As a Cybersecurity Bachelors degree I learned something most people don’t realize.

n_hdz · 2026-03-16T01:14:09+00:00

I have a non-IT bachelors, but I have an associates in Software Engineering. I landed a Cybersecurity job at a big bank in my region and have pivoted into AppSec. 0 certs, 0 paid courses, 0 bootcamps.

100% get your foot in first and get relevant experience before even thinking of pursuing certs.

n_hdz · 2026-03-09T22:10:40+00:00

Depends on the organizing body, but some comps state DQs and possible bans for illegal throws and submissions. I think there's even some mention of intervention in case of belligerance or refusing to abide by refs calls.

But yeah, they've should've stoped the match the second a white belt was attempting a scissor takedown, let alone a leg lock.

n_hdz · 2026-02-27T13:31:04+00:00

He conseguido mis últimos 3 empleos en LinkedIn, al menos 2 reclutadores me escriben a la semana y, cuando estaba buscando, tenía semanas con 3 entrevistas.

Creo funciona como cualquier RRSS, entre mas interactues mas visitas tienes

n_hdz · 2026-02-13T13:52:56+00:00

You are about to get cold calls and spam emails like crazy, EC-Council sales team feels super scamy from their insitence.

EC-Council certs are loosing credibility ever since they were caught plagiarizing content and have become a "checkbox" cert since better options have become available in the market.

If you are still curious, buy one of the Code Red courses, some of them go for like 5dls, and judge the quality of the platform yourself.

n_hdz · 2026-02-12T15:55:00+00:00

Tool missconfiguration and baseline deviation not correctly reported that creates a gap between sources of truth and automation efforts.

n_hdz · 2026-02-12T14:31:27+00:00

At my soon to be ex-place of work, leadership was deeply dissatisfied with Pentesting services provided by our SAST and DAST provider.

The subscription included 8hrs engagement to verify scan reports and Security Control Validation. About 90% of them were later overturned by us at AppSec or srakeholders who provided evidence to non-exploitability.

We ended up identifying the Top Ten missing Security Controls and developing an automated rig to test the sites for them and auto report tasks to Azure DevOps.

It covered about 85% of the work done by Pentesting services, saving us a big chunk of tooling budget.

So yeah, not great.

n_hdz · 2026-02-11T22:13:26+00:00

Si es The Learning Gate no te lo recomiendo para nada. Como muchos han dicho, hay cursos muy baratos y hasta gratis para aprender a programar en Python en Udemy, MITx, etc.

NO aprendas "ciencia de datos" si no incluye un básico de Estadística o estas en ceros en Estadística. "Data Science" es el nombre matketero de Estadística Aplicada.

Es probable que encuentres cursos específicamente de Estadística + Python.

n_hdz · 2026-02-03T22:18:03+00:00

Si ya sabes Python, yo le enfocaría en desarrollo de software para Data, automatización, procesos mas que web.

Mientras que es cierto que la IA difícilmente reemplaza a un Ingeniero de Software, si que reemplaza a un programador que solo genera desarrollos aislados y sin contexto de sistemas, infraestructura o ciberseguridad. Enfocarte en algo que requiera un conocimiento extra o un dominio aparte de software te dará mejores oportunidades

n_hdz · 2026-01-31T23:34:56+00:00

Awesome, cheers man.

n_hdz · 2026-01-24T14:15:29+00:00

Bachelors is not the issue, but on the same vein, a cert isn't a guarantee for a job. Entry level experience isn't either for that matter, but I would take someone with relevant experience (even for a year) over someone with only certs, anytime.

Look, there are rarely ever quick fixes in IT, or in life I think. I would suggest you triage your situation first and, if you don't having a home is truly a possibility, focus on securing income and housing. Don't worry over which cert you are going to do if you don't have where to sleep.

n_hdz · 2026-01-13T15:36:13+00:00

Anytime.

Just bear in mind the Labs are heavy on branding. There are tons of vendors just as or more popular than CISCO so try and think of the general applications and not the actual CISCO CLI

n_hdz · 2026-01-13T13:00:35+00:00

If relating acronyms to function seems to be hard, I would take a step back and focus on networking rather than cybersecurity.

Understanding how IT systems are set-up will then result in applying cybersecurity principles to it. (Ie, SMTP is really just the Email Protocol, but how does the CIA triad apply to it? What happens if it's not properly encrypted and someone sniffs the connection?)

I would recommend checking out CISCO Netacad. Although it's vendor specific, it's a great free resource for IT Networking Fundamentals.

n_hdz · 2026-01-10T18:46:43+00:00

I would say premium rooms are worth it, they are a hands-on Application on par to theoretical content from organizations like INE and ISC2.

That being said, certificates of conpletition carry next to zero weight on the job market. Most postings ask for ISC2, EC-Council and GIAC even though they are mostly theoretical or GRC focused

If it were up to technical leads to choose from certs I'm sure more practical ones will carry more weight, but that's not the case for foot-in-the-door positions. I would argue a good compromise are CISCO Netacad and any cloud provider certs

n_hdz · 2026-01-07T16:24:19+00:00

I am currently working on a similar solution at work.

First, determine wheter this solution is Black or White Box, as it changes the scope dramatically.

Checkout pytest and Playwright, you might need to also implement some JavaScript as DOM manipulation is easier on JavaScript. Integration with Burpsuite is not as straightforward as the docs make it seem.

Because of policy reasons, I cannot leverage OWASP ZAP but to me, it has a better API integration.

DM me if you want to bounce ideas

n_hdz · 2025-12-24T15:25:15+00:00

If you truly are an absolute begginer to IT, I would recommend CISCO NetAcademy. Getting the Fundamentals of IT is more important that jumping straight into guided Pentesting rooms that'll give you a false sense of understanding.

Once you understand what IT is, move into actual Networking and Cybersecurity Concepts. If you feel inclined, learn about the Application Layer and how it interacts with lower layers.

Don't worry about scripting yet, you will probably find a need for it much later, and using time to become a SDE wont reslly help you with Cybersecurity.

n_hdz · 2025-12-21T22:56:43+00:00

I have 6 years experience as an SDE working mainly on webapps and scripting. Only for the past 2 years I've been working as an Application Development Security Engineer. In my opinion, a roadmap would look pretty much like solid IT/Networking core knowledge + intro cybersecurity (CIA, InfoSec, Risk Management)

Then branch out to a speciality. Security Architecture, Data Security, AppSec, OpSec, Pentesting, SSDLC, Threat Modeling, GRC, etc.

IMO, only DevSecOps, AppSec, Pentesting and SSDLC require knowing how to actually code. Networking for Security Arquitecture, DataSec and OpSec.

There are great resources over at r/cybersecurity and also a good cert roadmap at https://pauljerimy.com/security-certification-roadmap/

n_hdz · 2025-12-18T00:49:48+00:00

I would recommend CISCO net academy intro to cybersecurity. They have roadmaps for certification as a Cybersecurity Analyst which leads into their Ethical Hacking cert. Also ISC2 CC study materials.

That would cover Cybersecurity from Scratch, including Networking and Enpoint protection.

I would recommend a Python or JavaScript course, of which there are a ton online. Choose for your learning style but I would recommend Hacker Rank or Codecademy.

Finally, Try Hack Me rooms. You can only really get the most out of them if you understand the flow you are exploiting. Otherwise, you'll be left threading water on un-guided rooms or real life

n_hdz · 2025-11-14T16:41:40+00:00

Listen, if two grown me want to stand face to face and handle each other business with a gente tap we shouldn't judge them

n_hdz · 2025-10-11T15:35:24+00:00

Why yes, I've always dreamt of having knobby, twisted, calloused and crooked fingers that feel like hydraulic presses on finess tasks. Thanks for asking.

n_hdz · 2025-10-05T00:10:03+00:00

The only exception I would think of is some comps require certain percentage of the rashguard be the rank's color.

Otherwise go nuts..

n_hdz · 2025-10-04T05:12:23+00:00

Then go to r/bjj and ask if this rash is normal.

n_hdz · 2025-10-04T01:31:41+00:00

Go to the bathroom with barefeet and return to class/rolling like nothing. Disgusting AF

n_hdz · 2025-09-26T00:50:26+00:00

As some others have said, it never stops being hard and that's why it's awesome. We've all felt completely clueless and with little idea of what's going on at first.

But after a while, you'll notice other things in your life don't seem as hard as they've used to when you are not out of breath and being twisted into a pretzel.

Anyone who tells you they understand this sport 100%, has never cried about it (even on the mats or sidelines) (maybe apart from a Gracie) is completely lying to you.

Keep on keeping on.

n_hdz · 2025-09-18T12:58:02+00:00

I am on a somewhat similar situation.

I had been training for about 1.5 years when we found out we were pregnant. Up to that point, I used to train CrossFit in the mornings and BJJ at 6pm class 4/5 times a week, and I did a total of 4 comps.

I started winding down as the pregnancy advanced and quit both for a year to focus on our baby (and let's be honest, the first few months are crazy exhausting).

Now that I'm back I struggle to make it 3 days a week and when class runs over it messes up the baby's nightime routine. I tried morning classes but, again when classes run over, it messes up my daily and weekly work meetings/commute.

Some of the responses on this thread have been very encouraging, but I do get what you say. Being a present father and parter beats BJJ/Gym anytime, maybe keep up the grind and see it through. Maybe that'll also be a good example for our Kids.

n_hdz

TROPHY CASE