Hi everyone,

I’m a 24-year-old remote senior in college, graduating a bit later than expected. Honestly, it’s been a bit of a crisis for me. I feel like I could balance a tech job while finishing my degree, especially since I’m studying remotely. I’m motivated to do this so I don’t fall behind financially and career-wise.

I’ve built a solid foundation with three security internships, a couple of years of technical volunteer work (in DevOps, security, etc.), certifications, and projects. Unfortunately, I wasn’t able to secure a full-time position from my last internship due to layoffs, which has made finding my next opportunity even more challenging.

I’m particularly interested in security analyst or security engineering positions, and I’ve recently started exploring opportunities in AI security as well.

My question is: How can I make myself a competitive candidate while still in school? Should I focus on part-time roles, contract work, or specific types of positions? I’d really appreciate hearing from anyone who’s been in a similar situation or has advice on how to approach this.

Thank you for your insights!

Looking for help on getting to the next level in my career, as I feel quite stuck.

Credentials:

• 4 years in cloud/application development (full-stack javascript, built ci/cd pipelines, worked in aws).

• 4 years in cloud (AWS, GCP) and application (JS, Python) security

  • 2.5 years at a unicorn cloud cyber startup (series C, employee #70), title was senior security engineer

  • 1.5 years at a supply chain cyber startup (seed round, employee #20), title was product security engineer

  • Currently at healthcare startup (employee ~#200), building a security program from scratch essentially, title is senior security engineer

Technical Strengths:

• AWS security: org-wide governance, iam least privilege guardrails, networking controls (waf, vpc, etc.), code-to-cloud governance (cicd pipeline to ecr to deployment inside of k8s cluster).

• Supply chain security: mitigation of cicd, repository, and package-level risks; building a vuln management program, building secure registries for application teams to utilize

• Automation: proficient in go, js, and python; can write some elixir and rust.. able to efficiently design and build programs that make teams more productive

• Application security: I'm comfortable with interpreting OWASP T10 issues in source code, advising teams on secure guidelines, and creating processes to prevent threats from making it into production code

Technical weaknesses:

• K8s security: I have a general understanding of k8s (eg i can use kubectl to accomplish some tasks), but I feel completely lost with trying to effectively secure it

• Threat detection and response: I understand how to use a SIEM and interpret logs, but I've never had to respond to a serious incident or do serious investigation in a tangled web of network/dns/cloudtrail logs.

• Sysadmin workflows: Never worked in a sysadmin role before so doing linux management is a weak area of mine. I have no issue with operating linux (I use linux on personal devices) and feel at home with the terminal (I use neovim), but I am quite weak with administering secure linux servers at scale.

• Security research: Don't have any CVEs to my name, have done a couple of HTB exercises, feel generally lost in CTFs and niche areas like cryptography, overflow attacks, etc.

Where I'm thinking about going within my career: Cloud security at a FAANG-adjacent company into a CISO/Dir of security role.

And to get there, within the next year focusing on the following:

• Sec/Networking AWS specialty certs

• Learn K8s security

• Improve Linux and network security skills

• Do more HTB exercises, become comfortable with CTFs

• I'd like to write more Rust so that I'm closer to the OS and start to learn eBPF

By the start of 2026, I'd like to be in a good position to work at a FAANG-adjacent company doing cloud security.

Any thoughts appreciated on what I'm thinking about.

Hi everyone,

I’m an MBA student in Texas, graduating in May, and I’m exploring a pivot into GRC (Governance, Risk, and Compliance) within cybersecurity. I don’t have a technical background but am intrigued by the strategic and compliance aspects of the field.

I’ve done some research, but I’m still unsure about the best way to get started. For those with experience in GRC or who’ve made a similar transition please let me know what your experience has been like, if it is worth it and some advice for breaking in with an MBA and no technical background.

I’d really appreciate. Thanks in advance for helping me out!

Besoin dun gros nettoyage

Hi Everyone,

Anyone have any experience with JP in there cybersecurity function?

Got offered a security architect position just want some perspective, thoughts and experiences.

Level is 603 - VP.

Hello joining a faang company next year as a security engineer. I heard mixed info from colleagues on certs. Would it be worth the time to take time from work to do certifications? Or would it be better to focus on learning at work?

TLDR: Hacking is cool. I'm looking for the easiest entry that compliments my skillset into cybersecurity or a similarly adjacent field. My skillset is currently best suited to physical pen testing, I learn quickly and am open minded.

This is going to be an extremely weird read, please bare with me.

I've had 2 knowledge/skillset passions ever since I was a child. Knowledge that enabled me to do things outside the norm/utilize things outside their intended purposes and healing. Come university time, I ended up going pre-med and then psychology. I didn't like the current modality for psychotherapy and chose to pursue my own ends rather than pursuing a masters. To make a long story short, 6 years of research later I'm creating my own system mixing biomechanics, psychoanalysis and applied neurology. It's arduous, time consuming and has a long timeline of execution to be in a spot that I'm happy with. Meanwhile I've been a student my entire life and am rather bored with it, wanting to earn an income while I continue to pursue the work listed above on the side.

A good friend of mine works in cybersecurity and he recommended a few certs, CEH (Yes, I've been reading up on it via this subreddit, I'm well aware of the cert and its parent company being absolutely dragged, no longer considering this) CCNA and Comptia Sec+ (he listed these as easy ways to get a job in IT) and OSCP (the consensus that this is respected but dated to my understanding)

Like I mentioned above, the idea of hacking always appealed to me as a child. This formed my interest in cybersecurity and had me tour a few universities while still in high school for that express purpose. My actual skillset when it comes to computers is fairly limited - I understand how they work, I had moderate proficiency in Python, I taught myself OSINT which was so much fun, I understand and could execute very basic attacks (phishing/spear fishing, MITM, I can add other things like SQL injection with google dorking, but what actual client would still be vulnerable to that)

Where my skills really shine are via physical or human interactions. Social engineering is easy and makes sense - it is just psychology. I trained as a stage hypnotist and learned how to pickpocket when I was big into magic. It would be extremely doable for me to find someone's lunch spot via osint, lift their badge, clone it and then possibly put it back. I have absolutely no social anxiety. When I was in college I used to mess around dressing up like a construction worker and just walking into buildings. I worked as a locksmith for a time, can gain access to virtually any door, including cars, often without needing to drill/damage the lock. Having the legal all clear to do these things would be incredible. I'm not adverse to working for the government in any way.

My motivations are a mixture of humouring the chaos inside me, having a genuine interest, and wanting a reasonable income while I pursue my other goals - which is the path I've chosen in life. Cybersecurity will not become my life long career.

I have dual US and UK Citizenship. I live near enough to London to make it accessible but not a desirable work commute. I can travel to the US but it would take something special to make me relocate.

Thank you for coming to my tedtalk.

I'm interested in hearing people's perspective/review of the GT and SANS Masters programs.

I'm about 3 years into my career with a masters degree in mechanical engineering and working in OT security. I'm hoping to gain more technical knowledge that I'm missing since I don't have an educational background in IT, cyber, etc.

At GT I'm looking at the cyber physical track but haven't found much discussion on it here or elsewhere. I have found online that many of the classes, specifically in the Cyber physical track, are not great, a ton of work and the lectures don't align with the assignments. Does anyone have experience with the program?

Also considering SANS but obviously cost is a major factor there. The masters program makes the certs much cheaper but it's still a significant cost. My company will pay some but I'd be on the hook for about half of the SANS Masters while GT is cheap enough to be free. I'm really looking to expand my knowledge rather than going for the degree itself since I already have an MS in MecE.

Lately, I’ve been feeling overworked and underpaid, and I think part of the problem is that I’ve never really learned how to negotiate. Right now, I’m a Lead SOC Analyst at a small cybersecurity startup, and after talking with the Director of Operations, it looks like I’ll be promoted to SOC Manager early next year. That sounds great, but I’m worried that my career has moved a bit too fast and my salary hasn’t kept up.

Before this, I was working in a helpdesk job while studying for certifications like Security+ and using platforms like TryHackMe and Hack The Box. When I got the offer to become a SOC Analyst, I was excited, even though it came with no pay increase (I was making $45k then). I figured cybersecurity roles were known for paying well and that it would come in time after I putting in some work.

Over the next few years, I moved up pretty quickly. I was promoted to Tier 2 Analyst with a $5k raise after a year, then to Tier 3 with an $8k bump, and earlier this year to Lead Analyst with a $10k increase. But when I compare my salary to others in similar roles, it feels like I’m making a lot less. I know startups can be tight on resources, but my workload has been heavy—working an extra 1-2 hours a day as a salaried employee. We do have unlimited PTO, but I’m always hesitant to take much time off since I know I’ll be drowning in work when I get back.

I still like what I do, but I’m starting to worry about burnout. With my annual review coming up, I’m planning to bring up both pay and workload to make sure I can keep going without burning out.

Even if I get a decent raise, I feel like it still won’t match what other Lead Analysts are making. I feel like I need to jump ship to get a decent raise. Thoughts?

Hello guys, i am working on a thesis as part of my academic work. My research looks into the usability and usage of multi factor authentication systems in cloud among people. How it affects them. Now i am counting on you guys to help me complete this task. I am posting a google form link with this post everyone of you please take a look and help me complete my survey. 

Google form link - https://docs.google.com/forms/d/e/1FAIpQLScUs9pKIi6uDOXDq5FA9HGFR7ydPXtXCxaRWNtY-a_vrEQ4pw/viewform?usp=sharing

I am a junior cybersecurity student searching for a job in cybersecurity. Could someone review my resume? Have I included too many things or enough? I would appreciate any suggestions for improvement.https://drive.google.com/file/d/1NGCFEelV3U5AU8KO5Np-yYwWrNRLZdbh/view?usp=sharing

25M. Studied "Programming and Management of Computer Systems" in Highschool. No prior IT EXP besides internship from school.

I will be starting a Cybersecurity program in February (19 months with internship) but I want to get ahead of myself already and after a lot of exp in IT, eventually go to pentest. I know that cybersecurity/pentest itself it's not an entry position so I might go for network/helpdesk if I don't get a good internship.

That being said, CompTIA trifecta A+ N+ S+ versus CCNA as first cert. Currently unemployed which means I have 14/h per day to study.

Currently doing all free tryhackme stuff/ cisco introduction / created account on htb. (idk if I should go for paid tryhackme or hackthebox tbh)

Downloaded VirtualBox and got Ubuntu so I get the hang of linux.

Which could be a good path for me? Don't really care if its the harsh road or not.

Don't know if it's the right community to post but well, reaching out to strangers. Thanks a lot in advance.

Hello everyone,

I hope you all had a happy Christmas and looking forward to the new year.

I have a question regarding hardware, specifically in laptops for learning and certifications.

I understand that a desk tower machine is a preferred use of hardware however u do travel from time to time so I am thinking a laptop is a good place to start for now for learning on tryhackme, etc,etc. my question is what laptop would people suggest, do people prefer a operating system like Microsoft Windows or apples OS Mac. If so then which laptops would people suggest. Do I need to consider storage space if I’d like to look at downloading Linux.

I also have a side question for those of you that live in the UK. Has anyone done any of the free courses in England e.g. level 2 cyber security. Is this a good place to start learning the fundamentals. I understand tryhackme and other courses are available but was wondering if anyone had any experience starting this.

Thanks all for your time. 😊

I believe Its off topic but want to ask.

I am preparing for an interview.

Just would like to understand what are the kind of questions that will asked of CISSP-certified candidates during the interview.

I know most of the questions will be based on a role for which hiring is happening. But still wanted to know what was your experience

Can anybody share your interview experience?

Hi all,

Seeking advice because I have just received an offer from EY as a full remote senior cyber consultant in their SIEM/SOAR space.

Current job is very chill as an Engineer, <40 hour work weeks, 4-5 weeks (“unlimited”) PTO a year, and I can pretty much work on whatever I want within reason. I’ve gotten to a point where I’ve been pretty boring after automating everything I can. The only issue is that there is no room for promotion internally and is why people on the team have left in the past. Manager and team are awesome though. Salary is $115k and I have a total of 5 YOE (3 as security analyst, 2 as engineer). MCOL city.

My recent offer is for $170k base with $10k sign on. I’m single, 27, no girlfriend/kids so I would love to travel if it happens.

I’m looking for advice based off my current variables because I hear consulting is a lot of work. Would this open up doors for me in the future? Is it worth it to get the senior title and compensation increase? Anything I should know about what I would be getting myself into? I know money isn’t everything, so I’m having a hard time making this decision. I would hate to give up something great, but even if 1-2 years could set me up better for the future then I think it could be worth while. Am I crazy for being reluctant about this?

Hello everyone, I am finishing up my last year on my contract with the Army and I still haven't found the best course of action in regards with using my GI Bill after the military.

I got my associates in network administration from tech school before I joined and did help desk for a couple years. I worked a contracting position for a few months as a NOC operator prior to enlisting.

I finished my BSc in Cyber Security Technology and I have CompTIA's Security+.

My MOS is 25H - Network communications specialist

• To be honest I wasn't in a signal unit during my time so this is pretty much 6 years not really doing IT.

I've been self-learning as much as I can. I plan to get RHCSA, CCNA, and I have a free voucher for CKAD.

Then I was going to focus on the Cyber side more and either go TCM Security certifications or straight for OSCP.

I have been self learning Python in my spare time. I have the opportunity to do Microsoft's Software & Systems Academy (MSSA). I chose the Cloud Application Developer path to strengthen my programming skills and dip into DSA and other fundamental comp sci areas.

The big question is what would be more beneficial for me in my career?

CU Boulder post-bacc in computer science Or SANS institute

• I called admissions at SANS and they reviewed my resume and said I do not qualify for their masters or graduate programs and recommended the ACS (Applied Cyber Security certificate - GFACT, GSEC, GCIH, 1 Elect).

I want to focus more towards DevSecOps or AppSec if I can boost my ComSci background. But I am open to try Security Engineering roles and starting in a SOC position first.

I don't want to go back to help desk. My Linux skills are good and would apply for a sys admin/Linux Admin positions and cloud admin positions as well to gain experience.

When I get out I will be living in Europe, most likely Germany. I already have a plan for my residency and obtaining my B2 in German to increase my chances.

If anyone has any recommendations on which option to choose or if they think something else would be more beneficial I'd greatly appreciate it.

Hey everyone,

I’m looking for advice on how to improve my career and get some clarity. I’m currently working as an Application Security Analyst with experience in SAST, SCA, and Secrets detection features at a security company. Over my one year in the company i was the only one in the company responsible for developing these features, which includes creating detection rules, building logic for identifying vulnerabilities, writing custom regular expressions for secrets detection, and performing research to validate if a CVE is actually vulnerable and relevant. I’m also heavily involved in benchmarking our product, verifying the reachability of vulnerabilities, catching false positives and false negatives, and opening bugs to improve the engine.

I also check and understand customer issues , and lead POC (proof of concept process ) whenever a potential customer wants to buy our product. And recently there was a team built around me where i lead 2 other people who helps me with the tasks.

While I know I’m contributing to the company in a meaningful way, I often feel lost and unsure about what the correct definition of my job is. Is my experience relevant in other roles or companies? I have a constant fear of getting fired and I’m not confident that I’d know how to apply for new positions or even what fields I should be aiming for. My coworkers and manager respect me and rely on me, but I’m always looking for validation and feel anxious about my job security.

I want to expand my skill set to make myself more marketable and feel more secure, but I’m not sure which fields or areas of knowledge would be the best to focus on. Any advice on what I can do to gain more relevant experience and knowledge? Or how I can calm these fears by knowing that I’d be able to find a job if things go south?

I am basically always in a constant fear of being fired or the company which is a startup bankrupt, i am afraid that then i cant use my skill set to land another job in app sec world , since me experience is so narrow only to that world, and since this world is so small i fear not finding a job.

I want a way to find / learn more stuff in appsec world or security world in general , a hands on experience that i can practice on and that would help me in the future to find a new job if something happens.

Any insights or suggestions would be greatly appreciated! Thanks!

I’m 21 and currently at a crossroads in my cybersecurity journey. I’ve completed the CEH (theory) course, which I know is good for strengthening my resume, but I still feel I lack the practical knowledge needed to excel.

Here’s my situation:

I want to start bug bounty hunting from scratch. I’m ready to invest time to learn and master it, as it aligns with my ultimate goal. I also aspire to create content in the cybersecurity field to share knowledge and help others. Right now, I’m unsure whether to focus entirely on bug bounty or take up a cybersecurity job if I find one. I don’t have significant responsibilities on my shoulders right now, so I feel this is the perfect time to learn and grow. But I’m torn between dedicating myself to bug bounty full-time or balancing it with a job to gain experience and financial stability.

What would you suggest? Should I focus completely on bug bounty hunting and content creation, or take a job and learn bug bounty alongside? Any advice or insights would be greatly appreciated.

Thanks in advance!

So for context, I am a Computer Engineering graduate from the Philippines that moved to Canada as a PR to be with family. I have almost 0 experience as I immigrated right after graduating. I figured I would work on some skills that can get me a "computer" related job as I enjoy and excel with computers. I'm currently working customer service and I have a lot of free time since I have limited hours.

I decided to get a Google Cybersecurity Certification and I plan on getting the Sec+ soon, but i'm not sure if that is the best option since I currently have no experience in the field. Considering that funds are limited, what is the best course of action?

Hello everyone, I am currently applying for an internship position in cybersecurity. I haven’t received a response yet, but I want to start preparing for any potential interview.

I’ve researched common interview questions and answers, but WHAT IF, during the interview, I don’t know the answer to a question? What should I say in that case?

Im currently working as a Senior SOC Analyst/SOC Analyst II

I have a more than 3 years experienced in Security now. I don't have any certification at the moment and planning to get one (wanted cert thats not too pricey as I don't have the budget not living in US/UE.) and getting one mostly for credential also for the sake of having a certification. I'm planning to get Cysa+ as it's affordable to me. But reading the exam details it looks pretty easy for me. I'm just wondering if this is still worth getting on my current status?

"I'm exploring various topics and potential threats in IoT, but I'm feeling a bit lost about what specific area to focus on. Could you guide me on the best practices for conducting research in this field? Additionally, if there are any notable projects or studies related to IoT security, I would appreciate it if you could share them."

Hey, I'm new to cybersecurity.
Did some research on YT regarding on how to get started, decided will do Google CyberSec Cert to get the gist of it. (recommended by UnixGuy and Josh Madakor | YT)
I am on my 2nd module and quite enjoying it.
I am 3rd year CSE student and don't want to pursue something common like web dev or such.
Should I keep researching onwards since I know CyberSec is vast?
I fully understand I will a be a student for life as its a constantly advancing sector.
Any tips and advices for new steps in my journey.

I would like to switch career to cybersecurity.

Any great source to start learning from youtube ?

Some basic to intermediate knowledge

Recently moved to Unites States - Work search tips

I recently moved to NYC from overseas and need work search tips since I lack local connections. I have 15 years of experience in cyber security, cloud security, AppSec, detection engineering, and incident response. I rely on my extensive experience rather than college degrees or certifications. Apart from applying on LinkedIn and sending my resume into the black hole, what are recommended strategies to attract the attention of tier 1 tech/security vendors in NYC?

I am a Double Major in Computer Science and Cyber Security about to graduate from a no name school.

Experience: Security Engineer Intern at one of the Top insurance company (1.5 yrs par-time)

Security Engineer Intern at a MULA company (Microsoft uber Lyft and Airbnb) (3 months summer intern)

SWE intern for a start up company (3 months summer intern)

IT for one year at an hospital ( 1 year part time )

Unfortunately in the MULA company I wasn’t able to get a Return offer due to headcount. I have been applying for jobs ever since then applied to over 200+ cyber jobs entry level roles and haven’t really gotten any call back yet. Out of the 200 jobs applied only had one interview with Google but failed( still super depressed after this and demotivated)

I don’t have any certifications unfortunately yet working toward the AWS cloud practitioner.

I am getting really tired and depressed because I decided to chase my passion which was cybersecurity and now I can’t even get a job. Contemplating switching to Computer Engineering for masters and do something else.

The SWE market is cooked and I don’t come from a prestigious school.

I have won various CTF and on HTB pretty active and have pwned over 10 boxes idk if that’s matters.

But tbh I am loosing hope and I don’t know if this path is for me anymore. Idk what else to do I have had my resume reviewed by so many people including engineeringResume sub and yet no result idk what I am doing wrong..

Not sure if the 0 certification plays a big role in it but idk what to do anymore