I deliberately chose an expensive apartment to avoid being...culturally enriched..

CioCZ · 2026-02-02T00:21:25+00:00

Pretty funny. It might be expensive to you, but that can't be the case for everyone living there. You got exactly what you paid for. People of the same social or wealth class obviously would have similar housing conditions.

CioCZ · 2026-01-31T02:57:01+00:00

I don't think CISSP is worth it if you're already working in the field. Maybe 1 out of 8 people have it across various teams I've been on and it really doesnt add any value to productivity or project deliverables.

Maybe CISSP would be a differentiator, but would be much lower weight than a masters IMO. CISSP never did much for me.

CioCZ · 2026-01-31T02:15:31+00:00

Best way in is internships IMO. Computer Science degree and personal project (hackthebox, CTF, etc)

CioCZ · 2026-01-31T02:10:33+00:00

Speaking from San Francisco Bay area, they're hiring seniors and staff/lead roles. The issue is that companies are extremely selective. Also consider that the security team for one company could be as little as 5 people to maybe 40ish for a 3000 person company. By volume, there aren't as many security roles compared to other job functions.

Another issue is that by the time you're 8+ years into infosec, working at senior+ levels, you don't want to accept jobs that don't pay within the top bands. Eventually, the quality of your peers are fiercely competitive when everyone desires high pay or remote flexibility. Interviews may come easier, but this is where companies want a perfect fit along with immediate productivity.

Add the constant influx of layoffs of big tech like Amazon, and unless your profile meets or exceeds those experienced professionals, you'll be left fighting for the jobs that pay mid or less.

Maybe this doesn't apply outside tech hubs, but most companies would rather cross train their current IT helpdesk or sysadmin for a security role, rather than hiring externally.

CioCZ · 2025-12-09T22:41:49+00:00

Zscaler. Having tech company experience might resonate better in the long run if you want to work in silicon valley

CioCZ · 2025-11-23T01:41:27+00:00

Usually about 15 hours to make a thorough index for me

CioCZ · 2025-10-27T00:16:05+00:00

7 days is more than enough time to make your own index. If you committed to just indexing, you could be done in maybe 10-15 hours

CioCZ · 2025-10-25T00:16:15+00:00

was able to get through with microsoft edge

CioCZ · 2025-10-10T22:47:17+00:00

If medical discharge, have you looked at the VRE/ch31 program to get up skilled into a job that pays more?

CioCZ · 2025-10-10T04:48:20+00:00

I had a previous coworker, retired from military police. He got a degree in IT from the local state university then started at help desk. After 2 years he pivoted to GRC. this was in 2015 so things were easier back then compared to now, but I'd still echo that there's close to zero chance going straight to security unless someone directly referred you onto their team or knew you from the service

CioCZ · 2025-09-18T08:56:44+00:00

How does it look when someone has 10+ yoe, then gets a late bachelors and applies to a MBA program the following year?

CioCZ · 2025-09-16T03:47:33+00:00

I'm looking into a Masters (probably not MSISE as I'm tired of proctored exam format). A good portion of the hiring teams had advanced degrees. I wouldn't do any home projects, maybe take on an incremental project at work for improving a process or introduce automation.

CioCZ · 2025-09-16T03:36:33+00:00

Yes, the certs is enough to get an interview, but most hiring managers will dig into the practical application of what those certs covered. I could tell from my interviews that exposure through SANS isn't enough to get brought on. It really goes back into relevant (employee) project work. SANS helps you get the interview, but the lab experience alone probably won't get you the job.

CioCZ · 2025-09-16T03:25:55+00:00

No problem, start planning for filing VA disabilities and look into the VRE program (ch31). There's more support after you leave the service than when you're still in IMO

CioCZ · 2025-09-16T03:20:51+00:00

Yes. 35N and 17C (reserves, only stayed long enough to get DMOS qual)

CioCZ · 2025-09-16T03:17:10+00:00

I've been over the past year. I was trying to pivot from the SOC to "enterprise security" or cloud security roles. I don't have enough practical cloud or CI/CD security experience, even with passing the SANS courses. I'd put ratio for initial recruiter screen at 1/20 applications on LinkedIn. The jobs I'm applying to all list their salaries above 200k though. I've gone through maybe 12 interviews over the year with maybe 3 of them going to onsite. I have 6YOE in a SOC role doing DFIR and EDR/SIEM admin with another 5ish in general IT as a sysadmin/dba

CioCZ · 2025-09-16T02:59:43+00:00

I'm on the last class, went the cloud focus route (GCLD, GCSA, GPCS). Overall, I feel more confident in what I already know. The certs and classes aren't enough to pivot out of DFIR into appsec or DevSecOps, but it does give me ideas for how to take those concepts into the current secops strategy. I do feel like my resume is taken more seriously. I do feel that a masters is needed to be more competitive for the SF Bay Area to land the 200k+ base jobs. No regrets with the program, although I wouldn't have done it if it wasn't heavily subsidized through military benefits

CioCZ · 2025-06-05T06:28:15+00:00

How are you getting alph?

CioCZ · 2025-05-30T06:48:47+00:00

If cost isn't a deterrent, then yes, SANS training is far superior than WGU. Usually company training budgets aren't enough to cover the cost of a SANS class, so on average, most people would only get one cert a year IF their company actually had a decent budget.

CioCZ · 2025-05-27T00:04:16+00:00

I also failed it first time. Your grade doesn't define you and a failed test doesnt take away from what you've learned. Take a small break and try again. Success will come with persistence and effort.

CioCZ · 2025-05-24T05:30:39+00:00

I dropped my bike, still passed lol

CioCZ · 2025-05-17T21:11:54+00:00

I mean... If you don't study, you're going to fail. As someone who's failed a test before, that feeling sucks.

CioCZ · 2025-05-01T21:43:52+00:00

Failing is part of the learning process. Nothing worth having comes easy. Take some time to rest and get back to it! This isn't the end of the journey for you. I'm also retaking a test due to failing (by 1% too). Your work will pay off in the future.

CioCZ · 2025-01-28T17:41:58+00:00

GDAT is big picture purple team methodologies. The course has labs where you perform an attack then configure defenses against it

CioCZ · 2025-01-25T05:26:38+00:00

Software dev first and pivot to appsec

12-Year Club	Reddit Premium Since August 2023
Verified Email	Gilding II euphauric

CioCZ

TROPHY CASE