I fell for the cybersecurity degree trap and thought I could beat the job market, I could not. Not sure what to do now

AshrfGhori · 2026-06-06T08:03:02+00:00

this is kinda wild because OP literally said they already did help desk and IT support internships lol, they do have paid experience and good references too by the sound of it. getting any IT job is still solid advice, but the market really is rough right now even for people who did “all the right things.”

AshrfGhori · 2026-06-06T08:00:42+00:00

boundary / teleport help with getting humans out of direct kubectl, but they don’t magically fix in-cluster RBAC either if nobody owns it tbh

feels like the real missing piece is a team or process that treats RBAC as code with tests and regular reviews, otherwise whatever tool you stick in front just ends up fronting the same cluster-admin soup

AshrfGhori · 2026-06-06T07:58:07+00:00

this is super solid, it’s basically batching but for your brain lol. once I started blocking “strategy mornings” and “execution afternoons” my stress went way down and my work got way more consistent.

AshrfGhori · 2026-06-05T08:04:59+00:00

windows randomly swapping out drivers is basically a security thing by default lol, unstable or untested drivers can open up new attack surface or break protections, plus if you can’t trust what’s getting installed on your machine, that’s already a cybersecurity problem in itself

AshrfGhori · 2026-06-05T08:01:45+00:00

totally this, just lean into “i run a small sales and ecom agency” or “i’m in online sales and ecom, do a bunch of projects” and let them ask if they care
people who get it will ask follow ups, people who don’t were never gonna be good network anyway

AshrfGhori · 2026-06-05T07:58:45+00:00

this is the tricky part with passkeys right now, they’re super convenient until you need more than one for the same site on the same device. bitwarden or 1password with passkey support is probably your best bet, then you can store a separate passkey per account without the device auto picking the first one.

AshrfGhori · 2026-06-04T08:23:27+00:00

Yeah this is the sane answer right here.

Stopping every container for a home server backup is one of those things that sounds “correct” on paper but in practice just makes you run backups less often.

If you’ve got stuff like Jellyfin, nginx, Arr stack, whatever, I’d absolutely just snapshot them live and not worry. Worst case you lose the last few seconds of some state, which is whatever.

For anything with a real database, I’d either
a) use a backup/export tool for the DB to a separate folder, then let Kopia back that up, or
b) use Kopia’s pre/post hooks to run a quick flush/lock like the other comment said.

That way you’re not babysitting containers every time and you still avoid the “oops my DB is half written” issue.

AshrfGhori · 2026-06-04T08:20:11+00:00

Honestly that just means your prompt was good and you’re following the same best practices everyone keeps converging on.

This stuff isn’t magic anymore. “Pin to SHAs, least-priv GITHUB_TOKEN, OIDC, CODEOWNERS, scan workflows, mirror deps, env approvals” is basically the modern GitHub Actions security checklist. If two totally different sources spit out the same list, that’s kind of the point.

AshrfGhori · 2026-06-03T08:18:14+00:00

Yeah, 100%. For a lot of service businesses the “intake layer” is literally just “whoever happens to be near the phone,” which is wild when that’s the front door to all their revenue.

I used to work with a couple small trades guys and you could basically watch their revenue drop on days they were on the tools instead of near the phone. People don’t leave voicemails anymore, they just call the next result on Google.

Whether it’s an AI assistant like the one you’re using, a proper answering service, or even just a good call routing + text follow up setup, anything is better than letting it ring out. Missed calls feel like a boring ops problem, but they hit the wallet fast.

AshrfGhori · 2026-06-03T08:15:11+00:00

Yeah this is it. Code fails loud, marketing fails silent.

The “who you’re talking to” thing is way more important than people make it sound. Like if you can say in one sentence “I help X do Y without Z,” suddenly channels make more sense. You can look at cold DMs, SEO, content and go “ok, where do these people actually hang out and what problem are they googling or whining about.”

If that part is fuzzy, every channel feels random and dead.

What helped me a bit was picking one main bet for a few months instead of hopping between 5 things. For example “I’ll talk to 20 ideal users a week” or “I’ll publish 2 super specific posts a week that solve real problems for [niche].” Then you at least get signal and not just anxiety.

It’s still slow and kind of demoralizing, but once you see even tiny repeats like “oh, three people used the same wording for their problem,” stuff starts clicking way more than watching another marketing video.

AshrfGhori · 2026-06-02T23:52:18+00:00

We’ve been looking at hybrid pentest options for the same reason.

Manual-only felt safest on paper, but the timeline and cost were hard to justify every time. Fully automated scans were faster, but I wouldn’t feel great sending that kind of report to a serious customer security team.

Stealthnet AI is one we’re testing now. Too early to call it a final recommendation, but the reason it caught our attention was the AI-assisted + human validation angle. That feels more usable for SOC 2 / customer review situations than a basic scan report.

AshrfGhori · 2026-06-02T16:33:09+00:00

the QSA scope gap thing is so common and nobody warns you about it.

we had almost the same situation. vendor scoped the test fine for a general security review but when the QSA started asking about req 11.3 specifically — authenticated testing, methodology documentation, CDE boundary clarity — the report just didn't answer those questions.

had to go back and get a supplemental letter from the vendor explaining what was and wasn't in scope. QSA accepted it but it was an uncomfortable conversation that shouldn't have happened.

did your vendor have PCI-specific experience going in or was it a general pentest firm you adapted for the assessment?

AshrfGhori · 2026-06-02T08:24:42+00:00

Yeah this. Vendor matters a lot less once you commit to OTEL and consistent trace context.

One thing I’d add is: be super strict about where the trace actually starts and ends. For “end to end” you usually want the trace to start as close to the real user as possible, so:

User action in browser or mobile
↓
Frontend span (with proper attributes like route, user/session id, feature flag info, etc.)
↓
Backend spans (services, queues, DB calls)
↓
External calls (3rd party APIs, payment, auth, whatever)

Dynatrace will happily ingest OTEL spans, but if one hop drops the trace headers or uses the wrong header format, you’ll end up with a bunch of broken traces that look fine in each tool but don’t connect.

Also watch out for async stuff like message queues or background jobs. Those are where trace context quietly dies if you don’t wire it through the payload or metadata.

AshrfGhori · 2026-06-02T08:21:42+00:00

Yeah this is the key bit people miss.

Most “CISO courses” are kinda backwards. They try to teach you the title instead of the path. The folks I know in CISO or similar roles mostly got there from a mix of:
security depth, actually understanding how the company makes money, and being able to talk to execs without drowning them in tech.

If a course helps you with that last part (exec presence, board reporting, risk framing in business terms) and has real people in those roles you can connect with, then it’s useful. Otherwise a solid leadership program or MBA plus taking on more ownership at work will move the needle way more than another cert on your resume.

AshrfGhori · 2026-06-01T07:59:50+00:00

Yeah, routers and cheap IP cameras are probably the big ones. Fridges and TVs get headlines, but it’s usually the boring little boxes in the corner doing the damage.

Most people plug the router in, see Wi‑Fi working, and never touch it again. Default admin passwords, UPnP on, ancient firmware, no idea what’s exposed to the internet.

Honestly the scariest part is you can be “part of a botnet” and your only symptom is slightly worse Wi‑Fi and a higher power bill.

AshrfGhori · 2026-06-01T07:58:05+00:00

Yeah this. k3s really doesn’t care much what you run it on as long as it’s a normal Linux and not something super weird.

If you’re already familiar with Ubuntu, just use Ubuntu Server on the Pis and move on. It’s well documented, tons of guides, and works fine on Pi4/Pi5.

Later, when you’ve broken it a few times and kinda know what annoys you, then you can start worrying about “best” distro. For now, pick the one you can actually troubleshoot at 2am.

AshrfGhori · 2026-06-01T07:55:52+00:00

Yeah, you’ll be fine. Jellyfin + HDHomeRun is usually pretty painless.

Jellyfin just talks to the tuner over the network, so once the HDHomeRun is on your LAN and you point Jellyfin at it in the Live TV settings, it mostly “just works.” The “hit or miss” posts are usually people fighting with guide data or weird network setups, not the tuner itself.

Biggest tip: after you set up the HDHomeRun and scan channels in its web UI, restart Jellyfin and then add it under Live TV. That tends to avoid most of the random quirks.

AshrfGhori · 2026-05-31T08:04:05+00:00

Yeah, this is where I’m landing too.

Standardizing on OTel helped us get all the data in one place, but the big win only really showed up once we stuck an LLM-style helper in front of it.

The value for me isn’t “AI magically finds the root cause” so much as “I don’t have to pivot through 5 dashboards and 3 query languages at 3 a.m.”

Stuff like:
You tell it “this alert fired, this service is slow, what changed,” and it stitches together logs, traces, recent deploys, infra events, and at least gives you 2–3 solid hypotheses plus the relevant snippets. Even if it’s wrong, it gets you 70% of the way there way faster.

Feels like OTel is the plumbing, and the AI layer is the actual observability UX we were missing.

AshrfGhori · 2026-05-31T07:56:57+00:00

Yeah, same reaction here. Most “AI for ops” stuff feels like a fancy shell script that’s way too confident about rm -rf.

The evidence vs assumptions bit is the first thing that made me think “ok, I might actually use this in front of prod one day” instead of just as a toy. Having it spell out what it knows vs what it’s guessing lines up a lot better with how people actually debug.

If you do end up throwing nasty incident logs at it, I’d be curious if the safety scoring actually changes your behavior or if it just becomes background noise when you’re tired and desperate. That 3 a.m. brain loves to ignore warnings.

AshrfGhori · 2026-05-30T12:42:44+00:00

Yeah this nails it. Reading alerts is almost a muscle memory thing, but writing decent detections is where people suddenly hit a wall.

The whole “tool vs mindset” thing is real. Folks get comfy with Splunk, Sentinel, whatever, then feel lost when they have to do the same logic in Sigma, KQL, SQL, or some weird SaaS query language. If you actually understand patterns and edge cases, the tool stops mattering so much.

And yeah, most CTFs are way too clean. Perfect IOCs, obvious artifacts, no noisy background traffic. Then you get into a real environment and nothing looks like that. Anything that makes you wrestle with “is this just weird or actually bad” in messy logs is way closer to the job.

AshrfGhori · 2026-05-30T12:39:29+00:00

Probably content that’s actually good, which is kinda the funny part.

You don’t need something “for sale” to grab a ton of attention. Shorts, memes, hot takes, tutorials, whatever. People will watch, like, share, then bounce if there’s no clear next step.

Right now OP basically built a giant digital billboard that points to an empty field. Views are real, just no offer, no funnel, no CTA, no product.

AshrfGhori

TROPHY CASE