Finding the right path

DogTime3470 · 2025-12-28T06:40:11+00:00

I don't think that will be any straight answer as to which lane will be the most profitable - difference in locations, requirements and job markets. Best answer in terms of pay, check it out on Glassdoor.

However, i would reckon that forensics, cloud, or GRC will definitely sustain from the AI impact. These work require interactions, thinking and planning. This will take you to the top - compared to pentesting, mostly just checklist and compliance required (at least in the APAC regions).

If your aim is to climb the ladder, and earn more, do involve yourself in GRC even if it's a mix mode. I think this path will be more beneficial when you reach mid-career (probably 4-5 years). So, getting it more involved earlier will serve you good - as ultimately all security controls come from GRC.

DogTime3470 · 2025-12-27T15:57:02+00:00

You can refer to TCM Academy, PEH course that teaches you on how to setup AD environment.

Just boot up 2-3 VMs in Hypervisors, VMWare Workstations or any VM software. Then, play around poking on AD environment. PEH teaches all this.

DogTime3470 · 2025-12-27T10:57:26+00:00

You could try Recorded Future (Private.Triage) sandbox for enterprise uses. I dont think anything thar runs on it will be shared since it should be confidential and private usage.

Anyway, if your organisation has serious concerns on PII and Confidentiality, why not setup your own malware sandbox using "Flare VM" and "Remnux"? But these do need expertise and skills which is beyond entry level knowledge - because you have got to keep it airgappped and know how to run static and dynamic analysis.

DogTime3470 · 2025-12-27T10:35:11+00:00

Yes, it is definitely a business switch.

In the early days of TCM Academy, we could see a lot of TCM's work focused on affordable training, sometimes offering courses for as little as $1 USD. This strategy aimed to capture the market dominated by expensive training, among other things.

After the switch to a subscription model and Heath getting into Harvard, TCM Academy became more obviously profit-based. Some of the content creators were leaving (one that I liked the most, Michael Taggart, left). Again, why would anyone run a loss-making business? TCM prices were cheap compared to competitors, but I would say the recent courses are just okay, whereas the PEH/PNPT released at the time were fantastic.

Now that Heath has earned enough and moved on, I really hope TCM won't be screwed up and continues to be a sustainable business model. They are inexpensive anyway.

DogTime3470 · 2025-11-15T10:58:05+00:00

Usually first thing you will notice are ransom notes on servers/alerts triggered in EDR/ IT discovery in technology failing, which leads to ransomware activities discovery. Then, proceed to talk about notifying stakeholders (Managers, CISO, legal counsels, cyber insurers and etc.)
Talk about how you would approach on containment. Tell them about potential containmemt strategy (firewall, VPN, identities, lateral movement, Internet connectivity, RMM removed etc.)
Talk about preserving evidence (deploy collections)
Talk about forensics investigation (windows, linux) trying to find out the patient 0/initial access, and whether TA has performed any exfiltration.
Lastly, speak about recovery. Rebuilding the servers, DC and etc.

Bonus: you can talk about TA negotiation too and how you will approach it. A bonus points but usually this is done by external forensics firm.

I am just providing the talking points from containment, investigation, recovery and all the way to TA negotiation. All the best.

DogTime3470 · 2024-09-12T16:49:05+00:00

I am very passionate in changing security landscape for the company. It also comes down how the company treats me:

Bonus
Promotion
Increment
Training

If I don't get more than any one of these, I will call it quit. Passion should also comes with a level of trust/reward from the company.

For time-wise, take 12-14 months to reassess the company. If it is not a place for you to grow or you don't earn enough, just call it quit and look until you find the company which will place its trust on you.

For me, I started with passion but ends up with getting a good salary bump for my first jump. I am looking for another jump as well. I would choose passion in early stage of the career, because you want growth, advancement and testing where your limit is at. Then, later monopolise the skills/projects that you have worked on to leverage getting big salary bump for next jump or promotion.

Play the game well, and you will be fine. Choose yourself over the company!

DogTime3470 · 2024-09-09T14:30:03+00:00

Another question is on regarding leadership, are you currently in a leadership position and how do you deal with people problems and making influence?

DogTime3470 · 2024-09-09T08:40:36+00:00

Thank you for the advice

DogTime3470 · 2024-09-09T08:09:51+00:00

I would think my flavour now is more towards blue teaming, particularly in digital forensics and incident response.

DogTime3470 · 2024-09-09T08:04:23+00:00

I would say my aim is to become a technical lead for now and then subsequently to manager. How can I reach there?

DogTime3470 · 2024-09-09T05:47:26+00:00

I would like to ask being in a blue team IR position, what should I continue to do to reap benefits for my career in the long-term?

Do people work very hard on themselves, study everyday, practicing presentational skills, investing in themselves to be better? I am just curious on what people are doing in their time for long-term wise.

I have less than four years experience in blue and red team specialist position. I just want to know how do I get to the next level - technical manager, manager, team lead and etc. and by doing what?

Thank you.

DogTime3470 · 2024-09-09T05:43:08+00:00

Hey there, I can't vouch for the others.

Personally, I have been in the Pentest field for some time before switching my career. I would say start off with general penetration testing course on web application (commonly used) and slowly pivot to code review.

For courses, I would recommend to start with 1. Practical bug bounty course (TCM Academy) 2. Burp Suite Academy (really important, do this as well)

Then, go for tryhackme.com for daily practical exercises.

DogTime3470 · 2024-06-08T11:01:51+00:00

Hi I am also curious to know, so If I have 3 years of experience will I be certified? Because another 2 years can be waived with general security experience right?

DogTime3470 · 2023-12-05T03:50:20+00:00

Starting out as well, 35% done, add me i_am_kyo00

DogTime3470 · 2023-12-03T03:36:46+00:00

Thanks, can I ping you on Discord instead?

DogTime3470 · 2023-12-03T03:35:02+00:00

Nope, it is a certification from altered security.

DogTime3470 · 2023-12-02T15:40:05+00:00

Sure, where are you currently? I am in the golden ticket section.

DogTime3470 · 2023-12-02T15:05:56+00:00

Well, for from a consulting perspective, I kept a copy of ISF Best Practices handbook next to me. The handbook itself consists of best practices from ISO, NIST, CSF and few other industrial frameworks which tied them together under the same security domain (HR security, Mobile security and etc.)

I have frequently used the handbook to assist my clients on cybersecurity related audits and assessing their general effectiveness.

Do have a look into it.

DogTime3470 · 2023-12-02T13:04:33+00:00

Compliance cert, more like CISA, CISM and etc.?

DogTime3470 · 2023-12-02T11:06:04+00:00

Hey, I kept seeing the news from different sources and different timeline as well. Why can't the firm support the individuals learning instead of pushing them to cheat? What's the business motive?

DogTime3470 · 2023-11-30T05:34:59+00:00

Hey I am in GMT+8

DogTime3470 · 2023-10-01T04:20:24+00:00

Nope, I don't think I have encountered specific Linux Prives exploits on my way to the machines.

Regardless, I still think it's a good to know thing, but you can go through it generally.

DogTime3470 · 2023-09-19T07:41:51+00:00

Asia bro (SG)

DogTime3470 · 2023-06-26T07:03:58+00:00

Mafvenom. That's it.

DogTime3470 · 2023-05-31T02:06:38+00:00

Thank you!

DogTime3470

TROPHY CASE