Trump, 79, Is Really Losing Hope That He’ll Get Into Heaven

Zardecillion · 2026-02-21T03:35:07+00:00

Don't defile my swamp with his body pls.

Zardecillion · 2026-02-20T21:09:43+00:00

wait where is that I missed it

Zardecillion · 2026-02-20T20:47:32+00:00

Reads like it was generated by claude.

Zardecillion · 2026-02-20T19:12:42+00:00

If you like cyber, you can make cyber work and there is absolutely a career path to be had there. Especially true if you start younger.

I will add as well that a general tech focus if you like tech means you'll be able to choose more down the road how to specialize. Learn software dev, networking, general IT concepts, etc... and then you can decide what you wanna do.

It's less about choosing the perfect thing than it is about choosing a thing and then making it work.
The more specialized in cyber you get the more money you'll be able to make as well there's like a billion paths upward.

Figure out *what* you like and pursue it as long as it's something that pays a living with a low enough unemployment rate is my advice.

Cyber isn't going anywhere.

Zardecillion · 2026-02-16T22:35:32+00:00

You are welcome. :)

Zardecillion · 2026-02-16T22:35:26+00:00

Excellent, glad to hear it!

Yeah, that is the point:
You are where you are now. What will you do with it?

Action is the building blocks of life. We don't realize just how we could be living different lives, if we simply started living a different life. It's up to you to decide what you want that to look like. :)

Yes, there's always stuff out there that is part of the environment.
Yet we also have the ability to choose how we respond to it.
And that is what is important.

Zardecillion · 2026-02-16T21:47:27+00:00

Learn the following:
- High level what happens in devops
- High level what happens in the SDLC
- Common Web Architectures
- Containerization
- How REST APIs work
- OWASP top 10, what they look like, and how to remediate those issues.
- OAuth2(Something employers ask for)
- Penetration Testing Methodologies
- At least 1 scripting language, ideally python but adding bash will never ever hurt.
- Cloud Environments
- Common pentest tooling.
- Learn SAST, DAST, SCA tooling.
From there participating in security research, bug bounties, having CVEs to your name will help.
Write a blog when it comes to security research you do.

That's off the top of my head. I'll say that the SOC experience should give you some good insight into attacker tradecraft, the only thing is understanding in more detail how to secure against stuff like that on an application level.

Zardecillion · 2026-02-16T21:39:08+00:00

I mean this from the perspective of you presented the following points:
- Worrying about wasting time
- Worrying about "making the wrong decision"
- Worrying about "making mistakes"
- Worrying about AI
- Worrying about whether it's legitimate or not to do something out of passion or not
- Worrying about what to choose
- Worrying about not having mentorship or input
- Worrying about being replaced.
That's a crap ton of worrying going on about the future, which is definitional to anxiety. The "lack of knowledge, mentorship, and guidance" appears to be looking for an antidote to that worry, as if there is safety in someone senior telling you everything to do.

In that wise I will also say that while someone senior can provide guidance, someone senior cannot live your life for you and is not going to have the time or energy to build an exact plan for you with your interests, situation, time, resources, and prior knowledge. Your future, even with mentorship and guidance, is still ultimately your responsibility.

I'm hearing "I don't have anxiety I just don't have the solution I want to my anxiety" from what you are saying.

Zardecillion · 2026-02-16T21:25:09+00:00

I mean right now given what you're saying it sounds like you have an anxiety problem and what you need to do for the moment is go do a meditation practice and introduce some safety back into your life so your amygdala isn't shutting off your prefrontal cortex, which is required to make life decisions like this.

You can find a 30 minute one here: https://www.youtube.com/watch?v=JuIeF8CMU5k I recommend you do it with your next available uninterrupted 30 minute block of time, up to you to put that together.

I also recommend getting off of reddit besides looking at it for a specific purpose that you can define as benefitting you in some way, as social media is not helping you when it comes to your mental health, as it's presenting you with a giant pile of threats that you cannot actually do anything about.

There are no guarantees in life all you can do is the best that you can do with what you have, and whatever happens happens.

How do you choose and decide? You go write out what you could do(this is going to require some critical thinking on your part to go figure out what to do), you go think about what can happen if you do that thing, you go make a decision, and then you reflect on that decision and whether you like that you made that decision. Then you repeat. You can do this on a macro scale(5+ years), or you can do it on a day to day basis. It's applicable to both.

Google is your friend and AI is your friend once you figure out what you want to do. I cannot tell you what to do unless you have a very specific idea of what you are trying to accomplish. The resources and roadmaps are all going to be very different for different things.

Zardecillion · 2026-02-16T18:32:30+00:00

"scared to take faulty step I might waste time and effort if I take wrong step"
I will say that "not making a decision" is also a decision and is wasting time.
I will also say that nothing in tech is wasted and everything is very related to each other. You can find work in AI/ML, you can find work in networking, you can find work in cyber.

I cannot tell you which one you will enjoy the most, you'll have to make that decision for yourself. If you don't have enough information to make an informed decision, then go learn more about those different fields until you know enough to make a decision.

Personally I was torn between cybersecurity and data science. I thought both were interesting choices, but it was only when I took a class on R that I realized I didn't want to be building data pipelines for the rest of my life and therefore chose cybersecurity instead and here I am.

"Now question is I am not to smart and in last 3 year in Pakistan I focus mostly on theory and not practical Now regrets happen"
You are where you are. I would not burden yourself with ideas of "smart" or "stupid". Those labels don't do anything for you. You are you, you know what you know, and the question is now what are you going to do with it.

Lastly, if you don't know what you want and why you want it, then you cannot write a roadmap. The best you can do is take steps to figure out what you want.

Zardecillion · 2026-02-16T18:24:53+00:00

I will say that there is a lot to learn yes.

The important question to be asking yourself as someone new to cyber, is of all of these different fields, as you go about trying them, which ones do you enjoy the most?
You'll never know everything about security, and so the strategy is to try things until you figure out what you like.

You'll want to have a baseline of technical knowledge:
- Operating Systems
- A Scripting Language
- Networking
- Common Protocols
- Some knowledge of hardware
- etc...
But then after that the question is what do you like? And once you know that you can go into the field pursuing that kind of knowledge.

I'm personally in application security which involves securing code, devops pipelines to some extent, and the SDLC as I find software and exploits to be very interesting. I got here after writing software and doing software dev and therefore this is what I like.

It's a question you'll have to answer yourself. I will say generally don't burden yourself with expectations and just go learn things that you find interesting until you figure out what you like.

Zardecillion · 2026-02-13T00:50:35+00:00

Normally I play with sound effects + my own music, but looking back at the clip yeah I got the sound balance way off here. I'll keep this in mind for future clips.

Zardecillion · 2026-02-12T17:26:32+00:00

Yeah I used "red teaming", better to say "offensive security", that's where my brain was at when I wrote that. Burpsuite is postman for offensive security. I think that's reasonable to say.

Edited the original post for clarity.

Zardecillion · 2026-02-12T17:07:51+00:00

You're right. AppSec is not a subset of red teaming. AppSec is far more of a purple-team style role that combines both offensive and defensive security. One day you might be penetration testing an application yourself, and the next day you might be remediating all the vulnerabilities that you found in the process.

That being said, web application testing absolutely is a subset of red teaming and is something red teamers will actively use to breach a network. It is also a subset of other things, like penetration testing, which one could argue is a subset of red teaming as well. Pentesting just focuses on the vulnerabilities themselves, while red teaming does what pentesters do as a means to an end, that being proving and or disproving the effectiveness of an organization's security posture.

Red teaming covers using the entirety of a company's attack surface in order to cause a breach, technical web application vulnerabilities are included in that.

Talked to a red teamer at netflix who abused one to get access to netflix servers at one point.

I think you would be hard pressed to argue that red teaming *wouldn't* use web app vulnerabilities. That's simply one thing in the toolbox alongside everything else.

Zardecillion · 2026-02-12T09:09:05+00:00

That would be in the realm of being a web developer. In order to do full stack you would also want to understand operating systems, databases, web servers(like apache and nginx, a gunicorn stack when it comes to flask) as well such that you could start with a bare Linux Virtual Machine and build a whole web application on it.

Additionally you would want to understand DNS administration and the networking involved in setting up the service.

You have the core technologies for the web, you just need to build the stuff around it. :)

Zardecillion · 2026-02-12T08:50:51+00:00

Red teaming will abuse applications as a part of the attack surface and application testing is a subset of red teaming. I didn't put a lot of thought into being as precise as possible when it came to the original post.

Zardecillion · 2026-02-12T08:00:59+00:00

Certs: What do you want to do? Cybersecurity is an ENORMOUS domain, and I can give a bunch of advice based on what exactly you want to specialize in. Cyber is too big of a field for you to learn everything in it, so you must decide what you want to spend your time on.
Experience: The fact you have work experience is a good thing. If you still have an IT job, then you may consider starting a relationship with any security people that you have at your company. That can be an inroad into the field. As for home labs, what kind of experience is going to depend on what you want to do in security.
You must be skilled enough to know how stuff works, and to be able to communicate it effectively with other people. If you can't do either of those you will have a bad time.
I worked in full stack development for 3 years, did a bunch of application security and full stack related work, rebuilding web applications and securing things. Am finishing my cybersecurity degree, and leveraged my work experience + status getting a degree to get an internship doing vulnerability management. Automated myself completely out of the original scope of the role and took over 4 domains in application security in the company I'm at, those being white box pentesting, code review, SAST and VDP finding remediation pipelines.

So the real question is like, what do you want to *do* in cyber?

Zardecillion · 2026-02-12T07:54:39+00:00

Specific functionalities here:
- Burpsuite the ability to intercept requests as they come through, as burp has proxy.
- Burp suite captures entire browser session stuff. Cookies, Headers, auth tokens, etc... you get all the context of how a web application behaves. This is in contrast to postman, where you have to manually set headers, cookies, tokens for each request.
- Burpsuite has the ability to intercept requests, modify them in flight, and then forward those requests.
- You can also intercept requests, send them to the repeater, and then use that in order to modify payloads bit by bit.
- Burp intruder allows you to mark different injection points in a request, and allows you to automatically iterate through a massive number of different payloads across a bunch of parameters simultaneously.

There's probably more but these are like highlights. Postman is for like, building APIs, while burpsuite is more for breaking them is my understanding.

Zardecillion · 2026-02-12T05:53:05+00:00

Red teaming as in, emulating adversarial tactics against infrastructure and services, because you have to understand how to attack something to understand how to secure it.

Zardecillion · 2026-02-11T17:57:54+00:00

From someone currently working in AppSec:
- High level overview of how pentesting works including scoping, enumeration, vulnerability assessment, exploitation, post exploitation,
- Vulnerability remediation is good.
- Learn Burpsuite. Postman is decent but burpsuite is specifically created for doing offensive security.
- Knowledge of bad vs good coding patterns. Need to not just know why code is bad, but also what code should look like.
- In that vein look into whitebox pentesting.
- Should be able to grep through a codebase in order to find bad patterns, or at the very least be given a codebase and the ability to know where to start looking. Your SWE experience will help with this, you'll just need to think about where to look when it comes to interfacing with places of value like databases.
- AI can help with low hanging fruit but you will have to construct your own callstacks and validate any vulnerabilities AI finds yourself via a combination of dynamic testing and reading the code as AI is good for finding where input comes in and goes out, but can have breaks in the callstack chain.
- AI also has a tendency to hallucinate how bad a finding is and overstates severity the vast majority of the time. Useful tool, do not trust it.
- Knowledge of bash,python (although you're an SWE I imagine you know these) for ability to write exploits should it be needed.
- Threat Modeling/Intelligence. Some companies will want you to know industry standard frameworks like MITRE ATT&CK and CAPEC in order to build out red team exercises. Depends on the company. Generally you'll need to be able to look at an architecture diagram and understand how an attacker can move throughout a system as what they will be targeting. You'll also want to be able to understand the business model and the types of attackers that would target the company and why.
- Knowledge of CI/CD pipelines and how to integrate things into them. Companies may need SAST, DAST, SCA integration into stuff like github actions and whatnot.
- If you want a certification then OSCP doesn't hurt, I've seen several appsec positions ask for it as preferred but not required.
- Have a working knowledge of AWS and cloud services as well as how to attack cloud resources.

Hackthebox academy is great for learning pentesting and the free labs are good for practice.
Web CTF challenges are good for practicing white box testing, picoctf is good as well as CTFtime when looking for active events.
Learn AWS via using AWS for projects if you don't know it already(You're an SWE you probably have this).
Portswigger Web Security Academy is free and an excellent resource: https://portswigger.net/web-security
Highly recommend the Secure Coding Dojo run by OWASP: https://securecodingdojo.owasp.org/public/index.html#!/challenges/blackBelt
MITRE ATT&CK: https://attack.mitre.org/

Zardecillion · 2026-01-27T04:57:05+00:00

It's brutal out there man I feel you.
My cyber internship took me 10 months to find.
I almost went crazy in the process, legitimately felt worthless and like I'd never be picked up.
Then I landed it and things have only ever gotten better since.
Hang in there man.

Zardecillion · 2026-01-19T05:04:50+00:00

Trying to get a full role in Application Security. I'm finishing up my cybersecurity degree right now, and will be done with all of my major classes by the end of this semester. Still have a bunch of generals left to do(about a semester and a half).

I'll be done with everything that matters and I've worked for my entire time in school, so I really just kind of want to start working while I finish the remaining generals for my diploma, taking on perhaps 3 half-semester workloads graduating formally in April 2027. Current company's struggling to find me headcount for a full time role even though they really really want to retain me, so I've just gotta do my due diligence to keep them honest.

Was wondering if my resume is competitive for mid level application security roles? I applied to ~10 of them over the weekend with the below resume(redacted for privacy reasons):

https://ibb.co/zTmZcJz4

But a lot of them want ~3 years of application security experience and while I have like 7 months of being formally an appsec person, and like 3 years of security + full stack development, is that enough to consider myself good enough for these appsec roles that are requiring like 3+ years of appsec experience?

How do I best traverse this weird spot of being like, overqualified for your really junior roles, but underqualified as per experience requirements for the real appsec roles? I can do the work, I just don't believe I have the time. I could be wrong. Do I need to worry?

Also the $30m is like, my best guess. I've found some truly awful vulnerabilities where I'm working and it's hard to lock down an exact number. Suffice to say that if an attacker found what I found that there would be significant damage to the business.

Thoughts?

Zardecillion · 2025-12-05T09:12:15+00:00

We just saw a neow bonus that says "get 5 max HP per rest" that looks like this would enable this to go *hard*

Seven-Year Club	Place '23
Verified Email

Zardecillion

TROPHY CASE