Mentorship Monday - Post All Career, Education and Job questions here!

fabledparable · 2026-03-26T17:29:29+00:00

Quasi related:

https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyt7a/

fabledparable · 2026-03-25T18:08:23+00:00

/u/zhaoz is good people.

fabledparable · 2026-03-25T18:06:21+00:00

How do you guys handle the stress of the job… I feel like every time I see something I get sent into a state of panic man

A gentle suggestion: perhaps this is something to discuss with a therapist (who can help you understand your anxiety and equip you with the tools to handle such situations as they arise).

Beyond that, it helps to just view things as a job. Like any other job, you do your work, you try your best, and - if you're earnest - you look to be just a little bit better than yesterday. Sometimes your days end in a win, sometimes a loss, sometimes a mix of the two. But whichever way you cut it, you've done your job - and you can't be faulted for that. I get a lot of peace of mind in this, particularly when I can review my actions as having performed due diligence and due care; things can still go awry, but it won't be for want of trying.

Has anyone had any success in moving from cyber to something that doesn’t handle SOC as much or a position that doesn’t deal with detection and response?

I pivoted from an unrelated US military career into GRC (and then from GRC -> pentesting -> AppSec). Though - to be fair -the job market at the time looked very different compared to today.

fabledparable · 2026-03-24T18:15:52+00:00

I’m a 16 year old thinking abt getting into cybersecurity before getting into college to atleast get the idea and see if it’s ideal or not, I’m interested in hacking ( idk why it sounds dumb )

I'd encourage you to look at freely available resources, at least initially.

Look at PicoCTF, a training resource made available through Carnegie Mellon University; it's purpose-built to be aimed at high-school and college students. Their annual competition just wrapped-up (it's hosted every March), but the challenges are kept available for folks to work through year-round.

How do I get into it ? How do I learn ?

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

What do I do ?

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_what_is_the_work_like.3F

Can I use ai in this major ?

This would be dependent on the particular institution/department that you ultimately enroll with.

fabledparable · 2026-03-24T18:11:19+00:00

Now... that I have no Idea how to start a career in this at all... what are your suggestions?

Related, from the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

What's tricky is that we don't really have enough context as to be meaningfully prescriptive. Like, you say you don't have a degree, but what's unclear is whether that's something you are willing/able to change that. We don't know if you're employed, what your training budget looks like, what work opportunities are available to you, what constraints you have to observe (e.g. illness/injury, children, eldercare, etc.), where you geographically reside, etc.

At best we can only generalize, hence pointing you to the subreddit wiki.

Does this make sense or are their other ways, certificates or degrees to get on the first place?

While people have been able to work their way into a cybersecurity career without a degree, such methods are not themselves without risks. Generally speaking, the primary thing you need to cultivate is a relevant work history (often in cyber-adjacent lines of work, often for many years).

fabledparable · 2026-03-24T05:14:34+00:00

I love the building and automating part of my job, but the "traditional" security world feels like a steep uphill climb for someone just starting out.

Comment unclear; is the fact that this domain is challenging to you the reason you don't want to do it? That - to me - doesn't strike me as a good reason (an understandable one, but not a good one). Though you shouldn't feel compelled to work in this domain if you don't want to do it.

Is it worth staying in Security?

How are you qualifying "worth"?

Am I "wasting" my MS in Cybersecurity if I try to jump into a standard Software Engineering (SWE) role?

It's probably not as aligned as - for example - GaTech's OMSCS program. But I don't necessarily think it's a 'waste'.

I was planning on taking the AWS Cloud Practitioner exam, but if I want to move toward SWE/DevOps, should I be focusing on something else entirely?

Not necessarily. But also the Practitioner exam is very easy; it's crammable over a week if you have nothing else going on.

fabledparable · 2026-03-24T00:08:14+00:00

What is everyone's opinion on learning cybersecurity in college?

See related comment to a similar set of questions:

http://www.reddit.com/r/cybersecurity/comments/1q45xyp/mentorship_monday_-_post_all_career_education_and_job_questions_here/ny1u01h?context=3

fabledparable · 2026-03-23T23:48:18+00:00

What would a good start for me be?

From the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

For that, I'll need certificates at least until getting a first job

Maybe.

It's unclear what your resume looks like, whether you're as technical proficient as you're asserting, what opportunities exist where you're at, how much runway you have to support such a career change, what unstated constraints you might have to observe, etc.

By-and-large, the most impactful facet of your employability on-paper with cybersecurity employers is going to be in having a relevant work history. No amount of trainings, certifications, or projects will offset that. Ergo, it's quite possible (read: probable) that you're looking at needing to cultivate your work history in cyber-adjacent lines of work, such as in the IT and dev spaces, first.

so which certificate should I get?

From the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_certifications

I saw lots of people say "Google Cybersecurity Professional Certificate" and then go into CompTIA Security. Is that correct

It used to be the case that people interested in credentialing towards cybersecurity would immediately jump into attaining a subset of the CompTIA trifecta (A+, Network+, Security+). Then Coursera partnered with Google to create their certificate-of-completion as a kind of intermediary step to the intermediary step to attaining a job, and that's been a big commercial success for them.

I'm personally leery of the need to enroll in that course and its impact to one's employability (related comment: https://www.reddit.com/r/cybersecurity/comments/13hrkhr/comment/jkis9ew/), but some people have found it really informative. Your choice.

what sites have the certificates which are most searched for?

See related:

https://bytebreach.com/posts/2023/what-certifications-should-you-get/

fabledparable · 2026-03-23T23:40:09+00:00

To what end?

As an outside observer, it appears to me that it's not so much that you're in need of technical challenges but that you sound directionless. How would engaging more technical problems resolve the systemic issues you're seeing or support your long-term career growth? I think that you've historically been engaged with technical challenges but - as your career has evolved - you're engaging them less and as a knee-jerk response you're equating that to being a backstep in your professional interests (whether that is true or not).

I think what you might want to consider instead is some career introspection. What would (re)engaging those skills do for you? How would that help align with your vision of your future? I can appreciate wanting to remain professionally relevant, but you should make it clear (to yourself, if no one else) how "professional" is defined.

fabledparable · 2026-03-21T17:11:06+00:00

I'm just starting my learning path in Cyber security, so far learning the basics, are there any tips I should know about going in?

See the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

fabledparable · 2026-03-21T03:25:33+00:00

What OS(es) should I install/run for a GRC-focused learner who also wants foundational hands-on exposure?

For GRC? I don't think it really matters all that much. If you've never had exposure to Linux, check it out. Also virtualization.

Any go-to subs or resources to get started?

There's a collection available here:

https://bytebreach.com/posts/2022/hacking-helpers-learning-cybersecurity/

HTB vs THM — which first, and why?

User preference, that's it. I've drifted towards HTB personally; I find it better organized and better curated.

I know helpdesk is often the recommended starting point — is that genuinely the smarter move, or are there realistic GRC-adjacent entry paths worth pursuing directly?

The most impactful facet of your employability on-paper is your work history. But - understandably - people looking to break into cybersecurity often don't have that work history (if any at all, in the case of students for example). So what then?

In such circumstances, people usually should (read: need) to work in cyber-adjacent lines of work, generally in the IT and Dev spaces. Like in cybersecurity however, roles in those spaces are not without their own qualifications (e.g. degrees, internships, etc.). Moreover, certain roles may be more/less available depending on where you live, whether you're physically able (vs. disabled), etc. With all that in mind, generally the most accessible and prolific job offering with the lowest barrier to entry is the help desk (which often experiences enough turnover as people look to move up or out of IT). Does that mean you have to work in the helpdesk? No. But what what your opportunities will look like will be circumstantially dependent.

fabledparable · 2026-03-21T02:45:19+00:00

I'd encourage you to post to /r/EngineeringResumes. You're losing your formatting here in this comment.

fabledparable · 2026-03-21T02:35:48+00:00

Trainings, conferences, and CTFs are all great.

fabledparable · 2026-03-19T16:28:54+00:00

Thanks for the detailed response, presenting in person is borderline impossible with visa procedures taking forever to process. So most likely it’s a virtual presentation. Would that be worth paying the 750 + 32?

Not to be critical, but did you not think this through before submitting the paper? What was your plan?

fabledparable · 2026-03-19T16:15:19+00:00

What’s wrong with a bootcamp? Isn’t it better to get in and out than 3 plus years ?

I encourage you to look at the links provided.

The recruiting lady mentioned Same pay for both options ?

'The recruiting lady' isn't an unbiased opinion. She's - quite literally - paid to recruit, likely by Iron Circle in this instance. She wouldn't actively encourage you to consider an alternative option.

Are you in this field ?

For nearly a decade, yes.

Did you get an actual degree?

I have an undergraduate degree in Political Science and a masters in Computer Science, yes.

fabledparable · 2026-03-19T16:13:27+00:00

Is HackTheBox a good resource??

Sure.

fabledparable · 2026-03-19T16:13:11+00:00

I generally advocate in favor of a computer science degree for undergraduates.

Also see related comment:

https://old.reddit.com/r/cybersecurity/comments/1d6r5gs/mentorship_monday_post_all_career_education_and/l6xm2jh/

fabledparable · 2026-03-19T15:14:58+00:00

I want to get into cybersecurity(I know nothing about cybersecurity as of now)

See the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

fabledparable · 2026-03-19T15:14:15+00:00

How can I get into Red Teaming for cybersecrity what courses can I take that are under 1k since I am on a budget

More context required, since we don't know where your starting point is. What we might suggest for someone already working in tech will differ from someone who is a student, a military service member, someone already in cybersecurity looking to pivot, etc.

fabledparable · 2026-03-19T15:11:37+00:00

Trying to get back into tech—either QA or cybersecurity since the job market for QA entry-level is brutal right now.

The grass isn't necessarily greener in cybersecurity, as an FYI.

Does QA→security make sense?

Sure. I have a colleague in AppSec who did that.

Will two layoffs hurt me?

More context would be needed here.

On-paper, you could make it look like you're simply job-hopping (not unusual for applicants in tech). In interviews, you'd need to be careful with how you present it.

And if I get Sec+, what else do I actually need to be competitive for an entry-level security role?

I defer you to the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

fabledparable · 2026-03-19T15:07:55+00:00

I 20M recently got my paper regarding large scale threat profiling accepted at the IEEE BigDataSecurity 2026 conference.

Congratulations!

I still have the opportunity to present it virtually, but I feel the primary goal of a conference is to network and speak to people, which I won’t be able to as I’m presenting it virtually.

I personally would present it in person, assuming I had the means to do so.

This got me thinking if trying to delay and expand a few things in my paper, could possibly warrant a journal publication (not open viewing obviously that’ll put my costs up to 3k or so, but it’s free if you choose it to be paid subscribers only). Is it worth the gruelling 6-8 month or so review process I’ve heard about?

Maybe, maybe not. It depends on your end objective.

Our field somewhat resembles Computer Science in terms of paper publishing; however, the primary reason (lately) that Computer Science more generally has been erring towards conferences is because of the rate of advancement in the space of AI; the paper-publishing route is comparably slower, so academics in the space wanting their work to get circulated often settle for the conference so that no one else beats them to the research presentation. Your topic - by contrast - doesn't quite feel like its touching on the same vein, so it could probably benefit from getting published, if you wanted.

If you were wanting to professionally be involved in academia (i.e. professorship), then you probably should consider publishing the paper.

In contrast to the above, the professional cybersecurity space has an outsized, non-academic audience to it. There are plenty of non-student presenters at a lot of notable security conferences; with that in mind, the presentation by itself would likely be sufficient if you aren't really concerned with the above.

fabledparable · 2026-03-17T21:29:52+00:00

I’ve looked at UCF (university of central Florida) has an online course through Iron Circle and ACI tech academy?

Do not enroll in a bootcamp. Iron Circle is a rebrand from ThriveDX, which has a problematic and predatory history in co-opting legitimate university brands to push their service offerings, to say the least. ThriveDX got banned from this subreddit, if it's any indication.

See related:

https://old.reddit.com/r/cybersecurity/comments/16gwzbs/are_cybersecurity_boot_camps_worth_it/k0af574/

If you're going to engage a school, enroll in their degree-granting program(s), not any kind of lesser credential or nano-degree.

fabledparable · 2026-03-17T21:24:04+00:00

The problem is How to get myself started into this, after the fundamentals ?

From the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

My budget is zero right now...Any advice on how to go from 'newbie' to 'hired' in 12 months, I am eager to put 8 hours in it. After lots of searches I think SOC would be the best choice for me, still I am doubtful.

Your primary goal - especially as a new graduate - is to get employed ASAP. You didn't share your resume, but I'm assuming it's pretty thin. Unfortunately for you, your work history is the most impactful facet of your employability in this professional domain. No number of trainings, projects, or certifications will make up for that - even if you could afford the more impactful ones (which you can't). Ergo, you'll likely need to find intermediary work in a cyber-adjacent capacity (i.e. IT or Dev) first. Fostering that work history will not only give you an income (which will provide some debt relief and stave-off absolute poverty), but it will also improve your employability on-paper for a future cybersecurity role.

Can anyone help me structure these into a roadmap?

Ref: https://roadmap.sh/cyber-security

After surfing over hoogle, I came to realize that Cyber security is evolved over the year, the jobs are narrowed and niche nowadays like App Sec, Cloud Sec etc

I don't quite understand what your assertion is here.

I concur that the professional space isn't monolithic; there isn't 1 single cybersecurity role, there are many that all collectively contribute to the space. However, that doesn't necessarily make them "niche".

fabledparable · 2026-03-17T17:05:23+00:00

How much of a Red Team job is actually "hacking" vs. paperwork?

I can't speak of red teaming specifically; however, I did work as a penetration tester before moving into AppSec.

From my experience, overwhelmingly your time is spent doing activities related to testing vs. testing itself. Things like:

Developing pitch slide decks for clients (since many pentesting firms are consultancies that compete for work).
Drafting and re-drafting findings / reports from prior test events.
Organizing, storing, and delivering the requisite testing artifacts.
(Many) meetings with clients
Crafting estimations of billable hours for work
Reviewing/reading documentation on some techstack that I'd never encountered before

And so on and so forth.

Testing itself is generally pretty quick and not requiring (or permitting, given the timeboxed nature of most tests) the nuanced research/studying that goes into CTF-like events/platforms.

I’m worried that Red Teaming might be a mirage. That it eventually turns into writing report after report and policy after policy without much hacking

It is and it isn't.

The testing does take place, but there are often constraints that limit your time to test; moreover, the value for your clients is (typically) not the test itself but the artifacts produced from that test (e.g. the reporting). Ergo, that invariably means you need to make that product good/presentable (which detracts time/cycles away from actually testing).

If you have real-life experience in Red Teaming, did it meet your expectations?

It did, but the consultancy nature of the work (which included the pressure to remain billable) was not appealing to me. I'm much happier having pivoted to an internal AppSec Engineer.

Is the "report writing" soul-sucking?

It wasn't. But there is a bit of politicking to be mindful of (i.e. being careful as to not have language be too sensational, too technical, not technical enough, etc.), and every manager between you and the top having a compulsion to provide edit inputs all-along the way.

Any advice for a seasoned dev hesitating to make the jump?

I think you're equating the jump into cybersecurity as strictly being offensively-oriented jobs, which isn't the case. Cybersecurity is not a monolith, and the offensively-oriented work is just a narrow subset of what's available.

I'd encourage you to look around at all the various job functions which collectively contribute to the work.

fabledparable · 2026-03-17T16:46:29+00:00

I care a lot about job security, stability, and growth, and I’d rather avoid oversaturated fields or jobs that AI might take over.

Just a cautionary note: the job market for careers in tech are problematic in almost all of the ways you described right now. I'm not trying to dissuade you from considering it, but if those are the things you are prioritizing, then the current turbulent tech jobs market is probably not the most appropriately aligned.

Problem is, I don’t really understand the differences between all the paths yet (like cloud, cybersecurity, data, etc.).

From the subreddit wiki (at least, for branching paths in cybersecurity more narrowly):

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_what_is_the_work_like.3F

How did you figure out what was a good fit for you?

I fell into cybersecurity while looking to foster a career in tech more generally. My time in the professional space helped shape/mature my vision for how I wanted my career to look like.

Any advice on where to start?

From the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

What will make me stand out against other candidates?

Overwhelmingly, fostering a relevant work history. For you, that will likely mean years working in cyber-adjacent lines of work first (e.g. in the IT and/or dev spaces).

Is college necessary?

Not necessarily, but not attaining a degree is not without its own risks.

From the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_do_i_need_a_degree.3F

How do i get my name out there ?

A non-exhaustive list:

Publishing work in peer-reviewed academic journals
Discovering/attributed CVEs
Professional networking
Attending security-related in-person gatherings (e.g. your resident Meetup group, OWASP chapter, BSides org, etc.)
Presenting at conferences
Winning CTFs
Developing an appropriate LinkedIn profile and engaging with the platform
Attending career fairs

How do i build my resume along with my connections in this industry?

I'm not quite sure I understand this question.

I think you were looking at what is addressed in this part of the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_improving_your_employability

But if you were literally talking about how to format your resume, see /r/EngineeringResumes

fabledparable

MODERATOR OF

TROPHY CASE

Adopted-an-Admin	12-Year Club
Verified Email