As the title says, what are some magazine's or newsletters that would be good on keeping up on the latest cybersecurity developments?

Also, where could I find a list of organizations (private or public) that take on Cybersecurity?

I'm trying to plan things out while I'm in my full time college (Navy reserve) status.

​

I’m a junior pentester, only worked with on-prem systems so far. My small company has a few clients interested in adding cloud (AWS and Azure) to their tested services. I’ve been offered the opportunity to learn and was looking for recommended courses. I’ve had no cloud training to date

Hello everyone Im 20 I'm very interested in starting a career as a cyber security expert so how' can noob like me with almost no knowledge Start learning? Like I'm planning to go to a course for Network security and computer forensics or ehaethical hacking and programming is that a good choice or not?

Hi! I’ve been in the industry for just over 6 years now. I started my career off in DLP when I graduated from uni and working my way up to being a Senior SOC analyst for a well known MSSP in London.

I’ve recently moved from from my job with the MSSP and am now working as an Analyst for a pretty big fintech in London. My question is what is the natural route of progression for an analyst? I would like be eventually get in the Engineering or Architecture side of things but not sure how to go about it.

Any advice would be greatly appreciated!

I've got an interview with the HM with DLH and a recruiter screening with Spring Health tomorrow. Any first-hand experience working for them?

I'm coming from the military so my exposure to anything not directly defense contractor is pretty minimal. I looked on Indeed and Glassdoor but the reviews and salary info for cybersecurity roles is lacking. Appreciate any insight!

Future

Hello Everyone I’m a 18 year old high school student and I am very interested in cybersecurity and I’ve decided that that’s what I wanna do for my future, but I can’t decide if college is the best choice to get my computer science bachelors degree at seton hall or if I get the certificates at NJIT, of course there’s many ups and downs like missing the college experience for actual cyber experience and missing out on opportunities in future management by not going to get my bachelors. My girlfriend is going to school for a field in archeology and I want to her to be comfortable with my choice too but I also want to have the same college experience as her. Overall I looked at many job websites like linked in and for most of it you need to degree but some do say or equal experience.

I do want to get into the field fast but I do wanna get a good paying job before I hit 30 years old. Any advice will help but I only have two days to make a decision or else I loose my money at seton hall. People who live in the tri state area would be very beneficial

Tldr: I would like advice on what else I can do to improve myself further for this position when I apply in two years time

Hey everyone,

Last week I’ve reached out to a CEO of a government agency regarding internship opportunities in cybersecurity, and I was pleasantly surprised when my email got forwarded to the hiring manager and talent manager so quickly.

After a short phone call with the talent manager today, I learned about the specific skills and experiences I should aim to acquire over the next two years to strengthen my candidacy.

I’m currently pursuing a part-time degree at a top university, and I intend to obtain multiple cybersecurity certificates, participate in Capture The Flag (CTF) competitions, and aim for a Honours GPA (easier said than done)

However, I know I’ll be competing against younger, hungry full-time students from the same school and other universities for the same internship position.

Although I am early and have already registered interest, I would like advice on what else I can do to improve myself further for this position when I apply in two years time, I have thought about following up with the manager and attending their roadshows, etc but if a manager could advise on what I can do, that would be extremely extremely helpful.

Appreciate every advice!

I've observed that current cybersecurity students often complete OSCE3 before graduating and participate in many Capture The Flag (CTF) competitions with top teams. Given their high level of expertise and activity, how do we keep them engaged and satisfied in the real world of cybersecurity, which isn't exactly like CTF competitions or Offensive Security exams?

Hey all,

I'm a Navy Reservist who's a CTR (Cryptologic Technician Collection) and have been looking into a career in cyber security. I feel like I'm taking a rather unusual route. But, I'm a semester away from graduating my community college with an associate's in Psychology. Afterwards, I plan on going to my university in order to double major in Computer Science and Psychology with probably a minor in Information Systems. Ideally, the end game would be a Master's in Cybersecurity.

With that said, am I going in the right direction? What kinds of jobs will I end up landing with this route? Are there any other fellow reservists here also working in cyber? Any tips?

I want to work in a mixture of intelligence and cyber elements (isn't Cyber intelligence a whole subfield?) on the civilian side while being in the Navy for as long as possible.

Any help is much appreciated! Thank you.

Hi all, I've been an Oracle DBA for the past 4 years. I have a bachelor's degree and am about a year away from a masters degree. Lately I have been feeling more and more disinterested in database and am really wanting to try something new.

I've decided I want to transition my career away from database and instead work in cybersecurity. I am planning on getting getting the N+ and then Sec+ certifications. Do you think my 4 years of experience in IT as a DBA plus those two certifications would be enough to get me started in a cybersecurity position? Are there other certifications I should prioritize instead? Or more I should try to get after Sec+? Any other advice would be much appreciated.

Thanks in advance.

​

Does anyone know how to practice finding weaknesses and correcting the code that will be in CODILITY?

I didn't find any examples of security code qeustions

As far as cybersecurity goes it seems like a strange place to be. Half networking and half security. Not really a networking guy and not really a security guy.

I have pretty much plateaued in this field. Is cloud networking security engineer the next step?

Anyone currently a cloud network security engineer? How was that pivot?

Context: Almost 10 years working for a firewall vendor with the same title as an implementor. CISSP, CCSP, CCNP, (FW vendor high level cert)

Here's the deal,

I'm 31M and am in sales at the moment but desperately needing out after 11 years in the industry. I'm the family IT guy, but my knowledge and skillset is limited. I know a little bit about a lot but not enough to be dangerous.

I've decided I want to go back to school but am a little overwhelmed on what to do. I like the idea of WGU because I'm going to need to be a full time working student so online is appealing. But I'm stuck on which degree to pursue.

I know I want to end up in Cybersecurity but I'm hearing conflicting Info on where to start. Any advice is welcome.

I've been in the IT industry for about 10+ years, from Networking to Presales to Security testing. The last 5 years of my life were spent purely on penetration testing and red teaming.

Here's the thing, I'm not an extremely good penetration tester nor am I a good red teamer. If you give me an engagement, I will definitely tryharder and find vulnerabilities, however I know my capabilities and limits. Over the years, I've uncovered about every kind of vulnerabilities from XSS to blind SQLi.

For the red team side of things, My expertise is in phishing and its related tooling. Deploying mitm, creating lures etc. I've tried my hand at malware obfuscation via kits but its at a fairly basic level. Post credentials, the usual lateral movement and internal enumeration's pretty standard I guess.

I understand how things work in an enterprise context, from the infrastructure architecture to security controls etc. I've created a couple of in-house tools to aid in improving our security posture with relation to Threat intel / OSINT.

My problem is I know I have these technical skills and knowledge but I also know that i'm not good enough to be "top tier". So my question is this, Where should I go from here?

Should I remain in technical testing field, or move towards more "managerial" or even GRC roles?

I'm tired.

Certifications wise, I've got oscp, oswe, ccna.

Thanks in advance

Hello community,

I’m trying to switch into cybersecurity, got a couple of Certifications, I have a decent background being employed for 3 years in back office managing the whole IT of a soho, even infosec, then 6 years as data analyst.
Got an interview for a job in a huge corporation, first interview was with 2 of the chiefs and I have a couple of weeks to prepare for a deep technical interview with with the member of the specific department I should join. Now I have some questions:

This is the description of the job offer, which was for a soc analyst:

What you'll be doing

• Profound knowledge of SIEM applications such as Splunk or Microfocus ArcSight
• Expertise in designing and managing rule-based systems
• Basic understanding of Oracle databases
• Practical experience in analyzing complex ICT networks and systems
• Familiarity with microservices architectures
• Experience in analyzing business requirements
• Proactive and autonomous approach to task execution

What you need to succeed

• Genuine passion in cyber security, proactivity, team working and curiosity;
• Proficiency in programming languages such as Java, Python, or Linux shell scripting
• Knowledge of network and security engineering;
• Excellent written and spoken English communication skills

Nice to have

• Experience in the banking environment
• Experience in fraud prevention scenarios
• Knowledge of antifraud market tools
• Proficiency design and development on relational and noSQL databases

I feel quite confident on Splunk, oracle db, rbac, and even analyzing networks as it was needed for the certs, nmap is a lifesaver anyway, but during the first interview they specifically asked me if I was able to manage the security of services and applications.

Now, I think the role they're proposing me is the devsecops, which was not what I applied for, and honestly the only thing I can do which could vaguely fit that role is the sanitation of inputs, but I fit for anything else in the description (but the "nice to have" section) so I'm asking, how would you prepare for a similar interview?

I have zero java knowledge, like complete noob, should I try to learn some? I never needed it and they were more interested in my python skills but if we're talking about devsecops I think java is much more relevant? Any good resource?

Moreover, anybody with banking security experience mind sharing some thoughts and tips?

Thanks to anybody willing to answer

Hi guys, I am a B.tech graduate from 22 and i have like 10 months of experience in backend and frontend development. In sep 2022 i was let go by my company....applied for jobs for like 4 months didnt get any success so i decide to pursue cybersec cause i always wanted to do....prepped for certs like oscp which i failed first attempt this jan but got sec+ and pentest + just to have something on my resume (so career gap of 1.5 years). I am applying for entry level Soc analyst/security analyst jobs for a month now no callbacks yet. I know the market is fked right now but any advice what should i do next? I have been looking into bug bounty and freelancing but idk if i have skills for that.I dont want to keep increasing the career gap.

Will the career gap affect me in a major way?

What jobs should i apply for right now which would be better?

Any more certificates i should do?

Any advice will be appreciated. Thanks.

Hello everyone,

I recently graduated in cybersecurity, and I'm gearing up for job interviews. I'm looking for recommendations on study materials and resources to help me prepare, particularly for cybersecurity case studies.

Could anyone share cybersecurity case study materials that are commonly discussed in interviews?

I would appreciate your help.

Thank you in advance for your help!

I want to dedicate the next 3 months on earning some certificates in order to land a job as a red team professional. I already have some experience at cybersecurity firms, but on the auditing side and presales on the SI side. I also have a higher diploma in cybersecurity, so I already have a background in ethical hacking, networking, scripting and auditing fundamentals. On top of that, I'm graduating from university in computer science as well.

On the side, I've done HTB machines based on TJ Null's OSCP list, and gone through about 40% of the way, and have been learning everything needed for OSCP on and off for about 2 years. Only thing I haven't touched on has been AD and BoF. My linux knowledge is strong, but my Windows privesc could use some polishing.

Due to circumstances that I don't want to get into here, I estimate that I would have to apply for a job some time in late July or early August, which would give me about 3 months to produce a certificate in order to apply. OSCP would be ideal, but it's currently out of budget both in terms of time and money. So I'm looking to doing eCPPT first and CRTP after.

I'd like some insight from professionals here as well, as I view eCPPT as a general certificate for pentesters and CRTP for active directory for red team knowledge.

Thanks in advance.

Hello, Im a newbie in cybersecurity. I heard that tryhackme.com has a good learn paths for offensive security beginners and junior pentesters. Is this also good to learn defensive security using tryhackme.com?

Hello, I have an interview for a network security engineer position in two days' time. This is my first interview for a cybersecurity position and I would like to prepare myself as best as possible. Any tips or advice would be appreciated. Thank you in advance ✌️🙂

Hello, recently I started asking about which cybersecurity field has the biggest demand, and what demand the cybersecurity has in general? Im extremely excited in learning ethical hacking and offensive security, but I heard that there is no demand for it in civic purposes. Only some intelligence agencies or the police will hire you and pay well. What do you think about it?

Hey Everyone,

I’m going through a process for a technical support role. I’ve passed their technical assessment but now they’re asking me for my previous work experience but I have no previous work experience. What should I say exactly?

Hey all, I work as a QA in cloud with an ambition to land a role in devsecops/cloud security. Please tell me how I should go about starting my journey in this area and what does the current market exactly look for?

Hi everyone,

I need major help in determining how to go forth from here in terms of career. I historically was of the software engineering hobby-type and tinkerer and then started working in a SOC after graduating with a bachelors degree in computer science. It was during covid and that was the job I could get -- and was thankful to have.
I'm completely burned out on Alerts, ATOs, and vulnerabilities and am looking for a new job after about 4 years experience total. This market is of course... a bit rough -- and I hate doing SOC work. I'd rather be typing code and working with cloud appsec/prodsec etc and being technical specialist hands on. I also am not historically of the IT type where I started as a Sysadmin, Network firewall admin, etc.

Had an interview today for an architect position. The hiring manager said the following which was kind of interesting to hear -- and in my opinion a bit of a red flag:

Potential Minuses

• I’d be expected to be team lead and do some managerial duties down the line. The exact balance between being individual contributor and team lead would vary per my interviewer's wording, depending on how he views the new staff member's strengths. If he thinks someone is stronger individual contributor, they'll manage less People would come to me with questions and seeking advice, especially the contractors [this position is to be the only FTE on the team -- and to become the manager's right-hand man]
• Less playing hands on with technical toys and skills, more about consulting on projects to identify risks in architecture and addressing it accordingly
• SANS training opportunity attendance is relatively fewer. He mentioned how hard it was to get it for employees due to price ($8,000 per training... apparently they don't get a discount on class purchases). That's interesting to hear, but I could do some cloud certs out of my own pocket
• 4x360 reviews, four people review you for promo and annual review. So one needs to be very strong and collaborative both with people within and outside the security architecture team, where four people give you a performance feedback for yearly review
• Harder to retain technical skills and capabilities in this role. Architecture is just a bit abstract. So in this role technical skills can completely atrophy.... I historically have been more technically hands on

Pluses of this role:

• Larger company in financial services. potential to move around internally if I need something better [i guess, didn't confirm this with hiring manager]
• It's potentially the job I can get in this market. Have been hunting since August 2023 for a new gig
• Leaving a poorly run SOC and lack of technical, career, and fiscal growth. I do not want to see another alert in my life
• Potentially some appsec component to it, the manager wants a combination of appsec and netsec. That plays right into my programming background

How do you all react to this? Is the architecture role worth considering? Or not? My biggest concern is it being more abstract and not technically involved hands-on.

Thank you in advance for the insights!

Currently: I am currently a Claims compliance and Audit Manager with a local pharmacy. I have been at this since 2011. My bachelors degree is in cybersecurity (graduated 2023) and I have done Simply Cyber GRC Masterclass. I have also taken various classes on Udemy on topics from Frameworks to GRC course to IT audit courses. I also had a side business doing IT Support Consulting (basically Help Desk for the community). I also have several certifications Comptia Project, A+, Net +, Sec+, Cysa+, Pentest and ISC2 Associate, SSCP. (these are all still active and I am wanting to turn the associate into member but I need the experience) I got these while in college. However, I generally only put SSCP and Sec + on my resume

Goal: I want to transition into GRC, IT audit, or HIPAA Privacy

Questions:

1. Should I put all the certifications on my resume? I am also struggling to do an executive summary on my resume that would help me transition.
2. Should I put all the classes that I have taken on Udemy and the Master Class on my resume?
3. Would paying for the OCEG certifications and classes be worth it? I don't want to take CISA or CRISC until I have more experience, because god forbid I take it and spend all that money and still cant get the experience and lose the certification.
4. I feel like since my experience isn't directly related that I am being passed over. I am just lost on what to do. Below is my experience that I have on my resume at this time.
5. Should I try for Help desk? My issue is I am the only income in my household, my husband is sick and cant work so I can't take less than 55K

RESUME EXPERIENCE

Executive summary that I have currently:

Seasoned professional excelling in healthcare operations, billing management, and IT consulting. Expertise lies in regulatory navigation and resilient strategy implementation. Recognized for driving efficiency and project leadership. Ready to leverage skills in GRC analyst roles, ensuring robust governance, risk management, and compliance.

Claims Compliance & Audit Manager

• Achieve a 25% reduction in prior authorization rejections by implementing communication protocols between facility, pharmacy and prescriber and establishing proactive medication review processes.
• Lead a team of 4 to exceed monthly claim audit targets, consistently maintaining a compliance rate of over 96% in adherence to regulatory standards and industry best practices. 
• Implemented innovative strategies resulting in a 24% decrease in claim processing time, enhancing operational efficiency and optimizing resource utilization. 
• Successfully resolved 90% of claim discrepancies through rigorous analysis and negotiation with payors, ensuring maximum reimbursement. 
• Spearheaded training initiatives, developed and maintained a comprehensive training curriculum including how-to guides, step by step procedures, standards and industry best practices, resulting in a 20% increase in staff proficiency in claim submission protocols, reducing errors and mitigating risk of claim denials or audits. 
• Enhanced claim compliance by 15% through continuous monitoring and refinement of internal processes, fostering a culture of accuracy and accountability within the organization. 

IT Support Consultant/Owner

• Provided personalized technical support to a diverse clientele, troubleshooting and resolving IT issues promptly and effectively using tools such as; teamviewer, zoom, google meet, wireshark, various command line utilities (ping, traceroute, netstat, ipconfig, etc) disk management, event viewer, performance monitor, chkdsk.
• Demonstrated expertise in setting up and configuring home networks, peripherals and other devices including routers, modems, printers, scanners, computers, and smart home devices ensuring seamless connectivity and functionality for my end users. 
• Implemented proactive security measures for home networks, including but not limited to router security, firewall configuration, parental controls, vpn setup (OpenVPN, Express VPN, Nord VPN, Surf Shark), Antivirus software (Norton, Bitdefender, McAfee, Avast and Marlwarebytes), mitigating cybersecurity risks and safeguarding sensitive information.
• Managed a diverse range of technical inquiries via phone, messaging, email and remote assistance tools, efficiently prioritizing and resolving issues with a focus on maintaining high levels of customer satisfaction
• Provided end user education and training on IT best practices such as password security, recommending password managers, malware prevention guidelines and data backup procedures resulting in increased user awareness and reduction in preventable technical issues. 

EDUCATION

Western Governors University, Global, Salt Lake City, UT

Bachelor’s of Science, Cybersecurity and Information Assurance

PROFESSIONAL DEVELOPMENT

SimplyCyber GRC Analyst Master Class, 2023

• Comprehensive training program covering governance, risk management, and compliance in cybersecurity, instructed by experienced cyber professions and industry experts. 
• Developed expertise in regulatory compliance, risk assessment methodologies, and governance frameworks.
• Acquired practical skills in managing cyber security risks within an organization through hands-on exercises and case studies. 

Certifications

Security+, ISC2 Associate, SSCP

Seed Labs - Hands-on Labs for Security Education

https://seedsecuritylabs.org/
Started in 2002, funded by a total of 1.3 million dollars from NSF, and now used by over a thousand educational institutes worldwide, the SEED project's objective is to develop hands-on laboratory exercises (called SEED labs) for computer and information security education and help instructors adopt these labs in their curricula.

Vulnerabilities

• Adversarial Tactics, Techniques & Common Knowledge: https://attack.mitre.org
• Alien Vault: Open Threat Exchange https://otx.alienvault.com
• CVE Common Vulnerabilities & Exposures: https://cve.mitre.org/
• CVE Details: https://www.cvedetails.com/
• Cyber Future Foundation: https://www.cvedetails.com
• National Vulnerability Database (NVD): https://www.cvedetails.com/
• Rapid Seven: Exploit Database: https://www.rapid7.com/db/?type=metasploit
• Software Assurance Forum for Excellence in Code SafeCode: https://safecode.org/
• United States Computer Emergency Response Team (US CERT): https://www.cisa.gov/

Awesome Lists

• Security - https://github.com/sbilly/awesome-security & https://github.com/fabionoth/awesome-cyber-security & https://github.com/onlurking/awesome-infosec
• Threat Intelligence - https://github.com/hslatman/awesome-threat-intelligence
• Penetration Testing - https://github.com/enaqx/awesome-pentest
• Incident Response - https://github.com/meirwah/awesome-incident-response
• Security Operations Center (SOC) - https://github.com/cyb3rxp/awesome-soc
• Red Teaming (no longer updated) - https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
• Hacking - https://github.com/Hack-with-Github/Awesome-Hacking
• Python - https://github.com/vinta/awesome-python
• Application Security - https://github.com/paragonie/awesome-appsec
• Java - https://github.com/akullpp/awesome-java
• Javascript - https://github.com/sorrycc/awesome-javascript
• Splunk - https://github.com/sduff/awesome-splunk
• Bash - https://github.com/awesome-lists/awesome-bash
• Powershell - https://github.com/janikvonrotz/awesome-powershell
• Malware Analysis - https://github.com/kh4sh3i/Malware-Analysis
• CTF - https://github.com/apsdehal/awesome-ctf
• Honeypots - https://github.com/paralax/awesome-honeypots
• PCAP Tools - https://github.com/caesar0301/awesome-pcaptools
• Forensics - https://github.com/cugu/awesome-forensics
• Web application testing - https://github.com/infoslack/awesome-web-hacking

​

My background is in forensics and security operations (S0C Analyst). I've used a lot of the tools seen in both roles (SIEM, EDR, a ton of forensic tools). I've responded to incidents both as an internal employee and as a consultant.

l'd like to move away from first responder type of roles which usually involves shifts or crazy hours to a role that's more 8-5 and where I have to figure out solutions and not do repetitive tasks (SOC) or deal with wild incidents and no work/life balance (consultant).

Also, I know Python and SQL (not an expert) and want to focus on the best things to learn to be successful in this role.

Researching this position and applying I've gotten denied to a couple of roles. Most job descriptions mention the following:

• SIEM Engineering (log ingestion, management)
• Playbook creation (l'm assuming SOAR)
• Creating rules and detections (not sure if they expect YARA, Sigma, Regex)

Other companies mention familiarity with CI/CD pipelines, containers (docker, kubernetes) and are more heavily focused on coding. Please feel free to share your thoughts and resources to learn any of these.

So I landed my first Jr. cybersecurity analyst role and I’m excited and soaking up all of the knowledge I can, I love the environment and the people I work with so far are really chill. I and enrolling in WGU for the BSCSIA and already have the network+ and Security+, my question is how long should I stay? The main reason I ask this is because it’s 47K start and after probation period 50K. I live in a LCOL area.

I am not directly looking for job , but i want to get started in cybersecurity .

Please tell me a path of cert to get in it.

I am currently doing btech in cs 1st yr, from not very promising college!