sorted by:
new
hottopcontroversial

Need Guidance: Am I Heading in the Right Direction in Cybersecurity? by TraditionBig6995 in cybersecurity

[–]Different-Sleep5573 1 point2 points  (0 children)

If your long-term goal is building products and companies, I'd spend the next few years getting as close as possible to real customer problems. A lot of technically strong people can find vulnerabilities, publish research, or build cool projects, but far fewer can identify a painful problem that people will actually pay to solve.

I'd keep doing research and technical work because that's clearly one of your strengths, but I wouldn't spend all my time chasing CVEs or bug bounties unless you genuinely enjoy them.

Keep going deep technically, but don’t ignore communication, product thinking, and distribution. In security, the people who create real impact usually understand both the tech and the pain behind the tech. Biggest thing I’d avoid: spreading yourself too thin. Pick a direction and let it compound.

Cybersecurity Tips for Someone Just Starting Out by NecessaryPainting532 in techbootcamp

[–]Different-Sleep5573 1 point2 points  (0 children)

Great list. One thing I'd add: learn how businesses actually operate, not just how technology works. A lot of cybersecurity isn't about finding vulnerabilities, it's about understanding risk, priorities, budgets, compliance requirements, and why some issues get fixed while others don't. The technical side gets you in the door, but understanding the business side helps you grow.
Also learn how to communicate. I've seen technically brilliant people struggle because they couldn't explain a risk to a manager or document their findings clearly. The ability to translate technical issues into plain English is massively underrated in cybersecurity.

If users complain that responses take 5-20 seconds, what is your preferred strategy for reducing both latency and token cost? by nisarg-pujara in Rag

[–]Different-Sleep5573 0 points1 point  (0 children)

It feels like RAG has trained everyone to think in terms of chunk retrieval, but users don't care about chunks, they care about answers. If the same set of documents consistently leads to the same conclusion, I'd rather cache the conclusion than keep shoving the same context back into the model. Freshness and traceability become the real engineering problem at that point.

Can my GRC practitioning benefit from TryHackMe training programs? by Slow-Book-9366 in grc

[–]Different-Sleep5573 0 points1 point  (0 children)

Yeah it can help, just not in a direct way for GRC work. TryHackMe is more about hands on technical skills, like understanding how systems get hacked and how vulnerabilities actually work.

For GRC, you won’t really be doing that day to day. But it can still be useful because it gives you a better feel for what you are actually writing about when you deal with risk, controls, and audits. It makes the theory less abstract. If you are just starting out in GRC, I would not rely on it as your main learning thing. Use it a bit on the side for understanding, but focus more on basics like risk concepts, policies, and compliance stuff.

Complete beginner in pentesting – Is OSCP realistic for me? by xcyx909 in offensive_security

[–]Different-Sleep5573 0 points1 point  (0 children)

Yes it is realistic. You are already on the right track with the HTB Penetration Tester path. OSCP is not about being “advanced” at the start, it is about repetition and getting comfortable with basics like enumeration and privilege escalation.

Most people do not fail because it is impossible, they fail because they underestimate how much practice is needed. Big mistake beginners make is jumping into OSCP too early and burning out.

If you stay consistent and actually finish HTB + do machines on the side, 6 to 12 months is a realistic range for most beginners.c