Any brehs in the cyber security field ? What are some good ways to get hands on experience ?

[SnowflakesByTheOZ]

Got my Sec + back in August and currently studying for the CySA 003. Had an interview like a month ago for a Security Analyst position that went ....(ehh, let's just say I'm not getting that job, was a good experience though and honestly wasn't expecting the call) okay. Anyway, it was highlighted in the meeting that even though I'm certified I have no real experience.

So I spun up a homelab and a couple vm's. Been playing around with attacking windows with kali linux and monitoring with Lima Charlie, Wazuh etc.

Are there any other areas that I should be getting more hands on with ?

Any cyber brehs on here have their own home lab and what projects can I try to gain more knowledge ?

 

[xXMASHERXx]

Before I can answer, I would need to know your background as far IT knowledge and what your interest is. Cybersecurity, just like IT has many paths in it so it's going to be hard to give you a concrete answer without more details from you. What are you trying to do in Cybersecurity? Why are you studying for the CySA? What was the feedback you got from the interview?

I'm a fan of actual projects over certs so I would recommend you signing up for a site like TryHackMe or HackTheBox and showing what you have done/learned from those sites. While I think homelabs are very valuable, I think you would benefit from using an external source and learning in their lab first. Hope that makes sense.

 

[BaggerofTea]

you are doing the right things. you are probably familiar with security onion. Its good to know how to set up open source tools and gives you a window into scaling out a security monitoring environment.

pfsense + splunk for snort events is good. will give you some hands on practicality with splunk scripting.


get into tryhackme/hackthebox will give you some taste of the offensive side.

if you want to develop your python, start with APIs.

Export image​

 

[New Jeruz Jewelz]

Not sure if anyone is actually experienced in Cyber but I was a ISO before becoming a CTO. IMHO cyber is a fugazi field because security has always been considered and any company targeted by an APT is hit. The biggest plus is simply understanding the actual IT environment that you’re trying to protect.

Just know I haven’t got a certification in years but finished training in 93, got my first true IT job in 01. You need real shop experience

 

[Brandsdale]

is this field of work promising?

Im looking into leaving marketing but unsure where to go

 

[xXMASHERXx]

is this field of work promising?

Im looking into leaving marketing but unsure where to go

Your question is why too broad. Any field could be promising depending on who you ask. Why are you looking to leave marketing and why do you think cybersecurity is the field to get into?

 

[Brandsdale]

Your question is why too broad. Any field could be promising depending on who you ask. Why are you looking to leave marketing and why do you think cybersecurity is the field to get into?

fair point

I'm thinking of leaving because im struggling to find a job tbh and felt that cybersecurity is more stable. Marketing can be very unstable at times and finding your foot in a solid place in Toronto can be a bit frustrating if you dont have a bit of nepotism (something i also struggle with)

 

[David_TheMan]

What do you want to do in cyber security.

I would say hack the ox and gaming are absolutely worthless outside of working in a SOC and even then it's benefit is limited.

If you are looking to be a pentester after a cysa try to work up through the oscp and osep PEN-200: Penetration Testing with Kali Linux | OffSec

These aren't perfect certs but they can give you a bet of certified hands on experience and carry some weight. Also start looking at SANS certification for pen testing.

Those will definitely open the door for you on the offensive side.

Defensive cyber is using the same tools but having a different mindset. Its more about baselining and trying to find anomalies and isolate so SANS has a great certification for that as well and just try to get entry level jobs in a SOC like crowd strike or somewhere local.

If you like policy after the cysa go after your cissp and try to go the grc/info assurance route. Put you have to put the work in to lean about the industry and where you want to go and what you enjoy.

 

[xXMASHERXx]

fair point

I'm thinking of leaving because im struggling to find a job tbh and felt that cybersecurity is more stable. Marketing can be very unstable at times and finding your foot in a solid place in Toronto can be a bit frustrating if you dont have a bit of nepotism (something i also struggle with)

Same can be said about cybersecurity. Also, unless you are willing to put in extra hours outside of work to build your skillset, you will find it very hard to be successful in this field. The first thing you should do is research the different roles and figure out what you would like to do. Here is a map of the cybersecurity domains to give you an idea of what roles and job duties there are Cybersecurity Domain Map ver 3.0. Hope this helps. If you have more questions feel free to ask. Their are lots of knowledgeable and helpful people here

 

[Brandsdale]

Same can be said about cybersecurity. Also, unless you are willing to put in extra hours outside of work to build your skillset, you will find it very hard to be successful in this field. The first thing you should do is research the different roles and figure out what you would like to do. Here is a map of the cybersecurity domains to give you an idea of what roles and job duties there are Cybersecurity Domain Map ver 3.0. Hope this helps. If you have more questions feel free to ask. Their are lots of knowledgeable and helpful people here

thanks breh

have you experienced any kind of job security in your career? I ask cause I have no clue about this field of work but wanted to make sure I'm not jumping into something that doesn't have much job security.

Will also look into the link sent over

 

[LV Koopa]

I don't know if this helps but was just looking at this woman's videos and listened to her webinar.





Her name is Symone Beez and she's been promoting the Gov Tech path. This isn't my area of expertise and I have no idea how legit she is but brothers in here can validate that for you. She does advocate for getting into layoff proof tech jobs from the Government within 90 days. Maybe it will help shape your path.

 

[papa pimp]

I don't know if this helps but was just looking at this woman's videos and listened to her webinar.





Her name is Symone Beez and she's been promoting the Gov Tech path. This isn't my area of expertise and I have no idea how legit she is but brothers in here can validate that for you. She does advocate for getting into layoff proof tech jobs from the Government within 90 days. Maybe it will help shape your path.

i hate these youtube channels.

they do more bragging about salary and self-promotion than actual useful information about the field and skillsets you'll need.

 

[LV Koopa]

i hate these youtube channels.

they do more bragging about salary and self-promotion than actual useful information about the field and skillsets you'll need.

I can definitely see where you're coming from with this. Felt like they were trying to sell me on the money more than the technical aspects at times.

 

[xXMASHERXx]

thanks breh

have you experienced any kind of job security in your career? I ask cause I have no clue about this field of work but wanted to make sure I'm not jumping into something that doesn't have much job security.

Will also look into the link sent over

Your question is hard to answer cause it's not so simple. Most companies don't understand the value that cybersecurity brings. I have this problem even at my company. Because of this, it's always going to depend on where you go and how the organization values security. That said, I've always been of the belief that if you are good at what you do and know your stuff, job security should never be a concern. I can say whenever the tech layoff happen, I never worry. I make sure my resume is updated and go about my day. I would say I worry more about burn out than job security. I hope that answers your question.

i hate these youtube channels.

they do more bragging about salary and self-promotion than actual useful information about the field and skillsets you'll need.

I don't even click on those types of videos anymore. Too me, they seem more about getting clicks and less about providing good information.

 

[Data-Hawk]

Your question is why too broad. Any field could be promising depending on who you ask. Why are you looking to leave marketing and why do you think cybersecurity is the field to get into?

I'm blaming this on Social Media. All you see is earn 6 figures right away by getting into Cybersecurity, then in the comments you'll see , "I'm a nurse, how do i get into cyber security?"