I’ve got Sec+ and PenTest+ and with two years of experience. What should I go for next to land a job?
It's All Fucked Shirt $22.14 |
DMT Has Friends For Me Shirt $21.68 |
It's All Fucked Shirt $22.14 |
I’ve got Sec+ and PenTest+ and with two years of experience. What should I go for next to land a job?
It's All Fucked Shirt $22.14 |
DMT Has Friends For Me Shirt $21.68 |
It's All Fucked Shirt $22.14 |
unless they’re required for the job by policy or regulation, yes they’re worthless. no one’s impressed you passed a multiple choice vocabulary test
security babyduck destroyed. FPBP.
I'll be over here enjoying the sun and having a real.job (trade jobs).
>unless they’re required for the job by policy or regulation, yes they’re worthless
Many jobs do require them, so, as much as I despise certs as a concept, they do have value.
>no one’s impressed you passed a multiple choice vocabulary test
You'd be surprised.
> failed a multiple choice vocabulary test
>no one’s impressed you passed a multiple choice vocabulary test
You mean K-12+4 years of school? Yes.
Mostly useless except for some of the more top-tier serious ones that actually require a deep level of understanding and knowledge. They don't impress interviewers but they might bring a tiny bit of comfort in thinking "well I know he's not entirely lying about his experience because at the very least he can pass a cert test."
What's a good offensive security certification? CEH, OSCP, .. ? Looking to move into the security space but I don't want to be doing security janitor work picking up EDR alerts or something like that. I already got hands on knowledge with offensive security, malware devel, and a bit of reverse engineering
Sorry, I don't actually know for security. I know (somewhat) for DBA and AWS and I assume it's the same for security, but I don't which cert is a serious cert in security.
OSCP is the standard but expensive. If you can't afford it, look at the PNTP or hack the box's CPTS. The CPTS looks harder than the OSCP in my opinion so you will impress people with it who know about it.
Sadly most people just need to land a job, your return on investment is so much worse red team.
1k hours red team = 100hours on blue team
Lowkey its all a fricking scam, dont fall for this shit live your fricking life laugh and have fun.
even if you have every single fricking cert under the sun they will tell you that you dont have years of xp on the job its all a big fricking scam do not fall for it!
literally this, if you're going for a corporate job, HR will think they're great, and it might land you the interview; the people who actually work in the industry will just laugh.
They're cheap, easy, and meet many job requirements (at least with governments). No reason to not take them, but they aren't worth studying specifically for.
None of the COMPTIA certs are top-tier serious.
Not "almost all" but literally all of them are multiple choice garbage.
>has never heard of the kubernetes certs
Maybe I'm ignorant, but what do they have to do with CompTIA?
>I’ve got Sec+ and PenTest+ and with two years of experience. What should I go for next to land a job?
Tech support, maybe you can land a job helping the newly hired pentesters get mailed their gear or whatever.
Try offsec if you want some value from a cert in the rt industry, because CompTIA is literal garbage
Ironically they're more valued than undergrad degrees. Certs are a scam hustle shilled by corpos but they actually get you jobs. Degrees are literally worthless unless you're looking for internships.
yeah, they're mostly a meme (I have A+, N+, S+). A+ is good if you can't find anyone to take you on at helpdesk level.
I only have them because my boss at the time wanted us all to get them (think it was to justify a raise to retain us).
go for the cert that matches what you want to do. CCNA for networking, OSCP/CEH for security (security is really fricking boring though, fair warning).
personally I'm looking at CCNA and then probably azure stuff after that.
In what way do you find security to be boring? Personally, off sec feels like I'm doing crack, I've never worked in that role, only done that as a hobby, but it feels extremely rewarding to be able to take advantage of someone's frick up or think outside the box. Defensive stuff or management, yeah, that stuff bores me to death.
I'm sure that would be fun yeah, but all I've ever seen the cyber guys do (I work at a small MSP) is CE and CE+.
I had to answer one question for a customer about compliance and was already certain I was never going near it.
guess what? 99% of security jobs are defensive.
Offensive you've gotta be really knowledge and know people. It's just a really small field compared to defensive, let alone general IT.
Security jobs are all built around cyoa legal compliance. You will audit compliance. You will write compliance docs. You will audit their preexisting precises and documents.
You will not be Mr John T. Hackerman.
I don't wanna be hackerman. I do, however, want to throatfrick Sharron from HR even though she keeps clicking phishing email links
This is the truth right here. Most organizations have enough employees to staff blue team operations but will contract out penetration tests / segmentation controls. Bigger organizations will usually have employees handling offsec responsibilities. Audit and compliance is not exactly the head turner compared to “I work in cybersecurity chasing bad guys through our network” but it is needed work regardless.
It may not be exactly IQfy related work, but I'd do it.
It’s not bad at all and I consider it adjacent to cybersecurity. If new requirements from an agency that your business adheres to comes out there is much work done to assess the current configuration of your devices against this new standard. This is when domain knowledge with other teams such as product, development, and infrastructure come into play. I may not know 100% on how a certain team operates but knowing their technologies and processes enough allows compliance to come in and make just recommendations. This is withstanding the five to six meetings to establish progress on this.
>"compliance"
>company implements BYOD policy
Heh, nothing personal kid.
What type of BYOD are we talking 😉 . In all serious though compensating controls on mobile devices cuts out most of the options for exfiltration for normal users but anyone with physical access to a device can still use other methods the set control items on BYOD cannot account for. You should not allow employers to implement BYOD on a device you own regardless. I would make them pay for a separate phone or let me expense a burner phone plan. Cheers
I mean for microsoft you can just use MAM intune for app control for a work profile only.
We've installed our MDM on c levels iPhones while they were in meetings before kek
>c suite frickery
Holy frick I can only imagine the results
>BYOD policy
This is the worst fricking choice a company can make
>he wants to do off sec
There's literally nothing stopping you from trying to hack into anything
The best off sec people were black hats
This is encouraging since I have the CCNA already and I'm working towards the OSCP now. I work as a dev in a small company but I want to pivot into security.
>OSCP/CEH for security
Wrong. Those are for ethical hacking / pentesting =/= security.
I do hiring in tech, a decent amount.
I look at certs, but anything CompTIA only counts for shit to prove to me that you care and that you are basically ready for entry level. I expect nothing from the holders other than someone who has a real and fundamental interest in tech. It will set you aside from those that have none.
That being said, I care a lot more about the fact that you have a passion for tech in general, have something like a home lab, and can talk to me passionately about some project you have worked on like a home server, roll your own NAS, or shit even messing with emulators or video streaming. It shows that there is a reason you are pursuing the job not just because your college counselor told you that you can make decent money (which is mostly a lie).
What are some tricks to add to my resume to get noticed and get an interview? I literally just need a remote or part time job right now.
Find a resume building site and let them work with you on it. A lot of them basically use AI to find the best keywords that AI resume scraping bots look for. The world we live in now is AI building resumes for AI to read. You can worry about explaining your story to the recruiter once you actually get in.
so if I didnt go to college and all I have to show is a (somewhat impressive) github then Im fricked?
Ive never worked, been a NEET for years after I dropped out of college because I realised my family is too poor to be cosigning my loans
I feel like my only way to get my foot in the door is to email higher ups/founders at small companies directly
is this a viable strategy versus applying through regular channels (and inevitably getting filtered by an algorithm)?
>github then Im fricked?
For programming? Nah. When I first got out of college, I had an associates in programming, and nobody wanted to take me because I didn't have like 50 projects that I had worked on. Jobs want proof of experience of the skill. Colleges and Job Experience are a way to showcase that, but lots of interviews will ask what you've done on your personal time. There's also a resume style that you can use that helps out with that, where you list your experience more than your job history.
You're me. Life will keep people like us poorgays forever.
Heres a trick stop fricking caring
make sure one of your jobs are four years at least
you should be able to get an interview a week
Look up adding white 0.5pt text with all the relevant keywords from the job posting to any resume you're sending in.
Work at Walmart or rob liquor stores
Biden's fricking economy man
the creatures depicted in this image seemingly exist en masse and are malignant tumors. their lack of ambition makes me sick and it does impact the team. Sadly, there are far more savvy morons looking to avoid college than there are technology-oriented good boys who just can't afford college and just need a foot in the door to grow well beyond hell desk. Sad. Luckily, I am the latter and its working out for now.
>who just can't afford college and just need a foot in the door
literally me
if I dont find a job by the end of the year im going to an hero
just join the military dude
if you're smart enough for IT you'll ace the ASVAB and be eligible for whatever job you want.
Pls puff up your resume anon, I'm the $70K helpdesk bastard, it will only benefit you, and will never be held against you. I simply put "An understanding of CompTiaA+" and you should put "An understanding of" Whatever it is on the resume you are replying you too. make sure you have a generic and general enough understanding that is more than enough to get in. Youtube will bridge the gap. I know it's harder than when I tried in 2022 thanks to GayAI spam submissions, but it's the way to go. Best of luck. I wish I could hire you to replace me and filter you if needed. Email me at [email protected] if you are in San Diego, CA, and are interested in a provisioning role.
You're making a big mistake
my proton mail is like never checked I don't care if it was spammed, worth one anon maybe getting a job ever.
>$70k
in what world is that impressive
That would more than twice pay my current expenses
I suppose it's not impressive in a general sense but it would give me a lot more room to maneuver
In a world where you don't live in a fricking metropolitan blue-state city, you dumbass. You realize that you can buy a whole ass expensive car for half that salary, right? I live in a major city making $50k, and I am considered wealthy among my peers and am prime to start buying a house around where I am. All because we aren't paying $3,000 a month for a one studio no bathroom apartment.
Frick California.
Frick New York.
Are you seriously bragging about this shit? An expensive car is your idea of lavish spending? Are you 15?
No you fricking moron, I don't live in a blue state, but I am not a braindead moron who can't pass a calculus class either.
have a nice day you underage homosexual
thanks anon, I appreciate the advice and offer
Im on the east coast and Im looking for an internship in a different field
I was able to get one interview for my dream internship (lol) based on my github and "an understanding of...proficiency in..." but I was really nervous and autistic for my first interview ever so I didnt do too well and didnt hear back
still, I think Ill get something eventually, its just hard not to be blackpilled sometimes
I got blackedpilled already, its fricked dude i have every fricking cert you can think of getting my CISSP soon.
I had an interview and they said because i dont have 5 years of experience in a similar role i cant have the job.
It like how the frick are you suppose to have the experience if no one will give up the job.
Its always something before it was the certs, they would be like just study more.
now that no one can say that they are just like yea but you have never done this in a job setting its fricked
Just be ready to move to any city in the entire country. Not even joking. Do that and you'll get a job in less than a month.
This is reality, if you are under 30 your are fricked unless you are some boy genius. I have every cert under the fricking sun.
Got an interview for the role i wanted and they told me because i didnt have 5 years of experience i could not have the job.
I told my recruiter so i could have every single cert out there and it doesnt matter.
He said yea sorry about that.
No fricking degree or cert under the sun will help you its fricking sad i spent 4 years of non stop study to find this out all i can do is tell others that the Cyber sec and IT jobs are not in demand like they say they are its all BS.
Reddit spacing opinion discarded
>Reddit spacing opinion
Help me understand what you mean?
he’s a homosexual zoomer and paragraphs/line breaks trigger tf out of zoomers
>Cyber sec and IT jobs are not in demand like they say they are its all BS.
By the time you start hearing that "x job is in demand", the market is already halfway through churning out the next set of abundance in that job. If you're hearing about it, it's already too late.
They are still preaching about it though like there are x amount of jobs out there, but in order to fill those jobs you cannot be entry level or not held a previous position but they dont tell you that.
The jobs are out there, it's just all the entry level shit got shipped off to India.
Like I told another anon ITT; the military is the best, and now probably the only, way of getting into the good IT jobs.
I fell like i just owe it to others to let them know what its really about, the only people that i hear getting better jobs then the DoD job where we are all funneled are jobs that are out in the middle of fricking no where or jobs that pay better because of the cost of living.
>have a passion for tech
Lol my sides. Competitive salary, opportunity to grow, voted best work place. This is my list of red flags on a job description.
CompTIA sucks lol only ppl who gaf are help desk and dod
go for microsoft, amazon, cisco, etc etc. certs that actually matter
Literal moron
Cope
Correct
Lie on it. Or rather stretch truths. I got a senior cybersecurity analyst position right at the start because I worked for a small company full of morons that were IT illiterate, so I became the IT guy. Called my position Head of IT on my resume. Job titles are fake and gay, nobody is gonna call your previous employer and debate it.
Same with your skills. Did you once help a moron enable MFA after his email was hacked? Endpoint security specialist.
CompTIA bought Microsoft's certs, a CompTIA certification is equivalent to a Microsoft one.
At least half of IQfy would fail the A+.
This is not the place to ask about certs.
isnt the A+ mostly all mobile BS now
This 100%. Go talk to people in the real world, they'll tell you a much different story than IQfy. Pic rel is the kind of people you're dealing with here.
No lol.
This has to be from the year 2005 Nobody that looks like that would even be working a helpdesk today. In 2024 you need to have a masters degree, 10 years of experience, be bilingual, have an 800 credit score, have no employmentgaps, and be a 10/10 Chad or you can't get hired to run the register at McDonalds.
And don't forget the polygraph test, DNA test, and hair drug screening
The powershell thing as been a thing for me.
>get consultant job on cause my powershell work
>New job wants to automate
>Rest of team is utterly useless it afraid at even the most simple scripts, fights the progress the entire time
>If a script can set up the new accounts, what do we do? - them
>Set up automation, watch them start layoffs
>train their Actually Indian replacements a few months later
>get the next contract and do it again at the next place
Sometimes I feel bad, but then I remember the HellDesk lifers can literally be waterboarded and refuse to drink.
when i was helpdesk i would automate 80% of my daily tasks (setups, patching, terminations, etc) but i wouldn't tell anyone. i stayed home everyday and just triggered scripts and closed out tickets that would bill for ~2hrs+ while watching anime
I miss when the internet was actually tech savvy
A+ is an enormous waste of money and isn't impressive at all. If you narrow your scope and work on the CCNA alone that'll get you decently far.
waste of money? You read a book, memorize it and pass the test
yeah, I make $70K without em, yes I'm in help desk, and I do provisioning, so technically below T1, but I successfully complete t2 support tickets when I am free. On my way to $110K, still withoutout certs. Absolutely useless. Just get guud at writing resumes, selling yourself for the role at hand, and suggesting strong knowledge of items you don't wish to study or buy. You can learn what you need if you are competent enough.
>I make $70K without em, yes I'm in help desk
for who? The CIA?
Boutique MSP in SoCal USA, also transitioned into the provisioning role from T1 (My manager justifies my wage because I got hired in a hot market) and kept that wage, The prov guy I replaced was at 39K or 40K? I think. He came from Marines and needed a job to transition out in time or something so they gouged him. he was an utter moron. I am worth a good bit more, and far more dynamic.
I cleared 65 on help desk last year with zero certs and an associates so it's definitely possible.
what I haven't told you is I've been in this position for like 10 years
bosses who care about them are morons you don't want to work for
theres literally no reason to not have them
>theres literally no reason to not have them
meh
>literally
ok zoomer
>theres literally no reason to not have them
>dad, what is a resume?
no fricking wonder why you can't get a job
depends on how much weight said boss gives them. too much weight? moronic. too little? moronic.
I can go to any search engine and search for sec+ required jobs and find plenty of non-dod/defense contracting agencies looking for this certification. admittedly, many want/prefer casp+ (also comptia), cism, or the cissp, but my point is that certs aren't worthless, nor exclusively dod.
>I’ve got Sec+
Excellent.
>and PenTest+
Meh
>with two years of experience.
Leverage this. The sec+ will get you past HR, but the experience and applied knowledge will get you through the hiring manager.
>What should I go for next to land a job?
You must determine where your skills are applicable based on job descriptions. Maybe another anon can give more specific answers, but choose carefully regardless.
what do IQfy anons think of the CISSP?
We already have multiple times. Certs are useless and prove absolutely nothing
This reply is worthless because you don't explain why specifically the CISSP is worthless.
>Studying for A+
>Have to use CertMaster because school
>The practice PBQ does not consider security lighting to be a deterrent
>But a duress alarm is a deterrent lmao
So am I just supposed to throw out all the knowledge I've gained over the years and do what CompTIA says? This is fricking stupid.
The CISSP is definitely the most lucrative multiple-choice exam in information security, and possibly of any field tbh. It is the most overhyped exam I have ever seen. I studied for it for four months, was so scared walking into the testing center I was sweating, and then 20 questions in I realized I overstudied. I'm not going to call it easy, because it wasn't (I mean it was for me because I way overstudied but I mean like in terms of content), but relative to the amount of respect people give it, that exam was a joke. It is regularly compared to a master's degree, but it's ONE multiple-choice exam lmao. Well the title also requires four or five years of experience, but the actual exam? Nah, it's not too bad.
>get CSSK v.4 (they're releasing v.5 in a few months)
>note the waiver for 5 years to 4 for the CISSP if you have the CSSK
The certification structure is a useful learning tool, but it is moreso both a scam and a joke.
Over-studying puts you ahead of 98% of the other test takers. Most are just forcing rote memorization without doing their own deep research. Going into a position with genuine knowledge helps a lot.
This isn't me praising the CISSP
Thank you for this. I feel much better about learning in depth in general because of this outlook.
But you can "over-study" after actually passing the exam. That's what I do anyway. Pass it with exam dumps in a couple of days then go about learning the material slowly.
>Pass it with exam dumps
I was never able to find them so I assume free exam dumps don't exist
prease gib certs
This is because most kids just brain dump on exam collection, i went through comptia and got almost every cert and i did it all legit i can honestly say no one at my job knows this shit more than me.
I work for the DOD still get shit pay.
desu, i'd think less of you if you had these.
every person i've interviewed with a pile of certs like this is almost always a useless pajeet or Black person.
you're not in charge of anything important.
seethe poo
I don't even work tech. I just like shitting on people who think cynicism and wisdom are synonymous with each other or believe that contrarianism is a personality trait.
>certs
You have to be white to post here
Is the CISSP a meme or is it really the ticket to $100K?
If I stick with comp tia my next cert is looking like the CySA+
Thoughts?
Everything is a meme anon
Getting any job is a crapshoot cause you're competing with way too many people
I'd actually think less of you if you had any of these. Certs are never good and only make you look bad
>t. Hiring manager
> hiring manager
no you moron
CISSP only has a high median salary on surveys because it requires 5 years in industry to not be an associate CISSP, so really you're asking "is 5+ years of experience in cybersecurity really the ticket to $100k?"
yes it is so go get yourself 5 years of experience
This place is fricked the job market is fricked the housing and how they play us is fricked.
The economy is fricked everything feels like a big fricking joke. I will make sure i have no childeren i would fricking hate for anyone too see this fricking mess that we are.
imagine busting your ass for years just to have some chick hired next to you who doesnt know shit and now you have to pick up her slack this whole place is a fricking circus
Hey calm down anon no need to get antisemitic. Just learn to be happy and be a good little worker for your bosses and the shareholders.
Absolutely fricking pointless unless the bob requires them, I had to get the N+ and S+ through work and they're the most redundant shit I've ever seen. The fact they include technology 30 years out of date is just plain stupid and you'll learn basically nothing from doing either, imo you'll take on more just doing the job and generally researching into the tech you want to work with. You can't beat getting hands-on with the hardware and just playing around.
Depends on where you have experience. After about 5 years, experience trumps certs. They're really only valuable for someone who is a recent graduate or has made a career change.
Now personally, I'm a senior dev lead at a company and interview a lot of people, and I automatically dismiss all certs that don't have a "practical". Any certification that is only multiple choice is easy as frick to pass by doing some brain dump or curated flash cards with anki, without really knowing frick all about the content. Almost all of Comptia certs fall into this category, so they have no value to me. However more tests are being clever and actually have environments and REPLs setup so people can actually be put on the spot and apply real problem solving instead of going off of memory.
I actually disagree. I think certs matter and most people on this board would fail the Comptia a+. I sit in on most interviews for our IT department. So for an entry level position. Even someone with college. I believe the interview is the most important part. Most people will lie their way to an interview, we will have mock troubleshooting scenarios that are pretty basic. Most people will fail them. People with Comptia A+, usually don't fail this.
The last guy we had had Zero college, barely 2 yrs experience and a his A+. Great tech, knew his shit. New guy we have now? 4 yr IT management degree. Doesn't know fricking shit, has confided in me that he has imposter syndrome. I swear these college kids don't have a passion for this shit like I do. They just went through the motions in college and now they are doing entry level IT. They don't script, they don't know powershell, they don't have a homelab or jellyfin/plex server at home, they don't use linux at home in any way. The use Macs at home.
I have A+
>They don't script, they don't know powershell.
I don't do this. (I get the fundamentals though)
>they don't have a homelab or jellyfin/plex server at home.
I'm considering this, but I don't do this now
>they don't use linux at home in any way.
I do this with fedora and with raspberry OS.
My biggest problem is use case. I do these things when I want to learn, but aside from this I don't have so many files that I need to configure storage above a 5tb drive. That might change when I dive into programming and need more space to manage files, but not at the moment.
Start downloading a bunch of movies and music and take back your life from monthly subscriptions.
>Start downloading a bunch of movies and music and take back your life from monthly subscriptions.
I don't watch movies or play vidya except RuneScape
pretty much, certs are the STANDARD (people seem to forget what that actually means). It's a red flag if people don't have any appropriate ones. If you know your shit you should be able to get a cert. Even if there's not any good ones for your specific field, just something that shows you're not moronic. I started getting a lot more interviews and for much better jobs when I got my CCNA. Even ones that had nothing to do with networking.
At the very least get the basic Azure/AWS admin cert. That'll show you at least have a decent grasp of a lot of different IT subjects, even if your specific role doesn't involve cloud.
Also an M$ certs, because everyone uses their shit to some degree.
I agree, don't have 20 certs and just brain dump it all, but getting the key ones for the job you want is extremely useful to get pass the HR screen.
Rate my certs:
-CISSP
-CISM
-Sec+
-Net+
-Cloud+
-A+
-CCSK v.4
Also bachelors in SE and separate bachelors in global business management. 5 years IT related field.
>Rate my certs:
>-CISSP
HR check and validation of 5 yoe
>-CISM
HR check and validation of 5 yoe, but with some nuggets that might be useful in GRC
>-Sec+
bare minimum to not have a resume thrown into a shredder
>-Net+
worthless
>-Cloud+
worthless
>-A+
worthless
>-CCSK v.4
you got this to get a raise or position change didn't you?
>you got this to get a raise or position change didn't you?
I wanted to see what the hype was about. It was interesting, but also kind of underwhelming.
>but also kind of underwhelming.
yeah because it's non-vendor specific
something like AZ-104 paired with an associate cert in something specific like AZ-500 would teach you and display far more understanding but that's a lot more time consuming to study for.
I do have some. I initially went for non-vendor specific cloud certifications to advertise "my ability to remain flexible for cloud migration operations from one CSP to another". Apparently some businesses owners have a hard-on about avoiding vendor lock-in, so that helped me a bit. I have a few MS certs and AWS certs to supplement this statement, but saying which ones I have fingerprints me a little too much so I'm not gonna share.
>Apparently some businesses owners have a hard-on about avoiding vendor lock-in
this is such an ignorant opinion for them to have
if you have the Azure Admin cert then there's no reason why you can't understand AWS.
Working with the risk-adverse behavior of some organizations makes for good leverage when trying to get hired, but I know better than to expect those places to last long.
I got my AZ104 and AZ305 but its not really helping me get interviews what do?
Work more
Idk anon it depends what you want to do, also you could use experience
Ooh, ooh, rate mine next
JNCIA-JunOS/SEC/DC/Design/Mist
JNCIS-ENT/SP/SEC
JNCIP-ENT
I wanted my email signature to look comical, thats why I got so many
>juniper
You're that juniper guy who keeps shitting up the tech worker thread, aren't you?
>What should I go for next to land a job?
Do the AWS ones and get a dev ops job.
Then transition into more security related work from there.
I got my az900, ms900, azure administrator assosiate and azure solution architect expert and can't even get a interview
Going for my MD102 and MS102 next to see if it helps...
Also how hard is the Network+ certification?
my networking sucks
Just get CCNA instead. It's the only cert that still will get you to the interview stage...
>so you can hold a conversation with the hiring manager
Bad advice. That assumes the recruiter or hr roastie will forward your resume to the hiring manager in the first place. The certs are there to get past the roastie filter. That's what people ITT dissing certs don't realize.
CISSP
>CISSP, CISSP, CISSP...
So is anyone gonna answer
or what?
From my experience (Junior Cyber Security Engineer), Home labs will speak volumes over certificates.
The only worth while thing you may learn from CompTIA certs is terminology. Your honestly better of just doing the course material briefly so you can hold a conversation with the hiring manager.
You are better off implementing open source versions of the technology mentioned and then talk about them as much as possible. This includes the ways you have implemented said tech, issues you ran into, what you would do different and lessons you have learnt etc.
(Look into wazuh, opensearch, praeco, velociraptor, grafana, greylog, proxmox, wireguard / openvpn, bind9 etc etc etc)
Employers fiend for c**ts who do shit like this in their spare time. (I'm friends with many hiring managers, SOC leads, CISOs etc and they have told me outright that they would pick someone who does labs over certs any day of the week when it comes to a junior position).
Im not saying that fricken doing certs is a waste of time, ive got a few and they count for some experience. But you should never rely on them. IF a manager sees you get erect over the tech, they will hire you. simple as.
"But how do I put that down on my resume? I dont see how home labs look better than having a phat OSCP written on my resume?"
Just fricken say that you were contracted by a small company, or your mates to implement xyz home lab.
Thats what lead me to getting my job. Maybe this will also work for you. different people, different opportunities....1000 ways to skin a cat.
I will take a homelaber who knows how to setup a firewall on his server and use a terminal only environment over a fricking college grad with zero experience.
This is good advice. CompTIA certs are basically flash card exams, they're useful for providing you with the grammar needed to carry a discussion about broad concepts (which IS useful for interviews), and it is true that for a subset of IT jobs certain certs may actually be required, but at the end of the day hiring managers want to see some kind of hands-on experience. Knock out a cert or two while doing side projects you can show evidence for (or do one, then the other), and you'll have a fighting chance. A single cert by itself isn't gonna do much for anyone besides L1 helpdesk
Good advice. It sounds like a combination of certs, home-lab experience, formal training (college), experience, and motivation are the recipe to success. Definitely won't lean entirely on certs though.
Bump
they were fine until indians found out about them
I did a few A+ sample tests and the shitty fricking Winblows questions got me (I have exclusively used linux for 7+ years).
For that shit alone it deserves to be skipped. Its already not that attractive of a cert to have and it ultimately boils down to memorizing bullshit that's not going to improve your problem solving skills much, if at all. The CCNA/Security+ certs are infinitely more attractive and imply A+ tier knowledge. Just get them instead.
While true, if you ever have a position where you need to be able to help someone using a windows OS (i.e. helping establish application/network/security configurations) then it's useful information. I'm not defending windows as an Operating system, but my point is that it's the dominant OS in the business world and that means knowing how to fix the system when Julie from payroll clicks that phishing link for a free hair salon coupon is part of the skill-set you need to hold down the job.
This is IQfy.
The average poster here believes ricing Arch with an anime wallpaper is a useful career skill
additionally the server and desktop are the same fricking thing with a few features the desktop version doesn't have and everyone has at least one Windows server for Active Directory.
DoD IT jobs only require Sec+.
Yes and no. The higher cyber security management jobs typically require CISM/CISSP according to the 8570 baseline certifications.
Even if these certs are worthless, why not have them so you stand out for the most part? At least just take the test with ChatGPT or something and work on home labs or other shit on the side?
I've been studying for the A+ certification and it's been more than 8 months...
What the hell is wrong with me...
How do I know I'm ready for the exams?
I've been studying core 1 this whole time.
Just take the first damn test already. Frick test anxiety. Go in there and complete it if it's your goal, anon.
Take a practice test. But I say just take the plunge, anon. Come play in the mud with us.
What study materials have you been using. I ask because 90% of the mainstream books come with optional online practice test material
Quizlet flash cards + messer notes
Assuming that you're a g/tard, and not some tourist, you can easily pass A with just your baseline knowledge.
The test is not worth any effort whatsoever unless 400 dollars is a massive amount of money to you
I used to be like you. Go buy one of those practice test packs on udemy and if you can score 80s or higher you're good to go.
I've been diving into this recently as a pure IQfyirgin with no real tech experience beyond building a PC and troubleshooting vidya but if you just hardcore grind practice tests you could probably pass in a few weeks. I'm not a IQfyentooman so I spent alot of time trying to really learn it instead of just to pass a test
>What should I go for next to land a job?
just git gut at computers and become an independent consultant, you don't want to subject yourself to being employed in this industry
Damn so what do I do as someone who has no tech experience and no degree? I've only worked in sales. I thought getting Sec+/CCNA/AWS and maybe a higher cyber security cert would help me get some sort of tech sales/consultant job. I also have been making LLM/SD merges, finetunes, and have a few software projects.
Are the certs useless? I really want to consult and sell software and what not businesses. Or some sort of job that mixes a bit of the technical side with some of the customer side. I like helping my frens when they ask me stuff, so that's why.
Brother go look at job ads for those positions and view people on linkedin who hold those positions to see what they have.
>SEC+
Will do nothing for you
>CCNA
You are trying to work in sales and not be a network engineer. Are you this moronic irl?
>AWS/other cloud vendors
If you are selling cloud stuff, I think you only need the most basic certs they offer since it goes over all of the services they use.
I just want to prove I know the technical side without the degree. Nothing wrong with getting a network cert (if certs mean things) if you're selling networking solutions.
Though, it almost feels similar to mechanics waving around their ASE's. The best ones usually don't care to get them, but also the dumbest ones can't get them.
The real redpill is there's no good jobs in america.
It all averages out to the same shit pay.
Those fang hires all live in goyslop cities so they make 80k starting but have 30-40k in living expenses.
and that's even if you get a job if you're one of the few "lucky" ones.
Mcdonalds pays $18/hr now in my town yet boomers still want to pay construction crews and heavy machine operators $21-24/hr with class B CDL licenses to do much harder work despite being much more qualified to flip burgers.
The only people that are profiting are tradies like septic tank cleaner, electricians or plumbers who are charging boomers high pay rates to do work on their goyslop mcmansion and boomers gladly pay it because they get $3000/month in social security so they can afford $800 to go to the plumbers or cleaners so they can live in their shitty carboard matchstick house while their grandchildren are homeless.
The value of labor has been destroyed, the dollar is worthless, the dollar is going to hyperinflate as the debt tripled in a fricking decade. 11 trillion to 36 trillion in 10 years.
Take the car camping pill and camp out at national park. It's free and you get to watch the stars. Work doordash when you go into town and make $200 for the month in 2 days. Pay your insurance off for the year. It's free to stay at national parks for an unlimited amount of time.
Keep water in gallon glass jugs
Keep boxed and tinned food, cook on butane.
>80k starting
i made 1.5x that straight out of undergrad with a fully remote job that lets me live in bumfrick nowhere, texas
shit's comfy my guy, i don't envy san fran/seattle/nyc gays whatsoever
>captcha: HTX24
lol
>i made 1.5x that straight out of undergrad
when was that?
i got the offer three months ago, finals are two weeks from now
i can live anywhere i want really, it's just that i grew up in texas and love the state so i might as well go back
Enjoy being replaced by a pajeet/AI and working for 2 years I guess.
Tech workers get layed off that's just how it is.
And where to poop?
dig hole, shit, cover it up.
You also modify your diet to defecate less and harder.
After a few days of hiking you could mistake one of my turds for just another acorn.
Based and nomad pilled. You do have cash set aside in the event your car gets fricky with you, right?
>plumbers and sparkies are making bank
No. No they’re not. I wasted 6 years of my 20s working in the trades and it was all so some boomer frick could make a couple extra grand and buy himself a new Dodge RAM. It’s shit pay, shit working conditions, shit colleagues, and you’ll end up spending any extra cash you have on alcohol and/or drugs just to cope with how fricking abysmal the work is.
You only make money in the trades by starting your own business, and that’s assuming you can even get an apprenticeship to begin with. And then you have to deal with frickwit boomer tradies who can’t be arsed to teach you how to do your job but will complain and gaslight you non-stop because you don’t know how to do your job. You can look forward to at least 3-4 years of that fricking bullshit.
>Oh you qualified, but you’re so burned out/used & abused you don’t want to go on to get your license?
Enjoy being a fricking glorified labourer then after 4-5 years of hard work; you just graduated to a whopping $5-$10/hr increase and you didn’t even need all those stupid fricking power/hand tools. Just a shovel.
Frick tradies, frick the trades, and frick this gay ass world. I can’t fricking wait for the war
Name the trade. They are not all the same. Also name country. If your trade uses a shovel that choice is normally unwise.
t.comfortably retired jet mech
I work in a Fatman datacenter and getting Linux+ now. Seems good for the foundation of Linux. Have no clue what to do next. Cybersec jobs seem kind of boring and low paying but might grab cissp
I had A+, Linux+, and Security+ and didn't get a job. They all expired.
I just bought a book to study for Pentest+ and I'm going to try and get a job again.
How about you get a real job, like doordash sonny.
Pull those bootstraps up
I got my A+ recently, was fairly easy to get. I only had to study for it for about a week to get the 1102 portion (got 700+ on both portions), but I bet the average normie would struggle with it due to stuff like the 1102 simulation questions being about helping someone over text message fix a computer. The 1101 was piss easy though, the labs for it were about building a customer a custom rig to suit their needs and the multiple choice questions being easier than most of the practice tests you'll find on sites like Union Test Prep.
I'm getting mine for free due to having a vocational school scholarship, and in an economy where you NEED an amazing looking resume and I don't want to go to college, I'm taking what I can get.
You guys are a bunch of complaining western homosexuals.
How does learning for certs compare to STEM bachelors?
I always assumed it was rote memorization for normies who don't give a frick about technology but need a paper that says they do. Does it really make you better at tech. I mean doesn't everyone just search engine for what they need to do.
Knowing certain fundamentals are important for using a search engine to ask the right questions and implement the right solutions.
this is the most accurate thing ever said about IT.
You need to know enough to know what to google and be able to understand the results. It's not like say woodworking, where once you know how to do something, you'll always have the option of doing it that way. There's just too much to know and it changes too often for you to actually know everything.
Totally depends on the cert. The OSCP (and more difficult OSEP) for example is an exam where you're tasked with gaining access to 5-6 host machines over the course of 24 hours and then have another 24 hours to complete writeups of your methodology and findings. That requires a lot of hands-on training and is fairly legit. Then on the other end of the spectrum you have exams that are entirely multiple-choice and are, yes, little more than exercises in memorization.
>certs
>5+ years of experience right out of high school
>bachelors
All of this, and I only just got a decent job now, a year after I graduated, and it's not even really in my degree's field. The market is so goddamn fricked.
don't support the cert industry
they are trying to middle man the job process
Well public schools aren't getting it done. Someone needs to bridge that gap and it ain't free.
None of those, you will soon be fighting compsci grads for those jobs and nobody wants goblins like you.
comptia is for the people that changed their construction job for an IT job. AKA computer illiterate
Yes they're useless
I would consider Comptia useless
I currently have my AZ900, MS900, AZ104 (administrator associate) and AZ305 (solution architect expert).
I am studying for the MD102 then will get the MS102 then try for the CCNA.
How useful is the below certifications to get out of helpdesk?
AZ-500: https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer
AZ-700: https://learn.microsoft.com/en-us/credentials/certifications/azure-network-engineer-associate
MD-102: https://learn.microsoft.com/en-us/credentials/certifications/m365-endpoint-administrator
MS-102: https://learn.microsoft.com/en-us/credentials/certifications/m365-administrator-expert/
Red Hat Certified System Administrator: https://www.redhat.com/en/services/certification/rhcsa
Red Hat Certified Engineer: https://www.redhat.com/en/services/certification/rhce
CCNA
you have more than enough certs to get off helpdesk. AZ-104 alone is enough. The biggest thing for you is probably just lie about your experience and trump it up as if you were basically a sysadmin in all but name.
>AZ-104 alone is enough
I feel like its not helping me when job hunting, I keep getting rejected and no one really cares about microsoft certifications
im not doing that
whatsamatter? can't pass a drug test because you use Black person weed as a crutch?
yes
pay your taxes. my kids need food stamps.
Not worthless at all. A+ is a really good way to get your foot in the door for an IT career. All the IT guys at my company have (or had) one. Of course, we're deep into the Biden Economy at the moment so there aren't really many jobs at all anymore.
considering actual high school freshmen can sit for the A+ exam and take Network+ and Security+ by the time they graduate, yes it is worthless
Only things that can get you a job is:
A+ for Help Desk.
Sec+ for any job that requires clearance.
The rest of CompTIA's catalogue is a waste of time. I would just move onto Cisco/Azure/AWS certs, so you need to then specialize.
I only have project+. how fricked am I?
certmonkies will ngmi
Don't listen to the anons saying they are worthless. I have A+, Net+, Server+, Office fundamentals and few other M$ certs. With these I started at IT Specialist @ 65K per year. 8 years later I am now Project Manager for a software developer making $145K per year + bonus and other perks. Not bad for a mostly autistic highschool drop out with no other education.if you put in the work and meet the right people you'll do fine. But no one is just gonna hand you shit just because. You got to put in the effort and show your dependable and deliver on some big objectives
>HS dropout here
>I started at a Helpdesk, they required me to get Sec+ in 6 months...
Did that, then after 2 years got prompted to a SystemAdmin.
Now i make 70k a year, work 4 (10hour) days a week, and maybe, MAYBE spent 1 or 2 hours a day doing some type of work.... I spend the rest of my day fricking off, trolling IQfy, youtube, emulation, or sleeping.... so it was worth it to me.
Is sec+ your highest cert?
Yes Sec+ is my highest...
I honestly have no idea where to go from here.....im comfy but i know i should push forward...
>I honestly have no idea where to go from here
For certs aim towards the Cisco CCIE certification and CISSP. From there you can leverage your experience and move into higher roles. I'd also recommend getting any bullshit degree you can get your hands on that sounds remotely related to networking, computing, or business, but only cause it gives you leverage when negotiating higher wages.
I was thinking about Cissp too, my job will up my wage 5k a year if i get N+ (i have no idea why) so i assmued i would at least do that since its EZ as hell...ty tho anon.
If you don't have N+ yet go ahead and get that. Alternatively ask your company about Cisco certs like the CCNA cert if they're gonna bump your pay, or if they're gonna buy your exam ticket(s).
Net+ is easy as frick, go get that extra 5k.
Maybe study a little bit. There's a lot of material involved in the network+ exam
not him but do employers care about network+?
I feel like CCNA would make a much bigger difference
ymmv, but I like the idea of having network+ because if you get sec+ every time you renew your sec+ the net+ renews. I also like having my certifications centralized, but if I was going full on network technician/engineering then I absolutely would go the Cisco route full force.
Mirin
Do I even need to bother with certs as someone with a college IT degree? I graduated with a minor in Web Design but decided I hate it so I was going to pivot to Networking and get Cisco certs.
If you have no experience, it would probably be a good idea.
Get Security+/CASP+ and dive into DevSecOps related certifications. This will round out your security knowledge with respect to your field. Later on perhaps also consider the CISSP, and for those who wanna be leaders definitely get your PMP certification.
He's only half wrong. I wouldn't call them "baby" certs as much as they are a means to branch out your IT/STEM related knowledge to show you're flexible, but of course don't just pass every single one and put them on your exam. Also, CISSP is the gold standard in cyber security certification. If you have that, or one of the other higher certs from the ISC2 organization, you're gonna have a good time, especially if you can pair it with a security clearance of some sort.
>Also, CISSP is the gold standard in cyber security certification.
It's the gold standard because it has a 5 year work experience requirement to not wear the gold star of Der Associate.
If ISC took away that requirement it would just be a slightly harder Sec+ exam.
"But this job says you need CISSP" yeah because they're just trying to weed out all the unemployed fresh college grads spamming their resume and it makes HR's job easier to filter by people who have verified in field work history.
You are factually wrong and terminally moronic. CISSP, and the "associate" designation function as a compliance item for government work and contractors:
https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/
This is why even if you are a CISSP associate with a top secret clearance you are basically guaranteed an interview for a lot of jobs that require both in the description. speaking of which, you could have easily fact-checked yourself by doing a job search for "CISSP associate", but here you are instead larping as if you aren't some coffee-grabbing help desk jockey.
lol you've never even had a contracting job have you?
no one is coming off the street and getting an IAM or IAT job anyways with no prior experience. people get held in IAT I for years where only Security+ matters. Furthermore even if you do get an IAM II or IAT III job you can get CASP+ to satisfy it which people do because it's cheaper.
When I was a contractor for an alphabet soup making dogshit pay my boss had CASP+ because the company didn't want to foot the bill and he didn't want to study for CISSP.
>you can get CASP+ to satisfy it which people do because it's cheaper
More like because it's easier to rack up most of the CEUs needed to renew it using FedVTE than it is to do the same with the CISSP. I'm already convinced you don't know what you're talking about, but you can say as much as you'd like.
you're ignoring the point
>jobs with no clearance in private sector
they want EXPERIENCE above all else
if you walk in with your Associate CISSP because the job said must have CISSP then you're just applying against people who aren't associate and have more experience than you
>job with clearance and following 8570
you still don't need CISSP because easier shit satisfies the requirement anyways
Very concisely explain what ISC2 does that warrants the membership fee and exam fee of CISSP then?
No, you're moving the goalposts. The original point is comparing the CISSP [this cert] to the CompTia certifications [baby certs]. No shit that any hiring manager worth a damn is gonna weigh meaningful work experience over other resume items; that's not the debate. We're talking about certs, and in the context of certs it's gonna be what the employer is looking for, what gets you past HR, and which checks in the box you fill (in which case the CISSP has a broader span across the 8570). I'm not here to debate, weigh, and compare the scam fees of membership and renewal as 90%+ of ANY certification administering authority pander to this bullshit psedo-subscription model.
Again, you don't know what you're talking about.
You're still ignoring the point, man
I compared CISSP to CompTIA because at the end of the day they are both MULTIPLE CHOICE EXAMS. CISSP is deriving all of it's credibility from the 5 year work experience requirement. That's the whole reason why HR uses it for screening. It's just a quick box to check that says "this person has the required self motivation to obtain a cert and this person has a verified work history".
You are jumping to the conclusion that the exam itself is good because the DoD decided that an associate lacking experience can still make the rank of IAT III or IAM II.
What is more likely?
1) The DoD made allowances for Associate simply because government lifers who might have managed numerous government projects unrelated to Security get the Cert and are good candidates to be an IAM II or III on a security project where they would be a good manager
or
2) it's just a really fricking good exam
citing 8570 is inane
>I compared CISSP to CompTIA because at the end of the day they are both MULTIPLE CHOICE EXAMS.
You're using cost outright as a metric as opposed to marketability which considers the subjective value at that point. You're not wrong that it costs more time and money to maintain, but from this angle you're ignoring the flexibility and marketability of the certifications. So really, what is it that you're expect to hear...? You want to use available job openings that compare the amount of times similar/same positions call out having CISSP associate vs. CASP+? Do you want to use salaries of certificate holders as a measure? These are all meaningful ways to compare the certifications worth, but also arbitrarily difficult to produce results.
If you wanted inane, all you had to do was distill the certs into "both multiple choice exams".
Which is more likely, that the market and the government are right? Or you?
>marketability of the certifications
What is this marketability based on? Where is it derived?
My argument has fundamentally is that CISSP derives its credibility from the 5 year requirement. That is why the CASP+ is not held in high standing by the market even though the DoD views them as identical.
Do you honestly think if ISC2 got rid of the experience requirement and just allowed anyone to get CISSP just like a CASP+ and there was no extra word like "Associate" the market would still hold it in high regard?
>Do you honestly think if ISC2 got rid of the experience requirement and just allowed anyone to get CISSP just like a CASP+ and there was no extra word like "Associate" the market would still hold it in high regard?
Yes I do, nor unlike the CISM, it shouldn't be hard to understand.
>Yes I do, nor unlike the CISM
the CISM has a 5 year requirement too what are you on about?
I'm drunk, I meant you could do the same with the CISM
I think the CISA has been more successful at having experience be ignored because the work it's certifying your for is inherently non-technical.
If someone is a fresh college grad or hell even a fresh master's graduate and they got a CISA it's really easy and compelling to ignore a lack of 5 years because audits audit is a more narrow focus than just saying "security".
ISACA can coherently describe how an audit is generally structured and how they are generally conducted and if you learn this material and get hired at a big 4 their processes will line up.
ISACA can not even coherently describe how an information security program is designed in their CISM materials. It's just some ethereal "it's what senior management wants" lack of explanation because security is an incredibly broad field.
>It's just some ethereal "it's what senior management wants" lack of explanation because security is an incredibly broad field.
Because ISACA wants you to buy the COBIT materials in addition to the CISM materials.
If you've been a NEET and are only now going to college in your thirties, then yeah it pads the mostly blank resume and can help you get an internship or get an entry level job. But in your case, the 2 years of experience are way more important.
>t. BS in electronics/computer engineering
>0 experience or internships
>have a handful of projects listed on resume
>over a year without any junior level interviews
Is there a cert for my field worth getting? I'm thinking of getting A+ just to look competent. Cisco certs look promising but idk if employers give a shit about them.
Is this stupid shit really on the A+ exams?
I have to go through these practice questions regardless, but I was specifically told I don't have to memorize POST beep codes (aside from one beep for good), let alone for legacy IBM shit. They're not even the same across manufacturers. This is just an irrelevant practice question, right?
not outdated like that specifically, but there are generally dumbass useless trivia questions on the A+ 4 sure
also ya totally irrelevant practice question
oh thank god.
Are the questions on the real exam (even if they're moronic and pointless) at least written coherently? These practice questions make me want to nuke India. I haven't taken a CompTIA exam since 2020.
Anyway I'm using an exam dump (that I hope is legit) for A+ and Project+, planning on legitimately studying for Network+ because that actually interests me and is useful, and from what I've heard of Cloud+ I could probably pass it while hungover and half asleep.
LoL don't worry about the beeps. The Certmaster tests are very misleading. Their VM labs are also trash. They do have moronic questons like
>what is teh 4th step of the CompTIA Troubleshooting Process?
>the printer has vertical lines on the page. is this a result of a)developing )b fusing c) loose corona wire d) cleaning blade e) all of the above
Irrelevant procedures that CompTIA made up and weird scenarios involving outdated technology that you'll never encounter in real life
The only thing keeping CompTIA alive is this perception/myth that employers value CompTIA certificates. It is nothing but a brand. The way to learn is actually doing things on a computer in reality. Studying to pass multiple-choice tests is antithetical to learning
get CISSP instead
comptia are babby certs
get [preferred multiple choice cert] instead
[other multiple choice cert] are babby certs
I have sec+ and OSCP. Both sec+ and pentest+ are basically compliance certs, and a lot of organizations will want you to have them to cover their ass and as a baseline (especially if they contract for the government). They aren't really indicative of technical ability at all, though. To build that part of your resumé, I'd recommend a technical cert like OSCP/SANS/the new hackthebox cert. None of them are super difficult, but consider them as part of a portfolio rather than a certification. A portfolio is pretty important, and I would recommend building one either with programming/scripting centered towards the job role you want, hackthebox/ctf writeups, or tutorials for building and modifying infrastructure relevant to the job you're looking for.
how long did it take you to get OSCP and were you employed in pentesting before getting it?
I transitioned from a SOC position to a red team position internally with some hackthebox experience, but really not very much. While on the red team I began studying for OSCP but had a bunch of stuff happen inbetween. Total time spent dedicated to studying was probably about a month to a month and a half with minimal outside assistance and just brute forcing my way through the lab content. Almost all of the privilege escalation on my exam was really simple, the most useful skillset was abusing default windows functionality for lateral movement (winrm, remote schtasks and wmic, psexec, etc.) and some basic web stuff. A lot of the initial access was either default credentials or vulnerable versions of software with POCs already created.
I'm conflicted because I see people say you should really get an eJPT and PNPT before trying OSCP then I see you who just said frick it and did it in less than 2 months.
Admittedly I came in with a good knowledge of scripting and strong familiarity with administrative work on Windows and on Linux, but OSCP is really just learning how to enumerate and then learning what tools to use. I felt overprepared for the test, but it is difficult to me to gauge my level of experience going in. I think it's absolutely doable within 3 months if you try and are motivated, but there's nothing wrong with shooting for eJPT (I have no clue what that is) and whatnot first.
eJPT is supposed to be baby's first pentest *real* cert
it's hands on and you have to do a write up just like with OSCP it's just the simulations are easier
Then I would say go for it, especially if the content is good. OSCP's content honestly is not the best, and I did a lot of my learning by reading hacktricks.xyz or other wikis about how to do whatever they were asking for in the labs. OSCP isn't insurmountable though, and I dont think you need professional experience to get it at all.
This is all good info and I appreciate the responses. How would I even go about building a portfolio though? Just blog about what rooms/boxes I've cleared and homelab stuff?
I'm not coming from a SOC background like you so I don't have work experience in the field already.
If you can script (powershell, bash, python), that is a good start and making some simple tools like a portscanner will do well for you. As for the blog question: yes, exactly that. Setting up the blog is good as a portfolio item in and of itself, and any time you do a hackthebox box do a writeup on how you did it and submit it after it goes out of scope (or do old ones and submit them immediately). Documenting your work will give a record that you did it and also show technical writing skills.
The SOC was not very good, but I agree with you there. If you are starting from complete zero, I'd recommend overthewire>underthewire>tryhackme>hackthebox>ejpt>oscp. Don't be afraid to google a walkthrough if you get stuck for more than a few hours and document stuff that you think is notable, and it will go a long way.
If you can program, throw some stuff youve written in there, even if it isnt strictly red team related. That always looks good.
Noted, and thanks again.
For sure dude, best of luck on all of it!
>get this cert
>lol no, we meant this cert
>lmao now get this cert
>don’t use the internet to teach yourself the shit you need to know
>just keep sending us money and we’ll TELL you what to learn, zoomer!
>don’t forget to keep those certs updated!
>picrel: it’s you homosexuals realising how fricking regarded it is to spend time getting certs instead of spending time building/home-lab/developing
Zoomers are legitimately headfricked, like, there is not an ounce of original thought or critical thinking ability. They just do what they’re told, when they’re told, after they’ve paid. Imagine genuinely believing that you have to go into DEBT in order to be able to work, and all because we let women become hiring managers. And the most ironic part of this whole charade is that you dysgenic brocolli-haired c**ts obsess over “bEiNg a MaN”/tate bros (HustleU LOL) and then go on to make life decisions enforced upon you by barren, childless female hags. Thank god we’re finally at the end of the long march through the institutions; at least zoomers will be the last generation to have their minds poisoned with marxist/socialist ideology - we can use you morons as examples moving forward.
>Zoomers are legitimately headfricked
>Imagine genuinely believing that you have to go into DEBT in order to be able to work
you're talking about millennials, friend.
zoomers have recently dragged the median age of electricians and HVAC down
The median age of tradies is dropping because they’re all retiring and kids aren’t joining the trades anymore. You are genuinely moronic
>they’re all retiring and kids aren’t joining the trades anymore
so the influx of over 200,000 electricians that dragged the median down is just grown men deciding to pick a new career field?
you must've eaten too many paint chips as a kid
Yes, those grown men are all brown and come on Student visas, declaring their age to be 20-35 when in reality they are all 35+, but you would know that, if you were a disingenuous homosexual arguing in bad faith, but I digress.
>those grown men are all brown and come on Student visas
I almost forgot it's afternoon in India.
Cope of the decade. Illegals are lowering the tradie wages. Indians don't join trades. Haven't seen a single Indian electrician, plumber, carpenter or HVAC guy ever.
>not coaxing your employer to cough up money for your certifications in order to "make the company better".
Admittedly hard, but still. NGMI
>convincing your boss of anything
>literally asking somebody else for permission to act as a grown ass man
>literally expecting to spend other c**ts’ money (underage socialist homosexual)
>sucking your boss’ wiener this hard
>noooooo it’s for pERsOnAl dEVeLoPmEnt bR0
>not using company resources to build labs
>Not automating most of your job so you can learn and/or work on the shit you want to
>lOoK aT mY sHiNy nEW pIEce oF pApEr iT oNLy cOSt mE $500 HaHAaa
I bet you ask if you can go to the bathroom, too, as well as which hand you should wipe with.
Zoomers have single-handedly frick the trades entirely with how useless & lazy they are. They’ve managed to drag the proverbial bar down so low that we’re now trying to incentivise women, FRICKING WOMEN, to become Plumbers/Brickies/Chippies/Scaffers. I got out of tech 8 years ago to avoid the impending roastie corporate apocalypse, and while i froze my ass off in the early
hours of the morning, i still never had to listen to Sally from HR dribble complete shit for hours because she hasn’t been dicked down in over 9 months. BUT NOW those same rotten little c**ts are back asking me what time lunch is/when can we eat, mr sir the second they get out of the fricking car at work, after they’re already an hour late. Can’t tell at them or hit them anymore: lose your fricking job and future prospects. Can’t even make sexist jokes or just be a man on-site because Sally from HR has become Sally with the Lollipop sign around the wrong way, clutching her iphone in the other hand. Pure fricking clown world
what's wrong chud? threatened by a little female presence on the job site?
yeah, you stupid two-holes c**ts are walking death traps & slow everything to a crawl with your inclusivity bullshit, and you’ve successfully brainwashed an entire generation and a half of young men into being colossal homosexuals that are both physically incapable of making eye contact, but also cry when subjected to external-pressure, like when you get yelled at. Pathetic, and ‘m practically foaming at the mouth now because every industry has been invaded by you rotten mini-communists. There’s no fricking escape anymore
If you can't do both homelabs and certs on the company's dime then I pity you. Sorry your soft power sucks, but if you don't have autism maybe you can fix that. You're posting in IQfy so that's not a good start.
>reading comprehension
Beyond fricking incapable. See
>PRAYX
>Beyond fricking incapable
I don't take you seriously
you can’t read, i’m not surprised.
>as well as which hand you should wipe with.
Arab detected.
>I got out of tech 8 years ago
You were so scared of roasties that you missed the best era of tech comp we'll ever see...
It's over mayne. I'm sure the billionaires on their yachts have a giggle reading all this dystopia knowing it doesn't effect them at all and they are hiding behind the tech surveillance prison safe from everything. Shit. The Starbucks founder could watch Starbucks plummet to sears valuation and he'd still be living like a king.
ISACA definitely has the worst certification maintenance requirements I've ever seen
hey ive got my cybersecurity bachelor's degree, and I had a sec+ in the past
I'm studying now to get pentest+, how hard would you say it was compared to sec+? I thought I was fricking failing the shit out of sec+ but passed it with a really high score
Are all SANA/GIAC certs valuable? Is the CEH worth it as a cert?
>Are all SANS/GIAC certs valuable?
Yes, if you're not the one paying for them.
>Is the CEH worth it as a cert?
It's an expensive, Indian cert that for reasons unknown to me is looked upon fondly by recruiters and the DoD. So yeah I guess so.
Thank you. In your opinon, what is valuable? What is worth it? AWS, Google, etc. Is it vendor-dependent? Is it particular cert dependent? Are some vendors just not worth it?
I took a class in which we used Wireshark extensively, and have considered getting a cert in it for funsies, but a lot of folks says sniffing and Wireshark and networking are not it.
CEH is cancer. There's tons of videos, articles, and discussions about this in depth. Avoid CEH
>Indian cert that for reasons unknown to me is looked upon fondly by recruiters
Wrong
OP do not listen to his advice CEH is shit
>Senior engineer +5 YoE
>Want to transition to application architect or de DevSecOps
Do I really need to bother with certs? I got bored watching the Udemy course for Net+ and I can't imagine doing this for Sec+, CASP+, CISSP and then cloud certifications
BSc (Hons) Ethical Hacking here
My Lecturers said most of these Certs are absolute shite..
Look into getting a CISSP Cert or get one of the Certs by Offsec, like OSCP etc
i was at a security confrence a month or two back, i spoke to a few pentesters that didnt go to uni and they had Offsecs certs or CISSP Certs
one of the best things you can do is go to uni, get a degree, then get good certs like the ones mentioned above, you dont need to go to uni but it helps alot, eeveryone that grads my couse gets a job. a lot of people dont even do their honors they just do the 3rd year and then find something.
TCM Security certs are also pretty good i have been told.
https://certifications.tcm-sec.com/
CompTIA isnt that good
its better than the CEH thought. DO NOT GET THE CEH
OP I CANNOT STATE ENOGHE TO NOT GET A CEH,
waste of money and time. and most employers do not take it seriously
McDonald's
I got the CCNA and it was super fricking useful. Aced an interview recently, the questions were almost exactly like the exam. Like somebody said, it's not the cert, it's about being able to hold a conversation.
I got on help desk without A+. Most of our desktop support team doesn't have A+. It kinda sorta is a meme.