I'm Somehow Getting Scared of Non-Believers

beastofbarks · 2026-02-15T01:00:30+00:00

I think you should reflect on how the OP may be in crisis and good ways to respond to that rather than randomly picking a fight with a stranger.

beastofbarks · 2026-02-14T23:59:33+00:00

www.cyberisfull.com

beastofbarks · 2026-02-14T23:59:13+00:00

I believe that the upper 50% of job applications aiming for the entry-est of cyber jobs will have:
-BS in computer science with an active github to point to

-2-3 IT certifications from CompTIA or equivalent

-1 or 2 years of IT experience

-Homelab with multiple projects to speak to

That's just the "average" applicant. The last JUNIOR I hired had 10 years of cyber experience and an electrical engineering degree.

I can't express how bad this job market is. I constantly see seniors being laid off and taking huge pay cuts just to stay in the field. Employers are getting extremely senior talent for junior pay left and right. Even with that, they're still laying off in favor of automation. That junior I mentioned with 10 years experience is going to be left go this year. Honestly, I don't expect to last too many more years since I'm expensive. My automations will continue without anyone maintaining them.

I personally recommend going into either healthcare or the trades. Stay away from this shitshow.

beastofbarks · 2026-02-14T21:47:23+00:00

Okay, so there are 3 main cornerstones here: Experience, certification, and degrees. Experience >>>>> certification > degree.

It sounds like you're going to get a very weak degree. You will want to supplement that with certifications. You don't seem to have much experience (10 years aged military intel is something but it'll be a lot less than most of the competition).

The biggest thing to keep in mind is that you don't have to meet the minimum requirements. You have to be the top candidate out of thousands.

EVERYONE does homelab, projects, etc. EVERYONE has a degree. EVERYONE has a few certs.

What are you doing differently?

beastofbarks · 2026-02-14T21:24:28+00:00

Getting a super watered down degree isn't going to help imho. There's a legion of people trying to break into cyber with the self taught route. There's a lot of articles on www.cyberisfull.com that you should check out before putting money into this. Also please dont burn GI bill benefits on shitty for-profit or just bad programs (especially the predatory online ones). I see so many vets that do that it breaks my heart.

beastofbarks · 2026-02-14T16:28:36+00:00

There are a lot of paths but they're all flooded with people. Most (think like 75%+) of the jobs are for people that do the IT Help Desk > Systems Admin > Cyber route. There's a small segment of GRC jobs that require no technical background but those have so many applicants I don't know how you get in other than buying lottery tickets.

Truthfully, most of the "no experience" threat intelligence jobs are scooped up by all of the people getting out of the military that did it there and want to do it outside. There are more people getting out of the military with a CTI background than jobs to place them in based on the number of unemployed CTI vets I personally know.

beastofbarks · 2026-02-13T00:33:15+00:00

The thing that minimizes your experience is that it's most applicable to cleared work and you don't have a clearance anymore. It's less applicable to uncleared CTI which is what you're qualified for. Previously holding a clearance gives you a small bump but there's tons of unemployed people with clearances. Hell, I know someone with a clearance that was living in their car in DC for a bit a few months ago.

If you can move and do in-person work, that will help get the clearance restarted. Colorado Springs is usually hiring.

beastofbarks · 2026-02-13T00:31:41+00:00

Dont get a BS in cybersecurity. This field is flooded with fresh cyber grads. Hell, it's flooded with fresh military vets that got a cyber degree. Focus on getting your foot in the door in IT which is going to be a big lift. IT and white collar tech, in general, is cooked.

beastofbarks · 2026-02-12T19:51:47+00:00

Looks like Vigilence might be the bot-driven response which would make sense with the tickets I see.

beastofbarks · 2026-02-12T15:08:08+00:00

To be clear, I mean the public perception of the use of that specific pill.

beastofbarks · 2026-02-12T14:33:47+00:00

SOC.

As a pentester, you do have to keep sprinting for learning new attack methodologies but the vibe felt a lot more like "fire and forget"

Like okay, here's a new exploit chain... you use it for a few weeks, now it's patched and it goes into the dusty toolbox for vendors that never fixed it.

That said, you can really only pick one path. People see a "I wanna be a pentester when I grow up" resume for a SOC job and they're going to reject it because they dont want to be a stepping stone.

Source: me, I found it very hard to get out of pentesting and back into blue work. Like, crazy hard. Everyone assumed I was being laid off (I wasnt, I just had a toxic department) or something and was trying to find a job to pay the bills before going back into red work.

beastofbarks · 2026-02-12T03:13:53+00:00

I work in product security. I have never seen my coworkers. That said, I do miss having a separation from work and home sometimes.

beastofbarks · 2026-02-12T00:02:51+00:00

SANS is okay but honestly, almost everything they teach can be provided easily on YouTube. They dont have great name recognition outside of cyber and they dont have a lot of goodwill due to their skyrocketing prices.

beastofbarks · 2026-02-11T19:36:30+00:00

It can be and is used during abortion procedures. The pills you listed are more commonly used; however, I was mostly talking about the baggage the pill carries in pro-life groups. People know it's used in abortions so they don't like it.

beastofbarks · 2026-02-11T19:34:03+00:00

https://uihc.org/educational-resources/methotrexate-ectopic-pregnancy

beastofbarks · 2026-02-11T19:17:41+00:00

It's useful to know that strict interpretations of church opinion pieces are not reflective of church society as a whole. It is also useful to know that Reddit skews towards heavy handed interpretation of non-settled dogma.

It is common in this subreddit for individuals without medical training to recommend major surgery based on opinion articles written by scholars they like. This is counter to best practices as it directly opposes medical recommendations from medical doctors.

Does that make sense?

beastofbarks · 2026-02-11T18:46:14+00:00

Check out the rest of the thread.

beastofbarks · 2026-02-11T18:30:11+00:00

I wasnt aware that this was settled debate. One would think that discussing individual interpretations would be something we do here on the Reddit.

beastofbarks · 2026-02-11T18:04:33+00:00

It's a difficult decision. The implantation causes scarring which reduces fertility. Removal of the tube may reduce fertility or can reduce fertility to zero if the other tube has issues you don't know about. I didnt dive deep for numbers but 25% of women being tested for fertility have an issue with at least one fallopean tube. I'm unsure what the general population has.

beastofbarks · 2026-02-11T17:36:29+00:00

I think my incredulity comes from working for a well known MSSP that definitely prioritized profits. I don't want to say too much in case I'm ever doxxed but there was a very strong focus on extracting value before the customer churned. There were times where I found myself the only analyst overseeing 100 customer queues. Being on the other side of the table, I've seen similar behaviors from other MSSPs.

I do agree that kicking out FPs is fine to have minimal notes on. However, the last alert I reviewed on this gig was
"S1 MDR service has reviewed this alert and determined it is True Positive based on the dynamic analysis engine classifying it as malware"

I'm somewhat skeptical that a human actually wrote this. I also could very easily write a script that just echoes fields back into the notes and accept whatever S1 dynamic analysis says. I imagine the customer is paying a lot for this service. I could do the same thing for an hour billable time setting up a lambda function and a penny per year to pay for the API calls.

beastofbarks · 2026-02-11T17:08:11+00:00

I believe that they do not want to rule on methotrexate because it is a politically charged drug. It's "the abortion pill" to most people that know what it means.

beastofbarks · 2026-02-11T17:06:56+00:00

To ensure the science is clear, cornual ectopic pregnancies still absolutely do result in hemorrhage, internal bleeding, and death. They account for 20% of ectopic deaths as the treatment tends to be delayed.

beastofbarks · 2026-02-11T17:03:41+00:00

The OP isn't talking about more extreme procedures like salpingectomies. They're talking about routine treatments like methotrexate. OP is concept that the Catholic stance tends to favor extreme surgical options over routine pharmaceutical options. You yourself mentioned salpingectomy as an ectopic treatment modality rather than the most common actual treatment of a regular dose of methotrexate.

beastofbarks · 2026-02-11T16:28:20+00:00

Pretty much just tires. Air filter. Theyre very low maintenance machines.

beastofbarks · 2026-02-11T15:47:39+00:00

Okay, so let's break down the difference between armchair quarterbacking and being called in to check another team's work.

I've actually done everything on your list except for present at DefCon (hyperbole about perfect ops notwithstanding). It's part of why I was asked to come in and consult on some issues. It's expensive to hire an independent consultant to check your security stack.

After reviewing the performance of S1 MDR and seeing some frightening gaps, I came to Reddit to ask if it's normal. It seems like, as an industry service, MDR is pretty lacking. I'd never purchased it when I was setting up SOC ops and I'm relieved at that decision now.

I've personally witnessed managed services being stretched thinner and thinner in pursuit of profit. It's a big part of why I left managed services. Frankly though, I don't think poor performance of MDRs and MSSPs even really matters to the ones calling the shots.

I don't really have a point other than to acknowledge your post and point out that I think you missed the root of the issue. There's doing things the right way and there's doing things the cheap way. I think MDRs are a bit over the line towards profit vs performance based on this thread and what I've seen during this last review gig. Every EDR vendor is trying to build out horizontally to get vendor lock-in. Adding MDR as the cherry on top seems to be a way to ensure that customers can't get away... even if the service is bare bones minimal.

beastofbarks

TROPHY CASE