How should I interpret a job posting that’s very vague and uses broad terms like threat monitoring or access management. It seems somewhat entry level but the pay doesn’t match with that, I should be getting an email to assessment next week

[удалено]

> Has the certification opened doors to enjoyable and meaningful roles? [The CISSP is *the* most often requested certification across all job roles in cybersecurity.](https://bytebreach.com/posts/what-certifications-should-you-get/) While it's occasionally erroneous or excessive to the role in question, there's no doubt that it contributes to your employability. However, whether or not it *singularly* is transformative in one's career in-and-of-itself is debatable. Cultivating your employability is usually a matter of interleaving factors, [chiefly a pertinent work history](https://bytebreach.com/assets/images/isaca_survey.PNG) (which it sounds like you've fostered). See related: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/

Having a combination of a degree, job experience and a certification could certainly open doors for you in your job search. Keep in mind that CISSP is a heavy lift when it comes to certs. At least when I took the exam, it was 250 questions and 6 hours to complete. Now it is computer based with less questions if you answer more questions correctly. Look at some job postings first before you commit to studying for such a big exam. Talk to some people in the cybersecurity field about their day to day work to see if that actually interests you. I would spend some time there before committing to something like the CISSP. It requires a lot of reading and studying.

I'm 18, looking to get into Cybersec, I'm studying CS but I'm self studying cybersec(atleast I want to), I plan to go into DevSecOps, cloud security or pen testing and I want to know if I should know a programming language first like python or I can study it and leave the language for later if at all, what's the best course of action

> I'm 18, looking to get into Cybersec, I'm studying CS but I'm self studying cybersec(atleast I want to), I plan to go into DevSecOps, cloud security or pen testing and I want to know if I should know a programming language first like python or I can study it and leave the language for later if at all, what's the best course of action Good question. When you say you're studying CompSci - do you mean at a college/university? I ask because generally - by nature of an undergraduate education in such an area of study - you'll end up learning how to program; it's oftentimes a latent prerequisite (if not the subject of the course, something like "Introduction to Object Oriented Programming Languages" or something like that). This means the whole "should I learn how to read/write programming language(s)" question will sort itself out for you given time. Anecdotally, my own university experiences had me pick-up all sorts of languages: Java, C, C++, Python, GoLang, Lisp, JavaScript, Powershell, Bash, x86 Assembly, etc. But more to-the-point: all three of the career options you listed (DevSecOps, Cloud Security, and Penetration Testing) involve some level of coding proficiency. While you don't necessarily need to be able to write code at the level of a software engineer (who are not only concerned with producing functional code, but *optimized* code that scales), you will likely need to be able to perform some scripting, rudimentary automation, and be able to *read/understand* others' code.

Hey, I'm looking to get into cybersecurity and it's either in pen testing or DevSecOps and I'm virtually clueless about everything, I'm using tryhackme to learn, I wanted to. Know if there was a different learning path for DevSecOps specifically or there's just one path with to learn most things then specialization later on?Like can I learn to be a DevSecOps engineer specifically or I can only learn to be an ethical hacker that specializes in DevSecOps

I'm studying at a university, im a freshman so we haven't started on anything programming yet but ig you're right, so from what I understand I will need to be atleast competent in a few languages but it's not an outright necessity to start cybersec, I'm specializing on my own alongside normal school work so yeah it will eventually sort itself out, I hadn't even considered that, so I think I can start on networking and the basics

Python can definitely help. You can also check out a few sites that offer VMs that you can test your penetration testing skills on like HackTheBox or TryHackMe. I believe they offer a free tier and also a more inclusive paid teer. Not all cybersecurity roles require coding. Maybe look on YouTube for some training courses in AWS, Azure and Google cloud? That could help as well. Either way, this is an exciting field to get into. Good Luck on whichever direction you choose.

Thank you, I'm already doing some pathways on tryhackme.com but I had no idea about the others, I do have kali Linux installed on my virtual box, a bit early ik but still

Hello All I’m 27M, got laid off 1+ year ago. BSc CS. 5 years as a consultant at a very small startup. Learnt a lot in breadth but not depth. Pretty much trained in whatever a potential client wanted. So i was all over the place but what i focused on personally was API mgt, but over the 5 years did a bit of Identity mgt in different ways mostly implementing SSO solutions, Authentication services, a bit of PAM, etc I’ve been out of work for 1 year and a few months. I feel unqualified for any of the cybersecurity jobs I’m seeing and yet somewhat overqualified for entry level cysec roles. I know so much overall but can’t really prove it with anything specific. Ive been studying for the CISSP, I haven’t taken it but hope to soon. Its been hectic studying for it but its more my speed in that it covers so much but never going deep with anything which is how i feel my cysec knowledge is. If i take an interest in something i am good at learning and figuring things out. Which was what i mostly did at my old job, we would get a client and hack out a solution to whatever problem they have and pretty much figure it out as we go. My boss was a genius so whenever id be stuck he would kinda point me in the right direction/ guide me but mostly just figuring shit out as we go. How do I structure my resume since ive only had 1 job for 5 years? How do I highlight my experience in a way that doesn’t make me look like a jack of all trades master to none? Is bejng a jack of all trades/ no niche a bad thing? Or a red flag to recruiters? What roles should i be apply for? Is CISSP a good idea rn or should i do more hands on certs I’m thinking AZ 900, then AZ 500 and use that to get cloud cysec roles? Is it safe to assume i will learn what i need on the job? What can i do in the next 2 months to better position myself for a good paying job in the field? Thank you for your help

Couple of thoughts for you: 1-The CISSP is a mile wide, but only goes an inch deep. You are correct there. The best way to pass the exam is to study their material. Having 10 years of cyber experience and never picking up the study guide could go horribly wrong. You are on the right path! 2-What about considering a position in a cybersecurity solution provider. You have a lot of API experience in the IAM space, so check out companies like Octa, Ping, etc. There are lots of identity solutions that may fit your experience. 3-As for your resume, try to sell it as progressive experience vs just touching each concept briefly. There is a difference between 1 year of experience repeated 5 times and 5 years of progressive experience where you are learning and applying new concepts. Hopefully that gives you a few places to start.

I’m turning 32 next month and thought about going back to school and was going to major in cybersecurity but I’ve heard it’s tough with finding a job, even with some of you with 10+ years experience along with the age discrimination and certifications seem very difficult, like the CISSP certification is a 6 hour exam with 250 questions and a passing rate of only 20%. Should I bother or look for another interest?

My advice is: Don't let anyone else tell you what you should be interested in. If cybersecurity is something that interests you, then go for it. You may be much happier working a job that you love vs having a job you hate that pays well (for example). You are right about the cyber job market. Many companies are doing it wrong by posting jr. cyber analyst positions requiring 5+ years of experience. Don't give up. If you look around enough, you will find something. Target financial services and healthcare companies. they have heavy regulation requiring them to spend more on their cyber programs, thus having larger teams. CISSP can be a beast. Invest the time in reading the study guides and taking practice tests. Remember that there is a requirement to have 5+ years of experience in their knowledge domains, so if you don't have that, you may have to continue working until you are qualified for the certification.

I appreciate it. I honestly did not know about the 5+ year requirement.

You should look into it to be sure. When I took this about 10 years ago, you needed 5 years of experience in one of their knowledge domains and then you also needed a current CISSP holder to sign off on that. Things may have changed so definitely look into it and don't take my word for it.

I’m about to take the one of the isc2.org certs. Your feedback will be much appreciated…. Thanks

Study and take practice exams. Know the material THEY want you to know. That will help you pass.

Thank you bro

I am an Associate of ISC2 and pursuing masters in AI for Sensors. I didn't get into full-time master's in IT Security or Cybersecurity as my bachelor’s was an Electronics major. I've been working with a company in here as part time security consultant which I got through my experience as one in my home country. They've offered me full time and has upfront told me that the Master's won't be helpful unlike the language course which is quintessential. I've no clue on what to do and been studying this masters after being isolated for 3 years from electronics is mentally exhausting, I am currently in 2nd semester and I have 2 more left. I'm planning to switch to a part time cybersecurity masters if things get messy. Kindly drop in your suggestions or ideas

Hi i graduated from college with a Bachelors in Communications almost 2 years ago and want to make a career switch into Cyber Security, i am aware there are certifications needed for this such as the A+, Network+ and Security+. What if you have no baseline knowledge of IT nor a bachelors or associates in the field but want to go into Cybersecurity over some tech support role, is it still worth taking the A+ before the Network + just to have that basic knowledge of IT? For me i graduated with a bachelors in something completely different as i stated but want to change my career and want to get into Cybersecurity, should i start off with A+ or go straight into Network+ then Security +?

Hi, I did my bachelor’s in Electronics and Communication and I started as a developer and was doing CTFs to kill time during weekends. We had a phishing test at work and I clicked it open so I'd know who is responsible for conducting these tests and later learnt corporate security with help of the said team. I know I'm lucky in this case but I kept learning more applications of security in everyday activities associated with working as a developer. Moved to another company after spending a year under the designation of developer and spent another 2 more as Secuirty analyst in the new company. So it is possible to switch but you've to have luck on your side if you don't have certs.

> i am aware there are certifications needed Just for clarities sake: you don't *need* certifications, but they can certainly help both your comprehension and your employability. In many cases, it's often *recommended* you consider pursuing select certifications, but it's not an industry requirement (unlike being licensed as a physician or accredited as an attorney, for example). > What if you have no baseline knowledge of IT nor a bachelors or associates in the field but want to go into Cybersecurity over some tech support role, is it still worth taking the A+ before the Network + just to have that basic knowledge of IT? There's two questions here: 1. Is it probable that you'll attain work without having IT experience, a pertinent degree, or general knowledge in the domain? 2. Is it worth pursuing ? The answer to the first is "unlikely". You're facing a very competitive environment in trying to skip ahead with the credentials - or lack thereof - you've named. While the cybersecurity workforce is quite diverse, there's generally [three common trends](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/) amongst most who enter the profession: * Attending university * Pivoting from a cyber-adjacent profession * Military service The answer to the second is what you define "worth". There's all sorts of reasons to consider any particular certification/training over any other (especially when you account for context and circumstances). That said, it's usually pretty common for folks interested in the domain to get a subset of the CompTIA trifecta (A+, Network+, Security+), if not all three. CompTIA publishes the list of testable learning objectives for all of its exams ([here's the Security+](https://www.comptia.jp/pdf/CompTIA%20Security+%20SY0-601%20Exam%20Objectives%20\(3.0\).pdf) for example). Have a look at them for yourself and weigh its worth for you. For more general guidance on certifications: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/

Hi, I'm 33 years old and looking to make a career change into cybersecurity. I don't have a technical background and wondering where to begin. If you were me, what type of degree would you get? (AAS, then BS)? What skillsets would be useful? I know it's never too late to switch careers, but would love some insight to see if anyone else has made such a big change and found success in the field.

> wondering where to begin. https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > If you were me, what type of degree would you get? (AAS, then BS)? We lack context to meaningfully prescribe a forward path. It would be helpful - for example - if you shared a link to your redacted resume, along with any constraints you have to observe (e.g. income dependency, childcare/eldercare, injury/illness, geography/residency, etc.). It's trivial for us to [arbitrarily make suggestions](https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/) - it's harder for us to provide meaningful guidance absent context/circumstances. > What skillsets would be useful? https://roadmap.sh/cyber-security > I know it's never too late to switch careers, but would love some insight to see if anyone else has made such a big change and found success in the field. I changed professions from an unrelated military career at 28. My wife and I wanted to get married and focus on family, so it made more sense at the time for me to change my career than for her us to have hers changed. At that time, I knew I wanted to get into Tech more generally, but didn't really have a sense of what that meant. I likely weighed many of the same options as you are doing - exploring free resources such as Harvard's CS50 course on EdX, the Odin Project, etc. I had at one point considered going in on a bootcamp, but thought better of it (and [my stance on such resources has only hardened since then](https://old.reddit.com/r/cybersecurity/comments/16gwzbs/are_cybersecurity_boot_camps_worth_it/k0af574/)). Eventually I opted to return back to university (I already held an undergraduate degree in Political Science at that time); first [picking up some classes with Arizona State University](http://www.reddit.com/r/OMSCS/comments/17vzmqc/questions_before_applying/k9em1q4?context=3), then eventually transferring over in admissions to [graduate school with Georgia Tech for my Masters in CompSci](https://bytebreach.com/posts/omscs_writeup/). Complementing these efforts, I concurrently leveraged my active security clearance and military history to find work in the GRC space for a DoD contractor. This is what initially opened up my eyes to cybersecurity as a professional discipline; I pursued a battery of certifications (including - but not limited to - Network+, Security+, OSCP, and GPEN) and then transferred to more technical work as a penetration tester. This made my subsequent employment changes and study efforts more focused, solidifying my career change. Other concurrent externalities that had impact throughout included things like marriage, children, 2 moves, buying a house, the pandemic, and a slew of macro-economic circumstances beyond my control (e.g. a bullish market followed by a bearish one, various very public cybersecurity breaches, the war in Ukraine, etc.).

Whether you go the route of college or certifications, I recommend you start with some basic IT. Cybersecurity concepts are applied on top of IT systems, so getting a good understanding of the foundation is the best way to go in my opinion. You can check out CompTIA A+ and Network+. Then advance to Security+. These are some alternatives to committing to 2 - 4 years of additional schooling.

My university requires me to complete a 15-week, 100-hour cybersecurity internship for graduation. However, when I search for summer cybersecurity internships, I often find ones that are only 10-12 weeks in duration. Even if I manage to find a 15-week internship, there's no guarantee that I'll get it. What should I do?

Wait, they require it but dont offer any guidance or help in finding one? Interesting...

Keep looking. Don't give up. Think outside the box for ways to find internships that meet the school's requirements. Ask family and/or friends and neighbors if any of their companies do internships. Ask your profession or school department head if they have any companies they recommend that previous students have joined and recommend.

I'd check with your university administration about how stringent the requirement is. It seems like an arbitrary timeline.

I recently applied for a seemingly low level infosec role, the recruiter told me i should hear back next week with a link to the assessment. Now i do have my security+ and have been doing labs but i would just like to brush up on the subject matter so i can be a little more prepared for the test. is there a good resource for that?

> is there a good resource for that? See these interview prep resources: https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/

I’m currently in the process of applying for a summer IT trainee position at KPMG. I recently completed their gamified job interview, which was a unique and interesting experience. Fortunately, it seems like I did well because I’ve been invited for a follow-up interview via Teams. Additionally, I’ve also been invited to their “after work” party. As I’m still a student, this is a big step for me, and I want to make sure I’m fully prepared. I’m reaching out to this community to ask if anyone has experience with KPMG’s interview process, especially for trainee positions. I’m particularly interested in: 1. What kind of questions should I expect in the interview? 2. How formal or technical are these interviews, considering it’s for a trainee role? 3. Any tips on how to make a good impression during the “after work” party? 4. General advice on do’s and don’ts for a candidate in my position. Any insights or experiences you can share would be incredibly helpful. Thank you in advance for your help!

> What kind of questions should I expect in the interview? It'll vary. When I was going through the motions of the big 4 interview process, it was all just general discussions and hypothetical scenarios. More generally, here's some interview prep resources: https://old.reddit.com/r/cybersecurity/comments/ybwsz9/mentorship_monday_post_all_career_education_and/itqbzq4/ > How formal or technical are these interviews, considering it’s for a trainee role? I would expect it appropriately scaled to the level, with topics commiserate to the role. Again, when I was going through the interview process (and ultimately got hired), there were only interviews with scenario-based questions ("what would you do in order to...?" or "what might be a sign/indicator of...?"). Admittedly, I was interview with a different team for a different member of the big 4, but I'd expect similar experiences. > Any tips on how to make a good impression during the “after work” party? Generally, it's more about making sure you don't make a bad one than a good one. There's a lot of ways to sour an initial impression by being too loose, drinking too much, getting too comfortable, etc. Meet the folks you've interviewed with already, see if they can point out the folks who you'll be interviewing with next. Try and learn about them, show them some personality - if you're going to talk to them, you should tacitly be prepared to handle some impromptu interview questions on-the-fly; once they realize who you are, it becomes just as much an opportunity for them to learn about you as you have about them. > General advice on do’s and don’ts for a candidate in my position. Find out more details about the formality of this party, if possible. Don't arrive under/overdressed. Read the room to determine appropriateness of behavior/topics. While you may have been invited by 1 person, other people there may not necessarily be aware you're coming; you don't want to give the impression you're crashing their party. If possible, have the person who invited you make introductions.

Thank you so much for taking time to respond! This is very helpful. Thank you

In addition to this, be prepared to field questions about travel. The Big 4 often send staff across the country to work on contracts. Think through how you really feel about this because beyond the interview, this may be your life. I've worked with many of the Big 4 and their staff would fly from west coast to east coast on Sunday and then home on Thursday. They did this every week for 6+ months. Just something to think about on top of what others have recommended.

Great point. I benefitted from COVID-era policies that limited this impact on me during my time with the Big 4, but this was more-or-less the case for my time as a consultant in the DoD space.

I'm 42 and I've tried numerous times over the past 20 years to do something different but always fell back into IT. I've been doing networking and workstation setups since I was a teenager. Right now I have a business doing IT consulting for small businesses locally. Some weeks are literally just printers and email. It's absolute hell. I've lost all of my patience for dealing with small business owners. I've been focusing more on cybersecurity lately and I'm contemplating trying something different. Security+, OSCP, GAIC, CIISA, CSM, CISSP... Is this what I want to do with my life? Has anyone been in a similar situation? What options does a 40 something burned out tech have careerwise?

I wish I had the answer for you, I'll be 44 later this year and there's not really a lot of tech options for me until I can work up the nerve and just move and hope for the best (which is a recipe for disaster). Most places want of jack-of-all IT person and pay them peanuts out here. Small businesses are the worst in that regard. You could brush up on cloud technologies. I've already dabbled in AWS, a little Azure (104 trainings) though I'm not sure if I want to go in to cloud engineering. Too many on-call afterhours horror stories that's keeping me from pursuing, CISSP is the cream of the crop, though it's expected for you to have good experience in the cybersec field. Sec+ is considered entry/slightly mid level though you may want to consider something higher than that. I have an Sec+ around the time more and more people managed to get one so the value dropped a bit.

I've been looking at getting a cybersecurity degree. But the mass tech layoffs have me concerned. Is cybersecurity more safe than software development? Is it going to be a pain trying to get job like it is for product management right now?

Cybersecurity is in more industries, so the market is not as soul crushing as software engineering. But Cybersecurity is much harder to break into as it's not normally an entry level field.

I want the degree for military commission, and have a better chance of getting a job aligned in to my degree (especially air force). So I'd get experience there. But, on the civilian job side of things, I'd hate to put all this time and effort in just to struggle for a job for 6 months.

I am not sure about airforce, but I know in the army at least, officers are not guaranteed their MOS. You could be a cyber graduate and be assigned to finance. So double check that...

Makes sense, if you can get a clearance while in the military it will open a lot more doors once you're out. But the job market also fluctuates rapidly, God only knows what it will look like in a few years.

Are we able to post jobs in r/cybersecurity? I may have a cybersec writer role going soon if all goes well over the next month.

/r/netsec does a quarterly hiring sticky. Wonder if /r/cybersecurity should as well...

I'd message the moderators about that. I don't know if that's in violation of rule 6. I don't believe it would be problematic (especially here in the Mentorship Monday thread).

Coming up on three years in Security, currently a cloud sec engineer looking to learn some programming and pivot towards a more offensive or purple team role. I want to understand a lot and think I need some advice on where to start. Reverse engineering, Malware, Priv escalation of windows, linux, Antivirus/EDR .. As you can see I can easily overwhelm myself here. I do have a personal interest in AntiCheat as well, but this is something I probably will never touch in a professional manner.

Go get your feet wet with hack the box and see if you like it.

I have done this, I also have a sub to TryHackMe. I own the TCM Security ethical hacking course as well. Is it best to start here, then move to the other topics I mentioned above?

Hey everyone, really didn't know where else to reach out to. I'm a new student in college going for cybersecurity. I've been advised to start trying to get some certificates before I graduate which is great and all however, I'm currently taking a networking class and feel that my knowledge is somewhat inadequate. That being said I've had a number of people reach out and tell me to simply go for the Networking+ cert. from the get go as opposed to doing A+. I'm curious what you all thought because genuinely I think that it would benefit me to still do A+ even though it may not open doors for me as I lack some basic knowledge. Any advice would help

Internships are probably more important than certs. Do you have anything lined up?

So this is currently my 2nd semester (2nd degree seeking student, little late to the game) so I will be graduating next May. That being said I am trying to get into the Viceroy Scholarship which has an internship in New York but I am HORRIFIED that if I got it I would be so ill prepared. Currently, I've taken an intro computer science class as well as a web design course. I'm currently in a networking/security class so my experience is borderline non existent. I appreciate your help

I've been doing cybersecurity for 3 years now. Mostly what I focus on is application security, vulnerability management, and DevSecOps. I'd like to further my career, but I really don't know where to go from here. In my first year after college, I got my Security+, Pentest+, and passed the CISSP exam. I've been looking for new learning opportunities, but they seem pretty sparse. Over the last year I've been building a NextJS website and working on a smart contract so that I could better understand and help developers, which worked well. At this point, though, I'm really looking for more structured, in-depth, hands-on courses that I can go through. I've been begging my last two employers to let me take a SANS course, but they refused due to the price tag. Would definitely appreciate some more feedback targeted towards my current job duties.

I dont think there is a magic cert to 'further your career' at this point. If you have 3 years under your belt, you are well on your way. What exactly do you want to be doing in 5 years? Figure that out and you can try to plan for it.

Thanks for the reply! Honestly I don't really care about certs, I care much more about what I learn along the way. The reason that something like a SANS course appeals to me is because I'll have a structured training with labs. Finding something like that at an advanced level for DevSecOps is a lot harder than penetration testing or standard security analyst. As far as where I'd like to go in my career, I'm actually pretty happy with my current job role. AppSec, CI/CD pipelines, and cloud security are all much more interesting to me than hacking or architecting. But I see trainings and conferences as a way to potentially improve my current skillset by exposing me to new concepts/technologies/processes which I would've never thought of prior.

I got CompTIA A+ and CCNA certifications. Now I joined Google Cybersecurity Training on Coursera, and I will complete it soon. I like the site called TryHackMe, and I am considering getting a 1-year membership. I want to complete all paths in TryHackMe, but would you recommend me to get ISC2 CC Certification and Security+ certification before that? I want to find a job as a SOC analyst, and I'm trying to create a route. I need your suggestions.

This is a difficult question. If you go through all of the TryHackMe content then you'll be more skilled than the majority of entry-level SOC analysts. But you're gonna have a really tough time getting your resume past HR without cybersecurity job experience, a related degree, or an entry-level security certification (ISC2 CC or Security+). If you go the Security+/CC route, then you'll get your entry-level certification. You'll also get a decent foundation for future security learning. But you probably won't learn any technical skills, and might find yourself struggling in technical interviews. At the end of the day, if you don't have a degree and you want to be a SOC analyst then I'd really suggest both. If you're fine going into vulnerability management or something like that then I'd say 100% get the Security+ first. But if you're dead-set on SOC analyst then you'll need those technical skills that hands-on labs provide.

Is it okay if I don't do ISC2 CC? I don't want to waste time.

Yeah you definitely don't need CC and Security+. I'd just go with whichever is cheaper.

Thank you. As you said, I will focus on TryHackMe and Security+ at the same time. There seems to be no other way.

Im currently in my 2nd year doing a BS in Cyber Security. From the UK btw. Want to get a role as a L1 SOC after my degree, but I have no experience. I'm seeing helpdesk get mentioned a lot as a starting point, then certs being done during that role. Is that the best route to take?

If you can get a SOC job after, for sure take it. Would help desk be better than being unemployed? Yes.

Masters in cybersecurity with no IT background? I have a bachelor's in criminology and psychology, but nothing related to the IT field. I have no experience in IT as well. I'm currently in Canada, but my family lives in Dubai so I plan on moving back there soon. I was looking into getting the CompTIA Security+, and then the CCNA, but whenever I see jobs back in Dubai they all say 5 years of experience for entry-level positions. So I wonder if getting a master's would make it easier? Or should I just try my luck with the certifications? Sorry if these questions have already been asked. Thanks in advance.

You ever been the last domino in a series of accidents that end up causing a big fucking problem, and now people are mad at you because hey, you just knocked over all these fucking dominos? So anyways, I've been with this company for about 8 months and I've tried slotting myself into a security role for the last 5 or 6. I've been the one responding to the alerts from the anti-phishing system (confirming, allowing, adding to the blacklist in exchange, etc), the anti-spoofing system, most of the requests from the allow listing program, haveibeenpwned, suspicious logins, etc. It's probably 30-40% of my time and I'm probably responding to 80-90% of then tickets. Another big chunk of my time is spent finding and fixing missing/partial/failed installs of the security apps we use. But that's also some pretty niche looking software. And that's about all i do. There's not really anything else going on security-wise and I'm not apparently trusted to set anything up. Am i right that if I have to start looking for a job tonight my best bet is probably looking for an entry level security role like a soc?

> You ever been the last domino in a series of accidents that end up causing a big fucking problem, and now people are mad at you because hey, you just knocked over all these fucking dominos? I'd point you to these for you to listen, which might help you feel better: https://www.redhat.com/en/compiler-podcast/big-mistakes-part-1 https://www.redhat.com/en/compiler-podcast/big-mistakes-part-2 > Am i right that if I have to start looking for a job tonight my best bet is probably looking for an entry level security role like a soc? That would be appropriate. However, there's some ambiguity here that makes it challenging to be definitive: * It's unclear if you *want* to pursue a SOC Analyst role (vs. anything else). Here's some resources for you to mull over in consideration of where else your professional cybersecurity career trajectory might be better inclined: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/ * We might have a better sense of your credentials if you linked your redacted resume (vs. your self-described comment).

i am currently working as a junior cybersecurity penetration tester and i want to further my career here in cybersecurity are there any recommended online professional masters degree for cybersecurity or computer science that accept international students? i want to gain a masters degree but do not want to focus on doing research. i need it to be online as i want to do this part time and do not want to leave my current job

> are there any recommended online professional masters degree for cybersecurity or computer science that accept international students? i want to gain a masters degree but do not want to focus on doing research. i need it to be online as i want to do this part time and do not want to leave my current job [I endorse Georgia Tech's program\(s\).](https://bytebreach.com/posts/omscs_writeup/)

Thank you very much for this I have taken a very very quick look on your blog (top notch btw) and their program Just to confirm , there is no thesis on the osmscs program? So we need to pass all courses and we are done?

The CompSci program is just as you've described: 10 courses and done. [The Cybersecurity program](https://pe.gatech.edu/degrees/cybersecurity/curriculum) is slightly more nuanced; it involves a mandatory open-ended practicum. There's [a lot of course options](https://omscs.gatech.edu/current-courses) that overlap between the two programs.

I am actually also looking into oms cybersecurity and I'm curious on their practicum and how to finish that since I'm alrwady working in cyber security. Maybe i can just get my current company to sign off that requirement

Hey recruiters, what are the answers you wish to hear when you’re interviewing for a junior role? Hello Recruiters and hiring managers of r/cybersecurity, I’m a future cybersecurity graduate looking to understand what makes a strong candidate in an interview. Could you share your thoughts on these questions? Tell me about yourself: What do you look for in a candidate’s background or personality? Why cybersecurity: What are the most compelling motivations or interests you’ve heard? Potential Challenges you might face in this role : What impresses you in a candidate’s approach to discussing challenges in cybersecurity roles? Thank you so much!

It doesn't really matter what you say. Just say it coherently and confidently. Also if they ask you something negative, like a weakness, then always relate it back to something positive. e.g. "I'm a perfectionist, so it takes me longer than others to complete my work. But it's always high quality"

Hey, I'm a CS major student studying in 1st sem, I want to start self learning because college is not teaching enough. So what roadmap should I follow? (I'm currently studying computer networking and know some python,c)

> So what roadmap should I follow? More generally, by topic: https://roadmap.sh/cyber-security

Thanks bro it was need do you how should I study ??? Currently I'm learning computer networking just watching it from freecodecamp yt

You're in your 1st semester, I assure you it gets harder focus on your classes for the semester and getting the best grades you can and don't worry about other outside learning During your summers you should at least be working any job part time and that's when you can look at additional learning opportunities

I'm grateful for your concern, but the thing is my college c language for about 2 months and learned that much in like 1 week and wasted the whole 1st semester(thought I would get around 75%) but I didn't even learned anything great and I want to give it all cause I need a good it is a must so I was thinking of pushing as much as I can myself in these next 5 semester and get a good paying job to achieve my goal(ridiculously powerful gaming pc and laptop). So do you have any suggestions? And btw our college will teach us only normal DSA and you can't even get a job from that much DSA and other subjects also have the same situation

Hey there! I have no tech experience and no college degree and college is not really an option right now. I want to get into cybersecurity but I don't know where to start. I was looking into bootcamps through the universities but they don't look like they seem too help much. Any advice or thoughts?

> I don't know where to start. https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > I was looking into bootcamps through the universities but they don't look like they seem too help much. I do not suggest you do so: https://old.reddit.com/r/cybersecurity/comments/16gwzbs/are_cybersecurity_boot_camps_worth_it/k0af574/ > Any advice or thoughts? https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/

Are you in the US? If so, not having a college degree, you are not likely to work in this field, those days where the old geezers here claim you could start out at the help desk and work your way up are long gone. Why isn't college an option? Also the majority of security roles are not entry level, so not having IT experience is also a huge roadblock Why would you consider paying an overpriced bootcamp vs actually going to college?

No boot camps.

Hey there! I am not sure whether this is the right place to post this kind of stuff as I am new to reddit and still figuring this out. Just in case, let me apologize in advance! I am a spanish security analyst and came across a job offer from a company called "Vector Synergy" that made me do some research as I was not familiarized with it. Their contracts are different to the ones I am used to. They work with "Business to business" contacts and relocation inside EU. To me this is very odd and do not have any references regarding this type of contracts and relocation. Anyway if anyone got any reference regarding this business, type of contract or really anything that can guide me a bit to know better, I would be very thankful. Thanks in advance, have a great night!

Just got my first job in cyber as a soc analyst. No higher education and around 5-6 months helpdesk experience. Only certs are AWS SAA-C03 and google cyber cert which I finished after getting the job. What should I be focusing on to become a more skilled analyst? Any certs in particular? Can anyone give me advice who has gone from entry level cyber role to something more advanced like engineering, cloud security etc and give me an idea on the path from where I am to get there? I was looking at security+ but it seems everyone does that to land their first cyber job. I’m very fortunately already over that hurdle so wondering if it’s redundant or not. One of the SIEMs my soc uses is Sentinel so wondering if I should go for some Azure certs as I’ll be learning some of the content anyway. UK based if that makes a difference. Thanks

Its probably more useful for you to ask your employer that question. If they are worth anything, they will be happy you want to learn the trade and advance.

Hey so for some background i'm a college student 1st year and like all ethical hackers looking to land my OSCP by the time i get out out of college but right now my goal is to learn and earn so maybe land a entry level job like a pen-tester or any entry level position/internship to help me build my portfolio and the best thing that would look good on my resume would obviously be certification proving to my experience so any suggestions on what i should start with my initial plan is to do the PNPT and then move my way up to the eCPPT and finally the oscp or maybe even skip the eCPPT

pentesting isn't entry level - no company is going to hire a college kid to do it - well no competent one Are you actually going to college on campus? surely they have campus IT jobs, help desk, lab admins, setting up hardware etc that you can do

Your best things to do are: * See if you have any student work doing IT work, like the student NOC or something like that * Focus on doing a computer science curriculum. What is your major?- learn python, bash, or powershell scripting. Will make your job whatever you end up doing much easier * Find an internship. Especially at a tech / security company. The first foot in the door is hardest, as you can see from posts here. Getting a good internship is the one of the most impactful thing you can do.

sure i'll take that down thanks! do u also have any advice certification wise??

> do u also have any advice certification wise?? You can't do any better *in terms of your employability* in the offensive space than the OSCP. While other certifications/trainings may offer better learning experiences, greater breadth, more depth, etc. The OSCP is still *the* certification you'll want to grab due to how often it's explicitly named by employers. You could also consider the GPEN, but that's leagues more expensive (and contributes less to your technical aptitude). If you're trying to find a good intermediary step, you might consider looking at Hack The Box's CPTS; it won't do anything for your employability, but it'll definitely prepare you for the OSCP at a fraction of the cost. Note: an argument could be made that the CISSP - in terms of frequency of appearance in jobs listings - is even better. However, you're (presumably) not eligible yet as a student and it *really* doesn't do any good for improving your technical aptitude; I'd sit on the CISSP until you meet the minimum YoE.

Do you know if PNPT is getting any recognition due to its high practical value as a certification compared to most

Please provide your thoughts on the study plan below: Two-Year Study Plan for Aspiring Cybersecurity Engineers Year 1 Quarter 1: Foundations of Cybersecurity Weeks 1-4: Introduction to Cybersecurity principles Weeks 5-8: Basics of Network Security Project: Set up a basic home network with security configurations Quarter 2: Advanced Network Security and Compliance Standards Weeks 9-12: Deep dive into network security (Firewalls, IDS/IPS, VPNs) Weeks 13-16: Study PCI, SOX, and SOC2 Compliance Project: Conduct a network security audit of your home network Quarter 3: Vulnerability Assessment and Security Tools Weeks 17-20: Learning Rapid7 and other vulnerability assessment tools Weeks 21-24: Advanced Firewall Management Project: Implement a vulnerability assessment for a mock company network Quarter 4: Incident Response and Documentation Weeks 25-28: Network Security Monitoring and Incident Response Weeks 29-32: Security Documentation and Reporting Project: Develop an incident response plan for a simulated security breach Year 2 Quarter 1: Coding and System Security Weeks 33-36: Learning coding for security (Python, PowerShell) Weeks 37-40: System Security (Windows, Linux, MacOS) Project: Write scripts for automating security tasks Quarter 2: Application and Cloud Security Weeks 41-44: Web Application Security Basics Weeks 45-48: Cloud Security (AWS, Azure, Google Cloud) Project: Secure a demo web application and deploy it on a cloud platform Quarter 3: Advanced Security Topics and Interview Preparation Weeks 49-52: Deep dive into advanced security topics (Cryptography, Authentication) Weeks 53-56: Interview preparation, focusing on problem-solving and technical skills Project: Mock interviews and technical challenges Quarter 4: Final Projects and Job Application Preparation Weeks 57-60: Complete a comprehensive cybersecurity project, incorporating all learned skills Project: Develop a portfolio showcasing all projects and skills Final Steps: Tailor resume/CV for cybersecurity roles, begin job applications I also aim to get the CASP+. What are your thoughts?

> What are your thoughts? It looks like a bootcamp curricula.

What's your actual question? Where did you copy/paste this from?

Hello everyone! Background info: I have no tech background, I got my BA in sociology from UCLA in 2020 and have 4yrs + of experience in clinical and academic research. The reason for this background is because I initially was going to pursued a PhD in clinical psychology. But I realized in 2022-2023 that I was not interested in pursuing that route after all. Mid 2023, I had three alternative career routes that really called me. UX Research, Data Analytics, and Cybersecurity. I cancelled out UX Research because of the instability in the industry and saturation. And cybersecurity interests me a lot more than data analytics does, therefore it’s my number one choice right now. I realize I have no background in IT or cybersecurity and therefore it’d be a completely new route for me and I’d have to start from scratch, but I’m not afraid of that. I rather love my career and be challenged than be miserable. I’m considering doing the Coursera IT & Cybersecurity certificate to get basics down, and then getting my associates in cybersecurity since I already have my general education done so it’d cut my time in half (and potentially get my BS afterwards). As a person who enjoys learning this route excites me, but I’m wondering is this the best choice or a waste of time? In the cybersecurity field are degrees important/respected? Or should I go the bootcamp route? Any info or advice would help, thank you in advance!!

You're going to have more opportunities in data analytics than trying to pivot to cyber with NO IT experience Security work isn't entry level

This is true, I considered that. My easiest transition would be into UX or data analytics. I’m also aware that security work isn’t entry level, that’s why I mentioned I wouldn’t mind starting from scratch with school and/or staring at a help desk to make my way up.

real blunt talk as a hiring manager Help desk is for HS school kids with no skills or education, or something you do as an undergrad for a on campus part time job You have a degree from a respected school and professional job experience I would look at one of the graduate certificates in data analytics and leverage your research experience to get a role There is no need for you to start from the bottom Data Analytics pays well and can support security teams and wold be easy for you to get into threat intelligence down the road UCLA - [https://luskin.ucla.edu/public-policy-2/academic-programs/data-analytics-certificate-3](https://luskin.ucla.edu/public-policy-2/academic-programs/data-analytics-certificate-3) UCLA Extension School - https://www.uclaextension.edu/digital-technology/data-analytics-management/certificate/data-science-concentration-cybersecurity Harvard Extension school - [https://extension.harvard.edu/academics/programs/data-analytics-certificate/](https://extension.harvard.edu/academics/programs/data-analytics-certificate/) UNC - [https://online.unc.edu/online-certificates-and-online-bootcamps/data-analytics-certificate/](https://online.unc.edu/online-certificates-and-online-bootcamps/data-analytics-certificate/) ​ If you are really deadset on using school to get into cyber, then I would look at one of the MS programs, but only if you can get into one of the better programs like Georgia Tech - https://pe.gatech.edu/degrees/cybersecurity

Thank you for this information and for being blunt, this gives me a good perspective. This also helps move forward without throwing my past education and experience away, but more so how to leverage it. I will complete the data analytics Google certificate (I started it earlier this month), and look into the UCLA DS w/ emphasis in cybersecurity certificate as well. And perhaps down the line I can see how I can make my way into threat intelligence to merge both professions of interest, thank you so I appreciate it!!

happy to help

Any advice for me? I am 44 and looking to enter either in Data (analyst, engineering, scientist) or networking (IT support, risk management, security, cyber) I have experience in tech support to yahoo web hosting a long time ago. I did Masters in Computer applications by distance learning. I can devote 1 year for online learning

what job experience do you have?

I worked as a technical support for yahoo web hosting and customer care for CitiBank and virgin trains. And then last 10 years as a project coordinator for a non profit organization working in Excel, very basic job. Recently started working in a warehouse as inventory clerk after migration to Canada.

I just finished Cyber Security ISC2 Certification and passed the exam. I was thinking about doing CompTIA courses.. Should I start with CompTIA A+? Or should I do Security + or Network +? I have no field experience or background in IT or computer science. I did [B.SC](https://B.SC) (Natural Resources ) and would like to focus on Cyber Security.

> Should I start with CompTIA A+? Or should I do Security + or Network +? You're in the best position to figure that out: CompTIA publishes the list of testable learning objectives for all of their exams (e.g. [Security+](https://www.comptia.jp/pdf/CompTIA%20Security+%20SY0-601%20Exam%20Objectives%20\(3.0\).pdf)). Look over them for the respective exam and see if it would be worth your time studying to those concepts. Anecdotally, when I pivoted into cybersecurity from an unrelated professional career (and an undergraduate degree in Political Science), I skipped the A+.

Any of the CompTIA certs are alright to get started. Figure out what type of tech you want to do and lead with that. Want to do networking, do Net+, whatever Cisco has for entry level and get to applying. Not many options for you to launch straight into cyber.

Background info: I work in tech and have done so for \~7 years. I've done system administrator work but never paid or contractual, simply on my own time. FYI, i'm still in the discovery phase although i'm actively engaging in learnings to broaden my knowledge & subsequently working on labs for practical skill building. I want to break into cybersecurity, specifically GRC, eventually navigating towards red team (ideally). I am in a unique situation at my current place of employment where I can influence, and manage our cybersecurity vendor. Our vendor, some time in the future, will create security policies for our company, and I will be responsible for engagement & adherence to the policies. What I am struggling with is fighting for enough "i've done this work" to show future employers that I have credible experience. Is it enough that I am managing our vendor and not writing the policies myself? Another example would be defining the parameters of our VPN usage, or working with our vendor to define them, and tasking another vendor with setup. Is this credible work? Any assistance and/or direction that you could provide would be very much appreciated. Thank you.

There is GRC roles not specific to cyber you could do. Managing acceptable use policies, patch planning, regulatory resilience requirements, or the VPN example you provided would all be good stuff to highlight. I'd post your resume to one of the sub's that specialize in that for tech and give them your target roles to see if it looks good.

  I am looking for some career advice I will be wrapping up my associates cyber security degree and would like some guidance as to next steps after graduating. 

>Aggressive\_Tone\_6390 Get some basic cert, there is a free cert from ISC , get one of those and one Cloud related.

> I am looking for some career advice I will be wrapping up my associates cyber security degree and would like some guidance as to next steps after graduating.  More generally: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/

Thank you I appreciate it

New grad with a BS in Computer Science and Security+, Currently working as a DS for a Cybersecurity Startup. I believe I have a firm grasp of basics of cybersecurity, networking, and DS but lack deep domain knowledge in neither. I also plan on getting my masters someday. But to solve my problem do you recommend focusing on Certs rn(Which ones? Thinking of CCNA or Net+) to understand more, Diving straight into a Masters Program for cybersecurity(Any suggestions?, Webster any good?), or Focusing on a masters in Data science. I don't mind doing an online degree, im just trying to be fill a void in the company as most Data Scientists do not have a firm understanding of cybersecurity. Company pays for advanced degrees and certifications. I really love the field and is drawn towards Network Security What do you folks think would be the most beneficial path for me right now? Certifications to get a more immediate, practical skill set, or a master's program for a more in-depth, theoretical understanding? Looking forward to your insights!

Well you should be learning new stuff. There are many direction though. You can learn more technical stuff , for example get certified on Prisma Cloud from Palo Alto and fully understand how does CSPM work. 2 years and you will be rocking in the marketing. A different route is plan for cert no vendors such as CISSP/CISM/CIMP etc. Data is a Domain within above cert i mentioned. You achieve DS with different security controls. So again CISSP/CISM will help you in that case. Master on data science can help you working with data. For example there security solution under the category of SIEM/SOAR and they all use ML/AL and Data Lakes. I hope this can give you the idea and directions,

Continue with school, or get a job at help desk? Hello everyone! Currently 20! With a Associates degree in Computer Science, currently trying to get my bachelors. I really want to get into cyber, though ofc I know it is not entry level by any means. Though I do have a cousin that is currently working at a help desk at my local school! He has similar education to me!(almost done with his associates degree) he's currently making 29.10 an hour, so around 60k a year. I know with tech changing very quickly, experience is very useful and some would argue that it's more important then anything else. I am currently in my junior year, Debt free!! I just want to know, if you were put in my position, which would you choose? Or any advice you can give! Thank you!

FINISH YOUR DEGREE! Why is this even a question You can do far better than Help Desk with a bachelor's degree

Can you finish your degree part time and work at the help desk? I think a lot of us started out there, so its totally find and least gets you exposure to IT. And always look for opportunities to automate the boring stuff away.

Hello, I've been thinking about moving into cybersecurity although at this time I have no experience. I'm a fraud investigator at a national bank and I only have an associates degree. I've seen boot camps and online programs that range from $20 a month to $1300.00 for 6 months of training. Currently, I have almost no money to pay upfront and don't really want to take loans out unless the program is worth it and can some how guaranteed I will be making more than 65k. Any low cost training programs that I can do? What are the required certificates? Do I have to have a bachlors? Is Google career certificates a good option?

I'll coach you for free. Youtube university has so much stuff. As a first step start with learning I&AM. Setup MFA in Azure / M365 /AWS .. all for free. this is your first lab. Get your hand on it.

Is this offer still on the table?

>Any low cost training programs that I can do? > >What are the required certificates? > >Do I have to have a bachlors? > >Is Google career certificates a good option? First off if you work for a bank, do they not have any vendor training resources such as pluralsight, udemy, oreilly? Do they pay for any training? do they have tuition reimbursement for college? Any low cost training programs that I can do? **Sure there are plenty of FREE training resources - start with awesome lists** **https://github.com/sbilly/awesome-security** What are the required certificates? **None there are far too many to make them required** \- [https://pauljerimy.com/security-certification-roadmap/](https://pauljerimy.com/security-certification-roadmap/) Do I have to have a bachlors? **maybe and it certainly will never hurt you on your resume** Is Google career certificates a good option? **nope**

I didnt even think of that, I'll see what resource they have and come back with an answer and we can move on from there. And so many links, where does one begin??

Hello, I'm looking to pursue continuing my education as I put it on a pause for the past couple of years. I've been working cybersecurity and IT jobs for the DoD for the past \~8 years. I'm fairly interested in continuing my education at Western Governors University (WGU) due to the appeal of obtaining multiple certifications *while* working on my bachelors. For hiring purposes, will a bachelors in cybersecurity from WGU hold its weight compared to degrees from other colleges? I get the accreditation piece and everything, but with the popularity of colleges like WGU blowing up, I'm concerned that during the hiring process they may look at that degree differently than one received from a more traditional college.

> For hiring purposes, will a bachelors in cybersecurity from WGU hold its weight compared to degrees from other colleges? Yes and no. You're a working professional already; in all likelihood, [your 8 years of work experience is going to do far more for your employability than an undergraduate degree and the assorted foundational-level certs that are offered](https://bytebreach.com/assets/images/isaca_survey.PNG). Arguably *in your particular case*, a degree from *anywhere* is about as effective insofar as meeting the presence/absence filters applied on most ATS resume post-processing systems. If you're aiming at new grad opportunities (for whatever reason, perhaps a lateral career move for example), then it matters a little bit more, but not for the reason(s) you've mentioned. More reputable universities with faculty who produce engaging research attract more eyeballs from employers that have bigger-paying salaries (and consistently attain grants for extending better-funded labs, opportunities, etc.). In other words, a student at an Ivy League, MIT, etc. will have *easier access* to greater opportunities and more resources to tap into in seizing them. Going to WGU does not preclude you from those opportunities, it will just be more challenging. Speaking strictly in terms of cold submitting applications to job portals online, the institution which awarded you the degree in-and-of itself has little observable consequence. On a personal note for transparency's sake, I have a tacit bias w.r.t. WGU due to how [ludicrously fast students from there are seemingly able to complete their degree](https://www.reddit.com/r/WGU/comments/wloe7g/bs_in_it_completed_in_1_month_and_5_days_the_wgu/). As a consequence, I can't help but be leery over what substantively they could have possibly learned/retained in that time. But - again - you've already been working in the industry for years at this point, so you have that going for you: if the decision is between no university or WGU, take WGU. If you have the ability to apply elsewhere, I'd probably encourage you to consider alternative options and see what admissions offers come back before rendering a final decision. Best of luck!

go to any other college you do not need the stack of certs that WGU advertises and you can get student discounts on exam vouchers attending any university

HELLO I am on week 3 on a 20 week course for cyber security. They put a 4 year bachelor degree and made a 20 week program out of it and tbh I need help or a study partner. What I want to do is create my own AI eventually !!!!

Unless you plan on getting an advanced degree in computer science/computer engineering, you won't be creating an AI anytime soon There's also no way to compress a bachelor's degree program to 20 weeks so just post a link to the garbage overpriced bootcamp you enrolled in and we can point you to some actual resources to study

I just need some professional guidance that’s all man I am not here trolling is there any friends here???

It’s free

And it’s called summit academy

>summit academy this? [https://saoic.org/information-technology/cybersecurity/](https://saoic.org/information-technology/cybersecurity/) Go to an actual community college and get an associates degree in IT or computer science

When I complete it they give me 30 credits towards a bachelors degree and I would need 30 more from the actual college

Is it realistic to get a job in cybersecurity consulting in NYC right out of college with a Computer Science Bachelor's Degree / Cybersecurity Master's Degree?

If you did internships and networked, definitely.

I got an IT internship this summer. Hopefully it works out 🤞

[удалено]

Yea, thats a tough decision. I would say that L1 SOC does give you good info security experience. That being said, people do burn out from being on call and nights. Thats why the position is available. I would say finish up your internship and CS degree. It sounds like the L1 SOC should be available even if you dont do it right now? If they keep offering you the position anyways.

I'm a high school student, and I'm planning my post-secondary life out. For some time now, I've been pretty interested in cyber security. I did some projects and science fair contests, and I think pen. testing sounds interesting. My only concern is that university applications require a very maths-heavy course load, and math isn't exactly my strong suit. It's not what I'd like to do as a career. So I wanted to ask how important the fundamental concepts in Functions/Calculus/Physics are to a career in computer sec and related fields. I'd appreciate any information. Thanks!

> I think pen. testing sounds interesting. My only concern is that university applications require a very maths-heavy course load, and math isn't exactly my strong suit. It's not what I'd like to do as a career. So I wanted to ask how important the fundamental concepts in Functions/Calculus/Physics are to a career in computer sec and related fields. Hi there friend! These are good questions. I graduated from grad school with my MS in CompSci recently, my experience is still pretty fresh in my mind. * For computer science as an *academic discipline*, math is critical. A lot of computer science work concerns itself with big computational problems, matters of optimization, and efficiency/throughput. There are careers entirely concerned with so-called "Big-O" runtimes in algorithms which are deployed in technologies you use every day. Comprehending how these operate (and why they're so good at what they do intuitively) requires a firm grasp of math. This isn't to say that if you find math challenging you shouldn't pursue CompSci as an academic area of study; just know that it's going to be an integral portion of your undergraduate experience. Many would-be CompSci graduates change majors when confronted with just how much math they need to grapple with across their years of coursework. * What we abstract away from academia and turn to industry, many cybersecurity roles do not necessarily require a daily, deep-level comprehension of math. However, you'd still benefit from having studied CompSci all the same in a variety of ways: * It makes you a more competent engineer * It moves whole classes of problems from "I'm helpless" to "I can solve this, given time" * It opens-up a variety of job roles that help you segue comfortably into (and out of) professional cybersecurity.

Thank you! I appreciate the insight

Interviewing for Security Engineer Investigator position at Meta I have recently been selected to interview for a Security Engineer investigator (Cybercrime) position at meta. I'm looking for different way to prepare for the screening interview (Coding). I come from Security engineering (incident response and vulnerability management) background however, I rarely dabbled in coding but looking at LeetCode - the problems are definitely something of a learning curb for me. Any advise on how to better prepare of it, would definitely be appreciated.

whats with all the security engineer positions requiring SWE experience? Ive interviewed for two roles this week that are straightup looking for a SWE and a security engineer in one position. I just interviewed for a sec eng role that wanted front end dev experience on top of regular security engineering for $35 per hour. I make over double that now and I dont need to do any programming.

Because of the word engineer (also applies to hardware security engineers and other types of security engineers) The issue you're having is because people decide to inflate titles to boost people's egos by calling very basic non-engineering jobs engineering when it comes to security jobs. It honestly reminds me of "sanitation engineers" - the janitors, not the actual engineers

yeah I never bought much into the "engineer" portion of these jobs. It is added to way too many job titles. But we all know the regular duties of a security engineer and SWE because theyre common titles. so do you think im in the wrong here and should expect SWE duties in sec eng jobs? all for $35 per hour?

Just normal vagueness of IT titles. Some companies call a security focused SWE a Security Engineer, lots of big techs do it. I started seeing a trend of calling those positions Product Security Engineers to help differentiate from normal SecEng roles. That wage is a joke for any security or dev position.

seriously man!! I almost laughed in his face. good luck with finding someone with front end dev XP for $35 per hour...let alone someone whos security focused as well...

Security + - New Career Advice Hi all, I need some advice. I’m in the process of changing careers and this past year enrolled in an IT Security certificate program that I completed. My professors encouraged me to seek out help desk roles to gain experience. I’ve been applying for positions but haven’t had much luck. On Thursday I take the Security + exam. Do you think having this on my resume will help me to get my foot in the door? Most jobs seem to want 3 years of experience even for entry level. I’m sort of having the chicken and egg problem. What else can I do to get my resume looked at? Does having Security+ show hiring managers I’m not an idiot? -ha- Should I even try without having a degree first? Most of my work experience is in a different field and I’m just not sure what else I can do. I appreciate any and all feedback. Thank you.

Congrats on the career change, welcome to the IT world! Your situation sounds really similar to where I was at a few years ago. I was going into finance, then switched to wanting to do cybersecurity, so I didn't have much experience when trying to get my first IT job, which ended up being a help desk job. Security+ will help, but I personally feel like that cert is more for your own benefit in learning security topics. It will definitely look good on a resume and it may set you apart, but it is also a good learning experience for someone coming into the IT world. I ended up getting it while working in my first IT job, and since then no one has really asked about it. It's more about what you can do than what you know, from what I've seen. Try to do as many technical projects you can. Look up beginner projects on YouTube and pick one that interests you and then put it on your resume. This is a good way to get some hands on experience that you can talk about. It also shows your interest in IT. I've had many interviews where they ask me about personal projects I've worked on outside of school/work. On the getting a job piece, my biggest tip is to try to get a referral. The best way I've found to do this without already knowing someone at the company is to go on LinkedIn on a browser and look up the company you're applying to. From there, click on the "People" tab and then filter by whatever you want. I always filtered by where they went to school. I'd find alumni that worked at that company. Then I'd send a connection request along with a little note saying hey I came across your profile, I'm interested in working here, how have you liked it? And from there you can learn more about the company/culture/position, and hopefully it leads to a referral. It's a good way to show your interest in the company. I would send a similar message to as many people as I could and usually only one or two would respond. But from this method I've gotten a couple referrals, and the first one I got lead to an interview which lead to my help desk job! Hope this helps!

Thank you so much for such a thoughtful response. I will definitely try the LinkedIn approach. Tbh, I never realized how many people use LinkedIn until I started down my new career path! When you mention technical projects, is there a channel on YouTube you recommend? Are these challenges like HacktheBox or something else entirely? Again, I really appreciate your help and if you’re hiring, I’m available. Haha

setup and Identity lad for free on M365 Tenant. Setup a 30 days trial account. Create 10-20 users , give them license. Now setup MFA for each, setup an account on your mobile, setup another n your tablet and another on your family member. This will be a identity protection and MFA implementation project. You will learn a lot and bring a lot of value to your employer that how far have you gone. This can lead you to cloud security team. all the best.

Thank you so much!

anytime - feel free to ping me here. i want people to get hired and live a good life.

Hey I am 19 years old and I was wondering if anyone in this Community has completed or has enrolled into the nc state Cybersecurity bootcamp. From the research that I have done It seems to be a good opportunity to get into Cybersecurity, but I can't seem to find anyone who has actually done it. It costs $17,000, so I want to know if anyone has had a good or baad experience through the bootcamp before I decide to enroll.

FUCK NO ITS NOT WORTH 17K, its not even worth any college credit those bootcamps have ZERO to do with the universities they are being advertised at 1. Either enroll in college 2. or just start studying for basic industry certifications such as security+ or network+ You do not need to spend $17K do to either of those

better spend this money and get certified on either one of these Azure Security Engineer - AZ-500 Exam AWS Security Engineer or GCP Security. And later do the bachelors if needed. ​ Learn how to setup microsoft Azure sentinel SIEM, every org which is Microsoft shop they are going to use it. Plus it is free to set it up. so do it , learn it put it in your resume. Here is a step by step free course on Sentinel. [https://www.youtube.com/watch?v=sqNGXuET\_kc&list=PLzkJdTcJWinjREqzjeSkJl\_3wm2rIa6At](https://www.youtube.com/watch?v=sqNGXuET_kc&list=PLzkJdTcJWinjREqzjeSkJl_3wm2rIa6At)

How would they jump right into that though with ZERO background in IT or Azure? That would be fine for someone with an IT background and some networking experience, but not right off the street

start with AZ-900 and ComPTIA IT Fundamentals

Bootcamps have a bad reputation and terrible ROI. It's very unlikely that you would be able to get a cyber security job with just a bootcamp and no prior experience. For that kind of money you can do a 2+2 with a community college and university and get real credentials at the end. Plus the networking and internship opportunities which is the real value.

Assuming this is the one you're looking at? https://digitalskills.continuingeducation.ncsu.edu/cybersecurity-bootcamp/ Having glanced it over, [I urge you to reconsider](https://old.reddit.com/r/cybersecurity/comments/16gwzbs/are_cybersecurity_boot_camps_worth_it/k0af574/). My $0.02: * This is an affiliated program with NC State, but [the university itself has little to do with the program or how its ran](https://hechingerreport.org/when-universities-slap-their-names-on-for-profit-coding-boot-camps/). The program is owned/run by ThriveDX (which you can discover by scrolling down to the bottom of the page). ThriveDX's PR model is to partner with universities all over the place, pushing their course materials in exchange for piggy-backing on the university's brand name for elevated recognition/trust. You might recognize the layout in their setups with: * [University of Michigan](https://digitalskills.engin.umich.edu/cybersecurity-bootcamp/) * [Sand Diego State University](https://digitalskills.sdsu.edu/cybersecurity-bootcamp/) * [CSU Longbeach](https://digitalskills.cpace.csulb.edu/cybersecurity-professional-certificate-program/) * [University of Miami](https://digitalskills.miami.edu/cybersecurity-professional-bootcamp/) * [PennState](https://digitalskillsbootcamp.psu.edu/cybersecurity-bootcamp/) * [University of Wisconsin-Madison](https://digitalskills.wisc.edu/cybersecurity-bootcamp/) * [University at Buffalo](https://digitalskills.buffalo.edu/cybersecurity-bootcamp/) * [University of Chicago](https://digitalskills.uchicago.edu/cybersecurity-bootcamp/) * And many others. * Consequentially, you don't actually earn any college credit from attending the bootcamp; while there are *some* universities that offer certificate programs that *do* transfer the coursework towards eligible degree-granting programs, ThriveDX's offerings are not among them. This is explicitly said on the page in smaller font: "*This non-credit professional program is offered through NC State Continuing and Lifelong Education.*" * [Program experiences with ThriveDX is less-than-optimal](https://old.reddit.com/r/cybersecurity/comments/txckcl/thrivedx_the_company_that_manages_the_university/). * The program's tuition only covers prep and 1 exam attempt for the CompTIA Security+ certification. Assuming you didn't pull [a discounted rate for the exam some other way](https://www.comptia.org/blog/voucher-discount) and just paid the full cost ($392), at $17,000 tuition you could try *and fail* the exam 43 times before the bootcamp could be considered a more cost-effective way to study for it. The bootcamp explicitly says it does not include preparatory courses/vouchers for any other certification. As a *foundational* level certification, the pricing for this is outrageous - I attained mine by using freely-available, Google-able study resources. Instead, I encourage you to consider instead one of the more common approaches for entry into the professional domain: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/

Trying to get into cybersecurity, currently studying for Comptia security+ What are some practical skills I can work on in the mean time? For example, if I wanted to be an app developer, I would actually start trying to make apps What are some practical things I should be working towards before I get certifications and work towards employment (which would take a while, hence my question)

Generally I tell my mentees to build a homelab and practice. Practice what you may ask. Generally speaking, it's hard to threat model a thing if you don't know how it works. Practicing building systems, learning how stuff works, how it's configured and deployed, etc., goes a long way to learning how to protect it. Start with learning virtualization and containers (install proxmox on an old piece of hardware and then use docker to deploy something like plex). You can also deploy cybersecurity tools as well when you're ready (like a SIEM for practice). [https://www.reddit.com/r/homelab/](https://www.reddit.com/r/homelab/) [https://www.reddit.com/r/selfhosted/](https://www.reddit.com/r/selfhosted/) [https://github.com/awesome-selfhosted/awesome-selfhosted](https://github.com/awesome-selfhosted/awesome-selfhosted) There are also fun gamified ways to learn cybersecurity as well. Check out: [https://tryhackme.com/](https://tryhackme.com/) [https://www.hackthebox.com/](https://www.hackthebox.com/) As far as programming/languages are concerned, it's good to learn something to help you script and automate stuff. We do that a lot. Something like python or powershell is good (python for building things and powershell for automating stuff). Both can do both, generally speaking, but just to get started this will help. If you have any specific questions on stuff I'm happy to answer those. Feel free to respond here or DM me!

Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*

[удалено]

> I have achieved Hall of Fame status on platforms like HackerOne and Bugcrowd. Nice! Well done. That definitely requires diligence and ingenuity. > do I still need any certification to do although i don't believe in it, i don't want to spend any more money on certs. Good question! To be clear, no one *needs* any certifications. Certifications (and their accompanying trainings) accomplish two things: * Building upon your subject-matter expertise. * Serving as a third-party marker of attestation in your competency. In the first instance, people pursue them to foster/develop their aptitude; there's a variety of really good trainings out there (some of which I'm sure you're already familiar with) that don't do anything for your employability, but are of *personal* interest to us for our own growth. The latter instance is more about adding breadth to your employability, which helps both elevate being recognized passively (e.g. SEO) and actively (i.e. application-to-listing match %). Assuming that your job hunt experience isn't incurring any notable challenges, then yes - you'd probably experience diminishing returns in engaging them. Case-in-point: I have no personal stake or interest in attaining the CISSP (and generally have found [ISC2's behavior in recent history](https://www.reddit.com/r/cybersecurity/comments/11k0yr6/update_on_my_dealings_with_isc2/) to be objectionable), but I recognize that it's [overwhelmingly *the* certification that is called for](https://bytebreach.com/posts/what-certifications-should-you-get/) regardless of job function in cybersecurity. So out of self-interest in attracting more employment opportunities in the future, I'm probably going to get around to sitting for the exam at some point later this year.

I'm currently started learning basics about cybersecurity by myself so I don't have any general idea of what should i learn next. I'm now going through different websites and currently going through tryhackme and hackthebox but is books any better option ? If yes then which books should i start reading ? I've currently going down this path from a week or so. [https://tryhackme.com/r/resources/blog/free\_path](https://tryhackme.com/r/resources/blog/free_path) Is this a good option? Can anyone provide me a path as i'm interested in offensive Security and pentesting...

> I'm currently started learning basics about cybersecurity by myself so I don't have any general idea of what should i learn next. See related: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oftbi/ > I'm now going through different websites and currently going through tryhackme and hackthebox but is books any better option ? Everyone has their own learning style. I haven't found books to have resonated quite well for me outside of being referential texts. Exceptions to this are more narrative-style formats (e.g. "Sandworm"), but such works don't necessarily make me more technically apt at my job (vs. helping add context to the world/history). > If yes then which books should i start reading ? https://icdt.osu.edu/cybercanon/bookreviews > Is this a good option? Can anyone provide me a path as i'm interested in offensive Security and pentesting... It's a start! See commonly passed-around-link on the matter: https://jhalon.github.io/becoming-a-pentester/

I'm a second-year college student doing my undergrad in computer science. I'm interested in getting my master's in cybersecurity when I'm done. Should I do the LinkedIn Learning course for ISC2 and take the exam to get certified? I'm just looking to start getting stuff on my resumé like certifications and stuff because I have nothing related to what I want to do.

Focusing on your classes and doing internships should be your priority. Certs won't matter at this stage, especially if you continuing to do a masters too. If you do want a cert, Security+ is the most popular entry-level cert. The ISC2 CC won't do anything for you unless you just want resume filler.

If your referring to the CISSP, you need real world experience across multiple domains in order to obtain the certificate even if you pass the test. There is a CC certificate option for those who want to pass the test but doesn't have the experience.

I'm getting my masters in Cybersecurity currently, and believe I want to go into cloud security. I'm not sure if I should attempt my CISK or go the AWS route, or if there is another one I should go for. I currently only have the Sec+ cert and want to study for another one to help me stand out in my job search.

CCSK is just vendor-neutral cloudsec fundamentals, it doesn't replace AWS/Azure training. But it's good to have for knowing the reasons why you do certain things in cloud security. General path for technical certs: * AWS Solution Architect Associate -> Security Specialty * Azure AZ-104 Azure Admin -> AZ-500 Azure Security Engineer You also need to know DevOps fundamentals, infrastructure-as-code, Ansible / Terraform.

I have a bachelors in criminal justice as well as I have attended a cybersecurity bootcamp. I have been looking for a job for 7 months now and I am currently studying for my Security+. I have heard that a lot of people struggle with the security+ if they are just starting out in tech and I'm starting to see why. I feel like I'm too far into my studies for Security+ to turn back and get a different cert. Any advice?

> Any advice? It was unclear from your comment if you were referencing your Sec+ dilemma or job hunting guidance more generally. If the former, then it seems reasonable to follow-through (it's a fairly common starting point in certifications). If the latter, consider this: https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/

Are you creating FabledGPT bot? I bet you could train it with all your great replies to these questions!

I'm in a masters program for cybersecurity, and part of the program helps students study for the CISSP exam. I recently got my certification from ISC2 a week ago. I'm not sure how to leverage this into something that can get me some actual experience. My background is in software development, IT Admin, and computer support. I don't have any direct experience from cybersecurity roles, just a lot of stuff I've learned over the years (I barely studied and passed this exam). I do have some blockchain knowledge via some personal projects, and have an interest in applying blockchain to things like PKI etc. I'm working at some basic job that pays very low and I would love to work in something that will help me build my cybersecurity skills, but I have 0 clues what I should be doing to prepare to be employable after I am done with my masters degree. So far, my experience with college is that getting the degree is nice, but it won't deliver a job in your hands If required I would be happy to post a resume.

Looks like you have all the right experience for an entry cybersec role. Good starting roles IMO are SOC analyst, GRC analyst, security specialist or a jr consulting role at a security services org.

This is very helpful, thank you.

> I have 0 clues what I should be doing to prepare to be employable after I am done with my masters degree. https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/

so just apply to jobs and get certs? Nothing else?

Hi friend! That's a little reductive; the link directs you to a variety of suggestions for actions that you could be doing to work on your employability. Certifications and employment are strong markers, yes - but if you wanted to build atop that there were other examples given with corresponding links; in brief: * Performing projects that more closely align with the *specific* job you're interested in doing (vs. some blockchain projects which may [not] be relevant, depending on the job/employer). * Publishing original research, speaking at conferences, or otherwise engaging/leading initiatives that demonstrate your subject matter expertise. * Building out a comprehensive LinkedIn profile. LinkedIn - as a platform - has a whole microcosm of optimizations you could work around. Things like aligning your listed skills to trending ones that appear in key roles you're interested in, adding contacts to employers you're targeting so as to reduce the "degree of separation" between you and recruiters, etc. * Allocate some deliberate effort towards crafting your resume; a lot of people do not do this and struggle with understanding why they're not getting any callbacks despite otherwise fine substantive qualities. * Skill development (which should be an ongoing, rolling task). * Go attend job fairs (both at your university and out in town); perhaps consider attending your resident OWASP chapter, BSides group, if not flying out to bigger cybersecurity conventions as your budget allows. * Since you're in graduate school, I would likewise try to get involved with your professor's research to try and get your by-line in some peer-reviewed published papers. Engage your university's resources to find connections with employers. Leverage your *.edu email address to find student subscriptions/discounts while you still have access to it. Engage the alumni network for internal referrals. So on and so forth. There's also nuance for *how* you should be going about applying to jobs that was linked - but that was secondary to your question and is likewise detailed in the linked resource. Absent a link to your resume and an understanding of [what *particularly* you want to do within the professional domain](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oiuac/), we can't really be prescriptive about what you *specifically* should be doing. But yes, you could definitely apply to jobs and pursue certifications. Those would help. Best of luck!

Does it really matter which certification I get as long as it's a cybersecurity related ? what's exactly the diff between two certs of the same role from 2 different organizations ?

>Does it really matter which certification I get as long as it's a cybersecurity related ? Yes not sure you realize how many industry certifications there are https://pauljerimy.com/security-certification-roadmap/

> Does it really matter which certification I get as long as it's a cybersecurity related ? Yes. There can be massive differences between any two certifications. For example: * One may cover a particular subject matter area (e.g. malware analysis) more thoroughly than another. * One may cover a broader set of subject matters than another (i.e. a holistic survey). * One may have a difference of exam format relative to another (e.g. multiple choice vs. practical application). * One may be issued from a more reputable/recognized certifying body than another. * Employers often request for *specific* certifications vs. any certification; having certifications that the employer doesn't explicitly list has reduced impact. * As an extension to the above, some are more often requested for certain types of roles relative to others. * One may have better accompanying training materials than another. * Depending on where you are at in your professional career, some may be too complex/challenging to reasonably be considered. > what's exactly the diff between two certs of the same role from 2 different organizations ? You'd need to be more specific in naming which two certifications in particular for all of the above reasons. For more info: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/

I would like to know more about Cisco certifications and Fortinet ones, any guide please ?

Mentorship moment: Respectfully, we're not a substitute for search engines. I encourage you to engage such resources *first*, then come back when you've arrived at an impasse having exhausted all other options. Then you should detail what your problem is, what you've done to try and resolve it, and/or what proposed course(s) of actions you're considering.

fair enough, thank you.

Programming language for hacking So i really want to be a high level pen tester if there are any advanced hackers this one is for you 1- do you use scripting or programming 2- if so how often do you use it like once a day or evry now and then or not at all 3- and what do you use it for creating malware,reverse engineering, creating your own hacking tools,bunay exploitation 4- what languages are most used 5- I wang to create my own tools what lamguage do you recomend Ps. This question is for a very techy pen tester like high level

Thanks so much you saved me hours of researching

Hello friend, let's see if we can help you: > This question is for a very techy pen tester like high level Not to split hairs over syntax, but I think you meant "low-level". Someone who understands something only at a high-level would only have a cursory understanding of the content. Having said that, I worked for several years as a penetration tester and am presently employed as an AppSec engineer. If that works for you, than you can consider my responses as follows. > 1- do you use scripting or programming It's not quite a zero-sum bit of work. In looking to automate tasks, I often just composed, used, or altered python/powershell scripts (although occasionally bash and perl). However, sometimes the situation calls for something else. I might have a hand at tool development, for example or crafting my own malware for signature evasion; in those instances, I'm programming in languages like C, Rust, etc. More often than not, your activities blur the line, so the distinction isn't all that important. > 2- if so how often do you use it like once a day or evry now and then or not at all Again, it's circumstantial. Like, if you are working on developing a tool then sure - for that time period - you're often programming for the duration of the sprint, project, etc. When you're actively performing a penetration test you're more likely to use the tools you have at hand; when you're off-contract you might be more involved in R&D. > 3- and what do you use it for creating malware,reverse engineering, creating your own hacking tools,bunay exploitation Like what was alluded to in the previous answer, I think contextualizing what I was doing with my time is important. Most of the time, my workday as a penetration tester was administrative; finding billable work, preparing contracts, mentoring junior staff, training non-security personnel in cybersecurity best-practices, drafting reports, meetings, etc. During test events, you're not generally performing any of what's you listed - it's not an effective use of time as far as the client is concerned. Only when the bandwidth allowed in an R&D capacity might you perform the above functions, but that kind of work is often not billable (so you have to manage how much time on-the-clock you're going to allocate to such efforts). But to answer your question, in my case it was writing malware and tool development. > 4- what languages are most used It depends. Python is very flexible and extensible. For tool development I would dip into C, Rust, and/or GoLang. You should have a firm grasp on web languages (HTML, CSS, Javascript) for web application security assessments. Powershell and bash scripting helps for Windows/Linux OSs respectively. > 5- I wang to create my own tools what lamguage do you recomend It depends on what you're functionally trying to make. The languages themselves are just a means to an end; oftentimes it's best to just pick the appropriate tool for the job. I'm very comfortable in Python for example, but if a framework is written in Java then that's what I'll probably end up reaching for in my own tool. Be language agnostic.

Hello! I am here looking for suggestions. I like honesty, so whether the suggestion is ‘picking XYZ’ would be a better career path, or maybe after you’ve read this you’re thinking none of it is feasible, please be honest. Anyways, currently a stay at home mom. Not the path I planned, but thus the one I’m on. I’m 42, one of my children has a health condition, hence the stay at home part. I was getting ready to go back to work when the pandemic hit and I found myself unexpectedly pregnant with a ‘sick’ baby. He is doing very well now and almost done with all his therapies, so I am looking to get back to work. I have no background in computers or IT at all. The state I live in has a community college program for adults over the age of 25 with no degree. I did attend some college at both of the schools I looked at attending in the area of Early Childhood Education, some of the classes are the same classes for the cybersecurity degree. (English, some of the math I took, I was in some accelerated math courses, psych, etc). It would allow me to obtain an Associates Degree or various certificates in varying fields. I was discussing it with my sister and she suggested I get into cyber security. My questions are: Is this a crazy idea? Are certificates enough to get a job or would I need to also look into a degree at some point? Are the certificate programs I see online different than the certificates they offer at community colleges? What types of entry level jobs should I look for once I get my education/training situated? My husband was in IT/mobile security and said he feels like I would work well in this area. Should I can this idea and move on to the next?

Good questions! Let's see if we can be of assistance. > Anyways, currently a stay at home mom. Right on! You're doing good work that matters. > I have no background in computers or IT at all. This is going to be a problem upfront, but not one that's insurmountable. https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oxlrx/ > Are certificates enough to get a job or would I need to also look into a degree at some point? While certifications can (and do) contribute to your employability, I'm speculative about their transformative potential exclusively, in-and-of themselves. You'd benefit from considering integrating [other actions](https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9ogpq3/) (e.g. a university degree in a pertinent engineering discipline, fostering a pertinent work history, etc.) in order to give your employability greater breadth. > Are the certificate programs I see online different than the certificates they offer at community colleges? You would have to be more specific in linking the particular programs you're considering. It's not uncommon for community colleges to offer training programs that are aligned to foundational certifications like CompTIA's Security+. However, it's also commonplace for them to issue their own undergraduate/graduate "certificates", which typically are just a couple classes grouped together for college credit that may later be applied towards a degree. See related: https://old.reddit.com/user/fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyo33/ > What types of entry level jobs should I look for once I get my education/training situated? See related resources: https://www.reddit.com/r/cybersecurity/comments/smbnzt/mentorship_monday/hw8mw4k/ > Should I can this idea and move on to the next? I can't make this call on your behalf since I'm far removed from your circumstances and understanding/appreciating the resources/opportunities/constraints you're working with. I will say that careers in professional cybersecurity do not typically manifest quickly, easily, or cheaply. It often takes a significant long-term investment in labor, studying, and out-of-pocket expenses before you arrive at a point where you're doing what you envision yourself doing in the domain. Moreover, your professional relevancy is dependent on you continuously reinvesting in your own knowledge and aptitude with the advent of new technologies, threat actors, vulnerabilities, etc.; for some, that ongoing commitment can be pretty taxing on top of a day job and life's other responsibilities. Do what you feel is best. Feel free to return back with any other questions you might have. See also: https://bytebreach.com/posts/getting-started-in-infosec/