Any IT Security Heads here?
- Thread starter HellBoy
- Start date
I'd hit up INDEED.COM. If you had a SOC position you may be able to find something there.
1st things first... you need to setup a home lab with virtual machines to teach you what you need..
Virtualbox
https://www.virtualbox.org/
GNS3
https://www.gns3.com/software
teach yourself networking..
udemy, etc..
teach yourself pentesting..
download the vulnerable virtual machines. The most important thing to do is to also go through the walk-throughs in order to learn techniques on how to compromise a system
https://www.vulnhub.com/
Download Kali to break into the virtual machines... learn to do it without Metasploit and it will get you prepared of exams like the OSCP and it also teaches you real world security concepts.. Also, you will learn begin to learn linux, bash, python, perl, etc
https://www.kali.org/downloads/
Currently I'm working on my CISM as I already have Sec+, CEH, GCIA, and CISSP. I've failed the OSCP several times as I can only crack 3 boxes before time is up. I always get the buffer overflow as that is one of the easier ones for me..
In my current job, I'm standing up the security practice for my county as a 1 man shop, but I may be one of the 1st analysts at a local government level (county, city, twp, etc..) in the country to do what I'm doing...
That is a huge task if I reading right. SOPs are time consuming.
For anyone interested in a free developer subscription. It comes with no support, but you'll have the latest versions of RHEL.
Anybody have any info on CPHIMS? Tryin to find the review guide or any other info. Thanks.
Im starting off with the CCNA I'm going throught the new cbt nuggets for the new version of the ccna, once I get that dow I'm going back into security and doing the kali stuff. I heard the CCNA will help alot overall with my resume and give me a good understanding of networking for the real world.
THen I'm getting into Linux and then going into security.
FYI -
The topics you posted are wide ranging and really don't mesh well as far as a specific skill set. They all have their own lane. IMO, you'd drive yourself crazy trying to learn everything. It's best to find a field and specialize it in. Networking fundamentals bridges all, but thats about it.
what should I do then? Cyber securityis something I’m not ready yet for? I need more experience. I got the S+ but it never helped since I got tired I need certs.
I wouldnt say you arent ready for CS. My advise is to narrow your learning to a specific aspect of security.
The real things that people don't understand about "cybersecurity" is that:
1) It's everyone's responsibility
2) It's actually the auditing and enforcement of what good IT standards and policies that you should already have in place.
3) There are 20+ subcategories for "cybersecurity"
4) You really have to have a mindset for it
Entry level jobs are extremely hard to get in the Cybersecurity field, I have a S+ and 2 years in basically a bs position that didn't teach me anything.
I know light Linux, wireshark, Nmap and a few other cybersecurity tools.
These skills get no call backs so I need a entry level opportunity hence I wanted the CCNA to get into the door, even in a Network Support or field tech position.
Which is why I asked what to do? I can't keep on applying and getting no feedback.
have you tried to align what you want to do with the NICE cybersecurity work framework?
NICE Framework Resource Center
The NICE Framework establishes a common language that describes cybersecurity work and the knowledge and skills needed to complete that work. It is used in public and private sectors and across industries for career discovery, education and training, and in hiring and workforce development.
The career pathway tool here is based on the framework, also the heat map is informative:
Cybersecurity Career Pathway
Explore the key jobs within cybersecurity, common transition opportunities between them, and detailed information about the salaries, credentials, and skillsets associated with each role
www.cyberseek.org
have you tried to align what you want to do with the NICE cybersecurity work framework?
NICE Framework Resource Center
The NICE Framework establishes a common language that describes cybersecurity work and the knowledge and skills needed to complete that work. It is used in public and private sectors and across industries for career discovery, education and training, and in hiring and workforce development.www.nist.gov
The career pathway tool here is based on the framework, also the heat map is informative:
Cybersecurity Career Pathway
Explore the key jobs within cybersecurity, common transition opportunities between them, and detailed information about the salaries, credentials, and skillsets associated with each rolewww.cyberseek.org
I'm checking it out but it says entry level Cyber Tech is 92k and that's kinda hard to believe. According to that list I need a higher degree and a bunch of skills I wasn't trained in.
I'm looking entry level so if I have to go back to school, any tech schools you recommend? New Horizons or anything like that?
Can I ask why you feel the CCNA is the step? I would advise by one dude as well.
Do you have a situation where you can set up a practice network?
What area do yo live in?? Most people get into Security through help desk positions, and then transition. Also, apply to managed service providers who have Security Operation Centers (SOC) as they tend to have a high turnover rate, but having that on your resume will often lead to better opportunities...
Your next step should also be to get a next level cert such as CEH, OSCP, CySA+, Pentest+, GCIA, CHFI, etc...
entry level in what concentration? network/infrastructure security? You mentioned you worked with wireshark / similar tools so network based forensics can be a pivot with your transferrable skills with addition to commercial/opensource network based IDS/IPS, netflow solutions. SANS institute is good but expensive, cybrary.it has good material too and career paths training. twitter is also good source of infosec/blackinfosec info and resources. maybe you should seek a consultation with someone offering services to guide you on your path. This is one person I follow on twitter that offer such services:
Virtualbox or VMWARE I set up a few linux machines and network them. I have kali and a few unbuntu servers set up.
The CEH is pretty expensive which is why I haven't called on it yet, they still call me to this day and I requested info after I got fired in september. I'm working crappy jobs that barely pay 500 a week right now to cover my rent. I didn't get the ceh because I didn't think it would help with my experience. My last job was a SOC but their racist crackers who fired me. The messed up part of it is they started training the staff for Penetration Testing and fired me before they began, really racist crackers.
That experience would have done wonders on my resume, I was fired unfairly but it's life dealing with white people.
I'm on twitter and I'll follow that person, I got no choice but to take out more loans probably. Keep in mind everything I learned was by book alone, I never was trained in anything.
I was even thinking field tech or anything entry-level at a big company that provides training, I live in SFLA and not many big companies here who will train. I know a little about IPS/IDS I worked with a company that had a product that did IPS/IDS and you'll see what they did.
Mostly Linux IPtables but I didn't touch anything. I was done really dirty and looking back my fault for fucking with them for so long without getting anything outta it. It's on me and a bad lession learned.
This is true, we just had a contractor quit for a better job and replaced her with a help desk special....dude is learning cyber and loving it.
I feel the CCNA can give you a perspective on how networking works. Once you learn networking you will learn about firewalls and securing ports. This will blend you into IT security and make getting a job in IT security easier. Many IT security jobs look for people with a networking background. They are changing the CCNA exam on 2/24. You can buy CCNA and other cisco books at 45% on Cisco press until tomorrow.
There's unlimited free training and one free certification voucher, If you are one of the following:
Active Duty U.S. Military
Any active duty service member who will transition from military service to the civilian workforce in the next 6 months with an honorable discharge status.
U.S. Veterans
Any veteran separated or retired from the military with an honorable discharge status.
U.S. National Guard/Reservists
Any active member of the National Guard and Reserve that is currently in a part-time status. If the service member is on active duty status in the National Guard or Reserve, they are subject to the active duty eligibility. See FAQ for full description.
Spouses
Spouses of any active-duty U.S. military service member, U.S. veteran, and active member of the U.S. National Guard or Reserve.
Active Duty U.S. Military
Any active duty service member who will transition from military service to the civilian workforce in the next 6 months with an honorable discharge status.
U.S. Veterans
Any veteran separated or retired from the military with an honorable discharge status.
U.S. National Guard/Reservists
Any active member of the National Guard and Reserve that is currently in a part-time status. If the service member is on active duty status in the National Guard or Reserve, they are subject to the active duty eligibility. See FAQ for full description.
Spouses
Spouses of any active-duty U.S. military service member, U.S. veteran, and active member of the U.S. National Guard or Reserve.
CCNA practice question that I thought was pretty good:
A computer would like to communicate with a server on the internet. When it sends the communication request out its network card, what destination MAC address would you expect to see in the header?
A. The MAC address of the server on the internet
B. The MAC address of the router
C. The MAC address of the switch
D. The MAC address of the local computer
A computer would like to communicate with a server on the internet. When it sends the communication request out its network card, what destination MAC address would you expect to see in the header?
A. The MAC address of the server on the internet
B. The MAC address of the router
C. The MAC address of the switch
D. The MAC address of the local computer
Im late to the conversation but I'm a consultant for email and end point security. If anyone need solutions for cheap prices let me know
B
Because it’s layer 2 addressing, it only need the MAC for its local gateway. The router will change the info and route the data.
Thanks. That's a good one.
I quit after A+ and the BS degree. Was learning networking to specialize but got sidetracked and went back to school to do Criminal Justice. Been a min besides doing basic computer upgrades, may get back into it to do some side money.
It would be B. Since the server is not on the local network, the PC will use the routers MAC address as the destination. Once the frame is at the router the MAC address information will change depending on the layer 2 technology in use.
any CCNA test preps here?
Are you looking for practice tests or study materials?