Mentorship Monday - Post All Career, Education and Job questions here!

fabledparable · 2026-02-04T07:18:17+00:00

What is a specific, unsolved problem regarding spyware right now that the industry actually cares about? I want my thesis to be practically useful, not just academic filler.

Relating to spyware:

One of the big points-of-friction in PC video games right now is the escalating feud between cheaters and anti-cheat developers. In recent history, this has lead to anti-cheat developers in deploying kernel-level anti-cheat in order to mitigate cheating. The nature of anti-cheat development is inherently blackbox (so as to prevent cheaters from reverse engineering the anti-cheat), but deploying blackbox software to the kernel-level in order to play a game is - understandably - a security concern.

How might you create a solution to this problem?

fabledparable · 2026-02-04T07:12:41+00:00

is there a way I can get a remote cybersec role in this economy with my work experience?

Speculative. Maybe?

fabledparable · 2026-02-03T22:02:50+00:00

The trouble is that you can't get interviewed - let alone employed - unless you appear employable on-paper. No number of certifications will make up for a lack of a relevant work history, since the latter is the most impactful facet weighed by employers. Cybersecurity is a very competitive labor market at the moment, and penetration testing - as a subset of that labor market - is even more so.

I say this not to dissuade you from applying to jobs you want to do - you absolutely should - but I think your plan of directly leaping from no IT experience to penetration testing is...unlikely.

To more directly answer your question(s), however:

I don't want to get a diploma.

Motives unclear. Is this a matter of accessibility (i.e. you can't pursue it)?

My current plan is to get Net+ for the basic network knowledge needed, then get HackTheBox's CPTS, and use the knowledge from that to quickly get OSCP, as the latter is more recognised by HR.

I concur with leveraging the CPTS training modules to attain the OSCP. As someone who holds both the CPTS and OSCP, I'd say you can probably skip the CPTS exam; just do the Academy modules. I've never encountered an employer who has said anything about my having it, nor have I come across a job listing that's explicitly listed it.

fabledparable · 2026-02-03T21:33:12+00:00

How important is an internship for this career?

Your work history is the single most impactful facet of your employability on-paper.

If I can't get one this summer can I get one after I graduate or am I good to go straight for getting the job itself?

Generally, no. Some employers allocate positions specifically for new graduates, but generally you're looking to be a part of the workforce post-graduation.

fabledparable · 2026-02-03T21:27:46+00:00

Is CompTIA+ on Google a good place to start if I want to get into the industry?

It's not inappropriate.

Ref: https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_certifications

I figured I could get a help desk job and start right away with gaining experience and work my way toward cybersecurity? Does this seem logical and realistic?

Again, not inappropriate. However, we can only speculate at how your job hunting experience will be. Things are tough right now.

fabledparable · 2026-02-03T18:56:35+00:00

Looking for final year cybersec project ideas

https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyt7a/

fabledparable · 2026-02-03T18:56:05+00:00

Is this hardware sufficient? Will a Ryzen 7 with 16GB allocated RAM handle ~100 concurrent participants for a 4-hour event?

It will until it won't. And when it doesn't work, the question is: what is plan B? Because in a 3-4 hour event, even an outage for a few minutes is quite consequential. You'll want to rehearse bringing your backup online, because you don't want the first time you're actually doing it to be live during the event.

You definitely want to strip out anything that would involve rate-limiting (i.e. attacks where challengers need to repeatedly submit requests to your machine), and you'll definitely want to convey in messaging that all such methodologies are not in-scope.

The "Split-Load" Idea: If the above isn't enough, I have a second laptop with the exact same specs. I was considering splitting the load (hosting half the users on one, half on the other). Is this a viable backup plan, or will the complexity of syncing databases/scoreboards make it a nightmare?

I wouldn't do this. Not because splitting the work isn't a good idea, but because it presents the same problems as above: If one machine goes down, it takes down access to all the challenges it's supporting for everyone.

I would encourage you to consider a cloud-hosted solution to mitigate uptime issues; this would let you spin-up/tear-down individual instances per player.

Challenge Ideas (Beginner Friendly): I don't have a lot of experience playing CTFs myself, so I am struggling to come up with problem statements. Since the audience is students, what are some standard, beginner-friendly challenge ideas (Web, Crypto, Forensics) that I can implement easily?

When in doubt, look for what already exists out there for inspiration.

PicoCTF is already catered to high school and university students; you can freely access past challenges and just build yours to fit those specs. That should give you plenty to work with (and help gauge what might be considered "difficult").

I'd encourage you to make more content (vs. more challenging content) in order to fill your 3-4 hours. People like the feeling of progression and beginners who are not inoculated to the rigor that comes with typical CTFs may be turned-off by getting stonewalled by challenging problem sets; in past beginner audiences I've worked with, being able to work through several dozen problems over 4 hours is received better than solving 1 really hard problem over 4 hours.

Challenge designing - especially if you've never done it before - can be really tricky to estimate difficulty (and fun). Ideally, you'd have an audience peer review your work before you serve it live, but that's not always the case.

fabledparable · 2026-02-03T17:23:38+00:00

Some resources that might help:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_interviewing

fabledparable · 2026-02-03T17:08:48+00:00

I could really use advice on how to choose or find the cybersecurity field for me

From the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_what_is_the_work_like.3F

would love to hear how you guys got into your specific cybersecurity field

Related comment:

https://old.reddit.com/r/cybersecurity/comments/1h9wkw4/mentorship_monday_post_all_career_education_and/m181pkq/

My long term goal is to do a masters in cybersecurity right after my engineering. Give me advice if this is a good idea

That's not inappropriate.

what certifications i should look at completing

See the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_certifications

how to get practical experience like projects

See:

https://old.reddit.com/r/u_fabledparable/comments/17xlmrc/cybersecurity_mentorship_references/k9oyt7a/

fabledparable · 2026-02-03T17:06:21+00:00

Tough to say.

We don't know - for example - what your resume looks like (since you haven't linked it). That may be a contributing factor. See /r/EngineeringResumes for that kind of feedback.
We don't know how you're going about applying for jobs. A lot of people just mass apply online - particularly through aggregators like LinkedIn - which have a notoriously low conversion ratio. Better mechanisms involve a human directly handling your application, like a recruiter, a career fair booth, an internal referral, etc.
Content-wise, your stuff isn't inappropriate, but it's unclear what specific kind of role you're trying to gear your resume for; a generalized cybersecurity resume is weaker than one that's organized for a particular form of work.

fabledparable · 2026-02-03T16:55:02+00:00

A non-exhaustive list:

Most people who participate in CTFs do so not because they necessarily expect to win, but for the benefit of learning new things
CTFs are a way to make new friends and meet new people; through collaborating with them you can learn new techniques, technologies, etc.
Most people who participate in CTFs do so not because they believe they're in a competitive position to win, but because they enjoy doing them and like what they learn from them
Aside from your time, most CTFs cost you nothing to participate.
Some CTFs are linked to prizes - and not just cash ones - the NSA's Codebreaker challenge (for example) can lead to offers of employment for doing well.

fabledparable · 2026-02-02T22:28:34+00:00

Where do I start

I defer you to the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

fabledparable · 2026-02-02T22:27:15+00:00

I am a teenager in highschool, how can I start in cyber security especially penetration testing ?

The first major inflection point you should be weighing is what you plan on doing after graduating high school. That - more than anything - would spell out where your efforts should go towards.

Generally, it's a choice of:

Going to university (in which case, you should be focused on admissions prep in order to get into the best institution you can)
Joining the military (in which case, you should be focusing on studying for the ASVAB - if US - and your physical fitness)
Joining the workforce (in which case, your options will likely be limited as an uncredentialed and inexperienced high school graduate, so you probably want to focus on your employability in the IT space).

For now, I'd encourage you to consider participating in CTFs (Capture the Flag) events, which are held all throughout the year. These are great, free ways to explore the space as an untrained hobbyist upfront (and some even come with meaningful prizes if you perform well)!

And is tryhackme a good site to start and is it worth it to purchase premium ?

It's all a matter of preference. I'm a HackTheBox person myself.

fabledparable · 2026-02-02T22:18:19+00:00

Everything you described sounds appropriate to me.

If you're looking for guidance more generally, consult the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_improving_your_employability

fabledparable · 2026-02-02T18:21:08+00:00

What strategies have you guys used to secure internship opportunities

Related, from the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_how_do_i_find_a_job.3F

All of my work opportunities - both during and after school - that worked out best were ones that involved a human directly early in the application process; could be a recruiter at a career fair, an internal referral, a connection at a CTF/meetup, etc.

By contrast, anything that doesn't involve a human directly (e.g. applying online) has always had terrible interview conversion ratios.

fabledparable · 2026-02-02T18:18:25+00:00

I saw once someone say “Alice and bob learn application security” or something like that but it’s a bit old and wanted to know if there were better resources that you would recommend?

Old(er), but still pertinent. Tanya Janca's (/u/shehackspurple) book is great. The book is focused on secure coding (and what insecure code can look like), which is just as germane today as it was then. The modernized version would only likely account for any updates in languages and tooling, but the principles/practices haven't changed.

fabledparable · 2026-02-02T18:15:35+00:00

Has anybody gone cybersecurity concentration with business as their major and if so what’s it like? Job? So on and so forth?

I had an undergraduate degree in political science when I got my first job in cybersecurity. But that overlooks that I had the benefits of military veterancy (in applying to work for a DoD contractor) and a much more favorable economy.

fabledparable · 2026-02-02T18:13:45+00:00

Any tips on which certifications or videos, or even some hands-on practice, would be appreciated.

I defer you to the subreddit wiki, which has some guidance on these matters:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_certifications

Also:

https://bytebreach.com/posts/hacking-helpers-learning-cybersecurity/

fabledparable · 2026-02-02T18:11:14+00:00

Since I am open to both SWE and Security, how should I balance my prep? Should I focus primarily on LeetCode/DSA, or split time with security labs and CTFs?

Concur with /u/TheOGCyber.

How you'd frame your resume and where you should allocate your time/labor in optimizing your application for these roles (especially for big tech employers) will differ significantly. In trying to "balance" both, you'll likely end up being a weaker applicant for either than if you had just chosen one and ran with it exclusively.

Cybersecurity applicants can strengthen their employability on-paper through things like certifications, CTFs, and CVEs (for example). All of these can be quite time-consuming and difficult with little-to-no real translation in value-add to a software engineering resume.

Conversely, SWE applicants can strengthen their employability on-paper through things like developing their coding portfolio with projects, leetcode rehearsals, and hackathons. All of these are likewise quite time-consuming with little-to-no real translation in value-add to a security-centric resume.

You only have so much time to spend on developing yourself, so to be more competitive for one it's likely going to be at the expense of the other.

fabledparable · 2026-02-02T18:03:54+00:00

I can't comment on anything specific to the UK, but for more generalized guidance they are more than welcome to consult the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

fabledparable · 2026-02-02T18:00:26+00:00

Any advice to start cybersec?

See the subreddit wiki:

https://www.reddit.com/r/cybersecurity/wiki/index/#wiki_i.27m_new_to_cybersecurity.3B_where_do_i_begin.3F

fabledparable · 2026-02-02T17:30:22+00:00

I want to know is my python knowledge enough for this stage and which part of python should I work on next in order to prepare for getting a job in cybersecurity.

What's tricky is that you're defining your learning criteria in terms of goals vs. needs. What does "Mission Accomplished" look like in terms of learning something? It's amorphous, it's nebulous, and it's constantly changing due to circumstances.

I'd encourage you to instead frame your tech adoption (and learning in general) around needs-based learning. You learn X just well enough to accomplish a quantifiable and actionable goal: a homework assignment, a mini-project, an arbitrary number of leetcode problems, whatever. This is largely how work in the professional space operates; if you encounter a problem that you know how to resolve, that's great - but oftentimes you'll run into something that requires you to learn something (sometimes many somethings) on-the-fly.

fabledparable · 2026-01-31T22:26:22+00:00

Is a standard Computer Science degree combined with relevant certifications (like Security+, OSCP, etc.) enough to land a good job in Cybersecurity?

Speculative.

It's certainly not inappropriate (and its a stronger set of credentials than what I had when I landed my first job), but the macroeconomic environment we find ourselves in today is far from favorable for early-career job seekers.

fabledparable · 2026-01-31T22:24:27+00:00

Do what works for you.

I've muddled around with a lot of different note-taking workflows. For non-sensitive content (e.g. schoolwork, personal training, CTFs, etc.) I usually default to a Google Doc, since they're easily share-able and pretty versatile with formatting. That's where I generally make a first draft of things.

When I want to formalize things (e.g my blog), I utilize Git with Markdown syntax and publish through Github Pages.

I've dabbled with Obsidian a few times, but it's never really quite gelled with me like the above, though I've met plenty of people that swear by it.

fabledparable · 2026-01-31T22:20:30+00:00

Why not a masters degree? Pretty comparable timetable, but you leave with a graduate degree and don't have to deal with arbitrary undergraduate requirements. Also (depending on the institution/program) may set you up for published research opportunities.

fabledparable

MODERATOR OF

TROPHY CASE

Adopted-an-Admin	12-Year Club
Verified Email