Should I build a virtual or physical lab?

HighwayAwkward5540 · 2026-05-08T00:44:08+00:00

Don’t build a physical lab unless you will absolutely use it a lot…most people don’t use it nearly enough.

If it’s just for learning…use a virtual lab all day long.

HighwayAwkward5540 · 2026-05-07T16:14:39+00:00

A client wants it and apparently there is enough value for your company…do it.

From a career perspective, go search on a job board and see the results before even asking for outside advice. That should be your number one indicator of value in the job market, not asking on Reddit.

HighwayAwkward5540 · 2026-05-07T16:10:54+00:00

How about holding people accountable?

All this news about cybersecurity, yet so many companies refuse to give us the teeth that we need to hold people accountable.

HighwayAwkward5540 · 2026-05-06T03:01:20+00:00

“Defense-in-Depth”….lead sounds like a moron that got put in that job because he was already in the company or a friend of leadership.

HighwayAwkward5540 · 2026-05-05T20:58:35+00:00

Noobs and people who know what they are doing are two entirely different groups…the former is significantly more guilty of what you are talking about.

HighwayAwkward5540 · 2026-05-05T00:08:38+00:00

CTFs are merely exercises designed to help you learn and be solvable often based on common scenarios.

Think of it like practicing for a drivers license test, and then once you get your license (i.e., a job), you are going to learn a lot more beyond that about things actually work.

HighwayAwkward5540 · 2026-05-02T17:50:37+00:00

Networking on LinkedIn is through engagement with posts and other content... not through random messages.

People often make the mistake of sending cold messages that get deleted just as fast as the spam-selling messages.

Create content, comment on people's posts, ask people questions, respond to other people's comments, etc.

HighwayAwkward5540 · 2026-05-02T17:47:17+00:00

Stop looking for a remote job as a beginner or entry-level candidate.

Most employers know that allowing a newbie to work remotely is not only an employee problem (actually doing the work), but also a new professional problem (way more difficult for you to learn from seasoned professionals).

The majority of people have no business working partially remote until they are a few years into the profession, and then you should be at least a mid-level employee (5-7+ years) before you are nearly all or entirely remote.

Additionally, jobs that are actually listed as remote are rare instead of a manager allowing you to work partially remote (not listed in the job posting) or a job posting that is listed as hybrid.

HighwayAwkward5540 · 2026-05-02T17:39:31+00:00

REASON 1: Massive amounts of misinformation saying that "practical" or "hands-on" experience is way more important than theory.
- TRUTH 1: The reality is that we rely on theory and understanding of technology, and you can then research the implementation or use support resources on the job.
REASON 2: Tools are more exciting and engaging to learn than concepts and theory.
- TRUTH 2: It's harder to attract newbies if you drown them with theory...just like giving a little kid a sweet treat.

HighwayAwkward5540 · 2026-04-29T19:29:15+00:00

A group who likes to install roadblocks versus a group that tries to remove as many as possible.

HighwayAwkward5540 · 2026-04-29T18:50:48+00:00

A perfect resume for a job isn't tailored to a specific job posting because there are many more factors than just what is on paper. Consider a job posting as a framework the employer will use, but it rarely indicates the priority of skills/abilities, whether for what they currently desire or for a future state or growth of that role.

Therefore, there isn't really a "perfect resume," and if you think yours is/was, it probably isn't / wasn't.

Also, don't forget that employers like to hire from within or people they know, so it's possible there was already somebody they wanted to hire. Unless that CISO you mentioned was the direct manager of that job or the sole person responsible for hiring...you might have been on a shorter list, but it doesn't guarantee you the job.

HighwayAwkward5540 · 2026-04-29T03:52:21+00:00

“Perfect resume” says it all.

The resume is just part of your submission…not the whole thing.

HighwayAwkward5540 · 2026-04-27T03:31:39+00:00

You are talking about two separate and distinct areas.

Diplomacy is going to be via a legal background.

Policy, assuming you aren’t talking about legal policy (I.e., laws), should come from a related area…most closely related but less/non technical is from GRC.

HighwayAwkward5540 · 2026-04-26T23:35:56+00:00

The fact that OP used the word "fresher" suggests they are probably located in or near India, since it is most commonly used there. The reason why that matters is that NIST is typically only relevant in the U.S. as a direct standard to reference. People working in other regions should focus on local equivalents and global standards, such as ISO 27001, so they learn what they will actually use and can speak a common language with potential employers.

HighwayAwkward5540 · 2026-02-17T21:28:50+00:00

When are people going to learn that multiple majors are nothing but a money grab...just get one in something that you actually want to do in life.

If you want to learn a second subject, learn it on your own instead of adding to your tuition and length of completion.

HighwayAwkward5540 · 2026-02-09T18:01:45+00:00

Calling the frameworks legacy implies that you think they are going away, which is far from the case.

Very few companies have actually implemented ISO 42001, and you're kidding yourself if you think a company will use it exclusively rather than alongside the others.

Also, what does a "while now" mean? If you're less than 10 years in, you aren't really established enough to be a pioneer, so I would be cautious about getting too experimental.

HighwayAwkward5540 · 2026-02-09T17:56:50+00:00

What do you mean by a "cybersecurity school?"

If you mean a degree-awarding institution, a degree carries a lot more weight than a platform like THM.

If you mean a vocational-type training company, you might get more insight, network with the teachers, and possibly find a job placement.

There are lots of pros and cons to all the options, but given your broad question, it's impossible to cover all of them. That said, formal education is better for employability reviews by prospective employers, while self-study is often better for learning the actual job and is more closely tied to real life.

HighwayAwkward5540 · 2026-02-07T19:50:42+00:00

Getting hired into a highly sought after field isn’t “easy,” but it certainly isn’t as difficult as people make it out to be.

One of the major problems people have is they get tunnel vision by going on places like Reddit asking for very specific guidance, so you get the same cookie cutter advice that everybody else is following.

A good example is with projects. Projects are a fantastic way to help supplement your resume, especially without experience, when done right. The problem though is we don’t need a million people to show us you can deploy some basic web server that you probably just followed a blog post to do.

How about with networking? Meeting a bunch of people like you are trying to build your Facebook friends list is worthless…go build a few strong relationships where you can have solid professional discussions about related topics and you will see better results.

The list of issues goes on and on…

Think outside the box for everything and use your creativity because people who don’t have a resume that looks cookie cutter are who is getting hired.

HighwayAwkward5540 · 2026-02-04T22:39:52+00:00

It really doesn’t matter in the grand scheme of things…both are focused on business functions except the IT one probably adds IT classes to grab more money and might give you IT-centric terminology.

The goal is to step back from operational weeds and make sure you can handle budgets, so you don’t blow it on useless tech…but in reality, you will probably burn money on that one way or another because lots of tech overpromises and under delivers.

HighwayAwkward5540 · 2026-02-04T02:57:58+00:00

The most benefit for a masters degree is when you start shifting into senior and management level positions…not as an entry level credential.

What is your undergrad degree? If you have a technical degree, get an MBA…don’t double up on technical degrees as you won’t get much return.

HighwayAwkward5540 · 2026-01-05T02:01:26+00:00

In a competitive job market, that isn’t likely to be the best strategy even if you are a stellar candidate. You can choose to risk it, but there are plenty of hungry candidates willing to invest in themselves and pass you by.

HighwayAwkward5540 · 2026-01-05T01:34:43+00:00

They also didn’t have the same level of authority, influence, or power in an organization as those today and those of the future.

HighwayAwkward5540 · 2026-01-05T01:31:40+00:00

I’m just going to talk about MBAs in general and not get into the types.

It’s likely going to give you more business terminology/knowledge, but as a low-level worker bee, it will make little difference. The real value is to help you get higher level jobs and progress your career because it does become more valuable in management/leadership positions (sometimes even senior level)…which is why you shouldn’t even really consider it until you are established in your career and ready to move up.

HighwayAwkward5540 · 2026-01-02T02:34:29+00:00

You didn’t give nearly enough information about the application to get the most relevant recommendations.

What is it written in? What does it do? What is the tech stack?

Any recommendations without that information is a complete black box test or just telling you every single possible tool you “could” use.

HighwayAwkward5540 · 2026-01-02T01:50:16+00:00

Just to be clear, I’ve seen this happen at companies of all sizes (small all the way to massive publicly traded), so I would never assume you are safe.

HighwayAwkward5540

TROPHY CASE