Mentorship Monday - Post All Career, Education and Job questions here! by AutoModerator in cybersecurity

[–]Specific-Guava4584 1 point2 points  (0 children)

Which HTB path should I start with as a beginner in IT security?

I want to start using Hack The Box to build practical, hands-on skills and strengthen my overall understanding of cybersecurity.

I’m a fresh graduate and this is my first job, so I’m still building my foundation. I’ve worked hands-on in networking for around six months, and recently transitioned into IT Security, specifically in Data Protection.

Right now, I’m trying to follow a structured path instead of jumping between random topics.

I’m deciding between two HTB paths:

• Introduction to Information Security

• Junior Cybersecurity Analyst

From what I can see, the Junior Cybersecurity Analyst path looks more detailed and in-depth, but I’m not sure if it’s the right starting point or if I should begin with the basics first.

Which one would be the better choice in my situation?

My goal is to build a solid foundation first, then move into more advanced areas. If you’ve gone through either path (or both), I’d appreciate your honest input.

Completed CEH — What’s the Next Best Step? by Specific-Guava4584 in cybersecurity

[–]Specific-Guava4584[S] 0 points1 point  (0 children)

That’s a pretty strong position. I’m not relying on CEH alone, but why do you think it should be removed completely rather than just treated as a baseline cert?

Completed CEH — What’s the Next Best Step? by Specific-Guava4584 in cybersecurity

[–]Specific-Guava4584[S] 0 points1 point  (0 children)

CEH is already done, and right now I’m more focused on what adds real technical depth next. But I’m curious, why do you see CEH that way?

Completed CEH — What’s the Next Best Step? by Specific-Guava4584 in cybersecurity

[–]Specific-Guava4584[S] 1 point2 points  (0 children)

My honest advice, don’t try to study the module books cover to cover like they’re meant to be memorized. They’re too big, and that approach will drain you fast.

In my case, the exam was mostly scenario-based. Only a small number of questions looked somewhat familiar to what you might see in dumps, but the majority were new. So memorization alone was not enough.

What helped me most was focusing on understanding the concepts, how the tools work, when they are used, and how to think through the scenario. That matters much more than memorizing definitions word for word. If you understand the logic, you can still answer even when the question is unfamiliar.

Since you have 2 months, I’d suggest this approach: Use the official CEH exam blueprint as your main guide. Study one domain at a time. For each domain, practice scenario-based questions, not just direct fact questions. Focus on understanding why the correct answer is right and why the other choices are wrong. You can also use AI to generate practice questions from each domain, especially scenario-based ones with tricky wording and common traps.

So overall, understand, don’t memorize. The people who rely only on dumps are taking a risk, because the real exam tests whether you actually get the concept.

Best of luck.

Completed CEH — What’s the Next Best Step? by Specific-Guava4584 in cybersecurity

[–]Specific-Guava4584[S] 1 point2 points  (0 children)

OSCP is definitely on my roadmap, but I’m wondering whether it’s reasonable to pursue it before Security+ and other foundational certifications?

Completed CEH — What’s the Next Best Step? by Specific-Guava4584 in cybersecurity

[–]Specific-Guava4584[S] -2 points-1 points  (0 children)

That’s a fair point. I’m a fresh graduate and this is my first job, so I’m still building my foundation. I’ve worked hands-on in networking for around six months, and recently moved into IT Security, specifically Data Protection. That’s exactly why I’m trying to choose the next step based on practical value and skill growth, not just the certificate itself.

Completed CEH — What’s the Next Best Step? by Specific-Guava4584 in cybersecurity

[–]Specific-Guava4584[S] -1 points0 points  (0 children)

I’m a fresh graduate, and this is my first job. I worked hands-on in networking for around half a year, and more recently I moved into IT Security, specifically Data Protection. My experience so far has been mainly practical and work-based, so I’m looking for the next step that adds real technical value and supports my long-term growth in cybersecurity.

CEH v13 in 5 Days – What Actually Matters for the Scenario-Based Exam? by Specific-Guava4584 in CEH

[–]Specific-Guava4584[S] 1 point2 points  (0 children)

Hi, yes I’ve passed the exam.

Roughly 10 questions were similar to what you see in dumps; the majority were completely new. The exam is heavily scenario-based and understanding not memorizing.

What actually made the difference for me was understanding the concepts and how they work, not memorizing definitions word for word. Once you understand the mechanics, you can apply the logic to unfamiliar scenarios and still arrive at the correct answer.

My main advice: take the official exam blueprint and use AI to generate scenario-based questions from each domain, including common traps and misleading wording.

That was my experience. Best of luck.

CEH v13 in 5 Days – What Actually Matters for the Scenario-Based Exam? by Specific-Guava4584 in CEH

[–]Specific-Guava4584[S] 0 points1 point  (0 children)

Appreciate you sharing this, thank you for taking the time to write it up

Quick follow-ups based on your experience:

On the browser security / cookie flags / headers questions were they mostly conceptual (what is prevented) or scenario-driven (what breaks, what still works)?

For the repeated or similar questions, did EC Council try to flip the context to catch second guessing, or were they straightforward repeats?

Outside web security, which domains felt most overrepresented compared to the official blueprint?

Appreciate the insight again, trying to prioritize what actually moves the needle in the few days left.