I've recently been seeing a lot of opportunities in cybersecurity and started to look into it a little bit. However, I have no prior experience, background or education of cybersecurity of any sorts. For context, I am a junior at a university in CS who has specialized in swe/data science. All the courses I have taken and planned to were aligned with swe. I am proficient in c+t, python, and sql along with some knowledge of how to use shell or whatever the terminal/cmd prompt is in. If anyone can help me build some type of road map or give me a general idea of what to do to start and one day land a job position I would be very grateful. Any advice would be helpful. Thank you.

I'm currently exploring cloud security auditing tools and came across THESE tools. It looks good for automating security checks and getting recommendations. What do you think? Any recommendations?

I work in the federal contracting industry in cybersecurity. A few years ago I burned a bridge with my employer. They had a job setup for me which I ditched for another job at another organization.

A year later I was going through a few serious personal issues and took some time off working. I was able to find another position a few months later but it was a temp contract. After that contract ended I had a really hard time finding a stable job.

All I get offered now are jobs with more responsibilities, but low pay with smaller companies. I was working for mid to large scale organizations before. The only thing I can point to is the fact that because I was not reliable my name may be getting a bad reputation.

I am willing to suck it up, work on my career, skills, certifications and even purse higher ed in getting a masters/JD. I have a clearance.

Is there anything else I should do? How can I repair the bridges and get a job back in the large or mid scale federal contracting companies?

Is it more advisable starting off as in intern in software engineering or technical support?

Assuming both internships are at cybersecurity vendors, which is a better path?

Hello everyone,

I need some advice. Would it be better to do a degree in IT or to stack up certifications such as S+,N+,CISSP,CGRC,ISSEP,ISSMP,ISSAP,CISM,CRISC,CySA+, Pen+,AWSCP and so on.

Doing both the degree and certs would be really costly so I just need some advice on what would be better and what would help me secure a job. I plan on gaining experience after acquiring a few certs.

Thank you.

I often read how Cybersecurity isn't an entry level field. But I'm seeing quite a bit of cybersecurity/ information security internships on Handshake and the student organizations that I'm in has internship exclusively for students in these organizations.

Will not having help desk or sysadmin experience hurt me in the long run? I'm a computer science major with a minor in cybersecurity. My initial plan was to start off as a software engineer and then pivot to Cybersecurity.

Hello everyone,

I am 22 years old and I am attending, a year late, the last year of the degree course in Computer Science, but I find myself in a somewhat complicated situation and I need advice. I have some backlog of exams, and this is starting to weigh heavily on me.

Precisely for this reason I now feel unsuitable compared to my classmates, who seem more prepared and confident than me and I am starting to doubt my abilities and I am afraid of not being able to build a career in this field. However, what I am studying is really passionate about and I am sure I want to continue and in the master's degree I would like to continue with the security course.

What I would like to ask is if any of you have experienced a similar situation at university? How did you overcome these moments of doubt and uncertainty? What would you recommend to people like me who don't have a solid foundation behind (because in high school I studied something completely different) to move forward in this sector? Is it very important not to graduate late in this world? Could it affect my career?

Any advice or experience is welcome.

Thanks in advance.

Hey everyone! I’m 26M, currently working in the jewelry business and have been in this field for about 8 years. It’s been a great journey, and I’ve managed to grow in my career, but I’ve always had this inner pull towards cybersecurity. It’s something I’ve wanted to explore purely out of interest, and I’m really excited about learning everything I can about this space.

I don’t necessarily need a career change, but if I find that I enjoy it as much as I think I will, I wouldn’t mind if it eventually turned into work. The issue is, I’m starting with zero experience in IT and coding. So, I’m looking for advice on where to start as an absolute beginner.

If anyone has suggestions for foundational resources, courses, or any sources that could guide me from start to finish (although I know there's probably never really a finish line in this field), I’d really appreciate it. Thanks so much in advance!

So, after my 3.5 YOE, I've gotten into a very good position doing security engineering at a good, non-faang, relatively big tech company. I have no on-call now and don't have to get involved in IR, which was one of the reasons I left my previous job, SOC was fun but I wanted to stop being in a reactive position but on a proactive one instead, better for mental health, and I like to build stuff. The work is exciting, team and manager are great, and there's great support from leadership towards cybersecurity, and it's fully remote, with no restrictions on where I work from. I've been in this position for about 4 months.

Now a couple of days ago, a friend who works at a faang shares with me an opening for an analyst job, it would involve being on rotations and on-call again, doing IR, and an on-site position. He would be an internal reference, easing up the hiring process.

Would it be worth it to take the position downgrade just to get into faang? I'd appreciate your insights.

I’m currently in general engineering at Texas A&M hoping to apply to computer science next year (I need a 3.75 to get in). I am set on cybersecurity and Texas A&M.

If I don’t get into comp sci I have a few options I would like y’all’s opinion on.

I can try and transfer into the business school and do MIS (Managment information systems) and probably minor in computer science. But it is hard to transfer.

I can do an interdisciplinary engineering degree with a focus on cyber. It would let me take all the classes for a minor in computer science + minor in cybersecurity and some classes from the electronics systems department like network security and some IT classes. But it is as much math as any other engineering degree which would take a lot of time. Also it is not a very recognizable degree although the material would be very good.

Or I can transfer to the BA in ITSM. But I don’t really want a BA or an IT degree.

Any advice/thoughts would be great!

Hi, Im finishing my masters and I have 3 job offers - malware analysis, software development and one position that is mostly about writing SIEM rules and some L2/L3 work. Which of those positions would be the best option to get lot of valuble experience and be a valuable asset in future job market even with AI/automation included? All of those positions come with training included, so I dont have to worry about not being skilled/experienced enough. Thanks for help and sharing your opinion.

Intro

I hold a bachelor’s degree in Cybersecurity with a minor in Computer Science from a U.S. university, and I currently live in the United States. I have two years of professional experience in digital forensics and incident response (IR), working as a consultant. However, I am now looking to transition into a different area within cybersecurity—specifically, I’m interested in roles such as security engineer, security architect, or cybersecurity researcher, though I am open to more and still learning about the possibilities.

Background and Career Goals

While my time in IR and forensics has been valuable, I find the relentless pace and time-sensitive nature of the work exhausting. Each week, I manage a high volume of demanding cases and internal programming projects, often working 60-hour weeks, and sometimes closer to 80 hours. This schedule leaves little time or energy for personal development, home lab experiments, or skill-building in other technologies, which were initially what excited me about this field. Upon reflection, I realize that my role’s intense pace and the repetitive nature of forensic analysis don’t align with my long-term interests. I’m most motivated by problem-solving, cutting-edge research, and building things.

Alongside this career shift, I am also planning a permanent relocation to Europe—specifically the Netherlands or Germany, as I’ve been researching these countries for several years. Both seem to offer strong opportunities in cybersecurity and a good quality of life.

Universities and Programs of Interest

After some research, I have shortlisted the following master’s programs:

Netherlands (focused on Amsterdam):

• University of Amsterdam: Security and Network Engineering
• Vrije Universiteit Amsterdam: Computer Security

Germany (these are initial options; feedback on alignment with my interests would be appreciated):

• HDBW Munich: Cyber Security
• SRH Berlin: Cyber Security
• Universität des Saarlandes: Cybersecurity
• Universität zu Lübeck: IT Security

Questions for the Community

Program Fit: Given my background and interest in transitioning from IR to roles focused on security engineering, architecture, or research, do these programs align well with my goals?

Additional Recommendations: Are there other programs in the EU that might better fit my interests? I’m especially open to options that focus on hands-on problem-solving and innovation in cybersecurity.

Country Advice: While I’m leaning towards the Netherlands or Germany, I’m open to considering other European countries with strong purchasing power and salary standards. Are there other locations you would recommend based on my goals? I have thought about Switzerland before.

Additional Context

I understand that a master’s degree alone isn’t a guaranteed path to advancement, but it aligns with my personal and professional goals for several reasons:

• I genuinely enjoy learning and expanding my knowledge.
• A degree may ease the transition to living and working in the EU as opposed to obtaining the skilled migrant visa sponsorship.
• It would allow me time to acclimate and study the language.
• This transition represents a shift within cybersecurity for me, as I seek roles beyond IR.
• Finally, I’m still exploring specific paths within cybersecurity and believe a master’s program could help clarify and support my direction.

Any insights on my chosen programs, suggestions for alternative programs or countries, or general advice on transitioning fields within cybersecurity would be greatly appreciated!

I am a female with a level three security license. I'm looking for weekend cash jobs in the DFW area.

Currently level 3 tech support and wanted to get into a cyber security role. I applied for an entry level GRC role and got an offer around 81k. I current make 85k as a level 3 tech support (live in South East region of the country). Is this a decent pay for an entry role GRC position? I don't have much experience in any cyber or GRC role so maybe it's worth the pay decrease just for the experience. Wanted to see if anyone has any input on this. Thanks

I've been a IAM Analist and now IAM Consultant for nearly 4 years now, in two companies. The thing is, I don't really like the field as much. It's interesting, but I don't see myself being in the IAM field all my life from now. That's why I started a master degree in Cybersecurity while working, because I'd like to learn more about security, apart from IAM.

When I started the master's degree was when I realized that I might like the GRC area better, regulatory compliance, computer audit... But when I see job offers, and I think that when I finish my master's degree and have 5 years of experience in IAM and look for work on it, no one will want to hire me for lack of experience in that field.

What else can I do? Just finish the master's degree (which deals a lot with regulatory compliance) and pray that someone will hire me in the future although I do not have experience with GRC/auditing? All of this, of course, considering that I do not want to work for a newly graduated salary. I will have 5 years of experience in cybersecurity... I want to believe that that has to count for something

I'm currently an associate Information Security Analyst with almost 1 year of experience. I have Security+, CySA+, AWS Cloud Practitioner, and AWS Solutions Architect - Associate. My job uses some Kubernetes and Linux, so I bought a course for the CKA but I am unsure about taking the exam since it's a bit expensive for a cert that only lasts two years. I've considered starting with Linux+ too.

I have also given thought to the PJPT to get some red team experience, and Splunk power use but my job uses Kibana. Any recommendations on what I should do?

This is a legit and honest question, please bear with me:

To those who have completed red teaming or offensive certifications, did you really get any value out of them beyond what you could have gotten from watching YouTube or Googling?

I'm considering doing the CEH (or similar, open to suggestions) despite not being in an offensive/red teaming role. While I'm not looking to pivot fully into such a role any time soon, I figured it couldn't hurt to broaden my knowledge and skill while bolstering the ol' CV a bit too. I see more and more roles referring to things like application and network security testing, familiarity and proficiency with certain tooling and the like.

My background: 20+ years enterprise IT experience, ~7 years cyber experience, currently in a cyber security architect role, MSc in cyber security, CISSP/ISSAP/CCSP/+others holder.

I need help finding good, practical, real-life labs and resources for studying for a security analyst role. I want to learn ArcSight, Splunk, NIDS, Regex, and Wireshark.

So far all of the things I found were beginner simulations, I need a real challenge :)

This isn't a security career advice but hoping it might help someone for interviews.

Tired of managing Non-Human Identities (NHIs) like access keys, client IDs/secrets, and service account keys for cross-cloud connectivity? This project eliminates the need for them, making your multi-cloud environment more secure and easier to manage.

With these end-to-end Terraform templates, you can set up secure, cross-cloud connections seamlessly between:

• AWS ↔ Azure
• AWS ↔ GCP
• Azure ↔ GCP

The project also includes demo videos showing how the setup is done end-to-end with just one click.

Check it out on GitHub: https://github.com/clutchsecurity/federator

I'm setting up a Zosi camera system for a restaurant. For the most part, everything is working except it's access to the internet. It should be a straight connect via LAN but it won't go onto the network. I've checked with the ISP to see if the ports are not good but they can see the DVR and traffic from it. Everything is on DHCP, HTTP is 80, the addresses are good. I've tried using the PPPOE login but it didn't work.

Does anyone have any advice? Am I seeing something wrong? Please, if you can, let me know.

NICE- framework by NIST SP 800-181r1. Paper informs that TKS statements and examples are provided in NICE Framework Resource Center - chapter 3.1 last paragraph.

No success on finding those the location pointed out. Instead a link to NICE Framework Online found which leads Center visitors to space with categories of work roles. Higher number of work roles each category. One can follow link of chosen work role to see T-, K- and S-Statements assigned to role under inspection.

Any idea how to get a view of whole catalogue of TKS-statements to get a feeling of rough number of entries catalogue? Any idea where to find promised examples?

Guys iam currently in OT security but really in my job what iam doing is network engineer works like switch configurations, firewall configurations,etc. So iam not interested in this role and now iam wish to move on to vapt after getting 1year exp but in mean while I need to prepare for vapt roles so I would like to hear from community to suggest me the summarized roadmap and necessary certifications for each department like web,network,api.please help me.

23M graduated in May 2024 with a 7.9 CGPA, and I’ve been applying for jobs even before finishing college. But despite my efforts, things aren’t going well. So far, the only interviews I’ve managed to get were through walk-ins, and even those didn’t work out. I’ve tried CTFs, but I can barely compete. Plus, I have no exposure to blue teaming in cybersecurity, which makes me feel even more unprepared.

Lately, I feel like quitting because it seems like all my career planning and efforts have gone to waste. Almost every job posting I see demands experience, and there are hardly any opportunities for freshers like me. It feels like the entire industry is closed off to people starting out.

I’ve never considered development and don’t see myself switching to it—or to any other field for that matter. I feel stuck in this phase, watching everyone else from my batch get placed while I’m here, jobless and struggling.

There are financial problems at home, but I want to stay on topic here. What’s really weighing me down is this overwhelming fear of being left out, unemployed, and useless—especially when my family is counting on me to start earning.

I’m trying everything I can, applying daily and distracting myself to stay sane. But if anyone has been through something similar or has advice on what I can do next—whether it’s a different approach to job hunting, certifications, or ways to cope mentally—I’d really appreciate it.

What are the job opportunities like in IoT security? I have no idea about this side of security. Is it closer to application security or network security?

Hey guys, please feel free to critique and provide any suggestions on my entry-level cybersecurity resume. I still have about 7 months to graduate after which I'll mainly be applying to SOC/Security analyst roles. I'm also going to start applying for internships in the meantime.

Resume: https://imgur.com/a/baClRke

Hello All,

I have nearly 8 years of experience in application troubleshooting and tech, including Symantec (SEP), McAfee (DLP, Encryption), Defender, Bitlocker, TIP, and SOAR with various different org. While I understand this is a defensive role, I would like to know which certification would be best for me. I am planning to pursue the CISSP, as I believe it will broaden my opportunities and help me clear HR rounds, which have been challenging since I'm not receiving any calls. Any advice would be greatly appreciated. Thanks in advance!

Hello everyone. I would like to know your experiences doing the EC-Council CTIA course + cert.

THANKS!

Hola,

So I am stressing a little bit, like I do with every job that is new. I just came from an ISO job with a defense contractor and then a ISSE job before that. I have about 4 total years of experience with both of those positions and about 12 years of IT experience. I know that knowledge will help, but its the information I don't know that I am stressing about. Policies have always been something that I didn't necessarily struggle with, but it definitely wasn't my strongest area.

I know you never want to go into a job that you know absolutely everything as it gives you no room to grow, but I guess I am stressing because I have never actually done any official ISSM duties.

What are some things that you would recommend researching, paying more attention to, or just some general advice that you would give a freshie?

I’m currently enrolled in a 2 year IT-Cyber Security course at a local tech college, and had questions about degrees/certs and their applicability in today’s market.

Although I would only be earning my associates for this program, they also have us taking 5+ certs over the course of it. So far I have my sec+, and will earn another few these next 18 months, including net+ this winter.

Do these type of certs make up for not having a bachelors? Or is an associates kinda useless no matter what?

Definitely still a “newbie” to the field so apologies for any dumb questions - just definitely getting that imposter syndrome/fear of getting a job out school.

I am in advertisement/marketing and am ready to make a change to a field that I've been interested in for a long time. I'm in a situation where I have to continue to work to support my family but want to start making the necessary steps to change my career.

I've created a roadmap for myself to eventually work in digital forensics and incident response - the first step being going back for Bachelor's in Computer Science or Information Technology. I am currently looking at community colleges (in NYC) and whether I can transfer some of my credits from my previous degree (Communications) and streamline taking the fundamental courses.

For those that started from careers unrelated to cybersecurity, and went back to school all while working, would you share any advice or insight on your journey? Thank you for your time in advance.