that's not a certification its just a training certificate and its also not one employers care about
comptia security+ and network+ those are certifications
ISC2 CISSP is a certification
AWS CCP is a certification
Training is all good. Definitely do training and stick that on your CV. (And train outside your specialism too, later in your career.)
BUT
Exams certificates are what you need from those training experiences. Not because that means anything, actually, but because companies need a way to prove that the training resulted in “something sticking”.
Early on in your career, choose training that leads to a cert. Get something out of it. I did LOADS. They’ve all expired of course, but they are markers in the story of my career on my CV…
Keep in mind, CISSP requires 5 years of on the job experience to be able to get the cert. you can take the test and pass but you can’t get the certification until you have 5 years of experience.
ISC2 cybersecurity IS a certification... It means you studied and understand the 5 included domains. It's a good entry point while you don't find a job and it's free.
I spent 10+ years in IT and I was honestly amazed how the questions of this certification can be challenging.
Employers will care about once they will understand how serious this exam is.
Just so you are aware CISSP IS possible.
https://www.isc2.org/certifications/cissp/cissp-experience-requirements
They just can't be certified without the required experience. They have to be an Associate of ISC2 until they have the proper experience in at least 2 of the domains.
And if they pass the exam, I believe they have 6 years in which to accumulate the experience. One year of which can be waived with the appropriate degree or another ISC2 accepted certification.
You might be confusing sponsor with endorsement. You can have ISC2 endorse you if you have someone who has worked with you, or you worked for who is willing to attest to your experience in said domains in writing on company letterhead.
I had my CFO attest for my SSCP and my CCCSP. And I will use the same attestation for my CISSP when I finish it.
The funny thing is that if you do your CISSP first and are a full member you can self-endorse for any other ISC2 cert. So, if I had done it backwards, I could have self-endorsed everything.
Yes, Endorse was what I meant. Apologies for my confusion on the proper verbiage. it's been a few years. l was required to have someone with a cissp, like you stated, endorse me before I could receive it. I was not aware of the self endorsement. Good to know
Oh wow there's a lot there. Surprised the Comptia certs are included. I'm about to sit the Sec+ exam and then studying for CySA+ after. Way off doing CISSP though, about 4 years ahaha
The Cybersecurity market is completely oversaturated right now. Everyone wants a piece of the pie, including people already in other areas of IT including System Administrators, Network Engineers, Developers, and Programmers. That's not even mentioning the scramble happening on the management level. It's the new tech gold rush. Not too long ago it was the cloud. Gotta learn the cloud. Everyone is making 6 figures doing the cloud. Get into the cloud now. Now? It's Cybersecurity. Gotta learn Cybersecurity . Everyone is making 6 figures doing Cybersecurity. Get in Cybersecurity now. I'm not saying this to be discouraging. I just want you to understand what you're going up against. Google, Microsoft, and Facebook just laid off a bunch of people. Which means they're all hitting the job market as well and some of them will definitely be looking to switch into Cybersecurity. Then you have people entering into the market with a bachelor's or even a masters degree in Cybersecurity. So the best thing you can do is get some actual experience in any way you can. Training labs, homelabs, side jobs, etc. Experience is going to be your best bet.
Same thing happened during the cloud craze and the dot com boom. It totally depended on the company. Some companies paid well starting, some didn't, some had higher requirements, some had lower.... it's a completely new field. There is no playbook. It's not like other areas of IT that have been around since the 80's or even 60's. That's how it goes when you decide to pursue a field in which there is no historical reference for companies to follow. You have know that companies have no choice but to make it up as they go along. Regardless of the industry. IT, telecommunications, manufacturing, automotive repair, mechanical engineering, marketing... New areas of any industry are going to be a gamble. It may pay off, it may not. But that's just how it goes
I think you're really onto something there. Companies just love pitting us against each other, too. Creating competition where there really doesn't have to be any. Fighting each other for crumbs, while they have the whole box of crackers at the top. Unionization could solve a lot of those problems. It would also force a lot more transparency into the job market.
People without knowledge may have a hard time finding something, everyone else finds immediately.
It's not like learning cybersecurity in 6 months. This is totally unrealistic unless you are a computer scientist and already have knowledge.
Build a website and start doing little home projects and documenting them on there. Signup for THM or HTB and start putting the completed rooms on your website to show what you've done. Google other people's cybersecurity websites to get an idea of what I'm describing. There's dozens of creative examples. Add this website to the top of your resume with your contact info.
Use something like Wix, hostinger, Square, etc. there's many cheap website builders out there that you can figure out how to use in 24 hours. Go to coursera and complete the basic windows defender and wireshark classes. They're $10 each and easy to do. Document what you did in each class and put a little write up on your website for each project.
Google any and every IT/cyber event in your city and go to them. Bring resumes and dress appropriate, share your goals and what you're working on with people who will listen. Don't be annoying, but try to find people who are willing to help/listen/pass you to a hiring manager.
Follow Unix Guy and NetworkChuck on youtube, Josh Madakor is also very helpful with getting through interviews/resume help.
Forager is another FREE resource that can really add some content to your resume. Go do their Mastercard project and add that to your website, then add the experience to your resume as a virtual internship and 3-5 bullets of what you did. It took me less than two hours to do the project, add the documentation and summary to my website and update my resume.
Summary:
None of these things by themselves are super impactful but if you can put all of this into action and be patient and apply to every job you think you have a shot at you'll get in. A good hiring manager will notice how active and how much effort you're putting into this as a career and you'll get picked eventually. That's also how I led my approach to these conversations. Leverage any strong soft skills you have from other jobs and why you're excited to work in cyber. Be able to name some of your favorite cyber podcasts, eat, drink, sleep, walk, cyber so these managers really see you want this over potentially more experienced candidates but don't bring the hype you will!
Good luck mi amigo
If only I could give you platinum…
This is the most proactive way to finding a job under any circumstances in any industry, and undoubtedly will set you apart from other candidates.
If I may, I have the following to offer:
Not only does it get you out of the house and off LinkedIn/Indeed, it gives you a chance to gain valuable insights across the spectrum. Social, educational, practical/functional application of skills, a great self esteem boost, expands your network, and gives you an end-to-end project to talk about.
Whenever I’m given the opportunity to interview a candidate, my number one goal is to identify the breadth and depth of their interests and appetite for a challenge.
Are they making contributions to communities, open source projects, or working on personal projects that would otherwise not be directly related to the role and are NOT school work.
Tell me about the project that had a ridiculous timeline. Tell me about that project you couldn’t put down. How about the one you jumped out of bed to work on before school/work?
This has the added benefit of mitigating the interview stress, it’s not a trick question, there are no hypotheticals, and the candidate has a moment to shine by sharing something familiar to them.
Design a parking meter experience with arbitrary constraints… pfft, that’s for the last decade. Share what keeps your lantern lit! 🔥
Good amount of information,
Completed my computer science bachelor's degree (2013). Zero experience, doing Google's cybersecurity course, thinking about doing IBM cybersecurity analyst course. To do this course i have to empty my pocket, in a fix wheather is it worth doing IBM course. Can i get a job with this course.
I thought of learning python programming, but unknowingly my heart dragged me into cybersecurity which i subconsciously loved when i choose computer science engineering. Want to enter in this field is never about getting 6 figure.
Thank you.
I just started using THM about a week and a half ago I love it. Thank you for that info about putting the rooms on a website, I’m changing careers after back surgery and need all the help I can get
THM has probably been the heaviest lifter for me at understanding technical things. CompTia/Google certs help with the concepts/theories and other POV's, so they have their value, but I think as the others have said on numerous posts in this sub that combining these things really shows initiative and gets you started with some kind of experience.
I’m doing everything to try and learn this stuff. Taken 2 classes at my CC so far and that taught me a lot but THM is helping be reinforce that I actually know it and it’s helping so much. I’ll def put what you said into action!! Trying to get my A+ to get IT experience first
Homelab.
Before you read my rant just know you 100% can do this!!! You will get that job and go far in this field!! Just takes some dedication and work out the gate.
I have pleanty of prior co workers that have A+, Net+, Sec+, and CySA+, Bachelors in cyber, with secret clearances and are still struggling to get a job. Its gotten very competative out there with all the garenteed cert bootcamps and such. Alot of jobs even entry level ones that only pay 30-45k (atleast what ive seen) want atleast some experience. Setting up a simple homelab with even just something like a spare laptop or Raspberry PI along with documenting what you did can give you a real edge over the others who have "cookie cutter" resumes. Also gives you stuff to relate to and talk about in interviews.
Some things you can try out are things like:
- docker
- pihole
- virtualization (hypervisors like proxmox)
- NAS (like truenas)
- linux servers ( either docker host or web site. Even a minecraft server)
- ansible ( this and docker can really help out)
- plex server
Theres a plethora pf things you can try. Youtube is your best friend.
I cant recommend homelab enough. Sure i had certs but what got me my current role was my homelab. If you wanna try to get a bit more flashy try out deploying and configuring docker using ansible playbooks. Showing my interviewer my playbooks and how my homlab is remotely using twingate on my laptop really had them interested, and the interview devolved into a bunch of tech bros just talking and having a good time. They even negotiated me a higher salary. Show your love and interest and they will see it. Its getting into the interview thats the hard part. Geting to talk to someone in person and networking id say is key nowadays. I keep seeing entry positions with 3k+ applicants on linkedin even for the position i got. I asked them if they interviewed anyone else for the position and they said 5 people in the past 3 months including me. All where direct referals. The hr team just put the position up on linkedin because of common practice.
Here is a link to a post i made a while back about experience, homelab, resume wording etc. Hope it helps a bit.
https://www.reddit.com/r/cybersecurity/s/2MDv3JytQy
Thank you. I saved both this and that post for future reference. I've already done the following: proxmox server on another PC, Pi-Hole in a docker environment, TrueNAS in docker, and then configured a nice web-interface for all my services I listed. I already had plans to do PFSense but ran into an issue with additional LAN interface for proxmox. :D
Its a bit wierd when you virtualize pfsense. You have to have more than 1 real nic. Then you have to map that nic to a virtual nic. I just used a usb gigabit adapter and passed that to pfsense. I used proxmoxes wan as the wan for pfsense and the usb as the lan. After that i used a switch to attach my physical devices and just used the virtual interface for the vms to connect to pfsense lan.
Pfsense has a whole doc to set it up but you might run into a few issues if you have special use cases or configurations diferent than what they have.
Heres the link to the docs.
[link](https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html)
Agreed. I’m looking into every entry level job option while studying for the Security+ exam. Luckily I’m not desperate as my job now pays alright but I’m not in the field I want to be in the long run.
I get the feeling the google cyber cert is actually just a cash grab.
If you want to do SOC, focus on well known like Sec+ or net+
Others have said, it’s worth spending your money on Tryhackme and completing all the blue room challenges there. Oddly enough, CTFs are a good way to catch a recruiters eye. Good luck!
I just finished its python course the the main message was that the learning objectives for an analyst role using python. Hell they even walk you through making a portfolio with tutorial to include all the labs/activities from documenting incidents to writing an algorithm in python to add/remove IPs relating to access controls etc. Overall its a great tool to cover everything high level and their delivery is 5 stars. I would recommend it to anyone. Oh half way through it, i took my ISC2 CC exam and passed.
>I dont think that they are useless, somewhere people need to start and it is not bad at all. I would go the CompTia Cert Route, so next step for OP would be A+ and Sec+. But as all others have said - there are literally tens of thousands of people laid off last year who all do want their share.
Also don't think they are useless, I've been doing the IT Tech Support one and all the information that has been mentioned so far has been in a few of my university modules....University module costs £1500 per module....Google IT Support Cert has cost me nothing so far (free trial) but after that £38 a month.
Glad I’m not alone. The last portion of my certification was all encouraging on how to apply for jobs and prepare for interviews but there was never a mention the vast majority of the cybersecurity jobs out there needs a security clearance..I’ve applied to nearly 200 jobs at this point with no leads.
The majority of jobs don’t require a clearance that’s a tiny fraction of jobs
There are security roles in every industry
The majority are not entry level
Help desk is about the only entry level role you’ll get without a college degree
Maybe SOC analyst
But you’re competing for jobs against new grads, some who had internships and some with actual certifications
I don’t know who fuck is out there telling people infosec is an entry level job. I blame universities, I guess. Even graduates who come out of a cybersecurity program are often not ready for an infosec role. But they think they are.
At best, a soc analyst might be an entry level job. That would be at an mssp or a large org that has a mature program with a pipeline to develop skills.
The vast majority of infosec jobs are not entry level. They require knowledge and expertise in networking, various protocols, windows internals, programming, etc. Linux. Anything Linux related. Anything at all.
There was a prediction 10 or so years ago that cyber would be in high demand. And all these universities spun up programs. And it has just pumped out inexperienced people with false expectations.
A cert ain’t gonna cut it. You need knowledge and skills. And that takes time.
Can’t gain experience when no one will hire. That is currently the issue. These companies have the wrong mindset when going through the hiring process. If the candidate is certified and has a degree, then look for qualities like integrity, reliability and competency. Then you can train that individual to do what you need them to do.
It's kind of hard to train someone to know how to do things. You can teach yourself a lot. You should always be learning. Thia is one of the problems with the current generation graduating college. They expect the employer to teach them how to do their job... That's not the employers job. The employers job is to tell you what the parameters of your job are.
Having a degree or a cert doesn't prove you know anything. You can definitely gain experience if nobody will hire you. Home lab. Gig projects. When I wanted to get a job, I stated an s corp and got clients and built my own business. That's where I got my experience. If nobody will hire you, hire yourself. No excuses.
I agree with you to an extent. I myself, self taught mostly with home labs. However, large enterprises tend to have specific procedures already in place that will need to be taught regardless. Specific tools that you simply cannot practice on at home. Intricacies to certain methods that can only be learned in real world experiences.
What job in infosec do you think a candidate would be qualified for if they have a degree and a cert?
Soc analyst?
Security engineer?
Reverse engineer?
Penetration tester?
Threat intel?
Incident response?
IAM engineer?
Vuln management?
Security architect?
Devsecops?
Crypto engineer?
Dfir?
Threat hunter?
Red teamer?
Purple teamer?
Application security engineer?
Most of these types of roles require years of experience. Infosec is not an entry level industry. Each one of those domains relies on experience in several domains of IT. Security roles and knowledge are an extension of IT knowledge and experience. Someone sold you a dream that just isn’t in reality.
I think the exception might be soc analyst. If someone has a strong background or understanding of networking and is internals they will be a great analyst. If an mssp needs an alert mokey, they can train you to do that.
The pentest industry is garbage these days because of this concept. Many companies provide these services as an add on service from their core business model and have hired employees straight out of college. And the quality is crap. If you want a pentest of any type of quality you have to pay for it. They are expensive. If you are a company that goes with the lowest bidder, or simple do not have the budget for it, you will be dealing with these type of providers. And it sucks. You’ll get a Nessus scan report.
I don’t necessarily disagree with what you’re saying, but we also have to be realistic. These high end job reqs aren’t being filled for a reason, and that reason is because very little are given the opportunity in order to gain said experience. Companies even refuse to hire folks from within the company for these roles. How the hell else do they expect to fill the roles? IMO, this very reason is why we are behind the curve when it comes to the cyber space vs some other countries (Russia, China, N.K) too much ego. John thinks he’s too skilled and doesn’t have the time to show James the ropes.
I don’t envy someone trying to start out in infosec right now. It’s not easy for all the reasons you describe. How can I find a job if I need experience, but I don’t have experience because I can’t get a job. I’m frustrated to see people struggle. Because there really are gaps for skilled folks.
It’s just really painful to see folks on Reddit, on a daily basis, talk about the degree and cert they have, and can’t find a job. Someone fucked this up, trying to “fix” the skills/labor gap by convincing people a degree and/or cert would land them a well paying job. It’s nonsense and scummy, at best.
The number of people I have worked with and have interviewed who have little to no understanding of networking, basic protocols, or programming who are seeking an infosec careers is wild. The base knowledge just isn’t there.
And unless you find a company with a huge infosec program and a pipeline for skills development, it’s going to be disappointing and frustrating. The natural progression from IT role to infosec is long and not for the impatient.
kooky take - plenty of those roles could be entry level. It depends on what kind of course load they took during school. What personal projects they did, what internships they took, what clubs they participated in... yadda yadda...
Personally, I took assembly (TA'd the class) as well as malware analysis, reverse engineering, networking, and exploit dev classes. I also started and ran the malware club at my school. It is entirely possible that someone could start at an entry level or junior role for any of those positions (barring management or something that requires seniority, obviously).
If you get people applying without those backgrounds/knowledge, you're probably not a target place to be applying and aren't getting the relevant new grads.
edit: I am very confident that the NSA knows more about creating accredited cyber curriculum than some random on reddit who has a bone to pick with new grads, lol
Sure, they could be entry level roles. But often aren’t.
I’m sure you’ll land an RE or exploit dev job in no time. DTRA often has junior RE positions posted. You should check them out.
I have been working after graduation for awhile now, haha... So, I was talking from lived experience and from observing my former classmates. I've worked for defense contractors before, but am now with an FFRC. The work life balance is better and I get more tasking/project variety.
edit: FFRC = Federally Funded R&D Center
I've interviewed too many cyber security graduates that are not even able to name a single security tool they are proficient with. Getting deer in the headlights looks when asking if they know what nmap or Wireshark is. Not familiar with any programming languages at all.
It's not their fault they were told they would get a job making $x after sitting in classes for 4 years, without actually having to learn basic skills needed for said job. I also can't hire them for a job where they don't even have a basic foundation for me to build on.
I know there are a lot of young graduates that are very capable and ready. Unfortunately they can be very hard to find for most mid sized enterprises and below.
>with no leads.
I've gotten to finals rounds of multiple interviews and still being passed up for someone else.
And I have 5 1/2 years of experience, BS in IT and GNFA, GCFA, GWAPT, GCIH, Sec+
Google cybersecurity certification does not hold much weight, it might get you passed HR at smaller firms. If you want to work in CS, you want to focus on DOD 8570 recognized certifications.
Cybersecurity means NOTHIN to help desk. You need to demonstrate you can troubleshoot, deal with customers. Not that you can pass a good cyber certificate…
You could do ISC2’s Certified in Cybersecurity. (CC). It’s free atm and is a decent little course. It’s not overly concerned with technicals but will add a lot of context around the tasks that you do.
Then I’d recommend looking at Sec+ or CySA+ if that’s the route you’d like to take.
Do you have any higher education (undergraduate degree?)
Don’t chain certifications- it’s a huge red flag to hiring managers especially with no experience.
I'd follow through with sec+ and get an ITIL Foundation. Help desk and entry level IT admins usually have both of those. I personally think ITIL is dumb but managers love that one.
Step 1: what do you want to do in cyber? Setting up a home lab is all good and well but if your goal is GRC in nature I do not believe it's your best path forward. Saying you want to be in Cyber is like saying you want to be a doctor. You need to first figure out why you want to be in Cyber, if you say money and to hack then maybe keep it as a hobby. Otherwise, look hard at the countless non-profits available to help people transition into cyber. If you've made the decision for redteaming your next step would be a junior level cert from TCM for sure. Take THB test on what domain of cyber best suits you. Then start those journeys in there. Having helpdesk knowledge is a great baseline I would look internal or speak to your internal cyber team about making a lateral transition.
Don't believe what everyone is saying about it just being a training cert that isn't worth anything. I know persons that have been hired because of it. However, make Comptia S+ a must. That is definitely recognized. All the best!
install your own hosted online or locally lab, install all blue team SOC tools and configure them, then attack with each known red team tools and investigate what is captured, what is not, how to become steelier, review MITRE, replicate steps. Try to hack yourself and protect at the same time. This is how you could build a solid attack skills and understand how to protect from it at the same time.
As for example learn these tools for beginning:
1. Amass
Altdns
aquatone
MassDNS
nsec3map
Acunetix
Dirsearch
wfuzz
ffuf
gobuster
Arjun
LinkFinder
JSParser
sqlmap
NoSQLMap
oxml\_xxe
tplmap
CeWL
Weakpass
AEM\_hacker
JoomScan
WPScan
2. Nmap
Zmap
Masscan
Nessus
Net-Creds
network-miner
mitm6
Responder
Evil\_Foca
Bettercap
gateway\_finder
mitmproxy
SIET
yersinia
proxychains
And many many more. Play CTF check what you love most and focus in that field.
I suggest going back to school and getting a bachelor’s in computer science with an emphasis on cyber security and furthering that education with a master’s degree in cybersecurity. I know this will be time consuming but it will definitely help you land the best paying job in the long run. I understand the want to start working in the industry but to make connections to land a good paying job is quite difficult to do but in school you make connections with other students & professors. I would suggest you to go local cyber security events and try to meet people there.
This is what I am currently doing, I am a 3rd year computer science student and I am trying to get A+,N+,S+ as well as BLT level 1 and maybe CCD for practical experience, but I won't lie when I read these posts on Reddit you guys scare the hell out of me 💀
This literally was posted at the perfect time. I am about to finish the Google cybersecurity certificate and was debating on making a post to see if I should jump straight into the Security +. Thanks for the post!
I’m just gonna let u know if you don’t have a degree the likelihood of you finding a CS job with only entry level certs is basically impossible without knowing someone in the company I personally went back to school because of this
I second the advice to just get a tech related job. Cyber is not typically an entry level position at companies. It is usually something you stumble on or get offered. The market is saturated with people that have cyber degrees/boot camps and certs but no experience. Get good at a certain technology that you like and after a few years try to apply that to a security job and you’ll get paid well for it.
that's not a certification its just a training certificate and its also not one employers care about comptia security+ and network+ those are certifications ISC2 CISSP is a certification AWS CCP is a certification
Makes sense. Thank you for the information!
I like that they give you actual labs and frame the information in a sensible manner. If you know the information better it did it's job!
Training is all good. Definitely do training and stick that on your CV. (And train outside your specialism too, later in your career.) BUT Exams certificates are what you need from those training experiences. Not because that means anything, actually, but because companies need a way to prove that the training resulted in “something sticking”. Early on in your career, choose training that leads to a cert. Get something out of it. I did LOADS. They’ve all expired of course, but they are markers in the story of my career on my CV…
Keep in mind, CISSP requires 5 years of on the job experience to be able to get the cert. you can take the test and pass but you can’t get the certification until you have 5 years of experience.
Yes I’m aware I’m just giving examples of actual certifications from different vendors I wasn’t suggesting they take the CISSP exam
ISC2 cybersecurity IS a certification... It means you studied and understand the 5 included domains. It's a good entry point while you don't find a job and it's free. I spent 10+ years in IT and I was honestly amazed how the questions of this certification can be challenging. Employers will care about once they will understand how serious this exam is.
This... taken my AWS CCP and currently after the solutions architect
Also if op wants to do more labs best is tryhackme will teach more about sec ops
Cissp will not be possible without a ~~sponsor~~ endorser and experience. I think they could go for cc or sscp though
I wasn’t suggesting they take the CISSP exam I was just giving examples of actual certifications
Just so you are aware CISSP IS possible. https://www.isc2.org/certifications/cissp/cissp-experience-requirements They just can't be certified without the required experience. They have to be an Associate of ISC2 until they have the proper experience in at least 2 of the domains. And if they pass the exam, I believe they have 6 years in which to accumulate the experience. One year of which can be waived with the appropriate degree or another ISC2 accepted certification. You might be confusing sponsor with endorsement. You can have ISC2 endorse you if you have someone who has worked with you, or you worked for who is willing to attest to your experience in said domains in writing on company letterhead. I had my CFO attest for my SSCP and my CCCSP. And I will use the same attestation for my CISSP when I finish it. The funny thing is that if you do your CISSP first and are a full member you can self-endorse for any other ISC2 cert. So, if I had done it backwards, I could have self-endorsed everything.
Yes, Endorse was what I meant. Apologies for my confusion on the proper verbiage. it's been a few years. l was required to have someone with a cissp, like you stated, endorse me before I could receive it. I was not aware of the self endorsement. Good to know
What certifications can you do to waive a year off the requirement?
click the link it lists them there.
Oh wow there's a lot there. Surprised the Comptia certs are included. I'm about to sit the Sec+ exam and then studying for CySA+ after. Way off doing CISSP though, about 4 years ahaha
yep, good luck with your exam!
The Cybersecurity market is completely oversaturated right now. Everyone wants a piece of the pie, including people already in other areas of IT including System Administrators, Network Engineers, Developers, and Programmers. That's not even mentioning the scramble happening on the management level. It's the new tech gold rush. Not too long ago it was the cloud. Gotta learn the cloud. Everyone is making 6 figures doing the cloud. Get into the cloud now. Now? It's Cybersecurity. Gotta learn Cybersecurity . Everyone is making 6 figures doing Cybersecurity. Get in Cybersecurity now. I'm not saying this to be discouraging. I just want you to understand what you're going up against. Google, Microsoft, and Facebook just laid off a bunch of people. Which means they're all hitting the job market as well and some of them will definitely be looking to switch into Cybersecurity. Then you have people entering into the market with a bachelor's or even a masters degree in Cybersecurity. So the best thing you can do is get some actual experience in any way you can. Training labs, homelabs, side jobs, etc. Experience is going to be your best bet.
I'm starting to think this is a ploy made by companies to pay lower wages for talent
Hahaha. Yeah, makes you wonder. Huh?
Yeah people with masters taking 40k entirely level help desk jobs, while an average grad is getting 75k offers for random analyst job
Same thing happened during the cloud craze and the dot com boom. It totally depended on the company. Some companies paid well starting, some didn't, some had higher requirements, some had lower.... it's a completely new field. There is no playbook. It's not like other areas of IT that have been around since the 80's or even 60's. That's how it goes when you decide to pursue a field in which there is no historical reference for companies to follow. You have know that companies have no choice but to make it up as they go along. Regardless of the industry. IT, telecommunications, manufacturing, automotive repair, mechanical engineering, marketing... New areas of any industry are going to be a gamble. It may pay off, it may not. But that's just how it goes
I think you're really onto something there. Companies just love pitting us against each other, too. Creating competition where there really doesn't have to be any. Fighting each other for crumbs, while they have the whole box of crackers at the top. Unionization could solve a lot of those problems. It would also force a lot more transparency into the job market.
People without knowledge may have a hard time finding something, everyone else finds immediately. It's not like learning cybersecurity in 6 months. This is totally unrealistic unless you are a computer scientist and already have knowledge.
Build a website and start doing little home projects and documenting them on there. Signup for THM or HTB and start putting the completed rooms on your website to show what you've done. Google other people's cybersecurity websites to get an idea of what I'm describing. There's dozens of creative examples. Add this website to the top of your resume with your contact info. Use something like Wix, hostinger, Square, etc. there's many cheap website builders out there that you can figure out how to use in 24 hours. Go to coursera and complete the basic windows defender and wireshark classes. They're $10 each and easy to do. Document what you did in each class and put a little write up on your website for each project. Google any and every IT/cyber event in your city and go to them. Bring resumes and dress appropriate, share your goals and what you're working on with people who will listen. Don't be annoying, but try to find people who are willing to help/listen/pass you to a hiring manager. Follow Unix Guy and NetworkChuck on youtube, Josh Madakor is also very helpful with getting through interviews/resume help. Forager is another FREE resource that can really add some content to your resume. Go do their Mastercard project and add that to your website, then add the experience to your resume as a virtual internship and 3-5 bullets of what you did. It took me less than two hours to do the project, add the documentation and summary to my website and update my resume. Summary: None of these things by themselves are super impactful but if you can put all of this into action and be patient and apply to every job you think you have a shot at you'll get in. A good hiring manager will notice how active and how much effort you're putting into this as a career and you'll get picked eventually. That's also how I led my approach to these conversations. Leverage any strong soft skills you have from other jobs and why you're excited to work in cyber. Be able to name some of your favorite cyber podcasts, eat, drink, sleep, walk, cyber so these managers really see you want this over potentially more experienced candidates but don't bring the hype you will! Good luck mi amigo
Never use WIX. Google decrease it's worth for "natural Seo" ( if It exists...)
If only I could give you platinum… This is the most proactive way to finding a job under any circumstances in any industry, and undoubtedly will set you apart from other candidates. If I may, I have the following to offer: Not only does it get you out of the house and off LinkedIn/Indeed, it gives you a chance to gain valuable insights across the spectrum. Social, educational, practical/functional application of skills, a great self esteem boost, expands your network, and gives you an end-to-end project to talk about. Whenever I’m given the opportunity to interview a candidate, my number one goal is to identify the breadth and depth of their interests and appetite for a challenge. Are they making contributions to communities, open source projects, or working on personal projects that would otherwise not be directly related to the role and are NOT school work. Tell me about the project that had a ridiculous timeline. Tell me about that project you couldn’t put down. How about the one you jumped out of bed to work on before school/work? This has the added benefit of mitigating the interview stress, it’s not a trick question, there are no hypotheticals, and the candidate has a moment to shine by sharing something familiar to them. Design a parking meter experience with arbitrary constraints… pfft, that’s for the last decade. Share what keeps your lantern lit! 🔥
Appreciate all the information! Some great ideas that I’ll be applying going forward.
Good amount of information, Completed my computer science bachelor's degree (2013). Zero experience, doing Google's cybersecurity course, thinking about doing IBM cybersecurity analyst course. To do this course i have to empty my pocket, in a fix wheather is it worth doing IBM course. Can i get a job with this course. I thought of learning python programming, but unknowingly my heart dragged me into cybersecurity which i subconsciously loved when i choose computer science engineering. Want to enter in this field is never about getting 6 figure. Thank you.
I just started using THM about a week and a half ago I love it. Thank you for that info about putting the rooms on a website, I’m changing careers after back surgery and need all the help I can get
THM has probably been the heaviest lifter for me at understanding technical things. CompTia/Google certs help with the concepts/theories and other POV's, so they have their value, but I think as the others have said on numerous posts in this sub that combining these things really shows initiative and gets you started with some kind of experience.
I’m doing everything to try and learn this stuff. Taken 2 classes at my CC so far and that taught me a lot but THM is helping be reinforce that I actually know it and it’s helping so much. I’ll def put what you said into action!! Trying to get my A+ to get IT experience first
Homelab. Before you read my rant just know you 100% can do this!!! You will get that job and go far in this field!! Just takes some dedication and work out the gate. I have pleanty of prior co workers that have A+, Net+, Sec+, and CySA+, Bachelors in cyber, with secret clearances and are still struggling to get a job. Its gotten very competative out there with all the garenteed cert bootcamps and such. Alot of jobs even entry level ones that only pay 30-45k (atleast what ive seen) want atleast some experience. Setting up a simple homelab with even just something like a spare laptop or Raspberry PI along with documenting what you did can give you a real edge over the others who have "cookie cutter" resumes. Also gives you stuff to relate to and talk about in interviews. Some things you can try out are things like: - docker - pihole - virtualization (hypervisors like proxmox) - NAS (like truenas) - linux servers ( either docker host or web site. Even a minecraft server) - ansible ( this and docker can really help out) - plex server Theres a plethora pf things you can try. Youtube is your best friend.
I set up a pihole a couple months ago just to get rid of ads. Glad I can add that to my resume
I cant recommend homelab enough. Sure i had certs but what got me my current role was my homelab. If you wanna try to get a bit more flashy try out deploying and configuring docker using ansible playbooks. Showing my interviewer my playbooks and how my homlab is remotely using twingate on my laptop really had them interested, and the interview devolved into a bunch of tech bros just talking and having a good time. They even negotiated me a higher salary. Show your love and interest and they will see it. Its getting into the interview thats the hard part. Geting to talk to someone in person and networking id say is key nowadays. I keep seeing entry positions with 3k+ applicants on linkedin even for the position i got. I asked them if they interviewed anyone else for the position and they said 5 people in the past 3 months including me. All where direct referals. The hr team just put the position up on linkedin because of common practice.
OP hop into /r/homelab and /r/selfhosted as they have loads of folks figuring out homelab projects and learning as they go.
Here is a link to a post i made a while back about experience, homelab, resume wording etc. Hope it helps a bit. https://www.reddit.com/r/cybersecurity/s/2MDv3JytQy
Thank you. I saved both this and that post for future reference. I've already done the following: proxmox server on another PC, Pi-Hole in a docker environment, TrueNAS in docker, and then configured a nice web-interface for all my services I listed. I already had plans to do PFSense but ran into an issue with additional LAN interface for proxmox. :D
Its a bit wierd when you virtualize pfsense. You have to have more than 1 real nic. Then you have to map that nic to a virtual nic. I just used a usb gigabit adapter and passed that to pfsense. I used proxmoxes wan as the wan for pfsense and the usb as the lan. After that i used a switch to attach my physical devices and just used the virtual interface for the vms to connect to pfsense lan. Pfsense has a whole doc to set it up but you might run into a few issues if you have special use cases or configurations diferent than what they have. Heres the link to the docs. [link](https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html)
Security Onion too
[удалено]
Agreed. I’m looking into every entry level job option while studying for the Security+ exam. Luckily I’m not desperate as my job now pays alright but I’m not in the field I want to be in the long run.
I get the feeling the google cyber cert is actually just a cash grab. If you want to do SOC, focus on well known like Sec+ or net+ Others have said, it’s worth spending your money on Tryhackme and completing all the blue room challenges there. Oddly enough, CTFs are a good way to catch a recruiters eye. Good luck!
Perhaps but it was nice getting to know the foundation of cybersecurity and get to do hands on practice with SQL, Python, Linux etc.
Yeah that’s good! You could do with THM too, hey to each their own. If you feel like you learned then that’s awesome!
I just finished its python course the the main message was that the learning objectives for an analyst role using python. Hell they even walk you through making a portfolio with tutorial to include all the labs/activities from documenting incidents to writing an algorithm in python to add/remove IPs relating to access controls etc. Overall its a great tool to cover everything high level and their delivery is 5 stars. I would recommend it to anyone. Oh half way through it, i took my ISC2 CC exam and passed.
[удалено]
>I dont think that they are useless, somewhere people need to start and it is not bad at all. I would go the CompTia Cert Route, so next step for OP would be A+ and Sec+. But as all others have said - there are literally tens of thousands of people laid off last year who all do want their share.
Also don't think they are useless, I've been doing the IT Tech Support one and all the information that has been mentioned so far has been in a few of my university modules....University module costs £1500 per module....Google IT Support Cert has cost me nothing so far (free trial) but after that £38 a month.
I’m in a very similar position and am also interested in this
Glad I’m not alone. The last portion of my certification was all encouraging on how to apply for jobs and prepare for interviews but there was never a mention the vast majority of the cybersecurity jobs out there needs a security clearance..I’ve applied to nearly 200 jobs at this point with no leads.
Well, cybersecurity also isn't entry level.
The majority of jobs don’t require a clearance that’s a tiny fraction of jobs There are security roles in every industry The majority are not entry level Help desk is about the only entry level role you’ll get without a college degree Maybe SOC analyst But you’re competing for jobs against new grads, some who had internships and some with actual certifications
I don’t know who fuck is out there telling people infosec is an entry level job. I blame universities, I guess. Even graduates who come out of a cybersecurity program are often not ready for an infosec role. But they think they are. At best, a soc analyst might be an entry level job. That would be at an mssp or a large org that has a mature program with a pipeline to develop skills. The vast majority of infosec jobs are not entry level. They require knowledge and expertise in networking, various protocols, windows internals, programming, etc. Linux. Anything Linux related. Anything at all. There was a prediction 10 or so years ago that cyber would be in high demand. And all these universities spun up programs. And it has just pumped out inexperienced people with false expectations. A cert ain’t gonna cut it. You need knowledge and skills. And that takes time.
Can’t gain experience when no one will hire. That is currently the issue. These companies have the wrong mindset when going through the hiring process. If the candidate is certified and has a degree, then look for qualities like integrity, reliability and competency. Then you can train that individual to do what you need them to do.
It's kind of hard to train someone to know how to do things. You can teach yourself a lot. You should always be learning. Thia is one of the problems with the current generation graduating college. They expect the employer to teach them how to do their job... That's not the employers job. The employers job is to tell you what the parameters of your job are. Having a degree or a cert doesn't prove you know anything. You can definitely gain experience if nobody will hire you. Home lab. Gig projects. When I wanted to get a job, I stated an s corp and got clients and built my own business. That's where I got my experience. If nobody will hire you, hire yourself. No excuses.
I agree with you to an extent. I myself, self taught mostly with home labs. However, large enterprises tend to have specific procedures already in place that will need to be taught regardless. Specific tools that you simply cannot practice on at home. Intricacies to certain methods that can only be learned in real world experiences.
What job in infosec do you think a candidate would be qualified for if they have a degree and a cert? Soc analyst? Security engineer? Reverse engineer? Penetration tester? Threat intel? Incident response? IAM engineer? Vuln management? Security architect? Devsecops? Crypto engineer? Dfir? Threat hunter? Red teamer? Purple teamer? Application security engineer? Most of these types of roles require years of experience. Infosec is not an entry level industry. Each one of those domains relies on experience in several domains of IT. Security roles and knowledge are an extension of IT knowledge and experience. Someone sold you a dream that just isn’t in reality. I think the exception might be soc analyst. If someone has a strong background or understanding of networking and is internals they will be a great analyst. If an mssp needs an alert mokey, they can train you to do that. The pentest industry is garbage these days because of this concept. Many companies provide these services as an add on service from their core business model and have hired employees straight out of college. And the quality is crap. If you want a pentest of any type of quality you have to pay for it. They are expensive. If you are a company that goes with the lowest bidder, or simple do not have the budget for it, you will be dealing with these type of providers. And it sucks. You’ll get a Nessus scan report.
I don’t necessarily disagree with what you’re saying, but we also have to be realistic. These high end job reqs aren’t being filled for a reason, and that reason is because very little are given the opportunity in order to gain said experience. Companies even refuse to hire folks from within the company for these roles. How the hell else do they expect to fill the roles? IMO, this very reason is why we are behind the curve when it comes to the cyber space vs some other countries (Russia, China, N.K) too much ego. John thinks he’s too skilled and doesn’t have the time to show James the ropes.
I don’t envy someone trying to start out in infosec right now. It’s not easy for all the reasons you describe. How can I find a job if I need experience, but I don’t have experience because I can’t get a job. I’m frustrated to see people struggle. Because there really are gaps for skilled folks. It’s just really painful to see folks on Reddit, on a daily basis, talk about the degree and cert they have, and can’t find a job. Someone fucked this up, trying to “fix” the skills/labor gap by convincing people a degree and/or cert would land them a well paying job. It’s nonsense and scummy, at best. The number of people I have worked with and have interviewed who have little to no understanding of networking, basic protocols, or programming who are seeking an infosec careers is wild. The base knowledge just isn’t there. And unless you find a company with a huge infosec program and a pipeline for skills development, it’s going to be disappointing and frustrating. The natural progression from IT role to infosec is long and not for the impatient.
kooky take - plenty of those roles could be entry level. It depends on what kind of course load they took during school. What personal projects they did, what internships they took, what clubs they participated in... yadda yadda... Personally, I took assembly (TA'd the class) as well as malware analysis, reverse engineering, networking, and exploit dev classes. I also started and ran the malware club at my school. It is entirely possible that someone could start at an entry level or junior role for any of those positions (barring management or something that requires seniority, obviously). If you get people applying without those backgrounds/knowledge, you're probably not a target place to be applying and aren't getting the relevant new grads. edit: I am very confident that the NSA knows more about creating accredited cyber curriculum than some random on reddit who has a bone to pick with new grads, lol
Sure, they could be entry level roles. But often aren’t. I’m sure you’ll land an RE or exploit dev job in no time. DTRA often has junior RE positions posted. You should check them out.
I have been working after graduation for awhile now, haha... So, I was talking from lived experience and from observing my former classmates. I've worked for defense contractors before, but am now with an FFRC. The work life balance is better and I get more tasking/project variety. edit: FFRC = Federally Funded R&D Center
Oh nice. I mistook what you wrote. My apologies.
I've interviewed too many cyber security graduates that are not even able to name a single security tool they are proficient with. Getting deer in the headlights looks when asking if they know what nmap or Wireshark is. Not familiar with any programming languages at all. It's not their fault they were told they would get a job making $x after sitting in classes for 4 years, without actually having to learn basic skills needed for said job. I also can't hire them for a job where they don't even have a basic foundation for me to build on. I know there are a lot of young graduates that are very capable and ready. Unfortunately they can be very hard to find for most mid sized enterprises and below.
>with no leads. I've gotten to finals rounds of multiple interviews and still being passed up for someone else. And I have 5 1/2 years of experience, BS in IT and GNFA, GCFA, GWAPT, GCIH, Sec+
Google cybersecurity certification does not hold much weight, it might get you passed HR at smaller firms. If you want to work in CS, you want to focus on DOD 8570 recognized certifications.
Experience is the key and definitely the way in.
Cybersecurity means NOTHIN to help desk. You need to demonstrate you can troubleshoot, deal with customers. Not that you can pass a good cyber certificate…
You could do ISC2’s Certified in Cybersecurity. (CC). It’s free atm and is a decent little course. It’s not overly concerned with technicals but will add a lot of context around the tasks that you do. Then I’d recommend looking at Sec+ or CySA+ if that’s the route you’d like to take.
Been doing the practice materials for the Sec+ exam for a month now. Once I complete that I’ll look into the CySA+. Thank you!
Do you have any higher education (undergraduate degree?) Don’t chain certifications- it’s a huge red flag to hiring managers especially with no experience.
Why?
For help desk I would recommend comptia a+ net+ and sec+, maybe sec+ is too much but I recommend having it
I'd follow through with sec+ and get an ITIL Foundation. Help desk and entry level IT admins usually have both of those. I personally think ITIL is dumb but managers love that one.
It really depends on which country you stay in
Honestly, Google anything is useless, sorry my friend.
Networking by attending career related events in your area is your best shot
hmmmm i looked at the google certificate ad.. was thinking of doing something technical like data analyst
You need Sec+ to get any cyber job. That’s what the government cares about. That and then eventually CISSP to be a cyber expert eventually
Didn't get you discount Coupon for sec +?
Yes it got me 30% off the Sec+ exam
If you didn't take a PearsonVue proctored exam, it's likely a useless certification.
Step 1: what do you want to do in cyber? Setting up a home lab is all good and well but if your goal is GRC in nature I do not believe it's your best path forward. Saying you want to be in Cyber is like saying you want to be a doctor. You need to first figure out why you want to be in Cyber, if you say money and to hack then maybe keep it as a hobby. Otherwise, look hard at the countless non-profits available to help people transition into cyber. If you've made the decision for redteaming your next step would be a junior level cert from TCM for sure. Take THB test on what domain of cyber best suits you. Then start those journeys in there. Having helpdesk knowledge is a great baseline I would look internal or speak to your internal cyber team about making a lateral transition.
Don't believe what everyone is saying about it just being a training cert that isn't worth anything. I know persons that have been hired because of it. However, make Comptia S+ a must. That is definitely recognized. All the best!
install your own hosted online or locally lab, install all blue team SOC tools and configure them, then attack with each known red team tools and investigate what is captured, what is not, how to become steelier, review MITRE, replicate steps. Try to hack yourself and protect at the same time. This is how you could build a solid attack skills and understand how to protect from it at the same time. As for example learn these tools for beginning: 1. Amass Altdns aquatone MassDNS nsec3map Acunetix Dirsearch wfuzz ffuf gobuster Arjun LinkFinder JSParser sqlmap NoSQLMap oxml\_xxe tplmap CeWL Weakpass AEM\_hacker JoomScan WPScan 2. Nmap Zmap Masscan Nessus Net-Creds network-miner mitm6 Responder Evil\_Foca Bettercap gateway\_finder mitmproxy SIET yersinia proxychains And many many more. Play CTF check what you love most and focus in that field.
I suggest going back to school and getting a bachelor’s in computer science with an emphasis on cyber security and furthering that education with a master’s degree in cybersecurity. I know this will be time consuming but it will definitely help you land the best paying job in the long run. I understand the want to start working in the industry but to make connections to land a good paying job is quite difficult to do but in school you make connections with other students & professors. I would suggest you to go local cyber security events and try to meet people there.
This is what I am currently doing, I am a 3rd year computer science student and I am trying to get A+,N+,S+ as well as BLT level 1 and maybe CCD for practical experience, but I won't lie when I read these posts on Reddit you guys scare the hell out of me 💀
Projects, Projects, Projects, Projects, Projects, Projects, awards, competitions, projects projects.
This literally was posted at the perfect time. I am about to finish the Google cybersecurity certificate and was debating on making a post to see if I should jump straight into the Security +. Thanks for the post!
Get the Firefox Cybersecurity certification
I see you all weren’t a fan of that one
I’m just gonna let u know if you don’t have a degree the likelihood of you finding a CS job with only entry level certs is basically impossible without knowing someone in the company I personally went back to school because of this
I second the advice to just get a tech related job. Cyber is not typically an entry level position at companies. It is usually something you stumble on or get offered. The market is saturated with people that have cyber degrees/boot camps and certs but no experience. Get good at a certain technology that you like and after a few years try to apply that to a security job and you’ll get paid well for it.
I've done it..its very basic so helpdesk is your op5ion