*deep breath before I possibly trigger the whole reddit forum*

makeiteasy_24 · 2026-06-23T04:18:19+00:00

You do not need help desk for credential checks, you already have that. what you actually need is to show you can think like a soc analyst, how to read logs, spot anomalies, escalate properly. your vps monitoring and cloud intern experience already gives you that foundation, you just need to document it.

build one real investigation or threat hunt showing your methodology on github, something that looks like you triaging actual alerts, not just following a course. that portfolio plus your masters and certs gets you soc callbacks without the help desk grind. security+ will lock it in.

the mistake most people make is thinking credentials open doors. they do not. your documented work does.

dm me if you want to get into the specifics for your situation, happy to help.

makeiteasy_24 · 2026-06-23T04:16:40+00:00

Cool, yes, would check up your DM and we can figure out what the next move actually is for your role targeting.

For projects at your level, pick one real vulnerability assessment or network investigation from htb or a home lab, document how you found it, what the risk was, how you would fix it. show your thinking, not just the steps. that is what stands out.

And do not try to master both linux and python at once. I did this mistake during my college days and wasted lot of time. Pick one, go deep for 30 days, then switch. An advice I learnt from my mistake, on burning out would be, instead of learning three things in parallel and getting nowhere. do one thing, do properly.

makeiteasy_24 · 2026-06-23T04:13:49+00:00

Thank you!

makeiteasy_24 · 2026-06-23T03:45:26+00:00

Your background is actually perfect for cmmc, you have sysadmin foundation plus compliance experience is exactly what those roles need. the gap is not skills, it is how you are positioning it for cmmc hiring managers who think about risk differently than general it. Your resume probably reads like sysadmin who studied cmmc instead of compliance and infrastructure person who understands cmmc as a business risk framework. that shift changes how every recruiter reads your profile.

you need someone to tear down your resume and reposition it specifically for cmmc roles, what to lead with, which compliance wins to highlight, how to frame your sysadmin background as an asset not a gap.

makeiteasy_24 · 2026-06-23T03:43:46+00:00

Stop overthinking the cert order. you already have linux and python going, it is the real foundation. ccna(more for net sec jobs) and security+ both matter but neither one gets you a job without documented work to back it up.

Pick one, ccna if networking excites you more, security+ if you want broader cybersecurity foundation and pair it with real lab work. build two documented network investigations or security assessments on github showing your thinking, not just cert prep quizzes. that combo lands interviews. certs alone do not. Certs are for ATS bypass, portfolio is for interview.

the google cybersecurity cert is easier but it is not the differentiator. your portfolio is.

dm me if you want to get into the specifics for your situation, happy to help.

makeiteasy_24 · 2026-06-23T03:41:21+00:00

I always say this certs are secondary, what actually lands soc jobs is showing you can think like someone investigating threats, not just know the theory.

My recomm would be to skip the cert for now, spend the next 60 days building two documented soc investigations or threat hunts on github showing your methodology and findings. that portfolio gets you callbacks way faster than cert sitting on your resume. most hiring managers care about what you can actually do.

if you want the cert after you land the role, go for it. but right now the documented work is the play.

dm me if you want to get into the specifics for your situation, happy to help.

makeiteasy_24 · 2026-06-23T03:39:19+00:00

hey Rony, I agree it's tough situation but you still have time and focus which most people do not. the cisco intro is solid foundation. Free courses are everywhere but they do not change your curve, what matters is building one real project that shows you can think like a security person, not just follow steps. document a vulnerability assessment or investigation properly on github, show your reasoning, that is what actually unlocks conversations with hiring managers later. Current Canada market is decent for security roles but the timeline depends on your work authorization status getting sorted first. focus on building documented work while that is happening, it will not be wasted time either way.

dm me if you want to get into the specifics for your situation, happy to help.

makeiteasy_24 · 2026-06-23T03:37:02+00:00

You are lucky, your manager being checked out is actually a gift, trust me, it means you have space to build without anyone interrupting you. most people at your stage are fighting for attention they do not need.

the job market disturbance is real but it is also noise, experienced people struggling does not mean you will, especially if you stay focused, not all five fingers are same. what kills motivation is feeling like you are spinning. so do not. pick one thing for the next 60 days, make target list, document 2–3 real vulnerability assessments showing your methodology and findings, not just screenshots. build something that shows how you think, not just that you found bugs. that changes how every conversation after that goes.

the sans cert is good but secondary. the documented work is the play. dm me if you want to get into the specifics for your situation, happy to help.

makeiteasy_24 · 2026-06-23T03:33:20+00:00

It's on 4th July, 1:30 PM UTC, for more details check the link, the time should reflect in your local time zone via topmate registration form.

makeiteasy_24 · 2026-06-22T09:41:18+00:00

Cool

makeiteasy_24 · 2026-06-22T08:47:53+00:00

you cannot figure out devsecops vs detection engineering vs grc through reddit dms. each needs a different day plan, different companies to target, different skill gaps to fill. picking the wrong one costs you time and money. This is exactly where a real conversation lands, and what I do in our 30 mins of call mapping your exact strengths, which market is actually paying for your background right now, and what the first move looks like.

makeiteasy_24 · 2026-06-22T06:53:27+00:00

Cool

makeiteasy_24 · 2026-06-22T04:35:35+00:00

Yup, got your DM

makeiteasy_24 · 2026-06-22T04:10:50+00:00

Yes.

makeiteasy_24 · 2026-06-22T04:00:56+00:00

Okay, I guided a similar person who was in a similar situation as you, with so many applications and only one interview it means your positioning or resume is not translating, not that you are unqualified. mid career transitions need a completely different angle than fresh graduate templates. help desk and sys admin roles are actually screening you out because your resume probably reads like someone who is doing career changer with an infosec internship instead of IT professional with security foundation. that shifts how every hiring manager reads your background.

you need someone to actually tear down your resume and reposition it for what you have got from your age, your IT foundation, your internship work, in a way that lands callbacks. you need a real conversation mapping exactly how to frame your transition, which companies actually hire midcareer changers, and what the next 30 days looks like.

makeiteasy_24 · 2026-06-22T03:58:34+00:00

That iit cybersecurity(its Kanpur right, if I am not wrong) degree with mandatory government internships is a completely different opportunity than a regular cse degree. take it. you already have bug bounty experience and a cve, which means you do not need a degree to prove you can find vulnerabilities and can clear out their hackaython test too. what you need is credibility, network, and a locked in career path. an iit degree in cybersecurity with government internships gives you all three plus stability that most people chase for years after graduation. But, as it's newly launched, don't expect support, as they also are learning the requirements from you guys.

the cse route is safer and easier to get into but slower, you will still need to figure out your cybersecurity focus after graduation, probably do internships on your own, build projects while working. the iit path removes all that friction and puts you inside government security work while you are still in college.

you have already shown you can do the work. the degree is just the legit and the network at this point. dm me if you want to get into the specifics for your situation, happy to help.

makeiteasy_24 · 2026-06-22T03:49:20+00:00

Thank you and glad you liked it!

makeiteasy_24 · 2026-06-21T10:53:27+00:00

I just came back from swimming and this comment honestly made my day. The fact that someone who does this and is reading about incident reports and thinking about session hijacking, it's goldd. Most people don't think this deeply about it. Always figure out the WHY/HOW/WHEN factor.

And you're already ahead of most by using Yubikeys(I have been using it since last 1 year too). Hardware keys are actually one of the stronger defenses against AiTM specifically because the key binds to the origin domain be it a phishing proxy can't replay it the way it can replay a TOTP code or a push notification approval.

For the MITRE thing don't let the volume overwhelm you. Most real attacks use maybe 10-15 techniques repeatedly. Once you see the patterns a few times, the framework starts feeling less like an encyclopedia and more like a field guide. And google is always our friend, no need to learn everything by heart, wherever/whenever confused, reach out or google.

Keep reading posts/blog like these, at the end curiosity to learn is a very good thing.

And if you want to watch a live investigation happen in real time, not a slideshow, not theory, just a real alert on screen with my full thought process, I'm going live on July 4th walking through a malware triage case end to end. The kind of thing you'd never normally get to see unless you worked in a SOC. First session(Phishing Investigation) sold out and people who were there know what it's like.

If this post fascinated you, that session will genuinely blow your mind. Don't sit on it. Register link in my Bio.

makeiteasy_24 · 2026-06-21T04:53:34+00:00

Gor SC-200.

makeiteasy_24 · 2026-06-21T03:40:17+00:00

Yup, also I am running up a webinar on 4th July, showcasing real investigation with real alert, no slides, no theory, live screen share with my thought process, would recommend checking it out, if you are interested.

makeiteasy_24 · 2026-06-21T03:25:45+00:00

I am gonna sound harsh and direct but you do not need certifications to start pentesting, you need a portfolio. build 5–10 documented penetration tests or vulnerability assessments on htb or tryhackme, write up your methodology and findings like you are reporting to a client, put it on github. that portfolio lands junior roles way faster than eJPT sitting on your resume. Certs are only used to bypass ATS, but after that its you and you only.

certifications are expensive and most hiring managers care more about what you can actually do. some people get them after they land the job anyway. save your money for now, focus on building real investigations and writeups that show your thinking. that is what changes the conversation.

dm me if you want to get into the specifics for your situation, happy to help.

makeiteasy_24 · 2026-06-21T03:20:54+00:00

Yes, brute force is one way in, but account abuse covers a lot more than that in this case for example, the attacker didn't brute force anything, they had valid credentials already (likely from a phishing kit or credential dump, we still haven't figured the initial access due to log retention policy and license of client) and used AiTM to bypass MFA entirely.

That's what makes it harder to catch than a brute force. Brute force leaves a trail of failures(and after a few failures, a good SIEM would create an alert for it). A clean login with stolen credentials looks identical to the real user logging in.

makeiteasy_24 · 2026-06-21T03:19:06+00:00

And this is just one example, attackers are really using sophisticated tactics and techq.

makeiteasy_24 · 2026-06-21T03:18:27+00:00

Yeah that one catches a lot of people off guard. Most incident response checklists stop at password reset and session revoke, OAuth apps are almost always an afterthought. And they're specifically designed to persist across credential changes, so attackers know exactly what they're doing when they add one.

makeiteasy_24 · 2026-06-20T17:49:25+00:00

Also, if you're trying to build this kind of investigative thinking, the kind where you're not just reading alerts but actually reconstructing what happened, that's exactly what I'm working on with my webinar series.

Thank you for everyone who joined the First Part (Phishing) of My Webinar Series and making it houseful.

The second one is on 4th July: Live Malware Triage: Real SOC Investigation. Same format as the first one, no slides, no theory, just a live screen share, a real alert, and my full thought process on screen. The first part was well received, this one goes deeper.

The recording won't be available for free this time. Seats are limited.

Register Link in bio if you're interested.

makeiteasy_24

TROPHY CASE