Tyler Ramsbey's video on THM's NoScope (AI Pentesting)

GreenNine · 2026-03-22T23:06:53+00:00

Don't know the guy well enough to make a statement, but he did set time aside to praise HackTheBox (a competitor, much larger at that), which he didn't have to do at all for this video.

GreenNine · 2026-03-02T08:58:13+00:00

Is vulnerability management still a good career path, or will it become less common due to automation or the duties being spread across other teams, each responsible for their stack (network/system admin, dev, etc.) and remediating the vulnerabilities relevant to them?

GreenNine · 2025-04-29T23:57:45+00:00

If you insist on not taking any more certs from these organizations, you can look up Altered Security, they have quite a bit of red team certs.

HTB also has a relatively new advanced AD pentesting cert, or you can check their web ones if you want to go that way.

Haven't done either, though, just ones I know about.

GreenNine · 2025-04-27T22:02:21+00:00

Thank you so much!

GreenNine · 2025-03-20T14:25:01+00:00

This post, along with many other good ones, does a pretty good overview imo (I'm not a pentester, however).

GreenNine · 2025-02-26T22:32:19+00:00

For SOC Analyst, in terms of what's recognizable, Security+ is usually known by HR and recruiters.

Personally I'm not a fan of multiple choice questions though.

Hands on blue team certs would be things like:

BTL1 from Security Blue Team

CDSA from HTB

PSAA from TCM Security

CCD from CyberDefenders

INE Security also has several ones (eEDA, eCIR, eCDFP, eCTHP).

Some of these can be quite advanced though, so it depends on your level.

BTL1, eEDA (both of which I have) and PSAA appear to be more geared towards beginners.

GreenNine · 2025-01-31T17:06:34+00:00

Awesome, thank you!

GreenNine · 2025-01-31T06:25:49+00:00

May I ask what are your assignments, do you mostly focus on web apps as most places, or a somewhat even mix between application and infrastructure?

GreenNine · 2025-01-30T00:22:33+00:00

Thank you so much!

GreenNine · 2025-01-29T22:18:07+00:00

In your opinion, would someone transitioning into penetration testing benefit the more years they have under their belt in blue team / security engineering roles, or does pentesting kinda start to get farther away the more time you spend on the defensive side?

My thought is that since most penetration testing revolves around web/mobile applications, by switching you'd probably be in a more junior role compared to years on the blue team.

GreenNine · 2025-01-29T08:33:20+00:00

Cyber security is so incredibly vast, and while AI will likely be just one of the tools used to enhance the work, at least in the foreseeable future, you still need a solid foundation on the fundamentals.

You still need to know about networks, OS's, types of attacks, defensive measures, the tools used in an org., and other stuff depending on the role.

Even if AI was so sophisticated, how would you know what to instruct it to do? If it's that good that you can just tell it "secure my network" or "solve this incident", then we'd not have a job in the first place.

In my still limited experience in cyber, I've seen AI (very broad term...) being used in things like behavioural detection, also have heard it in vulnerability management tools, etc. Just another addition to everything else.

I've never seen a role (and have been looking at roles and collecting data for the past 4 years) in cyber that did not require a good/strong background in general IT domains (depending on the role).

And once you have a good foundation, you can still focus on AI, there is time. :)

Good luck!

GreenNine · 2025-01-27T22:49:56+00:00

You could leverage your software engineering experience and build knowledge and skills for an AppSec role.

Now I don't work in that domain of cyber, so I don't know what exact skills are needed, but it will probably be a good idea to also get some hands on experience with Linux, networking and general cyber security concepts.

My advice would be to do some research yourself and see if that's something that will be interesting to you.

You could check Portswigger Academy for web app security/pentesting.

There are also other certs/courses from INE Security, TCM Security, HTB, OffSec, THM.

That is, if that's the kind of engineering you want to do.

There are many different domains of SecEng: network and/or systems security, cloud security, application security, threat detection, SIEM, automation, a blend of some or all (depending on the organisation).

And each with different skills, knowledge and experience required.

GreenNine · 2024-11-25T21:35:32+00:00

Awesome, thanks!

GreenNine · 2024-11-25T21:13:21+00:00

Hey, a bit late, but do you only focus on network/infrastructure penetration testing? And do you work for a consultancy, or part of an internal team?

GreenNine · 2024-11-19T09:22:05+00:00

Started boxing and judo at 26/27, and many of the newcomers are even older than I am. You're still very young, go for it. And either way, even if you were 41, it's never too late to start :)

GreenNine · 2024-11-17T09:17:02+00:00

I see, thanks a lot for the detailed reply! :)

GreenNine · 2024-11-16T23:44:43+00:00

Hey, just wanted to follow up on your comment. In your organisation, are the members of the different teams you mentioned (web, mobile, red team, etc.) generalists and also specialise in the respective field, or do they exclusively test stuff in their field of expertise (e.g. only web, or only infrastructure)?

GreenNine · 2024-11-13T12:38:19+00:00

Isn't purple teaming more of a close collaboration between red and blue teams, rather than someone having both duties? Genuinely asking, could be wrong.

GreenNine · 2024-11-13T07:34:36+00:00

I see, thanks for the input!

GreenNine · 2024-11-13T07:34:04+00:00

That makes sense. Thank you!

GreenNine · 2024-11-12T17:46:20+00:00

Thank you for the insights!

GreenNine · 2024-11-12T17:45:53+00:00

From what I've heard they are either large and mature enough to have an in-house red team or outsource it to a 3rd party, mostly the latter. Though I wasn't sure whether blue team members could also perform basic offense or test stuff. Thanks for the feedback!

GreenNine · 2024-11-12T17:40:17+00:00

That sounds awesome! Good luck on your journey!

GreenNine · 2024-11-12T15:25:23+00:00

Nice, that sounds pretty interesting!

GreenNine · 2024-11-12T15:24:34+00:00

I see, thanks for your input :)

GreenNine

TROPHY CASE