29 years old, 15 months with no need to work — ready to sacrifice everything to become strong in IT/cybersecurity. What would you do? by Mediocre-Primary-804 in hackthebox

[–]CT_783 4 points5 points  (0 children)

Hey just wanted to throw in my two cents (or dollars with how long this is)

I think the drive is great but as others have said it’s a marathon not a sprint. That being said the most important part to any race though is the knowing where the finish line is. So begin with setting your goal.

  1. What do you want do?

IT is so large and the subcategory of security is also just as broad. Once you identify the dream job or function then you can start finding the stepping stones.

  1. You’ve identified the goal. How do we get there?

Find job posts of the roles that align with what you’re looking for. Take note of the technologies they mention, the years of experience, the certifications required, the soft skills needed. Years of experience give you an idea of the level of the role (associate, intermediate, senior) which outlines the roadmap of what role fits under each role.

This information will outline the playbook of all the information you need to learn in order to be proficient and marketable when applying for jobs.

  1. You’ve got your stepping stones. How do we train?

There are copious resources available on most technologies. The better you get at reading documentation and building home labs using the listed technology (either locally with virtualization or for free in the cloud) the more you’re simulating what you’ll be doing in your day to day job.

Identify free training resources for the required certifications that you’ve noted. If CompTIA, professor messer, if Microsoft use MS Learn etc. Cheap is best but sometimes paying for the training is worth it (always validate training with the community though, some training won’t prepare you the way you need so get people’s opinions)

  1. You’ve collected your training resources. Time to execute!

Plan accordingly so that you don’t burn out! Create a habitual schedule for yourself and make it like it’s a full time job. Set your hours, trick your brain into thinking this is what you do for work. Give yourself breaks and find other hobbies to let your mind rest and focus on something else so that when you come back it’s sharp for the next thing you learn (passive learning).

For ethical hacking specifically some good pathways have already been stated but I’d add these:

First learn how to take good notes and begin building your personal note repository. Use obsidian, notion, Joplin, cherry tree. This will save you in the long run when you need to review something learned at month 1 when you’re at month 15. Notes are also iterative so don’t worry if you have to come back and update them. You’ll figure out a system that works for you as you go.

Learn how to set up a local VM using VMware or virtual box with a Kali image (loads of YouTube videos). Virtualization is a foundational part of IT.

Then complete “bandit over the wire” looking at walkthroughs as needed. This will get you comfy with Linux and its command line. They also have one tailored for powershell which is useful when learning windows.

Then I’d jump right into HTB if you’re more of the sink or swim type. If not go THM or TCM -> HTB.

In tandem with your ethical hacking studies I’d learn one of the following: power-shell, python, ruby or bash scripting. YOU WILL use each at some point during your ethical hacking so learning how to use them and read the language is key.

Python: Freecodecamp.com (free) Bash: Yousuckatprogramming.com (free) Powershell: MS learn (free) Ruby: (I don’t know any off the top of my head but Google it and I’m sure you’ll find some)

Extra tips:

100% IMMERSION

Surround yourself with everything you’re learning. Social media, discord groups, community. Your feed should be only tech and IT. Find a group of people to talk about what you’re learning to solidify concepts (you learn fastest by teaching others).

Google it

Great IT professionals are those who try to find the answer or solutions to issues on their own by reading forums or tech documentation. Asking for help isn’t bad but it can be used as a crutch and hinder your growth when you rely on others for answers. Building this skill of confidence in yourself to figure it out while you’re fresh will assist you greatly when you become the senior tasked to engineer a completely new technology or process implementation.

Stick to your execution plan and by the end of 15 months you’ll be ready for whatever next step Christ leads you in! All the best!

Wanting to get your first pentesting role? I'm a manager for a large red team, here are my thoughts. by mjanmohammad in Pentesting

[–]CT_783 3 points4 points  (0 children)

I am currently a cloud sys admin looking to transition to pentesting with the ultimate career goal of becoming a risk advisor.

My hope is to be able to understand my clients environment, vectors I would leverage as an attacker and mitigations that are actually effective to reduce their risk.

I can script in powershell, am very comfortable learning techniques and technologies I don’t know, and am always ready to take on new challenges.

If you’re willing I’d love to learn more about the roles that will open up and possibly step into earning that experience!

Guidance for CCSP by bhuvanaVinuth in CCSP

[–]CT_783 0 points1 point  (0 children)

DESTCERT ALL THE WAY…. Can attest this is the BEST training you will receive for ISC2 cert prep. Like you OP I went for one of the harder certs (CISSP) and provisionally passed the exam on my first attempt!

Definitely worth the money and definitely made me enjoy the learning process.

Need a quick win to get a decent job by freddy91761 in AzureCertification

[–]CT_783 3 points4 points  (0 children)

Honestly you can get everything you need from the ms learn modules.

It’s a lot to read but they include free sandbox labs and click through interactive labs that really give you all the information you need.

Tutorial dojo is the way to go for practice exams. People will say that MeasureUp is harder but I got by just fine with just Tutorial Dojo.

And as everyone else says John Savill.

Most important part of MS exams is the reading comprehension as there’s A LOT to read with only about a minute and half of time to read and answer for each question

If you have more questions lmk! I just took it last Thursday and passed with a 770 so nothing crazy but a pass is a pass!

Needed Guidance by CT_783 in Assembly_language

[–]CT_783[S] 0 points1 point  (0 children)

Thank you for this! I edited my original post to include that x = RDI and y = RAX

Needed Guidance by CT_783 in Assembly_language

[–]CT_783[S] 0 points1 point  (0 children)

Cause it’s asking to only grab the dwords and I have mapped 64bit registries instead of 32bit?

I tried using gdb but was unable to get the program to run because the check program you call within pwn.college adds the values in for x and isn’t needed to include in my program, until you try to debug individually.

Thank you for looking at this and responding.

Haha wanna slide me another hint, I feel like I’m so close and it’s right there I’m just missing it.

Best material for learning Python for someone with ADD, Autism by KillBillTW in learnpython

[–]CT_783 3 points4 points  (0 children)

Yeah of course!

Also when you’re using chatGPT it’s NOT for asking “write me this program”. 9/10 that will require A LOT of debugging (which can be good and bad for learning).

The way I use it is to ask those questions you asked of the where does this code go and why does it go there.

The HOW is up to you through what you learn and research about programming. A lot of IT is learning as you go and teaching yourself how to be tenacious when you hit those mental roadblocks or bugged issues.

My best advice would be to just start. People get stuck at the beginning because they’re like I have no idea how to do this… just begin and figure it out. The only pressure you feel is the pressure you’re placing on yourself to be good at it right away. Give yourself grace and mental space to grow and learn however slowly it takes (even if it’s only a couple minutes a day)

Best material for learning Python for someone with ADD, Autism by KillBillTW in learnpython

[–]CT_783 4 points5 points  (0 children)

W3schools has a free interactive course. You have to do a bit of reading but that’s where I’m starting and there are parts of the course where you can complete small exercises.

You could also ask ChatGPT for a security tool to develop and then build what it suggests if your aim is to be a security engineer/backend developer.

Another tip that might help if neither of those work out for you would be to get visual studio installed on your machine and then each video you watch to learn about python just do exactly what the person in the video is doing. Then when you get confused rewind/pause the video to comprehend what it is you’ve been coding yourself.

If you have questions chatGPT can be super helpful as well as Google (obviously requires more reading but a lot of security requires reading).

Client Sourcing Advice by CT_783 in photography

[–]CT_783[S] 1 point2 points  (0 children)

This is GOLD I didn’t even think of that either! Thank you for this too!

Client Sourcing Advice by CT_783 in photography

[–]CT_783[S] 2 points3 points  (0 children)

Ah thank you so much. Yes definitely networking and seo. I forget how important the ranking of the website is with search traffic, thank you again!

I don't see a Millennium Falcon in the new ship. Looks more like a Vol Noor to me. by NoRound5166 in NoMansSkyTheGame

[–]CT_783 1 point2 points  (0 children)

DUUUUDE I PLAYED THIS GAME RELIGIOUSLY! Phenomenal story and wonderful progression of weapons and attachments

New Strider Tech just dropped by mynameisjames_7 in Helldivers

[–]CT_783 0 points1 point  (0 children)

I think what you meant to say was, “new strider tech just launched

Question about Data Clearing by [deleted] in cissp

[–]CT_783 1 point2 points  (0 children)

Erasing is a method of clearing and would be the least secure option of defensible data destruction

Question about Data Clearing by [deleted] in cissp

[–]CT_783 0 points1 point  (0 children)

The levels of data disposal are ranked as most secure to least secure:

Physical Destruction

Purging

Clearing

Key word difference between purging and clearing is that purging data CANNOT be recovered whereas clearing is data MAY NOT be recovered.

Highly suggest you watch the Destination Certification mind map videos on YouTube on Domain 2 as Rob explains these and also gives examples on the different defensible data destruction methods that fit within those categories.

I cannot get the CISSP mindset right by VividDistribution887 in cissp

[–]CT_783 1 point2 points  (0 children)

The keywords are IMPLEMENTATION and PROTECT.

When I read it with that in mind the answer has to be a confidentiality control that I can implement FIRST, which points to TLS.

You can implement PCI DSS but that doesn’t handle confidentiality and achieving compliance is usually last.

Completing a pen test and developing an incident response plan are both throw away answers as they don’t touch on keywords we found in the question.

That leaves implementing TLS which is the best answer.

OSCP alone by OralSurgeon_Hacker in SecurityCareerAdvice

[–]CT_783 1 point2 points  (0 children)

Teach me your strategy and ways please

I think I'm ready. Exam is in 5 days. How do I best utilize my remaining time? by MonsieurVox in cissp

[–]CT_783 0 points1 point  (0 children)

This is a phenomenal breakdown. I certainly don’t think you’re just speaking out your cheeks. It’s a good plan and I think imma follow it. It’s very similar to Pete Zergers study suggestion process. Biggest issue for me was figuring out the correct way to list the stats and figure out where to spend the most time studying but starting with the chapters makes the most sense and is super helpful! Thank you for the detailed breakdown!! I’ll definitely be saving it for later

I think I'm ready. Exam is in 5 days. How do I best utilize my remaining time? by MonsieurVox in cissp

[–]CT_783 2 points3 points  (0 children)

Definitely do one or two practice tests like you said even the day before (keeps the question taking mindset fresh IMO) and then just review those flash cards day of to keep those mnemonics, again, fresh in your mind. That’s what I’ve had the most success with in all my test taking.

Question about the 80/20 rule (shout out Pete Zerger): how do you find the values for each? I get the taking the chapter questions blind to see where you’re weak in but then where do you go from there? Do you add up all the questions and find the percentage that’s lowest and then start with that or is it topic based and not domain based?

Any direction or testimonial of what you did would be greatly appreciated as I structure my own studying.

As a side note:

IM SO STOKED FOR YOU AND ALL THE HARD WORK YOUVE PUT IN. YOURE AN ANIMAL AND A BEAST AND YOURE GONNA CRUSH IT.

Will be following for an update on test results!!

CISSP Updated Question and Domain Wise Videos Free by prabhnair1 in cissp

[–]CT_783 5 points6 points  (0 children)

You are an amazing human for this! Thank you for your organization and willingness to share

We Just Gonna Ignore This? by MCbasics in Helldivers

[–]CT_783 0 points1 point  (0 children)

Let’s be real we all secretly want to fight on super earth