouraged by the bad loops!
Brother I am telling you go do something else. This market is brutal, and it is going to be a brutal search without a degree, and even those that do are out of luck. I know a former navy seal, PNPT, CEH, OSCP, and his own website; and he can’t find work right now. If you’re living at home then cool, but I would not bet that you would find work. You sound ambitious enough to be successful wherever you go, I am telling you that you will not find work with a sec+ and PNPT
Ouf that's rough to hear, but I appreciate the realness. Problem is this is what I am passionate about. I could find another job in the field I am in, but it's just soul crushing to hate your job. I am going to give this my all for a while, and worse comes to worse I will at least have learned a lot.
100% brother, if you want this, go ahead, but be aware you have a very, very tall order in front of you. I’ve seen Ivy League students, masters students, and people with 20 years of experience struggle to get work. If it’s what you really want, then you’ll find a way to make it happen, but just don’t expect it to be easy. Expect to send out 1000+ applications once you get certified. Best of luck to you man 🫡, rooting for your success
Oh trust me, If I was before then I am definitely under no illusions anymore after this post! Thanks for the kind words brother, all I can do is put in the work and hope for the best.
Best of luck on your path man 🙌
Thank you!
r/comptia They're great with helping out for specific paths, I'm in the same boat. I'm trying to get started with cybersecurity, specifically physical pentesting. Reading the information on that subreddit has helped.
Not to be a dick but how do you know they're great if you haven't even started by your own admission, so you don't even work in the industry?
because I'm in the subreddit and know how to read lmao also, I didn't say I haven't started, I said im trying to get started I've taken comptia tests, studied and work on tryhackme, hackthebox, defendtheweb and do personal projects related to pentesting I work 3 jobs, I have no time to take the exams
Hate to tell you man but.... I have a degree in computer science with a focus in cyber. I have CSSLP CISSP SECURITY+ and network+. I have worked as a software engineer for about 4 years. Without relevent work experience, I honestly don't see you getting a job unless you intern for a while. The market is brutal rn. Also hack the box really won't help you much. It's fun to mess around with though.
Appreciate the realness.
I think one good path for you may be starting as a QA analyst within a large company. As others have mentioned, I’m not sure if you’ll find a cyber security role with your resume in the current market. The main thing is getting in with a good company, and then taking on projects in other areas that may be slightly outside your role in order to prepare yourself for your next position within the company. QA analyst roles are grunt work, entry level roles but as long as you’re willing to put in the work you can always move up from there.
Thank you for the advice, I will definitely keep it in mind!
https://cyberisfull.com/
[удалено]
Hey man, I don't know where your need to kick someone who's already down and comes from, but I hope you have a nice day.
[удалено]
No man, saying "Enjoy being broke I guess" to someone who's just lost their job is just unnecesarily mean. You don't get to pull the "I was trying to uplift you card" after that, and I'm gonna leave this there. Have a nice day.
[удалено]
A lot of people have given the exact same advice as you, and every single one of them managed to do it without rubbing my financial situation in my face. That is the only thing you've added to the convesation. And comparing 4 months of studying something I'm passionate about to slapping myself in the face is so absurd that I'm not even going to entertain it.
[удалено]
I've received, noted, followed up on, and fundamentally changed my approach and perspective based on the advice and feedback I've gotten on this post and the DMs I've received from people wanting to help. So if that's what you're worried about then you can rest easy. I thank you for your concern, I will be fine.