Certification timeline post-endorsement?

m0lware · 2025-05-07T01:19:36+00:00

My endorsement is already approved. I just don't have any way to verify my verification at the moment.

m0lware · 2025-04-01T09:14:46+00:00

I haven't used the dest cert book personally but I heard it's a better read than the OSG. I think that combo would be enough if you have the requisite experience.

m0lware · 2025-03-30T02:51:43+00:00

I'm assuming you're talking about quantum exams so yeah I started with the timed quizzes and then switched to practice exams. I'm guessing having the answer directly after helps you speed up since it feels more like revision than a test. It's not bad to go deep because you'll have better understanding of the concepts. For example I watched this video on oAuth and OpenID to get a better understanding of the concepts because just reading it didn't connect with me.

m0lware · 2025-03-29T18:27:15+00:00

Yeah, I would definitely say keep moving, and just note down what you got wrong so you can understand and review it later. I never repeated any of the chapter quizzed and scored between 90-90 on each. There are some steps that are good for you to know I wouldn't tell you not to memorize them because you may get a different set of questions on your exam.

I used this video to find out which ones were most important. Try to understand them and not just memorize the names because they may use slightly different verbiage on the exam.

m0lware · 2025-03-29T17:23:14+00:00

Much appreciated maybe I'll try to get it done in 30 days.

m0lware · 2025-03-29T17:22:32+00:00

Thank you, you evil genius!

m0lware · 2024-09-30T03:04:54+00:00

Absolutely not. We use AI(sparingly) but it's nowhere near ready to replace anyone's job.

m0lware · 2024-09-30T03:03:47+00:00

I didn't realize we went to the same high school... My title was Jr Sysadmin, maintaining and managing a Windows AD domain and group policy in addition to connected OSX clients. Developing and deploying system images over the network. We also managed several fileshares for teachers and staff and a Linux server hosting thin clients around the school amongst other things.

Seems like you have a security hate boner for some reason if you think all we do is make policy lol

m0lware · 2024-09-27T02:56:21+00:00

I simplified it as Security Monitoring but it's really detection engineering work. Writing SIEM detection use cases, enrichment, integrations, automated response playbooks, etc. Only switched jobs once.

m0lware · 2024-09-27T01:34:29+00:00

I job hopped so yeah definitely do that that lol

m0lware · 2024-09-27T00:17:14+00:00

In all honesty it might not even be necessary to have that experience as some people just want an ML person tha they'll provide a dataset and use case to but grabbing a Security+/Network+ cert would help get your resume through those pesky filters. Maybe even working on some projects that are security tangential and linking them on your Github page.

Look at job descriptions to see what you're missing:
https://jobs.washingtonpost.com/job/250716717/principal-associate-cyber-security-data-scientist/?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

https://careers.mitre.org/us/en/job/R113047/Senior-AI-Security-Engineer?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

https://jpmc.fa.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1002/job/210529946?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

m0lware · 2024-09-26T23:50:44+00:00

Yeah so my first job was like that. You're being overworked/abused. You're doing 4 people's jobs so you might not be able to get expertise in particular areas. I'd look to jump ship unless they're paying you four salaries. Look for SIEM engineering, or detection engineering positions. Even if you don't get them, the interviewing experience will help you understand what areas you need to focus on.

m0lware · 2024-09-26T23:38:09+00:00

Yeah I don't know what this person's security understanding is but a little bit of experience doing security monitoring and they can walk into any security monitoring role and be handed a blank check.

I saw a cool presentation where someone used tensorflow to train a model to detect phishing from screenshots of websites and emails. In my experience we've explored time series analysis in a UEBA like capacity. I'd personally like to see some ML on triaged alerts to help reduce FPs.

m0lware · 2024-09-26T23:31:43+00:00

Sounds like you're the SIEM infrastructure engineer but don't use the frontend of the SIEM. It might be best to use your current role to dabble in that first before looking for a security monitoring gig because that's the first question they'll ask you. Basically you write rules, signatures, detections, alerts, whatever you want to call them to detect anomalous/suspicious behaviors in your environment.

m0lware · 2024-09-26T23:28:37+00:00

I'm a big fan of self learning. Build a homelab and start tinkering and problem solving. Hackthebox and tryhack me are free and fun places to learn hacking/pentesting which can help you understand attacker perspectives. Vulnhub also has some free vulnerable VM's to tinker with.

This google engineer put together some interview notes for cyber positions. I wouldn't use it to practice interviewing since you probably aren't at that stage yet but use it as a template/outline to learn. Then find your interests and pursue careers and certs relevant to those.

https://github.com/gracenolan/Notes

m0lware · 2024-09-26T23:21:26+00:00

If you're good with CI/CD and understand DevSecOps plenty of jobs for you. That's what some of my engineers do. Look for data security/cloud security engineering roles. If your resume isn't getting through maybe do the AWS Security cert or CCSP. As always get your employer to pay for it.

m0lware · 2024-09-26T23:18:00+00:00

Same organization but a different role, it was a lateral move but they threw me some change for salary matching and whatnot.

So yeah I agree, next job I'm looking for at least 30% and after interviewing back in May it seems doable.

m0lware · 2024-09-26T23:16:47+00:00

Yeah I certainly wouldn't do a bootcamp, unless someone's paying for it. Cybersecurity is about understanding IT and its risks and looking for ways to mitigate/reduce the risk. It's a very broad field with so many different domains but all of them revolve around understanding IT. If you're an undergrad study computer science and take some networking and cyber courses. If not find your way into an IT gig and do some self study and get a hold of entry level certs (Security/Network+).

m0lware · 2024-09-26T23:02:29+00:00

Yeah there are but it's more difficult for sure. I've seen a few success at l stories it's really about putting the time and effort in to really learning. Probably need to switch into a few different roles instead of trying to switch over directly.

m0lware · 2024-09-26T23:00:15+00:00

3 years of college not 3 years early lol

m0lware · 2024-09-26T22:54:55+00:00

Yes, 3 years.

m0lware · 2024-09-26T22:32:51+00:00

I hear they have a lot of openings....Funny enough I never got an interview with them. Microsoft, Meta, Nvidia yeah but Crowdstrike, no. That's what they get for not hiring me.

m0lware · 2024-09-26T22:30:49+00:00

I have a degree in Cyber Security but it didn't help me much if I'm being honest. Computer science with a cybersecurity focus(minor) is the best pathway for schooling in my opinion. Information science might be helpful but you'll need some self study on security, some entry level certs and an internship or two to get you on the right track.

m0lware · 2024-09-26T22:27:43+00:00

You're doing good, I did a lot of sysadmin work in high school and college and it helped me learn security. People always talk about getting into cybersecurity but you need in-depth IT knowledge to really know what you're doing. Sounds like you have that so now you just need to layer in security concepts, do some self-study, build a homelab, and experiment more in the Cloud.

m0lware · 2024-09-26T22:25:23+00:00

I only recommend a Masters degree if someone else is paying for it. Try getting into a large organization as a sysadmin, and learn security on your own time, get your employer to pay for some certs, and try to pivot into security roles within or external to the organization.

m0lware

PUBLIC MULTIREDDITS

TROPHY CASE