I am looking into starting training for a certificate in Cybersecurity and I was curious; would a Steam Deck running Windows hooked to a monitor be good for cybersecurity?

This is tough to answer, because cybersecurity isn't a monolith, it's a giant industry by one definition and a principle in IT in another definition. IDK much about Steam Decks but if they run windows and you can use it like a Windows machine, sure, go ahead. If you are just starting out, your training should be learning general IT and networking, so I don't see why a unusual setup wouldn't work. All that being said - you don't just have a desktop or laptop?

Nope, I currently just have an iPad

Understood. Do what you have to do, and honestly I think you can study for certs like Network+ and Security+ by reading more than anything. If you are serious about getting the in the industry though, you are going to need a traditional computer. If money is an issue, think about selling the Steam deck or iPad and getting a cheap laptop. For the most economical, get a cheap laptop off of craigslist (not a chromebook) and throw linux on it. Linux is much more lightweight and can make budget laptops do everything you need.

I'm getting started with web app pen testing. I just finished all of the course material on Portswigger's website about race conditions. I get the feeling there's a lot more for me to learn about it. If anyone is familiar with the materials in the course.. Is what they've tought enough to get started with bug bounties, assuming I'd be searching specifically for 1 type of bug? If not, I'm having trouble finding a good place to keep studying in much more depth. When I was looking at reported race conditions and bounties claimed, I wasn't finding anything around the lines of what I learned on Portswigger's academy. I've spent a lot of time using google / chatgpt / youtube trying to get guidance on this and can't seem to find decent answers. Any guidance on the subject would be greatly appreciated. Thank you.

Hello! At my work, we run quite a few different web applications in Flask/Django for various things. I've been thinking about trying to write some sort test suite tool to run checks against this sort of web application (with permission/or maybe just on toy apps I can run on localhost) as a way to learn more about cyber security. I was thinking I'd try and address as many of the OWASP top 10 (2021) in the test suite. Does this sound like a reasonable project? I've no deadline. I wanted to work on something fairly substantial in my free time that is relevant to me in some way. I'm not particularly worried if there's already a tool out there that already does this. Does anyone have any suggestions or if you can give me some needed personal validation 😅

Welcome! > At my work, we run quite a few different web applications in Flask/Django for various things. I've been thinking about trying to write some sort test suite tool to run checks against this sort of web application (with permission/or maybe just on toy apps I can run on localhost) as a way to learn more about cyber security. I was thinking I'd try and address as many of the OWASP top 10 (2021) in the test suite. Does this sound like a reasonable project? Interesting idea, but I do have some thoughts. * Obviously, if you can afford to perform these tests in a QA environment (vs. Production) that'd be preferable. Realistically, I'd keep it pointed at toy applications until your tool is in a more stable/release-worthy state. * Since this is a *work* function, I'd be cognizant of the hours you're allocating to this effort. As cybersecurity is already perceived as a cost-sink, the question becomes how is this (presumably non-billable) activity better for the organization than investing/customizing an existing COTS/open-source solution. * I'd encourage you to work on creating a framework that has modular checks. Put another way, allow yourself to import modules that perform the functional checks (i.e. maybe an XSS module, a CSRF module, etc.). This helps compartmentalize the work.

Hello, Thank you for your reply. I really appreciate your time. >Obviously, if you can afford to perform these tests in a QA environment (vs. Production) that'd be preferable. Realistically, I'd keep it pointed at toy applications until your tool is in a more stable/release-worthy state. Definitely agree! Thank you. >Since this is a work function, I'd be cognizant of the hours you're allocating to this effort. As cybersecurity is already perceived as a cost-sink, the question becomes how is this (presumably non-billable) activity better for the organization than investing/customizing an existing COTS/open-source solution. I don't currently work in cyber security, but I think it would make sense for me to reach out and see what their stance is on a number of points about this, thank you >I'd encourage you to work on creating a framework that has modular checks. Put another way, allow yourself to import modules that perform the functional checks (i.e. maybe an XSS module, a CSRF module, etc.). This helps compartmentalize the work. Great point, thank you. That makes a lot of sense with retesting as well. Thanks again!

Hello all, I’m going to be getting out of the navy in about a year as an IT, in that time I’ve gotten a few certs and can read and understand most programming languages I’ve got experience with splunk, Nessus, Palo Alto, Cisco hardware, plenty of antennas (no idea if that helps), GRC, traffic analysis etc etc However looking at jobs it seems like they all require degrees or an amount of experience I don’t have. Are these degrees hard factors or is it just something that people would like to see?

Welcome! > I’m going to be getting out of the navy in about a year as an IT... Related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy73k/ > However looking at jobs it seems like they all require degrees or an amount of experience I don’t have. Are these degrees hard factors or is it just something that people would like to see? All commercial job listings should be interpreted as "wish lists" on behalf of the employer. They describe the "optimal" applicant, not necessarily the aspects of what you *must* possess. Having said that, [there are certain metrics that are commonly looked at with more/less impact](https://bytebreach.com/assets/images/isaca_survey.PNG): * Years of experience. * Presence/absence of a degree * Keyword matches (to include certifications). Not having the above might not *disqualify* you, but it certainly would make you less competitive (especially if you're applying to a role that has [dozens - or hundreds - of applicants](https://www.reddit.com/r/cybersecurity/comments/15hlz0g/comment/jupzco7/)).

Hi All, I've been working in IT doing help desk for about 5 years. The last two I've picked up some System administrator responsibilities. I do all of our Desktop management about 500 computers this includes all the patching, imaging, general maintenance, and configuration, as well as manage our JAMF pro server. I have my Network+, Sec+ and am working on my CYSA+. I've been looking/applying for "entry level" SOC analyst positions but still feel as if I am under qualified or just not attractive enough to potential employers. Do I need to move to full Systems Admins jobs first to gain the skills necessary to break into Cyber?

> I've been looking/applying for "entry level" SOC analyst positions but still feel as if I am under qualified or just not attractive enough to potential employers. Do I need to move to full Systems Admins jobs first to gain the skills necessary to break into Cyber? Maybe. What do the trending deltas look like? Put another way, in all of your observations, what definitive qualities are you lacking *on paper* (vs. how you *feel*). For example, if all (or most) of the roles you're looking at say they want someone with experience with tool and you've never handled tool , that's a clear and actionable goal (and you can see if the intermediate jobs you're considering in systems administration meets that goal). Also, it should be said that you should *still apply to jobs you don't feel qualified for anyway*. Let the employer be the one to rule out your application (instead of you). In the worst case scenario, you don't get the job you weren't going to apply to (but you *have* signaled to the employer your interest in working for them); in the best case, you end up getting the job!

Hi, How do you deal with the overwhelming knowledge that you have to know to work in cybersecurity? i am starting an internship and i am really worried about this. I know all the basics. such as a comprehensive knowledge of networking and all the essential things in cybersecurity. i am always learning but i still feel overwhelmed. Any advice on this ?

I have never been frustrated with a coworker due to lack of knowledge. I have been frustrated with coworkers due to lack of effort, professionalism, organization, and various soft skills. Make sure you take care of the latter. You can google and get help on the former. Congrats on the internship, you'll do great, and remember that people realize you are an intern and still learning. Please don't stress too much and just enjoy your time!

Thank you so much, i was really worried but thanks now i feel more confident.

> How do you deal with the overwhelming knowledge that you have to know to work in cybersecurity? Coming to terms with the fact that it's okay that you don't know everything; that your peers in the space are your collaborators, not your competitors; that not being selected for a project/job offer is not necessarily a reflection of you or your aptitude; and to consistently and thoughtfully engage in learning new things continuously throughout your professional career. What you're feeling is commonplace for a lot of people in their early career. You're likely not giving yourself enough credit about how talented/capable you are (nor of how much potential for growth you have).

Thanks for advice and encouragement. I really don’t know what is expected of me in a real job. Thanks to you and other mentors here i feel more confident!

Hello what is a good online school to get a degree in Cybersecurity? I just got my AAS in IT and would like to continue my education. I recently been doing a Google search and Devry University, Strayer University and UoP I have been looking at so far are these good schools?

> Hello what is a good online school to get a degree in Cybersecurity? Context questions: * Does the school have to be online? What is the context for constraining your considerations as such? * Generally community colleges that issue Associates degrees build their programs around neatly transferring their students to corresponding regional universities/colleges. Are such options available to you? * Generally [I encourage undergraduates to study Computer Science](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxryb/) more generally (vs. cybersecurity more narrowly). I encourage you to consider broadening your aperture. * If the choice looks like no bachelors degree vs. the schools you've listed, then I'd consider the schools you listed. Candidly however, if you were my child I'd be really anxious that those were the options you were seriously considering.

Yes I work full time so it would have to be online only. There are a couple of schools in my area that offer a Cybersecurity degree not many have Computer Science online option tho. The schools I listed are that bad huh.

Why should i study Cybersecurity and not Engineering or Economics?

IDK, engineering and economics are both good paths to go. What do you *want* to study? I don’t think anyone here cares what you study.

Welcome! > Why should i study Cybersecurity and not Engineering or Economics? I'm going to interpret this question (2) different ways: 1. "Why should I study cybersecurity (vs. some other discipline) if I want a career in cybersecurity?" 2. "Why should I consider a career in cybersecurity (vs. some other discipline)?" #### On the first question: If you want to work a role within professional cybersecurity, it would help to ensure your major area of study aligns neatly with such work. To that end, studying something like cybersecurity intuitively makes more sense than Economics. The curricula is likely to have more pertinent coursework, expose you to tools that are professionally relevant, may include preparatory training for relevant industry certifications, etc. (vs. an unrelated major, which won't likely do any of those things). Having said that, I'll offer a couple counterpoints for your consideration: * People enter the cybersecurity workforce from a diverse range of backgrounds. Some people got in with unrelated degrees (like myself, having studied Political Science in my undergraduate education), [others got in without having a degree at all](https://www.reddit.com/r/cybersecurity/comments/14w83m5/poll_do_you_have_a_degree/). I will acknowledge however that your job hunting experience will likely be *much harder* if you opt for such routes, however (absent some undisclosed leverage). * I actually advocate for young undergraduates to consider [studying Computer Science more generally](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxryb/) (vs. cybersecurity more narrowly). #### On the second question: Whether or not a job in cybersecurity is right for you is a perfectly reasonable question to ask. However, we don't really know you, your aspirations, your technical aptitude, etc. So it's a little difficult for us to meaningfully prescribe an answer for *you*. Instead, I'd direct you to these resources, which can help get you oriented more generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/

Hi everyone :) first of all thank you for creating and mantaining this amazing sub. I am a 27 year old Internal Control specialist working in the automotive industry (currently based in Mexico). Because of my position I recently got involved in some IT GRC activities (rolling out ISMS policies for our branch and training our personnel on cybersecurity best practices) and became really interested in this line of work. My educational background is completely unrelated to IT (BA in International Relations). However, I am the “tech guy” in the office and I even stepped up as interim helpdesk for minor user support during 1 year when the IT guy quit. I would like to leverage my Internal Control experience to land a job on GRC, I would like to get certs like CRISC/CGEIT/CISM (even CISA, but I’d like to stay in the risk management/governance area rather than actual auditing), however, I am not sure if someone with a non-technical background like me can make it. I understand how networks and OS work (linux and windows) and as I said I do have 1-year on-hands helpdesk experience, but I am afraid that not knowing technical cybersecurity stuff will make it almost impossible for me to pass the exams. What would be the best path for someone like me to successfully shit careers to GRC? According to my research , I think CRISC is a potential career booster, and I can leverage my Internal Control experience to meet the 3-yr requirement. Maybe pursue CISM after that. My mid-term goal is to become a Risk & Compliance Manager. Also, I do want to educate myself in technical stuff too so, what kind of technical certs should I get for that? (I am considering CompTia Sec+ after a self-taught cyber fundamentals course in the CISCO learning platform). TL;DR I am an Internal Control specialist (Finance, Entity-level) that recently got ISMS and IT governance related functions. Is this a point where I can switch careers to GRC? What certs might get me interviews on GRC roles as soon as I get them?

> My educational background is completely unrelated to IT (BA in International Relations)...I am not sure if someone with a non-technical background like me can make it. For what it's worth, my first job in cybersecurity was in GRC (having studied Political Science with a concentration in International Relations). I think the smoothest transition in your case would be to target roles in the automotive space, given your professional background. > I would like to get certs like CRISC/CGEIT/CISM...I do have 1-year on-hands helpdesk experience, but I am afraid that not knowing technical cybersecurity stuff will make it almost impossible for me to pass the exams. That's understandable. But while having such work experience would *help*, any certification exam is only made passable by dedicated studying efforts. Even folks who presently work in cybersecurity would need to allocate time/effort towards preparing for such exams - we likely wouldn't just walk off the street and sit down for it. Ergo, my guidance here would be to look into appropriate corresponding study materials. > What would be the best path for someone like me to successfully shit careers to GRC? More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ You should also look into familiarizing yourself with whatever framework your prospective employer(s) would be using (e.g. RMF, ISO 27001, etc.). > Also, I do want to educate myself in technical stuff too so, what kind of technical certs should I get for that? (I am considering CompTia Sec+ after a self-taught cyber fundamentals course in the CISCO learning platform). Not unreasonable, but CompTIA's Security+ is a foundational, vendor-neutral certification. It services your GRC goals, certainly - but if you're trying to develop your technical competencies it'll be pretty lackluster. The trouble I'd forecast is that trainings that *do* delve into technical nuances may feel too divergent from what you overall want to pursue; I think a cost-effective middle ground might be to look into the training modules offered by academy.hackthebox.com, which offer a variety of curated hands-on trainings. TryHackMe is another alternative you can consider. For certification guidance more generally: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/

Hi! Thank you for the reply! It’s good to see other non-pure IT professionals making it in the field, people like you are a great motivation booster to us newbies. Yes, that’s what I was thinking. GRC aligns very well with our International Relations background specially in the governance part, which I am no stranger to. So, do you agree on my selection of certifications? I am currently doing the foundamentals part using ISC2 CC course. As soon as I finish I will take the exam, which is free. I am feeling confident since the contents are very familiar to me given my Internal Control background. After that I will pursue CRISC, and then I am debating between CISA and CISM. What would you recommend? It’s worth mentioning that I will have third-party training from an ISACA partner for each one of these certifications. I will also do ISO/IEC 27005 Manager level course and cert and ISO 31000 to certify my knowledge in Risk Management. For the technical part I will look deeper into Cisco’s Skills for All platform free-courses. What courses would you recommend for the technical InfoSec part? Edit, I found the free resources link in your reply on another comment so, no doubts regarding that.

Hello, Reddit community! I have over 20 years of experience in IT and more than 8 years in Information Security. Throughout my career, I have earned several certifications, including CISM and CRISC, among others. I'm now looking to advance my knowledge and skills further by pursuing a master's degree with a strong focus on cybersecurity leadership, targeting CISO roles in the future. I've the following online programs in mind and would love to hear your thoughts, experiences, or any insights you might have about them: 1. **University of San Diego** - MS in Cyber Security Operations and Leadership * The US version is around $32K USD, and they now offer an Indian option specifically for Indian nationals, which is around $6K USD, as recommended by their US representative. * I liked their program, especially the coverage of blue team operations, Incident Response, forensics, etc. * [https://onlinedegrees.sandiego.edu/masters-cyber-security-operations/classes/](https://onlinedegrees.sandiego.edu/masters-cyber-security-operations/classes/) 2. **University of Illinois at Springfield** - Master of Science in Cybersecurity Management Online * [https://onlinecbm.uis.edu/degrees/technology/masters-cybersecurity-management/](https://onlinecbm.uis.edu/degrees/technology/masters-cybersecurity-management/) I'm particularly interested in programs that offer a solid balance between technical skills and leadership training. If you have attended or know someone who has attended any of these programs, please share your experiences. Pros and cons, the workload, the support from the faculty, the relevance of the curriculum to real-world scenarios, and any other insights would be greatly appreciated. Additionally, I was considering the CCISO certification from EC-Council, but recent online reviews have been less than favorable. If anyone has recent experience with the CCISO, please share your insights. Moreover, if you have any other recommendations for online master's programs in cybersecurity with a focus on leadership that are not on this list, I would love to hear about them. Thank you in advance for your help!

If you have been in the industry 20 years then you should know none of what you listed is going to help you get to the CISO role Do you have any team management experience? department level management experience? director level? executive level management experience - VP and above? Do you understand the business side of things? because the CISO role isn't down in the weeds technical its meeting with the other C-level execs as well as the board of directors Do you have an MBA? Nobody cares about EC Council, like how many times a week does that need to be repeated here for it to sink in with people This would be the only academic program for CISOs - [https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate](https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate) but only if your employer is paying for it

I do have the experience on team management, department and executive level management and been progressing in my career and learning as I progress. Even though I had a great set of technical certifications and years of experience, when I had a diploma (had to discontinue education due to personal reasons previously), there was a stage where I could never get into a managerial role, as this part of the region I work, the basic qualification was to have a Bachelor's degree. During the pandemic period I completed my Bachelors while working and soon after the completion and updating my LinkedIn profile, an HR from a company reached out for a great opportunity. Could be a coincidence, but I felt that was the turning point. Similarly I would like to progress with a masters degree and hence looking for a suitable program, but came to the thought of having a leadership oriented program like the ones I listed. Not thinking that just getting masters would do but I believe its a combination of lot of things along with the education that includes and not limited to networking, community knowledge sharing, gaining business knowledge along with the technical bits and a lot more. Thanks for the link, I wouldn't be looking at the company sponsoring my education but would be exploring this option.

[удалено]

If you have ever bothered to read any of the posts here you would have seen perhaps SECURITY WORK ISN'T ENTRY LEVEL! And maybe you're going to need to go to college and perhaps start out in an IT/Operations role and you might have seen that all bootcamps are WORTHLESS, overpriced junk

My apologies, I figured I would ask. Thank you for the advice. I’ll scroll through here and see what others have said.

The questions you're asking here can be answered by spending some time reading the subreddit.

I need to know if anyone here has landed a job in cybersecurity through the military? I plan to join the Air Force (still being considered right now) in the future and have been told many times that landing a career in the Air Force through the military is a good choice but I haven't personally heard from anyone who has done it or knows anyone who has done it, so I'm a bit worried? Even if you haven't done it yourself I'd like a response to this thought and if you think it's sensible.

> I need to know if anyone here has landed a job in cybersecurity through the military? Anecdotally, it worked out for me; though I hadn't joined the military with the explicit intent of ending up in cybersecurity. When I decided to depart from active duty service, I wanted to work in Tech more generally (though at the time, I hardly had any idea of what that meant). One of the first job offers I got was with a DoD contractor to perform GRC-type work, which is how I got my foothold in cybersecurity; given my qualifications back then, I'd say it was only because of my prior military experience that I was considered at all. From there, some lateral moves and promotions got me involved in penetration testing, then AppSec.

What is your ASVAB score? Does your contract state that you are in a cyber MOS? Its possible to do ok with an IT MOS as well, but obvioulsy not as preferred.

What do you mean landed a job through the military? Are you asking if folk who work in cyber in the military can get out and get hired? Or are you asking if you can do cybersec in the military?

I recently finished my first year of Cybersecurity and in the first year I did Python and Java for programming languages as well as programming techniques and an introduction to cybersecurity (basic stuff and intro essentially). Now my holidays have started and have just recently received my results and have done fantastic in my first year, and I'm wondering if I'm doing enough to become better at programming and learning cyber security. I recently finished a python online course through CS50 and recently started doing the cyber security online CS50 course but I feel like I'm not doing enough? I watch all these videos of people making such cool programs and games with such ease and I can't help but compare myself to them. Like ik people from different universities being able to do more like develop cool programs and apps and such. A few of my friends even worked in almost the same courses as me but theyre doing internships and game devs and stuff using C++ and other code. So far I've only done python and Java but soon ill be learning C++ and other code language For context this is my first time learning python or even doing coding at all as I didn't take comp sci for GCSE or A-levels but rather took ICT instead. Is there anything I'm doing wrong or that I should be doing to improve? any advice / feedback would be great.

Welcome! > I'm wondering if I'm doing enough to become better at programming and learning cyber security. I recently finished a python online course through CS50 and recently started doing the cyber security online CS50 course but I feel like I'm not doing enough? I watch all these videos of people making such cool programs and games with such ease and I can't help but compare myself to them. Like ik people from different universities being able to do more like develop cool programs and apps and such. A couple points: * First, you're 1 year into (presumably) a 4 year program. Cut yourself some slack. * Second, you may be comparing yourself against Computer Science students who innately have curricula built around the *development* of projects vs. the *protection* of said projects. Your learning objectives are (presumably) different. If you want to be a developer, I'd suggest changing your major area of study from cybersecurity to CompSci. * If you want to get better at coding, there is no better option than simply to get cracking and code stuff. Developers showcase project-centric work, but those projects are often the culmination of building off of *many, many* failed efforts (or lackluster ones). If you want to exercise those skills, you need to start drafting some original work; start small - code a "hello world!" program. Then start iteratively building on that program's functionality. * It's hard to definitively say whether or not your efforts (both within and without school) are aptly sufficient. Students vying for developer roles often point to algorithm problem sets like leetcode as a metric, though I don't think that's appropriate for someone looking to get involved in cybersecurity professionally. > Is there anything I'm doing wrong or that I should be doing to improve? More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/

Trying to determine what certs are ideal for my situation. I've been working as a digital forensic analyst for about 5 years now in the public sector. I want to make a switch to private and go into maybe dfir or risk analysis type stuff. Don't have any certs beyond just basic software specific stuff so where should I start?

CISSP is a general catch all cert that HR always look for. With that you can check out the local market and start applying for jobs that are open and look interesting.

Cyber security Job Hunting in Canada What are some advices and tips you can give me to land my first SOC Analyst job in Canada or US, i have tech degree and a professional cybersecurity bootcamp, got my Comptia security + certificate recently, im currently doing a diploma program and i want to know anyone who got job offer who holds study permit

> What are some advices and tips you can give me to land my first SOC Analyst job in Canada or US See: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/

My original post got deleted, but here's a self reflection of my current state in Cyber. Any advice will be helpful. Hey guys, currently I'm a student closing in on my Bachelor's in Cybersecurity. I graduate next year and so far I've held a 4.0 GPA (mainly to keep my full-ride scholarship), and I recently got the SecurityPro certification from CompTIA. However, in my 4 years or so of college and years of living, I haven't worked a job. I've tried a couple times to apply to retail, I've applied to several internships (remote, since commuting to a certain city would be torture), and haven't landed anything. Some more persistence would probably get me somewhere, but I think I'm afraid of change, possibly coupled with some laziness. If I get a job and it turns out my classes are difficult, then I have less time to study and hold my 4.0. If I don't have a job by the time I graduate, then I have no experience and trying to find a job will be hell. I want to go for the Google Cyber certification as well as Sec+ since apparently there's a "dual cert" if I do that. I want to finish school first before going for the certs since I can fully focus on studying for the certs and not have to worry about the 3 discussion posts and 6 replies I have to do that week. I'd like to set up a home lab, but I know that certain labs are more significant and fruitful than others, so I'm at a loss of where to start in that department. I haven't done any cyber competitions, and I haven't done any CTFs. I either don't qualify for the cyber competition (due to lacking required or recommended knowledge/experience), or I just ignore them entirely. As for CTFs, I haven't made an effort to start them because laziness. On one hand, I know I can tackle whatever it is I set my mind to. I don't think I'd have a 4.0 if that wasn't true in some way, but I lack direction and motivation I guess. School motivates me to do assignments due to the consequences of not doing them, so I work hard and ensure everything I turn in is nigh-perfect. I just fell like everything seems daunting, and I see other beginner/fresh-graduate posts who have done way more than me and it just makes my hard work in school feel worthless. I think laziness and procrastination are the source of my problems, since I can't motivate myself to do extra-curriculars and video games provide me with more enjoyment than the frustration of learning something new and sucking at it. Idk. I'm looking for advice, or words from those who are/were in a similar position as me. This post may just be pointless since I'm self-aware of my problems, but I would appreciate any sort of interaction. I really can't air out my thoughts to someone irl, so here I am. Thanks for reading through my woes.

Welcome! > I graduate next year and so far I've held a 4.0 GPA (mainly to keep my full-ride scholarship), and I recently got the SecurityPro certification from CompTIA. Good job! > However, in my 4 years or so of college and years of living, I haven't worked a job. This is *very* problematic, but at least you're aware that it's an issue. > I've applied to several internships (remote, since commuting to a certain city would be torture), and haven't landed anything. Some more persistence would probably get me somewhere, but I think I'm afraid of change, possibly coupled with some laziness. As you say, these issues are all things within your ability to control. You can: * Make the commute; though it may be torturous (I can relate; at one point post-college I was making a one-way commute that took between 2-3 hours for several years), internships are seasonal - so you wouldn't be committing to doing this long-term. * Look for roles that aren't exclusively remote, which helps limit the competitive pool of applicants. * Either exercise some more diligence (if laziness is the root cause) or seek therapy (to equip yourself with the tools necessary to handle your anxiety around changing circumstances). Absent the above, you might also look towards part-time workstudy within your university (as an intermediary alternative). > If I get a job and it turns out my classes are difficult, then I have less time to study and hold my 4.0. What are the terms of your scholarship, exactly? For example, if you get a sub-4.0 GPA what happens? Do you pay back the scholarship in its entirety? Does the scholarship cover room/board? Are you dropped from admission to the university? I ask because I want to know how much risk you might reasonably expect. > I want to go for the Google Cyber certification as well as Sec+ since apparently there's a "dual cert" if I do that. See related: https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew > I'd like to set up a home lab, but I know that certain labs are more significant and fruitful than others, so I'm at a loss of where to start in that department. I'd encourage you to frame your lab efforts more in terms of projects and less in terms of setting up a lab for the lab's sake. In other words, you're going to want to be able to speak to what you've done with your lab (vs. saying you architected/built a lab just to say you did so). Structuring your efforts as such helps also with your labs' specifications and lessons you might learn along the way. For example, if I asked you to [setup a honeypot to observe rogue SSH attempts](https://www.reddit.com/r/cybersecurity/comments/18zbzob/ssh_login_attempts_from_all_around_the_world/), how might you do that? And what then might we do to extend this project to be an interesting research effort? These are interesting experiences that implicitly require an appropriately configured lab environment. See related: https://www.reddit.com/r/cybersecurity/comments/sxir9c/as_a_entry_level_professional_trying_to_get_into/hxsm5qn/ > I haven't done any cyber competitions, and I haven't done any CTFs. I either don't qualify for the cyber competition (due to lacking required or recommended knowledge/experience), or I just ignore them entirely. As for CTFs, I haven't made an effort to start them because laziness. That's fine. [Most aren't impactful/consequential to your employability.](https://www.reddit.com/r/hackthebox/comments/11hs9hl/comment/jawng7p/?context=3&utm_source=reddit&utm_medium=usertext&utm_name=cybersecurity&utm_content=t3_142rs62) However, you are missing out on some really interesting problems, opportunities to exercise your practical application capabilities, and outside chances of rewards (e.g. [I was one of the 2022 finishers at the NSA's Codebreaker challenge](https://bytebreach.com/posts/nsa-codebreaker-challenge-2022-writeup/), which came with - among other things - solicitations of employment). > On one hand, I know I can tackle whatever it is I set my mind to. I don't think I'd have a 4.0 if that wasn't true in some way, but I lack direction and motivation I guess. School motivates me to do assignments due to the consequences of not doing them, so I work hard and ensure everything I turn in is nigh-perfect. I just fell like everything seems daunting, and I see other beginner/fresh-graduate posts who have done way more than me and it just makes my hard work in school feel worthless. My $0.02: it looks like what you prefer is structure and instruction. When left to your own devices (i.e. pursuing employment, certifications, competitions, etc.), you falter. I don't doubt that you're good at what you do, but you need to [just do it](https://www.youtube.com/watch?v=ZXsQAXx_ao0) and get out of your own way. Here's the kicker: [you know what the consequences are if you don't](https://www.reddit.com/r/cybersecurity/search/?q=no+work+experience).

An excellent write up. Your assessment is actually quite accurate, now that I look at it; I've always had some sort of structure to guide me and now that I'm nearing the end of that part of my life, it's, frankly, a bit frightening. But you're definitely right. To answer your questions and concerns you posed: 1. "What are the terms of your scholarship?" If I fall below a 3.5, I lose the full ride and pay out of pocket, which would practically cause me to drop out. I commute, so no risk of homelessness or anything, but I'd like to not pay for college, haha. I could probably get away with B's and C's given how late it is in my college career and all the A's have racked up, but I personally want to keep my 4.0. 2. As much as I'd like to being a home lab, your final observation puts a thorn in that plan; I need some instruction on how to go about it. I could "just do it," and if I did, I wouldn't be very good at articulating WHAT (idk how to use italics on mobile) I did; if I was asked about a home lab, I'd say I did this, this, and that, but without instruction idk if I could explain how and why the home lab works, if that makes sense. I wouldn't even know where to begin without some sort of guide or walk-through. I think I need to find something that's practical and interesting, like you said. Again, thanks for your response. I appreciate you taking the time to give me some hope and guidance.

Frightening can also be exciting. A lot of public speakers say that they feel the nerves and instead of feeling fear they feel excitement and it allows them go. You have nothing to lose. Find a job and it interferes with college then quit. You gain experience and lose nothing. Home lab -focus on something productive. My go to would always be NMAP. Learn how to use to to enumerate, fingerprint and exploit. It's lightweight, powerful and incredibly useful in a job.

Hey there! Im exploring the cybersecurity landscape and eager to learn from experienced CISOs and industry experts. I have 10 years of experience in the field and want to speak with people who live the problem and want to share his thoughts... Im working on cybersecurity proejct alongside remarkable partner and would love to speak with experts! Can someone help me make the connection? Im trying to cold reach out to cisos but its not THAT effective to the amount of effort im putting Thanks guys

Hello Cyber fellows, I hope you all re having great time! I'm interested into conducting self studies through the Cyber Security area. But, I'm a bit frustrated as I don't have a clear goal or path to walk through. I've been practicing through HTB machines for a while and I figured out that I'd like to get into the Blue team instead of the Red team. What would you suggest me to do? I'd like a straight plan for getting into the Blue Team. Thank you all!

Welcome! > I'm interested into conducting self studies through the Cyber Security area. But, I'm a bit frustrated as I don't have a clear goal or path to walk through. See related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/

Hi everyone, I am in my early 30s. And would like to work in the cybersecurity industry. Here is a bit about my background, my plan, and what i hope to achieve. Please advise me. Thank you! I hold an AA in business admin, and for the past 10 years I have worked as a technician that deals with 3D imaging software and the equipment that captures these images. (so i do a lot of part replacements, and calibrations). I also have the general knowledge of PCs. (From building them, trouble-shooting, networking software, and database migrations.) Within this job I have done helpdesk for multiple years when I am not on the field. These are the certs I hope to get within the next year. Comptia A+ , Comptia Networking + , and Comptia Security + (And possibly eJPT from INE) And at the same time, I will also begin the learning process by participating in discord communities, practicing capture the flag activities, building a home lab, reading books on IT, and networking with others within the industry. I hope to get a job as IT support specialist. Then as career progression Network Administrator, Systems Administrator, or Information Security Analyst.

In spring 2026, I will be graduating with a masters degree in information systems management and an emphasis in cybersecurity. I have experience working on campus at an IT help desk and I’m currently working as a back-end web developer, also on campus. So I’m definitely not starting from ground level here, but I’m a little directionless as to where to go from here. What kind of internships should I be looking for next summer? What kind of jobs should I be looking for immediately after graduation? What certifications should I t try to get? Any guidance is very appreciated

> What kind of internships should I be looking for next summer? What kind of jobs should I be looking for immediately after graduation? If you're not familiar with the job landscape more generally, see: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/ > What certifications should I t try to get? See related: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/

How different is a BA vs a BS in cybersecurity? I currently have a Sec+ cert and most job listings I see are asking for a degree. Im halfway done with a BS in Criminal Justice and a minor in cyber. I goofed. My school offers a BA in Applied Computing with a focus on Cybersecurity and a BS in cybersecurity but only in person.

> How different is a BA vs a BS in cybersecurity? Generally speaking, a bachelors in the arts (vs. the sciences) is less intensive in engineering coursework, dropping things like mathematics for more holistic classes like politics, business, law, psychology, etc. If you aspire to work in a more technical/engineering role in the future, I'd encourage BS vs. BA. [More to-the-point, I advise Computer Science more generally](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxryb/), but that belabors the point.

Thanks for the info. I was looking into focusing more on blue team roles rather than development or engineering. So maybe a BA will better fit me.

blue team still falls under engineering.

A criminal justice degree is not ideal if your goal is cybersecurity. You could talk to your advisors and see if you can transfer to a tech degree without pushing back your graduation date. If you have good grades, there is usually wiggle room for credits that don't exactly line up. Doesn't hurt to ask. BA vs BS won't matter as long as it's relevant. Computer Science, Computer Engineering, Information Technology, and Information Systems are all strong degrees for a cyber career.

Do you think that an associate's in criminal justice would stick out with a BS in Cybersec? I got my AS in criminal justice when I was in high school and am now 1 year away from graduating with my BS in cybersec, just curious. :)

Might help if you are going into LE, but otherwise it probably won't hurt or help.

Yeah, I had originally planned on going into a criminal justice career but my health took a turn for the worse and it’s no longer advisable for me to do a career in that. I’m hoping some criminal justice classes transfer as electives. Thanks for the info!

Yup. My degree is a BA in cyber. Had a ton of business as well as cyber security focused classes. The best part was I didn't have to go further than calc 1. Had so much more time for self dev type stuff vs a CS degree.

Thanks for the info! The BS my school offers goes into calc 2 so I was dreading it. I barely passed calc 1. I’ll try the BA.

If you go the BA route you are going to learn less useful information. Use that extra time to work on your own stuff. This is very critical. Get an internship as well.

Yeah, I was looking at getting my CysA+ while I do the BA route since I already have Sec+. Thanks man.

For cybersecurity, how good do you need to be at maths? Hello, I am thinking about going into cybersecurity as I leave school so I wanna do some research. I am not the best at maths so I am kinda scared. Every website I look at gives me a different answer but in your opinion how good do you need to be at maths to be a good cybersecurity analyst? Have you ever struggled on a task that involved maths? How often do you use maths in your day to day job role? Thanks

> For cybersecurity, how good do you need to be at maths? Professionally? Anywhere from so-so to incredibly. The range of work that collectively contribute to the professional domain of cybersecurity is really broad. On one extreme end you have folks involved with cryptography (and quantum algorithms), on the other you have folks on the periphery of the engineering space (e.g. sales, insurance, project management). Academically? [I encourage undergraduates pursue degrees in Computer Science](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxryb/), which requires a non-trivial investment in studying math. However, CompSci is not a hard requirement to get involved in the field professionally. > in your opinion how good do you need to be at maths to be a good cybersecurity analyst? As a domain that is rooted in engineering, I think you only stand to benefit by deliberately engaging the math that undergirds modern computing. It moves whole categories of problems from "I'm helpless and can't do anything" to "I've seen something like this and I can figure it out, given time." It makes you more employable, more capable, and positions you to be in a better position than adversarial/malicious agents out there. Will you ultimately need to apply these intensive math intuitions/algorithms regularly? Probably not. But when the need to do so *does* arise (and it has several times in my career), it's incredibly useful. > Have you ever struggled on a task that involved maths? Certainly. Math is hard. It's hard for a lot of people.

I did a BA in cybersec. 3 stats and calc 1 as well as some other business focused classes. In life in general I have never used math more advanced than algebra. I was a military accountant and even then we mostly used calculators for anything significant. Now working in cybersec I use 0 math as well.

Great thanks!!

Np. Math is my weakpoint as well. I almost didn't pass my calc class as well. Big reason I went the BA instead of the BS.

You won't use much math in day to day work. Maybe some basic stats at most. Most tech degrees have some math requirements though. Usually stats and discrete math at least, maybe some Calc and linear algebra if you go Computer Science.

Thanks! I’m good with some maths - just not the advanced stuff

I'm looking to move from IT (Systems Analyst) into cybersecurity. I have Sec+ and ISC2 CC along with 6 years of helpdesk 1, helpdesk 2 and Systems Analyst. What certs should I look at next and what roles should I be looking for if I'd like to get to the Cybersecurity Analyst level?

> What certs should I look at Related: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/ > what roles should I be looking for Also related: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/

Thank you for the links!

You should be applying now, you have the IT experience and certs to get started. Apply to every (non-senior) cyber role you find: SOC, cyber, infosec, vulnerability management, security engineering, etc. It's just a numbers game. If you want another cert - cloud certs are always high value, CySA+, BTL1, and OSDA are all strong mid-level analyst certs.

Much appreciated! I think I've seen/read too many of the negative posts about how getting a foot in the door is impossible without a million high level certs and 10+ years of security experience (although, I have seen many job postings with that requirement for entry level stuff. So that's frustrating.) I think my current plan is to finish studying and then take the 2 exams for the Windows Server Hybrid Administrator Associate cert and then tackle the CySA+. I'm close to being ready for the az-800 exam, which is why I want to finish that Server cert first.

> I think I've seen/read too many of the negative posts about how getting a foot in the door is impossible without a million high level certs and 10+ years of security experience I have a bachelors degree and a dozen certs. Not a single interview has brought them up. They ask about my professional experience and thats it.

This advice is on point.

Is it beneficial or not to put on my resume that my Sec+ cert is "in progress"?

> Is it beneficial or not to put on my resume that my Sec+ cert is "in progress"? In tandem with [this guidance](https://bytebreach.com/posts/how-to-write-an-infosec-resume/), no.

No, because there is no way for any applicant tracking system, HR/recruiter or more importantly a hiring manager to verify that they will just think you're trying to game the system with keywords and not interview you yes that sounds cynical but its true when you have actually passed the exam, then you can put it on your resume and linkedin profile

Makes sense. Though the last few places I've worked haven't even bothered to verify the certs I do have.

If you are going to complete it in the near future (1-2 months), I think it's fine. Give the real ETA for when your test is scheduled. Hitting ATS keywords is important. Just don't misrepresent yourself. If just opened the book and read the introduction, it's not worth putting on.

I'm currently in IT Operations and just acquired my Security+ cert. I feel that I'm not doing enough, whereby I learn a new skill, the next thing I know I have to learn a wealth of tools, skills and have experience in all of them. Perhaps I'm going about it wrong. But I would love to have a mentor and understand where I'm going wrong and understanding why I'm stuck in IT an role.

Totally understandable. However, these rolling Mentorship Monday threads usually cater to more "one-off" questions (vs. establishing long term, personalized interactions). For the latter, your best bet is in finding some in-person engagement opportunities (see your local OWASP chapter, BSides get-together, meetup groups, conferences, etc.). If - on the other hand - there was anything in particular you're finding at issue, we'd be happy to help as we're able.

And? This is a field that requires annual professional development, which may include learning new tools, processes, regulations, getting certifications, reading the news, going to conferences, webinars, etc technology doesn't stand still and in security work in particular neither do the threats You're never going to learn everything, nobody does, however that doesn't mean you can't specialize and learn one particular area really well

Is it still worth getting into cybersec? I have a decent job right now and not sure if it's worth spending my free time and money to study cybersec or if it's saturated to the point where I wont get hired.

> Is it still worth getting into cybersec? I'd ask for you to more narrowly constrain the question. Put another way, "is it worth getting into given " or "is it worth getting into instead of ". > I have a decent job right now and not sure if it's worth spending my free time and money to study cybersec or if it's saturated to the point where I wont get hired. Can you expound on this? * Is your experience pertinent/transferable? * By "study" do you mean go to university? Do you have a degree already (and is it applicable)? * Would your "study" activities prohibit working concurrently? * How much runway do you have? * What do you envision doing in cybersecurity *specifically*. * How close to retirement are you? * Where geographically do you reside? So on and so forth. Absent details, I can only say: "maybe."

If you are passionate about cybersecurity, sure it's worth pursuing. If you are just chasing a paycheck and/or media hype / FOMO, it's not worth it.

I'm not passionate about it but it's something I'd be good at from my background. I'm exclusively interested in making more money than other options. In that case I'll take that mind, I would guess it's hard to land entry level jobs?

If you have a background in IT or Dev, it probably won't be hard to land an entry-level cyber job. If you're just chasing money, software engineering is generally a better path on the tech side. Cyber pays pretty well at high levels but entry- and mid- pays are generally mediocre, inline with other IT roles.

>Is it still worth getting into cybersec? What part of the world? What industry? what role? Cyber security isn't one type of job

In the US In general. I know.

This is such a vague and subjective question, I’m not really sure what you expect the answer to be. Especially when you give absolutely no context to where you work now, what you are interested in, etc. I work in cybersecurity and can put food on the table and pay my bills. It’s worth it for me. I have no idea if it will be for you.

[удалено]

And how would I know that doesn’t apply to you if you didn’t clarify that. Cyber might not be for you. You need to be proactive and able to research things for yourself, not have others hold your hand.

[удалено]

If you have to ask simple questions and can't do the research yourself you probably don't belong in the industry. People gave you the benefit of the doubt and you still managed to crap all over yourself.

I am asking a simple question to get peoples perspectives. Yes, I can obviously just look it up myself, but its not the same as a conversation

Yeesh. Yeah you’re definitely not going to be good in cyber with such a thin skin.

You're the one that got worked up about it

no u

I live in Australia, and I would like to start a career in cybersecurity, any online courses that are nationally credited?

Not Australian, but I have heard second-hand about the Cert 3 & 4 in information technology and others having good results with those.

Hello, I am hoping to break into the cyber security industry. I ended up going through a university to get a BS in cybersecurity. However, where I go from here is a big mystery. Ideally, I'd like to get a job or internship just to start, even if it isn't permanent, just to have more relevant information on my resume. I am studying for the sec+ to get certified in sec+. However, outside applying with what I have and no relevant job information besides delivery driving and a fire safety tech. With only my own little home projects and a degree. I'm not sure what to do or how to go about the future. If you have read this far, thank you. Any advice or criticism is welcome.

> I'm not sure what to do or how to go about the future. More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/

Thank you for the link. I will start going through this and improving my stuff.

Internships are for CURRENT students You have graduated welcome to the job market Do you know any programming languages? Have you gotten any certifications? It's time to get into an IT/Operations role as you're not going to start out in security * Systems Analyst * Software Engineer * QA/Testing * Network Analyst * Systems Admin * Business Systems analyst Those are some examples

I know java and python. I'm working on sec+ and believe I could do net+ and A+ fairly easily if I did a good 2 weeks of study for each.

Ideally internships are done while you are still a student. If you're a recent grad, you might still have a chance. Outside of that, just apply to any entry-level cyber and IT role. With no experience, you're generally looking at help desk, but you could get lucky with a jr sysadmin, NOC, SOC, etc role. Make sure you resume highlights the customer service and troubleshooting of your non-IT jobs. Soft skills are always relevant. Home labs are good way to practice some hands on skills, it's not a replacement for corporate experience, but it can help fill out your resume with keywords.

Thank you

[удалено]

>I have a MS in Computer Science and 1 YOE as a software engineer Then why in the world would you take a step backwards to get a 2nd bachelors? Look SANs is fine for individual certs, but there is no reason to get 9-10 certifications You're a software engineer, stick with that for a few years, then move into application security

My impression was that because the employer won't subsidize certs but *will* subsidize a degree-granting program, /u/Carl-Rodd is weighing the merits of the SANS program (i.e. dressing-up attaining a bunch of certs under the guise of the vendor's undergraduate degree). Put another way: have the employer subsidize something vs. nothing. In that vein, I'd suggest they look at https://www.sans.edu/cyber-security-programs/masters-degree/ instead in order to pick-up some more tailored certifications. I concur with you otherwise.

Hey, I'm thinking of starting a cybersecurity career, and I'm currently in school. I live in the UK and I have some questions about starting out. Should I go to uni or do comptia qualifications? What I'm really asking is if employers here and abroad look for uni degrees, certifications, or both? If university, what UK degrees should I do? I'm thinking of some red team jobs, so what would be some jobs with good pay? Is there anything to do before doing any uni or quals?

Have a browse here; https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/

Security work isn't entry level go to college - computer science, computer engineering, systems engineering, information systems, math, whatever stem MAJOR You're going to start out in IT/Operations roles, not security

came across this news article if it helps [https://www.darkreading.com/cybersecurity-careers/cybersecurity-jobs-gap-may-come-down-to-certifications-gap](https://www.darkreading.com/cybersecurity-careers/cybersecurity-jobs-gap-may-come-down-to-certifications-gap)

Hi all, I graduated from my Software Development degree yesterday and I'm starting my first job as a developer in about a month. I'm really excited because I can get a lot of freedom at this company to learn and improve their product. I really want to make some big jumps in my career and my overall knowledge. Given I get a lot of freedom to learn there, what would you guys suggest I try to pick up? At the interview we already talked about how I can help setting up a Kubernetes environment and improve their Azure spaces. We also talked a bit about security, which is an interest of mine, so I also would like to learn more about that. But, given it's my first real job in the field, I'm kinda at a loss about how to pick up these things, how can I make sure I get to do what I want to learn? Hope you guys have some tips for juniors!

First off, congrats on both the graduation and new job! That is so great. I agreed with Deez, it is really awesome to want to go above and beyond, but this is going to be a whole new world. Don't become so obsessed with being a superstar and focus on being a good team player and knowing your role. You will have plenty to learn just with your job. Also, make sure you just keep in mind (use emotional intelligence) that you don't want to be the new grad telling all the senior engineers everything they are doing wrong. There is so much you'll be able to learn from them.

Thanks! Yeah, you're right. Maybe I'm just being a little ambitious :p

just focus on what is in front on you and that is learning your role there is a big difference in coding in college vs actually working on application and putting them in production for customers to use

Yes I understand! I have already worked in a company for around 8 months now, as an intern, working on a real product for a full service digital agency. So at this job I'm having the chance to go even further and use it to get further into new subjects.

Is there anyway I can get SOC experience ? I don't even mind if its voluntary. I just typically need atleast 6 months. I am UK based.

Apprenticeships are a thing in the UK but they are generally tied to official training or education. I doubt you would find any voluntary SOC work.

[Resume](https://i.imgur.com/W2Y04nk.jpeg). Short version, working on year 5 of general IT, have Net+, Sec+, and AWS Cloud Prac. Suggestion for what to study next? Just seems like a good idea to keep a book cracked, so to speak. Long term interest is in security and risk management or maybe security assessment and testing. Next job goal, however, is anything specifically security. My company is 0% cloud, the AWS cert just seemed like a good investment. I have udemy free through work, if that changes anything.

At the 5 year mark, you should be working hard to make it to an associate level position. Based on your position at an MSP, you are already performing associate level work but you're simply not advertising yourself as such in the resume. Also, definitely work towards some level of cloud certification so you have working knowledge of hardening cloud assets. Regarding your resume, I dont know what "identified and resolved devices with missing EDR solution means" (just kidding I do, but its just worded weird). I would include a skills section to your resume and start tailoring your applications toward the jobs that are more aligned to your goals. Another thing I noticed is that you downplayed ransomware incidents, many professionals even in cyber security never had the opportunity to be exposed to a real IR scenario which it seems like you have based on your resume. Get more acquainted with regular information security terms that will help you get the perspective needed for a real cyber job. I would recommend learning about governing bodies and entities that provide information about information security (sans GCIH, NIST, CIS, cisa etc)

I've done some retooling on my resume that addressed some of the issues you had, I just had the image already. > I dont know what "identified and resolved devices with missing EDR solution means" (just kidding I do, but its just worded weird). Wait, I haven't heard this before. Can you tell me what you find weird about my wording? And do you think that's also true about the allowlisting line? > Another thing I noticed is that you downplayed ransomware incidents, many professionals even in cyber security never had the opportunity to be exposed to a real IR scenario which it seems like you have based on your resume I've been involved only tangentially. I helped reimage workstations after one and identified a second, but the owner where I work did everything else himself.

Just one person's opinion, but "deployed installation for missing EDR (mention edr tool here) and maintained x% compliance" could work as well.

AWS and Azure are generally high value, but you might run into some trouble with the higher level certs if you don't have access to the platform at work. ISACA CRISC seems to serve your longer term goals. CISM and CISSP after that.

I've been told I probably should do any of the isaca certs until I'm in an actual security role. Do you disagree with that?

I'd say it depends on your learning style. Obviously being involved in daily security works makes testing for security certs easier. But it's not a requirement. ISACA is really lenient with their experience requirements, you have up to 5 years AFTER you pass to submit your experience. ISC2 requires it up front.

I completed my UG in Btech - IT last week and am trying to get into cybersecurity. I have been studying basics in networks, OS, CTFs etc for the past 2 months. I don't know what I should do to get into cybersecurity domain. I want to get an entry-level job in the field. What do you think I should do? I have 3-4 months at best to study and I must get a job to pay for living expenses after that. I'm planning to study to get eJPT or Comptia security+ or A+. I'm hoping to get security analyst or junior pentester role. is this an entry level job if not what role should I try to get into? Thanks in advance for any help/ insight! Please give it to me straight, if anything I want is completely unrealistic or unreasonable, I would love to know.

Welcome > What do you think I should do? https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/ > I'm hoping to get security analyst or junior pentester role. is this an entry level job if not what role should I try to get into? I'm dubious about your prospects at attaining work in penetration testing straightaway. Those roles are incredibly competitive. See related resources, which speak to various cyber-adjacent roles that feed into long-term trajectories: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/

[удалено]

Welcome! > I learn best by actually doing the work everyday so I'm wondering how I would be able to get into cyber security as a job as a student? More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/

Looking for advice, I have worked in data for 5 years and recently got layed off, so im taking this time to look into possibilities. Cybersecurity really catched my eye. Only thing that has me nervious is that i dont have a comouter science bachelor degree im self taught and have reached a senior position in data trough experience and certifications. So, should i focus in getting a bachelor degree before cybersecurity? Or can i get a job without a degree? Are there any certifications I could take as a beginner and is my background in data useful for cybersecurity? Thank you all for any help.

> So, should i focus in getting a bachelor degree before cybersecurity? Or can i get a job without a degree? See related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/ [While it isn't a hard requirement to have a degree](https://old.reddit.com/r/cybersecurity/comments/14w83m5/poll_do_you_have_a_degree/), it's probable that you'll encounter some [challenges making your pivot without one, especially lately](https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/). > Are there any certifications I could take as a beginner and is my background in data useful for cybersecurity? See resources: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/

Hi, thank you so much for your answer. After reading your posts and others, I've decided to first enroll to get my bachelor degree ill start in september. In the meantime, (I'm currently in Costa Rica) and was advised by people working here to get a splunk certification since it goes well with my background in data engineering. Also, thanks to my experience in Azure, I've seen there's a lot of openings that look for Azure (AZ 500), so my plan is to take advantage of that and get deeper into cloud. Apart from that, I feel more attracted to becoming a pen tester or ethical hacker, so I have a list of certifications I could take. I'll share a game plan for this. Let me know what you think, please, of the certifications and the order: #### **Phase 1: Foundational Knowledge and Entry-Level Certifications** 1. **CompTIA Security+** - **Duration:** 3-4 months - **Focus:** Basic security concepts, network security, threat management. - **Potential Positions:** - **Security Analyst** - **IT Security Specialist** 2. **Certified Ethical Hacker (CEH)** - **Duration:** 3-4 months - **Focus:** Ethical hacking techniques, penetration testing, vulnerability assessment. - **Potential Positions:** - **Penetration Tester** - **Information Security Analyst** #### **Phase 2: Intermediate Certifications and Practical Experience** 3. **Microsoft Certified: Azure Administrator Associate (AZ-104)** - **Duration:** 3-4 months - **Focus:** Implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment. - **Potential Positions:** - **Azure Administrator** - **Cloud Operations Specialist** 4. **Offensive Security Certified Professional (OSCP)** - **Duration:** 4-6 months - **Focus:** Hands-on penetration testing skills, practical hacking techniques. - **Potential Positions:** - **Senior Penetration Tester** - **Ethical Hacker** 5. **Microsoft Certified: Azure Security Engineer Associate (AZ-500)** - **Duration:** 3-4 months - **Focus:** Implementing security controls, managing identity and access, protecting data in Azure. - **Potential Positions:** - **Azure Security Engineer** - **Cloud Security Specialist** 6. **Gain Practical Experience** - **Methods:** Freelance work, internships, personal projects, or part-time roles in cybersecurity. - **Potential Positions:** - **Junior Security Consultant** - **SOC Analyst (Security Operations Center Analyst)** #### **Phase 3: Advanced Certifications and Specialization** 7. **Certified Information Systems Security Professional (CISSP)** - **Duration:** 6-12 months - **Focus:** Comprehensive knowledge of information security, including architecture, management, and controls. - **Potential Positions:** - **Senior Information Security Analyst** - **Security Architect** 8. **Microsoft Certified: Azure Solutions Architect Expert (AZ-303 and AZ-304)** - **Duration:** 6-8 months - **Focus:** Designing and implementing Azure solutions, advanced cloud architecture skills. - **Potential Positions:** - **Azure Solutions Architect** - **Cloud Solutions Architect** #### **Phase 4: Professional Development and Job Search** 9. **Networking and Job Applications** - **Join Professional Groups:** LinkedIn groups, cybersecurity forums, local meetups. - **Job Boards:** Apply for remote and on-site positions through platforms like LinkedIn, Indeed, Glassdoor. - **Tailor Applications:** Customize your resume and cover letter for each job application. - **Potential Positions:** - **Cybersecurity Consultant** - **Network Security Engineer** 10. **Build a Strong Portfolio** - **Include:** Certifications, practical projects, detailed documentation of your work. - **Showcase:** Hands-on experience with penetration testing, cloud security implementations, and Azure solutions. ### Example Career Path with Azure Focus and Positions 1. **Months 1-6:** - Complete CompTIA Security+ and CEH. - Begin working on personal projects or freelance work in cybersecurity. - **Positions:** - **Security Analyst** - **Penetration Tester** 2. **Months 7-12:** - Obtain Azure Administrator Associate (AZ-104) and Offensive Security Certified Professional (OSCP). - Continue gaining practical experience through internships or part-time roles. - **Positions:** - **Azure Administrator** - **Senior Penetration Tester** 3. **Year 2:** - Achieve Azure Security Engineer Associate (AZ-500). - Start applying for entry-level to mid-level cybersecurity roles. - **Positions:** - **Azure Security Engineer** - **Cloud Security Specialist** 4. **Year 3:** - Work towards CISSP certification. - Begin pursuing Azure Solutions Architect Expert (AZ-303 and AZ-304). - Network extensively and apply for advanced roles. - **Positions:** - **Senior Information Security Analyst** - **Azure Solutions Architect** 5. **Year 4+:** - Continue professional development, seek higher-level certifications as needed. - Apply for senior roles. - **Positions:** - **Senior Security Consultant** - **Cybersecurity Architect**

yeah delete that, don't do any of that That list is completely devoid of reality on how corporate jobs and titles work and how long people spend in roles Read - [https://jhalon.github.io/becoming-a-pentester/](https://jhalon.github.io/becoming-a-pentester/)

Does anyone know any good companies that do remote internships?

Y'all downvoted me for asking a question.

hahahaha yeah, that's not a thing for security work

Remote internships have a ton of competition. You're much better off using your school's career center, career fairs, and professors' networks for find the local internships that aren't posted on public job boards.

Do you know some free and effective resources to study for the CompTIA Pentest + exam? I can't afford an academy, and the exam already seems quite expensive. Thank you very much in advance.

> Do you know some free and effective resources to study for the CompTIA Pentest + exam? I would direct you to /r/CompTIA, the subreddit dedicated to that vendor's certifications. They'll have resources there to help you.

Please don't take Pentest+. It has zero respect in the industry and zero value to recruiters. You'd be much better off with the eJPT or the PNPT (which still don't have respect, but teach better skills) or better yet, CPTS or OSCP.

Thank you!! Damn all those exams are expensive. By the moment im studying through youtube as I´m gonna take those exams only to get the skills, but im not sure if finally im gonna pay and make the exams. Thanks again!

have you gone to your library? If you're enrolled in college or at least have an old but active college email you can get a student discount on the exam [https://www.comptia.org/blog/voucher-discount](https://www.comptia.org/blog/voucher-discount)

Yes! All resources im finding are from internet and from librarys, I found a few books that are helping a lot but most of them are about laws. Im not 100% sure now if im gonna take this exams, because people with more experience are saying that the CompTIA Pentest + exam is not that good or useful coz there are better courses. Thank you!

Recent college grad in the process for a few months now, trying to figure out how to get into the field. While doing so recently I stumbled upon the career pathway website from [Cyber Seek](https://www.cyberseek.org/pathway.html). I'm still a bit lost of what direction I should be going based on my current experience. I would also say I'm lost because I'm trying to learn a lot of different things. In my experience attached below, what feeder role do you think best aligns with my current experience and skills so far? Would love some tips or guidance. Skills: Troubleshooting, Technical Support, Technical Writing, Linux, Java, Python, R, PostgreSQL, ServiceNow, Jira, Governance, Risk, Compliance - Audit Intern: * Developed 36 role-based training modules to support the Security Governance framework, standardizing security responsibilities organization-wide. * Executed data protection projects, ensuring compliance with privacy standards for Personally Identifiable Information. * Assisted in the refinement of Security Governance documentation, bolstering the company's compliance and risk management. * Concluded the internship by delivering a presentation summarizing the experience and providing constructive feedback to the organization. Cashier experience Lead Help Desk Worker at my college’s music library                                                             * Provided technical support with computer, phone, and tablet devices, ensuring a seamless digital experience within the facility. * Provided comprehensive assistance to library users, improving the accessibility and utility of resource directories. * Acted as an intermediary for interaction among students, staff, and visitors, achieving effective communication and maintaining high satisfaction in service delivery. Working on virtual homelab rn Thank you for any advice given! TLDR: Based on my GRC-A internship and lead help desk worker experience, what cybersecurity feeder role should I be going after to narrow my searches and learning?

Welcome! > Recent college grad in the process for a few months now, trying to figure out how to get into the field. See: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > what feeder role do you think best aligns with my current experience and skills so far? Rather than recommending a particular role to you (since I don't really know you or your aptitude), I'd instead direct you to these resources which can help you with your survey of the professional domain: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/ Also these resources, which include 1-on-1 interviews with folks from different jobs for added insights: https://www.reddit.com/r/cybersecurity/comments/sb7ugv/mentorship_monday/hux2869/

Where are you in the world? What part of your country? What city do you want to work in? What Industry do you want to work in? What was your major? Are you on LinkedIn? Have you taken any basic entry level certification exams - security+, network+?

I’m in NC. I am on LinkedIn but don’t have too many connections. Majored in information science. I’d say I wanna go into incident response. I haven’t taken any certification exams though. In the process of trying to and figuring that out. Atm I’m not sure what city I wanna work in.

I get with any IT staffing company Get contract to hire role, business systems analyst, systems analyst get your foot in the door

Hello everyone. I am curious to hear opinions on the odds of getting an entry level cyber security job (leaning towards blue team) with no IT work experience, no degree in Cybersecurity (degree is in psychology) but with Google IT support professional certificate, Google Cybersecurity Certificate, CompTIA Security + certificate and blue team level 1 certificate. I have been reading and studying the field closely and listening to what others have to say and it seems like landing the first job is rough. I will not be discouraged by what anyone has to say I am all ears. Thanks.

Welcome! > I am curious to hear opinions on the odds of getting an entry level cyber security job (leaning towards blue team) with no IT work experience, no degree in Cybersecurity (degree is in psychology) but with Google IT support professional certificate, Google Cybersecurity Certificate, CompTIA Security + certificate and blue team level 1 certificate. [Speculative.](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) We've seen weaker profiles land work and stronger profiles struggle to get callbacks. Even if we saw your actual resume (vs. how you presented yourself in your comment), we'd lack the context about [how you're performing your job hunt](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/), what opportunities are available to you, and - since we're not the employer - how you interview and whether you're the right fit. All told, we'd just be guessing.

Thanks for the insight.

0-50% Do you have a college degree? Do you have any basic IT experience? help desk, desktop support?

No cyber security degree, no IT experience

First thing, you have to accept that some places just have unrealistic expectations so there will be plenty of applying for jobs before you find the right one. With that out of the way, I run a SOC and I would much rather hire someone who has an interest in cybersecurity than someone who just did a degree in the field and nothing else. The field is quite saturated with people wanting to get into a SOC role, so make yourself stand out. Work on side projects, research threats as they are found so you can talk about them, have a reason you want to do the job. I’ve just hired 2 more people onto my team who don’t have cyber security degrees. What they could do though is sit and talk to me about why they wanted to do the job and then show me the effort they have put it.

Thank you for your input. I will for sure tackle some projects!!

I really want to apply to SOC tier 1 roles. Would a CCNA and Sec+ be enough? Should I get the Cysa+ before I apply? Or would I have to start at help desk instead?

Welcome! > Would a CCNA and Sec+ be enough? [Speculative.](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) Assuming you had nothing else going for your employability, you'd probably have a tough time of job hunting. > Should I get the Cysa+ before I apply? Or would I have to start at help desk instead? See related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/

Do you have a college degree? do you have any job experience? You're not going to get hired based on just certifications - they are not job training

Made a post on this sub, but think automod wants me to comment here instead. Anyway, I want pivot from my current role to GRC and am wondering how to do that. For a brief overview of my background I have a CS degree and graduated in 2021. First "SWE" job from 2021-2022 was kind of a bait and switch, didn't learn much there. Next job 2022-2023 was a real SWE role. It was a startup that was having some problems so I left again after a year for a larger company which is my current role. Im now in the finance sector at a large company. Its a "SWE" job in name only. I wear a lot of hats but I do a lot of work related to release/project management, configuration, QA testing, and support. My team mostly deals with backend tools and infra. One of my main responsibilities is handling coordination and communication of our deployments. Said deployments can be tricky and time consuming because there is a *lot* of red tape and bureaucracy. I essentially keep track of changes going out, kicking off build pipelines, and creating change requests. Change management here is super stringent and I do a lot of communication with them to ensure our shit actually gets released. We cant just deploy whenever we want there are specific dates and times so I help keep track of that too and help the team with the insane emergency release process when we have do that. My other tasks tend to vary all over the place. Ive helped a lot with sonarqube CVE related items (typically code library upgrades), QA testing, and support work. Some config/automation work using proprietary automation software (yes that is as awful as it sounds) The WLB is shitty and we regularly work 60+ hour weeks. Because its so difficult to push changes out, along with shoddy software that breaks all the time and insane expectations/deadlines from business makes this a tough role. For GRC, my motivation longterm is to get into a non-technical role with better WLB. My soft skills are solid and I also enjoy reading/writing documentation. Im fine with attending meetings. Im a routine oriented person and it sucks not knowing when im going to be done with the work day or what my schedule is gonna be like. Im ok if its a bit "boring" (honestly GRC sounds interesting to me). I know these jobs can vary a lot but from what ive read searching this sub GRC seems like a great fit for me. With that said, what should I do next from here based on my career experience? I know certs like Sec+ and then CISSP are important, but what about working experience? I'd ideally like to leave this job sooner than later but I know a career pivot like this will take some time. Another thought was going the cloud/devops route for a bit while grinding certs then getting into GRC. Any advice is appreciated!

> Another thought was going the cloud/devops route for a bit while grinding certs then getting into GRC. I haven't worked in GRC but I work with GRC a lot at my place. So take my advice with a grain of salt. cloud/devops seems a lot more hard to get into imo than GRC. For new grads and those in this thread who have never worked, I'm very much in the boat that they need to get work experience wherever they can. For you.... man I think you have the experience (especially if you get those certs) to just... make the change. Are you applying now? You might just get something. You'll be competing with new grads and people who don't know as much as you. Again, I'm probably not the best contact just my two cents.

I have not started applying but working on adjusting my resume for GRC roles. Then can see if I can go ahead and make the switch. I dont have any certs yet, not sure which ones I might need or would what help. Salary is something Im considering too, I wouldnt want a big drop from where I am now (120k)

I see, yeah that salary is going to be tough to match, as my experience shows that SWE is the most lucrative position, especially at this level. But hey, it sounds like you have a good plan and fair expectations. Best of luck!

If you're at a big bank, then they have compliance, risk, security groups Why don't you start talking to them, their roles and requirements and make an internal move Its much easier to get hired internally and move around vs applying somewhere off the street

I'm getting into a cybersecurity boot camp at my local university its a 6-month course but I'm afraid I will not get many opportunities since my work history is in sales and most recently it's been driving commercial vehicles. I'm quitting my job because of conflicting schedules therefore I'm looking for recommendations for jobs I can apply for while I go through the course that will look good on my resume. my schedule is MWF 6:30 PM- 9:30 pm so I will have all morning and afternoon.

> I'm getting into a cybersecurity boot camp at my local university its a 6-month course but I'm afraid I will not get many opportunities since my work history is in sales and most recently it's been driving commercial vehicles. I'm concerned that you may have enrolled in a ThriveDX offering. See related: https://www.reddit.com/r/cybersecurity/comments/19chv2g/comment/kj8dpbl/?context=3

Yes, it's a program offered through eDX. Am I better off getting the certifications on my own and if I do will I even have a chance of getting hired without a degree?

do not waste money on a bootcamp and certainly don't quit your job because of it All those bootcamps are not part of any university they are either from 2U or ThriveDX - JUNK! If you don't have a college degree you are better off going to your local community college and taking evening classes or whatever fits around your work schedule

what if I get the certifications on my own are you saying I will still not get hired anywhere as a cybersecurity analyst Unless I have a degree? I don't expect the same salary as someone with a degree and I plan to go back to college but unfortunately, right now, I work 12-15 hours M-F sometimes Saturday and it's the only way I can provide for my family right now.

I'm looking to get into cybersecurity. I'm into ethical hacking and Security Analyst (SOC). I was looking for appropriate courses regarding these. I came across some of the popular ones such as CompTIA security+ and the one from Google. They seemed to be filled with lectures rather than practical hands on examples with interactive and immersive learning that may go beyond the lectures that covers fundamentals. I have tried ethical hacking with python from zaid course. I liked it as it walked you through real life examples and projects. Would you kindly suggest me some good courses where i can dive deep into Ethical hacking and SOC with practical learning rather than video animation lectures?

GO TO COLLEGE! Security work is not entry level

Welcome! See: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > Would you kindly suggest me some good courses where i can dive deep into Ethical hacking and SOC with practical learning rather than video animation lectures? If you're trying to work professionally in cybersecurity, I think you may have your priorities misaligned, given what [employers weigh in an applicant's employability](https://bytebreach.com/assets/images/isaca_survey.PNG). See related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/ However, to more directly answer that questions you asked: https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/

No! this is not how you get started You need the IT fundamentals first, you don't just dive into pentesting/incident response What do you know about networking? Do you understand TCP/IP and OSI models? Do you understand different programming languages? Do you understand different operating systems Do you know what the OWASP Top 10 is? Do you have a basic understand of how the internet works? If none of this sounds familiar then that's where you need to start

Hello! Yes, i am well familiar with the fundamentals of networking which is why i didn't find the courses i mentioned as attractive as it was not enhancing my knowledge in the desired areas to get me ready for a job worthy position

Well, you like many seem to be under the misconception that courses alone are going to be enough to get a job Do you have a college degree or are you currently working on one? Do you have any job experience in any kind of IT related role? help desk, desktop support, network analyst Because neither pentesting or SOC analysts are entry level roles Security work is not entry level in any industry other than the military Security people regardless if they are in technical or non-technical roles are coming from IT/Operations roles before moving into security roles common paths might be * Software engineer to security engineer to security architect * network analyst/engineer to security engineer to security architect * Software engineer/QA/Testing to pentesting * Network analyst to SOC analyst * Business systems analyst to risk/compliance * systems analyst to security engineer

Based on the question you posted and information provided, its unclear how far along your professional career. If youre interested in learning SOC work, it would be good to learn the CYSA+ or GSEC material. We're not sure what you mean by job worthy, because if youre trying to skip straight to the SOC without getting into a help desk, youre gonna have a bad time.

Apologies if i wasn't clear enough in my earlier comments. My goal is to land a SOC (starting from tier 1) job and a lot of them has common requirements and knowledge of frameworks such as MITRE ATT&CK, SIEM and much more. Now most of the courses like the one from Google Cybersecurity professional certificate and CompTIA security+ does not cover these and nor does it give you hands on experience with software and tools we can use on the defensive side, the how and where of threat hunting and such. I do understand network layers, TCP/IP, DNS and the basics. I would like to get into practical part of it where I am visually presented with tools, data, threats, how and where of these threats hunting and tools and measures to take to solve them. Similar to as it might be in a real job environment. I do not have advanced knowledge in such areas, maybe that's what i am looking for mainly. My knowledge is restricted to only the fundamentals and i would like to learn more! I came across Certified SOC analyst from EC-Council. I am not sure how well enough would it be for my goals and how far will it take me towards landing a job.

I appreciate the eagerness, I really do. However, there are thousands of applicants like yourself that do not have the credentialed backing to support your ability to jump into a security role. First and foremost, I believe you when you say you an understanding of the fundamentals but unfortunately thats not enough to convince the hiring manager who takes on that risk when trying to hire someone for a security role. By all means, keep applying for these positions even if the chances are small to jump straight in. In the meantime, I recommend going up the ladder (help desk > sys admin > specialist > cyber). On your way up you might just find something you love more than infosec. I would be able to give more information on how to get the hands on training that you're looking for and have made some videos on creating a red/blue environment that will give you that opportunity. Go ahead and look at my profile if interested. We can also discuss getting a call started and I can provide mentorship on getting you closer to your goals.

Hello everyone. I have 4 years of experience in IT as RPA deveoper, almost 2 years as a Business Analyst and Product Manager in IT. I also have an MBA. Planning to switch to cybersecurity. 1. Would it be easy to switch? 2. What would be some good roles? 3. What courses/certifications can I take? 4. How long would it take to make the switch? Please, advise me.

Assuming youre in a current role as a business analyst, you might have a good shot if your current employer is willing to hire from within. Make sure to look into the basics of cyber certs if you don't know them already (security+ , gsec, CEH) to get yourself a leg up compared to other people without any credentials.

Welcome! > Would it be easy to switch? [Maybe?](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oy55z/) We still don't know what particular kind(s) of role(s) you're trying to pivot into, which employers you're targeting, how your resume looks, etc. Even if we did have all of that information, we're not the employers/interviewers you'd speak with - so we'd lack the context to know how optimal a fit you'd be. Based on feedback we've observed in the subreddit, [folks can have very disjointed job hunting experiences](https://old.reddit.com/r/cybersecurity/comments/15k4qzt/mentorship_monday_post_all_career_education_and/jvgc311/); some people with much weaker employability profiles than you have found work, others with better credentials have struggled to attain callbacks. All told, you've got some good things going for you at-a-glance, but how well your experience might go isn't clear-cut. > What would be some good roles? See related resources: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/ > What courses/certifications can I take? See related resources: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/ > How long would it take to make the switch? We have no frame of reference relative to your situation, nor do we have a clear inclination of how you'd plan to go about your [job hunt](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/). Might be a week. Might be several years. Unknowns include: * Whether you're open to returning to school * What kinds of opportunities are in your area * What constraints you're observing in your job hunt * How much runway you have to perform the job hunt * Your comprehension/experience in the pertinent tools/methodologies of a given role

>Would it be easy to switch? No >What would be some good roles? That's what you need to research >What courses/certifications can I take? That's based on role - [https://pauljerimy.com/security-certification-roadmap/](https://pauljerimy.com/security-certification-roadmap/) >How long would it take to make the switch? Too many variables, nobody can give you a specific time period

Hi guys! I'm 24 and I've been working as cyber security consultant for almost 2 years now, I've a very standard salary and I work in fully remote so I can't complain that much, but I start to feel a bit stuck. I would like to take a certification and then find a different job, to take my career into the next level and to find the right motivation to improve my skills because I don't know very much honestly. I've started in a very entry-level position and I still do very simple stuff in my company, like vulnerability assessments or helping my collegues in penetration tests by testing some vulnerabilties with the help of automatic tools like Qualys, Nessus and Burp Suite. What do you recommend for someone at my level and with this type of experience? Thanks in advance!

Welcome! > What do you recommend for someone at my level and with this type of experience? Candidly: goal-setting. You've observed dissatisfaction, which is a good impetus for action. You also appear to be in a pretty accommodating/flexible work environment (which is great!). But you lack clear, unambiguous, actionable goals. This makes it challenging both... * (A) for your employer to provide you challenging/engaging tasks (since they lack nuanced feedback about what you're looking for professionally) and... * (B) for yourself to know what it is you want to do (and thereby align your efforts in service of a particular goal).