Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
Hello, I currently work on the help desk with a year of experience. I also have Security+, Network+, and a bachelors in finance. I am trying to get my foot in the door with Cyber Security and I’m willing to move just about anywhere. Currently working through shellsharks’s 10 step playbook but I also saw his Vulnerability Management Bootcamp. Are VM roles a good area for me to target? I think it’s interesting and doable, but I’m contemplating whether I should first secure a more advanced IT position as a stepping stone. Thanks!
I think VM is a great starter-infosec career. But when it comes to “breaking in”, I have found that you need to cast your net as wide as possible and apply to as many jobs as possible. Once you land that first infosec job, no matter what discipline it is, it makes it easier to pivot to something else shortly after. As for “securing a more advanced IT position” what did you have in mind?
Thanks for the reply. I was thinking Jr sys admin or something more networking focused but would prefer to just go straight to something in security. With a wide net how do I know what skills to prioritize?
Prioritize the basics + some coding skills imo. For entry roles you just need to have the basics, be VERY interested in the role and be as genuine as possible.
Planning to move to Cybersecurity from a junior System Admin role. I have only been in the role for 6 months or so, planning to stick around for another 6-9 months before I switch so I can actually put something on my resume.
I am interested to switch to Cloud/Network security because I like working with the concepts/tech in this field (it’s fun enough for me to be learning about such material at home) and because I hear the pay is better than normal System Admin/Cloud engineering positions. I am planning to sit for the AWS Security Specialist exam by the EoY (already have the AWS-SAA. but want to go for the Security Specialist exam first because SAP is really hard and I have to study a lot more - which is great in the long run, but I digress).
Am I on the right path? Anything eye-catching that I can put on my resume, which I can do on the side? I already have a couple of projects on AWS, a project utilising Traditional Networking and another using SDN concepts (from my university days), and countless tit-bits I gather from browsing r/selfhosted (why is the sub so active still?) and the self-hosting and automation communities here (provides great exposure and fun topics to talk about in an interview, depending on the person).
At this point I feel that the only thing to do is to wait for a few months (I’m a bit impatient because there is currently no direction to my work, which makes learning more difficult. If only I knew how to navigate my situation better, I would have been able to actually utilise my freedom more) before I try for something. I’m hoping the market comes back up by then because I had the absolute worst time in trying to find this job (was almost on the streets with nowhere to go).
Thanks for everyone who read this monologue. Your advice is much appreciated!
If you’re serious about security, look into generative AI security. It’s a whole new field that is emerging. It could be a good place to get into before it gets saturated. I would also suggest tinkering with systems. Check out kubernetes and figure out how to run some services securely like a personal lemmy instance for example. Ansible is another good tech to learn, for automating your systems (updates, security hardening, etc.). Have fun and good luck!
Thanks for your comment. I have Shell, PowerShell, Ansible and Power Automate experience on my resume (weird spot where I was handling a few *nix machines but then they needed someone to help them with SharePoint and now I’m doing both with some Windows Scripting on the side).
A notable omission from my resume is Terraform. I had wanted to learn Terraform and Microsoft AD on the job (Terraform for the *nix side where I’m using Ansible and because I was told I was going to do Windows Admin work too, I was hoping to learn how Windows AD works in the enterprise, but as we know that didn’t work out). I suppose I could learn Terraform at home with a couple of example deployments but how do I put that in my resume?
I also do not see much in the way of security coming my way in this job. Sure I could probably ask them to give me some access to the network to have fun with ACLs and something else but not much more than that, I think. I’m wondering if hobby projects are even worth putting up as “skills”, because sure I can learn them but how do I communicate them to the interviewer through my resume?
Thanks, I’m very new to this field and am struggling on the trivial aspects too. I hope these pains will go away with time.
Cheers
I’m by no means an expert in interviewing but in my experience nobody actually reads the resume they just skim through it checking for keywords. I would think a section for personal growth and development would be relevant on a resume
Thank you. I will try that if I have the space for it
Look at job reqs for roles you plan to target. What are your skill/xp gaps? It’s great you are getting this practical experience in the cloud. Do you have XP with the tools they mention? Do you have security-specific experience? Try some CTFs or other cloud-related security trainings as well.
Thanks for your comment. A lot of what I want to say overlaps with the other comment I posted, so I’ll just paste it here:
Thanks for your comment. I have Shell, PowerShell, Ansible and Power Automate experience on my resume (weird spot where I was handling a few *nix machines but then they needed someone to help them with SharePoint and now I’m doing both with some Windows Scripting on the side).
A notable omission from my resume is Terraform. I had wanted to learn Terraform and Microsoft AD on the job (Terraform for the *nix side where I’m using Ansible and because I was told I was going to do Windows Admin work too, I was hoping to learn how Windows AD works in the enterprise, but as we know that didn’t work out). I suppose I could learn Terraform at home with a couple of example deployments but how do I put that in my resume?
I also do not see much in the way of security coming my way in this job. Sure I could probably ask them to give me some access to the network to have fun with ACLs and something else but not much more than that, I think. I’m wondering if hobby projects are even worth putting up as “skills”, because sure I can learn them but how do I communicate them to the interviewer through my resume?
I will sit for the AWS Security Specialist exam by the end of the year. I also plan to sit for the AWS Networking Specialisation exam next year, before I go job-hunting again. I’m just wondering that even if I learn new skills from personal projects, how do I write it in my resume and not make it look like school projects alongside work experience?
Thank you also for the tip on what different roles want. I haven’t been looking as seriously as I should; I’ll start now. I must add that I can script in Python, which a lot of security roles seem to like.
Cheers, and thanks again for the tips!
Hello all,
Has anyone taken the CCT (Certified Cyber security Technician) course that’s offered through EC-Council?
I’m coming from a field that has nothing to do with tech (Bachelor’s in Supply chain) so I’ve been learning a lot and just trying to take everything in.
Would anyone happen to have any study material that I could use that would help me pass the exam?
Not heard of it. EC-Council in general doesn’t have the most stellar reputation, even for their more prominent certs though.