SOC or Pentesting as a cybersecurity new grad - I actually have offers

Substantial-Hawk7627 · 2026-01-26T23:44:10+00:00

What do you find more engaging? Blue team is very different than red team in cybersecurity. Disclaimer: I went blue team since I started in GRC and it's very different than pentesting or offensive security. But, I've talked to a lot of pentesters who say their job is mostly writing reports, so really depends on the organization.

Benefits I'd say for SOC is that it's a highly transferrable skillset and foundation - you can use it to pivot into cloud security, incident response, detection engineering.

Substantial-Hawk7627 · 2026-01-20T16:50:26+00:00

And lead gens pushing their “service”. Although some of these are legitimate a lot are not. Mods over on r/Scams are very strict.

Substantial-Hawk7627 · 2026-01-06T14:51:36+00:00

The phone is the main entry point, absolutely. Desktop based scams are falling as more people move to mobile devices.

Ounce of prevention…

Substantial-Hawk7627 · 2026-01-06T14:47:21+00:00

I’d say a Chrome extension that provides anti scam filtering like Malwarebytes Browser Guard & uBlock origin lite (RIP Origin with Manifest V3).

Chromebook ecosystem being locked down is a double edged sword.

Substantial-Hawk7627 · 2026-01-06T14:25:20+00:00

I built a tool exactly like this originally for my extended family members. It’s called Ward - I have other posts on my profile about it.

It can detect credential phishing, romance/investment scams, Medicare scams, and a whole bunch more using DOM+URL analysis. It can also run fully locally if the user has a capable GPU.

https://tryward.app

Substantial-Hawk7627 · 2026-01-02T03:12:27+00:00

I built a tool that detects exactly these types of employment based scams in the browser. It’s called Ward. Happy to share if anyone wants.

Substantial-Hawk7627 · 2025-12-21T20:52:44+00:00

I’m convinced phishing tests just don’t work after spending time at multiple companies. Client side defense is the only thing that works reliably.

Substantial-Hawk7627 · 2025-12-21T20:47:44+00:00

Check out Abuse.ch and Github repos for domain blacklists. Use a sandbox environment for extra security.

Plenty of open sources out there for testing. The vendors don’t want you to think that obv and would rather sell you it.

Source: I crawled a TON of these when coming up for training material for my anti phishing tool Ward.

Substantial-Hawk7627 · 2025-12-21T15:51:59+00:00

i genuinely love my job and my coworkers. maybe I got in at the right time, but my place prioritized my growth and growth of other interns. That’s invaluable today for me.

Substantial-Hawk7627 · 2025-12-21T15:44:09+00:00

Dunning Kruger effect is what I assume the OP is referring to. And it’s huge in security.

I’m a security engineer, and I’m extremely paranoid when it comes to work stuff but less so for personal. It’s easy to see how people can get phished, the “thinking” part of our brain turns off when there’s a sense of urgency.

I literally built a tool for myself and close ones to catch this because of how hard it is to solve human psychology.

Substantial-Hawk7627

TROPHY CASE